Compliance with PIPA: Effective as of December, 2016 (the “Effective Date”), Bermuda has adopted the Personal Information Protection Act (“PIPA”), covering all Bermuda-based companies that have access to personal data. The Company and its Affiliates have issued these privacy provisions in compliance with PIPA in order to provide appropriate disclosures and protection to all users of the Sites (“Users”), whether or not domiciled in Bermuda.
Bermuda recognizes the right to information privacy and has enacted legislation in the form of the Personal Information Protection Act 2016 (“PIPA”) to regulate and protect the use of personal information under the auspices of a Privacy Commissioner appointed by the Governor (the “Privacy Commissioner”). PIPA embodies the eight guiding principles recognized internationally for the collection and use of personal information and is intended to compliment the Public Access to Information Act 2010, which provides access to information held by public authorities. PIPA provides that personal information can only be used by an organization in a lawful and fair manner.
Because certain Users are expected to be domiciliaries of the European Union, the Company and its Affiliates will apply to such Users the additional or enhanced protective provisions of the General Data Protection Regulations, which were enacted by the European Union effective May 25, 2018.
Your privacy is important to us and we strive for a high level of protection in all processing of personal data.
Processing of Personal Data
The term “personal data” refers to information which, directly or indirectly, may refer to you as an individual. Examples of personal data are name, email address, government issued identification number, billing information, credit and financial information (such as Know Your Customer disclosures), contact details and IP address. Personal data processing refers to any action that we or a third party engaged by us may take with the personal data, such as its collection, registration and storage. It also may include Cookies (see our Cookie Notice).
Personal data may only be processed for specified and explicitly stated purposes and may not be subsequently processed for any purpose that goes beyond these stated purposes.
When we may collect personal data
We may collect personal data under any or all of the following circumstances:
(1) When you choose to interact with any of the Sites either directly or via social media; for example, by subscribing to offerings, signing up for updates such as newsletters, deals and offers, webinars, trade shows, events, etc. through email. Note that Users may opt out of email offerings via a link in each email message sent by the Company or an Affiliate.
(2) When you choose to purchase our products or services online or become a potential customer of such products or services;
(3) When you utilize services provided on the Sites, whether or not any purchase is made or contemplated, such as participating in free games or other activities.
In any or all such cases, you may be required to register as a User of the Site(s) and to disclose personal data.
We collect personal data such as name, e-mail address and other information which you voluntarily provide under any of the foregoing circumstances. We also automatically receive and store information from your web browser, such as IP address, language preferences, cookie information and the pages you visit, to log files on our server. We use the information collected to respond to your requests regarding products and services, to improve the content on our Sites and the services, to track and prevent illegal use or abuse of our Sites and services, and to develop anonymous usage statistics.
Although PIPA allows for “implied consent” to the collection of personal data, we choose to subscribe to the stricter standard of GDPR, and therefore will ask that you expressly consent to such collection. If you do not agree to the collection of your personal data, you are advised not to become a User of any of the Sites.
We also use personal data for legally required notices, direct marketing and advertising in accordance with applicable law and market practice. You may opt out of such direct marketing and advertising at any time. We may use the information we collect with regard to how you, as a User, utilize the Sites so that we can analyze usage behavior to improve site functionality and provide you with personalized content. Personal data may also be processed indirectly in connection with the development and administration of the Company’s IT systems.
The legal grounds for such usage include (i) performance of a contract wherein you request services/resources through the Sites and (ii) legitimate interest in other processing activities, such as for the purpose of improving services and the content of the Sites, as well as for prevention of abuse and for statistical purposes.
We delete collected personal data when the purpose of the processing has been completed. Our Cookie Notice includes retention periods in respect of cookies that we use. Under the GDPR, you have the right to request that personal data be deleted if you no longer wish to be a User of any of the Sites. The Company will honor such requests, which must be submitted by email to firstname.lastname@example.org, within a reasonable time after receipt thereof.
Security for the protection of personal data We know you are entrusting Hxro Labs with information and make every effort to safeguard it from unauthorized disclosure. We protect your personal data against unauthorized or unlawful processing and against accidental loss, destruction or damage, by implementing appropriate technical and organizational security measures. Any third parties we may employ in connection with the collection or storage or personal data are required to implement similar measures.
Restrictions on the Disclosure of Personal Data
We do not share personal data with third parties except under circumstances described herein. We may appoint external agents to perform tasks on our behalf, such as providing IT services or helping with marketing and recruitment, administration of press releases, data analysis or statistics. The performance of these services may mean that such agents, both within and outside Bermuda, are able to gain access to your personal data. Companies that process personal data on our behalf must always affirm that they are PIPA and GDPR compliant and sign a non-disclosure agreement with us, so that we are able to ensure a high level of protection of your personal data even with our partners. If such a company reports a breach that may involve your personal data, we are required to report such breach to you “without undue delay.” Under GDPR, we are required to disclose any such breach within 72 hours after its discovery by us.
Special safeguards are taken with regard to partners outside Bermuda, such as signing agreements that include the standardized clauses for data transfers adopted by the Bermuda Privacy Commissioner and GDPR, and which are available on their respective websites. We may also disclose your personal data to third parties, for example the police or other public authorities, pursuant to a subpoena or other legal process, or if we are otherwise required to disclose such data by law or public authority decision.
Your rights and the right to file a complaint
Under applicable data protection legislation you are entitled, at any time, to request access to the personal data that is processed about you, to have erroneous personal data corrected, to request that we stop processing and delete your personal data, to request that the processing of your personal data is restricted, to exercise your right to data portability, to withdraw consent to particular processing (where such consent has been obtained) and to object to the processing of your personal data. The aforementioned provision notwithstanding, Hxro Labs, reserves the right to retain data as required by law by and through the usage of our services. In such event, you may contact the Company via the contact details listed below. If you consider that your personal data has been processed in contravention of applicable data protection legislation or of these provisions, you may file a complaint with the applicable regulatory authority in your country or in Bermuda.
Organization and Contact Details
For all purposes under PIPA and the GDPR, and unless otherwise specifically disclosed herein or to the customer or User, the “organization” and responsible party for this Site is Hxro Labs.
If you have any questions on how we process your personal data or want information about further contact details for the Company or its Affiliates, please contact us through this Site at email@example.com or by mail to:
2 Church Street
Hamilton, HM 11
The Company, in common with many web site operators, may use standard technology called “cookies” on its Sites. A cookie is a piece of data stored on a site visitor’s hard drive to help us improve its access to our site and identify repeat visitors to our site. For instance, when we use a cookie to identify you, you would not have to login a password more than once, thereby saving time while on our site. Cookies can also enable us to track and target the interests of our Users to enhance their experience on our site. Usage of a cookie is in no way linked to any personally identifiable information. You can disable cookies by turning them off in your browser; however, some areas of the Sites may not function properly if you do so.
3. Amendments to this Policy.
4. Intent of this Policy.