EFFECTIVE DATE: May 31st, 2018.
UPDATED DATE: April 2, 2020
What is this policy?
By accepting our Terms of Service and this Policy using our Apps, you agree that your personal information will be handled as described in this Policy. Your use of our Apps, which includes any services available through our Apps, is subject to this Policy and our Terms of Service, not including its applicable limitations on damages and the resolution of disputes. Our Terms of Service are incorporated by reference into this Policy.
Please note that our Apps may contain links to third-party Web sites. Any access to and use of such linked Web sites is not governed by this Policy, but instead is governed by the privacy policies of those third party Web sites. We are not responsible for the information practices of such third party Web sites.
Who are we?
We are Hiya, Inc. Our contact and other details are set out at the end of this policy. We are the controller in relation to the personal data processed in accordance with this policy (except where this policy explains otherwise).
Our details – contacting us
Our full details are:
110 Union St., Suite 500
Seattle, WA 98101
You can reach Our Data Protection Officer
We also have an office in the UK:
Churchill House, Churchill Way,
Cardiff CF10 2HH
Contact: Alex Algard
And an office in the EU:
Mozsár utca 16. 5th floor
Contact: Daniel Lehoczky
Whose personal data do we process?
We may process personal data relating to you if:
- You use our products or services, especially our Apps.
- Your personal data has been provided to us by one of our users. This means that our user granted us access to your personal data, for example data that was stored or otherwise available on his/her device.
- Your personal data has been provided to us by third party sources, including affiliated entities, surveys or questionnaires, marketing companies, data licensors, public records. In such cases, we rely on the guarantees given by these third parties that they have first obtained your consent to providing us with the information, or that there is some other lawful basis for giving us the information.
- You are someone (or you work for someone) to whom we want to advertise or market our services. In this case, we may have obtained your details directly from you (for example, via our website) or from another source.
Social Network User IDs
In case you are one of our users and access some of our Apps using your social networking account credentials, we may obtain information from Facebook, LinkedIn, Twitter and Google+: If you log into our Apps using these social networking accounts, you must enter your social networking account email address and password. We will ask that you grant us permission to your social networking account user IDs which we will use to authenticate you to use our service. Since your social network account user ID is unique we don’t have to create a new ID ourselves. Instead we will use your social network account user ID to identify you as a user in our Apps. If you allow us to have access to your social network account user ID then our Apps may be visible on your social network page that lists your “applications.”
We store your social network account user ID that we receive from your social network account along with other information that we collect from you or receive about you. The third-party social networking site will know that you are a user of our Apps and certain usage information.. For information about how they may use and disclose this information, including any information you make public, please consult their respective privacy policies. We have no control over how any third party site uses or discloses the personal information it collects about you. Any access to and use of a social network is not governed by this Policy, but instead of governed by the policies of those social networks. We are not responsible for the information practices of such social network Web sites.
Children Under 16
Our Apps are not designed for children under 16 and Hiya does not make its’ Apps available to Children under 16. If you are under the age of 16, you may not download the Apps or use the Apps, you may not use any feature that requires registration, and you may not provide us with any of your personal details. If we discover that a child under 16 has provided us with personal information, we will delete such information from our systems.
What personal data do we process?
We collect information given directly by you, by third parties (e.g., data providers, social networking account user ID), and automatically as you use our Apps. The personal data relating to you that we process may include the information set out below.
A key component of our Apps is to assist our users in identifying telephone calls including potentially unwanted telephone calls. To do so, we may collect call and text log information automatically from our users’ devices.
In addition, in case you are one of our users, we may also process the following personal data relating to you:
- Your name
- Your phone number
- Your IP address
- Your physical location (minimally your current country)
- If a number is stored in your contacts (only if you grant us access to contacts)
- If you make data available to us via various social media presences: your user ID
- Search strings when queried from within the App, your location and IP address at time of query
- Mobile device ID (or other identifier as permitted by the manufacturer or created by Hiya)
- Mobile carrier
- Language information
- Device name and model; operating system type, name, and version
- Your activities within the App
- The length of time that you may be logged into an App.
If you contact us, we will collect whatever information you choose to provide in your correspondence with us often this includes your phone number, email address or other contact details.
User Generated Content
We also invite you to contribute information in and on our Apps, including your comments in spam reports, spam category, name corrections and any other information that you would like to be available on our Apps. You also may have the option to send a picture or your location through our Apps to someone you call. These pictures will not be available to all users, only to the receiver of the sent picture. We will not text or call any of your contacts without your explicit consent. If you contribute information to our Apps, your posting may become public and we cannot prevent such information from being used in a manner that may violate this Policy, the law, or your personal privacy. In general, if you choose to disclose information about other people to us, you confirm that you have the authority to use and share such information.
What do we do with your personal data?
In case you are one of our users, we may process your personal data for the purposes listed below.
As necessary to perform our contract with you, for our or third parties’ legitimate interests, especially in order to provide our Apps to you and other users, to assist our users in identifying potentially unwanted telephone calls, including:
- To match the information in your phone logs and contacts with numbers from the calls you make or receive, as well as with information in our database. We also may store this information for subsequent data validation for both you and other users of our Apps and other products;
- To tailor the content and information that we may send or display to you, to offer location customization, and personalized help and instructions, and to otherwise personalize your experiences while using our Apps;
- To send you push notifications. For example, if you missed a call and the number was not in your address book but we knew the name of the caller, we may send you a notification;
- To measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising.
- If you are a paying customer of our Apps we may process your person data to check/verify your payment methods, related accounting purposes, invoicing, and the prevention of fraud;
- If you contact us we may process your personal data to communicate with you about your use of our Apps, to respond to your inquiries, and for other user services purposes;
- To better understand how users access and use our Apps, both on an aggregated and individualized basis;
- To improve our Apps, and for research and analytics purposes;
- To administer our Apps, and other systems, including troubleshooting, and data analysis, testing, research, statistical and survey purposes;
- To improve our Apps to ensure that content is presented in the most effective manner for you and for your device;
- To keep our website, Apps and other systems safe and secure;
If you are a Business User we may process your personal data to enter into, and to perform, contracts with you or the person that you work for.
Finally we may process your information for marketing and promotional purposes based on your consent. For example, we may use your information, such as your email address, to
- send you news and newsletters, special offers, and promotions, or to otherwise contact you about products or
- information we think may interest you. We also may use the information that we learn about you to assist us in advertising our services on third party Web sites.
In case you are not one of our users, we may process your personal data for the following purposes based on our and third parties’ legitimate interests:
- To provide information to our users at the moment when you contact one of our users
- To communicate with you about the information we hold about you, to correct the information that we may display about you and to respond to your inquiries
- To improve our Apps, and for research and analytics purposes
- To administer our Apps, and other systems, including troubleshooting, and data analysis, testing, research, statistical and survey purposes
- To keep our website, Apps and other systems safe and secure
Who do we disclose your personal data to?
We may share your personal data with:
- Affiliates. We may disclose the information we collect to our affiliates or subsidiaries; however, if we do so, their use and disclosure of your personally identifiable information will be subject to this Policy.
- Business Users. We may provide your information to business users of our products (e.g., user support centers) so that they can improve their calling operations and marketing practices. For example: We may share your anonymized complaint data with Business Users such as call originators so that they become aware of the nuisance they are causing.
- User of the Apps and Our Other Products. Because your information may be used for validation of information in our database, we may disclose your information to users of the Apps and of other products and services that rely on our database of information. For example: If you provide us with your name and you call another of our users, then we may show your name to the other user to know who is calling.
- Service Providers. We may disclose the information we collect from you to third party vendors, service providers, contractors, or agents who perform functions on our behalf. For example if a unknown number has called you and we don’t have sufficient information about the number then we may ask a third party data vendor for help.
- Business Transfers. If we are acquired by or merged with another company, if substantially all of our assets are transferred to another company, or as part of a bankruptcy proceeding, we may transfer the information we have collected from you to the other company.
- In Response to Legal Process. We may disclose your information to comply with the law, a judicial proceeding, court order, or other legal process, such as in response to a court order or a subpoena.
- Aggregate and De-Identified Information. We may share aggregated, de-identified information or IP address information about users with third parties for marketing, advertising, research, or similar purposes.
What are the legal grounds for our processing of your personal data?
The legal bases on which we process your personal data is described below:
- We process data as necessary to perform our contracts with you, or in order to take steps at your request prior to entering into such a contract;
- In cases where this is necessary and you give us your consent to the processing of your personal data, we also rely on consent in relation to the processing concerned (see below for how to withdraw your consent at any time).
- Otherwise, we will process your personal data where the processing is necessary:
- for the purposes of the legitimate interests pursued by us or another person, provided that this will only be in circumstances in which those legitimate interests are not overridden by your interests or fundamental rights and freedoms which require protection of personal data. In order for us to be able to provide our services to our users, we may have to rely on information about you that we have obtained from persons other than you, such as our users or third parties. The legitimate interests we rely on for this processing include the interest of ours and most of all our users’ of protecting them from unwanted disturbances, such as phone-calls and texts from businesses or individuals with whom they do not, and most likely do not want to, make contact. We only process personal data on the basis of this legitimate interest where the processing of that data is absolutely necessary in order to enable us to provide the services to our users;
- for compliance with a legal obligation to which we are a subject;
- for the protection of your vital interests or those of another person;
- for the performance of a task carried out in the public interest, insofar as the processing has a basis in Union or Member State law.
Where do we process personal data?
The data that we process in relation to you may be transferred to, and stored at, a destination outside the European Economic Area ("EEA") that may not be subject to equivalent data protection law. It may also be processed by staff situated outside the EEA who work for us or for one of our partners. Your information for example could be transferred to the USA, Canada, Brazil, Singapore and Australia.
Where personal data is transferred in relation to providing our services we will take all steps reasonably necessary to ensure that it is subject to appropriate safeguards and that it is treated securely and in accordance with this Policy, such as relying on a recognized legal adequacy mechanism which may include entering into EC approved standard contractual clauses relevant to transfers of personal information (see http://ec.europa.eu/justice/dataprotection/internationaltransfers/transfer/index_en.html).
How long do we process personal data for?
We process personal data only for so long as is necessary for the purpose(s) for which it was originally collected, after which it will be deleted or archived except to the extent that it is necessary for us to continue to process it for the purpose of compliance with legal obligations to which we are subject or for another legitimate and lawful purpose. We may retain some of your information even after you uninstall or disable an App or close your account, except if you instructed us otherwise.
In particular, we may for an indefinite period process your call logs and spam reports which you granted us access to before uninstalling or disabling an App or closing your account. We do this strictly for statistical purposes, in order to enable us improving our algorithms and our services. We will not use these data for any other purposes, and the processing will have no effect on you or any other natural person. The data will not be shared with any third parties either, and we take appropriate measures to ensure that your data is safe with us.
What are your rights?
You have the following rights in relation to personal data relating to you that we process:
- You may request access to the personal data concerned (please see the section on obtaining access to your personal data below)
- You may request that incorrect personal data that we are processing be rectified
- Under certain circumstances, you may be entitled to request that we erase the personal data concerned
- Under certain circumstances, you may be entitled to request the restriction of processing of your data
- In certain cases, such as cases where your personal data is processed for the purposes of direct marketing, or (with certain conditions) where the processing is based on the legitimate interest of ours or a third person, you may be entitled to object to processing.
- In certain cases, you may also have the right to receive personal data concerning you in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller.
- Where we are processing personal data relating to you on the basis of your prior consent to that processing, you may withdraw your consent at any time, after which we shall stop the processing concerned. This, however, does not affect the lawfulness of the processing based on your consent before it was withdrawn.
- If you have a complaint about any processing of your personal data being conducted by us, you can contact us or lodge a formal complaint with a supervisory authority, in particular in the European Union member state of your habitual residence, place of work or place of the infringement of your rights took place. The list of competent supervisory authorities is available here.
- The California Consumer Protection Act (CCPA) applies to residents of the State of California, United States. You can read about how Hiya complies with the CCPA in our Privacy Notice for California Residents.
How can you exercise your rights?
You may exercise your above rights, including your right to withdraw your consent and access to your personal data, by:
- contacting us at Hiya Customer Service
- writing to us at any of the addresses specified on the top of this document.
You may also modify personal information that you have submitted by logging into your account and updating your profile information. Please note that copies of information that you have updated, modified or deleted may remain viewable in cached and archived pages of the App for a period of time.
Please note that we may be required to ask you for further information in order to confirm your identity before we provide the information requested.
We have implemented commercially reasonable precautions to protect the information we collect from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. Please be aware that despite our best efforts, no data security measures can guarantee 100% security. You should take steps to protect against unauthorized access to your password, phone, and computer by, among other things, signing off after using a shared computer/phone, choosing a robust password that nobody else knows or can easily guess, and keeping your log-in and password private. We are not responsible for any lost, stolen, or compromised passwords or for any activity on your account via unauthorized password activity.
Frequency of Communications
In case you have given your consent to this, we may send periodic promotional or informational emails to you. You may opt-out of such communications by following the opt-out instructions contained in the e-mail. Please note that it may take up to 30 business days for us to process opt-out requests. If you opt-out of receiving emails about recommendations or other information we think may interest you, we may still send you e-mails about your account or any services you have requested or received from us.
Changes to this policy
This Policy is current as of the Effective Date set forth above. We may change this Policy from time to time, so please be sure to check back periodically. We will post changes to this Policy on our Apps. If we make any changes to this Policy that materially affect our practices with regard to the personal information we have previously collected from you, we will endeavor to provide you with notice in advance of such change by highlighting the change on our Apps and their corresponding Web sites, sending a push notification, or displaying on any of the Web sites associated with our Apps.
This policy was last updated on April 2nd 2020