Introduction
The General Data Protection Regulation (GDPR) comes into force on 25 May 2018. It will introduce a number of new legal concepts and make far-reaching changes in data protection legislation.
GDPR defines “personal data” as any information relating to an identified or identifiable natural person (a data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person. All organizations that process personal data will need to be compliant with GDPR by 25 May 2018.
Company Profile
CallHippo is a virtual telephony system provider.
We understand that your privacy is important to you and that you care about how your information is used and shared online. We respect and value the privacy of everyone who visits our site.
CallHippo will only collect and use information in ways that are useful to you and in a manner consistent with your rights and our obligations under the law.
CallHippo has taken the necessary measures and steps to ensure GDPR compliance to the best of its ability. Please contact us by email at [email protected], by telephone on +1- 740-848-2535
Personal and sensitive data
We will ensure that your personal data is processed lawfully, fairly, and transparently, without adversely affecting your rights. For more information please refer to our privacy policy
Staff awareness and training
Our organization follows privacy by design very strictly to ensure that privacy is embedded into any new process or product that is deployed. We have a process in place to enable structure assessment and systematic validation. We arrange annual training on GDPR for all employees, including the management.
Lawful data processing
All personal data is stored securely in accordance with the EU General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR). For more details on security see section 6 in our privacy policy
Consent
We take informed consent under GDPR to ensure that your personal data is processed lawfully, fairly, and transparently, without adversely affecting your rights. We will only process your personal data if at least of the points applies given in our Privacy Policy section 5.6
Privacy policies and notices
Please refer to our privacy policy
Internal policies and procedures
We review and update our policies and contracts to ensure that they are compliant with GDPR including privacy policies and notices, data protection policies, data security, employee data policies, data sharing policies, IT security policies, and data retention policies
Third-party processing
We have already contacted the third party processors who work with us. We have received DPA (Data Processing Agreement) or an update on the steps they are taking to be GDPR compliant. We are consistently working with our third-party processors to make sure we get DPAs. If you have questions on DPAs and list of third party processors. Please contact us at [email protected]
Data Storage
Some or all of your data may be stored or transferred outside of the European Economic Area or EEA (The EEA consists of all EU member states, plus Norway, Iceland, and Liechtenstein). If/when we do store or transfer data outside the EEA, we will take all the necessary steps to ensure that your data is treated as safely and securely as it would be within the EEA and under the GDPR.
Such steps include, but are not limited to, the use of legally binding contractual terms between us and any third parties we engage with as well as the use of the EU-approved Model Contractual Arrangements. We may at any time transfer any of your data outside the EEA. You can contact us at [email protected] if any questions.
Data Retention
We only keep your data for as long as we need to in order to use it as described above in section 5 of our privacy policy, and/or for as long as we have your permission to keep it. In any event, we will conduct an annual review to ascertain whether we need to keep your data. Your data will be deleted in accordance with the terms of our Data Retention Policy if we no longer need it.
Data subject access rights
You have the legal right to ask for access to any of your personal data held by us (where such data is held). In our products, we have given the rights to customers to access, modify and delete the data as per GDPR guidelines. You can write to us for more details at [email protected]
Data subject requests
You can contact us via chat, email- [email protected] or phone +1- 740-848-2535. We respond to all requests/matters within 2 working days.
Right to data portability
We provide access to our customers to export the data in formats like excel, xls, csv, etc . If you require any other data which is not currently available, please contact us at [email protected]
Right to erasure
In case you discontinue using our services or products, your data may be stored for up to 6 months with us or our third-party vendor. It will be kept confidential and will not be shared with anyone at any time. We do this, in case you want to revive the services or product and for analysis purposes. However, finance-related data will not be deleted which is necessary for our company for accounting and auditing. We shall make sure that the identifiers of the individual are erased. You can reach out to us at [email protected] if you have any questions.
Right to rectification
You shall have full rights to rectify your personal data at any point unless it interferes with a technical aspect. For any other rectification requests, you can contact us at [email protected]
Right to object
We give you rights to object for processing your personal data based on legitimate interests (including profiling), direct marketing (including profiling), and processing for scientific and/or historical research and statistics purposes. Please contact us at [email protected]
Data profiling
Please see section 14 in our privacy policy to knowhow we take care of your data profiling.
Processed for specified, explicit and legitimate purposes
We only process personal data for the specific purposes explained to data subjects (or for other purposes expressly permitted by GDPR). The purposes for which an organization processes personal data must be informed to data subjects at the time that their personal data is collected, where it is collected directly from them, or as soon as possible (not more than one calendar month) after collection where it is obtained from a third party
Privacy by design and privacy impact assessment
Under this approach, we have proper procedures and processes aligned to make sure that the movement of data and IT systems take place in a secure way. We have clearly identified and mentioned this in our privacy policy. As far as privacy impact assessment is concerned, we conduct security audits and train our staff once a year to keep them up to date. Any impact on privacy, we ensure proper action and information rollout as per GDPR guidelines (Principle 7)
Data Protection officer
Name- Gaurang Pujara
Email- [email protected]
Phone number- 740-848-2535
Address- 340 S LEMON AVE #7359, WALNUT, CA 91789, UNITED STATES
Data breaches and data security policy
Our company closely screens any unapproved framework and has set up various preventive measures to avoid any external attack on our frameworks and administration. In 1.5 years, CallHippo has had 0 noteworthy security issues, with just a couple of minor ones, which we settled on the day they were encountered.
Security specialists and clients can present a security answer to an encoded email address ([email protected]) as clarified in our protection approach for which we process reports around the same time. CallHippo utilizes firewalls, SSL and code-level security to guarantee no breach. You can learn more about by connecting with us on [email protected]
CallHippo will tell their clients of any data breach, 24 hours greatest in the wake of thinking about it and settling the imperfection. It is then the duty of our clients to report this information breach to their end-clients in due time
Transfer of data outside the EEU
CallHippo being a US-based organization does transfer data outside the EEU as per Chapter V of the GDPR. In the event of a data breach, CallHippo ensures proper safeguards to the data transferred or stored by various means listed above. For any questions, please contact us on [email protected]
International transfers
CallHippo being a US-based organization does transfer the data outside EEU as per Chapter V of the GDPR. CallHippo ensures proper safeguards to the data transferred or stored by various means listed above in data breaches and privacy policy.
All the above information is to the best of our knowledge and may change as we move close to the GDPR applicability date.
If you have any questions, suggestions or query, please reach out to us at [email protected]