Hiya Privacy Philosophy

Hiya Privacy Philosophy

In the course of its business, Hiya, Inc. (Hiya) processes personal data. This can be personal data of our users, our staff, our business contacts or other individuals.

Hiya, a leading provider for blocking unwanted mobile calls, has at its heart all matters of privacy. As such, Hiya takes adherence to the principles of data protection law and its obligations to protect personal data seriously. This Privacy Philosophy outlines the standards which Hiya applies for ensuring that all personal data is processed in line with our data protection obligations and beyond.

Having designed, launched and operated its services in more than 30 countries has provided Hiya with exceptional insights into data protection requirements throughout the world. To ensure the proper handling of personal data in all business contexts, Hiya has established a data protection framework which reflects both the internal and the external processes related to keeping personal data safe and secure. This framework, underpinned by clear processes and policies, establishes the standards to which Hiya holds itself accountable, and equally to which any individual can hold Hiya to account.

This is our promise to you:

1. We respect personal data

1.1. Hiya is committed to adhere to the principles of data protection law. Some of the data processing of Hiya is subject to the requirements of the General Data Protection Regulation of the European Union (GDPR)1, the strictest data protection regime currently in force, which enshrines the principles of lawfulness, fairness and transparency of processing, purpose limitation, data minimisation, data accuracy, storage limitation, integrity and confidentiality. Hiya processes personal data in line with these principles in all jurisdictions where it operates, in compliance with applicable law and prevailing local legal requirements, such as California’s CCPA, or Brazil’s General Data Protection Law.

1.2. We collect personal data only for specified, explicit and legitimate purposes and in a manner compatible with those purposes. We only collect data lawfully and from verifiable sources. In all cases, our data processing activities are supported by the appropriate legal basis. Where we rely on our legitimate interests, we have made sure that the interests and fundamental rights and freedoms of the data subjects do not override our legitimate interests. We collect personal data that is adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed.

1.3. Before the GDPR became applicable, we had conducted a full audit of our data processing activities involving external legal counsel and took all necessary steps to comply with our obligations.

1.4. Hiya has put into place internal processes that help us manage personal data in line with what the law requires from us. We make sure that all our employees and engineers receive the ongoing training necessary for achieving our data protection standards, and that they remain bound by strict confidentiality agreements both during and after the end of their employment-relationship. As a data controller, we will notify relevant supervisory authorities of personal data breaches in accordance with the procedures laid down in our policies and in compliance with prevailing applicable laws. We put the data subject at the heart of our data protection framework and ensure that we respect and duly comply with the rights of data subjects.

1.5. It is a requirement of doing business with Hiya that third parties confirm their compliance with applicable data protection laws and sign binding non-disclosure agreements.

1.6. We only retain personal data for as long as it is necessary to achieve a specified purpose set out in our Privacy Policy.

1.7. It is important for us to conduct our data processing activities in a transparent manner. Through our detailed Privacy Policy, we ensure that the individuals whose personal data we process are duly informed about what happens to their personal data and what their rights are in this regard.

2. We apply appropriate technical and organisational measures

2.1. We introduce and enforce appropriate technical and organisational security measures to protect personal data against unauthorised or unlawful processing and against accidental loss, destruction or damage. For example, we apply two-factor data access authorization and physical access protection, as well as the principle of least privilege both in terms of our IT infrastructure and people entitled to access data. All personal data collection and processing occurs exclusively from/to authenticated devices and via secured transmission (TLS). Furthermore, Hiya has deployed an Information Security Management System (ISMS) that serves as the foundation of our information security practices. Also, where possible, we process and store personal data in a pseudonymized way.

2.2. We review our technical and organisational security measures periodically to ensure that they are fit for purpose and up to date to the current state of technological affairs.

3. We are involved in protecting personal data

3.1. Hiya’s Chief Executive Officer, its Managers and all employees are committed to the protection of personal data. This is being reflected in their valuable inputs on how to improve our data protection framework.

3.2. Hiya has appointed a Data Protection Officer (DPO) who is responsible for liaising with data subjects, data protection authorities and carrying out his or her tasks based on the GDPR and other relevant laws. Our DPO is ready to answer any questions you or anyone else interested in our data processing activities may want to raise. The contact details of our DPO are:

Hiya, Inc.
Data Protection Officer
Email: dpo@hiya.com

3.3. We make sure that the DPO, whenever he or she deems it necessary, is backed by the advice of external legal counsel.

3.4. In order to ensure data protection on all organizational levels, we keep Hiya’s employees informed of their data protection related obligations by making sure they have read and understood our data protection framework, with special attention to the processes relevant to their own functions.

4. We follow-up

4.1. We are aware that data protection is a field that is shifting constantly. As our legal obligations and the soft laws of data protection keep changing, we ensure the accurate and timely review of our data protection framework.

4.2. We not only comply with the changing landscape of obligations data protection laws impose upon us ‒ we also make best efforts to be attentive of the recommendations of the relevant data protection authorities and bodies when designing and following up on our operations.


1 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.

This Privacy Philosophy was last updated on 29 July 2019.