Reduce agent's response time with our AI Chat Assistant. Learn More

Privacy Policy

Effective Date: 10/04/2024
Last Updated on: 29/03/2024

In this Privacy Policy (” Policy“), references to “We”, “Us” or “Our” means ControlHippo. This Privacy Policy shall explain how We process Personal Information collected by Us concerning Your use of controlhippo.com and the Service(s) (” Our Site“). The use of information collected through Our Site shall be limited to the purposes under this Policy.

ControlHippo understands that Your privacy is important to You and that You care about how Your information is used and shared online. We respect and value the privacy of everyone who visits Our Site and will only collect and use information in ways and in a manner consistent with Your rights and Our obligations under the law. Please read this Privacy Policy carefully and ensure that You understand it. If You have any questions regarding this Privacy Policy, the practices of this website or Your dealings with this website, You may contact Us at [email protected]

1. Definitions and Interpretation

In this Policy the following terms shall have the following meanings:

“Account”means any accounts or instances created by You or on Your behalf for access and use of the Service(s).
“Data Protection Laws”means applicable data protection laws in connection with this Privacy Policy.
“Cookie”means a small text file placed on your computer or device by Our Site when you visit certain parts of Our Site and/or when you use certain features of Our Site. Details of the Cookies used by Our Site are set out in section 13, below
“Controller”means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Information.
“Customer/ You/ Your”means the entity that has subscribed to Our Services by agreeing to the terms of service at https://controlhippo.com/terms/.
“Data Subject”means any identified or identifiable natural person.
“Our Site”means this website, ControlHippo.com
“Personal Data”means data relating to a living individual who is or can be identified either from the data or from the data in conjunction with other information that is in, or is likely to come into, the possession of the data controller.
“Process”means any operation or set of operations which is performed on Personal Information or sets of Personal Information, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Service(s)”means the cloud-based synchronized communication platform services provided by ControlHippo that the Customer has subscribed to under the Terms.
“Standard Contractual Clauses” / “Model Clauses”
  1. means the standard contractual clauses for data Controller to data Controller transfers as approved by the European Commission in decision 2004/915/EC, as available at: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32004D0915 (as amended or updated from time to time.)
“UK and EU Cookie Law”means the relevant parts of the Privacy and Electronic Communications (EC Directive) Regulations 2003 as amended in 2004, 2011 and 2015

2. What Does This Policy Apply To?

We collect Personal Information when You use the Site and the associated Service(s) and as part of the normal course of business. This Policy sets out how We collect and use Personal Information and Your rights regarding Our use of Your Personal Information.

This Privacy Policy applies only to your use of Our Site and does not extend to any websites that are linked to from Our Site (whether We provide those links or whether they are shared by other users). We have no control over how your data is collected, stored or used by other websites or services and We advise you to check the privacy policies of any such websites before providing any information to them.

3. What Information Do We Collect?

  • 3.1 Personal Information will be collected automatically by Our Site (as elaborated upon in section 12) while other Personal Information will only be collected if You voluntarily submit it. For example, this could take place when signing up for an Account. Depending upon Your use of Our Site, We may collect some or all of the following Personal Information: Name, date of birth, gender, business/company name, job title, profession, contact information such as email addresses and telephone numbers, demographic information such as postcode, preferences and interests, financial information such as credit/debit card numbers, IP address (automatically collected), web browser type and version (automatically collected), operating system (automatically collected), a list of URLs starting with a referring site, your activity on Our Site, and the site you exit to (automatically collected).
  • 3.2 In addition to this, while availing Our Services, ControlHippo may ask for permission to get access to the contacts on Your phone:
  • i. When You intend to send a text to a contact directly from the ControlHippo app, ControlHippo will access Your phone contacts with your permission.
    • 1.1 Further, while You avail Our Services, ControlHippo will act as an independent Controller while Processing some forms of your Personal Information such as Customer Usage Data and Customer Subscription Data, as defined in Appendix I of this Policy.
    • 1.2 If You provide Us with any Personal Information relating to other individuals, You represent that You have the authority to do so, and where required, have obtained the necessary consent, and acknowledge that it may be used in accordance with this Privacy Notice.

4. How Is Your Personal Information Used?

  • 4.1 We will use Your Personal Information only as described in this Privacy Policy and shall Process Your Personal Information only if We have a legal basis to, as elaborated upon in section 5. We may use Your Personal Information collected:
    • i. To provide and manage your Account,
    • ii. To provide and manage your access to Our site,
    • iii. To adapt your preferences to your experience on Our site,
    • iv. To respond to communications from you,
    • v. To carry out market research,
    • vi. To analyse your use of Our site and
    • vii. To gather feedback to enable Us to continually improve Our site and your user experience.
  • 4.2 In addition to this, with Your permission and/or where permitted by law, We may also use Your Personal Information for marketing purposes which may include contacting You by email AND/OR telephone AND/OR text message AND/OR post AND/OR web push notifications with information, news and offers on Our products AND/OR Service(s). We will not, however, send You any spam and will take all reasonable steps to ensure that We comply with all applicable laws in this regard.
  • 4.3 Further, advertisers whose content appears on Our Site may engage in what is known as “behavioural advertising” i.e. advertising which is tailored to Your preferences, based on Your activity. Your activity is monitored using Cookies, as detailed below in section 13. You can control and limit Your data used in this way by adjusting Your web browser’s privacy settings. Please note that We do not control the activities of such advertisers, nor the information they collect and use. Limiting the use of Your Personal Information in this way will not remove the advertising, but it will make it less relevant to Your interests and activities on Our Site.

5. Legal Basis

If You are a Data Subject from the European Economic Area, Our legal basis for collecting and processing the Personal Information described above will depend on the Personal Information concerned and the specific context in which We collect it. We will normally collect Personal Information from You only where it is needed to perform a contract with You, where the Processing is in Our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms, or where We have Your consent. In some cases, We may also have a legal obligation to collect Personal Information from You. If We Process Your Personal Information with reliance on Your consent, You may withdraw Your consent at any time. If You have questions or need further information concerning the legal basis on which We collect and use Your Personal Information, please contact Us at the addresses set forth in Section 14.

6. When Do We Share Your Personal Information?

  • 6.1 We may share your Personal Information with other companies in Our group. This includes Our subsidiaries AND/OR Our holding company and its subsidiaries.
  • 6.2 We may contract with third parties to supply products and Our services to you on Our behalf. These may include billing and payment processing, search engine facilities and advertising and marketing. In some cases, the third parties may require access to some or all of your Personal Information. Where any of your Personal Information is required for such a purpose, We will take all reasonable steps to ensure that your Personal Information will be Processed by such third-party in compliance with applicable laws.
  • 6.3 We may compile statistics about the use of Our Site including data on traffic, usage patterns, user numbers, sales and other information. All such data will be anonymised and will not include any Personal Information. We may from time to time share such data with third parties such as prospective investors, affiliates, partners and advertisers. Data will only be shared and used in compliance with applicable laws.
  • 6.4 With Your permission and/or as permitted under law, We may share Your Personal Information with third parties who may send You marketing collateral in connection with the Service(s).
  • 6.5 In certain circumstances, We may be legally required to share certain data held by Us, which may include Your Personal Information, for example, where We are involved in legal proceedings or where We are complying with the requirements of legislation, a court order, or a governmental authority. We do not require any further consent from You to share Your Personal Information in such circumstances and will comply as required with any legally binding request that is made of Us.
  • 6.6 We may also share your Personal Information if We merge with or are acquired by another company. In such a case, your information will likely be one of the assets that is transferred.

7. What Happens When You Connect Your Email Account or Sign Up Via Social Media?

  • 7.1 You can choose to provide explicit consent to connect Your email accounts with Your Account. Once connected, We will securely access and analyse the relevant content related to the Service(s) provided by Us. We encourage You to review Your Personal Information prior to signing in through the applicable service. We do not under any circumstances store Your email messages, email messages headers, message bodies, or attachments. We only access Your email account for scanning purposes and display information immediately as it is returned. We request read-only access to Your email account and will not attempt to alter or modify Your email account or email messages in any way, except as otherwise agreed by You through additional consent to write permission in Your account with respect to the Service(s)You are opting for.
  • 7.2 Further, Our Site includes social media features and widgets that are either hosted by a third-party or hosted directly on Our Site; Your interaction with these social media features and widgets is governed by the privacy statement of the companies that provide them. You should check Your privacy settings on these third-party services to understand and change the information sent to Us through these Services. This data may be combined with the other information We collect and might include aggregated levels of specific data.

8. How Is Your Personal Information Stored and Transferred?

  • 8.1 Your Personal Information and files including their backups are stored on Our servers and the servers of companies We hire to provide Services to Us. Your Personal Information may be transferred across national borders because, We have servers located in the United States of America and India, and the companies We hire to help Us run Our business may be located in different countries around the world. The information that We collect from you may be transferred to, and stored in, a country outside the European Economic Area (EEA). It may also be Processed by staff operating outside the EEA who work for Us or Our partners. If you are a resident of the European Economic Area and when Your Personal Information is Processed outside EEA, We will ensure that the recipient of Your Personal Information offers an adequate level of protection, for instance by entering into standard contractual clauses for the transfer of Personal Information as approved by the European Commission (Article 46 General Data Privacy Regulation, 2016), or We will ask You for your prior consent to such international data transfers except as stated in the Terms or the Data Protection Addendum.
  • 8.2 For the instances where We act as an independent Controller for Customer Usage Data and Customer Subscription Data, the Standard Contractual Clauses for data Controller to data Controller transfers as approved by the European Commission in decision 2004/915/EC are hereby incorporated in this Policy by reference. Schedule 1 of this Policy shall take the place of Annex B of the Standard Contractual Clauses. Purely for the purposes of the descriptions in the Model Clauses and only as between ControlHippo and You, ControlHippo agrees that it is a “data importer” and You are the “data exporter” under the Model Clauses. For the purposes of this Appendix, “Personal Data” shall take on the same meaning as that of Personal Information as laid down in Clause 1.

9. Retention of Personal Data

ControlHippo retains the Personal Information collected where an ongoing legitimate business requires retention of such Personal Information such as for litigation/defense purposes, as necessary to comply with our legal obligations, maintain accurate financial and other records, resolve disputes, and enforce our agreements. In the absence of a need to retain your Personal Information as specified herein, We will either delete or aggregate your Personal Information. If this is not possible, We will securely store your Personal Information and isolate it from any further Processing until deletion is possible.

10. Rights of Children

We recognize the importance of children’s safety and privacy. We do not request, or knowingly collect, any personally identifiable information from children under the age of 16. If a parent or guardian becomes aware that his or her child has provided Us with Personal Information, he or she should write to Us at the email address set forth in this Policy under Section 14. If You have reason to believe that a child under the age of 16 has provided Personal Information to Us through Our Websites or Services, please contact Us using the details in section 14 and We will endeavour to delete that information and terminate the child’s Account from Our databases.

11. How Do We Secure Your Personal Information?

  • 11.1 Your Personal Information is extremely important to Us. We use appropriate technical and organisational measures to protect the Personal Information that We collect and Process. The measures We use are designed to provide a level of security appropriate to the risk of Processing your Personal Information. If you have questions about the security of your Personal Information, please contact Us immediately as described in this Policy.
  • 11.2 Notwithstanding the security measures that We take, it is important to remember that the transmission of data via the internet may not be completely secure and that you are advised to take suitable precautions when transmitting to Us data via the internet.

12. Summary of Your Rights

You have the following rights with respect to your Personal Information-

  • 12.1 Right to be informed: You are entitled to know whether We hold your Personal Information and the purpose your Personal Information is Processed for.
  • 12.2 Right of access: You are entitled to obtain a copy of your Personal Information, together with an explanation of the categories of Personal Information being Processed, the purposes of such Processing, and the details of third parties to whom the Personal Information may have been disclosed to.
  • 12.3 Right to rectification: You are entitled to correct/update your Personal Information available with Us.
  • 12.4 Right to erasure: You are entitled to get your Personal Information erased from Our customer relationship management (CRM) databases. Please note that We need to retain certain Personal Information about you for legal and internal business reasons, such as fraud prevention. We will retain your Personal Information for as long as necessary to provide you with the websites and apps you are eligible to use and as needed to comply with Our legal obligations and enforce Our agreements.
  • 12.5 Right to data portability: You are entitled to obtain and reuse your Personal Information. You can either obtain the Personal Information from Us or, in turn, provide it to a third-party (if you so wish), or ask Us to transfer your Personal Information directly to a third-party.
  • 12.6 Right to object/restrict Processing or both: You have a right to object/restrict the Processing of your Personal Information in some circumstances, including where the Personal Information is inaccurate (for the period during which We are verifying the Personal Information), the Personal Information is no longer required in light of the purpose of Processing, or in connection with direct marketing (you can prevent/discontinue marketing communications to you by checking certain boxes on the forms We use to collect your Personal Information), or by utilizing opt-out mechanisms in the emails We send you. You shall also have the right not to be subject to a decision based solely on automated Processing, including profiling, which produces legal effects concerning and similarly significantly affecting you.

In the above cases, We will retain minimum Personal Information to note that You opted out from being contacted again. For the exercise of any of the above-mentioned rights, please write to Us at the email address mentioned in section 14.

13. Cookie Policy

We may place some cookie on Your device while You visit or use Our site. For more information, please read Our Cookie Policy.

14. Contacting Us

If you have any questions about Our Site or this Privacy Policy, please contact us by email at [email protected]

Please ensure that Your query is clear, particularly if it is a request for information about the data We hold about You.

15. Changes to Our Privacy Policy

We may change this Privacy Policy as We may deem necessary from time to time, or as may be required by law. Your continued use of Our Services after any changes or revisions to this Privacy Policy indicates your agreement to the terms of the revised Privacy Policy. We recommend that you check this page regularly to keep up-to-date

16. Notice to End-User and Other Exclusions

If You are an individual who interacts with a Customer using Our Services, then that Customer is the Controller of Your Personal Information. Your data privacy questions and requests should be submitted to the Customer in its capacity as Your Controller and You will be directed to contact Our Customer for assistance with any requests or questions relating to Your Personal Information. We are not responsible for Customers’ privacy or security practices which may be different from this Policy. Except as specifically provided in this Policy, this Policy does not apply in connection with access and use of Our Service(s). The security and privacy practices, including how We protect, collect, and use electronic data, text, messages, communications or other materials submitted to and stored within the Service(s) by a Customer, are detailed in and governed by ControlHippo’s terms of service or such other applicable agreement between the Customer and Us relating to the access to and the use of such Services.

APPENDIX – I

ANNEX B TO THE STANDARD CONTRACTUAL CLAUSES

DESCRIPTION OF THE TRANSFER

Data Subjects

The Personal Data transferred concern the following categories of Data Subject:

  • Data exporter and data exporter’s end users.

Purposes of the Transfer(s)

The transfer is made for the following purposes:

  • Provision of ControlHippo’s synchronized communication platform Services.

Categories of data

The Personal Data transferred concern the following categories of data:

  1. Customer Subscription Data i.e. the Personal Data that relates to Customer’s interactions and association with ControlHippo. This shall be inclusive of the names and/or contact details of individuals authorised by the Customer to access Customer’s Account, along with billing information of individuals that Customer has associated with its Account. Customer Subscription Data shall also include any data that ControlHippo may require to collect for the purpose of identity verification, amongst other legal obligations.
  2. Customer Usage Data that is data relating to the Customer’s Account activity Processed by ControlHippo for the purposes of passing on Customer Content to the intended recipient. This shall include data used to identify the source and destination of Customer Content, such as (a) individual Data Subjects’ telephone numbers, the date, time, duration and the type of communication, along with data on the location of the device generated in the context of providing the Services; and (b) communication logs used to identify the source of Service requests, improve and prevent system abuse.

Recipients

The Personal Data transferred may only be disclosed to the following recipients or categories of recipients:

  • Employees, agents, affiliates, advisors and independent contractors of data importer with a reasonable and legitimate business reason for requiring such Personal Data
  • Vendors of data importer that, in their performance of their obligations to data importer, must Process such Personal Data acting on behalf of and according to instructions from data importer.
  • Any person (natural or legal) or organisation to whom data importer may be required by applicable law or regulation to disclose Personal Data, including law enforcement authorities, central and local government.

Sensitive data

N/A

Data protection registration of the data exporter: As registered by the data exporter.

Contact points for data protection enquiries

Data importer: [email protected]

Data exporter: Email ID provided at the time of signing up

Start Free Trial