Last modified Jul 19, 2022
Welcome to Hexact.io (“Site”), hosted by Hexact, Inc. (“Hexact”, “we”, “us” and/or “our”). Hexact provides SaaS (software as a service) to individuals and businesses (“Services”). In order to provide our Site and Services, we collect personal data from our Site visitors (“Site Visitors”) and our customers (“Customers”). We also collect the personal data of our Customers’ end users (“End Users”) when they use the Services, namely our Customer’s employees, consultants, or any other persons to whom access is granted by the Customer.
For users in the EEA and the U.K., note that we may collect your personal data as:
What personal information we collect and process depends on how and why you use our Site or Services. Generally, we process personal information that we receive:
You can generally visit our Site without having to submit any personal information. If you request more information, or sign up for our Services, we will collect personal information as follows.
If you contact us via the contact form on our Site, we will ask you to provide information (e.g. your name, email address, company name, title).
Note that our corporate Customers are responsible for ensuring that they comply with applicable privacy laws and notice requirements with respect to any individual whose name and information is submitted in connection with the Account Information.
Customer Payment Information
You are not required to enter your credit card information unless and until you decide to continue with a paid subscription or a free trial to our Services. In order to process your payment Information, we use PCI-compliant third-party processors, as explained in the section on Payment Processing below. This information is processed by our payment service provider and we receive a confirmation of payment, which we then associate with your Account Information and any relevant transactions. In case of corporate Customers, other payment methods (e.g wire transfer) may be availed to you.
We may also ask you to submit personal information if you choose to use interactive features of the Site and/or Services, including participation in surveys, promotions, requesting customer support, or otherwise communicating with us. We may also ask you for information when you interact with us (such as when responding to notices and announcements from us), and when you report a problem with Hexact and/or the Site or otherwise correspond with us. This includes:
Device and Usage Information
When you download, use or interact with the Site, even if you do not have an account, we, or authorized third parties engaged by us, may automatically collect information about your use of the Site via your device. This information is collected via cookies and similar technologies (“Device and Usage Information”) and consists of:
Information from Third Parties
In some instances, we process personal information from third parties. This consists of data from our partners, such as transactional data from providers of payment services, or information from third parties who assist us with fraud prevention. From time to time, we may combine information we collect as described above with personal information we obtain from third parties. For example, we may combine information entered through a Hexact sales submission with information that we receive from a third-party sales intelligence platform to enhance our ability to market our Services to Customers or potential Customers.Information We Process on Behalf of Our Customers
As noted above, we will process Account Information in order to provide the Services to our Customers. This includes End User information, in order to enable End Users to access and use the Services, and consists of name.
This Site uses Google, Twitter, Linkedin & Facebook remarketing services or tags in order to advertise to previous visitors to our Site on third-party platforms such as those listed above. With the help of cookies or tags, these remarketing services allow us to advertise our Site to visitors who may have visited our Site. This could be in the form of an advertisement on the Google search results page, a site in the Google Display Network, or somewhere on Facebook, Linkedin or Twitter.
You can opt-out of remarketing by visiting the links below:
We do not directly collect your payment information and we do not store your payment information. We use third-party, PCI-compliant, payment processors, which collect payment information on our behalf in order to complete transactions. While our administrators are able to view and track actual transactions via customer portals, we do not have access to, or process, your credit card information. In case of corporate Customers, if we availed other payment methods, we may request your bank information to process refunds, if any.
The Site uses Google Analytics, an analytics service that drops cookies and/or similar technologies to collect and store Device and Usage Information. We use Google Analytics to calculate visitor, session and campaign data for the Site analytics reports.
We use third-party in-Site behavior analytics platforms (such as Hotjar), which are designed to give us an aggregated view of our visitors’ behavior while browsing the Site. By using heat maps (a graphical representation of data that uses a system of color-coding to represent different values) and similar technologies, these services provide us valuable insight about what is of interest to visitors on our Site. Hotjar is not designed to track individual users, however if you wish to opt-out, please click here.
Please see more on our use of analytics data here.
Our Site may contain videos or links to videos relating to the Services. If you click on a link or view a video, we do not collect any information, however the third-party video platforms, such as YouTube, may collect some personal information as set forth in their privacy notices.
We use your personal information for a number of different reasons, as further explained below. For users located in the EEA and the U.K., we must have a valid legal basis in order to process your personal data when we are acting as a ‘data controller’. The main legal bases under the European Union’s General Data Protection Regulation (GDPR) that justify our collection and use of your personal information are:
Below are the general purposes and corresponding legal bases (in brackets) for which we may use your personal information:
We only disclose your personal information as described below.
Third-Party Service Providers
Hexact discloses personal information to our third party agents, contractors, or service providers who are hired to perform services on our behalf. These companies do things to help us provide the Site and/or Services, and in some cases collect information directly, for example as explained in Payment Processing above. Below is an illustrative list of functions for which we may use third-party service providers:
Business Transfers and Transactions
As we continue to grow, we may purchase websites, applications, subsidiaries, other businesses or business units. Alternatively, we may sell businesses or business units, merge with other entities and/or sell assets or stock or receive financing, in some cases as part of a reorganization or liquidation in bankruptcy. In order to evaluate or as part of these transactions, we may transfer your personal information to a successor entity upon a merger, consolidation or other corporate reorganization in which Hexact participates, to a purchaser or acquirer of all or a portion of Hexact’s assets, bankruptcy included, or to an investor.
When we act on behalf of our Customers (as a data processor or service provider), we may provide End Users’ personal information to our Customers in order to comply with their requests, End Users’ requests and/or regulator requests, among others. Occasionally, we will provide our Customers with aggregated information that does not identify End Users directly, in order to provide information about usage, demographics (such as location) or other general information.
Legal Obligations and Security
We respect and are committed to safeguarding your privacy and have undertaken and put in place reasonable security measures.
Hexact does not respond to Do Not Track (“DNT”) browser signals. For more information on DNT settings generally, please visit https://allaboutdnt.com.
General Retention Periods
We use the following criteria to determine our retention periods:
We retain personal information for as long as needed to provide our Services. Note, however, that with respect to our Customers with active accounts, we may retain certain essential account information, but otherwise regularly delete other information that is less essential to the provision of our Services in order to minimize our storage of data. We also will retain personal information that we’ve collected from you where we have an ongoing legitimate business need to do so (for example, to comply with applicable legal, tax or accounting requirements). Additionally, we cannot delete information when it is needed for the establishment, exercise or defense of legal claims (also known as a “litigation hold”). In this case, the information must be retained as long as needed for exercising respective potential legal claims. When we no longer have an ongoing legitimate business need to process your personal information, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), we will securely store your personal information and isolate it from any further processing until deletion is possible. For any questions about data retention, please contact [email protected].
In some instances, we may choose to anonymize your personal data instead of deleting it, for statistical use, for instance. When we choose to anonymize, we make sure that there is no way that the personal data can be linked back to you or any specific user.
You may opt-out at any time of marketing that we may send you by clicking on the unsubscribe link contained in each email, or you may contact us directly at [email protected].
We do not sell your personal information within the scope of, and according to the defined meaning of, a “sale” under NRS 603A.
Hexact is a United States corporation, which primarily stores information in the United States. To facilitate our global operations, we may process personal information from around the world, including from other countries and in other countries in which Hexact has operations, in order to provide the Site and/or Services.
If you are accessing or using our Site and/or Services or otherwise providing personal information to us, you are agreeing and consenting to the processing of your personal information in the United States and other jurisdictions in which we operate.
If the GDPR applies to you because you are in the EEA or the U.K., you have certain rights in relation to your personal data:
How you may exercise these rights depends on how you use the Site and/or Services, as explained below. For End Users in the EEA or the U.K., please read below.
Customers, Site Visitors in the EEA or the U.K.
If you are located in the EEA or the U.K. and you are a Customer or Site Visitor, and wish to exercise any of the rights set out above, you may contact us at [email protected]using the term “DSR” as your email subject line. You will not have to pay a fee to access your personal data (or to exercise any of the other rights) unless your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request under those circumstances. If we cannot reasonably verify your identity, we will not be able to comply with your request(s). We may need to request specific information from you to help us confirm your identity. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. Note that this is especially true when you engage a third party to assist you in exercising your rights. We will respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated as required by law. In addition, we will always balance your rights against those of other data subjects in connection with any requests, and in some cases, this may require us to redact our responses or deny a request.
If you no longer wish to receive our marketing/promotional information, we remind you that you may withdraw your consent to direct marketing at any time directly from the unsubscribe link included in each electronic marketing message we send to you. If you do so, we will promptly update our databases, and will take all reasonable steps to meet your request at the earliest possible opportunity, but we may continue to contact you to the extent necessary for the purposes of providing our Services.
Finally, you have the right to make a complaint at any time to the supervisory authority for data protection issues in your country of residence. We would, however, appreciate the chance to address your concerns before you approach the supervisory authority, so please contact us directly first.
End Users in the EEA or the U.K.
Hexact has no direct relationship with End Users. Our Customers are solely responsible for ensuring compliance with all applicable laws and regulations with respect to their End Users, and this includes handling all data subject requests. We rely on our Customers to comply with the underlying legal requirements and respond directly to End Users when End Users wish to exercise the rights set forth above. However, if an End User sends a request to Hexact to access, correct, update, or delete his/her information, we will direct that End User to contact the Customer’s website(s) with which he/she interacted directly, and cooperate with our Customers as required by applicable law in order to ensure that our Customers satisfy their End Users’ requests.
Hexact's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
If you have questions about data protection, or if you have any requests for resolving issues with your personal data, we encourage you to first contact us so we can reply to you more quickly.