Effective date: November 1, 2016
- Hootsuite Data and Customer Content
- Hootsuite Data we receive or collect
- How we use Hootsuite Data
- Customer Content we process for our customers
- Cookies and related technologies
- When we may share personal information
- Information storage and international transfers
- Email preferences
- Your rights
- Contacting us
Hootsuite Media Inc. and its affiliates (“Hootsuite”) are committed to protecting the privacy of all individuals who:
- visit any websites or mobile sites offered by Hootsuite, including without limitation hootsuite.com, and including all subdomains, present and future (the “Website”);
- use the mobile applications that Hootsuite makes available from time to time (the "Applications");
- use the Services including Hootsuite Free, Pro, Professional, Team, Business, Enterprise, Ow.ly, Amplify, Academy, Insights, Campaigns and other Hootsuite products and services (the "Platforms"); and
- purchase Hootsuite-branded and other items from the Hootsuite Shop located at shop.hootsuite.com and other domains (the “Shop”). When we talk about “Personal Information”, we mean information relating to you or other identifiable individuals.
To make this policy easier to read, we call the Website, the Applications, the Platforms, and the Shop together the "Services". When we talk about “Personal Information”, we mean information relating to you or other identifiable individuals.
Hootsuite Data and Customer Content
We collect Personal Information (such as registration and account information) from our customers and users of the Services for our own purposes, such as to provide and administer the Services (“Hootsuite Data”). We’re the data controller in respect of this information. Hootsuite Data is also referred to as “Customer Information” in our Terms with our Enterprise Customers.
We also process Personal Information on behalf of our customers as their data processor, such as content generated, requested or published via the Platforms in accordance with the instructions our customers give us through the Services (including, for example, the information our customers monitor or collect from social media sites like Twitter and Facebook through the Services) (“Customer Content”). Our customers control how their Customer Content is collected and used by them. In legal terms this means that our customers are the data controller of their Customer Content. Accordingly, we only use Customer Content to provide the Services to our customers in accordance with the lawful instructions they give us through the Services.
Hootsuite Data we receive or collect
When you first register for a Hootsuite account, and when you use the Services, we collect some Personal Information about you such as:
- your full name, username, and email address and other contact details
- the geographic area where you use your computer and mobile devices
- a unique Hootsuite user ID (an alphanumeric string) which is assigned to you upon registration
- other optional information as part of your account profile
- your IP Address and, when applicable, timestamp related to your consent and confirmation of consent
- other information submitted by you or your organizational representatives via various methods (phone, email, online forms, surveys, in-person meetings, etc)
- your billing address and any necessary other information to complete any financial transaction, and when making purchases through the Services, we may also collect your credit card or PayPal information
- user generated content (such as messages, posts, comments, pages, profiles, images, feeds or communications exchanged on the Supported Platforms)
- images or other files that you may publish via our Services (including the Ow.ly services)
- information we may receive relating to communications you send us, such as queries or comments concerning our Services
- information relating to an individual’s real time location
Hootsuite also automatically collects and receives certain information from your computer or mobile device, including the activities you perform on our Website, the Platforms, and the Applications, the type of hardware and software you are using (for example, your operating system or browser), and information obtained from cookies (see “Cookies and Related Technologies” below). For example, each time you visit the Website or otherwise use the Services, we automatically collect your IP address, browser and device type, access times, the web page from which you came, the regions from which you navigate the web page, and the web page(s) you access (as applicable).
How we use Hootsuite Data
Hootsuite uses Hootsuite Data for the following general purposes:
- to identify you when you login to your account
- to enable us to operate the Services and provide them to you
- to verify your transactions and for purchase confirmation, billing, security, and authentication (including security tokens for communication with installed Third-Party Apps)
- to analyze the Website or the other Services and information about our visitors and users, including research into our user demographics and user behaviour in order to improve our content and Services
- to contact you about your account and provide customer service support, including responding to your comments and questions
- to share aggregate (non-identifiable) statistics about users of the Services to prospective advertisers and partners
- to keep you informed about the Services, features, surveys, newsletters, offers, contests and events we think you may find useful or which you have requested from us
- to sell or market Hootsuite products and services to you
- to better understand your needs and the needs of users in the aggregate, diagnose problems, analyze trends, improve the features and usability of the Services, and better understand and market to our customers and users
- to keep the Services safe and secure
We also use non-identifiable information gathered for statistical purposes to keep track of the number of visits to the Services with a view to introducing improvements and improving usability of the Services. We may share this type of statistical data so that our partners also understand how often people use the Services, so that they, too, may provide you with an optimal experience.
Customer Content we process for our customers
Hootsuite is a social media management tool. By its nature, Services enable our customers to bring together their social networks and integrate with hundreds of business applications that they already use, all in one place.
Services help our customers manage social media campaigns, marketing and advertising; engaging audiences; scheduling and publishing messages; and analyze the results.
In particular, the various Services allow our customers to instantly connect to other third party services, including “Supported Platforms” such as Twitter, Facebook, etc. When our customers link a Supported Platform or a third party service (such as OpenID) to their Hootsuite account or when they register with a Supported Platform through their Hootsuite account, our customers can choose to instantly collect, process, share and access such third party services and Supported Platform via their Hootsuite account (subject to the terms of the license agreements with the Supported Platforms and other third party services).
In this way, our customers can obtain, use and analyze public Personal Information from Supported Platforms and third party services of their choosing, and also create, input, submit, post, transmit, store, view or display Personal Information through the functionality in the Services. Such information can include Personal Information of all types, including but not limited to the following categories:
- user generated content (such as messages, posts, comments, pages, profiles, images, feeds or communications exchanged on the Supported Platforms)
- contact details (such as name, email address, telephone number)
- additional individual information (such as age, gender, employer, profession, geographic location, education information, financial status, habits and preferences)
- information relating to individual’s real time location
Cookies and related technologies
The Services use “session cookies”, which improve your user experience by storing certain information from your current visit on your device, such as log-in information. These enable us to remember your log-in session so you can move easily within the Website or the other Services. Without these session cookies, we wouldn’t be able to provide the Services to you. These session cookies have limited functionalities and expirations, and you will be required to re-enter your Hootsuite log-in information after a certain period of time has elapsed to protect you against others accidentally accessing your account contents and related Personal Information. Other examples of our use of session cookies include to track the number of visits by a particular visitor to a page and to store items in an online shopping cart for the Shop.
Performance and Remarketing Cookies
i) Google Analytics
Hootsuite uses a specific cookie in order to facilitate the use of Google Universal Analytics for users logged-in to the Applications or the Platforms (“Logged-In User). If you are a Logged-In User, Hootsuite may use your Hootsuite user ID in combination with Google Universal Analytics and Google Analytics to track and analyze the pages of the Services you visit. We do this only to better understand how you use the Website and the other Services, with a view to offering improvements for all Hootsuite users; and to tailor our business and marketing activities accordingly, both generally and specifically to you. Google Analytics cookies do not provide Hootsuite with any Personal Information.
ii) Google Display Advertising
Additionally, Hootsuite uses Google Analytics code that allows for certain forms of display advertising and other advanced features. Subject to change, the Google Display Advertising features Hootsuite currently uses are Remarketing, Google Display Network Impression Reporting, the DoubleClick Campaign Manager Integration, and Google Analytics Demographics and Interest Reporting.
These features are used to advertise online; to allow third-party vendors, including Google, to show you advertising across the Internet; to allow Hootsuite and third-party vendors, including Google, to use first-party cookies (such as the Google Analytics cookie) and third-party cookies together to inform, optimize, and serve ads based on your past visits to the Website and to report how ad impressions, uses of ad services, and interactions with these ad impressions and ad services are related to visits to the Website. Data from Google's interest-based advertising or third-party audience data (such as age, gender, and interests) is also combined with Google Analytics to better understand the needs of Hootsuite users and to improve the Services.
Hootsuite uses other third-party performance and remarketing cookies, and further information on those third-party cookies can be obtained by contacting us.
Hootsuite may also use related technologies including web beacons, bugs, pixels, and software tokens in order to facilitate your use of the Services. Most notably, the Services use software tokens (stored securely on Hootsuite-controlled servers) in order to facilitate the logging in to and the functioning of both the Supported Platforms and Third-Party Apps.
Most computer and some mobile web browsers automatically accept cookies but, if you prefer, you can change your browser to prevent that or to notify you each time a cookie is set. The Network Advertising Initiative has also developed a tool that may help you understand which third parties have currently enabled cookies for your browser and opt-out of those cookies. Further information can be found at http://www. networkadvertising.org/managing/opt_out.asp. Please note however that, by blocking or deleting cookies, you may not be able to take full advantage of the Website, Applications, Platforms, and/or Shop. If you do not want to receive tracking pixels, you will need to disable HTML images in your email client, and that may affect your ability to view images in other emails that you receive.
When we may share Personal Information
(1) when you explicitly consent to the disclosure of such information to a third party when connecting to a third-party service that asks you if you consent to such sharing;
(2) where we are legally required to do so, such as in response to court orders or legal process, or to establish, protect, or exercise our legal rights or to defend against legal claims or demands;
(3) if we believe it is necessary in order to investigate, prevent, or take action regarding illegal activities, fraud, or situations involving potential threats to the rights, property, or personal safety of any person;
(4) if we believe it is necessary to investigate, prevent, or take action regarding situations that involve abuse of the Services infrastructure or the Internet in general (such as voluminous spamming, denial of service attacks, or attempts to compromise the security of the Website infrastructure or the Services generally);
(5) to a parent company, subsidiaries, joint ventures, or other companies under common control with Hootsuite;
(7) if this information is not private, is aggregated or is otherwise non-Personal Information, such as your public user profile information and related public data (such as Tweets, likes, etc.) or the number of users who clicked on a particular link (even if only one did so).
We use industry best practices to keep any information collected and/or transmitted to the Supported Platforms or Third-Party Apps secure. This includes the use of HTTPS with TLS (Transport Layer Security), which encrypts all transmitted data, and OAuth 2.0 protocols for authentication and data transfer to Supported Platforms and Third-Party Apps.
Certain Personal Information, most notably Hootsuite log-in details, is encrypted during transmission using TLS. Once validated within our system, passwords are deleted from our system. In addition, Hootsuite uses third-party vendors and hosting partners such as Amazon to provide the necessary hardware, software, networking, storage, and related technology required to run the Services. These vendors have been selected for their high standards of both physical and technological security, including ISO and SSAE16 certifications.
When payments are processed via credit card, Hootsuite uses third-party vendors that are PCI-DSS Compliant. At no point does Hootsuite have access to your credit card information.
You should bear in mind that submission of information over the Internet is never entirely secure. We cannot guarantee the security of information you submit via the Services whilst it is in transit over the Internet and any such submission is at your own risk, and this risk is specifically disclaimed in our Terms.
If you are a Logged-in User, it is advisable that you log out of your account at the end of every session and not leave a logged-in account unattended for any period of time, particularly if you use a shared computer or device.
Information storage and international transfers
Hootsuite Media Inc., the entity which provides the Services, is a Canadian company with its head-office located in Vancouver, British Columbia. For the purposes of EU data protection law, Canada is considered a country which provides adequate protections for Personal Information, as confirmed by the European Commission in Commission Decision 2002/2/EC.
The Services are mainly provided from our offices in Canada. However, by the very nature of the Services, the data that is viewed, collected, stored or posted on or through the Services also needs to flow from wherever you are located in the world, to where our Supported Platforms are storing the same data (i.e. in most cases, in the United States). In addition, Hootsuite uses third-party service providers (such as managed hosting providers, card processors, CRM systems, sub-processors of Customer Content and technology partners) to provide the necessary hardware, software, networking, storage and other services that we use to operate the Services. These third party providers may process, or store, the same Customer Content on servers outside of the EEA, including in Canada or the US.
By using any of the Services, or submitting or collecting any Personal Information via the Services, you authorize Hootsuite and its authorized service partners to use and process Customer Content and Hootsuite Data (including any Personal Information) in these countries. Please be aware that the privacy protections and the rights of authorities and Government agencies to access your Personal Information in some of these countries may not be equivalent to those in your country.
For our customers with a principal location in the EU:
If you primarily use the Services within the EU, we will process Customer Content (which may include Personal Information) as a data processor on your behalf. Under EU law, you are considered to be the data controller of the Customer Content, and as such you are responsible for complying with applicable data protection laws in respect of the processing of Customer Content and the lawful instructions you give us.
To facilitate the lawful transfer by you of your Customer Content (as a data controller) through the Services to outside the EEA, Hootsuite is offering its EU customers a data processing agreement as an addendum to their existing Hootsuite agreement (“Data Processing Addendum”). This incorporates the European Commission’s Standard Contractual Clauses (processors) of 2010 (also known as “model processor clauses” or "SCC 2010”).
Please note that the Data Processing Addendum only applies to the extent there is not another legal basis in place to validate the transfer of Personal Information to outside the EEA.
The Data Processing Addendum and some FAQs are available to all of our Customers. If you would like to incorporate the Data Processing Addendum into your existing agreement with Hootsuite, please email us and we will promptly send you Hootsuite’s Data Processing Addendum for you to complete, sign and return to us.
If you have any questions, please feel free to contact us.
You may opt out of marketing communications sent by Hootsuite by managing your email preferences on our Preferences Management page, or by following the unsubscribe instructions included in each marketing email.
You can contact us to obtain a copy of the Personal Information held about you by us. This may be subject to a fee not exceeding any prescribed fee permitted by applicable law. You can also ask us to correct and, where relevant, erase that information. Please note that certain Personal Information may need to be retained by Hootsuite for a period of time following cancellation of your account where this is necessary for our legitimate business purposes or required or authorized by applicable law. As mentioned above you have a right to change your email preferences at any time.
You should be aware that Hootsuite acts as a conduit between our users and the various Supported Platforms and Third-Party Apps. In several instances, the content published via Hootsuite will not be in Hootsuite’s custody or control, and any content that has been shared by you through any Supported Platform or Third-Party Apps via the Services may continue to be available to third parties and the public at large, as this content is now under the control of the operators of the Supported Platforms and/or the Third-Party Apps.
Hootsuite Legal Services
c/o Hootsuite Media Inc.
5 East 8th Avenue
Vancouver, BC V5T 1R6
© Hootsuite Media Inc. 2016