Hootsuite Privacy Notice
Effective date: May 24, 2018
Introduction
Our Services
Personal Information We Collect
Account Data
1) Information you give us
2) Information we automatically collect from your use of the Services
Content
Account Data -How we use it
Account Data - Legal Basis for use
Account Data - Access, control and correction of personal information and certain other important rights
Content - Hootsuite as a Data Processor
Third-Party Apps and Social Networks
Access, correction & deletion of Content
For our users with a principal location in the EEA or otherwise subject to the General Data Protection Regulation (GDPR)
Privacy Information that applies to both Account Data and Content
When we may share personal information
How long we keep personal information
How we protect personal information
International transfers
Cookies and similar technologies
Choices
Children
Changes to this privacy notice
Contacting us
We recently updated our Terms of Service and privacy notice and these will come in effect for all existing users on May 24, 2018.
Introduction
Thank you for using Hootsuite. This privacy notice explains how Hootsuite collects, uses, processes, discloses, retains, and protects personal information i) when we provide Services to you; and ii) when we process personal information at your instruction that may be included as part of the Content which you view, upload, download or otherwise appears on our Services.
When this privacy notice refers to “Hootsuite”, “us”, “we” or “our”, it refers to Hootsuite Inc. (a Canadian corporation).
Hootsuite is committed to protecting the privacy of all individuals who:
- visit any of its websites or mobile sites, including hootsuite.com, including all subdomains, present and future (the “Website”);
- use any of its mobile applications (the "Applications");
- use any of its Services including Hootsuite Free, Pro, Professional, Team, Business, Enterprise, Ow.ly, Amplify, Academy, Insights, Campaigns, the Hootsuite Shop and other Hootsuite products and services made available from time to time (the "Platforms").
We call the Website, the Applications, the Platforms together the "Services".
To make this notice easier to read, any applicable Hootsuite terms of service are referred to as the “Terms”. If you see an undefined term in this Privacy Notice, it has the same definition as in our Terms.
Our Services
Hootsuite offers a suite of social media management tools. Our Services enable you to bring together your social media accounts for easy access and management through a single online portal. Hootsuite helps its users manage social media campaigns, marketing and advertising; engaging audiences; scheduling and publishing messages; and analyzing their results. When you link your existing social media accounts to your Hootsuite account, you can choose to instantly collect, process, share and access Social Network content via your Hootsuite account. Our Services also enable an ecosystem where you can choose to purchase or connect your Hootsuite Account to a series of third-party services (a “Third-Party App”).
Personal information we collect
Personal information is information relating to an identified or identifiable natural person. An identifiable natural person is an individual that can be identified, directly or indirectly, be referenced to an identifier such as: a name, an identification number, specific location data, an online identifier, or other attributes specific to that natural person.
Personal information does not include information that has been anonymized or aggregated in such a way that it can no longer be used to identify a specific natural person, whether on its own or in combination with other information.
The personal information that we collect falls into two broad categories: Account Data and Content.
Account Data
Account data (“Account Data”) is personal information you provide us, or that we collect from you and your devices in connection with your access to and use of our Services (such as when you provide us information to register for an account, or information we collect about your browser when you connect to one of our Services, etc.). In legal terms, we collect and use this Account Data as a data controller.
There are two general categories of Account Data we collect in order to provide you with the Services.
1. Information you give us
- Account information. You may provide us with information in connection with the creation and management of your account for the Services, such as a name, email address and a password to create a Hootsuite account.
- Billing information. If you have purchased a paid version of the Services, or if you make another financial transaction using our Services (such as purchasing a Third-Party App), we (and our third party payment processors) will collect information about the purchase or transaction. This includes billing details and credit card information, other account and authentication information.
- Other information. You may otherwise choose to provide us with information when you fill in a form, contact our customer support, respond to surveys or use other features of our Services. You may also provide us with other optional information as part of your account profile, including your usernames, avatars and links to the Social Network profiles you authenticate with your Hootsuite profile.
2. Information we automatically collect from your use of the Services
- Log data and usage information. Like most websites, when you view content on or otherwise interact with our Services our servers automatically record information, including information that your browser sends whenever you visit a Website or that your Application sends when you are using it. This log data may include your IP address, the address of the web page you visited before using the Services, your browser type and settings, your device information, the date and time of your use of the Services, information about your browser configuration and plug-ins, language preferences, unique identifiers and cookie data.
- Location information. When you use our Services, we may collect information about your geographic location.
Cookies and similar technologies. We use cookies and similar technologies to provide and support our websites and Services, as more fully explained in our Cookie Policy.
Content
The content which you upload, download, or view on our Services (defined as “Content” in our Terms) may, but not necessarily, contain personal information. When we refer to “Content” in this notice, we mean the personal information in Content that we process. We only process Content at your direction. In legal terms, we act as data processors for the personal information included in the Content. Our obligations and commitments as it relates to our processing of Content on behalf of our users is outlined in the section below called Content - Hootsuite as a Data Processor
Account Data - How we use it
We use, store, and process Account Data as a data controller to provide, understand, improve and develop our Services, keep our Services safe and to comply with our legal obligations. More particularly, we use it to:
Identify of our users
We use Account Data to identify you when you login to your account.
Provide Services
We use Account Data to enable us to operate the Services and provide them to you, including to:
- enable your access to our Services
- allow you to communicate with us and with other users
- verify your transactions, for purchase confirmation, billing, security, and authentication (including security tokens for communication with installed Third-Party Apps)
- contact you about your account and provide customer service support, including responding to your comments and questions
keep you informed about the Services, features, surveys, newsletters, offers, contests and events we think you may find useful or which you have requested from us
sell or market Hootsuite products and Services to you
Improve and optimize our Services
We use Account Data to:
better understand your needs and the needs of users in the aggregate, diagnose problems, analyze trends, perform analytics, conduct research and improve the features and usability of the Services, test and troubleshoot new products and better understand and market to our users
analyze the Website or the other Services and information about our visitors and users, including research into our user demographics and user behaviour
create aggregate (non-identifiable) statistics about users of the Services with a view to introducing improvements and improving usability of the Services
Keep our Services safe.
We use Account Data to verify accounts and activity, maintain the integrity of our Services, and to keep the Services safe and secure.
Account Data - Legal basis for use
Our legal basis for collecting and using Account Data as a data controller will depend on the the specific context in which we collect it. However, as a data controller, we will collect personal information from you where:
- we have your consent to do so
- where we need the personal information to perform a contract with you (e.g. to deliver the Hootsuite Services you have requested), or
- where the processing is in our legitimate interests (and not overridden by your data protection interests or fundamental rights and freedoms)
In some cases, we may also have a legal obligation to collect personal information from you, or may otherwise need the personal information to protect your vital interests or those of another person.
Where we rely on your consent to process Account Data, you have the right to withdraw or decline your consent at any time. Please note that this does not affect the lawfulness of the processing based on consent before its withdrawal.
If we ask you to provide Account Data to comply with a legal requirement we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information). Similarly, if we collect and use your personal information in reliance on our legitimate interest which are not already described in this notice, we will make clear to you at the relevant time what those legitimate interests are.
Account Data - Access, control and correction of personal information and certain other important rights
As a user, you may update or correct most of your Account Data by logging in to your account to edit your profile or organization record. To make a request to have Account Data returned to you, removed, or to make additional corrections, please email our privacy team. Requests to access, correct, or remove your information will be handled within thirty (30) days and may be subject to a fee as permitted by applicable law.
Depending on where you reside, you may have the right to exercise additional rights available to you under applicable laws with regards to the personal information Hootsuite holds about you as a data controller, including:
- Right of erasure: In certain circumstances, you may have a broader right to erasure of personal information that we hold about you – for example, if it is no longer necessary in relation to the purposes for which it was originally collected. Please note, however, that we may need to retain certain information for as long as you maintain an account for our Services, or as needed to provide you with our Services, for record keeping purposes, to comply with our legal obligations, resolve disputes and enforce the Terms.
- Right to object to processing: You may have the right to request that Hootsuite stops processing your personal information and/or to stop sending you marketing communications.
- Right to restrict processing: You may have the right to request that we restrict processing of your personal information in certain circumstances (for example, where you believe that the personal information we hold about you is inaccurate or unlawfully held).
- Right to data portability: In certain circumstances, you may have the right to be provided with your personal information in a structured, machine readable and commonly used format and to request that we transfer the personal information to another data controller without hindrance.
If you would like to exercise such rights, please contact us. We will consider your request in accordance with applicable laws. To protect your privacy and security, we may take steps to verify your identity before complying with the request.
You also have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority.
Content - Hootsuite as a Data Processor
You, as a Hootsuite user, control how Content is generated, requested, submitted or published and processed on our Services. When you use our Services, you may view, create, and analyze Content which will ultimately be published on the various Social Networks. You can also choose to access and/or link your Hootsuite account to a wide range of Third-Party Apps including to apps that are available in our App Directory. If you are an Enterprise user, we may also sell some of these Third-Party Apps to you in our capacity as an authorized reseller (these are called “Partner Services” in our Enterprise Terms). When you link these Third-Party Apps to your Hootsuite account, you allow those Third-Party apps to access and process Content. The Content that flows through our Services may include personal information of all types, including but not limited to the following categories:
- user generated content (such as messages, posts, comments, pages, profiles, images, feeds or communications exchanged on the Social Networks)
- contact details (such as name, email address, telephone number)
- additional individual information (such as age, gender, employer, profession, geographic location, education information, financial status, habits and preferences)
- information relating to an individual’s real time location
As the user, you are the data controller of your Content and we are the data processor for such Content. Where we process Content, we do so at your direction and on your behalf in accordance with the instructions you give us through the Services. When you connect your social media accounts through our Services, we only access, process, and use the Content to provide our Services subject to the Terms and the various terms and conditions imposed by the Social Networks. We may, in limited circumstances process Content for the purposes of improving the Services and functionalities users ask for as part of their Hootsuite experience.
If you are using the Services by invitation of a Hootsuite customer, whether that customer is your employer, another organization, or an individual, that customer determines its own policies regarding storage, access, modification, deletion, sharing, and retention of Content, which may apply to your use of the Services. Please check with the customer about the policies and settings it has in place.
Third-Party Apps and Social Networks
The Hootsuite Services enable an ecosystem where you can choose to connect your Hootsuite account with Social Networks, and to Third-Party Apps. If you choose to send your Content to a Social Network and/or a Third-Party App, Hootsuite is no longer responsible for that Content from the point in time that it leaves Hootsuite’s Services. Instead, the Content will be in the control of the third party, and the relevant third party’s terms and privacy policy will apply. For example, if you use Hootsuite to post a message on Twitter, Twitter’s privacy policy and terms of service will apply to that message on Twitter's server, or if you export Content from Hootsuite to a third party service like Google Drive, Google Drive’s terms and privacy policy will apply to that exported content. While we attempt to facilitate access only to those Social Networks and Third-Party Apps that share our respect for your privacy, we cannot take responsibility for the Content or privacy policies of any Social Networks or Third-Party Apps. We encourage you to carefully review the privacy policies of any Social Networks or Third-Party Apps you access via the Services.
Access, correction, and deletion of Content
You should be aware that Hootsuite acts as a conduit between you and the various Social Networks and Third-Party Apps. In several instances, the Content published via Hootsuite will not be in Hootsuite’s custody, and any Content that has been shared by you through any Social Networks or Third-Party Apps via the Services may continue to be available to third parties and the public at large, as this Content is now under the control of the operators of the Social Networks and/or the Third-Party Apps.
An individual who seeks access to, or who seeks to correct or, amend inaccuracies in, or delete Content stored or processed by us on behalf of a user should direct his/her query to the Hootsuite user (the data controller) or to the Social Networks or Third-Party App developer. Upon receipt of a request from one of our users for us to remove the data, we will respond to their request within thirty (30) days. Please note however that we may need to retain certain information on our systems for as long as you maintain an account for our Services, for record keeping purposes, to comply with our legal obligations, to resolve disputes, enforce our Terms, orr as required or authorized by applicable law. Please refer How Long We Keep Personal Information section below for further detail.
For our users with a principal location in the EEA or otherwise subject to the General Data Protection Regulation (GDPR)
Under EU law, Hootsuite is a data processor of Content generated, requested or published via Social Networks. We process this Content in accordance with the instructions of our users. Because our users control how their Content is collected and used by them, our users are, in legal terms, the controllers of the Content that they process through our Services and are responsible for complying with applicable data protection laws, including the GDPR.
To facilitate the lawful processing of your Content through the Services, Hootsuite makes available to its users a data processing agreement as an addendum to their existing Hootsuite agreement (“Data Processing Addendum”). This Data Processing Addendum implements the GDPR’s Article 28 terms for processors and also incorporates the European Commission’s Standard Contractual Clauses (processors) of 2010 (also known as “model processor clauses” or "SCC 2010”) to facilitate the lawful transfer of Content that contains personal information from the EU to outside of the EU, where necessary and as required. More information regarding International Transfers is set out below.
The Data Processing Addendum is available for all of our users here. If you would like to incorporate the Data Processing Addendum into your existing agreement with Hootsuite, please sign Hootsuite’s Data Processing Addendum and return it to us via email. If you have any questions, please feel free to contact our privacy team.
Privacy Information that applies to both Account Data and Content
When we may share personal information
Except as provided in this privacy notice, Hootsuite does not share any personal information gathered via the Services with third parties. We may however share Account Data or Content under the following circumstances:
- with your consent or at your direction, such as when you connect a Social Network to our Services or authorize a Third-Party App to access your account
- with service providers (including payment processors) we engage to perform functions or provide services to us, where those service providers are subject to obligations that are consistent with this privacy notice and to appropriate confidentiality and security measures
- with Hootsuite’s authorized resellers if you purchase the Services from an authorized Hootsuite reseller who you authorize to access and process your personal information in order to support your use of the Services
- where we believe that it is reasonably necessary to comply with a law, regulation or if we are otherwise legally required to do so, such as in response to court orders or legal process, or to establish, protect, or exercise our legal rights or to defend against legal claims or demands
- if we believe it is necessary in order to investigate, prevent, or take action against illegal activities, fraud, situations involving potential threats to our rights or property (or to the rights or property of those who use our Services), or to protect the personal safety of any person
- if we believe it is necessary to investigate, prevent, or take action regarding situations that involve the security of our Services, abuse of the Services infrastructure, or the Internet in general (such as voluminous spamming, denial of service attacks, or attempts to compromise the security of the Services)
- to a parent company, subsidiaries, joint venture, or other companies under common control with Hootsuite
- if we are acquired by or merged with another entity (in which case we will require such entity to assume our obligations under this privacy notice), if we are involved in a bankruptcy, or if the ownership or control of all or part of our Services or their assets changes
How long we keep personal information
We retain your Account Data for as long as necessary to provide the Services you have requested, or for other essential purposes such as complying with our legal obligations, resolving disputes, or enforcing our Terms.
We retain Content for as long as needed to provide the Services, or until you ask us to delete it pursuant to the Terms. We retain and use this Content as necessary to comply with our legal obligations, resolve disputes, and enforce the Terms.
Please note that certain personal information may need to be retained by Hootsuite for a period of time following the cancellation of your account where this is necessary for our legitimate business purposes or required or authorized by applicable law. Our specific retention periods for personal information are documented in our internal retention policies and any applicable retention schedules that we maintain as required by applicable law.
After it is no longer necessary for us to retain your personal information, we will dispose of it in a secure manner, according to our data retention and deletion policies.
How we protect personal information
Hootsuite follows industry best practices to protect personal information from loss, misuse, and unauthorized access or disclosure. These steps take into account the sensitivity of the Account Data and Content we collect, use, process and store, and the current state of technology.
To learn more about our current practices and policies regarding security and confidentiality of personal information please see our Security Practices page.
International transfers
Hootsuite Inc., the entity which provides the Services, is a Canadian company with its head-office located in Vancouver, British Columbia. For the purposes of EU data protection law, Canada is considered a country which provides adequate protections for personal information, as confirmed by the European Commission in Commission Decision 2002/2/EC.
The Services are mainly provided from our offices in Canada. Hootsuite uses third-party service providers (such as managed hosting providers, card processors, CRM systems, sub-processors of Content and technology partners) to provide the necessary software, networking, infrastructure and other services that we use to operate the Services. These third party providers may process, or store, personal information on servers outside of the EEA, including in Canada or the US.
Also, by the very nature of the Services provided, the data that is viewed, collected, stored or posted on or through the Services also needs to flow from wherever you are located in the world, to where our Social Networks are storing the same data (i.e. in most cases, in the United States).
Whenever we transfer personal information from data subjects located in the EEA to a third-party service provider located in a country that has been deemed inadequate, whether that personal information is contained in Account Data or in Content, we do so with and approved legal adequacy mechanisms in place. For any transfers of personal information to the US, we rely on either the third-party’s registration in the EU-US Privacy Shield or on the implementation of the EU’s Standard Contractual Clauses.
By using any of the Services, or submitting or collecting any personal information via the Services, you authorize Hootsuite and its authorized service partners to use and process Content and Account Data (including any personal information) in these countries.
Cookies and similar technologies
When you visit or interact with our Services, we, Third-Party Apps or our authorized third party services providers may use cookies and other similar technologies to help us provide you with a better, faster, and safer experience, and for advertising and marketing purposes. We may collect some personal information via these Cookies. You can get more details on our use of cookies and similar technologies in our full Cookie Notice.
Choices
Processing of Content
When we receive or access data from our various Social Networks, we do so at your request and within each Social Network’s terms and conditions. As our user, you ultimately decide which Social Networks or Third-Party Apps you want our Services to connect with and which Social Networks and/or Third-Party Apps you want to share your data with. We process your Content, at your instruction, acting as a conduit between you and the Social Networks that you connect to our Services.
Marketing Emails
You may opt out of marketing communications sent by Hootsuite by managing your email preferences on our Preferences Management page, or by following the unsubscribe instructions included in each marketing email.
Customize Advertising
We may use Account Data to customize advertising that we direct to you, utilizing third parties. The Network Advertising Initiative has developed a tool that may help you understand which third parties have currently enabled cookies for your browser and opt-out of those cookies. For more information and to opt-out of customized advertising, you can go to http://optout.networkadvertising.org/?c=1#!/
Children
Our Services are not intended for use by children and should only be accessed by individuals of at least 18 years old.
Changes to this Privacy Notice
Hootsuite reserves the right to make changes to its privacy notice at any time. Innovation in software happens quickly and laws, regulations and industry standards evolve, which may make those changes necessary, or we may make changes to our business. If we do make changes to the privacy notice, we will post them to this page, so we encourage you to stay informed by checking back here periodically.
Contacting us
Hootsuite is headquartered in Vancouver, British Columbia, in Canada. You can contact our Privacy Team via email
Or via mail:
Hootsuite Privacy Team
c/o Hootsuite Inc.
5 East 8th Avenue
Vancouver, BC V5T 1R6
© Hootsuite Inc. 2018