Privacy Policy for Samsung Smart Call

EFFECTIVE DATE: May 26, 2021

‍

What is this policy?

Hiya, Inc. (“Hiya” or “We”) values your privacy. In this Privacy Policy (“Policy”), we describe how we collect, use, and disclose information that we obtain about users in connection with the Hiya integration with your Samsung Electronics Co., Ltd. (“Samsung”) and corresponding service (our “Service”). We explain who we are, why, on what legal basis, and how we process personal data and, if you are the subject of any of the personal data concerned, what rights you have and how to get in touch with us if you need to.

This Policy applies only in the context of the Hiya integration into your Samsung device and does not apply to Hiya’s websites, applications, or other services or products that display a privacy policy that differs from this Policy.

By accepting the Terms of Service and this Policy using the Service, you agree that your personal data will be handled as described in this Policy. Your use of the Service is subject to this Policy and the Hiya Terms of Service for Samsung Devices. Our Terms of Service are incorporated by reference into this Policy.

Please note that the Service may contain links to third-party Web sites. Any access to and use of such linked Web sites is not governed by this Policy, but instead is governed by the privacy policies of those third party Web sites. We are not responsible for the information practices of such third party Web sites.

Who are we?

We are Hiya, Inc. Our contact and other details are set out at the end of this policy. We are the controller in relation to the personal data processed in accordance with this policy (except where this policy explains otherwise).

Our details – contacting us

Our full details are:

110 Union Street, Suite 500
Seattle, WA 98101,
USA

Follow this link to contact Hiya Customer Service

Our Data Protection Officer: E-mail: dpo@hiya.com

We also have two offices in the EU:

United Kingdom

14-18 City Road,
Cardiff CF24 3DL
Contact: Alex Algard
Email: support@hiya.com

Hungary

1066 Budapest,
Mozsár utca 16. 5th floor
Contact: Daniel Lehoczky
Email: support@hiya.com

What personal data do we process?

We collect information given directly by you and automatically as you use the Service. In case you are one of our users, we may also process the following personal data relating to you:

• Mobile device IDs (or other identifier as permitted by the Samsung or user id created by Hiya), including a hashed version of your phone number
• Mobile carrier
• Language information
• Your current country
• Device name and model; operating system type, name, and version
• Call event metadata within the Service

If you contact us, we will collect whatever information you choose to provide in your correspondence with us often this includes your phone number, email address or other contact details.

We may combine this information with other information that we have collected about you, including, where applicable, your user id, preferences, and other personal data. Please see the section “Our Use of Cookies and Other Tracking Mechanisms” for more information.

What do we do with your personal data?

In case you are one of our users, we may process your personal data for the purposes listed below.

As necessary to perform our contract with you, for our or third parties’ legitimate interests, especially in order to provide the Service to you and other users, to assist our users in discovering and calling businesses, including:

• To match the information in your phone logs with numbers from the calls you make or receive, as well as with information in our database. We also may store this information for subsequent data validation for both you and other users of the Service and other products;
• To tailor the content and information that we may send or display to you, to offer location customization, and personalized help and instructions, and to otherwise personalize your experiences while using the Service;
• To measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising.
• If you contact us we may process your personal data to communicate with you about your use of the Service, to respond to your inquiries, and for other user services purposes;
• To better understand how users access and use the Service, both on an aggregated and individualized basis;
• To improve the Service, and for research and analytics purposes;
• To administer the Service, and other systems, including troubleshooting, and data analysis, testing, research, statistical and survey purposes;
• To improve the Service to ensure that content is presented in the most effective manner for you and for your device;
• To keep our website, Apps and other systems safe and secure;

If you are a Business User we may process your personal data to enter into, and to perform, contracts with you or the person that you work for.

Who do we disclose your personal data to?

We may share your personal data with:

• Samsung. We work with Samsung to provide the Service on Samsung devices. In connection with our business relationship with Samsung, we provide to Samsung information relating to your use of the Service.
• Affiliates. We may disclose the information we collect to our affiliates or subsidiaries; however, if we do so, their use and disclosure of your personally identifiable information will be subject to this Policy.
• Business Users. We may provide your information to business users of our products (e.g. businesses). For example: We may share your anonymized usage data of the Service with business users so that they can improve their business listing and marketing practices.
• Service Providers. We may disclose the information we collect from you to third party vendors, service providers, contractors, or agents who perform functions on our behalf. For example if you search for a business and we don’t have sufficient information that matches your search request we may ask a third party data vendor for help.
• Business Transfers. If we are acquired by or merged with another company, if substantially all of our assets are transferred to another company, or as part of a bankruptcy proceeding, we may transfer the information we have collected from you to the other company.
• In Response to Legal Process. We may disclose your information to comply with the law, a judicial proceeding, court order, or other legal process, such as in response to a court order or a subpoena.
• To Protect Us and Others. We may disclose your information where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of our Terms of Use or this Policy, or as evidence in litigation in which we are involved. We may, on a strictly confidential basis, also disclose your information to our legal and professional advisers, where we believe it is necessary for the compliance with laws and the protection of our legal interests.
• Aggregate and De-Identified Information. We may share aggregated, de-identified information or IP address information about users with third parties for marketing, advertising, research, or similar purposes.

What are the legal grounds for our processing of your personal data?

The legal bases on which we process your personal data is described below:

• We process data as necessary to perform our contracts with you, or in order to take steps at your request prior to entering into such a contract;
• In cases where this is necessary and you give us your consent to the processing of your personal data, we also rely on consent in relation to the processing concerned (see below for how to withdraw your consent at any time).
• Otherwise, we will process your personal data where the processing is necessary:

• for compliance with a legal obligation to which we are a subject;
• for the protection of your vital interests or those of another person;
• for the performance of a task carried out in the public interest, insofar as the processing has a legal basis.

Where do we process personal data?

The data that we process in relation to you may be transferred to, and stored at, a destination in another country. Hiya’s data centers are located outside the European Economic Area ("EEA") that may not be subject to equivalent data protection law. It may also be processed by staff situated outside the EEA who work for us or for one of our partners. Your information for example could be transferred to the USA, Brazil, Singapore and Australia.

Where personal data is transferred in relation to providing the Service we will take all steps reasonably necessary to ensure that it is subject to appropriate safeguards and that it is treated securely and in accordance with this Policy, such as relying on a recognized legal adequacy mechanism which may include entering into EC approved standard contractual clauses relevant to transfers of personal information (see http://ec.europa.eu/justice/dataprotection/internationaltransfers/transfer/index_en.html).

How long do we process personal data for?

We process personal data only for so long as is necessary for the purpose(s) for which it was originally collected, after which it will be deleted or archived except to the extent that it is necessary for us to continue to process it for the purpose of compliance with legal obligations to which we are subject or for another legitimate and lawful purpose. We may retain some of your information even after you disable or stop using the Service, except if you instructed us otherwise.

In particular, we may for an indefinite period process your call and Service activity logs which you granted us access to before disabling or stop using the Service. We do this strictly for statistical purposes, in order to enable us to improve our algorithms and the Service. We will not use these data for any other purposes, and the processing will have no effect on you or any other natural person. The data will not be shared with any third parties either, and we take appropriate measures to ensure that your data is safe with us.

Children Under 16

The Service is not designed for children under 16 and Hiya does not make its services available to Children under 16. If you are under the age of 16, you may not use the Service and you may not provide us with any of your personal details. If we discover that a child under 16 has provided us with personal information, we will delete such information from our systems.

What are your rights?

You have the following rights in relation to personal data relating to you that we process:

• You may request access to the personal data concerned (please see the section on obtaining access to your personal data below)
• You may request that incorrect personal data that we are processing be rectified
• Under certain circumstances, you may be entitled to request that we erase the personal data concerned
• Under certain circumstances, you may be entitled to request the restriction of processing of your data
• In certain cases, you may also have the right to receive personal data concerning you in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller.
• Where we are processing personal data relating to you on the basis of your prior consent to that processing, you may withdraw your consent at any time, after which we shall stop the processing concerned. This, however, does not affect the lawfulness of the processing based on your consent before it was withdrawn.
• If you have a complaint about any processing of your personal data being conducted by us, you can contact us. If you reside in the European Union you may also lodge a formal complaint with a supervisory authority, in particular in the European Union member state of your habitual residence, place of work or place where the infringement of your rights took place. The list of competent EU supervisory authorities is available here.

How can you exercise your rights?

You may exercise your above rights, including your right to withdraw your consent and access to your personal data, by:

• contact customer service
• writing to us at any of the addresses specified on the top of this document.

Please note that we may be required to ask you for further information in order to confirm your identity before we provide the information requested.

Security

We have implemented commercially reasonable precautions to protect the information we collect from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. Please be aware that despite our best efforts, no data security measures can guarantee 100% security.

Our Use of Cookies and Other Tracking Mechanisms

We and our third party service providers use cookies and similar technologies, including mobile application identifiers, to track information about your use of the Service, help us recognize you on this Service and across other products, improve your experience, increase security, measure use and effectiveness of the Service, and serve advertising. We may combine this information with other personal information we collect from you, and our third party service providers may do so on our behalf.

Currently, the Service does not recognize “do-not-track” requests. By using the Service, you consent to the placement of cookies and beacons on the Samsung device in accordance with this Policy. You may, however, disable certain tracking. Specifically, you may turn off location tracking by changing the settings on your mobile device, although some features of the Service may not be available if you do. You may also control your device’s Google Advertising ID and opt out of interest-based ads from the Google Settings app.

Changes to this policy

This Policy is current as of the Effective Date set forth above. We may change this Policy from time to time, so please be sure to check back periodically. If we make any changes to this Policy that materially affect our practices with regard to the personal data we have previously collected from you, we will endeavor to provide you with notice of such change by highlighting the change on the Service or their corresponding Web sites, sending a push notification, or displaying on any of the Web sites associated with the Service.

This policy was last updated on October 1st, 2021.

‍

‍