May 23, 2018
Write to Us
134 Amoy Street,
#02-01, Far East Square,
By using our website and/or our Haven products and service (collectively, the “Services”) you consent to the collection and use of information as set forth in this Policy.
“Haven” means Haven, Inc., and its affiliates (which may be referred to as “us”).
This document describes Haven’s policy for handling, processing, storing, and otherwise treating personal data, whether you are using the Services on behalf of a company or organization (“Your Organization”) or merely browsing the Services.
Personal Information Handling and Privacy
The information we gather from users enables us to personalize and improve our Services, and allows our users to set up a user account and profile that can be used to personalize their experience on the Services.
“Personal Information” is a person’s name and information associated with his or her personal identity, including attributes designated as Personal Data under the data protection law applicable to Your Organization’s use of the Services. Personal Information, such as name, business address, and business email may be required for use of some features of the Services. If you do not want to provide Personal Information to Haven or wish to have Haven remove your Personal Information from the Services, please contact Your Organization’s Haven account administrator to find out if there is an optional way for you to perform the applicable business function without submitting Personal Information.
“Sensitive Personal Information” means government identification numbers or financial account numbers associated with individual persons (e.g. U.S. Social Security numbers, driver’s license numbers, or personal credit card or banking account numbers), and medical records or health care claim information associated with individuals, including claims for payment or reimbursement for any type of medical care for an individual.
Use of Personal Information by Haven
Haven will treat Personal Information as confidential (unless you or your account administrator determine otherwise in the Services) and will process the data according to the lawful and technically feasible instructions of Your Organization, as applicable within the scope of the Services. This statement and the Services documentation are considered part of such instructions.
Haven will use Personal Information for the following limited purposes, to: facilitate operation of the Services and its related services; enhance use of the Services and its related web pages; perform internal tracking and Services improvement; enable Haven to contact you; process requested transactions through the Services (including use of templates and document creation); and analyze the volume and history of a company’s Services usage.
Use of Tracking Technologies Including Cookies
Visibility of Personal Information within the Services
If You (or Your Organization’s account administrator) may provide your business contact information to trading partners, potential trading partners, or to others if you are serving as a company contact for Your Organization.
By submitting Personal Information to the Services, you are consenting to Haven’s collection, processing, storage, and use of that information in accordance with this policy. Before providing Personal Information to the Services, such as providing a companywide contact for your company or organization, obtain the legal entity’s or individual’s consent for the collection, transfer, processing, and use of that information in accordance with this policy and privacy law applicable to your organization. As a user of the Services, and subject to the roles you hold and your notification settings, you may be required to receive certain administrative notices from Haven.
Correcting Account Information (Exercising Your Right to Access Personal Information)
We believe you should have the ability to access, edit, and delete the Personal Information that you have provided to us and encourage you to promptly update your Personal information if it changes. You may change any of your Personal Information in your Account online at any time by:
- Logging in in accordance with instructions posted elsewhere in the Services.
- Contacting us with a request to update, review, or delete Personal Information at the support email found at the end of this Policy. We may decline requests that are unreasonably repetitive, require disproportionate technical effort, jeopardize the privacy of others, or are extremely impractical.
Deletion of your Personal Information may require approval by your employer (e.g. expense report data) and may require Haven assistance. Some requests to delete data must be made to Haven through the administrative contact for your company.
Haven may refuse to give access to the Services for legitimate reasons including delinquent payments on the account, a legal dispute, or security concerns. If you are unable to correct, update, or delete your personal information due to the fact that you are no longer an employee of the business that is the account holder, or your account has been terminated, you may contact the Haven at the address provided below. In each case, Haven will take reasonable measures to accommodate your request or respond in writing with the legal basis for denying the request within thirty (30) days.
Disclosure by Haven to Third Parties
Haven does not provide your Personal Information to third parties, except as described elsewhere in this policy and in our contracts with our customers, unless (1) you (or Your Organization’s account administrator acting on your behalf) request or authorize it; (2) such disclosure is necessary to process transactions or provide services which you have; (3) Haven is compelled to do so by a governmental authority, regulatory body, or under subpoena or similar governmental request or to establish or defend a legal claim; (4) the third party is acting as our agent or sub-contractor in performing services (e.g., Haven’s use of a third party telecommunications provider); or (5) you designate your Personal Information to be publicly viewable in the Services. All companies that act on our behalf or in conjunction with Haven in this manner are required to safeguard Personal Information and respect Haven opt-out procedures.
Haven will retain Personal Information in active databases for varying lengths of time depending upon the specific Services, type of data, and applicable law in accordance with the agreement between Haven and your organization. The policy regarding data retention for each Services is set forth in the documentation or terms for each Services. Consistent with Haven’s backup and storage procedures and due to the close integration of data with the Services, Personal Information might be stored by Haven in backup logs and files for the duration necessary to comply with legal requirements, resolve disputes, enforce our agreements or for the purposes described in this policy. However, Haven makes no commitment to indefinitely store such data.
Changes to this Policy
From time to time Haven will need to make changes to this policy. Some of the changes will be in response to changes in applicable laws and regulations. In addition, as Haven adds new features and new services to the Services, Haven will continue to handle Personal Information consistently with this policy, but some changes or clarifications may be required. If Haven seeks to make a material change to Haven’s policy to allow use of Personal Information for a new, legitimate business purpose, Haven will document the change to this policy, note the date of the last update at the end of the policy. You are encouraged to check this policy occasionally to stay informed of any changes in our policies and procedures regarding Personal Information. For substantial and material changes to this policy, Haven will use reasonable efforts to provide notification to all affected users and suggest that such users review the updated policy.
Fair Information Practice Principles
The Federal Trade Commission created the Fair Information Practice Principles as a result of the Commission’s inquiry into the manner in which online entities collect and use Personal Information and safeguards to ensure that such practices are fair and provide adequate privacy protection. We take our own self-regulation very seriously and support your rights as a consumer to causes of action against disreputable and unprincipled data collectors and users. Consistent with the Federal Trade Commission’s Principles, and in the event of a data breach, we will do the following:
- Notify users by posting a notice on the Haven website within 5 business day(s).
Children’s Online Privacy Protection
Our Services are not designed or intended for use by children under 13. If you are under 18, you should not use the Services. Children under 13 may not submit any personally identifiable information to us, and if we discover that we have inadvertently gathered any such information from a child under 13, we will take appropriate steps to delete it. If you are the parent or guardian of a person under the age of 13 who has provided personally identifiable information to us, please inform us by contacting us email@example.com and we will remove such information from our database. If you are concerned about your children’s use of the Platform, you may use web filtering technology to supervise or limit access to the Services. visit www.OnGuardOnline.gov for tips from the Federal Trade Commission on protecting kids’ privacy online.
How we comply with the CAN-SPAM Act
The CAN-SPAM Act is US legislation that regulates commercial emails with strict penalties for those who send emails with materially false or misleading content or fail to provide recipients of commercial emails with an opportunity to decline them.
We only collect your Personal Information for the purposes which we outlined in this Policy and we will do the following:
- NOT use false or misleading information in the subject line or body of our emails.
- Identify messages as advertisements by using the label “advertisement” in a conspicuous manner.
- Monitor third party email marketing services, if one is used.
- Provide accurate “From” fields so that users know who is sending the email.
- Provide visible and operable unsubscribe mechanisms in all of our emails.
- Include our physical address in the body of our emails.
- Honor any opt-out requests to our emails within 10 business days.
- Refrain from using harvested email addresses.
If you have questions about this policy, please send an e-mail to Feedback@haveninc.com Attn: Haven Privacy Coordinator, or send written correspondence to Haven Privacy Coordinator, Legal Department, Haven, Inc., 25 Kearny Street, San Francisco, CA 94108, USA. If you have questions or concerns regarding the Personal Information Handling and Privacy section of this policy, you should first contact your company’s administrator or the Haven Privacy Coordinator listed above (firstname.lastname@example.org). If you do not receive acknowledgment of your inquiry or your inquiry has not been satisfactorily addressed, you should then raise your complaint to Haven’s Privacy Coordinator or your local data protection authority.