Privacy Policy

Instructions of use: This template of privacy policy is adapted on the basis of requirements of the Regulation EU n°2016/679 (GDPR) regarding data subject information and is provided for indicative purposes only. This is the Customer’s responsibility to assess whether or not the GDPR or any other data protection law applies to the data processing carried out by the customer through the use of the Platform and to adapt this document as necessary.

This Privacy Policy is edited by Heyothere SA having its registered (Av. du Théâtre 1, 1005 Lausanne, c/o WalderWyss Ltd) and registered with the [Trade and Company Register] under the number [∙] (hereafter, the “Data Controller”).

The Data Controller offers a platform to connect aspiring entrepreneurs, facilitating professional networking, data sharing, project collaboration and idea protection. (hereafter, the “Platform”) to its users which have subscribed on the Platform and as such have a user account (hereafter, the “Users”). The Platform is available at the following url address www.heyouthere.com

The Data Controller uses a solution called “Hivebrite”, which enables the import and export of user lists and data, the management of content and events, the organization of emailing campaigns and opportunity research and sharing as well as the management of funds and contributions of any kind.

In this regard, the Data Controller collects and processes User’s personal data in accordance with the Privacy and Cookie policy.

The Data Controller is particularly aware and sensitive with regards to the respect of its Users privacy and personal data protection. The Data Controller commits to ensure the compliance of the processing it carries out as data controller in accordance with the Data Protection Law.

The Data Controller has put in place an appropriate privacy and cookie policy to be fully transparent on how the personal data of Users are processed within the use of the Platform and services provided.

This privacy policy is intended for the Users of the Platform of the Data Controller.

[If applicable: Data Controller has appointed a Data Protection Officer (hereinafter “DPO”) you may contact at the following address: [identity and the contact details]

[If applicable: Data Controller is not established in the European Union and has designated a representative: [identity and the contact details].

[If applicable: Data Controller is not established in the United Kingdom and has designated a representative: [identity and the contact details].

Date of last update: January 2025.

1. COLLECTED PERSONAL DATA

1.1 When subscribing on the Platform

We collect various types of information to provide and improve our services:

1. Personal Information

• Contact Details: Such as your name, email address, postal address, and phone number.

• Professional Information: Details you provide in your profile (e.g., skills, experience, industry) and CV.

• Legal Information: Data entered into our legal document frameworks or contract templates (e.g., signatures, entity details).

2. Payment Information

• Credit Card or Payment Details: For subscription or premium plans. This data may be processed via third-party payment processors.

3. User-Generated Content

• Project and Collaboration Data: Information about projects you create, participate in, or consult on.

• Messages and Shared Documents: Files, text, or other content you upload.

4. Activity and Usage Data

• Interactions on the Platform: Which projects you view or join, which consultants you contact, etc.

• Log Data: IP address, browser type, device information, and timestamps.

5. Third-Party Data Collection

• We may integrate with third-party tools (e.g., analytics) that collect and process data on our behalf.

When subscribing to the Platform, the User is informed that its following personal data is collected for the purpose of creating a user account:

Mandatory data

• First name ;
• Last name ;
• Email address;
• Credit card information, for payment processes
• Information regarding university education, professional experience and Resume

Optional according to the subscription plan and the services uses

• Picture
• Home or office address

The User is informed that it is not possible to access the Platform without providing the mandatory data strictly necessary to create an account and authenticate the User.

1.2 During the use of the Platform

The User may validly publish, at its own initiative, any content on the Platform. The User is aware that  when using the Platform, the User may decide to provide « sensitive data » within the meaning of Data Protection Law, for example, data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, concerning sexual orientation, etc. By providing such sensitive data, the User agrees to their processing by the Platform in the conditions set forth in this Privacy Policy. The User further acknowledges that it may be sharing such data with other users, in which case this Privacy Policy does not apply.

1. THE PURPOSE OF THE DATA PROCESSING

The Data Controller and its subcontractors process personal data that are freely transferred by the User when accessing the services proposed by the Platform for the following purpose:

Purpose

Legal basis [completed as per options listed in GDPR, art. 6]

1) Creation and management of a user account;

1. Creation and Management of User Accounts

To enable Users to create and manage their personal accounts on the Platform.

2. Providing the User with All Functionalities of the Platform

To ensure Users can fully utilize the Platform, data processing is carried out for the following purposes:

● Sending invitations for events organized by the Data Controller or other Users, if the User has accepted to receive such invitations;

● Sending job offers, commercial offers, project participation proposals, and business partnership proposals from the Data Controller or its partners, subject to the User’s consent;

● Inviting Users to events organized by the Platform;

● Activating and leveraging the internal signature process for engagement contracts related to business partnerships, handled internally or through specific service providers;

● Providing and Personalizing Services:

○ Suggesting people, projects, or events relevant to the User’s interests, skills, and professional goals;

○ Customizing the User’s experience based on preferences and usage patterns.

● Advertising and Communications:

○ Free Plan Users (when available): Displaying ads and sponsored content aligned with the User’s interests;

○ Paid Plan Users: Providing an ad-free experience where the User’s data is not used for ad targeting;

○ Sending newsletters, emails, or in-app notifications about new features, services, or relevant opportunities.

● Connecting Users with Consultants:

○ Sharing relevant User data with vetted consultants to offer tailored services.

● Legal and Contractual Purposes:

○ Storing and managing data within legal documents to facilitate project frameworks or contract enforcement;

○ Ensuring compliance with legal obligations, including record retention and dispute resolution.

3. Management of Data Subject Rights

To ensure the exercise of User rights as stipulated under applicable Personal Data Legislation.

4. Storage of User Personal Data

To securely store User personal data for the duration of their relationship with the Platform and in accordance with applicable laws.

5. Management of Transactions Through the Platform

To facilitate and manage transactions conducted through the Platform, based on the User’s subscription plan and Platform availability.

6. Management of Claims

To address and manage any claims or disputes raised by Users regarding the Platform or its services.

7. Management of Prospection Operations

To perform prospection operations, including:

● Sending email prospecting campaigns on behalf of the Data Controller and/or its commercial partners;

● Sending newsletters on behalf of the Data Controller and/or its commercial partners.

8. Making Statistics to Enhance Platform Services

To perform statistical analysis aimed at:

● Improving the quality of services offered on the Platform;

● Enhancing the usage functionalities of the Platform;

● Providing selected Platform business partners with tools to manage their funneling activities and performance metrics.

9. Making Statistics Regarding Platform Use and Activity

● To analyze and evaluate the effective use of the Platform;

● To monitor and assess activity levels across different sections of the Platform.

10. LinkedIn Profile Synchronization

To enable synchronization of the User’s LinkedIn profile with the Platform when applicable and upon User request.

Legal Basis for Processing

All processing of personal data is carried out in accordance with the relevant legal bases under Article 6 of the GDPR, including:

● User consent for specific activities (e.g., marketing communication or event invitations);

● Performance of a contract to provide the functionalities of the Platform;

● Legitimate interests pursued by the Data Controller, such as improving the Platform’s services and ensuring operational security;

● Compliance with legal obligations where applicable.

2) Providing the User with all functionalities of the Platform, meaning:

• Sending invitations for events organized by Data Controller or other Users, if the User has accepted to receive such invitations;
• Sending job offers, commercial offers, project participation offers and business partnership proposals from the Data Controller or its partners if the User has accepted to receive such offers.
• Invite the User to events organized by the Platform
• Activate and leverage internal signature process for engagement contracts for business partnerships handled internally and through specific service providers.
• Suggesting people, projects, or events relevant to your interests, skills, and professional goals.
• Customizing your experience based on your preferences and usage patterns.
• Advertising and Communications
• Paid Plan Users: Access to an ad-free experience, where your data is not used for ad targeting.
• Newsletters and Updates: Sending you emails or in-app notifications about new features, services, or relevant opportunities.
• Connecting You with Consultants
• Sharing relevant user data with vetted consultants so they can offer tailored services.
• Legal and Contractual Purposes
• Storing and managing data within legal documents to facilitate project frameworks or contract enforcement.
• Ensuring compliance with legal obligations, including record retention and dispute resolution.

3) Management of data subjects rights according to the Personal Data Legislation.

Storage of User personal data;

4) Management of transactions through the Platform – when available and according the user plan.

5) Management of claims

6) Management of prospection operations:

• Sending email prospect campaigns in the Name of Customer] and/or its commercial partners
• Sending newsletters in the Name of Customer] and/or its commercial partners

7) Making statistics in order:

• to improve the quality of the services proposed by the Platform;
• improve the usage functionalities of the Platform;
• Provide to selected platform business partners tools to manager their funneling activities and metrics

8) Making statistics regarding the effective use of the Platform;

9) Making statistics regarding the different levels of activity on the Platform.

10 ) if applicable, enable the synchronization of the User’s LinkedIn profile.

Please note that Kit United, and its subsidiaries – in charge of providing the platform and managing its technical aspects - also collect your personal data as data controller, in order to generate statistics on the use of the platform. This processing is based on the data controller’s legitimate interests to improve the platform. The personal data are retained for the duration of the contractual relationship between Kit United and the Data Controller, plus 90 days.

1. DATA RETENTION PERIOD

The Data Controller informs the User that the personal data related to the User Account is retained only during the length of the User’s subscription on the Platform.

Inactive User Accounts may be deleted after two years of inactivity; following the termination of said subscription, the data collected upon the subscription as well as the content published by the User on the Platform can be deleted after a period of 1 year.

1. DATA TRANSFERS

The Users’ data are stored in Switzerland or the European Economic Area (EEA) by the Data Controller, its subsidiaries, and its trusted service providers. However, depending on the processing, the Users’ data may also be transferred in a country outside Switzerland / the EEA, to our trusted service providers and/or subsidiaries.

When transferring data outside Switzerland / the EEA, the Data Controller ensures that the data are transferred in a secured manner and with respect to the Data Protection Law. When the country where the data are transferred does not have a protection comparable to that of Switzerland / the EEA, the Data Controller uses “appropriate or suitable safeguards”.

When the service providers to whom personal data are transferred, are located in the United States, these transfers are governed by the standard data protection clauses adopted by the Commission, as the case may be adapted to Switzerland.

Users can contact the person responsible for data protection at the following address privacy@heyouthere.com

Personal data transfers may take place outside Switzerland the EEA in order to ensure the functioning of the solution. Indeed, Hivebrite uses third party services providers located outside Switzerland /  the EEA for the following purposes:

• hosting of personal data, including image, profile pictures, backups, etc.;
• production and storage of error logs enabling Hivebrite’s developers to correct the code;
• sending of emails;
• customer supports;
• direct messaging module;
• analysis of the User’s journey of the platform.

The country outside Switzerland the EEA where your personal data may be transferred are:

• United Kingdom;
• The United States of America;
• Australia.

These transfers are based on one of the following guarantees:

• an adequacy decision, regarding personal data transfers to the United Kingdom;
• the Standard Contractual Clauses of the EU Commission (available here);
• International legal frameworks for the sharing of personal data (e.g. the Swiss-US Data Privacy Framework: https://www.dataprivacyframework.gov/)
• your consent.

1.  COMMITMENT OF THE DATA CONTROLLER

The Data Controller commits to process User’s personal data in compliance the Data Protection Law and undertake to, notably, respect the following principles:

• Process User’s personal data lawfully, fairly, and in a transparent manner;
• Only collect and process the Users’ data for the strict purpose as described under article 2 of the present privacy policy;
• Ensure that the personal data processed are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
• Do the best efforts to ensure that the personal data processed are accurate and, if necessary, kept up to date and take all reasonable steps to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
• Keep personal User’s data for no longer than is necessary for the purposes for which they are processed;
• Put in place all necessary technical and organizational appropriate measures in order to ensure the security, confidentiality, integrity, availability and the resilience of the process systems and services;
• Limit the access to the Users’ data to the persons duly authorized to this effect;
• Guarantee to the Users their rights under the Data Protection Law in relation to the processing of their data and make the best efforts to satisfy any request, where this is possible.

1. EXERCISE OF THE USERS’ RIGHTS

The User is duly informed that it disposes at any time, depending on the legal basis of the processing, a right to access, to rectification, to erasure, to restriction of processing, to data portability, and to object.

When processing is based on User’s consent, the right to withdraw consent at any time, without affecting the lawfulness of the processing based on consent before its withdrawal.

The User can exercise its rights by sending an email to the following address: privacy@heyouthere.com, provided that the User justifies his/her identity.

In addition, in the event the User considers that its rights have not been respected, the User of which the personal data is collected can lodge a complaint before the competent supervisory authority. For any additional information, you can review your rights on the websites of the competent authorities.

The competent supervisory authorities are listed on the following website:

http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.

1. COOKIES

The Data Controller informs the User that Hivebrite, as well as its subcontractors, uses a tracking technology on its terminal such as cookies whenever the User navigates on the Platform subject to the conditions described in the Data Controller Cookie Policy.

In particular, Hivebrite may use a cookie called “Amplitude”, to enable analytics of the User’s journey on the platform. This cookie involves a transfer of personal data to the United States of America. Hivebrite has signed Standard contractual clauses in order to comply with the requirements of the GDPR on personal data transfer, and will not use this cookie without gathering your consent first.

For more information about the processing carried out by Hivebrite as data controller, the User is invited to consult Hivebrite’s privacy policy.

1. RECIPIENT AND PERSONS AUTHORIZED TO ACCESS THE USERS’ DATA

Only authorized persons working for the Data Controller and, in some cases, its subsidiaries], can access your personal data. The Data Controller makes its best effort to ensure that these groups of people remain as small as possible and maintain the confidentiality and security of User’s personal data.

The Data Controller also uses trusted service providers to carry out a set of operations on his behalf for hosting, payment services, data storage and document signature. The Data Controller can also use service providers in the tech industry, editors of specific tools integrated in the Platform for technical purposes.

The Data Controller only provides service providers with the information they need to perform the service and ask them not to use your personal data for any other purpose. The Data Controller does his best to ensure that all these trusted service providers only process the personal data on our documented instructions and provide sufficient guarantees, in particular in terms of confidentiality, expert knowledge, reliability and resources, to implement technical and organizational measures which will meet the requirements of the applicable legislation, including for the security of processing.

The Data Controller may be required to disclose or share your personal data to comply with a legal obligation, or to enforce or apply our terms of use/sale or any other conditions you have accepted; or to protect the rights, safety or property of Heyouthere its customers or employees.

List of the main service providers:

Service Provider

Service

You can consult the privacy policy by clicking on the following link:

KIT UNITED

5 RUE DES ITALIENS

75009 Paris

France

HIVEBRITE solution

https://hivebrite.io/privacy-policy