H5 Privacy Policy.

Effective Date: April 29, 2020

This Privacy Policy covers H5’s handling of two categories of information:

1. Information we receive in connection with our eDiscovery, hosting, consulting and other services, including online tools such as H5 Matter Intelligence and Collaboration Center, other than the “H5 Broadcast” section of the Collaboration Center (collectively, the “H5 Services”), and

2. Information we receive through any part of our website at www.H5.com or any other H5 webpage, survey or data collection form or process that incorporates this Privacy Policy, including the H5 Broadcast section of Collaboration Center (“H5 Websites”), as well as personal data we collect through other channels for our marketing and business development activities (collectively with data collected through the H5 Websites, “H5 Business Data”).


1. Privacy Practices Specific to H5 Services

a. Information Collected Through the H5 Services

Through some H5 Services, we receive information from or on behalf of our customers.  Because of the nature of our services, this information may contain any type of personal data.

b. Uses of Information Collected Through the H5 Services

Subject to our contractual obligations, and depending on the particular H5 Services, we use information described above as follows:

  • To provide the H5 Services;
  • To enforce the legal terms that govern the H5 Services;
  • To comply with law and protect rights, safety and property; and
  • For other purposes requested or permitted by our customers or users.

H5 Collaboration Center features online areas in which H5 customer personnel can interact with each other and with other customer-selected third parties (such as personnel from third-party law firms or consultants hired by the customer).

The “H5 Broadcast” section of the Collaboration Center is separate.  It provides a way for individuals to submit general product feedback to H5 or to receive information about items of interest to all Collaboration Center users.  Data collected in the H5 Broadcast section is handled pursuant to Section 2 of this Privacy Policy (Privacy Practices Specific to H5 Business Data), not this section.

c. Disclosures of Information Collected Through the H5 Services

Subject to our contractual obligations, and depending on the particular H5 Services, we share the information described above as follows:

  • To provide the H5 Services (for example, by facilitating a customer’s delivery of discovery materials to a recipient selected by that customer, or by providing a customer or a third party chosen by the customer with any data collected from any user of the customer’s H5 Collaborate spaces, or in connection with technical support);
  • To enforce the legal terms that govern the H5 Services;
  • To comply with law and protect rights, safety and property (for example, for national security or law enforcement);
  • As part of a business sale, merger, consolidation, change in control, transfer of substantial assets or reorganization or in connection with routine legal or financial support; or
  • For other purposes requested or permitted by our customers.

For those purposes, we may share information with our affiliates and other entities that help us with any of the above.

2. Privacy Practices Specific to H5 Business Data

a. Information We Collect

H5 Business Data consists of contact details, information about an individual’s interactions with H5 or our partners, and payment information.

We obtain H5 Business Data directly from the relevant individuals (such as on the H5 Websites or at events), and also from third-party sources, such as their employers, referrals, marketing or lead generation companies, and social networking platforms (e.g., LinkedIn).

On our Websites, we or third parties may collect certain information by automated means such as cookies, Web beacons and JavaScript.  This information may include unique browser identifiers, IP address, browser and operating system information, device information, Internet connection information, as well as details about individuals’ interactions with websites.

We and third parties may use automated means to read or write information on users’ devices, such as in various types of cookies and other browser-based or plugin-based local storage.  Cookies are files that contain data, such as unique identifiers, that we or a third party may transfer to or read from a user’s device for purposes such as recognizing the device, service provision, record-keeping, analytics and marketing.  You may choose to set your web browser to refuse certain types of cookies, or to alert you when certain types of cookies are being sent.  However, if you block or otherwise reject our cookies, certain websites (including our own websites) may not function properly.

In some cases, we facilitate the collection of information by advertising services administered by third parties.  The ad services may track users’ online activities over time by collecting information through automated means such as cookies, and they may use this information to show users advertisements that are tailored to their individual interests or characteristics and/or based on prior visits to certain sites or apps, or other information we know, infer or have collected from the users.  For example, we and the third-party vendors may use first-party cookies and third-party cookies together, as well as other automated means and other data (such as the data described above) (i) to recognize users and their devices, (ii) to inform, optimize, and serve H5 ads and (iii) to report on our ad impressions, other uses of ad services, and interactions with these ad impressions and ad services (including how they are related to visits to specific sites or apps).  For controls specific to advertising and analytics services offered by Google, click here and here.  For controls related to some of our other advertising partners, visit the DAA Consumer Choice page. You can also use specific controls for our advertising partners Linkedin, ListenLoop, and Pinterest. Visitors from IP addresses in the United Kingdom, European Economic Area or Canada are automatically presented with a cookie consent tool that provides details and options for these and additional cookies.  For more information about that tool or our cookies generally, or to use the tool from an IP address in the UK, European Economic Area or Canada, please visit this page.  If you replace, change or upgrade your browser, or delete your cookies, you may need to use these opt-out tools again.

b. Use of H5 Business Data

H5 uses and discloses H5 Business Data as follows:

  • To fulfill your requests;
  • To send you information about our products and services, including marketing communications;
  • To respond to your questions, concerns, or customer service inquiries;
  • To analyze market conditions;
  • To customize the content and advertising you see on the H5 Websites, across the Internet, and elsewhere;
  • To enforce the legal terms that govern the H5 Websites and our business;
  • To comply with law and protect rights, safety and property; and
  • For other purposes requested or permitted by our customers and users.

We will retain H5 Business Data as long as necessary to fulfill these purposes unless the law requires us to keep it for a longer period of time. To provide security and business continuity for the activities described in this Privacy Policy, we make backups of certain data, which we may retain for longer than the original data.

c. Disclosures of H5 Business Data

Subject to our contractual obligations, and depending on the particular H5 Website or business process at issue, we share the information described above as follows:

To carry out the uses of information described above;

  • In connection with routine technical support;
  • As part of a business sale, merger, consolidation, change in control, transfer of substantial assets or reorganization, or in connection with routine legal or financial support; or
  • For other purposes requested or permitted by our customers.

For those purposes, we may share information with our affiliates and other entities that help us with any of the above.

d. Legal Basis for Processing H5 Business Data

The laws in some jurisdictions require companies to tell you about the legal ground they rely on to use or disclose your personal data.  To the extent those laws apply, our legal grounds for processing H5 Business Data are as follows:

  • Legitimate interests:  In many cases, we handle personal data on the ground that it furthers our legitimate interests in commercial activities such as the following in ways that are not overridden by the interests or fundamental rights and freedoms of the affected individuals:

– Customer service

– Protecting our customers, personnel and property

– Analyzing and improving our business

– Marketing

– Managing legal issues

  • We may also process personal data for the same legitimate interests of our customers and business partners.
  • Legal compliance:  We need to use and disclose personal data in certain ways to comply with our legal obligations.
  • To honor our contractual commitments to you:  Some of our processing of personal data is to meet our contractual obligations to an individual, or to take steps at the individual’s request in anticipation of entering into a contract with them.
  • Consent:  Where required by law, and in some other cases, we handle personal data on the basis of consent.

(We process data collected through H5 Services pursuant to our contracts with our customers, as explained earlier in this Privacy Policy.)

3. Additional Information About Our Privacy Practices (applicable to both H5 Services and H5 Business Data)

a. Security of Your Personal Information

Transmission and storage of electronic information is never 100% secure or error-free. However, we have put in place physical, electronic, and administrative measures to help prevent unauthorized access, to maintain data security, and to use correctly the data we collect.  You are responsible for maintaining the secrecy of any credentials that can be used to access any account or service with H5, and you must report suspected unauthorized activity to us.  You are responsible for activity conducted with your credentials.

b. Personal Information Rights and Choices

To exercise any data protection rights you may have with respect to the personal data we process for a customer through H5 Services, please contact the customer. If we receive such a request for an identified customer from an individual, we may refer the request to the relevant customer and cooperate with their handling of the request, subject to any special contractual arrangement with that customer.

You may review and update certain user information by logging in to the relevant portions of the H5 Services or H5 Websites where such information may be updated.  To opt out of our marketing emails, click the unsubscribe link or email unsubscribe@h5.com.

Some individuals have certain legal rights (including, in certain cases, under the EU-U.S. and EU-Swiss Privacy Shield Frameworks) to obtain confirmation of whether we hold personal data about them, to access personal data we hold about them, and to obtain its correction, update, amendment or deletion in appropriate circumstances.  In some cases, they can ask us to provide personal data in portable form or to transmit it to a third party.  To exercise those rights, they may contact us as described at the end of this Policy.  Individuals may also use the contact information below to object to our uses or disclosures of personal data, request a restriction on its processing or to exercise any legal right to withdraw consent, though such actions typically will not have retroactive effect.

For example, individuals have a right to opt out of our processing of H5 Business Data for direct marketing purposes.

Rights under California law are described in Section 3(d) below.

The rights described here are subject to significant limitations and exceptions under the Privacy Shield Frameworks and applicable law, particularly in connection with our eDiscovery-related work.

c. International Data Protection and Privacy Shield

As a business subject to the investigatory and enforcement authority of the United States Federal Trade Commission, H5 has certified that its U.S. operations adhere to the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks, with respect to the personal data that H5 receives in reliance on such Frameworks. This commitment includes all situations in which H5 receives data covered by this Privacy Policy directly from the UK, European Economic Area or Switzerland. Our certification is posted at https://www.privacyshield.gov/list.  To learn more about the Privacy Shield program, please visit https://www.privacyshield.gov.

When H5 receives personal data under the Privacy Shield and then transfers it to a third-party service provider acting as an agent on H5’s behalf, H5 has certain responsibility and potential liability under the Privacy Shield if both (i) the agent processes the information in a manner inconsistent with the Privacy Shield and (ii) H5 is responsible for the event giving rise to the damage.

Covered European residents should direct any questions, concerns or complaints regarding H5’s compliance with the Privacy Shield to H5 as described at the bottom of this Policy.  H5 will attempt to answer your questions and satisfy your concerns in a timely and complete manner as soon as possible.  If, after discussing the matter with H5, your issue or complaint is not resolved, H5 has agreed to participate in the Privacy Shield independent dispute resolution mechanisms listed below, free of charge to you. PLEASE CONTACT H5 FIRST.

  • For human resources personal data that H5 receives under the Privacy Shield (defined under Privacy Shield essentially as information about an employee collected in the context of the employment relationship): cooperation with the relevant data protection authority (which is usually the one where the employee works). For example, for disputes relating to human resources data that H5 receives from Switzerland under the Swiss-U.S. Privacy Shield, this would be the Swiss Federal Data Protection and Information Commissioner (FDPIC).
  • For other personal data H5 receives under the Privacy Shield: JAMS arbitration, available at https://www.jamsadr.com/eu-us-privacy-shield.

Every individual also has a right to lodge a complaint with the relevant supervisory authority, regardless of whether Privacy Shield applies.  If your complaint still is not resolved through these channels, under limited circumstances, an additional binding arbitration option may be available before a Privacy Shield panel, as described at privacyshield.gov.

Please note that H5’s customers may transfer personal data to H5 on the basis of other legal mechanisms approved by the European Commission (“EC”) and other relevant authorities for cross-border data transfers.  H5 itself transfers personal data from the UK and European Economic Area to the U.S. on the basis of EC-approved Standard Contractual Clauses or reliance on the recipient’s membership in the U.S. Privacy Shield.  Some H5 Services also allow our customers and users to make international data transfers to third parties, for which they are solely responsible.

d. Additional detail for California residents

These California subsections apply only to “personal information” about California residents, as that term is defined in the California Consumer Privacy Act (“CCPA”), and they supplement the information in the rest of our Privacy Policy. Data about individuals who are not residents of California is not handled exactly the same way and is not subject to the same California rights described below.  These California subsections do not apply to data processed for customers through the H5 Services, even when such data is about a resident of California.  Individuals who wish to exercise CCPA rights with respect to such data should contact the relevant customer, not H5.

CCPA categories of California personal information we collect:

H5 collects all of the information described in Section 2(a) of this Privacy Policy from and about California residents. You should refer to that location for more detail, but this information generally falls into the following CCPA categories, to the extent it is personally identifiable: identifiers (such as name, email address and other contact information); commercial information (such as information about an individual’s interests and interactions with H5, including transaction data); Internet or other network or device activity (such as records of interaction on our website); professional or employment related data (such as title); other information that identifies or can be reasonably associated with you; and inferences drawn from any of the above.

CCPA description of uses of California personal information:

In CCPA terms, we and our service providers may use and disclose (and in the past 12 months have used and disclosed) all of the categories of California personal information that we collect for all of the purposes described in Section 2 of our Privacy Policy.  In some cases the use was more directly tied to the data than in other cases.  The extent to which our service providers engage in the uses and disclosures described above varies from provider to provider.

California privacy rights

If you are a California resident, California law may permit you to request that we:

  • Provide you the categories of personal information we have collected or disclosed about you in the last twelve months; the categories of sources of such information; the business or commercial purpose for collecting or selling your personal information; and the categories of third parties with whom we shared personal information.
  • Provide access to and/or a copy of certain information we hold about you.
  • Delete certain information we have about you.

Certain information is exempt from such requests under applicable law.  For example, the CCPA has significant exceptions for certain B2B data. You also may have the right to receive information about the financial incentives that we offer to you (if any). You also have certain rights under the CCPA not to be subject to certain negative consequences for exercising CCPA rights. We do not respond to browser-based do-not-track signals or similar mechanisms.

To request to exercise your CCPA rights, please contact us as described below. For security and legal reasons, H5 will not accept requests that require us to access third-party websites or services.

CCPA “sale” of California personal information

The CCPA requires businesses that “sell” personal information, as the term “sell” is defined under the CCPA, to provide an opt-out from such sales.  Some people have taken the position that when a website uses third parties’ cookies or similar technology for its own analytics or advertising purposes, the website is engaged in a “sale” under the CCPA if the third parties have some ability to use, disclose or retain the data to improve their service or to take steps beyond the most narrowly drawn bounds of merely providing their service to the website.  Some take this position even when the website pays the third party (not vice versa), and merely provides the third party with an opportunity to collect data directly, instead of providing personal information to the third party.  If you take the position that any of the arrangements described above involve a “sale” within the meaning of the CCPA, then you may consider H5 to have “sold” what the CCPA calls “identifiers” (like IP addresses), “internet or other electronic network activity information” (like information regarding an individual’s browsing interactions on our public website), and “commercial information” (like the fact that a browser visited a page directed to people who are considering purchasing from us) to those sorts of companies.  To limit those companies’ collection and/or use of this data, use the controls described in Section 2(a) of our Privacy Policy.

e. Notification of Changes

H5 may change this Privacy Policy to reflect changes in the law, our data handling practices or the features of our business.  The updated Privacy Policy will be posted on H5.com.

f. Contact Information

If you have questions regarding our practices or this Privacy Policy, or to send us requests or complaints relating to personal data, please contact us at privacy@h5.com or visit the Contact Us page on the website for other options.