Organisation Privacy Policy

Hivepass Privacy Policy

This Privacy Policy provides information to organisations (such as trail associations and clubs) regarding our policies for the collection, use, and disclosure of personal information.

Hivepass Administration

Organisations (such as trail associations and clubs) may choose to use our services to manage and interact with their members. In order for an organisation to use our services, the organisation will require an admin user to create and maintain an account with Hivepass. The admin user will need to provide the following information to us so that we can create the account and communicate with them:

• Name
• Email address
• Profile picture (optional)
• Device information

If an admin user of an organisation stops representing the organisation, then the organisation should appoint a new admin user; set up a new admin user account with Hivepass by providing the information for the new admin user; and delete the previous admin user’s account.

Organisations and Users

Users of Hivepass can choose to join one or more organisations using the Hivepass application. When a user chooses to join an organisation on Hivepass, the relevant account data of the user will be shared with that organisation.

Each organisation’s privacy policy will apply to its collection, use and disclosure of personal information about its members including any personal information about its members that it receives through Hivepass. We recommend each organisation has a privacy policy and that it is maintained and shared with its members.

If a user leaves an organisation on Hivepass, the user’s account data relevant to that organisation will be removed from Hivepass, however an organisation may retain a copy of the data independent of Hivepass including transactional payment data.

Organisation Waivers

Organisations can require a waiver from its members. If an organisation requires a waiver from a member who is a child then the organisation can require information about the member’s guardian and the guardian’s consent to the waiver on behalf of the child.

Third Party Integrations

Organisations have the option to integrate Hivepass with third party software. If an organisation enables such an integration, the organisation can share the personal information of its members with the third party. Third party integrations are disabled by default in Hivepass and each organisation can decide whether to enable and use one or more third party integration.

The third party integrations that are currently available to organisations to enable, and what data may be shared by the organisation with the third party if the integration is enabled, are:

1. Mailchimp - Mailchimp is a marketing platform and can be used by organisations to communicate with its members by email. An organisation may share the following data about its members with Mailchimp if it enables this integration: name, email, membership status. Mailchimp privacy policy.

2. WIX - WIX can be used by organisations to communicate with its members by email. An organisation may share the following data about its members with WIX if it enables this integration: name, email, membership status. WIX privacy policy.

3. Mountain Bike New Zealand (MTBNZ) - MTBNZ affiliated organisations may turn on this integration to submit their yearly affiliation data. If an organisation completes an affiliation submission, the organisation can choose which data about its members will be shared with MTBNZ. An organisation may share the following data about its members with MTBNZ if it enables this integration: name, email. MTBNZ privacy policy.

This list is subject to change, and we recommend regularly reviewing it for updates.

We recommend that each organisation’s privacy policy identifies and explains to its members which third party integrations it has enabled and what personal information of its members may be shared with the third party.

We also recommend that each organisation reviews and keeps up to date with the privacy policy of each third party that it integrates with.

Third Party Service Providers

We rely on and use third party services to operate our business and to deliver our service. We therefore may need to share personal information with those third party service providers for our legitimate business purposes and to deliver our service.

The third party services that we currently use, and what data may be shared with each of them, are:

●        Google Cloud - We use Google Cloud for cloud data storage and application hosting - Any data entered into Hivepass will be stored on Google Cloud. All data is stored on Google Cloud Platform servers which are physically located in the United States of America.

●           Stripe - We use Stripe for payment processing - We may share the following data about users: name, email, credit card / payment information. We do not store or retain any user credit card information. Stripe may retain user credit card information. Users may also delete it. Stripe has been audited as a PCI Service Provider Level 1.

●       Usermaven - We use Usermaven for user behavioral analytics to help us improve our service - We may share the following data about users: name, unique identifier, membership status.

●       Sentry - We use Sentry to identify, monitor, and alert us if there are errors, bugs, or other performance issues occurring in our applications - We may share the following data about users: name, email, membership status.

●       Hotjar - We use Hotjar for user analytics for product improvements. Hotjar records anonymous admin user sessions to analyze application usage and improve user experience.

●       OpenAI - We use OpenAI to generate content for users, such as news posts or reminder emails. OpenAI may use user data to create relevant and personalized content. No member data is shared with OpenAI.

●       HelpScout - We use HelpScout for providing user help documents and support - HelpScout is used to manage support tickets, user queries, and access to help documentation.

This list is subject to change, and we recommend regularly reviewing it for updates.

We recommend that each organisation’s privacy policy identifies and explains to its members that third party service providers may be used by Hivepass and what personal information may be shared with the third party service providers.

We also recommend that each organisation reviews and keeps up to date with the privacy policy of each third party service provider.

We may use third party service providers for various reasons including to:

• Facilitate the provision, maintenance and improvement of our services
• Provide services or functionality on our behalf
• Perform service-related activities and transactions
• Assist us in analyzing how our service is used

Data Security

All data communication is encrypted over https. We restrict access to data to those with a valid operational need which includes Hivepass staff and contractors. Please remember that no method of transmission over the Internet, or method of electronic storage is 100% secure and reliable, and we cannot guarantee its absolute security.

Use of Data

Hivepass uses personal information for various purposes including to:

• Provide, maintain and improve our services
• Provide organisations and users with information about our services and changes to our services
• Provide organisations and users with customer support
• Monitor the usage of our services
• Detect, prevent and address technical issues
• Provide user data to organisations that they join
• Conduct research and development activities

We may share aggregated, anonymized data with third parties.

We may process your personal information under one or more of the following legal bases: a user or an organisation consents; contract (where we provide services to users or organisations); legitimate interest to promote our business and develop our customer relationships; or legal obligation, where we have a legal requirement to do so.

Links to Other Sites

This service may contain links to other sites. If you click on a third-party link, you will be directed to that site. Note that these external sites are not operated by Hivepass. Therefore, we recommend you to review the privacy policy of the third-party prior to sharing any personal information with them. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

Cookies

Cookies are files with a small amount of data that are commonly used as anonymous unique identifiers. These are sent to your browser from the websites that you visit and are stored on your device's internal memory.

This service does not currently use cookies. However, the Hivepass application may use third party code and libraries that use cookies to collect information and improve their services.

You have the option to know when a cookie is being sent to your device and either accept or refuse the cookie. If you choose to refuse cookies, you may not be able to use some portions of our or third-party services.

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We advise you to review our Privacy Policy periodically for any changes. By continuing to use our service after changes are posted, you agree to the updated Privacy Policy. Our Privacy Policy is incorporated into and forms part of our agreement with you.

Contact Us

You have the right to ask for a copy of any personal information we hold about you, and to ask for it to be corrected if you think it is wrong. If you'd like to ask for a copy of your information, or to have it corrected, please contact us at support@hivepass.app.

If you have any questions about our Privacy Policy, do not hesitate to contact us at support@hivepass.app.