Privacy policy

Last updated 31/03/2020

Thank you for choosing to be part of our Hiro community.

(Hero Laboratories Ltd; trading as Hiro and referred to as “Hiro”, “we”, “us”, or “our” in this document).

Hiro is committed to protecting your personal information and your right to privacy.

When you use Hiro services like our mobile apps, our notification and alert services, or our website, you trust us with your personal information. We take that trust and your privacy very seriously. In this privacy policy we aim to explain to you in the clearest way possible what information we collect, how we use it and what rights you have in relation to it, so that you can make informed decisions about sharing your personal information with us. We hope you take some time to read through it carefully, as it is important. In using our Apps and Services you agree to it, so if there is anything you feel you do not agree with you should discontinue use of our Apps and Services (and we encourage you to contact us hi@gethiro.com to tell us which parts, and why, so that we can improve).

This privacy policy applies to all information collected through our mobile applications (“Apps”), our services and our websites, as well as through events, marketing activities, surveys or social media profiles (we refer to them collectively in this privacy policy as “Services”).

1. What information do we collect?

When you register an account for one of our Apps or Services, fill in a form on our website, place an order with us, participate in one of our training events or otherwise contact or interact with us, you will normally voluntarily provide us with information about yourself in the process. We collect and store that information so that we can provide Services to you and improve them over time.

The personal information that we collect depends on the context of your interactions with us, the choices you make and the products and features you use. However, it can include:

Your Name and Contact Data. We collect your first and last name, email address, postal address, phone number, and other similar contact data.

Credentials. We collect passwords, password hints, and similar security information used for authentication and account access.

Information automatically collected. Some information – such as your IP address, browser or device characteristics – is collected automatically when you use our Apps and Services. This information does not reveal your specific identity (like your name or contact information) but may details like the make and model of your device, its operating system, your country, the URL that referred you to our site and information about how and when you use our Apps and Services. This information is primarily needed to maintain the security and operation of our apps, and for internal analytics and reporting purposes. Like many businesses, we also collect information through cookies and similar technologies.

Information collected through our Apps

When you use our Apps, we may collect information about the way you use them in order to improve how the Apps and Services work.

Mobile Device Data. We may automatically collect device information (such as your mobile device ID, model and manufacturer), operating system, version information and IP address. We collect this information to secure and improve our Apps and Services.

Push Notifications. We may request to send you push notifications regarding Hiro Products and Services mobile application. If you wish to opt-out from receiving these types of communications, you may turn them off in your device’s settings.

Data from Products. We may collect data generated by Hiro Products. We use this data to provide and improve our Services and for internal reporting. 

Information collected from other sources

We may collect data from other sources such as public databases, marketing partners, social media platforms, and other outside sources. If you discover our Products and Services via a search engine like Google, that search engine provides us with information about your searching behaviour such as the search terms that lead you to our website.

2. How do we use that information?

We use the personal information we collect to conduct legitimate business operations, to provide you with Services, to fulfil our contractual obligations to you and other parties and to ensure compliance with our various legal obligations (“Business Purposes”, “Contractual Purposes” and “Legal Reasons”).

We use the information we collect or receive:

To facilitate our account creation and logon process. We use the information you willingly provide us with when creating an account to create that account and verify your identity when you subsequently log in.

To enforce our terms, conditions and policies.

To respond to legal requests and prevent harm. If we receive a legal request we may need to inspect the data we hold to determine how to respond.

For other Business Purposes. We may use your information for other Business Purposes, such as data analysis, identifying usage trends, and to evaluate and improve our Apps, products, services, marketing and your experience.

3. Do we share your information with anyone else?

We only share information with your consent, to comply with laws, to protect your rights, or to fulfil business obligations.

We may process or share data based on the following legal basis:

Consent: We may process your data if you have given us specific consent to use your personal information for a specific purpose.

Legitimate Interests: We may process your data when it is reasonably necessary to achieve our legitimate business interests.

Performance of a Contract: Where we have entered into a contract with you, we may process your personal information to fulfil the terms of our contract.

Legal Obligations: We may disclose your information where we are legally required to do so in order to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal process, such as in response to a court order (including in response to public authorities to meet national security or law enforcement requirements).

Vital Interests: We may disclose your information where we believe it is necessary to investigate, prevent, or take action regarding potential violations of our policies, suspected fraud, situations involving potential threats to the safety of any person and illegal activities, or as evidence in litigation in which we are involved.

More specifically, we may need to process your data or share your personal information in the following situations:

Vendors, Consultants and Other Third-Party Service Providers. We may share your data with third-party vendors, service providers, contractors or agents who perform services for us or on our behalf and require access to such information to do that work.

For example: payment processing, data analysis, email delivery, hosting services, customer service, marketing. We may allow selected third parties to use tracking technology on the Apps, which will enable them to collect data about how you interact with the Apps over time. This information may be used, among other things, to analyse and track activity and use of our Services. Unless described in this Policy, we do not share, sell, rent or trade any of your information with third parties for their promotional purposes.

Business Transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.

Affiliates. We may share your information with our affiliates, in which case we will require those affiliates to honour this privacy policy. Affiliates include our parent company and any subsidiaries, joint venture partners or other companies that we control or that are under common control with us.

Business Partners. We may share your information with our business partners to offer you certain products, services or promotions.

4. Do we use cookies and other tracking technologies?

Like many companies we use cookies and other tracking technologies like web beacons and tracking pixels to collect and store your information. Specific information about how we use such technologies and how you can refuse certain cookies is set out in our Cookie Policy.

5. Do we transfer any of this information internationally?

We may transfer, store, and process your information in countries other than your own.

Our servers are located in the European Union. If you are accessing our Apps or Services from outside European Union, please be aware that your information may be transferred to, stored, and processed by us in our facilities and by those third parties with whom we may share your personal information (see “Do we share your information with anyone else?”), in the European Union, and other countries. In doing so we take all necessary measures to protect your personal information in accordance with this privacy policy and applicable law.

6. How long do we keep your information?

We will only keep your personal information for as long as it is necessary for the purposes set out in this privacy policy, unless a longer retention period is required or permitted by law (such as tax, accounting or other legal requirements). No purpose in this policy will require us keeping your personal information for longer than 5 years after you close your account. When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise. If this isn’t possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

7. How do we keep your information safe?

We aim to protect your personal information through a system of organisational and technical security measures. However, please also remember that we cannot guarantee that the internet itself is 100% secure. Although we will do our best to protect your personal information, transmission of personal information to and from our Apps and Services is at your own risk. You should only access them within a secure environment.

8. Do we collect information from minors?

We do not knowingly collect data from or market to children under 16 years of age.

By using the Apps, you represent that you are at least 16 or that you are the parent or guardian of such a minor and consent to such minor dependent’s use of the Apps. If we learn that personal information from users less than 16 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you become aware of any data we have collected from children under age 16, please contact us at hi@gethiro.com.

9. What are your privacy rights?

Depending on where you live in the world, you have a set of rights as to how the data that companies collect about you gets treated. In the European Union, this typically includes the right:

Wherever you live in the world you can amend your information via the Apps or by emailing hi@gethiro.com. You can also request that we terminate your account. Upon receiving your request to terminate your account, we will deactivate or delete your account and information from our active databases within 30 days, but some information may be retained in our files as detailed in “How long do we keep your information”.

You can unsubscribe from our marketing email list at any time by clicking on the unsubscribe link in the emails that we send. You will then be removed from the marketing email list – however, we will still need to send you service-related emails that are necessary for the administration and use of your account.

If you are resident in the European Economic Area and you believe we are unlawfully processing your personal information, you also have the right to complain to your local data protection supervisory authority. You can find their contact details here.

Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track (“DNT”) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. No uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this Privacy Policy.

10. Do we make changes to this policy?

Yes, we will update this policy as necessary to stay compliant with relevant laws and aligned with our legitimate business interests. When we update this policy, the updated version will be indicated by an updated “Revised” date at the top of the document. The updated version will be effective as soon as it is accessible. If we make material changes to this privacy policy, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification via the Apps or Services. We encourage you to review this privacy policy frequently to be informed of how we are protecting your information.

11. Who can I contact about this policy?

If you have questions or comments about this policy, you may contact our Data Protection Officer (DPO), Krystian Zajac, by email at hi@gethiro.com, or by post to:

Hero Laboratories Ltd
Krystian Zajac
Mercury House, 117 Waterloo Rd
London, SE1 8UL
United Kingdom