Privacy Policy

In this Privacy Policy, ‘HybridHero’ ‘us’ ‘we’ or ‘our’ means HybridHero Ltd (UK Company No 12356013) | HybridHero Pty Ltd (a company registered in Australia with ACN 632 908 920) and our affiliates and related body corporates. We are committed to respecting your privacy.

In Australia, we are bound by the Australian Privacy Principles contained in the Privacy Act 2018 (Cth) (Privacy Act). For individuals located within the United Kingdom or the European Economic Area (EEA), we also comply with the Data Protection Act 2018 (UK) (DPA) and the General Data Protection Regulation (EU) 2016/679 (GDPR).

Our Privacy Policy sets outs out how we collect, use, process, store and disclose your personal information. Personal information includes information or an opinion about an identified individual or an individual that is reasonably identifiable. For example, this may include your name, age, gender, postcode and contact details. Our Privacy Policy also uses the term ‘personal information’ to cover any information or data about identified or identifiable natural persons that is ‘personal data’ for the purposes of the DPA and the GDPR.

We may change our Privacy Policy from time to time by publishing changes to it on our website. We encourage you to check our website periodically to ensure that you are aware of our current Privacy
Policy.

What personal information do we collect?

We may collect the following types of personal information, if requested by your employer:
• name, mailing or street address, email address, telephone number, age or date of birth;
• your employer (if we are dealing with you as a representative of the business that employs you);
• device information such as your internet browser and operating system language;
• behavioural information based on your use of and interaction with our app and/or website – which
we collect with your express consent where required;
• your internet protocol (IP) address, location or activity;
• sensitive information, including ethnic, religious, health and biometric information, such as
employee sick leave records, employee diversity data, fingerprints, facial recognition points, other
interactions with the product or service (e.g. the way you hold your mouse or mobile device) –
which we collect with your express consent.

How do we collect and hold personal information?

We may collect these types of personal information either directly from you, or from third parties such as your employer or our service providers. We may collect this information when you:
• register on our website or app;
• fill in forms we require to run the service or product;
• use the service or product;
• interact with our sites, services, content and advertising;
• correspond with us by phone, email or otherwise; or
• share information with us from other social applications, services or websites.

We have processes in place to ensure that our records remain accurate, complete and up to date, including by verifying the information with you each time you use our services or from other sources. If the information is no longer required by us for any purpose for which it was collected and is no longer required by law to be retained by us, we will destroy or de-identify the information.

Can I remain anonymous?
You can always choose to deal with us anonymously or by using a pseudonym. However, please note that if you choose to remain anonymous, this may affect your ability to access or use certain functions of our website or services.
If you wish to remain anonymous when dealing with us via a telephone call, please advise the call operator assisting you. Providing your personal details enables us to provide you with a contact record reference number which allows you, and other authorised persons, to retrieve information about that call at a later date.

Personal information relating to HybridHero employees, applicants and contractors
In addition, when you apply for a job or position with us we may collect certain personal information from you (including your name, contact details, working history, criminal and credit history, photos, personal address history and relevant records checks) as part of the application process. We may also collect these types of information about you from any recruitment consultant, your previous employers and others who may be able to provide information to us to assist in our decision on whether or not to makeyou an offer of employment or engage you under a contract.


If you are or have previously been employed by us in Australia, this Privacy Policy does not apply to our acts and practices in relation to employee records of our current and former employees in Australia, which are exempt from the Privacy Act. If you are an employee of ours in the European Union or if you are an individual contractor engaged by us, this Privacy Policy will still apply to you and our handling of personal information about you.

Why do we collect, use, process and disclose personal information?
We will collect, hold, use, process and disclose your personal information for the purposes set out in the table below. If you are located within the United Kingdom or the EEA, the lawful basis for our collection, holding, use, processing and disclosure of your personal information is also set out in this table.

Purpose of collection, holding, use, processing and disclosureLawful basis
• to enable you to access and use our website and/or services;Your consent (if given to us)
Performance of a contract with
you
• to operate, protect, improve and optimise our website, services
business and users’ experience, such as to manage risk, train
staff, develop products, goods and services, perform statistical
analysis and conduct research;
For your employer’s legitimate
interests in operating their
business efficiently and
effectively using our optimised
website and/or services
• to send you service, support and administrative messages,
reminders, technical notices, updates, security alerts and
information requested by you;
Your consent (if given to us)
Performance of a contract with
you
• to enable your employer or an entity to which you are
subcontracted to understand office real estate needs and
optimize use of office space;
Your consent (if given to us)
For your employer’s legitimate
interests in operating our
business efficiently and
effectively
• to enable your employer or an entity to which you are
subcontracted to make related business decisions;
Your consent (if given to us)
For your employer’s legitimate
interests in operating our
business efficiently and
effectively
• to administer rewards, surveys, contests, or other promotional
activities or events sponsored or managed by your employer;
Your consent (if given to us)
For your employer’s legitimate
interests in operating their
business and rewarding the work
of their employees
• to comply with our legal obligations and requests from law
enforcement agencies, resolve any disputes that we may have
with any of our users, and enforce our agreements with third
parties;
Compliance with our legal
obligations
For our legitimate interests in
enforcing our contractual and
legal rights
• to consider your employment application; andIn order to take steps requested
by you prior to considering
whether to enter into an
employment agreement with you
• if your application is successful, to manage and administer our
employment relationship with you (including for payroll and
taxation purposes).
Performance of our employment
contract with you

We may also disclose your de-identified or anonymised information to a trusted third party who also holds other information about you. This third party may combine that information in order to enable it and us to develop anonymised consumer insights so that we can better understand your preferences and interests, personalise your experience and enhance the products, goods and services that you receive.

Do we use your personal information for direct marketing?
We may send you direct marketing communications and information about our products, goods and services or employment perks offered by your employer if you have consented to receiving these communications. This may take the form of emails, SMS, mail or other forms of communication, in accordance with the Data Protection Act 2018 (UK), General Data Protection Regulation (EU) 2016/679, Spam Act 2003 (Cth) and the Privacy Act 1988 (Cth). You may opt-out of receiving marketing materials from us by contacting us using the contact method set out here – info@HybridHero.com – or by using the opt-out facilities provided in the communication.

To whom do we disclose your personal information?
We may disclose personal information for the purposes described in this Privacy Policy to:
• our employees and to our related bodies corporate as listed at the top of the Privacy Policy;
• your employer or an entity to which you are subcontracted;
• third party suppliers, sub-processors and cloud service providers (including providers for the
operation of our websites and/or our business or in connection with providing our products, goods
and services to you);
• professional advisers, dealers and agents;
• payment systems operators (e.g. merchants receiving card payments);
• our existing or potential agents, business partners or partners;
• anyone to whom our assets or businesses (or any part of them) are transferred;
• specific third parties authorised by you to receive information held by us; and/or
• other persons, including government agencies, regulatory bodies and law enforcement agencies,
or as required, authorised or permitted by law

Disclosure of Australian personal information outside Australia
We may disclose personal information outside of Australia to third party data storage, cloud service providers and software developers located outside of Australia, including in the United Kingdom, the EEA, the USA, India and Sri Lanka. When you provide your personal information to us, you consent to the disclosure of your information outside of Australia and acknowledge that we are not required to ensure that overseas recipients handle that personal information in compliance with the Privacy Act. We will, however, take reasonable steps to ensure that any overseas recipient will deal with such personal information in a way that is consistent with the Australian Privacy Principles.


Transfers of personal information of UK or EEA individuals outside of the United Kingdom or the EEA
We may disclose personal information to our third party data storage, cloud service providers and software developers that are located outside of, or may store personal information outside of, the United Kingdom, including in the EEA, Australia, the USA, India and Sri Lanka. When we disclose personal information to these third parties, we do so on the basis of the Trade and Cooperation Agreement between the United Kingdom and the European Union, any current adequacy decisions under Article 45 of the GDPR, or pursuant to the European Commission’s Standard Contractual Clauses, or with consent of the data subject, as applicable.


Websites and cookies
We may collect personal information about you when you use and access our website or app. While we do not use browsing information to identify you personally, we may record certain information about your use of these websites, such as which pages you visit, the time and date of your visit and the IP address assigned to your computer. We record your IP address in order to assist us to protect our systems from malicious activities, including denial of service attacks and brute force attempts to access our systems.
We (or a third party acting on our behalf) may also use ‘cookies’ or other similar tracking technologies on these websites that help us track your website usage and remember your preferences. Cookies are small files that store information on your computer, TV, mobile phone or other device. They enable the entity that put the cookie on your device to recognise you across different websites, services, devices and/or browsing sessions. We (or a third party acting on our behalf) may use cookies to determine which advertisements to display to you on our website. You can disable cookies through your internet browser but our websites may not work as intended for you if you do so.
We may also use cookies to enable us to collect data that may include personal information. For example, where a cookie is linked to your account, it will be considered personal information under the Privacy Act, the DPA and the GDPR. We will handle any personal information collected by cookies in the same way that we handle all other personal information as described in this Privacy Policy. For detailed information on the cookies we use and the purposes for which we use them see our Cookie policy https://HybridHero.com/cookie-policy/


Security
We may hold your personal information in either electronic or hard copy form. We take reasonable steps to protect your personal information from misuse, interference and loss, as well as unauthorised access, modification or disclosure and we use a number of physical, administrative, personnel and technical measures to protect your personal information. For example, we implement the following measures:
• document storage security protocols;
• confidentiality requirements and privacy training of employees;
• granting only authorised persons access to information;
• equivalent security and confidentiality obligations provided by third parties; and
• firewalls and data encryption on our website.
However, we cannot guarantee the security of your personal information.


Links
Our website or app may contain links to websites operated by third parties. Those links are provided for convenience and may not remain current or be maintained. Unless expressly stated otherwise, we are not responsible for the privacy practices of, or any content on, those linked websites, and have no control over or rights in those linked websites. The privacy policies that apply to those other websites may differ substantially from our Privacy Policy, so we encourage individuals to read them before using those websites.


Accessing or correcting your personal information
You can access the personal information we hold about you by contacting us using the contact information provided through the website, www.HybridHero.com, or using the contact details set out below. Sometimes, we may not be able to provide you with access to all of your personal information and, where this is the case, we will provide you with written reasons. We may also need to verify your identity when you request your personal information. If you think that any personal information we hold about you is inaccurate, please contact us using the details set out below and we will take reasonable steps to ensure that it is corrected.
If we refuse to correct or update your information, you may request that we make a note on your record that you are of the opinion that the information is inaccurate, incomplete, out of date, irrelevant or misleading, as the case may be.

There is no charge for requesting access to your personal information, but we may require you to meet our reasonable costs in providing you with access (such as photocopying costs or costs for time spent on collating large amounts of material).
You will be notified of any likely costs before your request is processed.


Additional rights under the DPA and the GDPR for individuals within the United Kingdom
or EEA

If you are located within the United Kingdom or the EEA, then you also have the following additional rights under the DPA and the GDPR. We will comply with all of our obligations under the DPA and the GDPR in respect of these rights.

Where we process any personal information about you on the basis of any consent given by you, you have the right to withdraw your consent at any time by giving notice to us (which you can do using our contact details set out below). We will give effect to your withdrawal of consent promptly and will cease any processing that you no longer consent to, unless we have another lawful basis for that processing. The withdrawal of your consent will not affect the lawfulness of any processing that occurred prior to the date that you notified us that you were withdrawing your consent.


You have a right to information portability, which is the right in certain circumstances to request a copy of your personal information in in a structured, commonly used and machine-readable format and to transmit this information to another data controller. You may also request that we erase any personal information that we hold about you which is no longer necessary for any of the purposes that we collected it for, which you have withdrawn your consent in respect of or processing which you are allowed under the DPA or the GDPR to object to. We will comply with such requests unless we are permitted or required by law to retain that information.


You also have the right to object to our processing of personal information in certain circumstances, including where we process personal information based on our legitimate interests. You can also request that we restrict our processing activities in some circumstances. If you make such a request in those circumstances, then we will continue to store your personal information but will not otherwise process your personal information without your consent or as otherwise permitted by law.


Making a complaint

If you think we have breached the Privacy Act (if you are located in Australia) or the DPA (if you are located within the United Kingdom) or the GDPR (if you are located within the EEA), or you wish to make a complaint about the way we have handled your personal information, you can contact us at info@hybridhero.com. Please include your name, email address and/or telephone number and clearly describe your complaint. We will acknowledge your complaint and respond to you regarding your complaint within the time required by law (if applicable) or otherwise within a reasonable period of time, typically within 30 days. If you think that we have failed to resolve the complaint satisfactorily, we will provide you with information about the further steps you can take.


Contact Us
The Controller of this information for the purposes of the DPA and the GDPR is your employer or an entity to which you are subcontracted to who has requested you join your employer’s Flexible Working Program. As our core activities do not consist of processing operations that require regular and systematic monitoring of data subjects on a large scale, we are not required under the DPA or the GDPR to appoint a data protection officer.
For further information about our Privacy Policy or practices, or to access or correct your personal
information, or make a complaint, please contact us using the details set out below:
CEO
HybridHero Software Ltd (UK Company No 12356013)
4 Prince Albert Road
London, NW1 7SN
United Kingdom
By email: info@HybridHero.com
Effective: 13th September 2021