BrandHouse Privacy Policy

  1. Who are we
    1. This website is operated by BrandHouse Inc. (“BrandHouse”“we” or “us”). BrandHouse Holding Ltd  | 3rd floor, 12 East Passage | EC1A 7LP London | UK. We make certain software applications and platforms available to customers on our Site for the purposes of providing a business network and supporting the exchange of business documents between each customer (the “Services”).
    2. Our privacy policy and terms of use (respectively referred to from now on as the “Privacy Policy” and the “Terms of Use”) apply when you use our website (BrandHouse.com) (“our Site”). Please read the Privacy Policy and Terms of Use carefully before you start to use our Site. By using our Site, you indicate that you accept the Privacy Policy and Terms of Use and that you agree to abide by them. If you do not agree to them, please refrain from using our Site.
  2. Defined terms used in privacy policy
    1. “Software” means any software accessible on our Site for the use of Users (whether free or if payment is required).
    2. “User” means any person using our Site or the Software (whether that person has paid for such use or not) and “Users”, “you” and “your” shall be construed accordingly.
    3. the Act” means the Data Protection Act 1998.
  3. Introduction to privacy policy
    1. BrandHouse respects your privacy and is committed to protecting your privacy and confidential information. This Privacy Policy (together with our Terms Of Use and any other documents referred to in it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we, as data controller of your personal data that you provide to us, will treat it.
  4. Information we may collect from you, why we need it and how we use it
    1. We may collect and process the following data about you:
      1. When you visit our Site: Our cockie policy  explains what data we collect from you and what we do with it when you browse through our Site (e.g. your IP address).
      2. When you register on our Site:
        1. What data we collect: When you register on our Site we will collect your username, country of business and email address.
        2. Why we need this data: We will need your username in order to authenticate your user account so that you can benefit from our Services. We will need your email address to send you an activation link to your profile so that you can receive business documents and network requests. We will also need your email address in case you forget your password or wish to receive emails from us with news about our services or changes to any of our policies or terms and conditions. Your IP address is logged by us so that we can prevent any spam, fraud or abuse of our Site. We will store this data only for as long as necessary for the purposes of the Services, unless we are required, for legal reasons or under exceptional circumstances, to retain this data for an extended period.
        3. How we use this data: We will not share your login data (your username, email address, password and IP address) with anyone except in the circumstances referred to in Clause 8 (Disclosure of Your Information).
        4. From time to time we may email you news, updates and sales offers which you can easily opt out of receiving by clicking “unsubscribe” in the relevant email.
      3. When you contact us or submit comments on our Site:
        1. If you submit comments on our Site or contact us for any reason we may store these communications for as long as necessary for the purposes of improving the Services we offer, unless we are required, for legal reasons or under exceptional circumstances, to retain this information for an extended period. Our comments service is run by Disqus and when you submit comments to us they will be received and stored by Disqus under the terms of Disqus’ privacy policy.
  5. Cookies
    1. We may obtain information about your general internet usage by using a cookie file which is stored on your browser or the hard drive of your computer. Cookies are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. The cookies we use are essential for our Site to enable us to:
      1. Estimate our audience size and usage pattern;
      2. Store information about your preferences, and so allow us to customise our Site and to provide you with offers that are targeted at your individual interests;
      3. Recognise you when you return to our Site;
      4. Allow you to use our Site in a way that makes your browsing experience more convenient, for example, by allowing you to store details of invoices you have been using as part of our Services. If you register with us or complete our online forms, we will use cookies to remember your details during your current visit, and any future visits provided the cookie was not deleted in the interim; and
      5. Allow selected third parties (such as Google) to target specific marketing material to you based on your browsing history preferences.
    2. You can block cookies by activating the setting on your browser which allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be to access all or parts of our Site. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies as soon you visit our site.
    3. Except for essential cookies, all cookies will expire after 2 years. For guidance on when Google’s cookies will expire, please see Google’s privacy policy.
  6. Where we store your personal data
    1. All information you provide to us is stored on our secure servers. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
    2. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
  7. Updating your personal data
    1. We will need you to help us ensure the Personal Data you provided to us is accurate and up to date. If you wish to correct and update any of your Personal Data, you may do so by updating the Personal Data through the preferences available in your account.
    2. If you want to delete your account, you may do so by deleting your profile from the preferences page in your account. Upon deletion of your account, we will store your Personal Data for the duration set out in Clause 4.1.2.2.
  8. Information Sharing
    1. Onward transfers. In the event of onward transfers of personal data, BrandHouse retains responsibility for ensuring that any further processing of data by third parties acting on our behalf do so in a manner that is consistent with the Privacy Shield principles unless we prove that we are not responsible for the event giving rise to damage.
    2. Service Providers. We engage service providers to perform functions and provide services to us. Where allowed by law, we may share your private personal information with such service providers subject to obligations consistent with this Privacy Policy and any other appropriate confidentiality and security measures, and on the condition that the third parties use your private personal data only on our behalf and pursuant to our instructions.
    3. Authorized Personnel. Our employees, agents, consultants, contractors, or other authorized personnel, may have access to user information as necessary in the normal course of our business.
    4. Business Transfers. In some cases, we may choose to buy or sell assets. In these types of transactions, user information is typically one of the business assets that is transferred. Moreover, if the Service or BrandHouse, or substantially all of its assets, were acquired, liquidated, or dissolved, user information would be one of the assets that is transferred.
    5. Government, Law Enforcement or Third Parties. We may disclose  information, including, without limitation, Personal Information to comply with applicable laws, regulations, legal processes or governmental requests.  We reserve the right to disclose a user’s Personal Information if we believe, in good faith, that the user is in violation of the Terms of Service, even without a subpoena, warrant or other court order.
  9. Choice and Opt-Out. We provide you the ability to exercise certain controls and choices regarding our collection, use and sharing of your information.
    1. Choice. In accordance with local law, your controls and choices may include:
      1. You may correct, update and delete your account information, as described below;
      2. You may change your choices for subscriptions and newsletters;
      3. You may choose whether or not to receive offers from us;
      4. You may choose whether you received targeted advertising from us or our partners.
    2. Opt-out. We may also use tracking technologies to collect information about your visits over time and across third-party services or other online services. The Network Advertising Initiative (the “NAI”) is a cooperative group of ad serving providers. The NAI has developed a set of privacy principles to which its members adhere. The NAI is committed to providing consumers with clear explanations of Internet advertising practices and how they affect you and the Internet generally. For more information about the NAI, third party ad servers generally and the opt-out options offered through the NAI, visit http://www.networkadvertising.org/index.asp.
  10. Access and Correcting Your Information
    1. If you have a BrandHouse account, you can help ensure that your contact information and preferences are accurate, complete, and up to date by logging in to your BrandHouse account or by emailing us at support@BrandHouse.com. For other personal information we hold, we will provide you with access for any purpose including requesting that we correct the data if it is inaccurate or delete the data if we are not required to retain it by law or for legitimate business purposes. We may decline to process requests that are frivolous/vexatious, jeopardize the privacy of others, are extremely impractical, or for which access is not otherwise required by local law.
  11. Security of Your Information.
    1. Security Measures. We have put in place physical, electronic, and managerial procedures designed to help prevent unauthorized access, to maintain data security, and to use correctly the information we collect online. These safeguards vary based on the sensitivity of the information that we collect and store.
    2. No Security Guarantees. Although we take appropriate measures to safeguard against unauthorized disclosures of Information, we cannot assure you that Information will never be disclosed, altered or destroyed in a manner that is inconsistent with this Privacy Policy.
  12. Changes to the Privacy Policy. Although most changes are likely to be minor, we may change our Privacy Policy from time to time, and in our sole discretion. We encourage visitors to frequently check this page for any changes to the Privacy Policy. Your continued use of the Service after any change in this Privacy Policy will constitute your acceptance the changes.
  13. California Privacy Rights and Do Not Track Disclosures. If you are a California resident, you may have certain additional rights.
  14. Privacy Rights. California Civil Code Section 1798.83 permits you to request information regarding the disclosure of your Personal Information by us to third parties for the third parties’ direct marketing purposes. California Business and Professions Code Section 22581 permits registered users who are minors to request and obtain deletion of certain posted content. To make any such requests, please email us at support@BrandHouse.com or contact us at the address below.
  15. Do Not Track Disclosures. California Business & Professions Code Section 22575(b) (as amended effective January 1, 2014) provides that California residents are entitled to know how BrandHouse responds to “Do Not Track” browser settings. We do not currently take action to respond to Do Not Track signals because a uniform technological standard has not yet been developed. We continue to review new technologies and may adopt a standard once one is created.
  16. Users From Other Jurisdictions. By using the Service, you acknowledge that you accept the practices and policies outlined in this Privacy Policy and consent to having your data transferred to and processed on computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those in your jurisdiction. If you do not accept this Privacy Policy, please do not use the Service. The Service is controlled and operated by BrandHouse from the United States. If you are not a resident of the United States or you are located outside the United States and choose to use the Service or provide information to us, please note that we may transfer the information, including Personal Information, to the United States and process it there.
  17. Acceptance of this Privacy Policy, followed by your submission of such information represents your agreement and consent to that transfer. We do not represent or warrant that the Service, or any portion thereof, are appropriate or available for use in any particular jurisdiction. Those who choose to access the Service do so on their own initiative and at their own risk, and are responsible for complying with all local laws, rules and regulations. You also are subject to United States export controls in connection with your use of the Service and are responsible for any violations of such controls, including, without limitation, any United States embargoes or other federal rules and regulations restricting exports. We may limit the availability of the Service, in whole or in part, to any person, geographic area or jurisdiction that we choose, at any time and in our sole discretion.
  18. Users from Switzerland and the EU with Privacy Shield compliance BrandHouse complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States.  The Federal Trade Commission has jurisdiction over BrandHouse’s compliance with the Privacy Shield.  BrandHouse has certified to the Department of Commerce that it adheres to the Privacy Shield Principles.  If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.  To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.
  19. In compliance with the Privacy Shield Principles, BrandHouse commits to resolve complaints about our collection or use of your personal information.  European Union or Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact BrandHouse’s Data Protection Officer at: dpo@BrandHouse.com
  20. Under certain conditions, individuals may invoke binding arbitration for complaints regarding Privacy Shield compliance not resolved by any of the other Privacy Shield mechanisms.  For more information see https://www.privacyshield.gov/article?id=ANNEX-I-introduction.  BrandHouse has further committed to refer unresolved Privacy Shield complaints to JAMS ADR, an alternative dispute resolution provider located in the US. If you do not receive timely acknowledgment of your complaint from us, or if we have not resolved your complaint, please contact or visit JAMS ADR for more information or to file a complaint.  The services of JAMS ADR are provided at no cost to you.  You can file a complaint here: https://www.jamsadr.com/file-an-eu-us-privacy-shield-or-safe-harbor-claim
  21. Contact Information. If you have any questions, feedback or to report a violation regarding the Privacy Policy, you may email us at support@BrandHouse.com or contact us by mail addressed to:BrandHouse Inc.612 Howard Street, Suite 100 San Francisco, CA 94105

 

 

Your Privacy Matters to Us

At BrandHouse, ensuring the security and privacy of the data you’ve trusted us with is a top priority throughout the company. Those efforts include compliance with the European General Data Protection Regulation (GDPR) that goes into effect on May 25th, 2018. The GDPR is a comprehensive European privacy law designed to ensure transparency, accountability, purpose limitation, accuracy, integrity and confidentiality and is core to the controls and processes we have in place to ensure we handle and process your data in accordance with your wishes.

Our Commitment to Data Security

Security and confidentiality of our customers’ data has been central to the design and operation of the BrandHouse Platform since inception. Our rigorous and ever-expanding compliance program includes 3rd party audits that enable us to provide our customers reports validating the security of the platform with standards such as SOC 1 Type II, SOC 2 Type II, ISAE 3402 Type II, Payment Card Industry (PCI-DSS) Level 1 and ISO 27001. BrandHouse is also a certified under the EU-US Privacy Shield program which covers cross-border data transfers to the US and was similarly certified under the preceding program, the US-EU Safe Harbor. More information about our participation in this program can be found in our privacy policy.

If you would like to submit a request related to your personal data, you may email DPO@BrandHouse.com

BrandHouse GDPR efforts

We have numerous changes to our internal processes, policies and products currently underway to further strengthen our comprehensive data privacy and compliance programs. Our goal is to ensure that our customers feel confident with BrandHouse as a trusted data processor. Some of the major changes already done and which will be in place before May 25, 2018 include:

  • Building a universal Data Governance service on the platform to ensure consent is captured globally across the platform and commercial sites.
  • Company-wide and department-specific data protection training for all BrandHouse employees.
  • Documenting all external services in use companywide and ensuring compliance and transparency where data is shared.
  • Updates of our privacy policy and terms of service to reflect changes related to GDPR.
  • Building internal policies covering requests for information, the ability to correct personal information and likewise, to delete it.

Summary

BrandHouse is constantly evolving and expanding our security and compliance offerings to ensure an ever greater level of comfort and assurance to all users. We look forward to being a strong partner as you manage your ever growing global supply chain. If you have additional questions about BrandHouse’s privacy or security practices or want to obtain an update on our progress, please contact your sales representative for more information.