Our Legals
Terms of Use
This website (Site) is operated by Cloud People Pty Ltd t/as Heropa (ABN: 87 143 012 908) (we, our or us). These website terms of use (Terms) apply to your use of, and access to, the Site.
Information and availability
While we use reasonable attempts to ensure the accuracy and completeness of the content and materials on the Site (Content), to the extent permitted by law (including the Australian Consumer Law), we do not warrant the accuracy, completeness or suitability of any of the Content. The Content may be subject to change without notice and we do not undertake to keep the Site up-to-date. The Content is factual information only, is not comprehensive and is for general information purposes only. We also do not warrant that access to the Site will be uninterrupted, error-free or free from viruses.
Intellectual Property rights
Unless otherwise indicated, we own or license the Content and all intellectual property rights (including any copyright, registered or unregistered designs, illustrations, artwork, patents or trade mark or logo rights and domain names) displayed or used on the Site (Our Intellectual Property).
We authorise you to access and use the Site solely for your own personal use and to display, print and download the Content onto your personal device provided that you do not remove any copyright notice included in Our Intellectual Property.
You must not use the Site, or any of the Content, for your commercial purposes, including, for example, to advertise your own business or for any other revenue generation activity and you must not use the Site, including the Content, in any way that competes with our business.
Subject to the above, your use of, and access to, the Site and the Content does not grant or transfer to you any rights, title or interest to Our Intellectual Property. Unless otherwise permitted in these Terms, you must not:
(a) copy or use, in whole or in part, any of Our Intellectual Property;
(b) reproduce, retransmit, distribute, display, disseminate, sell, publish, broadcast or circulate any of Our Intellectual Property; or
(c) breach any intellectual property rights connected with Our Intellectual Property, including altering or modifying any of Our Intellectual Property, causing any of Our Intellectual Property to be framed or embedded in another website or platform, or creating derivative works from Our Intellectual Property.
Nothing in the above clause restricts your ability to publish, post or repost Content or Our Intellectual Property on your social media page or blog, provided that:
(d) you do not assert that you are the owner of the Content or Our Intellectual Property;
(e) unless explicitly agreed by us in writing, you do not assert that you are endorsed or approved by us;
(f) you do not damage or take advantage of our reputation, including in a manner that is illegal, unfair, misleading or deceptive; and
(g) you comply with all other terms of these Terms.
Conduct we do not accept
You must not do or attempt to do anything that is unlawful, which is prohibited by applicable law, which we would consider inappropriate or which might bring us or the Site into disrepute. This includes:
(a) anything that would constitute a breach of an individual’s privacy or any other legal rights;
(b) using the Site to defame, harass, threaten, menace or offend any person;
(c) using the Site for unlawful purposes;
(d) interfering with any user of the Site;
(e) tampering with or modifying the Site, knowingly transmitting viruses or other disabling features, or damaging or interfering with the Site, including using trojan horses, viruses or piracy or programming routines that may damage or interfere with the Site;
(f) using the Site to send unolicited electronic messages
(g) using data mining, robots, screen scraping or similar data gathering and extraction tools on the Site; or
(h) facilitating or assisting a third party to do any of the above acts.
Third party sites
The Site may contain links to websites operated by third parties. Unless we tell you otherwise, we do not control, endorse or approve, and are not responsible for, the content on those websites. We recommend that you make your own investigations with respect to the suitability of those websites. If you purchase goods or services from a third party website linked from the Site, such third party provides the goods and services to you, not us.
We may receive a benefit (which may include a referral fee or a commission) should you visit certain third-party websites via a link on the Site (Affiliate Link) or for featuring certain products or services on the Site. We will make it clear by notice to you which (if any) products or services we receive a benefit to feature on the Site, or which (if any) third party links are Affiliate Links.
Our liability is limited
You may have certain rights under the Australian Consumer Law in relation to the Site and the Content, and you may contact us for more information about this. Despite anything to the contrary, to the maximum extent permitted by law (including the Australian Consumer Law), we exclude all liability for any loss or damage of any kind (including consequential loss, indirect loss, loss of profit, loss of benefit, loss of opportunity or loss of reputation) whether under statute, contract, equity, tort (including negligence), indemnity or otherwise arising out of or in connection with the Site or the Content.
Privacy
We respect your privacy and understand protecting your personal information is important. Our Privacy Policy (available on the Site) sets out how we will collect and handle your personal information.
What happens if we discontinue the Site
We may, at any time and without notice, discontinue the Site (in whole or in part), or exclude any person from using our Site.
Which laws govern these Terms
These Terms are governed by the laws of New South Wales. Each party irrevocably and unconditionally submits to the exclusive jurisdiction of the courts operating in New South Wales and any courts entitled to hear appeals from those courts and waives any right to object to proceedings being brought in those courts.
Changes to these Terms
We may, at any time and at our discretion, vary these Terms by publishing the varied terms on the Site. We recommend you check the Site regularly to ensure you are aware of our current terms.
For any questions and notices, please contact us at:
Privacy Policy
Cloud People Pty Ltd t/as Heropa (ABN 87 143 012 908) (we, us or our), understands that protecting your personal information is important. This Privacy Policy sets out our commitment to protecting the privacy of personal information provided to us, or collected by us, when interacting with you.
This Privacy Policy takes into account the requirements of the Privacy Act 1988 (Cth) and the Australian Privacy Principles, as well as the New Zealand Privacy Act 2020 and the Information Privacy Principles. In addition to the Australian laws, individuals located in the European Union or European Economic Area (EU) may also have rights under the General Data Protection Regulation 2016/679 and individuals located in the United Kingdom (UK) may have rights under the General Data Protection Regulation (EU) 2016/679) (UK GDPR) and the Data Protection Act 2018 (DPA 2018) (together, the GDPR).
Appendix 1 outlines the details of the additional rights of individuals located in the EU and UK as well as information on how we process the personal information of individuals located in the EU and UK.
The information we collect
Personal information: is information or an opinion, whether true or not and whether recorded in a material form or not, about an individual who is identified or reasonably identifiable.
The types of personal information we may collect about you include:
- Identity Data including your name, date of birth and company name.
- Contact Data including your telephone number, address and email.
- Financial Data including bank account and payment card details (through our third party payment processor, who stores such information and we do not have access to that information).
- Transaction Data including details about payments to you from us and from you to us and other details of products and services you have purchased from us or we have purchased from you.
- Technical and Usage Data when you access any of our websites, platforms or emails, details about your internet protocol (IP) address, login data, browser session and geo-location data, browser type, operation system type, internet service provider’s domain name, statistics on page views and sessions, device and network information, acquisition sources, search queries and/or browsing behaviour, access and use of our website (including through the use of Internet cookies or tracking pixels), and communications with our website.
- Profile Data including your username and password for Heropa, profile picture, purchases or orders you have made with us, content you post, send, receive and share through our platform, information you have shared with our social media platforms, and support requests you have made.
- Interaction Data including information you provide to us when you participate in any interactive features, including surveys, preferences, interests, contests, promotions, activities or events.
- Marketing and Communications Data including your preferences in receiving marketing from us and our third parties and your communication preferences.
- Professional data including where you are a worker of ours or applying for a role with us, your professional history such as your previous positions and professional experience, professional registrations and associations (where applicable), education history and qualifications, or whether you hold required authorisations or licences.
Sensitive information is a sub-set of personal information that is given a higher level of protection. Sensitive information means information relating to your racial or ethnic origin, political opinions, religion, trade union or other professional associations or memberships, philosophical beliefs, sexual orientation or practices, criminal records, health information or biometric information. The types of sensitive information we may collect include:
- Where you apply for a role with us:
- results of criminal records checks; and
- any other background checks required by law for the specific position.
How we collect personal information
We collect personal information in a variety of ways, including:
- when you provide it directly to us, including face-to-face, over the phone, over email, or online;
- when you complete a form, such as registering for any events or newsletters, or responding to surveys;
- when you use any website we operate (including from any analytics and cookie providers or marketing providers. See the “Cookies” section below for more detail on the use of cookies);
- from third parties;
- from publicly available sources.
Why we collect, hold, use and disclose personal information
We have set out below, in a table format, a description of the purposes for which we plan to collect, hold, use and disclose your personal information.
| Purpose of use / disclosure | Type of Personal Information |
| To enable you to access and use our software, including to provide you with a login. | · Identity Data · Contact Data · Technical and Usage Data |
| To work with you as a customer or supplier of our business. | · Identity Data · Contact Data |
| To contact and communicate with you about our business, including in response to any support requests you lodge with us or other enquiries you make with us. | · Identity Data · Contact Data · Profile Data |
| To contact and communicate with you about any enquiries you make with us via any website we operate. | · Identity Data · Contact Data |
| For internal record keeping, administrative, invoicing and billing purposes. | · Identity Data · Contact Data · Financial Data · Transaction Data |
| For analytics, market research and business development, including to operate and improve our business, associated applications and associated social media platforms. | · Profile Data · Technical and Usage Data |
| For advertising and marketing, including to send you promotional information about our events and experiences and information that we consider may be of interest to you. | · Identity Data · Contact Data · Technical and Usage Data · Profile Data · Marketing and Communications Data |
| To run promotions, competitions and/or offer additional benefits to you. | · Identity Data · Contact Data · Profile Data · Interaction Data · Marketing and Communications Data |
| If you have applied for employment with us, to consider your employment application. | · Identity Data · Contact Data · Professional Data |
| To comply with our legal obligations or if otherwise required or authorised by law. | Any relevant Personal Information |
Sensitive information: We only collect, hold, use and disclose sensitive information for the following purposes:
| Sensitive Information |
Our disclosures of personal information to third parties
Personal information: We will only disclose personal information (excluding sensitive information) to third parties where it is necessary as part of our business, where we have your consent, or where permitted by law. This means that we may disclose personal information to:
- our employees, contractors and/or related entities;
- IT service providers, data storage, web-hosting and server providers;
- marketing or advertising providers;
- professional advisors, bankers, auditors, our insurers and insurance brokers;
- payment systems operators or processors;
- our existing or potential agents or business partners;
- if we merge with, or are acquired by, another company, or sell all or a portion of our assets, your personal information may be disclosed to our advisers and any prospective purchaser’s advisers and may be among the assets transferred;
- courts, tribunals and regulatory authorities, in the event you fail to pay for goods or services we have provided to you;
- courts, tribunals, regulatory authorities and law enforcement officers, as required or authorised by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our legal rights;
- third parties to collect and process data, such as analytics providers and cookies; and
- any other third parties as required or permitted by law, such as where we receive a subpoena.
Sensitive information: We will only disclose sensitive information with your consent or where permitted by law. This means that we may disclose sensitive information to:
- our employees, contractors and/or related entities;
- IT service providers, data storage, web-hosting and server providers;
- professional advisors;
- if we merge with, or are acquired by, another company, or sell all or a portion of our assets, your personal information may be disclosed to our advisers and any prospective purchaser’s advisers and may be among the assets transferred;
- courts, tribunals, regulatory authorities and law enforcement officers, as required or authorised by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our legal rights;
- third parties to collect and process data, such as analytics providers and cookies; and
- any other third parties as required or permitted by law, such as where we receive a subpoena.
Overseas disclosure
We store personal information in the United States of America. Where we disclose your personal information to the third parties listed above, these third parties may also store, transfer or access personal information outside of the United States of America, including but not limited to, Australia. We will only disclose your personal information overseas in accordance with the Australian Privacy Principles.
Your rights and controlling your personal information
Your choice: Please read this Privacy Policy carefully. If you provide personal information to us, you understand we will collect, hold, use and disclose your personal information in accordance with this Privacy Policy. You do not have to provide personal information to us, however, if you do not, it may affect our ability to work with you as a customer or supplier of our business.
Information from third parties: If we receive personal information about you from a third party, we will protect it as set out in this Privacy Policy. If you are a third party providing personal information about somebody else, you represent and warrant that you have such person’s consent to provide the personal information to us.
Restrict and unsubscribe: To object to processing for direct marketing/unsubscribe from our email database or opt-out of communications (including marketing communications), please contact us using the details below or opt-out using the opt-out facilities provided in the communication.
Access: You may request access to the personal information that we hold about you. An administrative fee may be payable for the provision of such information. Please note, in some situations, we may be legally permitted to withhold access to your personal information. If we cannot provide access to your information, we will advise you as soon as reasonably possible and provide you with the reasons for our refusal and any mechanism available to complain about the refusal. If we can provide access to your information in another form that still meets your needs, then we will take reasonable steps to give you such access.
Correction: If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please contact us using the details below. We will take reasonable steps to promptly correct any information found to be inaccurate, out of date, incomplete, irrelevant or misleading. Please note, in some situations, we may be legally permitted to not correct your personal information. If we cannot correct your information, we will advise you as soon as reasonably possible and provide you with the reasons for our refusal and any mechanism available to complain about the refusal.
Complaints: If you wish to make a complaint, please contact us using the details below and provide us with full details of the complaint. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take in response to your complaint. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner.
Storage and security
We are committed to ensuring that the personal information we collect is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures, to safeguard and secure personal information and protect it from misuse, interference, loss and unauthorised access, modification and disclosure.
While we are committed to security, we cannot guarantee the security of any information that is transmitted to or by us over the Internet. The transmission and exchange of information is carried out at your own risk.
User-generated Content
We may enable you to post reviews, comments, photos and other user-generated content. Any content you choose to submit will be accessible by anyone, including third parties not associated with us. We have no control over how others may use or misuse information you make publicly available. We are not responsible for the privacy, security or accuracy of any user-generated content you choose to post or for the use or misuse of that information by any third parties.
Cookies
We may use cookies, tracking pixels and similar technologies on our website and in our emails from time to time. Cookies are text files placed in your computer’s browser to store your preferences. Tracking pixels are tiny, invisible images (typically the size of one pixel) embedded in web pages or emails. Cookies and tracking pixels, by themselves, do not tell us your email address or other personally identifiable information. However, they do recognise you when you return to our online website and allow third parties to cause our advertisements to appear on your social media and online media feeds as part of our retargeting campaigns. If and when you choose to provide our online website with personal information, this information may be linked to the data stored in the cookie or collected by tracking pixels. Unlike cookies, tracking pixels do not store any information on your device, but instead send information to our servers when the pixel is loaded.
You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies.
You can block tracking pixels by using ad-blocking or privacy-focused browser extensions. Some email providers allow you to block images by default, which can prevent tracking pixels in emails from loading.
However, if you use your browser settings to block all cookies (including essential cookies) and tracking pixels you may not be able to access all or parts of our website and you may not receive personalised content.
Google Analytics: We may use Google Analytics Advertising Features. We and third-party vendors may use first-party cookies (such as the Google Analytics cookie) or other first-party identifiers, and third-party cookies (such as Google advertising cookies) or other third-party identifiers together. These cookies and identifiers may collect Technical and Usage Data about you.
You can opt-out of Google Analytics Advertising Features including using a Google Analytics Opt-out Browser add-on found here. To opt-out of personalised ad delivery on the Google content network, please visit Google’s Ads Preferences Manager here or if you wish to opt-out permanently even when all cookies are deleted from your browser you can install their plugin here. To opt out of interest-based ads on mobile devices, please follow these instructions for your mobile device: On android open the Google Settings app on your device and select “ads” to control the settings. On iOS devices with iOS 6 and above use Apple’s advertising identifier. To learn more about limiting ad tracking using this identifier, visit the settings menu on your device.
To find out how Google uses data when you use third party websites or applications, please see here.
Facebook/Meta Analytics: We may use tools provided by Meta, such as the Meta Pixel, advanced matching, and Conversions API. These allow us to measure ad performance and deliver ads that may be relevant to you on Meta platforms based on your activity on our website/app. You can control whether we can join data from third party partners with your Meta account for ads by adjusting your preferences within Meta’s settings. You can disconnect this data from your Meta account by changing your settings for Off-Facebook activity. For more information, please see Meta’s Privacy Policy here.
For more information about the cookies and tracking pixels we use, please see https://www.heropa.com/our-legals/#legal-cookies.
Links to other websites
Our website may contain links to other party’s websites. We do not have any control over those websites and we are not responsible for the protection and privacy of any personal information which you provide whilst visiting those websites. Those websites are not governed by this Privacy Policy.
Personal information from single sign-on accounts
If you connect your account with us using a single sign-on account, we will collect your personal information from the single sign-on provider. We will do this in accordance with the privacy settings you have chosen with that provider.
The personal information that we may receive includes your name and email address.
We use the personal information we receive from the single sign-on provider to create a profile for you on our platform and provide you access to our platform.
Where we have accessed your personal information through your Facebook account, you have the right to request the deletion of personal information that we have been provided by Facebook. To submit a request for the deletion of personal information we acquired from Facebook, please send us an email at the address at the end of this Privacy Policy and specify in your request which personal information you would like deleted. If we deny your request for the deletion of personal information, we will explain why.
Use of location services data
We collect your precise or approximate location for the following purposes:
- for security and safety;
- to prevent and detect fraud; and
- as permitted by law.
We collect this information when you use our services. If you do not want us to use your location for the purposes above, you should turn off the location services on your device. If you do not provide geolocation data to us, it may affect our ability to work with you as a customer of our business.
Use of Artificial Intelligence (AI)
Overview: We may use artificial intelligence and machine learning technologies, including AI Technologies provided by third parties (AI Technologies) in our business operations and the provision of our Services. We will only use AI Technologies when legally permitted and necessary for our business operations.
How we use AI Technologies: We may use AI Technologies for the following purposes:
- to conduct analysis and processing;
- to generate and modify content and coding;
- to improve and optimise our services and operations and to analyse user-provided content to improve the user experience;
- to automate certain processes and communications, such as routine tasks;
- to personalise your experience with our services;
- for quality assurance purposes;
- to assisting with customer support and queries; and
- to learn a learner’s expected behaviour to improve and enhance learning experiences, including providing real-time feedback and assessment in training environments.
Data Protection and Security: Where we use service providers who provide AI Technologies to us, we will take reasonable steps to ensure that such service providers handle your personal information according to privacy law, including by ensuring that we have contracts in place requiring the service provider to protect personal information.
We will not input your personal information into any platform provided by an AI Technology service provider which then trains its model based on that information.
Your Rights and our Commitments: We will treat information generated or inferred by the AI Technologies about individuals as personal information and you maintain all rights over your personal information as outlined in this privacy policy, regardless of whether AI Technologies are used in processing. When using AI Technologies with your personal information:
- Transparency and control: we will inform you when AI Technologies are being used to make decisions that may significantly affect you. We will implement processes to verify the accuracy of AI-generated outputs and we will take reasonable steps to maintain human oversight and review of significant AI-generated decisions. Our staff are trained to understand the limitations of AI systems and verify outputs before they are relied upon; and
- Security: we implement appropriate technical and organisational measures to ensure that our use of AI Technologies maintains the security and integrity of your personal information. This includes regular testing and monitoring of AI outputs for accuracy and reliability; and
- Risk mitigation: We regularly assess and document the risks associated with our use of AI Technologies in processing personal information and implement appropriate mitigation measures. This includes ongoing monitoring of AI Technologies and regular reviews of their performance and impact.
Automated Decision Making
We use automated processes to assist with various aspects of our business operations and service delivery. These automated processes help us with:
- marketing personalisation; and
- customer analysis.
To do this, we may use your:
- Identity Data;
- Profile Data; and
- Technical and Usage Data.
Amendments
We may, at any time and at our discretion, vary this Privacy Policy by publishing the amended Privacy Policy on our website. We recommend you check our website regularly to ensure you are aware of our current Privacy Policy.
For any questions and notices, please contact us at:
Cloud People Pty Ltd t/as Heropa ABN 87 143 012 908
Email: [email protected]
Last update: 10 June 2025
GDPR
Privacy Policy Appendix 1:
Additional rights and information for individuals located in the EU or UK
Under the GDPR individuals located in the EU and the UK have extra rights which apply to their personal information. Personal information under the GDPR is often referred to as personal data and is defined as information relating to an identified or identifiable natural person (individual). This Appendix 1 sets out the additional rights we give to individuals located in the EU and UK, as well as information on how we process the personal information of individuals located in the EU and UK. Please read the Privacy Policy and this Appendix carefully and contact us at the details at the end of the Privacy Policy if you have any questions.
What personal information is relevant?
This Appendix applies to the personal information set out in the Privacy Policy. This includes any Sensitive Information also listed in the Privacy Policy above which is known as ‘special categories of data’ under the GDPR.
Purposes and legal bases for processing
We collect and process personal information about you only where we have legal bases for doing so under applicable laws. We have set out below, in a table format, a description of all the ways we plan to use your personal information, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate. Note that we may process your personal information for more than one lawful ground depending on the specific purpose for which we are using your data. Please reach out to us if you need further details about the specific legal ground, we are relying on to process your personal information where more than one ground has been set out in the table below.
| Purpose of use / disclosure | Type of Data | Legal Basis for processing |
| To enable you to access and use our software, including to provide you with a login. | · Identity Data · Contact Data · Technical and Usage Data | · Performance of a contract with you |
| To work with you as a customer or supplier of our business. | · Identity Data · Contact Data | · Performance of a contract with you |
| To assess whether to take you on as a new client, including to perform anti-money laundering, anti-terrorism, sanction screening, fraud and other background checks on you. | · Identity Data · Contact Data | · Performance of a contract with you · To comply with a legal obligation · Public interest · Legitimate interests: ensuring we do not deal with proceeds of criminal activities or assist in any other unlawful or fraudulent activities for example terrorism |
| To contact and communicate with you about our business including in response to any support requests you lodge with us or other enquiries you make with us. | · Identity Data · Contact Data · Profile Data | · Performance of a contract with you |
| To contact and communicate with you about any enquiries you make with us via our website. | · Identity Data · Contact Data | · Legitimate interests: to ensure we provide the best client experience we can offer by answering all of your questions. |
| For internal record keeping, administrative, invoicing and billing purposes. | · Identity Data · Contact Data · Financial Data · Transaction Data | · Performance of a contract with you · To comply with a legal obligation · Legitimate interests: to recover debts due to us and ensure we can notify you about changes to our terms of business and any other administrative points. |
| For analytics, market research and business development, including to operate and improve our business, associated applications and associated social media platforms. | · Profile Data · Technical and Usage Data | · Legitimate interests: to keep our website updated and relevant, to develop our business, improve our business and to inform our marketing strategy |
| For advertising and marketing, including to send you promotional information about our events and experiences and information that we consider may be of interest to you. | · Identity Data · Contact Data · Technical and Usage Data · Profile Data · Marketing and Communications Data | · Legitimate interests: to develop and grow our business |
| To run promotions, competitions and/or offer additional benefits to you. | · Identity Data · Contact Data · Profile Data · Interaction Data · Marketing and Communications Data | · Legitimate interests: to facilitate engagement with our business and grow our business |
| If you have applied for employment with us, to consider your employment application. | · Identity Data · Contact Data · Professional Data | · Legitimate interests: to consider your employment application |
| To comply with our legal obligations or if otherwise required or authorised by law. | · To comply with a legal obligation |
If you have consented to our use of data about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place. Where we are using your data because we or a third party have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer doing business with us. Further information about your rights is available below.
Data transfers
The privacy protections available in the countries to which we send data for the purposes listed above may be less comprehensive than what is offered in the country in which you initially provided the information. Where we transfer your personal information outside of the country where you are based, we will perform those transfers using appropriate safeguards in accordance with the requirements of applicable data protection laws and we will protect the transferred personal information in accordance with this Privacy Policy and Appendix 1. This includes:
- only transferring your personal information to countries that have been deemed by applicable data protection laws to provide an adequate level of protection for personal information; or
- including standard contractual clauses in our agreements with third parties that are overseas.
Data retention
We will only retain your personal information for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal information for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
Extra rights for EU and UK individuals
You may request details of the personal information that we hold about you and how we are process it (commonly known as a “data subject request”). You may also have a right in accordance with applicable data protection law to have your personal information rectified or deleted, to restrict our processing of that information, to object to decisions being made based on automated processing where the decision will produce a legal effect or a similarly significant effect on you, to stop unauthorised transfers of your personal information to a third party and, in some circumstances, to have personal information relating to you transferred to you or another organisation.
If you are not happy with how we are processing your personal information, you have the right to make a complaint at any time to the relevant Data Protection Authority based on where you live. We would, however, appreciate the chance to deal with your concerns before you approach the Data Protection Authority, so please contact our Data Protection Representative in the first instance at https://www.datarep.com/data-request/.
Data Sub-Processors
On this page, we maintain a current list of Sub-processors authorized to process customer data, in order to provide Heropa’s solution in accordance with the applicable services required.
List of sub-processors
| Sub-processor | Country | Purpose | Website |
| Airwallex | Australia | Customer payments | https://www.airwallex.com/ |
| Amazon AWS | USA | Cloud infrastructure | https://aws.amazon.com/ |
| Atlassian | Australia | Data hosting | https://www.atlassian.com/ |
| Cloudflare | USA | Web application firewall | https://www.cloudflare.com/ |
| Hubspot | USA | Sales and marketing | https://www.hubspot.com/ |
| Microsoft | USA | Data hosting, Email delivery services | https://www.microsoft.com |
| Sentry | USA | Error logs | https://sentry.io/ |
| Slack | USA | Communications | https://slack.com |
| Twilio | USA | Communications technology | https://www.twilio.com/ |
| Xero | USA | Accounting | https://www.xero.com/ |
| Zendesk | USA | Customer Support | https://www.zendesk.com/ |
Cookies & Tracking Notice
Heropa and our third party partners, such as our advertising and analytics partners, use various technologies to collect information, such as cookies and web beacons.
What types of technologies do we use?
We use cookies, web beacons and other technologies to improve and customize our products and websites (“the Services”) and your experience; to allow you to access and use the Services without re-entering your username or password; to understand usage of our Services and the interests of our customers; to determine whether an email has been opened and acted upon; and to present you with advertising relevant to your interests.
How do we use them?
- Where strictly necessary. These cookies and other technologies are essential in order to enable the Services to provide the feature you have requested, such as remembering you have logged in.
- For functionality. These cookies and similar technologies remember choices you make such as language or search parameters. We use these cookies to provide you with an experience more appropriate with your selections and to make your use of the Services more tailored.
- For performance and analytics. These cookies and similar technologies collect information on how users interact with the Services and enable us to improve how the Services operate. For example, we use Google Analytics cookies to help us understand how visitors arrive at and browse our products and website to identify areas for improvement such as navigation, user experience, and marketing campaigns.
- Targeting Cookies or Advertising Cookies. These cookies collect information about your browsing habits in order to make advertising relevant to you and your interests. They remember the websites you have visited and that information is shared with other parties such as advertising technology service providers and advertisers.
- Social media cookies. These cookies are used when you share information using a social media sharing button or “like” button on our websites or you link your account or engage with our content on or through a social media site. The social network will record that you have done this. This information may be linked to targeting/advertising activities.
How can you opt-out?
To opt-out of our use of cookies, you can instruct your browser, by changing its options, to stop accepting cookies or to prompt you before accepting a cookie from websites you visit. If you do not accept cookies, however, you may not be able to use all aspects of our Services. Heropa and our third party partners also collect information using web beacons (also known as “tracking pixels”).
Many browsers include their own management tools for removing HTML5 local storage objects. You may be able to opt out of receiving personalized advertisements as described in the Privacy Policy under “Your rights and controlling your personal information.”
You will not be able to opt-out of any cookies or other technologies that are “strictly necessary” for the Services.
