Privacy Policy

About this Policy

This Privacy Policy describes the personal information BigHand Inc and our family of solutions and related business units (collectively, “Big Hand Group,” “we,” or “us”) collects or processes, including through its website, tools, solutions, and services (“Products”). This Privacy Policy describes our information management practices, such as the types of information we collect and how we may use or share that information.

PLEASE READ THIS PRIVACY POLICY CAREFULLY. YOUR USE OF OUR PRODUCTS CONSTITUTES YOUR CONSENT TO THIS PRIVACY POLICY. DO NOT USE OUR PRODUCTS IF YOU ARE UNWILLING OR UNABLE TO CONSENT TO THIS PRIVACY POLICY.

In this Privacy Policy we refer to our customers (current and prospective), our customer’s employees or workforce members who have access to or use our Products, and visitors to our website as “you” or “Customers.”

About Us

We are BigHand Inc, of 125 S Wacker Drive, Suite 300, Chicago, Illinois 60606, USA . We provide productivity products including workflow, dictation, business intelligence, and pricing tools to our Customers, who are organizations using our Products to support their own operations.

We are part of a group of related companies, the Big Hand Group, which support our delivery of services to our Customers. In this policy we refer to BigHand Inc and Big Hand Group as “we” and “our.”

We collect information from or about our Customers when they use our Products as necessary to provide our Customers with those Products. We only collect or process Personal Information in these circumstances as requested, consented, or directed by our Customers, or as part of the provision of our Products, or as otherwise described in this Privacy Policy.

We also collect Personal Information from individuals as part of our marketing and client relationship management activities. More information about our use of Personal Information for marketing is described in Our use of data for marketing section below.

Definitions

The following terms will have the definitions provided when used in this Privacy Policy

Personal Information is information that can identify you or from which your identity may reasonably be determined. This includes information such as your name, address, telephone numbers, email addresses, other contact details, job title, qualifications, or any other information that may be provided by you to access or take advantage of any of our Products. It does not include information publicly available, such as information appearing in federal, state, or local records, information that has been de-identified and cannot reasonably be linked back to you. It does not include Business Information (as defined below).

Business Information means any information directly relating to a business, partnership, corporation, or other commercial or non-commercial venture, including, but not limited to, financial account information, addresses, business records, or other information that does not identify a natural person.

Sensitive Personal Information means Personal Information including your Social Security number, state identification number, financial account number, debit card or credit card number, account log-in information in combination with any required security or access code, password, or other credentials required to gain access to your account, geolocation data, racial or ethnic origins, religious or philosophical beliefs, or union membership, contents of your email, mail, or text messages, unless we are the intended recipient of such communication, genetic data, identifying biometric data, information concerning your sex life or sexual orientation, criminal records and information regarding criminal offences or proceedings.

How And When We Collect Personal Information

We collect Personal Information when an organization asks us for a proposal for the use of Products, when our Products are used by Customers, when enquiries about our business or Products are made, and when we receive requests for support and assistance from Customers for our Products.

What Personal Information We Collect Or Process And Why

We collect or process Personal Information to provide you with functionality of our Products and for other Business Purposes.

We collect or process the following types of Personal Information:

*Data description*	*Examples*	*Why we collect this data*
Account data	Usernames and contact information, such as email addresses and telephone numbers	To provide our Products to you
Account data	Professional details such as job titles and qualifications	Other Business Purposes, such as marketing and developing or servicing our Products
Service data	Online identifiers, log-in details, and other identifiers for our Products	To provide our Products to you
	Tracking data about which of our Products you use, such as the time and date of sessions and the tools used	For other Business Purposes, such as marketing and the development or servicing of our Products
	Cookies as described in our Cookie Policy	To collect overall website analytics, to make improvements to our websites, and to improve your experience browsing our websites
Customer data	The data that you input during the use of our Products. Depending on your use, this may contain data about your clients, customers, or other individuals that you choose to upload or save to our Products, including Personal Information or Sensitive Personal Information.	To provide our Products to you only
Candidate data	Personal Details: Your name, gender, nationality, civil/marital status, date of birth, age, personal contact details (e.g. address, telephone or mobile number, e mail), national ID number, immigration and eligibility to work information, driving license, languages spoken; emergency contact information, details of any disability and any reasonable adjustments required as a result. Recruitment and selection data: skills and experience, qualifications, references, CV and application, interview and assessment data, vetting and verification information (e.g. results of credit reference check, financial sanction check and a basic disclosure criminal record check relating to unspent convictions were carried out and permitted by applicable law), right to work verification, information related to the outcome of your application, details of any offer made to you. Other Personal Data: Any other personal data which you choose to disclose to us during the recruitment exercise whether verbally or in written form (for example in work emails).	Recruitment and Selection To consider your suitability to work for us in the role you have applied for, to compare you to other candidates and to make recruitment decisions. Pre-employment verification and screening Appropriate pre-employment screening including, where relevant and appropriate, identity check, right to work verification, reference check, credit check, financial sanction check, criminal record checks (if and to the extent permitted by applicable laws), relevant employment history, relevant regulatory status and relevant professional and educational qualifications. Offers of employment and on-boarding Making job offers, providing contracts of employment or engagement and preparing to commence your employment or engagement where you accept an offer from us. Future job opportunities To contact you if you are not successful in your initial application should another potentially suitable vacancy arises during the six months following completion of the recruitment process for the role you originally applied for Recruitment feedback and complaints To deal with any query, challenge or request for feedback received in relation to our recruitment decisions Complaints, claims and litigation To enforce our legal rights and obligations, and for any purposes in connection with any complaint or legal claim made by, against or otherwise involving you. Legal or regulatory disclosures To comply with lawful requests by public authorities (including without limitation to meet national security or law enforcement requirements), discovery requests, or where otherwise required or permitted by applicable laws, court orders, government regulations, or regulatory authorities (including without limitation data protection, tax and employment), whether within or outside your country

We also collect non-personal information derived from these data types, such as usage information, aggregate user statistics, and other such data to ensure the security of our systems and infrastructure, and to develop and support our Products.

The Customer Data that we collect may include Sensitive Personal Information. We only process this information at the direction of our Customers when they upload it to our Products. We do not use it other than to provide our Products to our Customers.

The Candidate Data that we collect may include Sensitive Personal Information. We only process such information as justified for the purposes as outlined above and/or where justified by one of the following conditions:

The processing is necessary for the purposes of carrying out the obligations and exercising the rights of you or us in the field of employment law, social security and social protection law, to the extent permissible under applicable laws;
The processing is necessary for the purposes of preventive or occupational medicine, for the assessment of your working capacity, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services, to the extent permitted by applicable laws;
The processing is necessary to protect your vital interests or of another person where you are physically or legally incapable of giving consent (for example in exceptional emergency situations, such as a medical emergency);
The processing is necessary for purposes authorized by applicable law.
The processing is necessary for the establishment, exercise, or defense of legal claims; or
In exceptional circumstances the processing is carried out subject to your explicit consent.

Personal data relating to criminal convictions and offences will only be processed where authorised by applicable laws.

When we use Personal Information for our business purposes outside the provision of our Products to our Customers, we consider the rights and interests of individuals in relation to our interests and do our best to protect the interests of individuals.

Recruitment

Usually, we collect and record your personal data from you. You will provide this information directly to the individual the recruitment exercise or enter it into our systems (for example, through your participation in recruitment and selection processes, emails and instant messages you send or through verbal information which is recorded electronically or manually).

We also obtain some information from third parties: for example, references from a previous employer, medical reports from external professionals, information from recruitment consultants or where we employ a third party to carry out a background check (where permitted by applicable law). Some data may be obtained from publicly accessible sources.

If particular information is required by contract or statute this will be indicated at the time of collection. We will also let you know where there are consequences of you not providing the information requested. Failure to provide some information will mean that we cannot continue with the recruitment exercise as we will not have the personal data we believe to be necessary for the effective and efficient administration of the recruitment exercise. It should be noted however that it is not a condition or requirement of your recruitment to agree to any request for consent from us.

Website Not For Minors (Children)

The website is targeted for use only by adults. Accordingly, we do not knowingly collect any Personal Information from children under the age of 13. In the event we discover that a child has provided information to us, we will delete that information to the extent technologically possible. If you believe we have received information about a child, please contact us as described in How to contact us below.

Do We Share Personal Information With Anyone Else?

We only share Personal Information with other organizations where necessary to deliver Products and related services.

These organizations are:

Service providers providing technology and infrastructure support services to us;
Professional advisors such as lawyers or insurance brokers (including if we restructured or transferred our business);
Big Hand Group Members providing us or our Customers with Products; and
Our partners, affiliates or advertisers which whom we may share in aggregate, statistical form, non-personal information regarding the visitors to our website, traffic patterns and website usage

We reserve the right to use or disclose any Customer Data (including Personal Information) as needed to comply with any law, regulation or legal request, to protect the integrity of our Products, to fulfil your requests, for recruitment purposes, to cooperate in any law enforcement investigation or an investigation on a public safety matter, to protect and defend the legal rights or property of BigHand Limited or Big Hand Group members, our Customers, or any other party, or in an emergency, to protect the health and safety of our Customers or the general public (collectively, “Business Purposes”). In these cases, we will limit the use or disclosure of Customer Data to that necessary to undertake the Business Purposes objective, including the de-identification or anonymization of the Customer data, as practicable.

Do We Transfer Personal Information Overseas?

We will only transfer Personal Information outside the United States for the reasons described in What Personal Information We Collect Or Process And Why above.

Our Use Of Personal Information For Marketing

We only use Personal Information for marketing our Products by electronic communications methods where you have given us your consent to do so.

We do not engage in “targeted advertising” or “cross context behavioral advertising” as defined by the CCPA and other data protection laws. If we were to do so in the future, we will update this Privacy Policy and give you the opportunity to opt-out of such advertising.

If you have consented to receive marketing communications, you may opt out at any time. You have a right at any time to stop us from contacting you about Products and for other marketing purposes.

If you no longer wish to be contacted for marketing purposes, please email us at [email protected].

How We Keep Personal Information Secure

We have implemented a formal Information Security Management System (ISMS). The ISMS is formally managed, controlled, independently audited, and certified to ISO27001(the global information security standard) and Cyber Essentials Plus.

The Big Hand Group is GDPR compliant (registered with ICO), HIPAA compliant, DCB0129 compliant (NHS Clinical Risk Management), and meets the requirements of the Data Security and Protection (DSP) toolkit.

We regularly review, test, and assess our information and organizational security measures, and we ensure that:

Our team is trained and experienced in Personal Information processing;
Physical security measures are applied to our facilities;
Our systems and infrastructure are protected by network and other technical security measures;
Access to Personal Information is recorded and controlled;
Our systems and practices are audited and reviewed; and
Our contractors, sub-contractors, and service providers are held to the same standards we hold ourselves to and are required to provide the same levels of administrative, physical, and technical security standards and practices.

For more information, please see our Information Security whitepaper.

Profiling And Automated Decision Making

We do not use Personal Information to profile or enable automated decision making about individuals.

We carry out a small amount of profiling from time to time related to assessment of performance and potential as part of our appraisal process or other career development programmes. This is used for development and may be considered for promotion or succession planning but is not used as the sole basis for any decision

How We Respond To “Do Not Track” Signals

Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. There is no consensus among industry participants as to what “Do Not Track” means in this context. Like many websites and online services, our website does not alter its practices when it receives a “Do Not Track” signal from a visitor’s browser. To find out more about “Do Not Track,” please visit All About Do Not Track (DNT).

How Long Do We Keep Personal Information?

We only keep Personal Information for as long as necessary for the purposes for which we use it as set out in this policy.

We are required to keep certain information for certain periods of time to comply with legal and regulatory obligations. We minimise the amount of data we retain and de-identify it to protect individuals from being identified.

You can ask us about the specific periods for which we retain Personal Information by contacting us as described in How To Contact Us below.

Your Rights In Relation To Personal Information

You may have the certain legal rights in relation to our use of your Personal Information.

Some jurisdictions (state, federal, national and international), provide individuals with certain rights regarding their personal information. Examples of these laws, (without limitation) are: California (California Consumer Protection Act (“CCPA”) or the California Privacy Rights Act (“CPRA”)), and the Canada Personal Information Protection and Electronic Documents Act (“PIPEDA”). To exercise any rights your jurisdiction may provide, contact us by using the information at the bottom of this section. Your rights will depend on the location in which you reside when your Personal Information is collected or otherwise processed. The following illustrates the rights that may be afforded under the CCPA, PIPEDA, or your jurisdiction collectively:

Being informed about how we obtain and process your Personal Information;
Viewing and obtaining a copy of the Personal Information we maintain about you;
Amending or revising Personal Information we maintain about you;
Having Personal Information we maintain about you erased or forgotten;
Objecting to the use of your Personal Information for direct marketing;
Restricting our use of the Personal Information we maintain about you;
Transferring the Personal Information we maintain about you to another entity who will provide substantially similar services;
Objecting to our use of Personal Information we maintain about you;
Objecting to automated decision making based on your Personal Information;
Objecting to automated profiling based on your Personal Information;
Knowing from where we obtained your Personal Information;
To receive the same services (to the extent possible) at the same price regardless of whether you exercise your individual rights under this statement;
Withdraw your previously provided consent (this right may only be available on a prospective basis); or
Filing a complaint with us or the appropriate governmental entity.

Some states require specific information regarding our practices and that your rights be provided to you in the form of a privacy notice. These notices are provided in the State Specific Privacy Notices section below.

You can exercise these rights by contacting us as described in the How To Contact Us section below to request that we do not sell or share your Personal Information or to request that we limit the use of your Sensitive Personal Information.

We may require that you verify your identity before exercising your individual rights. In most circumstances, individual rights are not absolute and where applicable law permits or requires, we may choose to limit or deny a request. If we limit or deny a request, we will provide an explanation in writing.

The Big Hand Group accepts the following forms of ID when information on your Personal Information is requested: Passport, driving license, birth certificate, or utility bill (from last 3 months).

Depending on the level of Personal Information you are requesting, more than one form of ID may be requested. Please see our Privacy Policy for more information.

The Big Hand Group will respond to your request within thirty (30) days of receipt. The period of response may be extended to forty-five (45) or sixty (60) days if more time is required. In that event, we will inform you of the reason and extension period in writing.

State Specific Privacy Notices

Notice to California Residents

Under California’s Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) California residents have certain rights around the Big Hand Group’s collection , use, and sharing of their Personal Information and the use of their Sensitive Personal Information.

We do not currently sell any Personal Information we collect to any third parties. We also do not engage in “cross context behavioral advertising” as the term is defined by the CPRA. If we were to do so in the future, we will update this Privacy Policy, and provide California residents with the opportunity to opt-out of such advertising or the sale of their Personal Information. We also do not engage in profiling in the furtherance of decisions that produce legal or similar significant effects.

We collect various categories of Personal Information depending on how you choose to engage with us as described in the sections How And When We Collect Personal Information and What Personal Information We Collect Or Process And Why. Do We Share Personal Information With Anyone Else describes how and under what circumstances Personal Information may be shared with third parties.

If you are a resident of California you have the rights as described in the Your Rights In Relation To Personal Information section above.

Additionally, you may have the right to request, twice in a twelve (12) month period, the following information about the Personal Information we have collected about you during the past twelve (12) months.

the categories and specific pieces of Personal Information we have collected about you;
the categories of sources from which we collected the Personal Information;
the business or commercial purpose for which we collected or sold the Personal Information;
the categories of third parties with whom we shared the Personal Information; and
the categories of Personal Information about you that we sold or disclosed for a Business Purpose, and the categories of third parties to whom we sold or disclosed that information for a Business Purpose.

If you have any questions or comments, or would like to exercise any of your rights, please contact us using the information in the How to Contact Us section below.

Notice to Colorado Residents

Under Colorado’s Consumer Privacy Act (CPA), which goes into effect July 1, 2023, Colorado residents have certain rights around the Big Hand Group’s collection, use, and sharing of their Personal Information.

We do not currently sell any Personal Information we collect to any third parties. We also do not engage in “targeted advertising” as the term is defined in the CPA. If we were to do so in the future, we will update this Privacy Policy, and provide Colorado residents with the opportunity to opt-out of any targeted advertising or the sale of their Personal Information. We also do not engage in profiling in furtherance of decisions that produce legal or similar significant effects.

If you are a resident of Colorado, starting July 1, 2023, you have the right to (1) request to know what Personal Information has been collected about you, and to access that information; (2) request to correct inaccuracies in your Personal Information; (3) request deletion of your Personal Information (exceptions under the CPA and other laws may allow the Big Hand Group to retain and use your Personal Information notwithstanding your deletion request); and (4) obtain a copy of your Personal Information.

If you have any questions or comments, or would like to exercise any of your rights, please contact us using the information in the How to Contact Us section below.

Notice to Connecticut Residents

Under the Connecticut Data Privacy Act (CTDPA), which goes into effect July 1, 2023, Connecticut residents have certain rights around the Big Hand Group’s collection, use, and sharing of their Personal Information.

We do not currently sell any Personal Information we collect to any third parties. We also do not engage in “targeted advertising” as the term is defined in the CTDPA. If we were to do so in the future, we will update this Privacy Policy, and provide Connecticut residents with the opportunity to opt-out of any targeted advertising or the sale of their Personal Information. We also do not engage in profiling in furtherance of decisions that produce legal or similar significant effects.

If you are a resident of Connecticut, starting July 1, 2023, you have the right to (1) request to know what Personal Information has been collected about you, and to access that information; (2) request to correct inaccuracies in your Personal Information; (3) request deletion of your Personal Information (exceptions under CTDPA and other laws may allow the Big Hand Group to retain and use certain Personal Information notwithstanding your deletion request); and (4) obtain a copy of your Personal Information.

If you have any questions or comments, or would like to exercise any of your rights, please contact us using the information in the How to Contact Us section below.

Notice to Nevada Residents

Nevada law (SB 220) requires website operators to provide a way for Nevada consumers to opt-out of the sale of certain information that the website operators may collect about them.

We do not presently sell any personal information we collect to any third parties. If we were to do so in the future, we will update this Policy, and provide Nevada residents with the opportunity to opt-out of the sale of their personal information

Notice to Utah Residents

Under Utah’s Consumer Privacy Act (UCPA), which goes into effect December 31, 2023, Utah residents have certain rights around the Big Hand Group’s collection, use, and sharing of their Personal Information.

We do not presently sell any personal information we collect to any third parties. We also do not engage in “targeted advertising” as the term is defined in the UCPA. If we were to do so in the future, we will update this Policy, and provide Utah residents with the opportunity to opt-out of any targeted advertising or the sale of their Personal Information.

If you are a resident of Utah, starting December 31, 2023, you have the right to (1) request to know what Personal Information has been collected about you, and to access that information; (2) request deletion of your Personal Information (exceptions under UCPA and other laws may allow the Big Hand Group to retain and use certain Personal Information notwithstanding your deletion request); and (3) obtain a copy of your Personal Information.

If you have any questions or comments, or would like to exercise any of your rights, please contact us using the information in the How to Contact Us section below.

Notice to Virginia Residents

Under Virginia’s Consumer Data Protection Act (CDPA), which goes into effect January 1, 2023, Virginia residents have certain rights around the Big Hand Group’s collection, use, and sharing of their Personal Information.

We do not currently sell any Personal Information we collect to any third parties. We also do not engage in “targeted advertising” as the term is defined in the CDPA. If we were to do so in the future, we will update this Policy, and provide Virginia residents with the opportunity to opt-out of any targeted advertising or the sale of their Personal Information. We also do not engage in profiling in furtherance of decisions that produce legal or similar significant effects.

If you are a resident of Virginia, starting January 1, 2023, you have the right to (1) request to know what Personal Information has been collected about you, and to access that information; (2) request to correct inaccuracies in your Personal Information; (3) request deletion of your Personal Information (exceptions under CDPA and other laws may allow the Big Hand Group to retain and use certain Personal Information notwithstanding your deletion request); and (4) obtain a copy of your Personal Information.

If you have any questions or comments, or would like to exercise any of your rights, please contact us using the information in the How to Contact Us section below.

Changes To Our Privacy Policy

From time to time, BigHand Limited or the Big Hand Group may change this Privacy Policy and will notify you of material changes by posting the revised Privacy Policy on our website, https://www.bighand.com/en-us/. Any changes will be effective immediately upon the posting of the revised Privacy Policy unless otherwise specified. Your continued use of the Products after the effective date of the revised Privacy Policy (or such other act as specified in the revised Privacy Policy) will constitute consent to the revised Privacy Policy and any revisions will not alter how we handle Personal Information collected before the revised policy effective date.

Links To Third-Party Websites

If you click on links within our website (such as social media) that take you to third-party websites, you will be subject to the third parties’ privacy policies, practices and statements. We are not responsible for the actions or inactions of any third-party websites, the accessibility of any third-party website or the policies or practices of any third-party website.

Disclaimer

The Big Hand Group website does not constitute an offer or contract. Information on our website may contain inaccuracies or typographical errors. Information may be changed or updated without notice.

How To Contact Us

Please contact us if you have any questions about this Privacy Policy or the information we hold about you:

By email at [email protected] or write to us at: BigHand Inc, Attention: Data Protection Manager, 27 Union Street, London SE1 1SD, United Kingdom.

Registered office: 125 S Wacker Drive, Suite 300, Chicago, Illinois 60606, USA .
Registered in Delaware

Data Protection Manager: Joseph Birkby

This Privacy Policy is effective as of 21 March 2023