Privacy Policy

HELIXA INC PRIVACY POLICY

This privacy policy (“Privacy Policy”) has been implemented on behalf of Helixa Inc., Helixa SRL and the Telmar Group (the list of group entities is detailed below at Section 15, below) (collectively, referred to as “Helixa” or “we”, “us” and “our”). It is designed to help you understand the personal data (as described in Section 2, below) we collect from you, why we collect it, what we do with it and how you can update, manage, export and delete your personal data. In the event your personal data is shared within the Telmar Group (Helixa Inc., and Helixa SRL are subsidiaries of Telmar Parent Corporation), this is done so in accordance with Sections 5 and 9 of this Privacy Policy. If you have any questions or concerns about our use of your personal data, please do not hesitate to contact us at the contact details set out in Section 13 of this Privacy Policy.

Personal data is information that relates to an identified or identifiable individual, and it could be as simple as a name or a number, or could include other identifiers such as an IP address, a cookie identifier, or other factors.

We collect personal data in order to provide our services to you; maintain communications with you; and/or in order to comply with applicable law. Please note that if we have requested personal data from you and you decide that you do not want to share certain personal data with us, then this may prevent us from: (i) providing our services to you; or (ii) entering into a contract to provide services to you. In these circumstances we will ensure we notify you when reasonably possible to do so. 

We collect different types of personal data for different reasons, including:

• Customer Data: customer user names, email addresses, business contact details and passwords, with whom we communicate in order to provide our services and/or for general business management purposes.
• Support Data: in order to provide support services to customers that subscribe to Helixa’s services, we may process customer users’ names and  contact details to allow us to communicate and provide our support services to you.
• Website Data: when you visit our website (and certain other portals and third-party platforms), we or third parties may place certain cookies on your device related to the performance of these websites and portals and analytics tools. For further details, please see our Websites & Cookies Notice.
• Dataset Data: As part of the services we provide to our customers we may receive and process data provided by third parties under separate license agreements. These datasets we receive may include data that may or may not be regarded as personal data in some jurisdictions, such as provider IDs, Public Twitter Handles, or other identifiers. If we receive such data, we will not make this data available to customers (unless they are the data controller of such data) and customers will only receive aggregated summaries that do not allow reverse engineering to identify any individuals.
• Payment & Finance Data: we may collect and process credit card and/or corporate bank account details that may contain personal data and information we receive from a customer that is  used and processed for the sole purpose of receiving  payments. Helixa uses a third-party service provider to manage credit card processing: Stripe. This service provider is not permitted to store, retain, or use information you provide except for the sole purpose of credit card processing on our behalf. You may review Stripe’s privacy policy on their website (link: https://stripe.com/us/privacy).
• Marketing Data: in order to market to customers and potential customers, Helixa may collect and process names, contact details and marketing preferences in order to communicate with you.
• Recruitment Data: Helixa may also process personal data when you register for or apply for jobs either through third party recruitment agencies or portals or via Helixa’s website. In that case, the personal data that Helixa may process may include information that you provide, such as your name, mailing address, e-mail address, telephone number, fax number, and background information required to apply for a job. You will receive a privacy notice upon receipt of your application to Helixa setting out further details of how your personal data may be used.
• Biometric Data: to the extent permitted by applicable law, either with your consent or by notice where you attend our offices, we may collect and process  recordings of your voice and physical appearance obtained from recorded material collected via video conference or close circuit television (CCTV) that may identify you. 
• Any other data that you voluntarily provide to us. 

Most of the personal data we process about you is provided to us directly by you for one of the following reasons:

• when you contact us on our website;
• when you complete a registration form on our website;
• when you register for one of our webinars;
• when you attend a meeting or video conference, event or webinar that we host or attend;
• when you contact us via LinkedIn or Facebook;
• when you phone us;
• when you provide us with your details at an event;
• when you provide us with details in order to set up a contract for the provision of our services; and
• when you provide us with user details in order to set up user accounts to provide our services.

We may also receive personal data indirectly, from the following sources:

• from our dataset providers and data suppliers we partner with to provide our services. Although we do not specifically request personal data from such dataset and data providers, some of the data provided to us may in some cases and in some jurisdictions include personal data. Examples of this type of data includes but is not limited to IP addresses, User IDs, public Twitter handles, and geolocation information; 
• from our third-party lead generation providers in order for us to send marketing material to individuals: (i) that have consented to their details being shared with us and to receive marketing material; or (ii) where we have a legitimate interest in sending you our marketing material and our legitimate interest does not override your data protection interests or your fundamental rights and freedoms; and
• from our third party partners in order for us to send marketing material to individuals: (i) that have consented to their details being shared with us and to receive marketing material, or (ii) where we have a legitimate interest in sending you our marketing material and our legitimate interest does not override your data protection interests or your fundamental rights and freedoms.

We take reasonable measures to ensure that when we receive personal data indirectly: (i) the third party providing your personal data has the necessary lawful basis to share your personal data with us; and (ii) we use any such data in compliance with terms and conditions set out by the third party providing it to us. 

We use your personal data in order to, where applicable:

• respond to any questions or requests;
• communicate with you and provide any further information about our services;
• maintain a business relationship with you, particularly where you subscribe to Helixa’s services;
• undertake our contractual obligations to you, particularly where you subscribe to Helixa’s services;
• provide our services to you;
• provide you with service support;
• manage any complaints or claims relating to services you provide to us, or our services we provide to you;
• include you in webinars;
• subject to applicable law and your marketing preferences, undertake direct marketing, advertising and public relations activities, in connection with Helixa and the Telmar Group’s business activities, our packages and our services (including to make recommendations about our services, package updates, surveys, events and webinars), and to inform you about developments within Helixa and the Telmar Group;
• facilitate service improvement and development, to allow us to improve our packages and services or develop new packages and services for our customers;
• where necessary, comply with laws and regulations, under judicial authorisation, or to exercise or defend the legal rights of the Helixa group; and
• help us conduct our business more effectively and efficiently, or improve our packages and services.

In all circumstances we only use your personal data for the purpose it was collected unless we reasonably believe that we need to use such personal data for another, related purpose, and it is legally possible to do so. If we need to use your personal data for any other purpose we will notify you and let you know the lawful basis on which we propose to rely. 

We only share your personal data if it is necessary to do so in order to provide our services to you or enhance our relationship with you. Whenever we share your personal data with a third party provider we ensure that this is done so in accordance with applicable data protection laws by implementing appropriate measures to maintain the security and confidentiality of your personal data, and to ensure that your personal data is used in accordance with this Privacy Policy. We may share your personal data with the following categories of recipients:

• the Telmar Group, for details on the locations please see Section 15 below;
• third-party service providers that: (i) provide hosting services;  (ii) provide data processing services; or (iii) process personal data for other purposes detailed in this Privacy Policy. These include but are not limited to:
• IT service providers, for example Amazon Web Services and GSuite;
• professional advisors, for example insurers, lawyers and other applicable professional bodies;
• CRM service providers, for example Salesforce; and
• marketing service providers;
• to any law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary, for example to exercise, establish or defend our legal rights, or we are compelled to disclose such personal data to comply with the law;
• to a potential purchaser (and its agents and advisors) in connection with a proposed merger or acquisition of any part or all of our business, provided that the purchaser may not use your personal data for any purpose other than for the purposes detailed in this Privacy Policy; or
• to any other person you have consented to us to share personal data with.

In all circumstances that we share personal data with a third party we only do so to the extent that it is required for them to provide their services to us. At all times your personal data must be processed in accordance with (i) this Privacy Policy; and (ii) any additional data protection terms, incorporated into the agreement that we have with them, which are no less stringent than the protection afforded by this Privacy Policy.

Under the General Data Protection Regulation 2018 (“GDPR”), the lawful bases that we normally rely on for processing your personal data, detailed above, are:

• Consent. You are able to withdraw your consent at any time. You can do this by contacting privacy@telmar.com.
• Contractual Obligation. Where processing is necessary for the performance of our contractual obligations to you.
• Legitimate Interest. Where we have a legitimate interest in processing your personal data, if this is the case we will inform you of what our legitimate interest is at the time of collecting your personal data. 

We may need to process your personal data in order to comply with applicable laws, in these circumstances we have a legal obligation to process your data, but we will inform you if this is the case. 

In the unlikely event we store any Special Category Data (as defined by GDPR) the lawful basis for processing is determined by the category of personal data being processed. In the event this relates to Special Category Data contained in a dataset, we rely on your consent to process such personal data. 

Where we undertake direct marketing, all of our direct marketing campaigns are conducted in accordance with applicable law; we only do so with your consent and/or where we have a legitimate interest to do so, but in any event, you have the option to opt out of any direct marketing at any time by clicking the unsubscribe link in our marketing material. Helixa has performed a legitimate interests assessment in respect of its direct marketing activities to former, existing, and prospective customers. In summary,  Helixa has a legitimate interest to market its services to existing customers as they already receive services directly from Helixa and may benefit from other services that Helixa provides. Former customers may be likely to purchase Helixa services  after receiving marketing materials as they become aware of the additional benefits that other services could bring them. In addition, Helixa has a legitimate interest in marketing its services  to prospective customers to promote brand awareness and increase sales.

To the extent that Helixa records any video conferences/calls/meetings of your voice or image (biometric data), Helixa will only do so with your explicit consent before such recordings are made. 

Helixa will retain your personal data only as long as necessary for the purposes for which it was collected; to provide you with services in accordance with our contractual obligations to you; and where required or permitted under law. Generally, this means your personal data will be retained until the end of your contractual relationship with us. In addition, such data may also be retained whilst Helixa has a legitimate business need to do so.

When we have no ongoing legitimate business need to process your personal data, we will either delete or anonymise it or, if this is not possible (for example, because your personal data has been stored in backup archives), we will securely store your personal data and isolate it from any further processing until deletion is possible.

In relation to direct marketing, we will retain personal data (only to the extent necessary) in order to ensure we respect your direct marketing opt-out preferences.

No service is completely secure, but we believe the security of your information is a serious issue and we are committed to maintaining commercially reasonable and appropriate security measures to ensure that your personal information is protected both online and offline. Helixa has a dedicated Information Security team that manages our framework, policies and procedures based on ISO27001 principles (with supplementary controls added for NIST framework alignment) to protect your personal information.

The framework includes (but not limited to) the following measures; employees and contractors being subject to background checks and bound by confidentiality, all receive training on data privacy and security. Those responsible for designing, managing and developing software and services do so applying secure development and privacy by design practices. Principles of least privilege are adopted using a role-based model for provisioning access to critical infrastructure and sensitive data. Data is encrypted in transit over public networks using both TLS, data encryption at rest is using Advanced Encryption Standard, pseudonymization. We also take measures to ensure third-party service providers that process personal data on our behalf also have appropriate security controls in place.

While we strive to protect your data, we cannot guarantee that unauthorized access to your data, data loss or a data breach will never occur.

In order to provide our services to you it may be necessary to transfer your personal data to a country that is different to the country in which we collected your personal data, and such country may not apply the same level of data protection.

As we are a global enterprise, and part of the Telmar Group, Helixa may transfer your personal data to Telmar Group companies (see section 15, below) and our third party services providers. To the extent required by applicable data protection law, any personal data that is transferred amongst Telmar Group companies shall be subject to an intra-group data transfer agreement (“IGDTA”) that applies the Standard Contractual Clauses approved by the European Commission, and the UK’s International Data Transfer Agreement and the International Data Transfer Addendum to the European Commission’s Standard Contractual Clauses.  

In addition to the IGDTA, Helixa performs transfer impact assessments (each a “TIA”) in respect of the transfer of personal data outside the European Economic Area to “third countries”. In this context, “third countries” are countries that the EU has not issued  recognition of a country's adequacy of its data protection laws to ensure that a data subject gains a similar level of protection that a person would receive under GDPR. The purpose of a TIA is to evaluate whether the legislation in the third country might prevent the non-EU Data importer of personal data from complying with GDPR requirements – especially regarding potential data access rights of intelligence agencies. A TIA requires a diligent assessment of all circumstances of the transfer in question, the laws and practices of the third country of destination and any relevant contractual, technical or organizational safeguards put in place.

10. CCPA Compliance (Applicable to California Residents Only)

In addition to the data protection laws referred to in this Privacy Policy we also comply with the California Consumer Privacy Act 2018 (“CCPA”). The CCPA was implemented to enhance privacy rights and consumer protection for residents in California and therefore it applies to businesses that carry our business activities in California.

When we act as a “Service Provider” (as defined in the CCPA) we may process “Personal Information” on behalf of our customers or dataset providers. “Personal Information” means any information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household, this includes but it not limited to:

• identifiers, for example your name, alias, postal address, email address or other similar identifiers;
• any categories of personal information described in Section 1798.80(e) of the CCPA, for example employment history, signature, or financial information;
• biometric information;
• geolocation data; and
• audio, electronic or visual data.

If we process your Personal Information it is because we are a Service Provider to a business that has provided your Personal Information to us. We do not Sell (as defined in the CCPA) your Personal Information to any third party. 

If we process your Personal Information and we determine the purposes and means of the processing, for example when undertaking marketing activities, it is because we are a Business (as defined by the CCPA). In this circumstance we rely on the CCPA marketing exemption allowing us to: (i) store marketing data on third party systems, provided applicable terms are in place with our service provider; (ii) provide opt-outs from marketing communications, as opposed to requiring an opt-in; and (iii) follow applicable cookie consents on our website. 

When you subscribe to our services, you trust us with certain personal data. We understand that it is essential we work hard to protect your personal data and provide you with the access you need to feel in control of your personal data you provide to us. 

Under data protection law, you have rights including:

• your right of access - you have the right to ask us for copies of your personal data;
• your right to rectification - you have the right to ask us to rectify personal data you think is inaccurate. You also have the right to ask us to complete information you think is incomplete; 
• your right to erasure - you have the right to ask us to erase your personal data in certain circumstances; 
• your right to restriction of processing - you have the right to ask us to restrict the processing of your personal data in certain circumstances;
• your right to object to processing - you have the right to object to the processing of your personal data in certain circumstances; and
• your right to data portability - you have the right to ask that we transfer your personal data you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you do make a request, we will respond to you within one month. Please contact us by email at privacy@telmar.com.

This Privacy Policy may be updated from time to time, please note that any changes to the Privacy Policy shall not materially reduce the level of protection afforded hereunder.

If you are resident in the European Economic Area or the United Kingdom our contact details are as follows:

If you are resident anywhere other than the European Economic Area or the United Kingdom our contact details are as follows:

If you have any concerns about our use of your personal data, you can make a complaint to us by email at privacy@telmar.com or at: 

For the attention of: Legal Team, 

Helixa, 

Fora, 35-41 Folgate Street, 

Spitalfields, 

London, 

E1 6BX

You can also complain to the ICO if you are unhappy with how we have used your personal data.

The ICO’s address:            

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Helpline number: 0303 123 1113

ICO website: https://www.ico.org.uk 

We have set out below the Telmar Group Entities that we share personal data with in accordance with our intra-group data transfer agreement, further described in Section 9 above. 

Helixa, Inc., a company incorporated in Delaware, with offices located at 75 Varick Street, 3rd Floor, New York, NY 10013. 

Helixa SRL, a company incorporated in Italy, with offices located at via Arcivescovo Calabiana 6 Milano, 20139.

Telmar Group, Inc., a company incorporated in Delaware, with offices at 75 Varick Street, New York, NY 10013.

Telmar Information Services Corp., a company incorporated in New York, with offices at 75 Varick Street, New York, NY 10013.

Telmar HMS Limited, a company incorporated in Canada, with offices at 151 Yonge Street, Suite 1100, Toronto, Canada.

Telmar Europe Limited, a company incorporated in England and Wales, with offices at Fora, 35-41 Folgate Street, Spitalfields, London, E1 6BX.

Telmar Communications Limited, a company incorporated in England and Wales, with offices at Fora, 35-41 Folgate Street, Spitalfields, London, E1 6BX.

Telmar Peaktime SAS, a company incorporated in France, with offices at 15, place de la République, 3ème étage, 75003 Paris, France.

Telmar Peaktime B.V., a company incorporated in the Netherlands, with offices at Strawinskylaan 3051, 1077 ZX, in Amsterdam.

Telmar (Asia) Limited, a company incorporated in Hong Kong, with offices at Unit 46-106, 46/F, Lee Garden One, 33 Hysan Avenue, Causeway Bay, Hong Kong.

Telmar Software (Shanghai) Limited, a company incorporated in China, with offices at Unit Q-148, Room 501, 5/F, 700 Liyuan Road, Huangpu District, Shanghai, China.

Telmar Media Systems (Pty) Ltd, a company incorporated in South Africa, with offices at Building 26, 1st Floor, The Woodlands, 131 Western Service Road, Woodmead, 2052 Johannesburg, South Africa.

This Privacy Policy was updated on: January 2023