Privacy Policy
Last Updated: March 03, 2024
Equafin Corp. d/b/a HeyMarvin ("HeyMarvin," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy ("Policy") explains how we collect, use, disclose, and safeguard your personal information when you visit our website at www.heymarvin.com (the "Website") and use our software-as-a-service platform for user research (together with the Website, the "Services"). Please read this Policy carefully. By using our website and Services, you agree to the terms of this Policy.
This Policy does not apply to personal information we process on behalf of our customers and users when providing Services to them. We process such personal information in accordance with the Data Processing Addendum (DPA) signed between HeyMarvin and the customer or user. If your personal information was provided to us by a customer, for example if you are a paid user of our Services, please read such customer's privacy policies to learn about how they process your information.
1. Information We Collect
We collect personal information about you from different sources listed below.
Personal Information You Provide to Us
- Account Information: When you create a free account with us, you may provide us with your name, email address, language preference, and profile picture.
- Correspondence and Contact Information: When you contact us, including about our Services, via email, telephone, or by other means, you provide us with personal information, such as your full name, email address, telephone number, job title, and the content of your communications.
- Survey Information: When you participate in our surveys or market research, you may provide us with personal information.
- Webinars and Events: When you register to attend a webinar or other event with us, you may provide us with personal information, such as your full name, email address, telephone number, and job title.
- Marketing Information: When you register your choices for receiving communications about our activities and publications, we store this information.
Information Collected via Automated Means
- Device Data: We collect information about your device, such as your computer's or mobile device's operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique identifiers, language settings, mobile device carrier, radio/network information (e.g., WiFi, LTE, 4G), and general location information, such as city, state, or geographic area.
- Usage Data: When you access and use our Services, we receive and store information about your interactions with our Services, including pages or screens you viewed, how long you spent on a page or screen, browsing history, navigation paths between pages and screens, information about your activity on a page or screen, access times, and duration of access, and whether you have opened our marketing emails or clicked links within them.
We collect such personal information automatically via cookies, pixel tags, local storage technologies, web beacons or similar technologies on our Services (collectively referred to as "Cookies"), including for conducting analytics. For more information on our use of Cookies, please read our Cookie Policy.
Information We Receive from Third Parties
The third parties below process your personal information in accordance with their own privacy policies. Please review these policies carefully before using their services.
- Third party data providers: We may obtain your personal information from third party data providers and lead generators, for example for marketing purposes.
- Third party Sign-in: When you choose to create an account with Google, Microsoft or Okta, these third parties may provide us with your personal information such as your account information, so you can log-in.
- Integrations: We may obtain personal information through APIs or other integrations on our Services. For example, if you connect your Google account to the Services, we may collect certain information via Google APIs, such as your name, email address, and calendar data, solely for the purposes of providing and improving the Services' functionality for you. We do not use any data obtained through Google APIs, including Google Workspace APIs, for any other purposes such as developing, improving, or training non-personalized AI or machine learning models.
2. How We Use Your Personal Information
We use the personal information we collect to operate, improve and personalize the Services, analyze research data, identify trends and patterns, generate research reports, and communicate with you. Specifically, we may use your personal information to:
- Provide the Services: We use your personal information to perform our contractual obligations towards you to allow you to use the Services and to facilitate the use of our collaboration solutions as part of the Services.
- Respond to your requests, inquiries, and concerns: If you reach out to us for support, we will perform our contractual obligations towards you by using your personal information to respond and resolve your queries. The personal information we process for this purpose may include your correspondence with us, your contact details, and other personal information processed about you when you use our Services.
- Send administrative information, marketing communications, and service updates: It is in our legitimate interests to communicate with you about our Services, including by sending you announcements, updates, security alerts, and support and administrative messages. Except where consent is required, unless you have opted out of receiving marketing communications, it is in our legitimate interests to use your personal information to communicate with you regarding our Services, promotions, events, webinars, and other news or products we think will be of interest to you. You can opt out of such communications by following the unsubscribe mechanism on our communications, or by contacting [email protected].
- Monitor and analyze trends and use of our Website: It is in our legitimate interests to analyze the use of our Services. When doing so, we process personal information that we automatically collect about you or that is generated about you when you use the Services. It is also in our legitimate interests to keep our Services safe for our users, which includes conducting troubleshooting, testing, and research to keep the Website secure.
- Product improvement, anonymisation and aggregation: It is in our legitimate interest to use and aggregate your personal information for statistics and product improvement. We may also anonymise your personal information to use it to train our algorithms through machine learning techniques. This enables us to enhance the functionality, performance, and user experience of the Services.
- Protect against, identify and prevent fraud and other unlawful activity, claims and other liabilities: It is in our legitimate interests to ensure the integrity of our Services and to defend ourselves against legal claims or disputes. Where we do so, we will use the personal information relevant to such a case.
- Comply with relevant laws and regulations: Some processing may be necessary to comply with a legal obligation placed upon us, for example, in connection with a request by any judicial process or governmental agency.
We will take all necessary measures to ensure that transfers out of the EEA, Switzerland, and UK are adequately protected as required by applicable data protection laws.
For more information about how we transfer personal information internationally, please contact us at [email protected].
3. How We Share Your Personal Information
We disclose personal information about you with the following recipients and in the following circumstances:
- Affiliates: Affiliates and subsidiaries of HeyMarvin, for purposes consistent with this Policy.
- Service Providers: We rely on vendors and service providers for the provision of our Services and the purposes set out above, such as providers of website analytics, hosting and cloud computing services and other IT services, database management and customer support services in addition to any other administrative services. These third parties may have access to or process your personal information as part of providing these services.
- Advisors: We work with various advisors, including tax consultants and legal advisors, with whom we may share your personal information.
- Legal and Law Enforcement Authorities: Your personal information may be disclosed to law enforcement agencies, regulatory bodies, public authorities or pursuant to the exercise of legal proceedings if we are legally required to do so, or if we believe, in good faith, that such disclosure is necessary to prevent or resolve security or technical issues, or to protect the rights, property or safety of HeyMarvin, or third parties.
- Business Transactions: If HeyMarvin is involved in a merger, acquisition or asset sale, financing due diligence, reorganisation, bankruptcy, receivership, sale of company assets, or transition of service to another provider, your personal information may be sold, transferred or otherwise shared, including as part of any due diligence process.
4. Cookies and Similar Technologies
We and our third-party partners may use cookies and similar tracking technologies to collect and use personal information about you, including to serve interest-based advertising.
Cookies are small data files stored on your hard drive or in device memory that help us improve our Services and your experience, see which areas and features of our Services are popular, and count visits. Web beacons (also known as "pixel tags" or "clear GIFs") are electronic images that may be used in our Services or emails and help deliver cookies, count visits, and understand usage and campaign effectiveness.
For more information about cookies and how to disable them, please see our Cookie Policy.
5. Your Rights Under General Data Protection Regulation (GDPR):
If you are a resident of the EEA, Switzerland, or the United Kingdom ("UK"), you have the following data protection rights, as provided under applicable law and subject to any limitations in such law:
- The right to access, update or delete your personal information.
- The right of rectification. You have the right to have your personal information rectified if that information is inaccurate or incomplete.
- The right to erasure. You have the right to request that we delete any personal information we hold about you
- The right to object. You have the right to object to our processing of your personal information.
- The right of restriction. You have the right to request that we restrict the processing of your personal information.
- The right to data portability. You have the right to be provided with a copy of your personal information in a structured, machine-readable and commonly used format or have such data transmitted to another company.
- The right to withdraw consent. You also have the right to withdraw your consent at any time where we relied on your consent to process your personal information.
Please note that we may ask you to verify your identity before responding to such requests.
You have the right to complain to a Data Protection Authority about our collection and use of your personal information. For more information, please contact your local data protection authority in the EEA, Switzerland or the UK.
6. Your Rights under California Consumer Privacy Act (CCPA):
If you are a resident of California, you have the following rights under the California Consumer Privacy Act (CCPA):
- The right to know what personal information is being collected about you.
- The right to know whether your personal information is sold or disclosed and to whom.
- The right to say no to the sale of your personal information.
- The right to access your personal information.
- The right, in certain circumstances, to delete the personal information we have collected from you.
- The right to equal service and price, even if you exercise your privacy rights.
To exercise your CCPA rights, please contact us at [email protected]. Please note that we may ask you to verify your identity before responding to such requests.
7. International Data Transfers
HeyMarvin is based in the US and the information we collect is governed by US law. Your information may be transferred to, and processed in, countries other than the country in which you are resident, including the United States. These countries may have data protection laws that are different from the laws of your country.
For data transfers from the European Economic Area (EEA), Switzerland, and the UK to the US or other countries, we rely on a European Commission or UK Government adequacy decision or regulation, the EU Standard Contractual Clauses (SCCs) and, to the extent applicable, the UK Addendum, or a derogation if available.
We will take all necessary measures to ensure that transfers out of the EEA, Switzerland, and UK are adequately protected as required by applicable data protection laws.
For more information about how we transfer personal information internationally, please contact us at [email protected].
8. Data Retention
We will retain your personal information for as long as your account is active or as long as needed to fulfill the purposes for which it was collected and processed, in accordance with our retention policies, applicable laws, or until you withdraw your consent.
To determine the appropriate retention period for your personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we use your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
For example, if you wish to delete your account, please contact us at [email protected] . We aim to delete your information within 30 days of account cancellation, unless otherwise required by law or our legitimate business interests.
9. Security
We take your data security seriously. To protect your data, we employ technical and organizational security measures, including encryption, firewalls, access controls, SOC 2 Type II, ISO 27001, HIPAA and GDPR compliance. No security system is impenetrable, however, and we cannot guarantee 100% security of your information. You can request to learn more about how we protect your data from our Trust Portal.
10. Your Choices
You may opt out of receiving marketing emails from us by following the instructions in those emails. If you opt out, we may still send you non-promotional emails, such as those about your account or our ongoing business relations. You may also send requests about your contact preferences or changes to your information by emailing us at [email protected] .
Cookies: Most web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove or reject browser cookies. Please note that if you choose to remove or reject cookies, this could affect the availability and functionality of our Services. Please read our Cookie Policy for more information.
11. Changes to this Policy
We may update this Policy from time to time to reflect changes in our practices or for other operational, legal or regulatory reasons. We encourage you to periodically review this page for the latest information on our privacy practices.
If we make material changes, we will let you know via email and/ or a prominent notice on our Services.
12. Complaints
If you wish to lodge a complaint about how we process your personal information, please contact [email protected]. We will endeavor to respond to your complaint as soon as possible. If you are located in the EEA, Switzerland, or the UK, you may also lodge a complaint with a competent supervisory authority, including in your country of residence, place of work, or where you believe an incident took place.
13. Contact Us
For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by email at [email protected] or by mail using the details provided below:
Equafin Corp.
66 Franklin Street
Ste# 300
Oakland CA USA
+1.510.727.5100
[email protected]
If you are a resident in the EEA, and the "data controller" of your personal information is Equafin Corp. You can contact our EU Representative at:
DataRep
The Cube
Monahan Road
Cork, T12 H1XY
Republic of Ireland
If you are a resident of the UK, you can contact our UK Representative at:
DataRep
107-111 Fleet Street
London, EC4A 2AB
United Kingdom
Supervisory Authority:
The Irish Data Protection Commission
21 Fitzwilliam Square South
Dublin 2, D02 RD28
Ireland