Effective Date: 14/12/2020
Last Updated on: 12/02/2021
1. Definitions and Interpretation
In this Policy the following terms shall have the following meanings:
|means an account required to access and/or use certain areas and features of Our Site or Services
|“Data Protection Laws”
|means a small text file placed on your computer or device by Our Site when you visit certain parts of Our Site and/or when you use certain features of Our Site. Details of the Cookies used by Our Site are set out in section 13, below
|means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Information.
|means the entity that has subscribed to Our Services by agreeing to the terms of service at https://callhippo.com/terms/.
|means any identified or identifiable natural person.
|means this website,
|means personally identifiable information
|means any operation or set of operations which is performed on Personal Information or sets of Personal Information, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
|means the cloud-based telecommunication services provided by CallHippo that the Customer has subscribed to under the Terms.
|“Standard Contractual Clauses” / “Model Clauses”
|“UK and EU Cookie Law”
|means the relevant parts of the Privacy and Electronic Communications (EC Directive) Regulations 2003 as amended in 2004, 2011 and 2015
2. What Does This Policy Apply To?
We collect Personal Information when you use the Site and the associated Services and as part of the normal course of business. This Policy sets out how We collect and use Personal Information and your rights regarding Our use of your Personal Information.
3. What Information Do We Collect?
- Some Personal Information will be collected automatically by Our Site (as elaborated upon in section 12) while other Personal Information will only be collected if you voluntarily submit it. For example, this could take place when signing up for an Account. Depending upon your use of Our Site, We may collect some or all of the following Personal Information: Name, date of birth, gender, business/company name, job title, profession, contact information such as email addresses and telephone numbers, demographic information such as postcode, preferences and interests, financial information such as credit/debit card numbers, IP address (automatically collected), web browser type and version (automatically collected), operating system (automatically collected), a list of URLs starting with a referring site, your activity on Our Site, and the site you exit to (automatically collected).
- In addition to this, while availing Our Services, CallHippo may ask for permission to get access to the contacts on your phone. Such access is needed in two situations:
- When you intend to call a contact or send them a text directly from the CallHippo app, CallHippo will access your phone contacts with your permission.
- When you want to make a call to a phone contact, you will see a list of apps through which you can complete that action. CallHippo is one of them. If you choose CallHippo in this case, it will receive access to your contacts.
- Further, while you avail Our Services, CallHippo will act as an independent Controller while Processing some forms of your Personal Information such as Customer Usage Data and Customer Subscription Data, as defined in Appendix I of this Policy.
4. How Is Your Personal Information Used?
- To provide and manage your Account,
- To provide and manage your access to Our site,
- To adapt your preferences to your experience on Our site,
- To respond to communications from you,
- To carry out market research,
- To analyse your use of Our site and
- To gather feedback to enable Us to continually improve Our site and your user experience.
- To analyse your use of Our site and
- To gather feedback to enable Us to continually improve Our site and your user experience.
- In addition to this, with your permission and/or where permitted by law, We may also use your Personal Information for marketing purposes which may include contacting you by email AND/OR telephone AND/OR text message AND/OR post AND/OR web push notifications with information, news and offers on Our products AND/OR Services. We will not, however, send you any spam and will take all reasonable steps to ensure that we comply with applicable laws in this regard.
- Further, advertisers whose content appears on Our Site may engage in what is known as “behavioural advertising” i.e. advertising which is tailored to your preferences, based on your activity. Your activity is monitored using Cookies, as detailed below in section 12. You can control and limit your data used in this way by adjusting your web browser’s privacy settings. Please note that We do not control the activities of such advertisers, nor the information they collect and use. Limiting the use of your Personal Information in this way will not remove the advertising, but it will make it less relevant to your interests and activities on Our Site.
5. Legal Basis
If you are a Data Subject from the European Economic Area, Our legal basis for collecting and using the Personal Information described above will depend on the Personal Information concerned and the specific context in which We collect it. We will normally collect Personal Information from you only where it is needed to perform a contract with you, where the Processing is in Our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms, or where We have your consent. In some cases, We may also have a legal obligation to collect Personal Information from you. If We Process your Personal Information with reliance on your consent, you may withdraw your consent at any time. If you have questions or need further information concerning the legal basis on which We collect and use your Personal Information, please contact Us at the addresses set forth in Section 13.
6. When Do We Share Your Personal Information?
- We may share your Personal Information with other companies in Our group. This includes Our subsidiaries AND/OR Our holding company and its subsidiaries.
- We may contract with third parties to supply products and Our services to you on Our behalf. These may include billing and payment processing, search engine facilities and advertising and marketing. In some cases, the third parties may require access to some or all of your Personal Information. Where any of your Personal Information is required for such a purpose, We will take all reasonable steps to ensure that your Personal Information will be Processed by such third-party in compliance with applicable laws.
- We may compile statistics about the use of Our Site including data on traffic, usage patterns, user numbers, sales and other information. All such data will be anonymised and will not include any Personal Information. We may from time to time share such data with third parties such as prospective investors, affiliates, partners and advertisers. Data will only be shared and used in compliance with applicable laws.
- With your permission and/or as permitted under law, We may share your Personal Information with third parties who may send you marketing collateral in connection with the Services.
- In certain circumstances, We may be legally required to share certain data held by Us, which may include your Personal Information, for example, where We are involved in legal proceedings or where We are complying with the requirements of legislation, a court order, or a governmental authority. We do not require any further consent from you to share your data in such circumstances and will comply as required with any legally binding request that is made of Us.
- We may also share your Personal Information if We merge with or are acquired by another company. In such a case, your information will likely be one of the assets that is transferred.
7. What Happens When You Connect Your Email Account or Sign Up Via Social Media?
- You can choose to provide explicit consent to connect your email accounts with your Account. Once connected, We will securely access and analyse the relevant content related to the Services provided by Us. We encourage you to review your Personal Information prior to signing in through the applicable service. We do not under any circumstances store your email messages, email messages headers, message bodies, or attachments. We only access your email account for scanning purposes and display information immediately as it is returned. We request read-only access to your email account and will not attempt to alter or modify your email account or email messages in any way, except as otherwise agreed by you through additional consent to write permission in your account with respect to the Services you are opting for.
- Further, Our Site includes social media features and widgets that are either hosted by a third-party or hosted directly on Our Site; your interaction with these social media features and widgets is governed by the privacy statement of the companies that provide them. You should check your privacy settings on these third-party services to understand and change the information sent to Us through these Services. This data may be combined with the other information We collect and might include aggregated levels of specific data.
8. How Is Your Personal Information Stored and Transferred?
- Your Personal Information and files including their backups are stored on Our servers and the servers of companies We hire to provide Services to Us. Your Personal Information may be transferred across national borders because We have servers located in the United States of America and India, and the companies We hire to help us run Our business may be located in different countries around the world. The information that We collect from you may be transferred to, and stored in, a country outside the European Economic Area (EEA). It may also be Processed by staff operating outside the EEA who work for Us or Our partners. If you are a resident of the European Economic Area and when your Personal Information is Processed outside EEA, We will ensure that the recipient of your Personal Information offers an adequate level of protection, for instance by entering into standard contractual clauses for the transfer of Personal Information as approved by the European Commission (Article 46 General Data Privacy Regulation, 2016), or We will ask you for your prior consent to such international data transfers.
- For the instances where We act as an independent Controller for Customer Usage Data and Customer Subscription Data, the Standard Contractual Clauses for data Controller to data Controller transfers as approved by the European Commission in decision 2004/915/EC are hereby incorporated in this Policy by reference. Schedule 1 of this Policy shall take the place of Annex B of the Standard Contractual Clauses. Purely for the purposes of the descriptions in the Model Clauses and only as between CallHippo and You, CallHippo agrees that it is a “data importer” and You are the “data exporter” under the Model Clauses. For the purposes of this Appendix, “Personal Data” shall take on the same meaning as that of Personal Information as laid down in Clause 1.
9. How Is Your Personal Information Stored and Transferred?
- CallHippo retains the Personal Information collected where an ongoing legitimate business requires retention of such Personal Information such as for litigation/defense purposes, as necessary to comply with our legal obligations, maintain accurate financial and other records, resolve disputes, and enforce our agreements. In the absence of a need to retain your Personal Information as specified herein, We will either delete or aggregate your Personal Information. If this is not possible, We will securely store your Personal Information and isolate it from any further Processing until deletion is possible.
10. Rights of Children
We recognize the importance of children’s safety and privacy. We do not request, or knowingly collect, any personally identifiable information from children under the age of 16. If a parent or guardian becomes aware that his or her child has provided Us with Personal Information, he or she should write to Us at the email address set forth in this Policy under Section 15.
11. How Do We Secure Your Personal Information?
- Your Personal Information is extremely important to Us. We use appropriate technical and organisational measures to protect the Personal Information that We collect and Process. The measures We use are designed to provide a level of security appropriate to the risk of Processing your Personal Information. If you have questions about the security of your Personal Information, please contact Us immediately as described in this Policy.
- Notwithstanding the security measures that We take, it is important to remember that the transmission of data via the internet may not be completely secure and that you are advised to take suitable precautions when transmitting to Us data via the internet.
12. Summary of Your Rights Under Gdpr
You have the following rights with respect to your Personal Information-
- Right to be informed: You are entitled to know whether We hold your Personal Information and the purpose your Personal Information is Processed for.
- Right of access: You are entitled to obtain a copy of your Personal Information, together with an explanation of the categories of Personal Information being Processed, the purposes of such Processing, and the details of third parties to whom the Personal Information may have been disclosed to.
- Right to rectification: You are entitled to correct/update your Personal Information available with Us.
- Right to erasure: You are entitled to get your Personal Information erased from Our customer relationship management (CRM) databases. Please note that We need to retain certain Personal Information about you for legal and internal business reasons, such as fraud prevention. We will retain your Personal Information for as long as necessary to provide you with the websites and apps you are eligible to use and as needed to comply with Our legal obligations and enforce Our agreements.
- Right to data portability: You are entitled to obtain and reuse your Personal Information. You can either obtain the Personal Information from Us or, in turn, provide it to a third-party (if you so wish), or ask Us to transfer your Personal Information directly to a third-party.
- Right to object/restrict Processing or both: You have a right to object/restrict the Processing of your Personal Information in some circumstances, including where the Personal Information is inaccurate (for the period during which We are verifying the Personal Information), the Personal Information is no longer required in light of the purpose of Processing, or in connection with direct marketing (you can prevent/discontinue marketing communications to you by checking certain boxes on the forms We use to collect your Personal Information), or by utilizing opt-out mechanisms in the emails We send you. You shall also have the right not to be subject to a decision based solely on automated Processing, including profiling, which produces legal effects concerning and similarly significantly affecting you.
In the above cases, We will retain minimum Personal Information to note that you opted out from being contacted again. For the exercise of any of the above-mentioned rights, please write to Us at the email address mentioned in section 13.
14. Contacting Us
Please ensure that your query is clear, particularly if it is a request for information about the data We hold about you.
16. Notice to End-User and Other Exclusions
If you are an individual who interacts with a Customer using Our Services, then that Customer is the Controller of your Personal Information. Your data privacy questions and requests should be submitted to the Customer in its capacity as your Controller and you will be directed to contact Our Customer for assistance with any requests or questions relating to your Personal Information. We are not responsible for Customers’ privacy or security practices which may be different from this Policy. Except as specifically provided in this Policy, this Policy does not apply in connection with access and use of Our Services. The security and privacy practices, including how We protect, collect, and use electronic data, text, messages, communications or other materials submitted to and stored within the Services by a Customer, are detailed in and governed by CallHippo’s terms of service or such other applicable agreement between the Customer and Us relating to the access to and the use of such Services.
APPENDIX – I
DESCRIPTION OF THE TRANSFER
The Personal Data transferred concern the following categories of Data Subject:
- Data exporter and data exporter’s end users.
Purposes of the Transfer(s)
The transfer is made for the following purposes:
- Provision of CallHippo’s business telecommunication Services.
Categories of data
The Personal Data transferred concern the following categories of data:
- Customer Subscription Data i.e. the Personal Data that relates to Customer’s interactions and association with CallHippo. This shall be inclusive of the names and/or contact details of individuals authorised by the Customer to access Customer’s Account, along with billing information of individuals that Customer has associated with its Account. Customer Subscription Data shall also include any data CallHippo may require to collect for the purpose of identity verification, amongst other legal obligations.
- Customer Usage Data that is data relating to the Customer’s Account activity Processed by CallHippo for the purposes of passing on Customer Content to the intended recipient. This shall include data used to identify the source and destination of Customer Content, such as (a) individual Data Subjects’ telephone numbers, the date, time, duration and the type of communication, along with data on the location of the device generated in the context of providing the Services; and (b) communication logs used to identify the source of Service requests, improve and prevent system abuse.
The Personal Data transferred may only be disclosed to the following recipients or categories of recipients:
- Employees, agents, affiliates, advisors and independent contractors of data importer with a reasonable and legitimate business reason for requiring such Personal Data
- Vendors of data importer that, in their performance of their obligations to data importer, must Process such Personal Data acting on behalf of and according to instructions from data importer.
- Any person (natural or legal) or organisation to whom data importer may be required by applicable law or regulation to disclose Personal Data, including law enforcement authorities, central and local government.
Data protection registration of the data exporter: As registered by the data exporter.
Contact points for data protection enquiries –
Data importer: [email protected]
Data exporter: Email ID provided at the time of signing up