Hubstaff EU-U.S. Data Privacy Framework Policy

This EU-U.S. Data Privacy Framework Policy ("Policy") describes how Hubstaff (Netsoft Holdings, LLC) in the United States ("US") ("Hubstaff," "we," or "us") collect, use, and disclose certain personally identifiable information that we receive in the US from the European Union ("EU") ("Personal Data"). This Policy supplements our Hubstaff Privacy Policy located at https://hubstaff.com/privacy, and unless specifically defined in this Policy, the terms in this Policy have the same meaning as the Hubstaff Privacy Policy.

Hubstaff complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) as set forth by the U.S. Department of Commerce. Hubstaff has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF. If there is any conflict between the terms in this Policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

For purposes of enforcing compliance with the EU-U.S. DPF, Hubstaff is subject to the investigatory and enforcement authority of the US Federal Trade Commission.

Personal Data Collection and Use

Our Hubstaff Privacy Policy located at http://hubstaff.com/privacy describes the categories of Personal Data that we may receive in the US as well as the purposes for which we use that Personal Data. Please note that we may receive the following categories of Personal Data in the US: account, payment transaction, task, correspondence, support, form, user contributions, public, device and browser, and analytics data and information. We may also process Personal Data information required to provide and operate our Hubstaff service for our business customers, including employee contact information, information about remote presence and work, and productivity information. We process Personal Data for the following purposes: to provide our website and services to you; to maintain, analyze, and improve your experience on our website and services; to communicate with you and provide customer and technical support; to monitor and enforce our contracts and legal terms; to detect and prevent fraud; and to fulfill the purpose for which you provided your information to us; and for other legitimate purposes as set forth in our Hubstaff Privacy Policy. Hubstaff will only process Personal Data in ways that are compatible with the purpose that Hubstaff collected it for, or for purposes the individual later authorizes. Before we use your Personal Data for a purpose that is materially different than the purpose we collected it for or that you later authorized, we will (at a minimum) provide you with the opportunity to opt out. Hubstaff maintains reasonable procedures to help ensure that Personal Data is reliable for its intended use, accurate, complete, and current.

Data Transfers to Third Parties

Third-Party Agents or Service Providers. We may transfer Personal Data to our third-party agents or service providers who perform functions on our behalf as described in our Website Privacy Policy. We take reasonable and appropriate steps to ensure that third-party agents and service providers process Personal Data in accordance with our EU-U.S. DPF obligations and to stop and remediate any unauthorized processing. Under certain circumstances, we may remain liable for the acts of our third-party agents or service providers who perform services on our behalf for their handling of Personal Data that we transfer to them.

Disclosures for National Security or Law Enforcement. Under certain circumstances, Hubstaff may be required to disclose your Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Hubstaff may make additional disclosures as indicated in its Hubstaff Privacy Policy. In the context of an onward transfer of your personal information, Hubstaff remains responsible for the processing of personal information we receive under the DPF Principles and subsequently transfers to a third party acting as an agent on our behalf. As required by law, Hubstaff remains liable under the DPF Principles if its agent processes such personal information in a manner inconsistent with the DPF Principles, unless another party is responsible for the event giving rise to the damage.

Access Rights

Pursuant to the EU-U.S. DPF, EU individuals have the right to obtain our confirmation of whether we maintain Personal Data relating to you in the United States. Upon request, we will provide you with access to the Personal Data that we hold about you. You may also correct, amend, or delete the Personal Data we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under the EU-U.S. DPF, should direct their query to privacy@hubstaff.com. If requested to remove data, we will respond within a reasonable timeframe.

We will provide an individual opt-out choice, or opt-in for sensitive data (including personal information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or information specifying the sex life of the individual), before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your Personal Data, please submit a written request to privacy@hubstaff.com. Hubstaff may limits its response to your exercise of rights as permitted by law.

Questions or Complaints

In compliance with the EU-U.S. DPF, Hubstaff commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF should first contact privacy@hubstaff.com.

Hubstaff has further committed to refer unresolved privacy complaints under the DPF Principles to an independent dispute resolution mechanism, the BBB Data Privacy Framework Services, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/programs/allprograms/dpf-consumers for more information and to file a complaint. This service is provided free of charge to you.

Binding Arbitration. Under certain conditions, you may invoke binding arbitration for complaints regarding EU-U.S. DPF compliance not resolved by any of the other DPF mechanisms. To understand when such terms apply, please see Annex I of the DPF here: https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2.