Hubstaff EU-U.S. Data Privacy Framework Policy

This Data Privacy Framework Policy ("Policy") describes how Hubstaff (Netsoft Holdings, LLC) in the United States ("US") ("Hubstaff," "we," or "us") collect, use, and disclose certain personally identifiable information that we receive in the US from the European Union ("EU"), the United Kingdom (“UK”), and Switzerland ("Personal Data"). This Policy supplements our Hubstaff Privacy Policy located at https://hubstaff.com/privacy, and unless specifically defined in this Policy, the terms in this Policy have the same meaning as the Hubstaff Privacy Policy.

Hubstaff complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Hubstaff has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Hubstaff has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this Policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

For purposes of enforcing compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Hubstaff is subject to the investigatory and enforcement authority of the US Federal Trade Commission.

Personal Data Collection and Use

Our Hubstaff Privacy Policy located at https://hubstaff.com/privacy describes the categories of Personal Data that we may receive in the US as well as the purposes for which we use that Personal Data. Please note that we may receive the following categories of Personal Data in the US: account, payment transaction, task, correspondence, support, form, user contributions, public, device and browser, and analytics data and information. We may also process Personal Data information required to provide and operate our Hubstaff service for our business customers, including employee contact information, information about remote presence and work, and productivity information. We process Personal Data for the following purposes: to provide our website and services to you; to maintain, analyze, and improve your experience on our website and services; to communicate with you and provide customer and technical support; to monitor and enforce our contracts and legal terms; to detect and prevent fraud; and to fulfill the purpose for which you provided your information to us; and for other legitimate purposes as set forth in our Hubstaff Privacy Policy. Hubstaff will only process Personal Data in ways that are compatible with the purpose that Hubstaff collected it for, or for purposes the individual later authorizes. Before we use your Personal Data for a purpose that is materially different than the purpose we collected it for or that you later authorized, we will (at a minimum) provide you with the opportunity to opt out. Hubstaff maintains reasonable procedures to help ensure that Personal Data is reliable for its intended use, accurate, complete, and current.

Data Transfers to Third Parties

Third-Party Agents or Service Providers. We may transfer Personal Data to our third-party agents or service providers who perform functions on our behalf as described in our Website Privacy Policy. We take reasonable and appropriate steps to ensure that third-party agents and service providers process Personal Data in accordance with our EU-U.S. DPF, UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF obligations and to stop and remediate any unauthorized processing. Under certain circumstances, we may remain liable for the acts of our third-party agents or service providers who perform services on our behalf for their handling of Personal Data that we transfer to them.

Disclosures for National Security or Law Enforcement. Under certain circumstances, Hubstaff may be required to disclose your Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Hubstaff may make additional disclosures as indicated in its Hubstaff Privacy Policy. In the context of an onward transfer of your personal information, Hubstaff remains responsible for the processing of personal information we receive under the DPF Principles and subsequently transfers to a third party acting as an agent on our behalf. As required by law, Hubstaff remains liable under the DPF Principles if its agent processes such personal information in a manner inconsistent with the DPF Principles, unless another party is responsible for the event giving rise to the damage.

Access Rights

Pursuant to the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, EU, UK and Swiss individuals have the right to obtain our confirmation of whether we maintain Personal Data relating to you in the United States. Upon request, we will provide you with access to the Personal Data that we hold about you. You may also correct, amend, or delete the Personal Data we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF should direct their query to privacy@hubstaff.com. If requested to remove data, we will respond within a reasonable timeframe.

We will provide an individual opt-out choice, or opt-in for sensitive data (including personal information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or information specifying the sex life of the individual), before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your Personal Data, please submit a written request to privacy@hubstaff.com. Hubstaff may limits its response to your exercise of rights as permitted by law.

Questions or Complaints

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Hubstaff commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU, UK or Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF should first contact privacy@hubstaff.com.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Hubstaff commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to the BBB Data Privacy Framework Services, operated by the Council of Better Business Bureaus, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers/ for more information or to file a complaint. The BBB Data Privacy Framework Services are provided at no cost to you.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Hubstaff commits to cooperate and comply with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF in the context of the employment relationship.

Binding Arbitration. Under certain conditions, you may invoke binding arbitration for complaints regarding EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF compliance not resolved by any of the other DPF mechanisms. To understand when such terms apply, please see Annex I of the DPF here: https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2.