Application Privacy Notice

Your privacy and confidentiality are really important to us and we are committed to protecting your personal data.

Welcome to the Hive HR Limited Application Privacy Notice. 

Your privacy and confidentiality are really important to us and we are committed to protecting your personal information. This privacy notice applies to your use of the Hive application. If you want to know how we collect and use data when you use our website, please read this notice. Just so that you know, whenever we use the words “Hive”, “we”, “us”, or “our”, we mean HiveHR Limited. 

In this information notice, we’re going to share with you (click to expand):

We’re a UK based company who provide surveying software to organisations to help them measure, understand and improve employee engagement in the workforce. In order to become an even better employer, organisations need to understand how the workforce thinks and feels. Our software gives employees the opportunity to share their views in a confidential way.

Personal data means any information about someone who is, or can easily be, identified. It does not include data where the identity has been removed (e.g. statistics).

Information collected directly from you or your employer:

We collect the personal data provided to us when:

  • Basic User Details – Usually your full name, and department/team.  Sometimes, it can include other information, like your date of birth or gender, if you employer wants to see whether there is a variation on views on particular issues, across different groups of people.
  • Notification Information – Your email address or mobile number, so we can notify you about new surveys or if you’ve received a Hive-Five from a co-worker.  If you are an administrator or manager of your Hive, your email address will also be used to keep you up to date with platform updates and allow you to give feedback and make feature requests
  • Survey Data – We store your feedback, scores and comments from surveys
  • Profile Data – Includes your password (if you have a login) and your preferences when using our software, such as preferred language
  • Aggregated Data – We collect, and use statistical and demographic data.  This is not considered personal data.
  • We also collect your contact details and any personal data you share with us when you raise a support ticket.
 

Information we collect form other sources:

As you interact with our application, we may automatically collect information to improve user experience on our applicaton.

  • Technical Data – This includes IP address, browser plug-ins, the device, browser, screen size and operating system you use to access our application.
  • Usage Data – We collect data about how users interact with our application to help us spot usability problems or bugs, and to improve our product. 
  • Cookies – You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies.  Please note: If you disable or remove cookies, some parts of our application may become inaccessible or may not function properly.  For more information, please see our Cookie Policy.

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Where you have given us consent to do so.
  • Where we need to process your personal data to perform the contract we are about to enter in to, or have entered into, with you or your employer.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and rights do not override those legitimate interests.  For example, to allow us to continue to improve our product to ensure users have the best and most secure experience.
  • Where we need to comply with a legal obligation.    

We’ll only keep your personal data for as long as we need it, to fulfil the purposes we collected it for, including to satisfying any legal, accounting, or reporting requirements. 

If you leave your employer, we will delete any information which can identify you when the employer notifies us of this change.

When your employer’s contract with Hive ends, we’ll delete any information which can identify any employees within 28 days.

We anonymise your personal data (so it can no longer be associated with you), then use it indefinitely for research and statistical purposes. For more information, please contact us.

Hive is ISO27001 accredited. This is a recognised international standard for information security, and our accreditation shows we have appropriate measures in place to protect your information from being lost, used, altered, or seen by someone it shouldn’t.

We will never sell your personal data to anyone. But we may have to share some data with the third parties set out below, to allow us to provide our services:

Amazon Web Services

  • Hive uses AWS to host and backup Hive’s software.
  • Data is kept in Europe

Dropbox

  • A secure data transfer solution.  Some employers may use it to send employee data to Hive during setup.
  • Data is kept in Europe and the USA, and is protected by EU approved Standard Contractual Clauses

Google

  • Google Sheets is sometimes used to make sure data is in the right format to be used in Hive
  • Data is kept in Europe and the USA, and is protected by EU approved Standard Contractual Clauses

Jira Service Desk

  • Hive’s customer service ticketing solution
  • Data is kept in Europe

MongoBD

  • The database where personal information is stored
  • Data is kept in Europe

Pendo

  • Provides insights into how the Hive application is used.  Insights are used to improve user experience.  Collects customer feedback and is used to communicate product updates
  • Data is kept in Europe.

SendGrid

  • Delivery of emails as part of the surveying
  • Data is kept in Europe and the USA, and is protected by EU approved Standard Contractual Clauses

Twilio

  • Delivery of SMS texts as part of surveying
  • Data is kept in Europe

Where the third parties are based in other countries, like the USA, we will only ever transfer data to them if we’re confident they’ll protect it, and will only use it in line with our instructions. For more detail on how we do this, please contact us. 

  • If we merge with, or are acquired by, a third party company, we will share, or transfer your personal data with that company so business can operate as usual. If this happens, the new owners may only use your personal data in accordance with this privacy notice.

You have the ability to exercise the following rights over your personal data:

  • Request access to a copy of the personal data we have about you, to check that it’s accurate, and that our processing of it is lawful. 

It’s free to do this, but we may charge a reasonable fee, or refuse to comply, if your request is repetitive or excessive. 

  • Complete or correct any information about you, but we may need to verify the new data is accurate.  
  • Request deletion or removal of your personal data. However, we may not always be able to do this, due to specific legal reasons, but we’ll tell you if this is the case.
  • Object to the processing of your personal data, if your circumstances mean we’re impacting your rights too much. But we may investigate to find out whether our interests override your rights.
  • Request we temporarily stop processing your personal data (a) if you want us to show the information is accurate; (b) where our use of the data is unlawful but you don’t want us to delete it; (c) where you need us to hold the data because you need it for a legal claim; or (d) you have objected to our use of your data but we need to work out whether we have legitimate grounds to use it.
  • Withdraw consent at any time, where we’re relying on consent to process your data. If you withdraw your consent, we may not be able to provide certain services to you. We’ll advise you at the time, if this is the case.

 

Exercising your rights: 

If you want to exercise any of your rights, please contact us. We may need further information about your request, or to confirm your identity, before we take action. 

We try to respond to all requests within one month. If requests are complex or you have made more than one, we may notify you that it’ll take longer than a month to process. 

The right to complain 

You have the right to complain to the Information Commissioner’s Office (“ICO”), the UK’s supervisory authority for data protection issues (www.ico.org.uk). However, we’d appreciate the chance to deal with any concerns before involving the ICO, so please contact us.

VeraSafe has been appointed as Hive’s representative in the European Union for data protection matters, pursuant to Article 27 of the General Data Protection Regulation of the European Union. If you are in the European Economic Area, VeraSafe can be contacted in addition to privacy@hive.hr only on matters related to the processing of personal data. To make such an inquiry, please contact VeraSafe via their website or via telephone at: +420 228 881 031.

Alternatively, VeraSafe can be contacted at:
VeraSafe Ireland Ltd.
Unit 3D North Point House
North Point Business Park
New Mallow Road
Cork T23AT2P
Ireland

Last updated on 26th February 2021. 

This notice supplements the other notices we may issue from time to time, and is not intended to override them.

This Privacy Notice may be updated occasionally, in line with changes to the law or our practices. Please regularly check this notice for changes, as we will only directly notify you, via email, when we want to make significant changes to the way we collect, store or process your data.

You can contact us by emailing privacy@hive.hr, or by posting to:

Privacy at HiveHR Limited
4th Floor Broadacre House,
Market Street,
Newcastle upon Tyne,
Tyne and Wear,
NE1 6HQ