The Human Identity Infrastructure Foundation (“hii”) is committed to protecting the privacy of visitors to our website, as well as our contributors, donors, members, partners, staff, users, and volunteers. We respect and protect the privacy of visitors to our website, www.hiifoundation.org, and the other websites under the hiifoundation.org, hiifound.org, and hii.foundation domains (collectively, the “Sites”), and our members who use our personally controlled identity system, software products, web services, application programming interfaces (APIs), software development kits (SDKs), tools, and related services (together with the Sites, the “Infrastructure”). We ask that you read it carefully.
This Global Privacy Policy (“Policy”) explains how we collect, use, disclose, and protect visitors’ and users’ information as part of the Infrastructure. Any discussion of your use of the Infrastructure in this Policy is meant to include your visits and other interactions with the Sites and Infrastructure, whether or not you are a user of hii’s personally controlled identity system and software products. If you are a resident of the European Union, European Economic Area, United Kingdom, or Switzerland, please read in addition to this Policy our EU & Swiss Privacy Policy for further information about our data collection practices and your rights.
In this Policy, "hii" refers to hii staff, trustees, officers, attorneys, interns, volunteers, and consultants, all of whom are bound by law or contract to keep confidential information they receive as part of their assistance to hii.
When we refer to “hii,” “we,” “our,” or “us” in this Policy, we are referring to hii, and its subsidiaries and affiliates, as the “controller” (and/or a “business” or “organization” under the CCPA) or the equivalent legal construct under applicable law of the information we process when you visit our websites, use the Infrastructure, and/or we interact with you through our communication channels for business purposes. This Privacy Policy covers the digital properties listed herein.
Capitalized terms that are not defined in this Policy have the meaning given them in our Terms of Use including any relevant agreement, policy, or addendum incorporated therein and any amendments or modifications thereto.
It is important to note that where hii handles Personal Information on behalf of or at the direction of its members through their use of our Services, hii is the “processor” (and/or “service provider” under the CCPA) or the equivalent legal construct under applicable law of that data and hii’s use, processing, and handling of such data is done pursuant to the written instructions of its members in the form of the Terms of Service, Data Processing Addendum, and/or any similar written agreement between the parties. In these cases, our use of information collected through our Services shall be limited to the purpose of providing and operating the Services for our members. As used herein, the “Infrastructure” refers to the applications, services, and websites (communications and product) provided by hii. hii may, from time-to-time, introduce new products and services. To the extent that any new products and/or services affect this Privacy Policy, we will notify you as further described in Section 14 below.
If you have any questions about this privacy policy or our practices, please contact us. If you are in the European Union, you may contact our Data Protection Officer through this same email address.
In this Policy, “Personal Information” means any information relating to an identifiable natural person. hii does not sell or rent contributor, donor, member, partner, staff, volunteer, or website visitor information under any circumstances, and we do not share contributor, donor, member, partner, staff, volunteer, or website visitor information without prior consent except as compelled by law. This restriction applies to contributors, donors, members, partners, staff, and volunteers who join hii in any capacity or donate to hii both online and offline.
Personal Information does not include data or information collected, derived, or otherwise generated from the use of the Infrastructure, provided that such data has been anonymized, de-identified, and/or aggregated so as not to identify or permit the identification of any individual (“De-identified Data”), De-identified Data helps us understand trends in usage of the Infrastructure so that we can better consider new features or otherwise tailor the Infrastructure. In addition to collecting and using De-identified Data ourselves, we may share De-identified Data with third parties, including our members, partners and service providers, for various purposes, including to help us better understand our members’ needs and improve the Infrastructure as well as for communications purposes.
When you register for the Infrastructure, we may ask for Personal Information such as your name, email address, credit card or other billing information. You may also provide at your own discretion certain related information like your personal website name, social media websites, and other personal information which will be stored within your secure Personal Data Store. Additionally, as you utilize the Infrastructure to authenticate various aspects of your identity, the software continuously saves changes made by you within your secure Personal Data Store. All information within your secure Personal Data Store is encrypted at rest and can only be accessed by you.
We may also retain the contents of any messages you send to us or through the Infrastructure, and we may collect information you provide in Web Forms that you post or upload to the Infrastructure to the extent required or permitted under applicable law.
hii may use Personal Information you provided to operate, improve upon, and personalize the Infrastructure, for billing identification and authentication, to contact you about the Infrastructure and your use of the Infrastructure, to support your use of the Infrastructure, to send messages to which you have subscribed (for example, our newsletter), for research purposes, and to generally improve the content and functionality of the Infrastructure.
Additionally, we may use Personal Information of our Sites’ visitors, Members, and their End Users for fraud prevention, to analyze Site usage and Infrastructure improvement, for internal research, troubleshooting problems, to enforce our Terms of Use, and as otherwise set forth in this Policy.
Note that we will never email you to ask for your account information. If you ever receive such an email, please forward it to privacy@hiifoundation.org. For more information about our procedures in this regard, please review our Terms of Use.
We use financial information solely as authorized by you. While hii does not store your credit card information and will use commercially reasonable efforts to ensure the security of all credit card and all other Personal Information, we expressly disclaim any liability for any unauthorized access to or use of our secure servers and/or any and all personal and/or financial information stored therein, and you agree to hold hii harmless for any damages that may result therefrom.
We may now or in the future receive Personal Information about you from third parties. For example, if you access the Infrastructure through a third-party connection or log-in or connect an application to hii, that third party you connected with may pass certain information about your use of its service to hii. This information could include, but is not limited to, the user ID associated with your account, an access token necessary to access that service, any information that you have permitted the third party to share with us, and any information you have made public in connection with that third-party service. You should always review, and if necessary, adjust your privacy settings on third-party websites and services before linking or connecting them to the Infrastructure.
hii will only transfer your Personal Information at your request, and with your consent, for use by third parties to authenticate your identity or group eligibility, and as required for the provision of the Services which hii is designed to provide as defined in the Terms of Use (the “Infrastructure”) and the prevention of fraud. hii has built rigorous security and privacy requirements into our technology from its inception. We are an ethical steward of your Personal Information and are committed to supporting the following principles:
It is important to note that where hii handles Personal Information on behalf of or at the direction of its members through their use of the Infrastructure, hii is the “processor” (and/or “service provider” under the CCPA) or the equivalent legal construct under applicable law of that data and hii’s use, processing, and handling of such data is done pursuant to the written instructions of its members in the form of the Terms of Use, Data Processing Addendum, and/or any similar written agreement between the parties. In these cases, our use of information collected through the Infrastructure shall be limited to the purpose of providing and operating the Infrastructure for our members.
hii may also provide Personal Information to its third-party service providers (such as its credit card processors and hosting partners) as necessary to provide the necessary hardware, software, networking, storage, and other services we use to operate the Infrastructure. We do not permit our service providers to use Personal Information we provide to them for any purpose other than providing their services to us. We execute the legally required data processing addenda with all of our service providers.
To facilitate the exchange of data between third-party SaaS applications, we may need to store certain information (“App Credentials”) that helps us access these third-party SaaS application accounts on your behalf. We store your App Credentials in an encrypted form.
When we access these third-party applications on your behalf, the third-party application provides us with access to certain data. We will use, store, and disclose this data in accordance with this Policy.
You should note that hii shall have no liability or responsibility for the privacy practices or other actions of any third-party applications for which you provide us with App Credentials.
We collect certain technical information from our End Users. This information includes Internet Protocol (IP) addresses; the date/time a webpage or feature is accessed; the user agent string that identifies the browser or operating system to the server; installed fonts; mime-types; browser language and time zone; Silverlight data; installed plugins; HTTP headers; and screen resolution.
hii uses this information to monitor the volume of our website traffic. We use this technical information for our own security and analytical purposes, such as to measure how many Members are using the Infrastructure. Lastly, we may use this information to create separate analytics products that we offer to Members — provided that analytics products would only utilize De-Identified Data — to help Members understand how theInfrastructure is being used and to provide other measurement metrics.
We may be required to disclose Personal Information to respond to subpoenas, court orders, and law enforcement or governmental requests or investigations, or to establish or exercise our legal rights or defend against legal claims. We may also share Personal Information if we believe it is necessary in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations or our Terms of Use, or as otherwise required by law.
We use or may use information collected by cookies, log files, device identifiers, and clear GIFs information to:
For more information about cookies, please see hii’s Cookie Policy.
We will only provide Personal Information to members of the hii team, including our Affiliates, with your express permission as stated herein.
The Infrastructure contains links to websites and applications other than the Infrastructure, including websites and applications operated by affiliates and other third parties. This Policy applies only to information collected by the Infrastructure.
hii does not endorse and is not responsible for the practices of third parties or their websites or applications. We do not determine and are not responsible for the privacy practices or the content of websites or applications operated by third parties. Your browsing and interaction on any third-party website or service, including those that have a link on our website, are subject to that third party’s own rules and policies.
We are not responsible for and we do not control any third parties that you authorize to access your Personal Information. If you are using a third-party website or service and you allow such a third-party access to your Personal Information, you do so at your own risk.
The Infrastructure offers publicly accessible blogs and community forums. If you elect to post something in a public area of the Infrastructure, any Personal Information or content that you voluntarily disclose for posting to the Infrastructure, becomes available to the public, as controlled by any applicable privacy settings. If you remove information that you posted to the Infrastructure, copies may remain viewable in cached and archived pages of the Infrastructure, or if other users have copied or saved that information.
To request removal of your Personal Information from our blog or community forum, contact us at contact@hiifoundation.org. In some cases, we may not be able to remove all of your Personal Information.
From time to time, we may post Member testimonials on the Sites which may contain Personal Information. We will always obtain your consent prior to posting any Personal Information included in your testimonial(s).
hii is committed to ensuring the security of your Personal Information. All information within your secure Personal Data Store is encrypted at rest and can only be accessed by you. We use what we determine to be the best available technological, physical, and administrative security safeguards, such as public key encryption (PKE), firewalls, and carefully developed security features, to protect the confidentiality and security of your Personal Information on the Infrastructure. When you enter confidential information (such as information submitted from within the Infrastructure) we encrypt the transmission of that information using PKE and secure socket layer technology (SSL). HTTPS is enabled by default on all of our web services, and certificates are refreshed on a regular basis. These technologies, procedures, and other measures are used in an effort to ensure that your data is safe, secure, and only available to you and to those you authorized to access your data. However, no internet, email, or other electronic transmission is ever fully secure or error-free, so you should take care in deciding what information you send to us in this way. hii is not responsible for the functionality or security measures of any third party.
As hii is based in the United States, we may host, transfer, and process your Personal Information in the United States or countries other than the United States. hii uses a variety of safeguards, including contractual and technical measures, to protect the Personal Information and data we transfer. hii will ensure that any of our service providers, processors, or third parties will undergo a comprehensive privacy vetting process prior to providing them your Personal Information.
If you are located in the United Kingdom (“UK”), European Union (“EU”), European Economic Area (“EEA”) or Switzerland, please see hii’s EU & Swiss Privacy Policy. hii is seeking certification under the EU-US and Swiss-US Data Privacy Framework as well as the UK Extension to the EU-US Data Privacy Framework. hii is committed to complying with the Data Privacy Framework’s Principles. If you would like to submit a dispute under the Data Privacy Framework you may do so by following the instructions found here.
We process and store information on behalf of our users and members. You may decline to submit any Personal Information through the Infrastructure; in which case we may not be able to provide certain services to you.
If you are a hii user or member and would like to opt out of marketing communications from hii, please go to https://hiifoundation.org/dashboard/unsubscribe.
Please refer to your mobile device or browser’s technical information for instructions on how to delete and disable cookies, and other tracking / recording tools. Note that disabling cookies on your mobile device or browser may prevent us or our business partners from tracking your browser’s activities in relation to the Infrastructure. However, doing so may disable many of the features available through the Infrastructure. You may opt-out individually for third-party vendors on their websites, but limitations on data sharing may make it difficult or impossible to provide the Infrastructure after an opt-out. You may also opt out of interest-based advertising provided by participating ad servers through the Digital Advertising Alliance (http://optout.aboutads.info/), the Network Advertising Initiative (http://optout.networkadvertising.org/?c=1), or the European Interactive Digital Advertising Alliance (http://www.youronlinechoices.eu).
California consumers may use the Digital Advertising Alliance’s tool to send requests under the California Consumer Privacy Act (“CCPA”) for a web browser to opt out of the sale of Personal Information by some or all of that framework’s participating companies by accessing the DAA’s tool here: https://www.privacyrights.info/, or by downloading the DAA’s AppChoices mobile application opt-out here:https://www.privacyrights.info/appchoices.
The AppChoices app is not limited to opt-outs for CCPA purposes and may be used by anyone to limit the collection of cross-app data for interest-based advertising purposes by participating DAA member companies.
Users and Members may update, delete, or change your Personal Information you have provided hii by logging in to the Infrastructure via your hii app and providing such additional information or deleting such information where applicable. If you are not a User or Member and would like to gain access to, or request deletion of, information we have collected, please contact us at connect@hiifoundation.com. We will provide a response in accordance with applicable parameters in a commercially reasonable amount of time.
hii will retain Personal Information we process on your behalf for as long as necessary to provide the Infrastructure to you, subject to our compliance with this Policy, or as required or permitted under applicable law. We may further retain and process Personal Information as necessary to comply with our legal obligations; maintain accurate accounting, financial, and other operational records; resolve disputes; and enforce our agreements. We have established internal policies for the deletion of Personal Information following the termination of your Account.
hii does not knowingly collect any Personal Information from children under the digital age of consent (13 in the United States, 16 in the EU). If you are under the age of 13 (or the applicable digital age of consent), please do not submit any Personal Information through the Infrastructure. We encourage parents and legal guardians to monitor their children’s internet usage and to help enforce our Policy by instructing their children never to provide Personal Information on the Infrastructure. If you have reason to believe that a child under the age of 13 (or the applicable digital age of consent) has provided Personal Information to hii through the Infrastructure, please contact us, and we will delete that Personal Information from our databases without delay.
This section applies only to California residents. Pursuant to the California Consumer Privacy Act of 2018 (“CCPA”), below is a summary of the Personal Information categories, as identified and defined by the CCPA (see California Civil Code section 1798.140 (o)), that we collect, the reason we collect your Personal Information, where we obtain the Personal Information, and the third parties with whom we may share your Personal Information.
We generally collect the following categories of Personal Information about you when you use our Site or services:
We generally do not collect education-related or biometric information, geolocation information, or inferences about your preferences, characteristics, behavior and attitudes. For more information about the Personal Information we collect and how we collect it, please refer to Sections 1 and 2, above.
We collect your Personal Information for the business purposes described in Section 2, above. The CCPA defines a “business purpose” as the use of Personal Information for the business’s operational purposes, or other notified purposes, provided the use of Personal Information is reasonably necessary and proportionate to achieve the operational purpose for which the Personal Information was collected or another operational purpose that is compatible with the context in which the Personal Information was collected.
The categories of third parties with whom we may share your Personal Information are listed in Section 2, above.
Residents of certain US states, including but not limited to California, Colorado, Connecticut, Virginia, and Utah, may have additional rights in relation to their Personal Information. However, these rights may be subject to certain exceptions. For instance, we may be unable to disclose specific pieces of Personal Information if the disclosure would create a substantial, articulable, and unreasonable risk to the security of Personal Information, your Account with us, or the security of our network systems. Your rights may include:
To assert your right to know or your right to delete your Personal Information, please contact us according to the “Contact Us” section below. To verify your identity, we will rely upon the Infrastructure as that is its purpose, and the sole method available to us for identity verification purposes.
California consumers may also use the Digital Advertising Alliance’s tool to send requests under the California Consumer Privacy Act (“CCPA”) for a web browser to opt out of the sale of personal information by some or all of that framework’s participating companies by accessing the DAA’s tool here: https://www.privacyrights.info/, or by downloading the DAA’s AppChoices mobile application opt-out here: https://www.privacyrights.info/appchoices.
The AppChoices app is not limited to opt-outs for CCPA purposes and may be used by anyone to limit the collection of cross-app data for interest-based advertising purposes by participating DAA member companies.
In addition, under California Civil Code Sections 1798.83–1798.84, California residents are entitled to ask us for a notice identifying the categories of Personal Information which we share with our affiliates and/or third parties, and providing contact information for such affiliates and/or third parties.
If you are a California resident and would like a copy of this notice, please submit a written request to privacy@hiifoundation.org or to:
hii Foundation
8 The Green, Suite B
Dover, DE 19901
We reserve the right to modify, update, or change this Policy from time to time in the usual course of operations, so we encourage you to review this page periodically. Notwithstanding, when we change this Policy in a material manner, we will update the effective date at the top of this page and provide you with reasonable advance notice before the updates to this Policy become effective. hii may provide such notifications to you via email notice, written or hard copy notice, and/or through posting of such notice on the Infrastructure. We reserve the right to determine the form and means of providing notifications to you. You may be required to click-to-accept or otherwise agree to the updated Policy, but in any event your continued use or access of the Infrastructure after the effective date of the updated Policy shall constitute your agreement to the updated Policy. The Policy will be effective as of the date specified in the effective date at the top of this page, and will apply to your use of the Infrastructure from that point forward. If we update this Policy in a non-material manner after the effective date, we will update the last modified date at the top of this page. If you choose not to agree to this Policy or any future updated Policy, you may not use or access (and must discontinue any use or access to) the Infrastructure. hii is not responsible for any automatic filtering you or your network provider may apply to email notifications we send to the email address you provide us.
If you have questions regarding this Policy or about the privacy practices of hii, please contact us by email at privacy@hiifoundation.org, or at:
hii Foundation
8 The Green, Suite B
Dover, DE 19901
