Updated: February 3, 2020
1.1 Our Commitment to Protecting Your Privacy
“collection” – means the act of gathering, acquiring, recording, or obtaining Personal Information from any source, including sources other than the Individual to whom the Personal Information belongs.
“Consent” – means voluntary agreement to the collection, use or disclosure of Personal Information.
“Customer” – means an entity that has entered an agreement to receive Content Moderation Services from Two Hat.
“disclosure” – means making Personal Information available outside Two Hat.
“End User” means our Customer’s end users;
“identified purposes” – means the purposes identified in this Policy.
“include” or “Including” – means including but not limited to.
“Individual” – means any natural person.
“Personal Information” – means information about an identifiable Individual. Personal Information does not include information that cannot be associated with a specific Individual and, where permitted by Privacy Legislation, does not include business contact information when such information is being collected, used or disclosed for purposes authorized by Privacy Legislation.
“Privacy Legislation” – means applicable laws that govern the collection, use, and disclosure of Personal Information, which may include the EU General Data Protection Regulation (“GDPR”) or California Consumer Privacy Act (“CCPA”)..
“Privacy Officer” – means the Privacy Officer of Two Hat as identified in section 8.2 of this Policy.
“Content Moderation Services” – means content moderation services provided to Customers by Two Hat, which may be provided through Community Sift software.
“Two Hat”, “we”, “us”, or “our” – means Two Hat Security Ltd. and its respective partners, associates, and affiliates, as they may exist from time to time.
“use” – means the treatment, handling, management and retention of Personal Information.
Two Hat is a SaaS company that builds systems that detect high-risk content for online games, social networks, messaging apps, and more. Two Hat provides Content Moderation Services to its Customers and processes Personal Information of End Users while doing so. Two Hat also collects and processes Personal Information directly from its web users. This Policy applies to “Two Hat” as defined in section 1.2 above.
This Policy does not impose limits on the collection, use or disclosure of Personal Information without consent where that collection, use or disclosure is in accordance with or otherwise authorized by the Privacy Legislation or other applicable law.
Some examples of our collection, use and disclosure include the following.
2.1 Content Moderation Services
We may collect, use and disclose Personal Information to provide Content Moderation Services to our Customers. This allows our Customers to classify their online communications based on a variety of contexts. In this context we act as a processor of Personal Information and our Customers act as Controllers. The Customer is responsible to implement and maintain all necessary internal security and privacy protocols and policies relating to access and use of the Content Moderation Services, including protocols and policies relating to permitted access to and use of the Content Moderation Services, protection of login credentials, and collection, use and disclosure of End User Personal Information.
In providing Content Moderation Services, we may receive the following types of information:
We may endeavor to redact certain Personal Information in content generated by End Users. These settings may be configured by our Customers. Customers may also add additional information to End User data prior to sending it to be analyzed and classified by our Content Moderation Services.
2.2 Use of Two Hat Website
When you use twohat.com (our “Website”), we may automatically collect, use, and disclose certain information generated from your interaction with our Website. The purpose of collection may include:
We may collect the following information when accessing our Website:
Our web analytics will also respect any “do not track” setting you might have set on your browser. We use all of this information to analyze trends among our web users to help improve our Website.
2.3 Links and Other Websites & Businesses
3.1 Types of Consent
We may seek Consent in various ways, depending on the circumstances and the type of information collected, including, for example, using an application form and/or a check-off box, collecting oral consent (when information is collected over the telephone or otherwise in person), or implied consent (such as when you access our Website or otherwise request information or services from us).
3.2 Withdrawal of Consent
Where Consent is the basis for collection of Personal Information, an Individual may withdraw Consent at any time, on reasonable notice, subject to legal or contractual restrictions. We will inform the Individual of the implications of such withdrawal, which in some cases may be an inability for Two Hat to continue to provide services to the Individual.
With respect to Content Moderation Services, Two Hat is a processor of Personal Information through our Customers. In these cases, End Users must initiate requests for withdraw of consent by contacting our Customers who act as controller of the Personal Information.
3.3 Exceptions to Requirement for Consent
The Privacy Legislation sets out specific circumstances under which Two Hat may collect, use or disclose Personal Information without the knowledge or Consent of the Individual and, in such circumstances, Two Hat reserves the right to not obtain Consent from such Individual.
Two Hat limits both the amount and type of Personal Information collected to that which is necessary to fulfill its specific purposes.
We may collect Personal Information from you in person, over the telephone or by corresponding with you via mail, email or the internet. By providing your Personal Information to or otherwise corresponding with Two Hat via email you acknowledge that you are aware that email is not a secure form of communication. Furthermore, with your consent or as otherwise permitted by Privacy Legislation, we may collect or disclose Personal Information to/from other sources including our partners.
The type of Personal Information we collect and maintain, may include:
4.2 Use and Disclosure
Two Hat limits the use and disclosure of Personal Information to its specific purposes, unless the Consent of the Individual has been obtained for other use and disclosure, or if the use and disclosure is permitted or required by law.
We do not sell, rent or lease Personal Information to third parties. If this changes, we will comply with applicable Privacy Legislation including the CCPA.
There are some instances where Two Hat may disclose your Personal Information to fulfill regulatory and legislative obligations and to conduct our business in the ordinary course. In those instances where we do provide information to third parties, we provide only that Personal Information that is required in the circumstances and that may be disclosed with your Consent or otherwise pursuant to applicable law, and we include various provisions in our contracts that have been designed to protect privacy and security of your Personal Information.
We may also use or disclose your Personal Information without your consent, in the following circumstances:
4.3 Retention Limited
Two Hat has developed guidelines for the retention of Personal Information, which include minimum and maximum retention periods in compliance with the Privacy Legislation and other applicable laws. The underlying principle of these retention guidelines is to keep Personal Information only as long as remains necessary or relevant for the specific purposes and/or as required by law.
4.4 Service Providers
We endeavor to keep Personal Information in our custody and control accurate, complete, and up-to-date as this will allow us to provide the best service to our customers. Our customers, and web users can assist us by ensuring that the information they provide to Two Hat is current and accurate.
5.2 Correction Requests
Individuals may make a request to correct or amend Personal Information held by Two Hat. The request must be made in writing to the Privacy Officer identified below and provide sufficient detail to allow Two Hat to identify the Personal Information, and the correction being sought. If the Individual successfully demonstrates that the Personal Information is inaccurate, incomplete, or otherwise in need of change, we will correct the Personal Information, as required, and send the corrected Personal Information to any third party to which we disclosed the Personal Information in the prior year or as otherwise required by law. If no correction is required to be made, we will note the request for correction and annotate the file accordingly.
5.3 Access Requests
An Individual may make a request for access to his or her Personal Information in the custody or control of Two Hat. The request must be made in writing to the Privacy Officer identified below and provide sufficient detail to allow Two Hat to identify the Personal Information they desire access to.
Two Hat will:
Where we are entitled to charge a fee in order to implement the access request, we will advise the Individual of the amount of the fee and other information required by law.
5.4 Correction and Access for Content Moderation Services
With respect to Content Moderation Services, Two Hat is a processor of Personal Information through our Customers. In these cases, End Users must initiate requests for correction and access by contacting our Customers who act as controller of the Personal Information.
6.1 Security Safeguards
To protect Personal Information against loss or theft, unauthorized access, collection, disclosure, copying, use, or modification, we have implemented reasonable security safeguards which are appropriate to the sensitivity of the information that has been collected, the amount, distribution, format of the information, and the method of storage.
The methods of protection adopted by Two Hat may include:
This list may be modified from time-to-time. We will continually review and update our security policies and controls as technology changes to ensure ongoing Personal Information security.
8.1 Complaint or Question to Privacy Officer
8.2 Privacy Officer Contact Information
All inquiries should be in writing and addressed to the Privacy Officer as follows:
500-554 Leon Ave
Kelowna, BC V1Y 6J6
This EU WEBSITE Addendum (“Addendum”) explains how we Process your Personal Data on the basis of cookies and related technology when your access and use our Website is governed by the laws of the European Union (“EU”). Two Hat acts as Data Controller responsible for the Processing of your Personal Data. The Two Hat Privacy Officer, whose contact details are listed above, will act as our Data Protection Officer.
9.2 Our Processing of your Personal Data when You Visit our Website
We collect Personal Data from you when you visit and interact with our Website using cookies and related technology as described above in Section 2.2, for instance when you reach out to us using the contact form on our Website, when you request a demo product from our Website or when you visit our Website and would like personalization. We collect the types of Personal Data described above in Section 2.2, such as information related to the operating system and web browser you use to access our Website, and the date and time that you visited the Website.
We collect and process your Personal Data for the purposes described in Section 2 and to manage your newsletter registration, to address your comments or inquiries when you reach out to us, communicate with you; to operate, evaluate and improve our services and facilitate your use of our Website; and to prevent and protect us and others against fraud, unauthorized transactions, claims and other liabilities. We process this Personal Data on the basis of our legitimate interests, contract performance and, where required, on the basis of your consent. Our legitimate interests include operating, evaluating and improving our organization; preventing and protecting us and others against fraud, unauthorized transactions, claims and other liabilities, and ensuring compliance with company policies and industry standards. For companies like Two Hat that have global business operations, Processing your Personal Data for internal administrative purposes is typically also considered a legitimate interest. We have carefully balanced our legitimate business interests against your data protection rights. Please contact us using the contact details provided in Section 8.2 above if you wish to obtain more information on this balancing test.
We generally do not Process special categories of Personal Data (e.g., race or ethnicity; health-related data) when you visit or interact with our Website, but if we do, we will identify a legal basis to do so (e.g., your consent). Two Hat will not use Personal Data from our Website for any monitoring or profiling activity or process, and will not adopt any automated decision-making processes.
You may configure your browser to accept all cookies, reject all cookies, or notify you when a cookie is sent. Each browser is different, so check the “Help” menu of your browser to learn how to change your cookie preferences. For example, on Microsoft Internet Explorer, you can disable or delete cookies by selecting “Tools/Internet Options” and reviewing your privacy settings or selecting “delete cookies”.
Please note that our Website is designed to work using cookies and any disabling of them may affect your usage of our Website and prevent you from taking full advantage of it.
9.3 Transfer and Sharing of Personal Data
We may disclose your Personal Data to other Two Hat entities or affiliates, and third parties, such as third party service providers as described in Section 4.4or a competent authority upon official request.
We transfer and onward transfer your Personal Data to other jurisdictions as necessary for the purposes described in this Policy, including to jurisdictions that may not provide the same level of data protection as the jurisdiction in which your Personal Data was originally collected. We will only transfer and onward transfer your Personal Data outside the European Economic Area (“EEA”) on the basis of an adequacy decision of the European Commission pursuant to Art. 45 of the EU General Data Protection Regulation 2016/679 (“GDPR”) or on the basis of other appropriate data transfer mechanisms to address cross-border transfers as required or permitted by Articles 46 and 49 of the GDPR. Please contact our Privacy Officer if you have any questions with respect to the safeguards or transfer mechanisms we have put in place to protect your Personal Data when we (onward) transfer this (including how to obtain a copy of or consult these safeguards), or to find out which jurisdictions we may transfer your data to.
9.4 Retention of Personal Data
We hold on to your Personal Data as described in Section 4.3.
9.5 Your Rights
You have the rights as indicated in the section entitled “Definitions” below. Two Hat will handle your rights regarding the Processing of your Personal Data in accordance with applicable law. You can exercise these rights by contacting our Privacy Officer using the contact details outlined above. If you are not satisfied with the way we handled your request, you may lodge a complaint with a competent Supervisory Authority (for example, with the Supervisory Authority in your country of residence or place of work).
Except for “Two Hat”, “we”, “us”, or “our”, “include”, “Including”, “Privacy Officer”, and “GDPR” the definitions included in Section 1.2 do not apply to this Addendum. The following definitions shall also apply to this Addendum:
“Personal Data” – any information relating to an identified or identifiable natural person (‘Data Subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Processing” – any operation or set of operations which is performed upon Personal Data or sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, erasure or destruction.
“Data Controller” – the natural or legal person, public authority, agency or other body that determines the purposes and the means of Processing Personal Data.
“Data Subject Rights” – the rights of Data Subjects under the GDPR. These are:
If you have questions or concerns about this Addendum and/or the way Two Hat is handling your Personal Data, please let us know immediately by contacting out Privacy Officer using the contact details outlined in Section 8.2 above.