Privacy Policy
At Next Hat, we respect customers' need for privacy. We offer our Sites and Services (defined below) to customers and users either directly or via a reseller. Where we refer to our “Customers” in this Privacy Notice, we refer to customers that have entered into an agreement with us or our resellers to use the Services (each, an “Agreement“). Each Customers' respective website users or applicable visitors are referred to as their “End Users.”
By using or accessing our Sites and Services in any manner, you accept the practices and policies outlined in this Privacy Notice and you acknowledge that we may process and share your information.
About Next Hat Products and Services
Next Hat is a cloud for deploying and scaling applications. Our Developer Experience Platform and Managed Infrastructure services provide Customers the ability to build applications and create, share and collaborate on deployments. Customers can preview changes, make Customer content immediately available through our global Edge Network, and test from the perspective of its End Users around the world.
Next Hat offers tools, workflows, and infrastructure products that Customers need to build and deploy their websites and applications. We may provide relevant privacy-specific information about our products and services in our Documentation.
Applicability
This Privacy Notice ("Notice") explains Next Hat's practices regarding the collection, use, disclosure, and processing of your information; the rights and choices you may have with respect to such information; how you may contact us; and how we protect your information when you:
-
Visit Next Hat's websites, such as: next-hat.com and other Next Hat affiliated websites, such as blogs, event registrations, community discussions, forums, and social media platforms (collectively our "Sites");
-
Access or use the products, services, and any related applications offered by Next Hat, engage directly with us, or use third-party partners, products, professional services, or interfaces that employ Next Hat technology, including our web-based platform, (collectively, the "Services") as a Customer or authorized user, including but not limited to:
- Host and deploy websites;
- Optimize content and images;
- Develop an integration or template;
- Purchase a domain;
- Analyze website performance, track website traffic and metrics;
- Scan source code for potential code issues;
-
Interact with us in any way, including registering for, attending, or otherwise partaking in our events, accelerators, learning portals, or webinars (collectively, "Marketing Activities").
This Privacy Notice does not apply to:
- Any information that Customers process to provide their services to End Users. Customers are solely responsible for ensuring compliance with all applicable laws and regulations with respect to their End Users, including notifying their End Users of their personal information collection, use, and disclosure under their own terms of service and privacy policies. If your personal information is contained in Customer Content (defined below) and you have any questions about the specific settings and privacy practices the relevant Customer has made to share your personal information with us, please contact the relevant Customer directly or review their privacy notice.
- Third-party products, services, businesses, or any software accessible via the Service or that integrates with the Service. If you have any questions about the specific settings and privacy practices of such third parties, please contact the relevant third-party product, service, or business to review its privacy notice.
- Job applicants. To learn more about our privacy practices related to personal information collected and used for recruiting purposes, please see our Job Applicant Privacy Notice.
Information We Collect
The information that we collect depends on your interactions with us, the choices that you make, the products and features you use, your location, and applicable laws. We may collect or receive information directly from you, such as your name and email address when you or your organization sign up for our Services or Marketing Activities. In other cases, we receive information through your use of our Services, such as IP address and telemetry data.
Information You Provide Directly
We collect the following information directly from you when using our Sites and Services.
- Contact Information. We collect your contact information when you use, inquire about, or purchase our Services or engage in our Marketing Activities. This information may include your full name, email address, phone number, and location.
- Professional Information. We collect professional information about you, including your company name, company website, job title, and industry.
- Account Information. We collect information you provide to us to create, update, or administer your account on the Sites & Services, such as email, phone number, and username. We also provide you the option of submitting a profile picture and social media profiles. By voluntarily providing us with such account information, you represent that you are the owner of such information or have the requisite consent to provide it to us.
- Transactional Information. We collect payment and other transactional information related to our Services, such as hashed payment card values and billing address.
- Domain Registration Information. We collect registration data when you purchase a domain, such as domain name and registrant contact information. This data may be made publicly available per ICANN policies.
- User Content and File Information. We collect your website information that you upload, post, deliver, or otherwise provide to the Service, such as source code, text, photographs, document, or other files including videos or recordings (collectively, “Customer Content”), Git information, and other files that you provide us.
- AI Product Information. We collect information when you interact with certain features or Services related to our AI products, such as user chat prompts, uploaded images, design or text generations. Please see our AI Policy for more information on the development, deployment, and usage of our AI products and features.
- Marketing Information. When you engage and interact with our Marketing Activities or one of our sales or customer support representatives we collect information, including through form submissions, surveys, email communications, or phone calls to inquire about Next Hat and our Services, such as the nature of your communication, contact preferences, and any information you choose to provide to us when completing any “free text” boxes.
- Image and Audio Information. We may collect your image or audio recordings. If you contact us by phone or video, we may record those calls. If you attend an event hosted or sponsored by Next Hat, we may capture your image and/or voice in any video, photograph, or audio recording taken at the event. For more information, please see our Event Terms and Conditions.
- Troubleshooting and Support Information. We collect information about your account preferences or information you provide when you contact us for support, such as the solution you use, the content of chats and other communications with Next Hat, and other details that help us provide support or comply with legal obligations. Support information includes content of a message or attachments that you send to us.
- Social Media Information. Our Sites and Services may use social media features, such as the “X” button and other sharing widgets. Next Hat is not responsible for how these social media features collect, process, and disclose your information so we encourage you to review the social media platforms' privacy policies.
- Any Information You Voluntarily Provide to Us. For example, when you provide feedback on your experience with our Services or join a public discussion forum as part of our Marketing Activities.
Information We Collect from Third Parties
We receive information about Customers from third parties or Next Hat partners that provide services or support our business operations. We limit our use of your information to the purposes described in this Notice. Information that we receive from third parties includes:
- Organization Information. We collect information from referral partners, such as company name, contact name, job title, and company address.
- Transaction Information. We collect information from our payment providers and partners, such as fraud metrics (i.e., financial risk scores) and details about failed payments.
Information We Collect from Customers
We receive information from our Customers about their authorized users (i.e., account holders) and their End Users when they interact with our Customers' websites, web applications, and APIs. Information that we receive from our Customers includes:
- Contact Information. We collect information when a Customer adds you to their account and/or designates you as an authorized user, such as name, email address, and username.
- Website Information. We collect information about traffic to and from Customers' websites, such as End User IP address, location information derived from IP address, and system configuration information.
Customers are responsible for the content transmitted across our network (e.g., images, written content, graphics, runtime logs, etc.), any personal information they process, and following acceptable behavior practices when using our Services. For more information about Next Hat's shared responsibility model, please see our Documentation.
Information We Collect Automatically
When you use or interact with our Sites and Services, we automatically collect or receive certain information about you, your device, and your usage of our Site and Services. This information includes:
- Usage Information. We collect information about how you interact with our Sites, Marketing Activities, and Services, such as clicks, pages viewed, searches, web browser used, page response times, errors, date/timestamps associated with your usage, request information (e.g., speed, frequency, the site from which you linked to us (“referring page”), and the name of the website you choose to visit immediately after ours (“exit page”), the amount of time spent on our Sites, and information about other websites you have recently visited.
- Device Information. We collect information about how your devices interact with our Sites, Marketing Activities, and Services, such as browser type and settings, device details (e.g., device type, screen size, operating system, model, model number), language preferences, Internet Service Provider, mobile network, push notification tokens, and device event information (e.g., system activity and hardware settings, application version, and unique device identifiers, such as device ID).
- Service-Generated Information. We collect and use information generated from using our Services and Sites, such as log files, Internet Protocol (IP) address, location information derived from your IP address, proxy server, diagnostics, capacity and usage information to determine storage requirements, performance information from our servers, data settings, and system configurations, including your elected privacy and security settings.
- Location Information. We collect Customers' and End Users' city and country based on IP address. We do not identify precise location.
- Telemetry Information. We collect anonymized statistical and telemetry information as well as aggregated, de-identified information about how you use our Sites and Services.
- API Information. We collect functional data and customer-initiated events (i.e., authentication token, database URL, etc.) from Third-Party Services that connect or integrate with Next Hat's Services.
- Cookies. We collect information from your browser by using cookies (which may use a cookie ID) and similar tracking technologies, depending on your settings or preferences in connection with our Sites, Marketing Activities, and Services. Where required by applicable law, we obtain your consent for the use of cookies. You may choose to delete or not accept our cookies as described in our Cookie Notice.
From time to time, except as restricted by applicable law or our data processing addendums with our customers, we may combine information that we collect as described above with information we obtain from different sources. For example, we may combine information entered through a Next Hat sales submission with information we receive from a third-party sales intelligence platform to enhance our ability to market our Services to potential Customers. We may combine usage information with feedback to improve our Services or inform Customers about products that may be relevant to them.
How We Use Information
We use your information as described in this Notice to provide our Sites and Services. For example, we may use your information in the following ways:
- Service Operation: To operate and administer our Sites and provide, operate, deliver, monitor, and maintain our Services, including troubleshooting, system maintenance and upgrades.
- Product Development and Improvement: To improve functionality, quality, user experience, and develop new features.
- Support: To provide Customer assistance and technical support, such as responding to your requests and inquiries. Next Hat personnel are prohibited from viewing Customer Content, except when instructed by you, as necessary to resolve Customer support issues, or for security, Services integrity, or legal purposes.
- Communication: To send you marketing and administrative messages, such as technical or legal notices, invoices, product updates, surveys, security alerts, marketing promotions, newsletters, training, event reminders, and/or provide other news or information about Next Hat and/or our partners. Please see Your Privacy Choices and Rights to learn how to manage your communication preferences.
- Account Administration: To create and manage your account, complete transactions, and send billing, tax and other administrative information, such as purchase confirmations, receipts, and invoices.
- Marketing Activities: To develop and improve our Marketing Activities, such as to review and analyze trends, usage, and interactions with our Services, Site, and to personalize and improve our Marketing Activities. We may also use your information to provide you with content and/or features that match your interests and preferences.
- Security: To detect, investigate, prevent, protect against and respond to potential threats, fraudulent transactions, unauthorized access, and other malicious, deceptive, fraudulent, or illegal activity.
- Legal, Safety, and Compliance: To comply with applicable laws and regulations or a court or legal order, and to review compliance with applicable terms.
- For Any Other Purposes with Your Consent.
How We Retain Your Information
We retain your information for the minimum necessary period to fulfill our legal and contractual obligations, develop our Sites and Services, resolve disputes, enforce our rights, for legitimate business purposes, such as tax or accounting requirements, as described in this Notice and as recommended by industry standards.
When we no longer have an ongoing legitimate business need to process your information, we will either delete or anonymize it. When we choose to anonymize information, we strive to make sure that the information cannot be linked back to you or any specific user. If deletion is not possible (e.g., backups), we will store it securely.
How We Disclose Information
We disclose information as necessary to provide the Sites and Services, as required by law, or as part of our business practices as follows. We only disclose information on a need-to-know basis where appropriate safeguards and contractual arrangements are in place and as described below.
- Corporate Affiliates. We may share or transfer information to any person or entity which directly or indirectly controls, is controlled by or is under common control with Next Hat, whether by ownership or otherwise (“Corporate Affiliate”). Any information relating to you that we provide to our Corporate Affiliates will be treated by those Corporate Affiliates in accordance with the terms of this Notice.
- New Owner and Other Corporate Transactions. We may disclose or transfer your information to relevant third parties in the event of, or as part of the due diligence or during negotiations of, any proposed or actual reorganization, sale, merger, consolidation, joint venture, assignment, transfer, or other disposition of all or part of our business, assets, or stock (including in connection with any bankruptcy or similar proceeding). Personal information may be part of the transferred assets. You may be notified thereafter of any such change in ownership or control through email or other means as applicable.
- Next Hat Customers. We disclose information with our Customers when using our Services, in accordance with our contractual obligations. For example, if you join a Next Hat Customer team within our Services, certain information about you including your name, contact information, and profile image may become accessible to that Customer and other individuals with whom the Customer shares access. If you are a Customer managing authorized users within our Services, such as an account administrator or team owner, we may share authorized user information for the purpose of facilitating Services-related requests.
- Next Hat Partners and Event Sponsors. We engage with several partners, such as third-party advertising networks, integration service partners, event sponsors, and resellers. We may share information with them to provide and support our Services, and to conduct our Marketing Activities.
- Third-Party Service Providers. We disclose information with third-party service providers that require access to information to support our operations and delivery of our Sites and Services. The third parties that Next Hat discloses your information with may include:
- Professional services advisors to protect and manage our business interests.
- Cloud providers to provide data hosting, data storage and content delivery network services.
- Billing and payment providers to authorize, record, settle and clear transactions.
- Customer support providers to respond and resolve Customer inquiries and support requests.
- Security, abuse, and fraud service providers to monitor and protect the Services and Customers from illegal, deceptive, or malicious activity.
- Domain registrars, registries and other domain name service providers for the purposes of domain registration and listing via the WHOIS protocol.
- Corporate and information technology services to facilitate business operations and communications.
- Analytics companies to review and report on our Marketing Activities and Services.
- Any other suppliers, sub-contractors, partners, vendors, and other service providers acting on our behalf.
These service providers are authorized to use your information only as necessary to provide Services to Next Hat. We may use and disclose aggregate information that does not identify or otherwise relate to an individual for any purpose unless we are prohibited from doing so under applicable law.
- Legal or Public Authorities. We only disclose your information when:
- It is reasonably necessary to comply with any applicable law or regulation;
- We are required by law to comply or respond to any court order, legal process, government and/or regulatory request;
- Necessary to enforce our agreements and this Notice;
- Necessary to protect the security or integrity of our Sites and Services;
- Necessary to protect against harm to the rights, property, or safety of Next Hat, its agents and affiliates, you, or the public as required or permitted by law; and
- Necessary to respond to an emergency which we believe in good faith requires us to disclose information to assist in preventing the death or serious bodily injury of any person.
- Any Other Party with Your Consent. We may disclose your information with other third parties with your consent.
How We Secure Your Information
We use reasonable and appropriate administrative, technical, and physical safeguards designed to protect the information that we have about you from unauthorized or unlawful access, use, modification, destruction, loss, alteration and/or disclosure.
We require third parties acting on our behalf or with whom we disclose your information to provide security measures in accordance with industry standards and in compliance with contractual obligations, their privacy and security obligations, and any other appropriate confidentiality and security measures. We are not responsible for the privacy and security practices of such third parties outside of the information we receive from or disclose to them.
Notwithstanding our security safeguards, it is impossible to guarantee absolute security in all situations. For information on our shared responsibility model with Customers, please see our Documentation.
If you have any questions about the security of our Sites and Services, please contact us as provided in Contact Us.
Third-Party Services
Our Sites and Services may contain links to or integrations with other websites or applications not operated or controlled by Next Hat (“Third-Party Services”). Certain Third-Party Services used to navigate to and from our Sites and Services have separate user terms and privacy notices that are independent of this Notice. We are not responsible for the content, accuracy, or opinions expressed in such Third-Party Services. We do not monitor or check these Third-Party Services for accuracy or completeness. We recommend carefully reviewing the terms and privacy notices of each Third-Party Service prior to use in alignment with your specific compliance, privacy, and security requirements.
How We Transfer Your Information
If you are accessing or using our Sites and Services or otherwise providing your information to us, you consent to the processing of your information in the United States and other jurisdictions in which we operate.
To provide our Sites and Services, Next Hat may store, process and transmit your information outside of your country of residence, which may have different data protection laws and may not offer the same level of protection or guarantees as in your country or the country where you initially provided the information. To the extent required by applicable law, whenever we transfer your information, we take the appropriate steps to protect your information, including the use of standard contractual clauses or other appropriate legal mechanisms.
Data Privacy Framework
Next Hat complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and, upon entering into force, the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Next Hat has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Next Hat has certified to the U.S. Department of Commerce that, upon entering into force, it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this Notice and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit the Data Privacy Framework website.
In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Next Hat commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU, UK, and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, should first contact us at [email protected].
For transfers of personal information to a third party acting as a controller, Next Hat complies with the DPF Notice Principle and Choice Principle. For onward transfers, Next Hat is responsible for the processing of personal information it receives under the DPF Principles and subsequently transfers to a third party acting as an agent on its behalf. Next Hat remains liable under the DPF Principles if its agent processes such personal information in a manner inconsistent with the DPF Principles, unless Next Hat proves that it is not responsible for the event giving rise to the damage.
In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Next Hat commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs), the UK Information Commissioner's Office (ICO) and the Gibraltar Regulatory Authority (GRA), and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF.
The Federal Trade Commission has jurisdiction over Next Hat's compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF).
In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Next Hat is obligated to arbitrate claims and follow the terms as set forth in Annex I of the DPF Principles. You have the possibility, under certain conditions, to invoke binding arbitration for complaints regarding DPF compliance not resolved by any of the other DPF mechanisms. For additional information please see Annex I.
Your Privacy Rights and Choices
You have certain choices and rights available when it comes to how we collect and use your information. Below is a summary of those choices and rights and how to exercise them:
- Opt-out of Marketing Communications. You may opt-out of receiving marketing communications by clicking the “Unsubscribe” link within each email or by contacting us as provided in Contact Us. If you are a Customer, you will continue to receive transactional and administrative communications from us regarding our Sites and Services.
- Account Preferences. You may update and correct certain account information at any time by logging into your account or contacting our support services. If you wish to delete your account, please follow the instructions in our Documentation. You may also update certain communication preferences, such as receiving SMS notifications, by logging into your account. We may retain certain information as described in How We Retain Information.
- Managing Cookies and Other Tracking Technologies. Relevant browser-based cookie controls are described in our Cookie Notice.
Depending on where you are located, you may have certain rights in connection with your personal information that we obtain. These rights vary depending on your jurisdiction. To learn more about your rights, please see Jurisdiction-Specific Information.
Minimum Age Requirements for Our Sites and Services
The Sites and Services are not directed or intended for use by individuals under the age of 16. To use Next Hat's Sites and Services, you must be old enough to consent to the processing of your information in your jurisdiction. We do not knowingly collect personal information from anyone under the age of 16. If you are a parent or guardian and you become aware that your child has provided us with personal information, please contact us. If we become aware that we have collected personal information from anyone under the age of 16 without verification or parental consent, we take steps to remove such information.
Changes to Our Privacy Notice
We periodically review and update this Notice to describe new Services or changes to our practices. You can determine when this Notice was last revised by referring to the “Last Update” date at the bottom of this Notice. We encourage you to review the Notice whenever you interact with us to stay informed about our privacy practices and the ways that you can help protect your privacy.
Contact Us
If you have questions about this Notice, please contact us at [email protected] or write to us:
Jurisdiction-Specific Information
United States
This section applies to individuals based in the U.S. and supplements our Privacy Notice with respect to the processing of your personal information in accordance with all applicable privacy and data protection laws and regulations and in each case, as amended, superseded, or replaced from time to time (“Data Privacy Laws”).
Data Collection, Use, and Disclosure
We act as a service provider to businesses (or equivalent terms as defined by U.S. Data Privacy Laws) when we collect and process personal information on behalf of our Customers who use our Sites and Services.
We collect the following categories of information as classified by Data Privacy Laws:
- Personal Identifiers. We collect your email address, billing address, login credentials, and IP address.
- Personal Information. We collect your contact information and billing address.
- Professional Information. We collect your company name and industry.
- Characteristics of Protected Classifications. When you communicate with us using your social media account, you may share with us, or direct others to share with us, your age, gender, and other protected information that we do not request.
- Commercial Information. We collect information about the Sites and Services you request and records of Services purchased.
- Internet or Other Network Activity Information. We collect browsing and search history, information collected from cookies and similar technologies, and analytics data.
- Geolocation Information. We collect location information of your city and country derived from IP address.
- Other Inferences Drawn from Personal Information. We draw inferences from the categories of information collected to understand a consumer's preferences, characteristics, or predispositions.
Please see Information We Collect in our Notice to see the full description of the information that we collect.
We use your personal information to:
- Interact with you;
- Facilitate transactions;
- Provide our Sites and Services;
- Conduct internal research and development;
- Improve the quality and safety of our Sites and Services; and
- Detect security incidents and prevent fraud.
We disclose your personal information collected with third-party service providers, such as suppliers, vendors, business partners, advertising partners, resellers and consultants to operate our business and provide you with our Sites and Services as well as help us with our Marketing Activities. These third parties may use tracking technologies, such as cookies, to gather information about your activities on our Site to deliver our Marketing Activities to you.
Under certain U.S. laws (e.g., California Consumer Privacy Act), “sharing” may refer to the targeting of advertising to a consumer based on that consumer's personal information received from the consumer's activity across websites. We may “share” your information for these purposes to provide more relevant and tailored advertising to you regarding our Sites and Services. Similarly, while we are not in the business of selling your information, under such laws and the broad definition of “sale,” we may “sell” your personal information relating to your browsing activities and our Marketing Activities.
Your Privacy Rights
U.S. Data Privacy Laws grant individuals certain rights in connection with the personal information that we collect, as described below.
- Right to Access. You have the right to request access and receive certain information that we have collected about you.
- Right to Know. You have the right to know the categories and specific pieces of your personal information we have collected in the previous 12 months.
- Right to Rectify or Update. You have the right to request correction of your personal information where it is inaccurate or incomplete. We generally recommend first making any changes in your Account Settings.
- Right to Delete or Limit. You have the right to request that we delete or limit the processing of your personal information.
- Right to Object. You have the right to object to our processing of your personal information as allowed by applicable laws.
- Right to Withdraw Consent. You have the right to withdraw consent where you have provided your consent for us to process your personal information.
- Right to Request Information. You have the right to request information about the collection, sale, and disclosure of your personal information from the previous 12 months.
- Right to Opt-out of the Sale of Information. You have the right to opt-out of the sale of personal information we have collected about you. Please complete this form to opt out.
- Right to Opt-out of the Sharing of Information for Cross-contextual Advertising Purposes. You may opt out of sharing data for cross-contextual advertising purposes by completing this form.
- Right to Non-Discrimination. You have the right to not receive discriminatory treatment for exercising any of your rights. We do not treat anyone differently for exercising any of the rights described above.
- Right to Data Portability. You have the right to request a copy of your personal information in a structured, commonly-used, machine-readable format to facilitate the transfer to another company when technically feasible.
Exercising Your Privacy Rights
You, or an authorized individual acting on your behalf, may submit a verifiable request relating to your personal information.
If you wish to exercise any of the above rights please contact us at [email protected]:
- To opt out of the sale or sharing of information.
- For any other rights listed above that apply to your jurisdiction.
We may need you to provide certain identifying information related to your account (i.e., user ID) or your recent interactions with us to verify your identity or the identity of any individual for whom you are requesting information. We cannot respond to your request if we cannot verify your identity and/or authority to make the request on behalf of another and confirm that the personal information relates to you.
If you wish to use an authorized agent to submit a request to exercise your rights on your behalf, you must provide the authorized agent written permission signed by you. We may deny a request from an authorized agent if the agent cannot provide Next Hat your signed permission demonstrating that the agent is authorized to act on your behalf.
We fulfill requests within 45 days of receiving your request. Please note that your request may be limited in certain cases, for example if complying with your request would conflict with:
- Federal, state, or local law;
- Regulatory inquiries;
- Subpoenas; or
- Exercising or defending legal claims.
EEA and UK
This section applies to individuals based in the EEA and UK and outlines the processing of your personal information under Data Privacy Laws, including the General Data Protection Regulation (“GDPR”).
Next Hat acts as a data controller for personal information that we collect about you while using our Sites, Services, or interacting with our Marketing Activities as described in this Notice. We act as a data processor on behalf of our Customers for the personal information contained in Customer Data.
This Notice does not apply to any personal information that we process as a data processor, as we only process that information on behalf of our Customers and in accordance with our agreements with them. A Customer that has entered into an agreement to use our Services (e.g., an individual or organization that uses our platform to deploy their websites) controls its instance of the Service and any associated data. If your personal information is contained in Customer Data, and you have any questions about the specific settings and privacy practices the relevant Customer has made to share your personal information with us, please contact the relevant Customer or review the Customer's privacy notice.
Data Collection, Use, and Disclosure
We collect and process personal information about you only where we have a legal basis for doing so under Data Privacy Laws. Our legal bases for processing personal information include:
- Your Consent. Where appropriate or legally required, we collect and use your personal information subject to your consent.
- Performance of Contract. We collect and use your personal information to contract with you or to perform a contract that you have with us.
- Legitimate Interests. We collect and use personal information about you for our legitimate interests to deliver content, optimize your experience, secure, and improve our Sites and Services.
- Compliance with Laws. We may also collect and use personal information about you:
- As required by law, such as to comply with a subpoena or similar legal process;
- When we believe in good faith that disclosure is necessary to protect our rights or property, protect your health and safety or the health and safety of others, investigate fraud, or respond to a government request; or
- If we participate in a merger, acquisition, or sale of all or a portion of its assets.
Your Privacy Rights
You have certain rights related to the personal information that we process when you use our Sites and Services. Some of these rights only apply in certain circumstances, as set out below.
EEA and UK Data Privacy Laws provide individuals with the following rights:
- Right of Access. You have the right to request access and receive certain information about how we use your personal information and with whom we share it.
- Right to Rectification. You have the right to request correction of your personal information where it is inaccurate or incomplete. We generally recommend first making any changes in your Account Settings.
- Right to Data Portability. You have the right to request a copy of your personal information in a structured, machine-readable format and to ask us to share this information with another entity.
- Right to Erasure. You have the right to request deletion of your personal information:
- Where you believe that it is no longer necessary for us to hold your personal information;
- Where we are processing your personal information based on legitimate interests and you object to such processing and we cannot demonstrate an overriding legitimate ground for the processing;
- Where you have provided your personal information to us with your consent and you wish to withdraw your consent and there is no other ground under which we can process your personal information; or
- Where you believe your personal information is being unlawfully processed by us.
- Right to Restriction of Processing. You have the right to ask us to stop any active processing of your personal information:
- Where you believe your personal information is inaccurate and while we verify accuracy;
- Where we want to erase your personal information as the processing is unlawful, but you want us to continue to store it;
- Where we no longer need your personal information for our processing, but you require us to retain the data for the establishment, exercise, or defense of legal claims; or
- Where you have objected to us processing your personal information based on our legitimate interests and we are considering your objection.
- Right to Object. You can object to our processing of your personal information based on our legitimate interests. We will no longer process your personal information unless we can demonstrate an overriding legitimate purpose.
- Objection to Marketing, Automated Decision Making, and Profiling. You have the right to object to our processing of personal information for marketing communications, automated decision making and profiling. We will stop processing your personal information for that purpose.
- Right to Withdraw Consent. You have the right to withdraw consent where you have provided your consent for us to process your personal information.
Exercising your Rights
You, or an authorized individual acting on your behalf, may submit a verifiable request to exercise your rights relating to the personal information that we process about you.
To exercise the rights above, please complete send a email to [email protected].
Depending on the Sites and Services provided, End Users seeking to access, correct, amend, or delete personal information should directly contact the Customer, who has transferred such data to us for processing (data controller), directly to fulfill any requests. If our Customer receives a data subject request and sends the request to us, we will respond to the Customer's request within the agreed timeframe outlined in our Customer agreements. The Customer is responsible for responding to data subject requests as determined under the applicable local data protection laws.
We may need to provide certain identifying information, related to your account (i.e., user ID) or your recent interactions with us to verify your identity, or the identity of any data subject for whom you are requesting information. We cannot respond to your request if we cannot verify your identity and/or authority to make the request on behalf of another and confirm that the personal information relates to you.
We will fulfill your request within 30 days of receipt. Please note that the above rights may be limited in the following situations:
- Where fulfilling your request would adversely affect other individuals, company trade secrets or intellectual property;
- Where there are overriding public interest reasons; or
- Where we are required by law to retain your personal information.
If you have unresolved concerns, we encourage you to come to us in the first instance, but you are entitled to address any grievance directly to the relevant Supervisory Authority. In certain instances, if you are an End User, we encourage you to reach out to the relevant Customer first to address any complaints.
Contact Us
If you have questions or to update or request changes to your personal information, please see Contact Us.
Additionally, Next Hat has appointed the European Data Protection Office (EDPO) as its GDPR representative in the EU and the EDPO UK Ltd as its UK GDPR representative in the UK. You can contact the EDPO regarding matters pertaining to the GDPR by completing the request form or writing to them:
- EEA. Avenue Huart Hamoir 71, 1030 Brussels, Belgium
- UK. 8 Northumberland Avenue, London WC2N 5BY, United Kingdom.