Hearsay Social, Inc. (“Hearsay”), is a web and mobile-based software platform that allows financial services and insurance companies (“Customers”) and their employees and/or designated agents with access to the Services (“Users”) to utilize electronic communications channels (such as social media, websites, email, mobile voice and text message) to communicate with clients and prospects (“SaaS Services”).
This Privacy Policy applies to Hearsay’s Website and Hearsay’s SaaS Services; collectively “Services.” This Privacy Policy contains details about how we collect, use, disclose, process, share and secure personal information that we obtain from and about you when you interact with our Services. Our collection and processing of information that alone or in conjunction with other information may reasonably identify you (“Personal Information”) may be either for our own purposes, or on behalf of other entities to whom we provide services.
If you have any questions regarding the collection and processing of Personal Information performed by us on behalf of another entity please consult that entity’s privacy policy. If, after reviewing this Privacy Policy, you have any questions or privacy concerns, please send us an email to privacy@hearsaycorp.com (see the How to Contact Us about Privacy section). We are committed to protecting the privacy of those with whom we interact.
For purposes of this Privacy Policy, the words “our,” “us,” “we,” and “Hearsay” refer to Hearsay Social, Inc., and our affiliates (which includes any person or entity that controls us, is controlled by us, or is under common control with us, such as our subsidiary, parent company, or our employees).
For the purpose of this Notice, Personal Information shall by interchangeable with Personal Data, and each shall have the meaning assigned to it by applicable laws, including, but not limited to, information that directly or indirectly, on its own or in conjunction with other information, identifies an individual. Please read this Notice carefully.
NEVADA, CALIFORNIA, COLORADO, CONNECTICUT, OR VIRGINIA RESIDENTS OR RESIDENTS OF ANOTHER STATE THAT OFFER CERTAIN PRIVACY RIGHTS: If you are a resident of Nevada, California, Colorado, Connecticut, or Virginia or resident of another state that offers certain privacy rights, this entire Privacy Policy applies to you. However, please see Additional Information for Certain States below, which will inform you in detail about our information collection practices and your specific rights.
INDIVIDUALS LOCATED IN THE EEA OR THE U.K.: If you are located in the European Economic Area (“EEA”) or the United Kingdom (“U.K.”), this entire Privacy Policy applies to you. However, please see Additional Information for Individuals in the EEA below, which will inform you in detail about our legal bases for processing and which rights you have in connection with our processing of your personal data.
We collect information in several contexts as described below. This policy also does not apply to information we collect in connection with providing services to our business clients, where we act as a service provider and process Personal Information in accordance with their instructions (see “Hearsay Processor and Service Provider Data”). Such information is subject to the Privacy Policies of the other financial institutions.
This Policy applies only to Hearsay operated services and applications, including our online services, mobile-based application, and Website. Our Services may contain links to other websites that are not operated or controlled by Hearsay. Hearsay does not control such third-party websites or their privacy practices. Any personal information you choose to give to third-party websites is not covered by this Notice.
Hearsay may update this Privacy Policy from time to time, in its sole discretion. If we do so, we will post an updated Privacy Policy on the Hearsay Website and provide prompt written notice of such updates, as applicable. Changes, modifications, additions, or deletions will be effective when posted unless stated otherwise. If we make material or significant changes, we may also send our Customers a notice that we have changed this Privacy Policy. Your continued use of the Hearsay Website and Services, and/or your continued provision of personal information to us after the posting of such notice, will be deemed an acceptance of any changes and subject to the terms of the then-current Privacy Policy. If any of the changes are unacceptable to you, you should cease interacting with us. When required under applicable law, we will seek affirmative consent from you before making material changes to the way we handle Personal Information previously collected from you. If you do not provide such consent, Personal Information will continue to be used in a manner that is consistent with the version of this Notice under which it was collected.
We are located in the United States, and the personal information that we collect is stored on servers located in the United States. This means that your Personal Information will be collected, processed, and stored in the United States, which may have data protection laws that are different from (and sometimes less protective than) the laws of your country or region, such as the General Data Protection Regulation 2016/679 (“GDPR”) in the European Union.
By sending us Personal Information, you agree and consent to the processing of your personal information in the United States, which may not offer an equivalent level of protection to that required in other countries (particularly the European Economic Area).
We have implemented safeguards designed to ensure that the Personal Information we process remains protected in accordance with this Privacy Policy, including when processed internationally or by our third-party service providers and partners. The safeguards we may take at our discretion include, for instance, entering into specific agreements in connection with any onward transfers of personal information. We may implement other mechanisms and take similar appropriate safeguards with our third party service providers and partners. Further details can be provided upon request.
Hearsay acts as a ‘data controller’ when it collects Personal Information on its own behalf and for its own Business Purposes, such as through our publicly-accessible Website, and as a ‘data processor’ when it collects and processes personal information on behalf of its Customers in order to provide the SaaS Services. As such, this Privacy Policy is separated into two main sections that address our different roles:
Please note that how you exercise certain rights will depend on whether Hearsay is processing your Personal Information as a ‘data controller’ or as a ‘data processor’, and is further explained throughout this Privacy Policy:
If you are a visitor of the Hearsay Website or a Customer and have any questions about this Privacy Policy or requests for access to or deletion or rectification of personal information that Hearsay collects and processes contact us at privacy@hearsaycorp.com or by mail at:
Attn: Legal Department
Hearsay Social, Inc. d/b/a Hearsay Systems
2261 Market Street, Ste. 5397
San Francisco, CA 94114
United States of America
Individuals in the EEA or the U.K. may contact Hearsay at:
Attn: Legal Department
Hearsay Social, Inc. d/b/a Hearsay Systems
Koztelek utca 6, 1147 Budapest
privacy@hearsaycorp.com
Below is a description of the personal information that we gather from you as a visitor to Hearsay Website, which includes https://hearsaysystems.com and other websites where this Privacy Policy is posted. Information about personal information collected through the account portal and the Saas Services can be found in the Hearsay Processor and SaaS Service Provider Data section below.
In this section, “you” refers to an individual visiting the Hearsay Website.
When you visit the Hearsay Website, we collect information directly from you when you provide it to us, such as when you request a demo, and indirectly, such as through the use of cookies and similar technology.
Data Protection Law (as defined below) recognizes that Sensitive Personal Information (or “sensitive personal data” as used interchangeably) requires additional protection. In particular, the GDPR prohibits the processing of sensitive personal data, other than in certain exceptional circumstances. Sensitive personal data in the EEA includes information relating to one’s race or ethnicity, political opinions, religious or philosophical beliefs, membership of a trade union, as well as biometric data and data relating to one’s health or sexual orientation (“Sensitive Personal Information”. Certain US state privacy laws (i.e., “Data Protection Law”) also have different definitions of Sensitive Personal Information, which may also include precise geolocation, citizenship or immigration status, and Personal Information from a known child.
Visiting the Hearsay Website
Some pages of the Hearsay Website allow you to fill out a web form and share your personal information with us directly, such as on our “Contact Us” page and on our “Submit a request” page. Information we collect consists of:
Occasionally, we may also offer opportunities for you to share your data with us such as through a survey, to sign up for a newsletter, or to register for or receive details about an event we are sponsoring. If you participate in those surveys, sign up for a newsletter, or register for an event, we will collect the information you provide to us at that time. You will be able to unsubscribe from receiving those types of communication at any time.
In addition, if you send us an email or otherwise contact us, we will collect the personal information that you provide to us at that time.
When you visit the Hearsay Website, we, or authorized third parties, collect information, including Device and Usage Information described below, by automated means using cookies, web beacons, server logs or other tracking technologies for analytic purposes. For more information on our use of these technologies and the data that they collect, please see our Cookie Statement. We may also collect information from third parties, as explained below.
Device and Usage Information
When you visit, use or interact with the Hearsay Website, even if you do not have an account, we, or authorized third parties (such as service providers or External Ad Partners (as defined in the Targeted Advertising section below), may collect information about your use of the Hearsay Website via your device. Device and Usage Information that we, or these authorized third parties, collect consists of:
Information from Third Parties
In some instances, we process personal information from third parties, such as data from our External Ad Partners (see the Targeted Advertising section below). These third parties may also use tracking technologies to serve you advertisements tailored to interests you have shown by browsing on this Website and other sites, applications, destinations, and services you have visited, and for other lawful Business Purposes (as defined below).
To provide you with more relevant and interesting experiences, we may work with third party companies to display ads or customize the content on this Website and on other digital properties and websites. These companies may use cookies and similar tracking technologies as described in this Notice to gather information about your visits to our Website, as well as your visits elsewhere on the Internet. These companies use this information to provide you with more relevant advertising known as interest-based advertising.
We, or our authorized partners, collect and process personal information in order to:
Additionally, we may disclose information about users (i) if it is required to do so by law or legal process; (ii) as may be required to law enforcement authorities or other government officials, (iii) when Hearsay believes disclosure is necessary or appropriate to prevent physical harm, financial loss or in connection with an investigation of suspected or actual illegal activity, or (iv) to respond to claims by third parties.
For California residents, please see the Additional Information for Certain States Section below for more information on specific purposes of collection for each category of Personal Information collected in the past 12 months as a “Business” under the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act of 2020. For Colorado, Connecticut, and Virginia residents, please also see the Additional Information for Certain States.
For individuals located in the EEA or the U.K., please see the Additional Information for Individuals in the EEA and the U.K. Section below for more information, including our legal bases for processing.
We disclose your Personal Information under certain circumstances, such as to our service providers or in the event of a business transfer, as further described below.
Hearsay may share Personal Information and/or Sensitive Personal Information with our third party agents, contractors, or service providers who are hired to perform services on Hearsay’s behalf or in order to assist with certain Business Purposes and/or Commercial Purposes. These providers may operate or support certain functions of the Hearsay Website and Services. Below is a list of categories of service providers that we may use to perform these functions (which are subject to change):
Service providers process your Personal Information and/or Sensitive Personal Information for the specific purpose of providing their services to us (and in accordance with our instructions).
As explained here, we also work with and disclose Personal Information to External Ad Partners who assist us with advertising and marketing our Services.
In some cases, service providers and External Ad Partners collect your Personal Information and/or Sensitive Personal Information directly from you, such as via cookies.
We may share data collected from you from the Hearsay Website with our affiliate entities.
As we continue to grow, we may purchase websites, applications, subsidiaries, or other businesses or business units. Alternatively, we may sell businesses or business units, merge with other entities, obtain financing, and/or sell assets or stock, in some cases, as part of a reorganization or liquidation in bankruptcy. In order to evaluate and/or as part of these transactions, we may transfer your personal information to a successor entity upon a merger, consolidation, or other corporate reorganization in which Hearsay participates, to investors and/or to a purchaser or acquirer of all or a portion of Hearsay’s assets, including bankruptcy.
We share anonymized, aggregated, automatically-collected, or otherwise non-Personal Information with third parties for various purposes, including (i) compliance with reporting obligations; (ii) Business Purposes, Commercial Purposes, and/or marketing purposes; (iii) assistance for us and other parties in understanding our users’ interests, habits, and usage patterns for certain programs, content, services, advertisements, and/or functionality available through the Services. We do not share Personal Information about you in this case.
Hearsay may preserve or disclose your Personal Information in limited circumstances (other than as set forth in this Privacy Policy), including: (i) with your consent; (ii) when we have a good faith belief it is required by law, such as pursuant to a valid subpoena, warrant, or other judicial or administrative order (as further explained below); (iii) to protect the safety of any person; (iv) to protect the safety or security of the Hearsay Website and/or Services or to prevent spam, abuse, or other malicious activity of actors with respect to the Hearsay Website and/or Services; or (v) to protect our rights or property or the rights or property of those who use the Hearsay Website and/or Services.
If we are required to disclose Personal Information by law, such as pursuant to a subpoena, warrant, or other judicial or administrative order, we will use reasonable efforts to provide you with notice of this disclosure requirement, unless we are prohibited from doing so by statute, subpoena or court or administrative order. Our policy is to respond to requests that are properly issued by law enforcement within the United States or via mutual legal assistance mechanism (such as a treaty), and to object to requests that we do not believe were issued properly. However, if we receive information that provides us with a good faith belief that there is an exigent emergency involving the danger of death or serious physical injury to a person, we may provide information to law enforcement trying to prevent or mitigate the danger (if we have it), which will be determined on a case-by-case basis.
Our Website is intended for individuals 18 years of age and older. It is not directed at, marketed to, nor intended for, children under 18 years of age. We do not knowingly collect any Personal Information directly from children under the age of 18. If we discover we have inadvertently received any Personal Information from a child under the age of 18 in violation of this Policy, we will take reasonable steps to delete that information as quickly as possible. If you believe that we have any Personal Information from or about anyone under the age of 18, please contact us at privacy@hearsaycorp.com.
The Hearsay Website uses third-party analytics tools that drop cookies and/or similar technologies to collect and store information about your device and use of the Hearsay Website. We use analytics tools to calculate visitor, session and campaign data for the Hearsay Website analytics reports.
One of our tools is Google Analytics. We use Google Analytics to generate and process statistical or demographic data. Third parties, like Google, use cookies to compile reports on the website’s activity and website visitors, and provide other services related to website activity and usage. The technologies used by Google may collect information such as your IP address, time of visit, whether you are a return visitor, and any referring website. You can read more about Google’s practices in Google’s privacy policy. You can opt-out from being tracked by Google Analytics in a particular browser on a particular device by downloading and installing the Google Analytics Opt-out Browser Add-on for that browser. To learn more about how to opt-out of tracking by Google Analytics, please click here.
Another tool is the LinkedIn Insight Tag. You can read more about LinkedIn’s practices in LinkedIn’s privacy policy. LinkedIn only provides reports and alerts (which do not identify LinkedIn members) about the Hearsay website audience and ad performance (LinkedIn does not share the personal data of its members with Hearsay). LinkedIn members can control the use of their personal data for advertising purposes through their account settings.
We market our company and Services in a variety of ways. Below is a description of what data we gather from you, and how we use it for purposes of these marketing activities. We gather information from or about you in the following different roles:
Occasionally, we may also offer opportunities for you to share your data with us such as through a survey, to sign up for a newsletter, or to register for or receive details about an event we are sponsoring. If you participate in those surveys, sign up for a newsletter, or register for an event, we will collect the information you provide to us at that time. You will be able to unsubscribe from receiving those types of communication at any time.
In some cases, you provide Personal Information directly to Hearsay as part of a marketing event that Hearsay hosts or co-hosts, through email or when you participate in an online webinar. Occasionally, and only with your consent, we may send you future communications. We may also acquire personal information about you through a third party. In particular, Hearsay engages third parties who provide us with contact information for Leads. When acquiring information from third parties, Hearsay endeavors to obtain contractual commitments from the third parties that the information was acquired lawfully and with the appropriate level of consent.
Our communications to you for marketing purposes will contain instructions on how you can opt-out from receiving future communications, and if you consent to our use of your personal information for marketing purposes, you may always withdraw your consent. You may also contact Hearsay directly about its marketing activities at privacy@hearsaycorp.com.
Hearsay engages third-party advertising networks (“External Ad Partners”) to display advertising about our Services when you visit other websites within that advertising network. Like many other companies, we rely on retargeting, also known as remarketing, which is a type of marketing strategy that helps businesses “remind” visitors of their products and services after they leave their websites. For instance, through the use of cookies (and similar technologies) placed by External Ad Partners, online identifiers (considered personal information) are collected and then used to identify visitors to the Hearsay Website on other websites or social media platforms. With this information our External Ad Partners may serve relevant ads on consumers who previously visited the Hearsay Website.
Individuals in the EEA, the U.K., or certain U.S. state residents (i.e., Consumers, as defined below) have additional rights, as explained here and here.
Hearsay maintains an online presence on social media platforms (“Social Media Platforms”) such as Instagram, Twitter, Facebook and Linkedin, to provide information about our Services and communicate with users and/or visitors to those pages or accounts. When you interact or post to our account, we process your Personal Information. In some cases, the Social Media Platforms are service providers or processors. In other cases, such as with Facebook, we are jointly responsible for the processing, as explained in the section titled Hearsay as a ‘Joint Controller’ with Facebook.
We use reasonably appropriate security measures designed to protect the security of Personal Information and Sensitive Personal Information both online and offline. These measures vary based on the sensitivity of the information that we collect, process and store and the current state of technology. Please note, though, that no website or internet transmission is completely secure, so while we strive to protect your data, we cannot guarantee that unauthorized access, hacking, data loss or a data breach will never occur.
Certain internet web browsers allow a “do not track” (“DNT”) setting that relies on a technology known as a DNT header, which sends a signal to websites visited by the individual about the individual’s browser DNT setting. At this time, we do respond to DNT signals. For more information on DNT settings generally, please visit https://allaboutdnt.com.
How you make choices about cookies and other tracking technologies depends on the type of cookie or tracking technology being used. For details on how to manage your preferences for cookies and tracking technologies within your web browser, please see our Cookie Statement.
If you are receiving promotional emails from us, you can choose to stop receiving those by following the unsubscribe/opt-out instructions in those emails. You can also opt-out by contacting customer support at support@hearsaycorp.com.
To request access to, or to make changes to, data that we have collected from you via the Hearsay Website, please email us at privacy@hearsaycorp.com. Individuals in the EEA, the U.K., or certain U.S. state residents (i.e., Consumers, as defined below) have additional rights, as explained here and here.
The categories of recipients of personal data with whom we may share your personal data are listed in Disclosure of Your Personal Information above.
Hearsay as ‘Data Controller’
As a ‘data controller’, Hearsay processes your Personal Information for a number of different purposes. Some are essential for us to provide the Services or to fulfill our legal obligations, some help us run the Services efficiently and effectively, and some enable us to provide you with more relevant and personalized offers and information. In all cases, with respect to individuals in the EEA or the U.K., we must have a reason and a legal ground for processing your personal information. The most common legal grounds on which we rely are briefly explained below:
The following breakdown illustrates in more detail our processing activities and how the above legal bases for processing apply (in brackets):
We use Facebook’s products and services (“Facebook Products”) in different ways:
With respect to our use of Facebook Products, we are jointly responsible with Facebook Ireland for the processing activities (“Joint Processing”):
Facebook Ireland Ltd.,
4 Grand Canal Square, Grand Canal Harbor
Dublin 2, Ireland
Information about the personal data that is collected from you by Facebook, as well as how and why it is processed by Facebook, can be found at https://www.facebook.com/about/privacy.
Hearsay and Facebook have entered into an agreement in order to determine the respective responsibilities for compliance with our obligations in connection with the Joint Processing within the meaning of the GDPR. This joint controller agreement, which sets out the reciprocal obligations, is available here.
Hearsay’s legal basis for processing your personal data via Facebook Products is our legitimate interest in increasing and analyzing the communication, sales, and promotion of Services. Our legal basis may also be your consent, which may be revoked at any time.
Some processing by Facebook Ireland Ltd. might take place in the United States by Facebook Inc.
We use the following criteria to determine our retention periods: the amount, nature and sensitivity of your information, the reasons for which we collect and process your personal data, the length of time we have an ongoing relationship with you and provide you with access to our Services, and applicable legal requirements. We will retain personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to comply with applicable legal, tax, or accounting requirements), when we are unable to reasonably verify your identity, or as may otherwise be required under GDPR. Additionally, we cannot delete information when it is needed for the establishment, exercise, or defense of a legal claim (also known as a “litigation hold”). In this case, the information must be retained as long as needed for exercising respective potential legal claims.
When we no longer have a legitimate business need to process your personal information, it is deleted and/or anonymized. If you have questions about, or need further information concerning, our data retention periods, please email privacy@hearsaycorp.com.
If the GDPR or the U.K., applies to you because you are in the EEA or the U.K., you have certain rights in relation to your personal data:
These rights are subject to certain rules around when you can exercise them. If you are located in the EEA or the U.K. and wish to exercise any of the rights set out above, please contact us (see How to Contact Us about Privacy).
We will respond to all legitimate requests within one month. Occasionally, it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated as required by law.
Finally, you have the right to make a complaint at any time to the supervisory authority for data protection issues in your country of residence. We would, however, appreciate the chance to address your concerns before you approach the supervisory authority, so please contact us directly first at privacy@hearsaycorp.com.
This privacy notice for Nevada, California, Colorado, Connecticut, and Virginia residents, and residents of other states with applicable privacy laws (“State Privacy Notice”) supplements the information contained in the Privacy Policy and applies solely to individuals who reside in the applicable state (“Consumers”). We have created this State Privacy Notice in order to comply with the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act (collectively, “CCPA”), the Colorado Privacy Act (“CPA”), the Connecticut Data Privacy Act (“CTDPA”), the Virginia Consumer Data Protection Act (“VCDPA”), and other applicable privacy laws (collectively, “Data Protection Law”).
This CCPA Notice applies to Personal Information that Hearsay collects for its own purposes. It does not apply to:
We collect Personal Information as that term is defined in CCPA. Within the last twelve (12) months, Hearsay has collected the following categories of Personal Information from or about Consumers:
Personal information does not include:
As explained in more detail here, Hearsay obtains the categories of personal information listed above from the following categories of sources:
We collect and process your Personal Information and/or Sensitive Personal Information whenever you use our Website and/or Services.
Under the CCPA, we must disclose the purposes for which we collect your information. Our purposes include Business Purpose and Commercial Purposes, as generally described below.
In the section Why We Collect Your Personal Information and How We Use It, we explain the purposes for which we process this information, pursuant to Data Protection Law(s), along with the relevant categories of data we use and the legal basis we rely on to do so or other permitted reasons for processing (e.g. Business Purposes or Commercial Purposes under the CCPA). For clarity, the terms Business Purpose and Commercial Purpose, are being used to sufficiently describe the purpose of processing, transferring, sharing, sale, and/or sharing, as applicable, of all your Personal Information and/or Sensitive Personal Information under all Data Protection Law(s). As previously mentioned, Hearsay transfers and/or discloses your geolocation data and the contents of your social and text messages, which is Sensitive Personal Information, in order to provide the Service as well as for compliance reasons.
Hearsay may disclose your Personal Information to service providers, contractors, and/or third parties (as defined by CCPA) (or processor or third party, as defined by applicable Data Protection Law(s)) for a Business Purpose and/or Commercial Purpose. When we disclose Personal Information for a Business Purpose and/or Commercial Purpose, we enter into a contract that describes the purpose and requires the recipient to both keep that Personal Information confidential and not use it for any purpose except performing the services for us. As explained in more detail here, we also share your Personal Information with certain categories of service providers, contractors, and/or third parties who assist us in providing the Hearsay Website and Services and with our business.
We disclose your Personal Information and/or Sensitive Personal Information for a Business Purpose and/or Commercial Purpose to the following categories of Service Providers:
The following chart describes the categories of Personal Information and Sensitive Personal Information that we disclosed to service providers, contractors, and/or third parties for a Business Purpose and/or Commercial Purpose in the 12 months prior to the date of this Privacy Policy. As noted below in the chart, Hearsay transfers and/or discloses your geolocation data and the contents of your social and text messages, which is Sensitive Personal Information, in order to provide the Service as well as for compliance reasons.
The CCPA defines ‘sale’ and ‘share’ very broadly. ’Sale’ includes the sharing of Personal Information with third parties in exchange for anything of value, while ‘share’ means disclosure of Personal Information to third parties for cross contextual behavioral advertising. According to these broad definitions, in the 12 months before this section was last updated, we may have sold or shared the following categories of Personal Information to third parties:
The CCPA provides Consumers with specific rights regarding their Personal Information, provided that we are able to verify their identities as explained below. This section describes your CCPA rights and explains how to exercise them.
Opting-out of Sales or Sharing of Your Personal Information
You have the right to opt-out of our sharing or selling of your Personal Information with some External Ad Partners in certain circumstances. If you would like to opt-out of the sale of Personal Information, please click here.You can also opt-out of the sale or sharing of your Personal Information that is collected automatically when you visit the Website by clicking here.
Hearsay does not sell or share Personal Information collected on the Hearsay mobile-based software platform.
Access to Specific Information
You have the right to request that Hearsay disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive your request and verify your identity, as explained in Exercising Your Consumer Rights, we will disclose such information to you.
Right to Data Portability
You have the right to receive the Personal Information that you have provided to Hearsay, in a structured, commonly used and machine-readable format, and you have the right to transmit that information to another controller, including to have it transmitted directly, where technically feasible.
Right to Correction
You have the right to have your Personal Information corrected.
Deletion Request Rights
You have the right to request that Hearsay delete your personal information, subject to certain exceptions listed in the CCPA. Once we receive your request and verify your identity, as explained in Exercising Your Consumer Rights, we will delete (and direct our service providers, contractors, third parties, and/or processors, as applicable, to delete) your Personal Information from our records, unless an exception applies.
Your Right to Limit the Use Sensitive Personal Information We Have Collected About You
You have the right to limit our use of your Sensitive Personal Information if we use it for purposes other than providing the Services to you. We currently do not use your Sensitive Personal Information for purposes other than providing the Service/ for the Business Purposes above.
Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable Consumer request related to your personal information.
An authorized agent is a natural person or a business entity registered with the Secretary of State that a Consumer has authorized to act on his or her behalf. When a Consumer uses an authorized agent to submit a request to know or a request to delete, Hearsay may require that the Consumer provide the authorized agent written permission to do so and verify his or her own identity directly with Hearsay, unless the Consumer has provided the authorized agent with a valid power of attorney. Hearsay may deny a request from an agent that does not submit proof that he or she has been authorized by the Consumer to act on his or her behalf.
To exercise the rights described above, please submit a verifiable Consumer request to us by either calling us at 1-888-399-2280 or mailing privacy@hearsaycorp.com.
You may only make a verifiable Consumer request for access or data portability twice within a 12-month period. In particular, you can request the following:
1. Specific Pieces of Information
2. Categories of Information
The verifiable Consumer request must:
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. We will notify you to explain the basis of the denial.
If we have a good-faith, reasonable belief that a request to opt-out of the sale or sharing of Personal Information is fraudulent, we may deny the request. Should this occur, we will inform you and explain why we believe the request is fraudulent.
Making a verifiable Consumer request does not require you to create an account with us. Please note that the methods for verification are set forth in the CCPA, which also requires us to consider a number of factors, such as the type, sensitivity, and value of the personal information or the risk of harm posed by unauthorized access or deletion, on a case-by-case basis.
We will only use personal information provided in a verifiable Consumer request to verify the requestor’s identity or authority to make the request.
Upon your request, we will delete the Personal Information we have collected about you, except for situations where the CCPA authorizes us to retain specific information, including when it is necessary for us to provide you with a good or service that you requested; perform a contract we entered into with you; maintain the functionality or security of our systems; or comply with or exercise rights provided by the law. The law also permits us to retain specific information for our exclusively internal use, but only in ways that are compatible with the context in which you provided the information to us or that are reasonably aligned with your expectations based on your relationship with us. We will act on your deletion request within the timeframes set forth below.
Response Timing
We endeavor to respond to a verifiable Consumer request generally within 45 days of its receipt, or as otherwise required by the CCPA, although we may take longer to process your request under certain circumstances. If we expect your request is going to take us longer than normal to fulfill, we will let you know.
Any disclosures we provide will only cover the 12-month period preceding our receipt of the verifiable Consumer’s request. If applicable, in our response, we will also explain the reasons we cannot comply with a request. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We usually act on requests and provide information free of charge, but we may charge a reasonable fee to cover our administrative costs of providing the information in certain situations. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request. In some cases, the law may allow us to refuse to act on certain requests. When this is the case, we will endeavor to provide you with an explanation as to why.
We will not discriminate against you in a manner prohibited by the CCPA because you exercise your CCPA rights. Please note that to use our Services, we do require the collection of your personal information – for example, to sign you up. While you may request to delete your personal information under CCPA, such deletions may affect our ability to offer the Services.
California Civil Code Section 1798.83, also known as the “Shine the Light” law, permits California residents to annually request, free of charge, information about certain categories of Personal Information a business has disclosed to third parties for direct marketing purposes in the preceding calendar year. California residents may make such request to us at privacy@hearsaycorp.com. We will provide a list of the categories of personal information disclosed to such third parties for their direct marketing purposes during the immediately preceding calendar year, along with the names and addresses or these third parties. This request may be made no more than once per calendar year. We reserve our right not to respond to requests submitted other than to the email specified in this section.
We do not sell your Personal Information within the scope of, and according to the defined meaning of, a “sale” under NRS 603A.
Under Virginia’s Consumer Data Protection Act (“VCDPA”), solely as to Personal Information of users acting in an individual or household context, Virginia residents have certain rights around Hearsay’s collection, use, and sharing of their personal data. Hearsay may sell your personal data and has provided you with notice and an opportunity to opt-out of such sale as required by law. Similarly, Hearsay may engage in profiling in furtherance of decisions that produce legal or similarly significant effects. Hearsay may engage in “targeted advertising” as that term is defined in the VCDPA. You have the right to opt-out of targeted advertising here. Hearsay collects various categories of personal data when you use the Services, including identifiers, commercial information, internet or other electronic network or device activity information, geolocation data, and professional information . A more detailed description of the information Hearsay collects and how we use it is provided above in the sections Information We Collect Directly From You, Information We Collect Indirectly From You, Use of Your Personal Information, How We Process Your Information and Our Legal Bases for Doing So, and Disclosure of Personal Information. Disclosure of Personal Information describes the categories of third parties with whom we share personal data, and what information may be shared under different circumstances. If you are a resident of Virginia, you will have the right to (1) request to know what personal data has been collected about you, and to access that information; (2) request to correct inaccuracies in your personal data; (3) request deletion of your personal data, though exceptions under the CDPA and other laws may allow Hearsay to retain and use certain personal data notwithstanding your deletion request; (4) obtain a copy of your personal data (i.e., right of data portability); and (5) the right to opt out personal data processing for the purpose of (i) targeted advertising; (ii) the sale of personal data; or (iii) profiling in further of decisions that produce legal or similarly significant effects concerning the consumer. You can learn more about how to submit a data rights request, or appeal denial of a request, as applicable, at the Exercising Your Consumer Rights section above. You may also send your request by email to privacy@hearsaycorp.com.
Under Colorado’s Consumer Privacy Act (“CPA”), solely as to Personal Information of users when acting in an individual or household context, Colorado residents have certain rights around Hearsay’s collection, use, and sharing of their personal data. Hearsay may sell your personal data and has provided you with notice and an opportunity to opt-out of such sale as required by law. Similarly, Hearsay may engage in profiling in furtherance of decisions that produce legal or similarly significant effects. Hearsay may engage in “targeted advertising” as that term is defined in the CPA. You will have the right to opt-out of targeted advertising here. Hearsay collects various categories of personal data when you use the Services, including identifiers, commercial information, internet or other electronic network or device activity information, geolocation data, and professional information. A more detailed description of the information Hearsay collects and how we use it is provided above in the sections Information We Collect Directly From You, Information We Collect Indirectly From You, Use of Your Personal Information, How We Process Your Information and Our Legal Bases for Doing So, and Disclosure of Personal Information. Disclosure of Personal Information describes the categories of third parties with whom we share personal data, and what information may be shared under different circumstances. If you are a resident of Colorado, you will have the right to (1) request to know what personal data has been collected about you, and to access that information; (2) request to correct inaccuracies in your personal data; (3) request deletion of your personal data, though exceptions under the CPA and other laws may allow Hearsay to retain and use certain personal data notwithstanding your deletion request; (4) obtain a copy of your personal data (i.e., right of data portability); and (5) the right to opt out personal data processing for the purpose of (i) targeted advertising; (ii) the sale of personal data; or (iii) profiling in further of decisions that produce legal or similarly significant effects concerning the consumer. You can learn more about how to submit a data rights request, or appeal denial of a request, as applicable, at the Exercising Your Consumer Rights section above. You may also send your request by email to privacy@hearsaycorp.com.
Under Connecticut’s Data Privacy Act (“CTDPA”), solely as to Personal Information of users when acting in an individual or household context, Connecticut residents have certain rights around Hearsay’s collection, use, and sharing of their personal data. Hearsay may sell your personal data and has provided you with notice and an opportunity to opt-out of such sale as required by law. Similarly, Hearsay may engage in profiling in furtherance of decisions that produce legal or similarly significant effects. Hearsay may engage in “targeted advertising” as that term is defined in the CTDPA. You will have the right to opt-out of targeted advertising here. Hearsay collects various categories of personal data when you use the Services, including identifiers, commercial information, internet or other electronic network or device activity information, geolocation data, and professional information. A more detailed description of the information Hearsay collects and how we use it is provided above in the sections Information We Collect Directly From You, Information We Collect Indirectly From You, Use of Your Personal Information, How We Process Your Information and Our Legal Bases for Doing So, and Disclosure of Personal Information. Disclosure of Personal Information describes the categories of third parties with whom we share personal data, and what information may be shared under different circumstances. If you are a resident of Connecticut, you will have the right to (1) request to know what personal data has been collected about you, and to access that information; (2) request to correct inaccuracies in your personal data; (3) request deletion of your personal data, though exceptions under the CTDPA and other laws may allow Hearsay to retain and use certain personal data notwithstanding your deletion request; (4) obtain a copy of your personal data (i.e., right of data portability); and (5) the right to opt out personal data processing for the purpose of (i) targeted advertising; (ii) the sale of personal data; or (iii) profiling in further of decisions that produce legal or similarly significant effects concerning the consumer. You can learn more about how to submit a data rights request, or appeal denial of a request, as applicable, at the Exercising Your Consumer Rights section above. You may also send your request by email to privacy@hearsaycorp.com.
If you have any questions regarding this State Notice, please contact us directly.
As explained above, we process personal information from individuals described below on behalf of our Customers in order to provide our Services, in accordance with their Instructions. When we process personal information on behalf of our Customers, we are a ‘data processor’ or service provider. This includes certain information that we collect through our account portal (https://my.hearsaysocial.com/) when Users log into their accounts with Hearsay, as well as other information that is collected through the various products offered by Hearsay as part of the Services.
Hearsay’s Customers are controllers of the Personal Information because they decide how or why your Personal Information is processed. When our Customers process Personal Information through our Services, they are responsible for ensuring that they do so in compliance with the law, including providing their customers and users with their own privacy policies.
Hearsay’s processing activity as a service provider and processor is governed by the contracts we have with our Customers. Under the terms of those agreements, we will direct any data subject request you make to Hearsay for Personal Information that we process as a processor under this section to our Customers.
For purposes of this Section, “You” may refer to a variety of people, including:
If there are special terms and considerations, we will address the individual group by the capitalized term (Customer, User or User Contacts). Where terms apply to all groups, we will address the group as “you.”
We process information (1) received directly from Customers and Users, other than personal information collected on signing up as a User of the Services, (2) from or about User Contacts through the use of the Services by Customers and Users, and (3) obtained indirectly, such as through the use of cookies or CRM integrations.
The information that we process as part of the Services is described below in further detail. Collectively, all information processed by Hearsay in order to provide the Services is referred to “Services Information” for purposes of this Privacy Policy.
Through the Services, Customers and Users can populate their accounts with information submitted by a Customer or a User to Hearsay, or uploaded by Customer or a User to the Services, which is meant to be used and shared through the Services. Examples of such content include articles, logos and other assets uploaded by a Customer or User to personalize a web page. In uploading or submitting this information, Customers and Users must not include any personally identifiable information contained within the uploaded materials.
Hearsay may also contact Customers and Users to provide feedback on the Services by email or other means in order to better understand how Customers and Users use the Services. Some of the questions might include requests with a voluntary answer to provide certain additional personal identifiable information, such as name, age and geographic location. Information gathered by Hearsay will be used solely in connection with or to improve or expand the Services; however, this may include using this information within third-party services that are associated with the Services. Please see our cookies section to better understand how we use performance cookies to improve the Services.
As part of our Services, Hearsay allows Users to connect certain digital assets such as social media accounts (including private messaging in some cases), email addresses and telephone numbers to the Services in order to communicate with User Contacts. Customers may also have their own websites hosted by Hearsay (“Customer Sites”). As a result, Hearsay processes personal information from or about User Contacts that is collected via the Customer Sites, User social media accounts and/or other connections to the Services, depending on the level of permission. For instance, when using social media networks, if Hearsay is allowed to collect social media activity about the User Contact, Hearsay will collect such information and present a summary of this information to the User. With respect to text message correspondence, Hearsay may collect, store and retain the telephone number of the User Contact, call history with the User Contact, and any contents of a text message that a User Contact made in text message communications with the User.
Hearsay collects and/or processes Sensitive Personal Information, including precise geolocation and content of social and text messages. As explained below, the contents of social and text messages may contain additional Sensitive Personal Information that is shared by the Customer and/or User.
Any information that a User or a User Contact submits to the Services will be captured and retained by Hearsay as part of the Services.
If you are a User Contact, you may have been directed to review this Privacy Policy by one of our Customers in lieu of their own Privacy Policy. In this case, any information about you as a User Contact that Hearsay collects will be processed and maintained in accordance with this policy. However, to understand how the Customer uses the information or to exercise any rights, please contact the Customer directly.
CRM Integrations
Certain Customers integrate their customer relationship management (CRM) systems with the Services. When this happens, Hearsay receives any information about Users and User Contacts that a Customer has collected and wishes to share with Hearsay. Hearsay will use this information within the Service to enable certain functionality (e.g., populating email contacts from a CRM so that a User may utilize email functionality), or use insights in order to recommend certain actions (e.g., based on a combination of activity documented in CRM and the Services with a User Contact, a User might receive a recommendation to make a future communication with the same User Contact).
Publicly Available Information about Users and User Contacts
In order to better understand Users and provide a better experience, Hearsay creates various “profiles” within the Services, in order to provide more targeted content and suggest action items for a User to take within the Services. “Profiles” are not composites of personal information nor based on actual individuals, but are common characteristics identified by Hearsay to describe certain behaviors or preferences. In order to make recommendations or suggest content, Hearsay endeavors to find out more about its Users and User Contacts. In some instances, when building these “profiles,” Hearsay may retain third parties to collect publicly available information about Users. This information may include your industry, the size of your office, and your online directory listing, to help Hearsay understand more about our customer base and to tailor information we send you about the Services.
Anonymized Aggregated Data
Hearsay has developed proprietary algorithms that monitor all communications and transactions that occur within the Services. Hearsay engages third parties to perform data analysis on data sets provided by Hearsay in order to improve Hearsay’s algorithms. The purpose of these algorithms is to identify patterns of behavior, either unique to a User or to defined categories of people, which may enhance a User’s use of the Services. Any data created or identified within an algorithm does not identify the activity of an individual User or User Contacts. For example, the Services may identify that a User’s social media network contacts are most active between the hours of 10 AM to 12 PM on weekdays, and would therefore recommend a User to schedule social media posts during this time. The Services algorithms gather this information based on the volume activity occurring within this network; this recommendation, or any data associated with this recommendation, would not identify the posting habits of any individual User Contact or a User. For text message communication, the Services may suggest prepopulated quick replies to certain text messages. The Services algorithms make these suggestions based on gathered information from previous replies and conversations.
Industry Information
Hearsay collects information relating to the industry with which a User is associated: acquiring data sets about certain financial services industries, reviewing census results to identify purchasing habits of consumers, etc. The purpose of acquiring this information is to provide more information and insight for the User when using the Services.
We or our authorized service providers process the Services Information solely as a data processor, in order to:
We disclose Services Information under certain circumstances, as further described below.
The Services allow Users to send or receive communications from User Contacts through social media, email, text messaging and voice communications. If Users send communications through the Services, Hearsay will deliver those communications to third parties in order for the User Contact to share and receive those communications. We call these third party delivery networks “External Services.” Examples of External Services include Facebook, Twitter, LinkedIn and Instagram (for social media).
We may share Services Information with third-party service providers or consultants who need access to the data to perform their work on Hearsay’s behalf. These third party service providers are limited to only accessing or using this data to provide services to us and must provide reasonable assurances that they will appropriately safeguard any data provided by Hearsay. These include Amazon Web Services for website hosting, Sendgrid for email delivery and Twilio for text messaging.
Hearsay is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). Telecommunications activity performed by Hearsay is regulated and overseen by the Federal Communications Commission (FCC) and various state public utility commissions. We may disclose Services Information pertaining to a regulatory audit conducted by these entities as well as oversight organizations for the financial services industry, such as FINRA, SEC, or similar state and international regulators. When responding to a financial services regulatory audit, we will endeavor to first contact the Customer before disclosing any such information unless we are prohibited from doing so. The Customer is solely responsible for contacting any Users or User Contacts as part of the regulatory audit and disclosure of Services Information.
We may share data collected from you from the Services with our affiliates.
As we continue to grow, we may purchase websites, applications, subsidiaries, or other businesses or business units. Alternatively, we may sell businesses or business units, merge with other entities, obtain financing, and/or sell assets or stock, in some cases, as part of a reorganization or liquidation in bankruptcy. In order to evaluate and/or as part of these transactions, we may transfer your personal information to a successor entity upon a merger, consolidation, or other corporate reorganization in which Hearsay participates, to investors and/or to a purchaser or acquirer of all or a portion of Hearsay’s assets, bankruptcy included.
We share anonymized, aggregated, automatically-collected, or otherwise non-personal information with third parties for various purposes, including (i) compliance with reporting obligations; (ii) business or marketing purposes; (iii) assistance for us and other parties in understanding our Customers’ and Users’ interests, habits, and usage patterns for certain programs, content, services, advertisements, and/or functionality available through the Services. We do not share personal information about you in this case.
Hearsay may preserve or disclose your personal information in limited circumstances (other than as set forth in this Privacy Policy), including: (i) with your consent; (ii) when we have a good faith belief it is required by law, such as pursuant to a valid subpoena, warrant, or other judicial or administrative order (as further explained below); (iii) to protect the safety of any person; (iv) to protect the safety or security of the Hearsay Website and/or Services or to prevent spam, abuse, or other malicious activity of actors with respect to the Hearsay Website and/or Services; or (v) to protect our rights or property or the rights or property of those who use the Hearsay Website and/or Services.
If we are required to disclose personal information by law, such as pursuant to a subpoena, warrant, or other judicial or administrative order, we will use reasonable efforts to provide you with notice of this disclosure requirement, unless we are prohibited from doing so by statute, subpoena or court or administrative order. Our policy is to respond to requests that are properly issued by law enforcement within the United States or via mutual legal assistance mechanism (such as a treaty), and to object to requests that we do not believe were issued properly. However, if we receive information that provides us with a good faith belief that there is an exigent emergency involving the danger of death or serious physical injury to a person, we may provide information to law enforcement trying to prevent or mitigate the danger (if we have it), which will be determined on a case-by-case basis.
Certain Customers may purchase services from third parties that have a partnership relationship with Hearsay and are authorized to access the Services (“Value Added Partners”). In such cases, Hearsay will allow the Value Added Partner(s) to access the relevant Services account if the Customer has given the requisite permission. This access may include being able to read Services Information.
As ‘data controllers’ of Services Information, Customers are responsible for providing information to individuals in the EEA and/or the U.K., including the purposes of collection, legal bases, and your rights, as well as residents of certain states that provide consumer rights. If we receive a notification from a Customer regarding an individual wishing to exercise his/her exercising, we will assist said Customer with responding to and honoring such requests according to the Customer’s instructions.
When you visit the Hearsay Website or use the Services, we and our service providers acting on our behalf automatically collect certain data using tracking technologies like cookies, web beacons, and similar tracking technologies.
A cookie is a small amount of data, which often includes an anonymous unique identifier that is sent to your browser from a website’s computers and stored on your computer’s hard drive.
These technologies are used to help us better understand User behavior and facilitate and measure the effectiveness of our Hearsay Website and Services. We treat information collected by cookies and other technologies as non-personal information.
We use cookies to record current session information. We also use third party cookies (e.g. Google Analytics) to provide anonymized and aggregated information on website usage statistics and patterns.
All modern Internet browsers allow you to control your cookie settings. These settings are usually accessed in the ‘Options’ or ‘Preferences’ section of your browser. Please note that certain features of the website will not be available once cookies are disabled. For further information about cookies and how to manage them, please visit www.allaboutcookies.org.
Hearsay uses web beacons with cookies or separately to compile information about your engagement with us. Web beacons are clear electronic images that can recognize certain types of information on your computer, such as cookies, when you view a particular website tied to the web beacon, and a description of a website tied to the web beacon.
Here is a basic description and overview of the type of cookies Hearsay may use:
Hearsay Social, Inc. (“Hearsay”), is a web and mobile-based software platform that allows financial services and insurance companies (“Customers”) and their employees and/or designated agents with access to the Services (“Users”) to utilize electronic communications channels (such as social media, websites, email, mobile voice and text message) to communicate with clients and prospects (“SaaS Services”).
This Privacy Policy applies to Hearsay’s Website and Hearsay’s SaaS Services; collectively “Services.” This Privacy Policy contains details about how we collect, use, disclose, process, share and secure personal information that we obtain from and about you when you interact with our Services. Our collection and processing of information that alone or in conjunction with other information may reasonably identify you (“Personal Information”) may be either for our own purposes, or on behalf of other entities to whom we provide services.
If you have any questions regarding the collection and processing of Personal Information performed by us on behalf of another entity please consult that entity’s privacy policy. If, after reviewing this Privacy Policy, you have any questions or privacy concerns, please send us an email to privacy@hearsaycorp.com (see the How to Contact Us about Privacy section). We are committed to protecting the privacy of those with whom we interact.
For purposes of this Privacy Policy, the words “our,” “us,” “we,” and “Hearsay” refer to Hearsay Social, Inc., and our affiliates (which includes any person or entity that controls us, is controlled by us, or is under common control with us, such as our subsidiary, parent company, or our employees).
For the purpose of this Notice, Personal Information shall by interchangeable with Personal Data, and each shall have the meaning assigned to it by applicable laws, including, but not limited to, information that directly or indirectly, on its own or in conjunction with other information, identifies an individual. Please read this Notice carefully.
NEVADA, CALIFORNIA, COLORADO, CONNECTICUT, OR VIRGINIA RESIDENTS OR RESIDENTS OF ANOTHER STATE THAT OFFER CERTAIN PRIVACY RIGHTS: If you are a resident of Nevada, California, Colorado, Connecticut, or Virginia or resident of another state that offers certain privacy rights, this entire Privacy Policy applies to you. However, please see Additional Information for Certain States below, which will inform you in detail about our information collection practices and your specific rights.
INDIVIDUALS LOCATED IN THE EEA OR THE U.K.: If you are located in the European Economic Area (“EEA”) or the United Kingdom (“U.K.”), this entire Privacy Policy applies to you. However, please see Additional Information for Individuals in the EEA below, which will inform you in detail about our legal bases for processing and which rights you have in connection with our processing of your personal data.
We collect information in several contexts as described below. This policy also does not apply to information we collect in connection with providing services to our business clients, where we act as a service provider and process Personal Information in accordance with their instructions (see “Hearsay Processor and Service Provider Data”). Such information is subject to the Privacy Policies of the other financial institutions.
This Policy applies only to Hearsay operated services and applications, including our online services, mobile-based application, and Website. Our Services may contain links to other websites that are not operated or controlled by Hearsay. Hearsay does not control such third-party websites or their privacy practices. Any personal information you choose to give to third-party websites is not covered by this Notice.
Hearsay may update this Privacy Policy from time to time, in its sole discretion. If we do so, we will post an updated Privacy Policy on the Hearsay Website and provide prompt written notice of such updates, as applicable. Changes, modifications, additions, or deletions will be effective when posted unless stated otherwise. If we make material or significant changes, we may also send our Customers a notice that we have changed this Privacy Policy. Your continued use of the Hearsay Website and Services, and/or your continued provision of personal information to us after the posting of such notice, will be deemed an acceptance of any changes and subject to the terms of the then-current Privacy Policy. If any of the changes are unacceptable to you, you should cease interacting with us. When required under applicable law, we will seek affirmative consent from you before making material changes to the way we handle Personal Information previously collected from you. If you do not provide such consent, Personal Information will continue to be used in a manner that is consistent with the version of this Notice under which it was collected.
We are located in the United States, and the personal information that we collect is stored on servers located in the United States. This means that your Personal Information will be collected, processed, and stored in the United States, which may have data protection laws that are different from (and sometimes less protective than) the laws of your country or region, such as the General Data Protection Regulation 2016/679 (“GDPR”) in the European Union.
By sending us Personal Information, you agree and consent to the processing of your personal information in the United States, which may not offer an equivalent level of protection to that required in other countries (particularly the European Economic Area).
We have implemented safeguards designed to ensure that the Personal Information we process remains protected in accordance with this Privacy Policy, including when processed internationally or by our third-party service providers and partners. The safeguards we may take at our discretion include, for instance, entering into specific agreements in connection with any onward transfers of personal information. We may implement other mechanisms and take similar appropriate safeguards with our third party service providers and partners. Further details can be provided upon request.
Hearsay acts as a ‘data controller’ when it collects Personal Information on its own behalf and for its own Business Purposes, such as through our publicly-accessible Website, and as a ‘data processor’ when it collects and processes personal information on behalf of its Customers in order to provide the SaaS Services. As such, this Privacy Policy is separated into two main sections that address our different roles:
Please note that how you exercise certain rights will depend on whether Hearsay is processing your Personal Information as a ‘data controller’ or as a ‘data processor’, and is further explained throughout this Privacy Policy:
If you are a visitor of the Hearsay Website or a Customer and have any questions about this Privacy Policy or requests for access to or deletion or rectification of personal information that Hearsay collects and processes contact us at privacy@hearsaycorp.com or by mail at:
Attn: Legal Department
Hearsay Social, Inc. d/b/a Hearsay Systems
2261 Market Street, Ste. 5397
San Francisco, CA 94114
United States of America
Individuals in the EEA or the U.K. may contact Hearsay at:
Attn: Legal Department
Hearsay Social, Inc. d/b/a Hearsay Systems
Koztelek utca 6, 1147 Budapest
privacy@hearsaycorp.com
Below is a description of the personal information that we gather from you as a visitor to Hearsay Website, which includes https://hearsaysystems.com and other websites where this Privacy Policy is posted. Information about personal information collected through the account portal and the Saas Services can be found in the Hearsay Processor and SaaS Service Provider Data section below.
In this section, “you” refers to an individual visiting the Hearsay Website.
When you visit the Hearsay Website, we collect information directly from you when you provide it to us, such as when you request a demo, and indirectly, such as through the use of cookies and similar technology.
Data Protection Law (as defined below) recognizes that Sensitive Personal Information (or “sensitive personal data” as used interchangeably) requires additional protection. In particular, the GDPR prohibits the processing of sensitive personal data, other than in certain exceptional circumstances. Sensitive personal data in the EEA includes information relating to one’s race or ethnicity, political opinions, religious or philosophical beliefs, membership of a trade union, as well as biometric data and data relating to one’s health or sexual orientation (“Sensitive Personal Information”. Certain US state privacy laws (i.e., “Data Protection Law”) also have different definitions of Sensitive Personal Information, which may also include precise geolocation, citizenship or immigration status, and Personal Information from a known child.
Visiting the Hearsay Website
Some pages of the Hearsay Website allow you to fill out a web form and share your personal information with us directly, such as on our “Contact Us” page and on our “Submit a request” page. Information we collect consists of:
Occasionally, we may also offer opportunities for you to share your data with us such as through a survey, to sign up for a newsletter, or to register for or receive details about an event we are sponsoring. If you participate in those surveys, sign up for a newsletter, or register for an event, we will collect the information you provide to us at that time. You will be able to unsubscribe from receiving those types of communication at any time.
In addition, if you send us an email or otherwise contact us, we will collect the personal information that you provide to us at that time.
When you visit the Hearsay Website, we, or authorized third parties, collect information, including Device and Usage Information described below, by automated means using cookies, web beacons, server logs or other tracking technologies for analytic purposes. For more information on our use of these technologies and the data that they collect, please see our Cookie Statement. We may also collect information from third parties, as explained below.
Device and Usage Information
When you visit, use or interact with the Hearsay Website, even if you do not have an account, we, or authorized third parties (such as service providers or External Ad Partners (as defined in the Targeted Advertising section below), may collect information about your use of the Hearsay Website via your device. Device and Usage Information that we, or these authorized third parties, collect consists of:
Information from Third Parties
In some instances, we process personal information from third parties, such as data from our External Ad Partners (see the Targeted Advertising section below). These third parties may also use tracking technologies to serve you advertisements tailored to interests you have shown by browsing on this Website and other sites, applications, destinations, and services you have visited, and for other lawful Business Purposes (as defined below).
To provide you with more relevant and interesting experiences, we may work with third party companies to display ads or customize the content on this Website and on other digital properties and websites. These companies may use cookies and similar tracking technologies as described in this Notice to gather information about your visits to our Website, as well as your visits elsewhere on the Internet. These companies use this information to provide you with more relevant advertising known as interest-based advertising.
We, or our authorized partners, collect and process personal information in order to:
Additionally, we may disclose information about users (i) if it is required to do so by law or legal process; (ii) as may be required to law enforcement authorities or other government officials, (iii) when Hearsay believes disclosure is necessary or appropriate to prevent physical harm, financial loss or in connection with an investigation of suspected or actual illegal activity, or (iv) to respond to claims by third parties.
For California residents, please see the Additional Information for Certain States Section below for more information on specific purposes of collection for each category of Personal Information collected in the past 12 months as a “Business” under the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act of 2020. For Colorado, Connecticut, and Virginia residents, please also see the Additional Information for Certain States.
For individuals located in the EEA or the U.K., please see the Additional Information for Individuals in the EEA and the U.K. Section below for more information, including our legal bases for processing.
We disclose your Personal Information under certain circumstances, such as to our service providers or in the event of a business transfer, as further described below.
Hearsay may share Personal Information and/or Sensitive Personal Information with our third party agents, contractors, or service providers who are hired to perform services on Hearsay’s behalf or in order to assist with certain Business Purposes and/or Commercial Purposes. These providers may operate or support certain functions of the Hearsay Website and Services. Below is a list of categories of service providers that we may use to perform these functions (which are subject to change):
Service providers process your Personal Information and/or Sensitive Personal Information for the specific purpose of providing their services to us (and in accordance with our instructions).
As explained here, we also work with and disclose Personal Information to External Ad Partners who assist us with advertising and marketing our Services.
In some cases, service providers and External Ad Partners collect your Personal Information and/or Sensitive Personal Information directly from you, such as via cookies.
We may share data collected from you from the Hearsay Website with our affiliate entities.
As we continue to grow, we may purchase websites, applications, subsidiaries, or other businesses or business units. Alternatively, we may sell businesses or business units, merge with other entities, obtain financing, and/or sell assets or stock, in some cases, as part of a reorganization or liquidation in bankruptcy. In order to evaluate and/or as part of these transactions, we may transfer your personal information to a successor entity upon a merger, consolidation, or other corporate reorganization in which Hearsay participates, to investors and/or to a purchaser or acquirer of all or a portion of Hearsay’s assets, including bankruptcy.
We share anonymized, aggregated, automatically-collected, or otherwise non-Personal Information with third parties for various purposes, including (i) compliance with reporting obligations; (ii) Business Purposes, Commercial Purposes, and/or marketing purposes; (iii) assistance for us and other parties in understanding our users’ interests, habits, and usage patterns for certain programs, content, services, advertisements, and/or functionality available through the Services. We do not share Personal Information about you in this case.
Hearsay may preserve or disclose your Personal Information in limited circumstances (other than as set forth in this Privacy Policy), including: (i) with your consent; (ii) when we have a good faith belief it is required by law, such as pursuant to a valid subpoena, warrant, or other judicial or administrative order (as further explained below); (iii) to protect the safety of any person; (iv) to protect the safety or security of the Hearsay Website and/or Services or to prevent spam, abuse, or other malicious activity of actors with respect to the Hearsay Website and/or Services; or (v) to protect our rights or property or the rights or property of those who use the Hearsay Website and/or Services.
If we are required to disclose Personal Information by law, such as pursuant to a subpoena, warrant, or other judicial or administrative order, we will use reasonable efforts to provide you with notice of this disclosure requirement, unless we are prohibited from doing so by statute, subpoena or court or administrative order. Our policy is to respond to requests that are properly issued by law enforcement within the United States or via mutual legal assistance mechanism (such as a treaty), and to object to requests that we do not believe were issued properly. However, if we receive information that provides us with a good faith belief that there is an exigent emergency involving the danger of death or serious physical injury to a person, we may provide information to law enforcement trying to prevent or mitigate the danger (if we have it), which will be determined on a case-by-case basis.
Our Website is intended for individuals 18 years of age and older. It is not directed at, marketed to, nor intended for, children under 18 years of age. We do not knowingly collect any Personal Information directly from children under the age of 18. If we discover we have inadvertently received any Personal Information from a child under the age of 18 in violation of this Policy, we will take reasonable steps to delete that information as quickly as possible. If you believe that we have any Personal Information from or about anyone under the age of 18, please contact us at privacy@hearsaycorp.com.
The Hearsay Website uses third-party analytics tools that drop cookies and/or similar technologies to collect and store information about your device and use of the Hearsay Website. We use analytics tools to calculate visitor, session and campaign data for the Hearsay Website analytics reports.
One of our tools is Google Analytics. We use Google Analytics to generate and process statistical or demographic data. Third parties, like Google, use cookies to compile reports on the website’s activity and website visitors, and provide other services related to website activity and usage. The technologies used by Google may collect information such as your IP address, time of visit, whether you are a return visitor, and any referring website. You can read more about Google’s practices in Google’s privacy policy. You can opt-out from being tracked by Google Analytics in a particular browser on a particular device by downloading and installing the Google Analytics Opt-out Browser Add-on for that browser. To learn more about how to opt-out of tracking by Google Analytics, please click here.
Another tool is the LinkedIn Insight Tag. You can read more about LinkedIn’s practices in LinkedIn’s privacy policy. LinkedIn only provides reports and alerts (which do not identify LinkedIn members) about the Hearsay website audience and ad performance (LinkedIn does not share the personal data of its members with Hearsay). LinkedIn members can control the use of their personal data for advertising purposes through their account settings.
We market our company and Services in a variety of ways. Below is a description of what data we gather from you, and how we use it for purposes of these marketing activities. We gather information from or about you in the following different roles:
Occasionally, we may also offer opportunities for you to share your data with us such as through a survey, to sign up for a newsletter, or to register for or receive details about an event we are sponsoring. If you participate in those surveys, sign up for a newsletter, or register for an event, we will collect the information you provide to us at that time. You will be able to unsubscribe from receiving those types of communication at any time.
In some cases, you provide Personal Information directly to Hearsay as part of a marketing event that Hearsay hosts or co-hosts, through email or when you participate in an online webinar. Occasionally, and only with your consent, we may send you future communications. We may also acquire personal information about you through a third party. In particular, Hearsay engages third parties who provide us with contact information for Leads. When acquiring information from third parties, Hearsay endeavors to obtain contractual commitments from the third parties that the information was acquired lawfully and with the appropriate level of consent.
Our communications to you for marketing purposes will contain instructions on how you can opt-out from receiving future communications, and if you consent to our use of your personal information for marketing purposes, you may always withdraw your consent. You may also contact Hearsay directly about its marketing activities at privacy@hearsaycorp.com.
Hearsay engages third-party advertising networks (“External Ad Partners”) to display advertising about our Services when you visit other websites within that advertising network. Like many other companies, we rely on retargeting, also known as remarketing, which is a type of marketing strategy that helps businesses “remind” visitors of their products and services after they leave their websites. For instance, through the use of cookies (and similar technologies) placed by External Ad Partners, online identifiers (considered personal information) are collected and then used to identify visitors to the Hearsay Website on other websites or social media platforms. With this information our External Ad Partners may serve relevant ads on consumers who previously visited the Hearsay Website.
Individuals in the EEA, the U.K., or certain U.S. state residents (i.e., Consumers, as defined below) have additional rights, as explained here and here.
Hearsay maintains an online presence on social media platforms (“Social Media Platforms”) such as Instagram, Twitter, Facebook and Linkedin, to provide information about our Services and communicate with users and/or visitors to those pages or accounts. When you interact or post to our account, we process your Personal Information. In some cases, the Social Media Platforms are service providers or processors. In other cases, such as with Facebook, we are jointly responsible for the processing, as explained in the section titled Hearsay as a ‘Joint Controller’ with Facebook.
We use reasonably appropriate security measures designed to protect the security of Personal Information and Sensitive Personal Information both online and offline. These measures vary based on the sensitivity of the information that we collect, process and store and the current state of technology. Please note, though, that no website or internet transmission is completely secure, so while we strive to protect your data, we cannot guarantee that unauthorized access, hacking, data loss or a data breach will never occur.
Certain internet web browsers allow a “do not track” (“DNT”) setting that relies on a technology known as a DNT header, which sends a signal to websites visited by the individual about the individual’s browser DNT setting. At this time, we do respond to DNT signals. For more information on DNT settings generally, please visit https://allaboutdnt.com.
How you make choices about cookies and other tracking technologies depends on the type of cookie or tracking technology being used. For details on how to manage your preferences for cookies and tracking technologies within your web browser, please see our Cookie Statement.
If you are receiving promotional emails from us, you can choose to stop receiving those by following the unsubscribe/opt-out instructions in those emails. You can also opt-out by contacting customer support at support@hearsaycorp.com.
To request access to, or to make changes to, data that we have collected from you via the Hearsay Website, please email us at privacy@hearsaycorp.com. Individuals in the EEA, the U.K., or certain U.S. state residents (i.e., Consumers, as defined below) have additional rights, as explained here and here.
The categories of recipients of personal data with whom we may share your personal data are listed in Disclosure of Your Personal Information above.
Hearsay as ‘Data Controller’
As a ‘data controller’, Hearsay processes your Personal Information for a number of different purposes. Some are essential for us to provide the Services or to fulfill our legal obligations, some help us run the Services efficiently and effectively, and some enable us to provide you with more relevant and personalized offers and information. In all cases, with respect to individuals in the EEA or the U.K., we must have a reason and a legal ground for processing your personal information. The most common legal grounds on which we rely are briefly explained below:
The following breakdown illustrates in more detail our processing activities and how the above legal bases for processing apply (in brackets):
We use Facebook’s products and services (“Facebook Products”) in different ways:
With respect to our use of Facebook Products, we are jointly responsible with Facebook Ireland for the processing activities (“Joint Processing”):
Facebook Ireland Ltd.,
4 Grand Canal Square, Grand Canal Harbor
Dublin 2, Ireland
Information about the personal data that is collected from you by Facebook, as well as how and why it is processed by Facebook, can be found at https://www.facebook.com/about/privacy.
Hearsay and Facebook have entered into an agreement in order to determine the respective responsibilities for compliance with our obligations in connection with the Joint Processing within the meaning of the GDPR. This joint controller agreement, which sets out the reciprocal obligations, is available here.
Hearsay’s legal basis for processing your personal data via Facebook Products is our legitimate interest in increasing and analyzing the communication, sales, and promotion of Services. Our legal basis may also be your consent, which may be revoked at any time.
Some processing by Facebook Ireland Ltd. might take place in the United States by Facebook Inc.
We use the following criteria to determine our retention periods: the amount, nature and sensitivity of your information, the reasons for which we collect and process your personal data, the length of time we have an ongoing relationship with you and provide you with access to our Services, and applicable legal requirements. We will retain personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to comply with applicable legal, tax, or accounting requirements), when we are unable to reasonably verify your identity, or as may otherwise be required under GDPR. Additionally, we cannot delete information when it is needed for the establishment, exercise, or defense of a legal claim (also known as a “litigation hold”). In this case, the information must be retained as long as needed for exercising respective potential legal claims.
When we no longer have a legitimate business need to process your personal information, it is deleted and/or anonymized. If you have questions about, or need further information concerning, our data retention periods, please email privacy@hearsaycorp.com.
If the GDPR or the U.K., applies to you because you are in the EEA or the U.K., you have certain rights in relation to your personal data:
These rights are subject to certain rules around when you can exercise them. If you are located in the EEA or the U.K. and wish to exercise any of the rights set out above, please contact us (see How to Contact Us about Privacy).
We will respond to all legitimate requests within one month. Occasionally, it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated as required by law.
Finally, you have the right to make a complaint at any time to the supervisory authority for data protection issues in your country of residence. We would, however, appreciate the chance to address your concerns before you approach the supervisory authority, so please contact us directly first at privacy@hearsaycorp.com.
This privacy notice for Nevada, California, Colorado, Connecticut, and Virginia residents, and residents of other states with applicable privacy laws (“State Privacy Notice”) supplements the information contained in the Privacy Policy and applies solely to individuals who reside in the applicable state (“Consumers”). We have created this State Privacy Notice in order to comply with the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act (collectively, “CCPA”), the Colorado Privacy Act (“CPA”), the Connecticut Data Privacy Act (“CTDPA”), the Virginia Consumer Data Protection Act (“VCDPA”), and other applicable privacy laws (collectively, “Data Protection Law”).
This CCPA Notice applies to Personal Information that Hearsay collects for its own purposes. It does not apply to:
We collect Personal Information as that term is defined in CCPA. Within the last twelve (12) months, Hearsay has collected the following categories of Personal Information from or about Consumers:
Personal information does not include:
As explained in more detail here, Hearsay obtains the categories of personal information listed above from the following categories of sources:
We collect and process your Personal Information and/or Sensitive Personal Information whenever you use our Website and/or Services.
Under the CCPA, we must disclose the purposes for which we collect your information. Our purposes include Business Purpose and Commercial Purposes, as generally described below.
In the section Why We Collect Your Personal Information and How We Use It, we explain the purposes for which we process this information, pursuant to Data Protection Law(s), along with the relevant categories of data we use and the legal basis we rely on to do so or other permitted reasons for processing (e.g. Business Purposes or Commercial Purposes under the CCPA). For clarity, the terms Business Purpose and Commercial Purpose, are being used to sufficiently describe the purpose of processing, transferring, sharing, sale, and/or sharing, as applicable, of all your Personal Information and/or Sensitive Personal Information under all Data Protection Law(s). As previously mentioned, Hearsay transfers and/or discloses your geolocation data and the contents of your social and text messages, which is Sensitive Personal Information, in order to provide the Service as well as for compliance reasons.
Hearsay may disclose your Personal Information to service providers, contractors, and/or third parties (as defined by CCPA) (or processor or third party, as defined by applicable Data Protection Law(s)) for a Business Purpose and/or Commercial Purpose. When we disclose Personal Information for a Business Purpose and/or Commercial Purpose, we enter into a contract that describes the purpose and requires the recipient to both keep that Personal Information confidential and not use it for any purpose except performing the services for us. As explained in more detail here, we also share your Personal Information with certain categories of service providers, contractors, and/or third parties who assist us in providing the Hearsay Website and Services and with our business.
We disclose your Personal Information and/or Sensitive Personal Information for a Business Purpose and/or Commercial Purpose to the following categories of Service Providers:
The following chart describes the categories of Personal Information and Sensitive Personal Information that we disclosed to service providers, contractors, and/or third parties for a Business Purpose and/or Commercial Purpose in the 12 months prior to the date of this Privacy Policy. As noted below in the chart, Hearsay transfers and/or discloses your geolocation data and the contents of your social and text messages, which is Sensitive Personal Information, in order to provide the Service as well as for compliance reasons.
The CCPA defines ‘sale’ and ‘share’ very broadly. ’Sale’ includes the sharing of Personal Information with third parties in exchange for anything of value, while ‘share’ means disclosure of Personal Information to third parties for cross contextual behavioral advertising. According to these broad definitions, in the 12 months before this section was last updated, we may have sold or shared the following categories of Personal Information to third parties:
The CCPA provides Consumers with specific rights regarding their Personal Information, provided that we are able to verify their identities as explained below. This section describes your CCPA rights and explains how to exercise them.
Opting-out of Sales or Sharing of Your Personal Information
You have the right to opt-out of our sharing or selling of your Personal Information with some External Ad Partners in certain circumstances. If you would like to opt-out of the sale of Personal Information, please click here.You can also opt-out of the sale or sharing of your Personal Information that is collected automatically when you visit the Website by clicking here.
Hearsay does not sell or share Personal Information collected on the Hearsay mobile-based software platform.
Access to Specific Information
You have the right to request that Hearsay disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive your request and verify your identity, as explained in Exercising Your Consumer Rights, we will disclose such information to you.
Right to Data Portability
You have the right to receive the Personal Information that you have provided to Hearsay, in a structured, commonly used and machine-readable format, and you have the right to transmit that information to another controller, including to have it transmitted directly, where technically feasible.
Right to Correction
You have the right to have your Personal Information corrected.
Deletion Request Rights
You have the right to request that Hearsay delete your personal information, subject to certain exceptions listed in the CCPA. Once we receive your request and verify your identity, as explained in Exercising Your Consumer Rights, we will delete (and direct our service providers, contractors, third parties, and/or processors, as applicable, to delete) your Personal Information from our records, unless an exception applies.
Your Right to Limit the Use Sensitive Personal Information We Have Collected About You
You have the right to limit our use of your Sensitive Personal Information if we use it for purposes other than providing the Services to you. We currently do not use your Sensitive Personal Information for purposes other than providing the Service/ for the Business Purposes above.
Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable Consumer request related to your personal information.
An authorized agent is a natural person or a business entity registered with the Secretary of State that a Consumer has authorized to act on his or her behalf. When a Consumer uses an authorized agent to submit a request to know or a request to delete, Hearsay may require that the Consumer provide the authorized agent written permission to do so and verify his or her own identity directly with Hearsay, unless the Consumer has provided the authorized agent with a valid power of attorney. Hearsay may deny a request from an agent that does not submit proof that he or she has been authorized by the Consumer to act on his or her behalf.
To exercise the rights described above, please submit a verifiable Consumer request to us by either calling us at 1-888-399-2280 or mailing privacy@hearsaycorp.com.
You may only make a verifiable Consumer request for access or data portability twice within a 12-month period. In particular, you can request the following:
1. Specific Pieces of Information
2. Categories of Information
The verifiable Consumer request must:
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. We will notify you to explain the basis of the denial.
If we have a good-faith, reasonable belief that a request to opt-out of the sale or sharing of Personal Information is fraudulent, we may deny the request. Should this occur, we will inform you and explain why we believe the request is fraudulent.
Making a verifiable Consumer request does not require you to create an account with us. Please note that the methods for verification are set forth in the CCPA, which also requires us to consider a number of factors, such as the type, sensitivity, and value of the personal information or the risk of harm posed by unauthorized access or deletion, on a case-by-case basis.
We will only use personal information provided in a verifiable Consumer request to verify the requestor’s identity or authority to make the request.
Upon your request, we will delete the Personal Information we have collected about you, except for situations where the CCPA authorizes us to retain specific information, including when it is necessary for us to provide you with a good or service that you requested; perform a contract we entered into with you; maintain the functionality or security of our systems; or comply with or exercise rights provided by the law. The law also permits us to retain specific information for our exclusively internal use, but only in ways that are compatible with the context in which you provided the information to us or that are reasonably aligned with your expectations based on your relationship with us. We will act on your deletion request within the timeframes set forth below.
Response Timing
We endeavor to respond to a verifiable Consumer request generally within 45 days of its receipt, or as otherwise required by the CCPA, although we may take longer to process your request under certain circumstances. If we expect your request is going to take us longer than normal to fulfill, we will let you know.
Any disclosures we provide will only cover the 12-month period preceding our receipt of the verifiable Consumer’s request. If applicable, in our response, we will also explain the reasons we cannot comply with a request. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We usually act on requests and provide information free of charge, but we may charge a reasonable fee to cover our administrative costs of providing the information in certain situations. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request. In some cases, the law may allow us to refuse to act on certain requests. When this is the case, we will endeavor to provide you with an explanation as to why.
We will not discriminate against you in a manner prohibited by the CCPA because you exercise your CCPA rights. Please note that to use our Services, we do require the collection of your personal information – for example, to sign you up. While you may request to delete your personal information under CCPA, such deletions may affect our ability to offer the Services.
California Civil Code Section 1798.83, also known as the “Shine the Light” law, permits California residents to annually request, free of charge, information about certain categories of Personal Information a business has disclosed to third parties for direct marketing purposes in the preceding calendar year. California residents may make such request to us at privacy@hearsaycorp.com. We will provide a list of the categories of personal information disclosed to such third parties for their direct marketing purposes during the immediately preceding calendar year, along with the names and addresses or these third parties. This request may be made no more than once per calendar year. We reserve our right not to respond to requests submitted other than to the email specified in this section.
We do not sell your Personal Information within the scope of, and according to the defined meaning of, a “sale” under NRS 603A.
Under Virginia’s Consumer Data Protection Act (“VCDPA”), solely as to Personal Information of users acting in an individual or household context, Virginia residents have certain rights around Hearsay’s collection, use, and sharing of their personal data. Hearsay may sell your personal data and has provided you with notice and an opportunity to opt-out of such sale as required by law. Similarly, Hearsay may engage in profiling in furtherance of decisions that produce legal or similarly significant effects. Hearsay may engage in “targeted advertising” as that term is defined in the VCDPA. You have the right to opt-out of targeted advertising here. Hearsay collects various categories of personal data when you use the Services, including identifiers, commercial information, internet or other electronic network or device activity information, geolocation data, and professional information . A more detailed description of the information Hearsay collects and how we use it is provided above in the sections Information We Collect Directly From You, Information We Collect Indirectly From You, Use of Your Personal Information, How We Process Your Information and Our Legal Bases for Doing So, and Disclosure of Personal Information. Disclosure of Personal Information describes the categories of third parties with whom we share personal data, and what information may be shared under different circumstances. If you are a resident of Virginia, you will have the right to (1) request to know what personal data has been collected about you, and to access that information; (2) request to correct inaccuracies in your personal data; (3) request deletion of your personal data, though exceptions under the CDPA and other laws may allow Hearsay to retain and use certain personal data notwithstanding your deletion request; (4) obtain a copy of your personal data (i.e., right of data portability); and (5) the right to opt out personal data processing for the purpose of (i) targeted advertising; (ii) the sale of personal data; or (iii) profiling in further of decisions that produce legal or similarly significant effects concerning the consumer. You can learn more about how to submit a data rights request, or appeal denial of a request, as applicable, at the Exercising Your Consumer Rights section above. You may also send your request by email to privacy@hearsaycorp.com.
Under Colorado’s Consumer Privacy Act (“CPA”), solely as to Personal Information of users when acting in an individual or household context, Colorado residents have certain rights around Hearsay’s collection, use, and sharing of their personal data. Hearsay may sell your personal data and has provided you with notice and an opportunity to opt-out of such sale as required by law. Similarly, Hearsay may engage in profiling in furtherance of decisions that produce legal or similarly significant effects. Hearsay may engage in “targeted advertising” as that term is defined in the CPA. You will have the right to opt-out of targeted advertising here. Hearsay collects various categories of personal data when you use the Services, including identifiers, commercial information, internet or other electronic network or device activity information, geolocation data, and professional information. A more detailed description of the information Hearsay collects and how we use it is provided above in the sections Information We Collect Directly From You, Information We Collect Indirectly From You, Use of Your Personal Information, How We Process Your Information and Our Legal Bases for Doing So, and Disclosure of Personal Information. Disclosure of Personal Information describes the categories of third parties with whom we share personal data, and what information may be shared under different circumstances. If you are a resident of Colorado, you will have the right to (1) request to know what personal data has been collected about you, and to access that information; (2) request to correct inaccuracies in your personal data; (3) request deletion of your personal data, though exceptions under the CPA and other laws may allow Hearsay to retain and use certain personal data notwithstanding your deletion request; (4) obtain a copy of your personal data (i.e., right of data portability); and (5) the right to opt out personal data processing for the purpose of (i) targeted advertising; (ii) the sale of personal data; or (iii) profiling in further of decisions that produce legal or similarly significant effects concerning the consumer. You can learn more about how to submit a data rights request, or appeal denial of a request, as applicable, at the Exercising Your Consumer Rights section above. You may also send your request by email to privacy@hearsaycorp.com.
Under Connecticut’s Data Privacy Act (“CTDPA”), solely as to Personal Information of users when acting in an individual or household context, Connecticut residents have certain rights around Hearsay’s collection, use, and sharing of their personal data. Hearsay may sell your personal data and has provided you with notice and an opportunity to opt-out of such sale as required by law. Similarly, Hearsay may engage in profiling in furtherance of decisions that produce legal or similarly significant effects. Hearsay may engage in “targeted advertising” as that term is defined in the CTDPA. You will have the right to opt-out of targeted advertising here. Hearsay collects various categories of personal data when you use the Services, including identifiers, commercial information, internet or other electronic network or device activity information, geolocation data, and professional information. A more detailed description of the information Hearsay collects and how we use it is provided above in the sections Information We Collect Directly From You, Information We Collect Indirectly From You, Use of Your Personal Information, How We Process Your Information and Our Legal Bases for Doing So, and Disclosure of Personal Information. Disclosure of Personal Information describes the categories of third parties with whom we share personal data, and what information may be shared under different circumstances. If you are a resident of Connecticut, you will have the right to (1) request to know what personal data has been collected about you, and to access that information; (2) request to correct inaccuracies in your personal data; (3) request deletion of your personal data, though exceptions under the CTDPA and other laws may allow Hearsay to retain and use certain personal data notwithstanding your deletion request; (4) obtain a copy of your personal data (i.e., right of data portability); and (5) the right to opt out personal data processing for the purpose of (i) targeted advertising; (ii) the sale of personal data; or (iii) profiling in further of decisions that produce legal or similarly significant effects concerning the consumer. You can learn more about how to submit a data rights request, or appeal denial of a request, as applicable, at the Exercising Your Consumer Rights section above. You may also send your request by email to privacy@hearsaycorp.com.
If you have any questions regarding this State Notice, please contact us directly.
As explained above, we process personal information from individuals described below on behalf of our Customers in order to provide our Services, in accordance with their Instructions. When we process personal information on behalf of our Customers, we are a ‘data processor’ or service provider. This includes certain information that we collect through our account portal (https://my.hearsaysocial.com/) when Users log into their accounts with Hearsay, as well as other information that is collected through the various products offered by Hearsay as part of the Services.
Hearsay’s Customers are controllers of the Personal Information because they decide how or why your Personal Information is processed. When our Customers process Personal Information through our Services, they are responsible for ensuring that they do so in compliance with the law, including providing their customers and users with their own privacy policies.
Hearsay’s processing activity as a service provider and processor is governed by the contracts we have with our Customers. Under the terms of those agreements, we will direct any data subject request you make to Hearsay for Personal Information that we process as a processor under this section to our Customers.
For purposes of this Section, “You” may refer to a variety of people, including:
If there are special terms and considerations, we will address the individual group by the capitalized term (Customer, User or User Contacts). Where terms apply to all groups, we will address the group as “you.”
We process information (1) received directly from Customers and Users, other than personal information collected on signing up as a User of the Services, (2) from or about User Contacts through the use of the Services by Customers and Users, and (3) obtained indirectly, such as through the use of cookies or CRM integrations.
The information that we process as part of the Services is described below in further detail. Collectively, all information processed by Hearsay in order to provide the Services is referred to “Services Information” for purposes of this Privacy Policy.
Through the Services, Customers and Users can populate their accounts with information submitted by a Customer or a User to Hearsay, or uploaded by Customer or a User to the Services, which is meant to be used and shared through the Services. Examples of such content include articles, logos and other assets uploaded by a Customer or User to personalize a web page. In uploading or submitting this information, Customers and Users must not include any personally identifiable information contained within the uploaded materials.
Hearsay may also contact Customers and Users to provide feedback on the Services by email or other means in order to better understand how Customers and Users use the Services. Some of the questions might include requests with a voluntary answer to provide certain additional personal identifiable information, such as name, age and geographic location. Information gathered by Hearsay will be used solely in connection with or to improve or expand the Services; however, this may include using this information within third-party services that are associated with the Services. Please see our cookies section to better understand how we use performance cookies to improve the Services.
As part of our Services, Hearsay allows Users to connect certain digital assets such as social media accounts (including private messaging in some cases), email addresses and telephone numbers to the Services in order to communicate with User Contacts. Customers may also have their own websites hosted by Hearsay (“Customer Sites”). As a result, Hearsay processes personal information from or about User Contacts that is collected via the Customer Sites, User social media accounts and/or other connections to the Services, depending on the level of permission. For instance, when using social media networks, if Hearsay is allowed to collect social media activity about the User Contact, Hearsay will collect such information and present a summary of this information to the User. With respect to text message correspondence, Hearsay may collect, store and retain the telephone number of the User Contact, call history with the User Contact, and any contents of a text message that a User Contact made in text message communications with the User.
Hearsay collects and/or processes Sensitive Personal Information, including precise geolocation and content of social and text messages. As explained below, the contents of social and text messages may contain additional Sensitive Personal Information that is shared by the Customer and/or User.
Any information that a User or a User Contact submits to the Services will be captured and retained by Hearsay as part of the Services.
If you are a User Contact, you may have been directed to review this Privacy Policy by one of our Customers in lieu of their own Privacy Policy. In this case, any information about you as a User Contact that Hearsay collects will be processed and maintained in accordance with this policy. However, to understand how the Customer uses the information or to exercise any rights, please contact the Customer directly.
CRM Integrations
Certain Customers integrate their customer relationship management (CRM) systems with the Services. When this happens, Hearsay receives any information about Users and User Contacts that a Customer has collected and wishes to share with Hearsay. Hearsay will use this information within the Service to enable certain functionality (e.g., populating email contacts from a CRM so that a User may utilize email functionality), or use insights in order to recommend certain actions (e.g., based on a combination of activity documented in CRM and the Services with a User Contact, a User might receive a recommendation to make a future communication with the same User Contact).
Publicly Available Information about Users and User Contacts
In order to better understand Users and provide a better experience, Hearsay creates various “profiles” within the Services, in order to provide more targeted content and suggest action items for a User to take within the Services. “Profiles” are not composites of personal information nor based on actual individuals, but are common characteristics identified by Hearsay to describe certain behaviors or preferences. In order to make recommendations or suggest content, Hearsay endeavors to find out more about its Users and User Contacts. In some instances, when building these “profiles,” Hearsay may retain third parties to collect publicly available information about Users. This information may include your industry, the size of your office, and your online directory listing, to help Hearsay understand more about our customer base and to tailor information we send you about the Services.
Anonymized Aggregated Data
Hearsay has developed proprietary algorithms that monitor all communications and transactions that occur within the Services. Hearsay engages third parties to perform data analysis on data sets provided by Hearsay in order to improve Hearsay’s algorithms. The purpose of these algorithms is to identify patterns of behavior, either unique to a User or to defined categories of people, which may enhance a User’s use of the Services. Any data created or identified within an algorithm does not identify the activity of an individual User or User Contacts. For example, the Services may identify that a User’s social media network contacts are most active between the hours of 10 AM to 12 PM on weekdays, and would therefore recommend a User to schedule social media posts during this time. The Services algorithms gather this information based on the volume activity occurring within this network; this recommendation, or any data associated with this recommendation, would not identify the posting habits of any individual User Contact or a User. For text message communication, the Services may suggest prepopulated quick replies to certain text messages. The Services algorithms make these suggestions based on gathered information from previous replies and conversations.
Industry Information
Hearsay collects information relating to the industry with which a User is associated: acquiring data sets about certain financial services industries, reviewing census results to identify purchasing habits of consumers, etc. The purpose of acquiring this information is to provide more information and insight for the User when using the Services.
We or our authorized service providers process the Services Information solely as a data processor, in order to:
We disclose Services Information under certain circumstances, as further described below.
The Services allow Users to send or receive communications from User Contacts through social media, email, text messaging and voice communications. If Users send communications through the Services, Hearsay will deliver those communications to third parties in order for the User Contact to share and receive those communications. We call these third party delivery networks “External Services.” Examples of External Services include Facebook, Twitter, LinkedIn and Instagram (for social media).
We may share Services Information with third-party service providers or consultants who need access to the data to perform their work on Hearsay’s behalf. These third party service providers are limited to only accessing or using this data to provide services to us and must provide reasonable assurances that they will appropriately safeguard any data provided by Hearsay. These include Amazon Web Services for website hosting, Sendgrid for email delivery and Twilio for text messaging.
Hearsay is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). Telecommunications activity performed by Hearsay is regulated and overseen by the Federal Communications Commission (FCC) and various state public utility commissions. We may disclose Services Information pertaining to a regulatory audit conducted by these entities as well as oversight organizations for the financial services industry, such as FINRA, SEC, or similar state and international regulators. When responding to a financial services regulatory audit, we will endeavor to first contact the Customer before disclosing any such information unless we are prohibited from doing so. The Customer is solely responsible for contacting any Users or User Contacts as part of the regulatory audit and disclosure of Services Information.
We may share data collected from you from the Services with our affiliates.
As we continue to grow, we may purchase websites, applications, subsidiaries, or other businesses or business units. Alternatively, we may sell businesses or business units, merge with other entities, obtain financing, and/or sell assets or stock, in some cases, as part of a reorganization or liquidation in bankruptcy. In order to evaluate and/or as part of these transactions, we may transfer your personal information to a successor entity upon a merger, consolidation, or other corporate reorganization in which Hearsay participates, to investors and/or to a purchaser or acquirer of all or a portion of Hearsay’s assets, bankruptcy included.
We share anonymized, aggregated, automatically-collected, or otherwise non-personal information with third parties for various purposes, including (i) compliance with reporting obligations; (ii) business or marketing purposes; (iii) assistance for us and other parties in understanding our Customers’ and Users’ interests, habits, and usage patterns for certain programs, content, services, advertisements, and/or functionality available through the Services. We do not share personal information about you in this case.
Hearsay may preserve or disclose your personal information in limited circumstances (other than as set forth in this Privacy Policy), including: (i) with your consent; (ii) when we have a good faith belief it is required by law, such as pursuant to a valid subpoena, warrant, or other judicial or administrative order (as further explained below); (iii) to protect the safety of any person; (iv) to protect the safety or security of the Hearsay Website and/or Services or to prevent spam, abuse, or other malicious activity of actors with respect to the Hearsay Website and/or Services; or (v) to protect our rights or property or the rights or property of those who use the Hearsay Website and/or Services.
If we are required to disclose personal information by law, such as pursuant to a subpoena, warrant, or other judicial or administrative order, we will use reasonable efforts to provide you with notice of this disclosure requirement, unless we are prohibited from doing so by statute, subpoena or court or administrative order. Our policy is to respond to requests that are properly issued by law enforcement within the United States or via mutual legal assistance mechanism (such as a treaty), and to object to requests that we do not believe were issued properly. However, if we receive information that provides us with a good faith belief that there is an exigent emergency involving the danger of death or serious physical injury to a person, we may provide information to law enforcement trying to prevent or mitigate the danger (if we have it), which will be determined on a case-by-case basis.
Certain Customers may purchase services from third parties that have a partnership relationship with Hearsay and are authorized to access the Services (“Value Added Partners”). In such cases, Hearsay will allow the Value Added Partner(s) to access the relevant Services account if the Customer has given the requisite permission. This access may include being able to read Services Information.
As ‘data controllers’ of Services Information, Customers are responsible for providing information to individuals in the EEA and/or the U.K., including the purposes of collection, legal bases, and your rights, as well as residents of certain states that provide consumer rights. If we receive a notification from a Customer regarding an individual wishing to exercise his/her exercising, we will assist said Customer with responding to and honoring such requests according to the Customer’s instructions.
When you visit the Hearsay Website or use the Services, we and our service providers acting on our behalf automatically collect certain data using tracking technologies like cookies, web beacons, and similar tracking technologies.
A cookie is a small amount of data, which often includes an anonymous unique identifier that is sent to your browser from a website’s computers and stored on your computer’s hard drive.
These technologies are used to help us better understand User behavior and facilitate and measure the effectiveness of our Hearsay Website and Services. We treat information collected by cookies and other technologies as non-personal information.
We use cookies to record current session information. We also use third party cookies (e.g. Google Analytics) to provide anonymized and aggregated information on website usage statistics and patterns.
All modern Internet browsers allow you to control your cookie settings. These settings are usually accessed in the ‘Options’ or ‘Preferences’ section of your browser. Please note that certain features of the website will not be available once cookies are disabled. For further information about cookies and how to manage them, please visit www.allaboutcookies.org.
Hearsay uses web beacons with cookies or separately to compile information about your engagement with us. Web beacons are clear electronic images that can recognize certain types of information on your computer, such as cookies, when you view a particular website tied to the web beacon, and a description of a website tied to the web beacon.
Here is a basic description and overview of the type of cookies Hearsay may use:
Hearsay Social, Inc. (“Hearsay”), is a web and mobile-based software platform that allows financial services and insurance companies (“Customers”) and their employees and/or designated agents with access to the Services (“Users”) to utilize electronic communications channels (such as social media, websites, email, mobile voice and text message) to communicate with clients and prospects (“SaaS Services”).
This Privacy Policy applies to Hearsay’s Website and Hearsay’s SaaS Services; collectively “Services.” This Privacy Policy contains details about how we collect, use, disclose, process, share and secure personal information that we obtain from and about you when you interact with our Services. Our collection and processing of information that alone or in conjunction with other information may reasonably identify you (“Personal Information”) may be either for our own purposes, or on behalf of other entities to whom we provide services.
If you have any questions regarding the collection and processing of Personal Information performed by us on behalf of another entity please consult that entity’s privacy policy. If, after reviewing this Privacy Policy, you have any questions or privacy concerns, please send us an email to privacy@hearsaycorp.com (see the How to Contact Us about Privacy section). We are committed to protecting the privacy of those with whom we interact.
For purposes of this Privacy Policy, the words “our,” “us,” “we,” and “Hearsay” refer to Hearsay Social, Inc., and our affiliates (which includes any person or entity that controls us, is controlled by us, or is under common control with us, such as our subsidiary, parent company, or our employees).
For the purpose of this Notice, Personal Information shall by interchangeable with Personal Data, and each shall have the meaning assigned to it by applicable laws, including, but not limited to, information that directly or indirectly, on its own or in conjunction with other information, identifies an individual. Please read this Notice carefully.
NEVADA, CALIFORNIA, COLORADO, CONNECTICUT, OR VIRGINIA RESIDENTS OR RESIDENTS OF ANOTHER STATE THAT OFFER CERTAIN PRIVACY RIGHTS: If you are a resident of Nevada, California, Colorado, Connecticut, or Virginia or resident of another state that offers certain privacy rights, this entire Privacy Policy applies to you. However, please see Additional Information for Certain States below, which will inform you in detail about our information collection practices and your specific rights.
INDIVIDUALS LOCATED IN THE EEA OR THE U.K.: If you are located in the European Economic Area (“EEA”) or the United Kingdom (“U.K.”), this entire Privacy Policy applies to you. However, please see Additional Information for Individuals in the EEA below, which will inform you in detail about our legal bases for processing and which rights you have in connection with our processing of your personal data.
We collect information in several contexts as described below. This policy also does not apply to information we collect in connection with providing services to our business clients, where we act as a service provider and process Personal Information in accordance with their instructions (see “Hearsay Processor and Service Provider Data”). Such information is subject to the Privacy Policies of the other financial institutions.
This Policy applies only to Hearsay operated services and applications, including our online services, mobile-based application, and Website. Our Services may contain links to other websites that are not operated or controlled by Hearsay. Hearsay does not control such third-party websites or their privacy practices. Any personal information you choose to give to third-party websites is not covered by this Notice.
Hearsay may update this Privacy Policy from time to time, in its sole discretion. If we do so, we will post an updated Privacy Policy on the Hearsay Website and provide prompt written notice of such updates, as applicable. Changes, modifications, additions, or deletions will be effective when posted unless stated otherwise. If we make material or significant changes, we may also send our Customers a notice that we have changed this Privacy Policy. Your continued use of the Hearsay Website and Services, and/or your continued provision of personal information to us after the posting of such notice, will be deemed an acceptance of any changes and subject to the terms of the then-current Privacy Policy. If any of the changes are unacceptable to you, you should cease interacting with us. When required under applicable law, we will seek affirmative consent from you before making material changes to the way we handle Personal Information previously collected from you. If you do not provide such consent, Personal Information will continue to be used in a manner that is consistent with the version of this Notice under which it was collected.
We are located in the United States, and the personal information that we collect is stored on servers located in the United States. This means that your Personal Information will be collected, processed, and stored in the United States, which may have data protection laws that are different from (and sometimes less protective than) the laws of your country or region, such as the General Data Protection Regulation 2016/679 (“GDPR”) in the European Union.
By sending us Personal Information, you agree and consent to the processing of your personal information in the United States, which may not offer an equivalent level of protection to that required in other countries (particularly the European Economic Area).
We have implemented safeguards designed to ensure that the Personal Information we process remains protected in accordance with this Privacy Policy, including when processed internationally or by our third-party service providers and partners. The safeguards we may take at our discretion include, for instance, entering into specific agreements in connection with any onward transfers of personal information. We may implement other mechanisms and take similar appropriate safeguards with our third party service providers and partners. Further details can be provided upon request.
Hearsay acts as a ‘data controller’ when it collects Personal Information on its own behalf and for its own Business Purposes, such as through our publicly-accessible Website, and as a ‘data processor’ when it collects and processes personal information on behalf of its Customers in order to provide the SaaS Services. As such, this Privacy Policy is separated into two main sections that address our different roles:
Please note that how you exercise certain rights will depend on whether Hearsay is processing your Personal Information as a ‘data controller’ or as a ‘data processor’, and is further explained throughout this Privacy Policy:
If you are a visitor of the Hearsay Website or a Customer and have any questions about this Privacy Policy or requests for access to or deletion or rectification of personal information that Hearsay collects and processes contact us at privacy@hearsaycorp.com or by mail at:
Attn: Legal Department
Hearsay Social, Inc. d/b/a Hearsay Systems
2261 Market Street, Ste. 5397
San Francisco, CA 94114
United States of America
Individuals in the EEA or the U.K. may contact Hearsay at:
Attn: Legal Department
Hearsay Social, Inc. d/b/a Hearsay Systems
Koztelek utca 6, 1147 Budapest
privacy@hearsaycorp.com
Below is a description of the personal information that we gather from you as a visitor to Hearsay Website, which includes https://hearsaysystems.com and other websites where this Privacy Policy is posted. Information about personal information collected through the account portal and the Saas Services can be found in the Hearsay Processor and SaaS Service Provider Data section below.
In this section, “you” refers to an individual visiting the Hearsay Website.
When you visit the Hearsay Website, we collect information directly from you when you provide it to us, such as when you request a demo, and indirectly, such as through the use of cookies and similar technology.
Data Protection Law (as defined below) recognizes that Sensitive Personal Information (or “sensitive personal data” as used interchangeably) requires additional protection. In particular, the GDPR prohibits the processing of sensitive personal data, other than in certain exceptional circumstances. Sensitive personal data in the EEA includes information relating to one’s race or ethnicity, political opinions, religious or philosophical beliefs, membership of a trade union, as well as biometric data and data relating to one’s health or sexual orientation (“Sensitive Personal Information”. Certain US state privacy laws (i.e., “Data Protection Law”) also have different definitions of Sensitive Personal Information, which may also include precise geolocation, citizenship or immigration status, and Personal Information from a known child.
Visiting the Hearsay Website
Some pages of the Hearsay Website allow you to fill out a web form and share your personal information with us directly, such as on our “Contact Us” page and on our “Submit a request” page. Information we collect consists of:
Occasionally, we may also offer opportunities for you to share your data with us such as through a survey, to sign up for a newsletter, or to register for or receive details about an event we are sponsoring. If you participate in those surveys, sign up for a newsletter, or register for an event, we will collect the information you provide to us at that time. You will be able to unsubscribe from receiving those types of communication at any time.
In addition, if you send us an email or otherwise contact us, we will collect the personal information that you provide to us at that time.
When you visit the Hearsay Website, we, or authorized third parties, collect information, including Device and Usage Information described below, by automated means using cookies, web beacons, server logs or other tracking technologies for analytic purposes. For more information on our use of these technologies and the data that they collect, please see our Cookie Statement. We may also collect information from third parties, as explained below.
Device and Usage Information
When you visit, use or interact with the Hearsay Website, even if you do not have an account, we, or authorized third parties (such as service providers or External Ad Partners (as defined in the Targeted Advertising section below), may collect information about your use of the Hearsay Website via your device. Device and Usage Information that we, or these authorized third parties, collect consists of:
Information from Third Parties
In some instances, we process personal information from third parties, such as data from our External Ad Partners (see the Targeted Advertising section below). These third parties may also use tracking technologies to serve you advertisements tailored to interests you have shown by browsing on this Website and other sites, applications, destinations, and services you have visited, and for other lawful Business Purposes (as defined below).
To provide you with more relevant and interesting experiences, we may work with third party companies to display ads or customize the content on this Website and on other digital properties and websites. These companies may use cookies and similar tracking technologies as described in this Notice to gather information about your visits to our Website, as well as your visits elsewhere on the Internet. These companies use this information to provide you with more relevant advertising known as interest-based advertising.
We, or our authorized partners, collect and process personal information in order to:
Additionally, we may disclose information about users (i) if it is required to do so by law or legal process; (ii) as may be required to law enforcement authorities or other government officials, (iii) when Hearsay believes disclosure is necessary or appropriate to prevent physical harm, financial loss or in connection with an investigation of suspected or actual illegal activity, or (iv) to respond to claims by third parties.
For California residents, please see the Additional Information for Certain States Section below for more information on specific purposes of collection for each category of Personal Information collected in the past 12 months as a “Business” under the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act of 2020. For Colorado, Connecticut, and Virginia residents, please also see the Additional Information for Certain States.
For individuals located in the EEA or the U.K., please see the Additional Information for Individuals in the EEA and the U.K. Section below for more information, including our legal bases for processing.
We disclose your Personal Information under certain circumstances, such as to our service providers or in the event of a business transfer, as further described below.
Hearsay may share Personal Information and/or Sensitive Personal Information with our third party agents, contractors, or service providers who are hired to perform services on Hearsay’s behalf or in order to assist with certain Business Purposes and/or Commercial Purposes. These providers may operate or support certain functions of the Hearsay Website and Services. Below is a list of categories of service providers that we may use to perform these functions (which are subject to change):
Service providers process your Personal Information and/or Sensitive Personal Information for the specific purpose of providing their services to us (and in accordance with our instructions).
As explained here, we also work with and disclose Personal Information to External Ad Partners who assist us with advertising and marketing our Services.
In some cases, service providers and External Ad Partners collect your Personal Information and/or Sensitive Personal Information directly from you, such as via cookies.
We may share data collected from you from the Hearsay Website with our affiliate entities.
As we continue to grow, we may purchase websites, applications, subsidiaries, or other businesses or business units. Alternatively, we may sell businesses or business units, merge with other entities, obtain financing, and/or sell assets or stock, in some cases, as part of a reorganization or liquidation in bankruptcy. In order to evaluate and/or as part of these transactions, we may transfer your personal information to a successor entity upon a merger, consolidation, or other corporate reorganization in which Hearsay participates, to investors and/or to a purchaser or acquirer of all or a portion of Hearsay’s assets, including bankruptcy.
We share anonymized, aggregated, automatically-collected, or otherwise non-Personal Information with third parties for various purposes, including (i) compliance with reporting obligations; (ii) Business Purposes, Commercial Purposes, and/or marketing purposes; (iii) assistance for us and other parties in understanding our users’ interests, habits, and usage patterns for certain programs, content, services, advertisements, and/or functionality available through the Services. We do not share Personal Information about you in this case.
Hearsay may preserve or disclose your Personal Information in limited circumstances (other than as set forth in this Privacy Policy), including: (i) with your consent; (ii) when we have a good faith belief it is required by law, such as pursuant to a valid subpoena, warrant, or other judicial or administrative order (as further explained below); (iii) to protect the safety of any person; (iv) to protect the safety or security of the Hearsay Website and/or Services or to prevent spam, abuse, or other malicious activity of actors with respect to the Hearsay Website and/or Services; or (v) to protect our rights or property or the rights or property of those who use the Hearsay Website and/or Services.
If we are required to disclose Personal Information by law, such as pursuant to a subpoena, warrant, or other judicial or administrative order, we will use reasonable efforts to provide you with notice of this disclosure requirement, unless we are prohibited from doing so by statute, subpoena or court or administrative order. Our policy is to respond to requests that are properly issued by law enforcement within the United States or via mutual legal assistance mechanism (such as a treaty), and to object to requests that we do not believe were issued properly. However, if we receive information that provides us with a good faith belief that there is an exigent emergency involving the danger of death or serious physical injury to a person, we may provide information to law enforcement trying to prevent or mitigate the danger (if we have it), which will be determined on a case-by-case basis.
Our Website is intended for individuals 18 years of age and older. It is not directed at, marketed to, nor intended for, children under 18 years of age. We do not knowingly collect any Personal Information directly from children under the age of 18. If we discover we have inadvertently received any Personal Information from a child under the age of 18 in violation of this Policy, we will take reasonable steps to delete that information as quickly as possible. If you believe that we have any Personal Information from or about anyone under the age of 18, please contact us at privacy@hearsaycorp.com.
The Hearsay Website uses third-party analytics tools that drop cookies and/or similar technologies to collect and store information about your device and use of the Hearsay Website. We use analytics tools to calculate visitor, session and campaign data for the Hearsay Website analytics reports.
One of our tools is Google Analytics. We use Google Analytics to generate and process statistical or demographic data. Third parties, like Google, use cookies to compile reports on the website’s activity and website visitors, and provide other services related to website activity and usage. The technologies used by Google may collect information such as your IP address, time of visit, whether you are a return visitor, and any referring website. You can read more about Google’s practices in Google’s privacy policy. You can opt-out from being tracked by Google Analytics in a particular browser on a particular device by downloading and installing the Google Analytics Opt-out Browser Add-on for that browser. To learn more about how to opt-out of tracking by Google Analytics, please click here.
Another tool is the LinkedIn Insight Tag. You can read more about LinkedIn’s practices in LinkedIn’s privacy policy. LinkedIn only provides reports and alerts (which do not identify LinkedIn members) about the Hearsay website audience and ad performance (LinkedIn does not share the personal data of its members with Hearsay). LinkedIn members can control the use of their personal data for advertising purposes through their account settings.
We market our company and Services in a variety of ways. Below is a description of what data we gather from you, and how we use it for purposes of these marketing activities. We gather information from or about you in the following different roles:
Occasionally, we may also offer opportunities for you to share your data with us such as through a survey, to sign up for a newsletter, or to register for or receive details about an event we are sponsoring. If you participate in those surveys, sign up for a newsletter, or register for an event, we will collect the information you provide to us at that time. You will be able to unsubscribe from receiving those types of communication at any time.
In some cases, you provide Personal Information directly to Hearsay as part of a marketing event that Hearsay hosts or co-hosts, through email or when you participate in an online webinar. Occasionally, and only with your consent, we may send you future communications. We may also acquire personal information about you through a third party. In particular, Hearsay engages third parties who provide us with contact information for Leads. When acquiring information from third parties, Hearsay endeavors to obtain contractual commitments from the third parties that the information was acquired lawfully and with the appropriate level of consent.
Our communications to you for marketing purposes will contain instructions on how you can opt-out from receiving future communications, and if you consent to our use of your personal information for marketing purposes, you may always withdraw your consent. You may also contact Hearsay directly about its marketing activities at privacy@hearsaycorp.com.
Hearsay engages third-party advertising networks (“External Ad Partners”) to display advertising about our Services when you visit other websites within that advertising network. Like many other companies, we rely on retargeting, also known as remarketing, which is a type of marketing strategy that helps businesses “remind” visitors of their products and services after they leave their websites. For instance, through the use of cookies (and similar technologies) placed by External Ad Partners, online identifiers (considered personal information) are collected and then used to identify visitors to the Hearsay Website on other websites or social media platforms. With this information our External Ad Partners may serve relevant ads on consumers who previously visited the Hearsay Website.
Individuals in the EEA, the U.K., or certain U.S. state residents (i.e., Consumers, as defined below) have additional rights, as explained here and here.
Hearsay maintains an online presence on social media platforms (“Social Media Platforms”) such as Instagram, Twitter, Facebook and Linkedin, to provide information about our Services and communicate with users and/or visitors to those pages or accounts. When you interact or post to our account, we process your Personal Information. In some cases, the Social Media Platforms are service providers or processors. In other cases, such as with Facebook, we are jointly responsible for the processing, as explained in the section titled Hearsay as a ‘Joint Controller’ with Facebook.
We use reasonably appropriate security measures designed to protect the security of Personal Information and Sensitive Personal Information both online and offline. These measures vary based on the sensitivity of the information that we collect, process and store and the current state of technology. Please note, though, that no website or internet transmission is completely secure, so while we strive to protect your data, we cannot guarantee that unauthorized access, hacking, data loss or a data breach will never occur.
Certain internet web browsers allow a “do not track” (“DNT”) setting that relies on a technology known as a DNT header, which sends a signal to websites visited by the individual about the individual’s browser DNT setting. At this time, we do respond to DNT signals. For more information on DNT settings generally, please visit https://allaboutdnt.com.
How you make choices about cookies and other tracking technologies depends on the type of cookie or tracking technology being used. For details on how to manage your preferences for cookies and tracking technologies within your web browser, please see our Cookie Statement.
If you are receiving promotional emails from us, you can choose to stop receiving those by following the unsubscribe/opt-out instructions in those emails. You can also opt-out by contacting customer support at support@hearsaycorp.com.
To request access to, or to make changes to, data that we have collected from you via the Hearsay Website, please email us at privacy@hearsaycorp.com. Individuals in the EEA, the U.K., or certain U.S. state residents (i.e., Consumers, as defined below) have additional rights, as explained here and here.
The categories of recipients of personal data with whom we may share your personal data are listed in Disclosure of Your Personal Information above.
Hearsay as ‘Data Controller’
As a ‘data controller’, Hearsay processes your Personal Information for a number of different purposes. Some are essential for us to provide the Services or to fulfill our legal obligations, some help us run the Services efficiently and effectively, and some enable us to provide you with more relevant and personalized offers and information. In all cases, with respect to individuals in the EEA or the U.K., we must have a reason and a legal ground for processing your personal information. The most common legal grounds on which we rely are briefly explained below:
The following breakdown illustrates in more detail our processing activities and how the above legal bases for processing apply (in brackets):
We use Facebook’s products and services (“Facebook Products”) in different ways:
With respect to our use of Facebook Products, we are jointly responsible with Facebook Ireland for the processing activities (“Joint Processing”):
Facebook Ireland Ltd.,
4 Grand Canal Square, Grand Canal Harbor
Dublin 2, Ireland
Information about the personal data that is collected from you by Facebook, as well as how and why it is processed by Facebook, can be found at https://www.facebook.com/about/privacy.
Hearsay and Facebook have entered into an agreement in order to determine the respective responsibilities for compliance with our obligations in connection with the Joint Processing within the meaning of the GDPR. This joint controller agreement, which sets out the reciprocal obligations, is available here.
Hearsay’s legal basis for processing your personal data via Facebook Products is our legitimate interest in increasing and analyzing the communication, sales, and promotion of Services. Our legal basis may also be your consent, which may be revoked at any time.
Some processing by Facebook Ireland Ltd. might take place in the United States by Facebook Inc.
We use the following criteria to determine our retention periods: the amount, nature and sensitivity of your information, the reasons for which we collect and process your personal data, the length of time we have an ongoing relationship with you and provide you with access to our Services, and applicable legal requirements. We will retain personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to comply with applicable legal, tax, or accounting requirements), when we are unable to reasonably verify your identity, or as may otherwise be required under GDPR. Additionally, we cannot delete information when it is needed for the establishment, exercise, or defense of a legal claim (also known as a “litigation hold”). In this case, the information must be retained as long as needed for exercising respective potential legal claims.
When we no longer have a legitimate business need to process your personal information, it is deleted and/or anonymized. If you have questions about, or need further information concerning, our data retention periods, please email privacy@hearsaycorp.com.
If the GDPR or the U.K., applies to you because you are in the EEA or the U.K., you have certain rights in relation to your personal data:
These rights are subject to certain rules around when you can exercise them. If you are located in the EEA or the U.K. and wish to exercise any of the rights set out above, please contact us (see How to Contact Us about Privacy).
We will respond to all legitimate requests within one month. Occasionally, it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated as required by law.
Finally, you have the right to make a complaint at any time to the supervisory authority for data protection issues in your country of residence. We would, however, appreciate the chance to address your concerns before you approach the supervisory authority, so please contact us directly first at privacy@hearsaycorp.com.
This privacy notice for Nevada, California, Colorado, Connecticut, and Virginia residents, and residents of other states with applicable privacy laws (“State Privacy Notice”) supplements the information contained in the Privacy Policy and applies solely to individuals who reside in the applicable state (“Consumers”). We have created this State Privacy Notice in order to comply with the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act (collectively, “CCPA”), the Colorado Privacy Act (“CPA”), the Connecticut Data Privacy Act (“CTDPA”), the Virginia Consumer Data Protection Act (“VCDPA”), and other applicable privacy laws (collectively, “Data Protection Law”).
This CCPA Notice applies to Personal Information that Hearsay collects for its own purposes. It does not apply to:
We collect Personal Information as that term is defined in CCPA. Within the last twelve (12) months, Hearsay has collected the following categories of Personal Information from or about Consumers:
Personal information does not include:
As explained in more detail here, Hearsay obtains the categories of personal information listed above from the following categories of sources:
We collect and process your Personal Information and/or Sensitive Personal Information whenever you use our Website and/or Services.
Under the CCPA, we must disclose the purposes for which we collect your information. Our purposes include Business Purpose and Commercial Purposes, as generally described below.
In the section Why We Collect Your Personal Information and How We Use It, we explain the purposes for which we process this information, pursuant to Data Protection Law(s), along with the relevant categories of data we use and the legal basis we rely on to do so or other permitted reasons for processing (e.g. Business Purposes or Commercial Purposes under the CCPA). For clarity, the terms Business Purpose and Commercial Purpose, are being used to sufficiently describe the purpose of processing, transferring, sharing, sale, and/or sharing, as applicable, of all your Personal Information and/or Sensitive Personal Information under all Data Protection Law(s). As previously mentioned, Hearsay transfers and/or discloses your geolocation data and the contents of your social and text messages, which is Sensitive Personal Information, in order to provide the Service as well as for compliance reasons.
Hearsay may disclose your Personal Information to service providers, contractors, and/or third parties (as defined by CCPA) (or processor or third party, as defined by applicable Data Protection Law(s)) for a Business Purpose and/or Commercial Purpose. When we disclose Personal Information for a Business Purpose and/or Commercial Purpose, we enter into a contract that describes the purpose and requires the recipient to both keep that Personal Information confidential and not use it for any purpose except performing the services for us. As explained in more detail here, we also share your Personal Information with certain categories of service providers, contractors, and/or third parties who assist us in providing the Hearsay Website and Services and with our business.
We disclose your Personal Information and/or Sensitive Personal Information for a Business Purpose and/or Commercial Purpose to the following categories of Service Providers:
The following chart describes the categories of Personal Information and Sensitive Personal Information that we disclosed to service providers, contractors, and/or third parties for a Business Purpose and/or Commercial Purpose in the 12 months prior to the date of this Privacy Policy. As noted below in the chart, Hearsay transfers and/or discloses your geolocation data and the contents of your social and text messages, which is Sensitive Personal Information, in order to provide the Service as well as for compliance reasons.
The CCPA defines ‘sale’ and ‘share’ very broadly. ’Sale’ includes the sharing of Personal Information with third parties in exchange for anything of value, while ‘share’ means disclosure of Personal Information to third parties for cross contextual behavioral advertising. According to these broad definitions, in the 12 months before this section was last updated, we may have sold or shared the following categories of Personal Information to third parties:
The CCPA provides Consumers with specific rights regarding their Personal Information, provided that we are able to verify their identities as explained below. This section describes your CCPA rights and explains how to exercise them.
Opting-out of Sales or Sharing of Your Personal Information
You have the right to opt-out of our sharing or selling of your Personal Information with some External Ad Partners in certain circumstances. If you would like to opt-out of the sale of Personal Information, please click here.You can also opt-out of the sale or sharing of your Personal Information that is collected automatically when you visit the Website by clicking here.
Hearsay does not sell or share Personal Information collected on the Hearsay mobile-based software platform.
Access to Specific Information
You have the right to request that Hearsay disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive your request and verify your identity, as explained in Exercising Your Consumer Rights, we will disclose such information to you.
Right to Data Portability
You have the right to receive the Personal Information that you have provided to Hearsay, in a structured, commonly used and machine-readable format, and you have the right to transmit that information to another controller, including to have it transmitted directly, where technically feasible.
Right to Correction
You have the right to have your Personal Information corrected.
Deletion Request Rights
You have the right to request that Hearsay delete your personal information, subject to certain exceptions listed in the CCPA. Once we receive your request and verify your identity, as explained in Exercising Your Consumer Rights, we will delete (and direct our service providers, contractors, third parties, and/or processors, as applicable, to delete) your Personal Information from our records, unless an exception applies.
Your Right to Limit the Use Sensitive Personal Information We Have Collected About You
You have the right to limit our use of your Sensitive Personal Information if we use it for purposes other than providing the Services to you. We currently do not use your Sensitive Personal Information for purposes other than providing the Service/ for the Business Purposes above.
Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable Consumer request related to your personal information.
An authorized agent is a natural person or a business entity registered with the Secretary of State that a Consumer has authorized to act on his or her behalf. When a Consumer uses an authorized agent to submit a request to know or a request to delete, Hearsay may require that the Consumer provide the authorized agent written permission to do so and verify his or her own identity directly with Hearsay, unless the Consumer has provided the authorized agent with a valid power of attorney. Hearsay may deny a request from an agent that does not submit proof that he or she has been authorized by the Consumer to act on his or her behalf.
To exercise the rights described above, please submit a verifiable Consumer request to us by either calling us at 1-888-399-2280 or mailing privacy@hearsaycorp.com.
You may only make a verifiable Consumer request for access or data portability twice within a 12-month period. In particular, you can request the following:
1. Specific Pieces of Information
2. Categories of Information
The verifiable Consumer request must:
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. We will notify you to explain the basis of the denial.
If we have a good-faith, reasonable belief that a request to opt-out of the sale or sharing of Personal Information is fraudulent, we may deny the request. Should this occur, we will inform you and explain why we believe the request is fraudulent.
Making a verifiable Consumer request does not require you to create an account with us. Please note that the methods for verification are set forth in the CCPA, which also requires us to consider a number of factors, such as the type, sensitivity, and value of the personal information or the risk of harm posed by unauthorized access or deletion, on a case-by-case basis.
We will only use personal information provided in a verifiable Consumer request to verify the requestor’s identity or authority to make the request.
Upon your request, we will delete the Personal Information we have collected about you, except for situations where the CCPA authorizes us to retain specific information, including when it is necessary for us to provide you with a good or service that you requested; perform a contract we entered into with you; maintain the functionality or security of our systems; or comply with or exercise rights provided by the law. The law also permits us to retain specific information for our exclusively internal use, but only in ways that are compatible with the context in which you provided the information to us or that are reasonably aligned with your expectations based on your relationship with us. We will act on your deletion request within the timeframes set forth below.
Response Timing
We endeavor to respond to a verifiable Consumer request generally within 45 days of its receipt, or as otherwise required by the CCPA, although we may take longer to process your request under certain circumstances. If we expect your request is going to take us longer than normal to fulfill, we will let you know.
Any disclosures we provide will only cover the 12-month period preceding our receipt of the verifiable Consumer’s request. If applicable, in our response, we will also explain the reasons we cannot comply with a request. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We usually act on requests and provide information free of charge, but we may charge a reasonable fee to cover our administrative costs of providing the information in certain situations. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request. In some cases, the law may allow us to refuse to act on certain requests. When this is the case, we will endeavor to provide you with an explanation as to why.
We will not discriminate against you in a manner prohibited by the CCPA because you exercise your CCPA rights. Please note that to use our Services, we do require the collection of your personal information – for example, to sign you up. While you may request to delete your personal information under CCPA, such deletions may affect our ability to offer the Services.
California Civil Code Section 1798.83, also known as the “Shine the Light” law, permits California residents to annually request, free of charge, information about certain categories of Personal Information a business has disclosed to third parties for direct marketing purposes in the preceding calendar year. California residents may make such request to us at privacy@hearsaycorp.com. We will provide a list of the categories of personal information disclosed to such third parties for their direct marketing purposes during the immediately preceding calendar year, along with the names and addresses or these third parties. This request may be made no more than once per calendar year. We reserve our right not to respond to requests submitted other than to the email specified in this section.
We do not sell your Personal Information within the scope of, and according to the defined meaning of, a “sale” under NRS 603A.
Under Virginia’s Consumer Data Protection Act (“VCDPA”), solely as to Personal Information of users acting in an individual or household context, Virginia residents have certain rights around Hearsay’s collection, use, and sharing of their personal data. Hearsay may sell your personal data and has provided you with notice and an opportunity to opt-out of such sale as required by law. Similarly, Hearsay may engage in profiling in furtherance of decisions that produce legal or similarly significant effects. Hearsay may engage in “targeted advertising” as that term is defined in the VCDPA. You have the right to opt-out of targeted advertising here. Hearsay collects various categories of personal data when you use the Services, including identifiers, commercial information, internet or other electronic network or device activity information, geolocation data, and professional information . A more detailed description of the information Hearsay collects and how we use it is provided above in the sections Information We Collect Directly From You, Information We Collect Indirectly From You, Use of Your Personal Information, How We Process Your Information and Our Legal Bases for Doing So, and Disclosure of Personal Information. Disclosure of Personal Information describes the categories of third parties with whom we share personal data, and what information may be shared under different circumstances. If you are a resident of Virginia, you will have the right to (1) request to know what personal data has been collected about you, and to access that information; (2) request to correct inaccuracies in your personal data; (3) request deletion of your personal data, though exceptions under the CDPA and other laws may allow Hearsay to retain and use certain personal data notwithstanding your deletion request; (4) obtain a copy of your personal data (i.e., right of data portability); and (5) the right to opt out personal data processing for the purpose of (i) targeted advertising; (ii) the sale of personal data; or (iii) profiling in further of decisions that produce legal or similarly significant effects concerning the consumer. You can learn more about how to submit a data rights request, or appeal denial of a request, as applicable, at the Exercising Your Consumer Rights section above. You may also send your request by email to privacy@hearsaycorp.com.
Under Colorado’s Consumer Privacy Act (“CPA”), solely as to Personal Information of users when acting in an individual or household context, Colorado residents have certain rights around Hearsay’s collection, use, and sharing of their personal data. Hearsay may sell your personal data and has provided you with notice and an opportunity to opt-out of such sale as required by law. Similarly, Hearsay may engage in profiling in furtherance of decisions that produce legal or similarly significant effects. Hearsay may engage in “targeted advertising” as that term is defined in the CPA. You will have the right to opt-out of targeted advertising here. Hearsay collects various categories of personal data when you use the Services, including identifiers, commercial information, internet or other electronic network or device activity information, geolocation data, and professional information. A more detailed description of the information Hearsay collects and how we use it is provided above in the sections Information We Collect Directly From You, Information We Collect Indirectly From You, Use of Your Personal Information, How We Process Your Information and Our Legal Bases for Doing So, and Disclosure of Personal Information. Disclosure of Personal Information describes the categories of third parties with whom we share personal data, and what information may be shared under different circumstances. If you are a resident of Colorado, you will have the right to (1) request to know what personal data has been collected about you, and to access that information; (2) request to correct inaccuracies in your personal data; (3) request deletion of your personal data, though exceptions under the CPA and other laws may allow Hearsay to retain and use certain personal data notwithstanding your deletion request; (4) obtain a copy of your personal data (i.e., right of data portability); and (5) the right to opt out personal data processing for the purpose of (i) targeted advertising; (ii) the sale of personal data; or (iii) profiling in further of decisions that produce legal or similarly significant effects concerning the consumer. You can learn more about how to submit a data rights request, or appeal denial of a request, as applicable, at the Exercising Your Consumer Rights section above. You may also send your request by email to privacy@hearsaycorp.com.
Under Connecticut’s Data Privacy Act (“CTDPA”), solely as to Personal Information of users when acting in an individual or household context, Connecticut residents have certain rights around Hearsay’s collection, use, and sharing of their personal data. Hearsay may sell your personal data and has provided you with notice and an opportunity to opt-out of such sale as required by law. Similarly, Hearsay may engage in profiling in furtherance of decisions that produce legal or similarly significant effects. Hearsay may engage in “targeted advertising” as that term is defined in the CTDPA. You will have the right to opt-out of targeted advertising here. Hearsay collects various categories of personal data when you use the Services, including identifiers, commercial information, internet or other electronic network or device activity information, geolocation data, and professional information. A more detailed description of the information Hearsay collects and how we use it is provided above in the sections Information We Collect Directly From You, Information We Collect Indirectly From You, Use of Your Personal Information, How We Process Your Information and Our Legal Bases for Doing So, and Disclosure of Personal Information. Disclosure of Personal Information describes the categories of third parties with whom we share personal data, and what information may be shared under different circumstances. If you are a resident of Connecticut, you will have the right to (1) request to know what personal data has been collected about you, and to access that information; (2) request to correct inaccuracies in your personal data; (3) request deletion of your personal data, though exceptions under the CTDPA and other laws may allow Hearsay to retain and use certain personal data notwithstanding your deletion request; (4) obtain a copy of your personal data (i.e., right of data portability); and (5) the right to opt out personal data processing for the purpose of (i) targeted advertising; (ii) the sale of personal data; or (iii) profiling in further of decisions that produce legal or similarly significant effects concerning the consumer. You can learn more about how to submit a data rights request, or appeal denial of a request, as applicable, at the Exercising Your Consumer Rights section above. You may also send your request by email to privacy@hearsaycorp.com.
If you have any questions regarding this State Notice, please contact us directly.
As explained above, we process personal information from individuals described below on behalf of our Customers in order to provide our Services, in accordance with their Instructions. When we process personal information on behalf of our Customers, we are a ‘data processor’ or service provider. This includes certain information that we collect through our account portal (https://my.hearsaysocial.com/) when Users log into their accounts with Hearsay, as well as other information that is collected through the various products offered by Hearsay as part of the Services.
Hearsay’s Customers are controllers of the Personal Information because they decide how or why your Personal Information is processed. When our Customers process Personal Information through our Services, they are responsible for ensuring that they do so in compliance with the law, including providing their customers and users with their own privacy policies.
Hearsay’s processing activity as a service provider and processor is governed by the contracts we have with our Customers. Under the terms of those agreements, we will direct any data subject request you make to Hearsay for Personal Information that we process as a processor under this section to our Customers.
For purposes of this Section, “You” may refer to a variety of people, including:
If there are special terms and considerations, we will address the individual group by the capitalized term (Customer, User or User Contacts). Where terms apply to all groups, we will address the group as “you.”
We process information (1) received directly from Customers and Users, other than personal information collected on signing up as a User of the Services, (2) from or about User Contacts through the use of the Services by Customers and Users, and (3) obtained indirectly, such as through the use of cookies or CRM integrations.
The information that we process as part of the Services is described below in further detail. Collectively, all information processed by Hearsay in order to provide the Services is referred to “Services Information” for purposes of this Privacy Policy.
Through the Services, Customers and Users can populate their accounts with information submitted by a Customer or a User to Hearsay, or uploaded by Customer or a User to the Services, which is meant to be used and shared through the Services. Examples of such content include articles, logos and other assets uploaded by a Customer or User to personalize a web page. In uploading or submitting this information, Customers and Users must not include any personally identifiable information contained within the uploaded materials.
Hearsay may also contact Customers and Users to provide feedback on the Services by email or other means in order to better understand how Customers and Users use the Services. Some of the questions might include requests with a voluntary answer to provide certain additional personal identifiable information, such as name, age and geographic location. Information gathered by Hearsay will be used solely in connection with or to improve or expand the Services; however, this may include using this information within third-party services that are associated with the Services. Please see our cookies section to better understand how we use performance cookies to improve the Services.
As part of our Services, Hearsay allows Users to connect certain digital assets such as social media accounts (including private messaging in some cases), email addresses and telephone numbers to the Services in order to communicate with User Contacts. Customers may also have their own websites hosted by Hearsay (“Customer Sites”). As a result, Hearsay processes personal information from or about User Contacts that is collected via the Customer Sites, User social media accounts and/or other connections to the Services, depending on the level of permission. For instance, when using social media networks, if Hearsay is allowed to collect social media activity about the User Contact, Hearsay will collect such information and present a summary of this information to the User. With respect to text message correspondence, Hearsay may collect, store and retain the telephone number of the User Contact, call history with the User Contact, and any contents of a text message that a User Contact made in text message communications with the User.
Hearsay collects and/or processes Sensitive Personal Information, including precise geolocation and content of social and text messages. As explained below, the contents of social and text messages may contain additional Sensitive Personal Information that is shared by the Customer and/or User.
Any information that a User or a User Contact submits to the Services will be captured and retained by Hearsay as part of the Services.
If you are a User Contact, you may have been directed to review this Privacy Policy by one of our Customers in lieu of their own Privacy Policy. In this case, any information about you as a User Contact that Hearsay collects will be processed and maintained in accordance with this policy. However, to understand how the Customer uses the information or to exercise any rights, please contact the Customer directly.
CRM Integrations
Certain Customers integrate their customer relationship management (CRM) systems with the Services. When this happens, Hearsay receives any information about Users and User Contacts that a Customer has collected and wishes to share with Hearsay. Hearsay will use this information within the Service to enable certain functionality (e.g., populating email contacts from a CRM so that a User may utilize email functionality), or use insights in order to recommend certain actions (e.g., based on a combination of activity documented in CRM and the Services with a User Contact, a User might receive a recommendation to make a future communication with the same User Contact).
Publicly Available Information about Users and User Contacts
In order to better understand Users and provide a better experience, Hearsay creates various “profiles” within the Services, in order to provide more targeted content and suggest action items for a User to take within the Services. “Profiles” are not composites of personal information nor based on actual individuals, but are common characteristics identified by Hearsay to describe certain behaviors or preferences. In order to make recommendations or suggest content, Hearsay endeavors to find out more about its Users and User Contacts. In some instances, when building these “profiles,” Hearsay may retain third parties to collect publicly available information about Users. This information may include your industry, the size of your office, and your online directory listing, to help Hearsay understand more about our customer base and to tailor information we send you about the Services.
Anonymized Aggregated Data
Hearsay has developed proprietary algorithms that monitor all communications and transactions that occur within the Services. Hearsay engages third parties to perform data analysis on data sets provided by Hearsay in order to improve Hearsay’s algorithms. The purpose of these algorithms is to identify patterns of behavior, either unique to a User or to defined categories of people, which may enhance a User’s use of the Services. Any data created or identified within an algorithm does not identify the activity of an individual User or User Contacts. For example, the Services may identify that a User’s social media network contacts are most active between the hours of 10 AM to 12 PM on weekdays, and would therefore recommend a User to schedule social media posts during this time. The Services algorithms gather this information based on the volume activity occurring within this network; this recommendation, or any data associated with this recommendation, would not identify the posting habits of any individual User Contact or a User. For text message communication, the Services may suggest prepopulated quick replies to certain text messages. The Services algorithms make these suggestions based on gathered information from previous replies and conversations.
Industry Information
Hearsay collects information relating to the industry with which a User is associated: acquiring data sets about certain financial services industries, reviewing census results to identify purchasing habits of consumers, etc. The purpose of acquiring this information is to provide more information and insight for the User when using the Services.
We or our authorized service providers process the Services Information solely as a data processor, in order to:
We disclose Services Information under certain circumstances, as further described below.
The Services allow Users to send or receive communications from User Contacts through social media, email, text messaging and voice communications. If Users send communications through the Services, Hearsay will deliver those communications to third parties in order for the User Contact to share and receive those communications. We call these third party delivery networks “External Services.” Examples of External Services include Facebook, Twitter, LinkedIn and Instagram (for social media).
We may share Services Information with third-party service providers or consultants who need access to the data to perform their work on Hearsay’s behalf. These third party service providers are limited to only accessing or using this data to provide services to us and must provide reasonable assurances that they will appropriately safeguard any data provided by Hearsay. These include Amazon Web Services for website hosting, Sendgrid for email delivery and Twilio for text messaging.
Hearsay is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). Telecommunications activity performed by Hearsay is regulated and overseen by the Federal Communications Commission (FCC) and various state public utility commissions. We may disclose Services Information pertaining to a regulatory audit conducted by these entities as well as oversight organizations for the financial services industry, such as FINRA, SEC, or similar state and international regulators. When responding to a financial services regulatory audit, we will endeavor to first contact the Customer before disclosing any such information unless we are prohibited from doing so. The Customer is solely responsible for contacting any Users or User Contacts as part of the regulatory audit and disclosure of Services Information.
We may share data collected from you from the Services with our affiliates.
As we continue to grow, we may purchase websites, applications, subsidiaries, or other businesses or business units. Alternatively, we may sell businesses or business units, merge with other entities, obtain financing, and/or sell assets or stock, in some cases, as part of a reorganization or liquidation in bankruptcy. In order to evaluate and/or as part of these transactions, we may transfer your personal information to a successor entity upon a merger, consolidation, or other corporate reorganization in which Hearsay participates, to investors and/or to a purchaser or acquirer of all or a portion of Hearsay’s assets, bankruptcy included.
We share anonymized, aggregated, automatically-collected, or otherwise non-personal information with third parties for various purposes, including (i) compliance with reporting obligations; (ii) business or marketing purposes; (iii) assistance for us and other parties in understanding our Customers’ and Users’ interests, habits, and usage patterns for certain programs, content, services, advertisements, and/or functionality available through the Services. We do not share personal information about you in this case.
Hearsay may preserve or disclose your personal information in limited circumstances (other than as set forth in this Privacy Policy), including: (i) with your consent; (ii) when we have a good faith belief it is required by law, such as pursuant to a valid subpoena, warrant, or other judicial or administrative order (as further explained below); (iii) to protect the safety of any person; (iv) to protect the safety or security of the Hearsay Website and/or Services or to prevent spam, abuse, or other malicious activity of actors with respect to the Hearsay Website and/or Services; or (v) to protect our rights or property or the rights or property of those who use the Hearsay Website and/or Services.
If we are required to disclose personal information by law, such as pursuant to a subpoena, warrant, or other judicial or administrative order, we will use reasonable efforts to provide you with notice of this disclosure requirement, unless we are prohibited from doing so by statute, subpoena or court or administrative order. Our policy is to respond to requests that are properly issued by law enforcement within the United States or via mutual legal assistance mechanism (such as a treaty), and to object to requests that we do not believe were issued properly. However, if we receive information that provides us with a good faith belief that there is an exigent emergency involving the danger of death or serious physical injury to a person, we may provide information to law enforcement trying to prevent or mitigate the danger (if we have it), which will be determined on a case-by-case basis.
Certain Customers may purchase services from third parties that have a partnership relationship with Hearsay and are authorized to access the Services (“Value Added Partners”). In such cases, Hearsay will allow the Value Added Partner(s) to access the relevant Services account if the Customer has given the requisite permission. This access may include being able to read Services Information.
As ‘data controllers’ of Services Information, Customers are responsible for providing information to individuals in the EEA and/or the U.K., including the purposes of collection, legal bases, and your rights, as well as residents of certain states that provide consumer rights. If we receive a notification from a Customer regarding an individual wishing to exercise his/her exercising, we will assist said Customer with responding to and honoring such requests according to the Customer’s instructions.
When you visit the Hearsay Website or use the Services, we and our service providers acting on our behalf automatically collect certain data using tracking technologies like cookies, web beacons, and similar tracking technologies.
A cookie is a small amount of data, which often includes an anonymous unique identifier that is sent to your browser from a website’s computers and stored on your computer’s hard drive.
These technologies are used to help us better understand User behavior and facilitate and measure the effectiveness of our Hearsay Website and Services. We treat information collected by cookies and other technologies as non-personal information.
We use cookies to record current session information. We also use third party cookies (e.g. Google Analytics) to provide anonymized and aggregated information on website usage statistics and patterns.
All modern Internet browsers allow you to control your cookie settings. These settings are usually accessed in the ‘Options’ or ‘Preferences’ section of your browser. Please note that certain features of the website will not be available once cookies are disabled. For further information about cookies and how to manage them, please visit www.allaboutcookies.org.
Hearsay uses web beacons with cookies or separately to compile information about your engagement with us. Web beacons are clear electronic images that can recognize certain types of information on your computer, such as cookies, when you view a particular website tied to the web beacon, and a description of a website tied to the web beacon.
Here is a basic description and overview of the type of cookies Hearsay may use:
Hearsay Social, Inc. (“Hearsay”), is a web and mobile-based software platform that allows financial services and insurance companies (“Customers”) and their employees and/or designated agents with access to the Services (“Users”) to utilize electronic communications channels (such as social media, websites, email, mobile voice and text message) to communicate with clients and prospects (“SaaS Services”).
This Privacy Policy applies to Hearsay’s Website and Hearsay’s SaaS Services; collectively “Services.” This Privacy Policy contains details about how we collect, use, disclose, process, share and secure personal information that we obtain from and about you when you interact with our Services. Our collection and processing of information that alone or in conjunction with other information may reasonably identify you (“Personal Information”) may be either for our own purposes, or on behalf of other entities to whom we provide services.
If you have any questions regarding the collection and processing of Personal Information performed by us on behalf of another entity please consult that entity’s privacy policy. If, after reviewing this Privacy Policy, you have any questions or privacy concerns, please send us an email to privacy@hearsaycorp.com (see the How to Contact Us about Privacy section). We are committed to protecting the privacy of those with whom we interact.
For purposes of this Privacy Policy, the words “our,” “us,” “we,” and “Hearsay” refer to Hearsay Social, Inc., and our affiliates (which includes any person or entity that controls us, is controlled by us, or is under common control with us, such as our subsidiary, parent company, or our employees).
For the purpose of this Notice, Personal Information shall by interchangeable with Personal Data, and each shall have the meaning assigned to it by applicable laws, including, but not limited to, information that directly or indirectly, on its own or in conjunction with other information, identifies an individual. Please read this Notice carefully.
NEVADA, CALIFORNIA, COLORADO, CONNECTICUT, OR VIRGINIA RESIDENTS OR RESIDENTS OF ANOTHER STATE THAT OFFER CERTAIN PRIVACY RIGHTS: If you are a resident of Nevada, California, Colorado, Connecticut, or Virginia or resident of another state that offers certain privacy rights, this entire Privacy Policy applies to you. However, please see Additional Information for Certain States below, which will inform you in detail about our information collection practices and your specific rights.
INDIVIDUALS LOCATED IN THE EEA OR THE U.K.: If you are located in the European Economic Area (“EEA”) or the United Kingdom (“U.K.”), this entire Privacy Policy applies to you. However, please see Additional Information for Individuals in the EEA below, which will inform you in detail about our legal bases for processing and which rights you have in connection with our processing of your personal data.
We collect information in several contexts as described below. This policy also does not apply to information we collect in connection with providing services to our business clients, where we act as a service provider and process Personal Information in accordance with their instructions (see “Hearsay Processor and Service Provider Data”). Such information is subject to the Privacy Policies of the other financial institutions.
This Policy applies only to Hearsay operated services and applications, including our online services, mobile-based application, and Website. Our Services may contain links to other websites that are not operated or controlled by Hearsay. Hearsay does not control such third-party websites or their privacy practices. Any personal information you choose to give to third-party websites is not covered by this Notice.
Hearsay may update this Privacy Policy from time to time, in its sole discretion. If we do so, we will post an updated Privacy Policy on the Hearsay Website and provide prompt written notice of such updates, as applicable. Changes, modifications, additions, or deletions will be effective when posted unless stated otherwise. If we make material or significant changes, we may also send our Customers a notice that we have changed this Privacy Policy. Your continued use of the Hearsay Website and Services, and/or your continued provision of personal information to us after the posting of such notice, will be deemed an acceptance of any changes and subject to the terms of the then-current Privacy Policy. If any of the changes are unacceptable to you, you should cease interacting with us. When required under applicable law, we will seek affirmative consent from you before making material changes to the way we handle Personal Information previously collected from you. If you do not provide such consent, Personal Information will continue to be used in a manner that is consistent with the version of this Notice under which it was collected.
We are located in the United States, and the personal information that we collect is stored on servers located in the United States. This means that your Personal Information will be collected, processed, and stored in the United States, which may have data protection laws that are different from (and sometimes less protective than) the laws of your country or region, such as the General Data Protection Regulation 2016/679 (“GDPR”) in the European Union.
By sending us Personal Information, you agree and consent to the processing of your personal information in the United States, which may not offer an equivalent level of protection to that required in other countries (particularly the European Economic Area).
We have implemented safeguards designed to ensure that the Personal Information we process remains protected in accordance with this Privacy Policy, including when processed internationally or by our third-party service providers and partners. The safeguards we may take at our discretion include, for instance, entering into specific agreements in connection with any onward transfers of personal information. We may implement other mechanisms and take similar appropriate safeguards with our third party service providers and partners. Further details can be provided upon request.
Hearsay acts as a ‘data controller’ when it collects Personal Information on its own behalf and for its own Business Purposes, such as through our publicly-accessible Website, and as a ‘data processor’ when it collects and processes personal information on behalf of its Customers in order to provide the SaaS Services. As such, this Privacy Policy is separated into two main sections that address our different roles:
Please note that how you exercise certain rights will depend on whether Hearsay is processing your Personal Information as a ‘data controller’ or as a ‘data processor’, and is further explained throughout this Privacy Policy:
If you are a visitor of the Hearsay Website or a Customer and have any questions about this Privacy Policy or requests for access to or deletion or rectification of personal information that Hearsay collects and processes contact us at privacy@hearsaycorp.com or by mail at:
Attn: Legal Department
Hearsay Social, Inc. d/b/a Hearsay Systems
2261 Market Street, Ste. 5397
San Francisco, CA 94114
United States of America
Individuals in the EEA or the U.K. may contact Hearsay at:
Attn: Legal Department
Hearsay Social, Inc. d/b/a Hearsay Systems
Koztelek utca 6, 1147 Budapest
privacy@hearsaycorp.com
Below is a description of the personal information that we gather from you as a visitor to Hearsay Website, which includes https://hearsaysystems.com and other websites where this Privacy Policy is posted. Information about personal information collected through the account portal and the Saas Services can be found in the Hearsay Processor and SaaS Service Provider Data section below.
In this section, “you” refers to an individual visiting the Hearsay Website.
When you visit the Hearsay Website, we collect information directly from you when you provide it to us, such as when you request a demo, and indirectly, such as through the use of cookies and similar technology.
Data Protection Law (as defined below) recognizes that Sensitive Personal Information (or “sensitive personal data” as used interchangeably) requires additional protection. In particular, the GDPR prohibits the processing of sensitive personal data, other than in certain exceptional circumstances. Sensitive personal data in the EEA includes information relating to one’s race or ethnicity, political opinions, religious or philosophical beliefs, membership of a trade union, as well as biometric data and data relating to one’s health or sexual orientation (“Sensitive Personal Information”. Certain US state privacy laws (i.e., “Data Protection Law”) also have different definitions of Sensitive Personal Information, which may also include precise geolocation, citizenship or immigration status, and Personal Information from a known child.
Visiting the Hearsay Website
Some pages of the Hearsay Website allow you to fill out a web form and share your personal information with us directly, such as on our “Contact Us” page and on our “Submit a request” page. Information we collect consists of:
Occasionally, we may also offer opportunities for you to share your data with us such as through a survey, to sign up for a newsletter, or to register for or receive details about an event we are sponsoring. If you participate in those surveys, sign up for a newsletter, or register for an event, we will collect the information you provide to us at that time. You will be able to unsubscribe from receiving those types of communication at any time.
In addition, if you send us an email or otherwise contact us, we will collect the personal information that you provide to us at that time.
When you visit the Hearsay Website, we, or authorized third parties, collect information, including Device and Usage Information described below, by automated means using cookies, web beacons, server logs or other tracking technologies for analytic purposes. For more information on our use of these technologies and the data that they collect, please see our Cookie Statement. We may also collect information from third parties, as explained below.
Device and Usage Information
When you visit, use or interact with the Hearsay Website, even if you do not have an account, we, or authorized third parties (such as service providers or External Ad Partners (as defined in the Targeted Advertising section below), may collect information about your use of the Hearsay Website via your device. Device and Usage Information that we, or these authorized third parties, collect consists of:
Information from Third Parties
In some instances, we process personal information from third parties, such as data from our External Ad Partners (see the Targeted Advertising section below). These third parties may also use tracking technologies to serve you advertisements tailored to interests you have shown by browsing on this Website and other sites, applications, destinations, and services you have visited, and for other lawful Business Purposes (as defined below).
To provide you with more relevant and interesting experiences, we may work with third party companies to display ads or customize the content on this Website and on other digital properties and websites. These companies may use cookies and similar tracking technologies as described in this Notice to gather information about your visits to our Website, as well as your visits elsewhere on the Internet. These companies use this information to provide you with more relevant advertising known as interest-based advertising.
We, or our authorized partners, collect and process personal information in order to:
Additionally, we may disclose information about users (i) if it is required to do so by law or legal process; (ii) as may be required to law enforcement authorities or other government officials, (iii) when Hearsay believes disclosure is necessary or appropriate to prevent physical harm, financial loss or in connection with an investigation of suspected or actual illegal activity, or (iv) to respond to claims by third parties.
For California residents, please see the Additional Information for Certain States Section below for more information on specific purposes of collection for each category of Personal Information collected in the past 12 months as a “Business” under the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act of 2020. For Colorado, Connecticut, and Virginia residents, please also see the Additional Information for Certain States.
For individuals located in the EEA or the U.K., please see the Additional Information for Individuals in the EEA and the U.K. Section below for more information, including our legal bases for processing.
We disclose your Personal Information under certain circumstances, such as to our service providers or in the event of a business transfer, as further described below.
Hearsay may share Personal Information and/or Sensitive Personal Information with our third party agents, contractors, or service providers who are hired to perform services on Hearsay’s behalf or in order to assist with certain Business Purposes and/or Commercial Purposes. These providers may operate or support certain functions of the Hearsay Website and Services. Below is a list of categories of service providers that we may use to perform these functions (which are subject to change):
Service providers process your Personal Information and/or Sensitive Personal Information for the specific purpose of providing their services to us (and in accordance with our instructions).
As explained here, we also work with and disclose Personal Information to External Ad Partners who assist us with advertising and marketing our Services.
In some cases, service providers and External Ad Partners collect your Personal Information and/or Sensitive Personal Information directly from you, such as via cookies.
We may share data collected from you from the Hearsay Website with our affiliate entities.
As we continue to grow, we may purchase websites, applications, subsidiaries, or other businesses or business units. Alternatively, we may sell businesses or business units, merge with other entities, obtain financing, and/or sell assets or stock, in some cases, as part of a reorganization or liquidation in bankruptcy. In order to evaluate and/or as part of these transactions, we may transfer your personal information to a successor entity upon a merger, consolidation, or other corporate reorganization in which Hearsay participates, to investors and/or to a purchaser or acquirer of all or a portion of Hearsay’s assets, including bankruptcy.
We share anonymized, aggregated, automatically-collected, or otherwise non-Personal Information with third parties for various purposes, including (i) compliance with reporting obligations; (ii) Business Purposes, Commercial Purposes, and/or marketing purposes; (iii) assistance for us and other parties in understanding our users’ interests, habits, and usage patterns for certain programs, content, services, advertisements, and/or functionality available through the Services. We do not share Personal Information about you in this case.
Hearsay may preserve or disclose your Personal Information in limited circumstances (other than as set forth in this Privacy Policy), including: (i) with your consent; (ii) when we have a good faith belief it is required by law, such as pursuant to a valid subpoena, warrant, or other judicial or administrative order (as further explained below); (iii) to protect the safety of any person; (iv) to protect the safety or security of the Hearsay Website and/or Services or to prevent spam, abuse, or other malicious activity of actors with respect to the Hearsay Website and/or Services; or (v) to protect our rights or property or the rights or property of those who use the Hearsay Website and/or Services.
If we are required to disclose Personal Information by law, such as pursuant to a subpoena, warrant, or other judicial or administrative order, we will use reasonable efforts to provide you with notice of this disclosure requirement, unless we are prohibited from doing so by statute, subpoena or court or administrative order. Our policy is to respond to requests that are properly issued by law enforcement within the United States or via mutual legal assistance mechanism (such as a treaty), and to object to requests that we do not believe were issued properly. However, if we receive information that provides us with a good faith belief that there is an exigent emergency involving the danger of death or serious physical injury to a person, we may provide information to law enforcement trying to prevent or mitigate the danger (if we have it), which will be determined on a case-by-case basis.
Our Website is intended for individuals 18 years of age and older. It is not directed at, marketed to, nor intended for, children under 18 years of age. We do not knowingly collect any Personal Information directly from children under the age of 18. If we discover we have inadvertently received any Personal Information from a child under the age of 18 in violation of this Policy, we will take reasonable steps to delete that information as quickly as possible. If you believe that we have any Personal Information from or about anyone under the age of 18, please contact us at privacy@hearsaycorp.com.
The Hearsay Website uses third-party analytics tools that drop cookies and/or similar technologies to collect and store information about your device and use of the Hearsay Website. We use analytics tools to calculate visitor, session and campaign data for the Hearsay Website analytics reports.
One of our tools is Google Analytics. We use Google Analytics to generate and process statistical or demographic data. Third parties, like Google, use cookies to compile reports on the website’s activity and website visitors, and provide other services related to website activity and usage. The technologies used by Google may collect information such as your IP address, time of visit, whether you are a return visitor, and any referring website. You can read more about Google’s practices in Google’s privacy policy. You can opt-out from being tracked by Google Analytics in a particular browser on a particular device by downloading and installing the Google Analytics Opt-out Browser Add-on for that browser. To learn more about how to opt-out of tracking by Google Analytics, please click here.
Another tool is the LinkedIn Insight Tag. You can read more about LinkedIn’s practices in LinkedIn’s privacy policy. LinkedIn only provides reports and alerts (which do not identify LinkedIn members) about the Hearsay website audience and ad performance (LinkedIn does not share the personal data of its members with Hearsay). LinkedIn members can control the use of their personal data for advertising purposes through their account settings.
We market our company and Services in a variety of ways. Below is a description of what data we gather from you, and how we use it for purposes of these marketing activities. We gather information from or about you in the following different roles:
Occasionally, we may also offer opportunities for you to share your data with us such as through a survey, to sign up for a newsletter, or to register for or receive details about an event we are sponsoring. If you participate in those surveys, sign up for a newsletter, or register for an event, we will collect the information you provide to us at that time. You will be able to unsubscribe from receiving those types of communication at any time.
In some cases, you provide Personal Information directly to Hearsay as part of a marketing event that Hearsay hosts or co-hosts, through email or when you participate in an online webinar. Occasionally, and only with your consent, we may send you future communications. We may also acquire personal information about you through a third party. In particular, Hearsay engages third parties who provide us with contact information for Leads. When acquiring information from third parties, Hearsay endeavors to obtain contractual commitments from the third parties that the information was acquired lawfully and with the appropriate level of consent.
Our communications to you for marketing purposes will contain instructions on how you can opt-out from receiving future communications, and if you consent to our use of your personal information for marketing purposes, you may always withdraw your consent. You may also contact Hearsay directly about its marketing activities at privacy@hearsaycorp.com.
Hearsay engages third-party advertising networks (“External Ad Partners”) to display advertising about our Services when you visit other websites within that advertising network. Like many other companies, we rely on retargeting, also known as remarketing, which is a type of marketing strategy that helps businesses “remind” visitors of their products and services after they leave their websites. For instance, through the use of cookies (and similar technologies) placed by External Ad Partners, online identifiers (considered personal information) are collected and then used to identify visitors to the Hearsay Website on other websites or social media platforms. With this information our External Ad Partners may serve relevant ads on consumers who previously visited the Hearsay Website.
Individuals in the EEA, the U.K., or certain U.S. state residents (i.e., Consumers, as defined below) have additional rights, as explained here and here.
Hearsay maintains an online presence on social media platforms (“Social Media Platforms”) such as Instagram, Twitter, Facebook and Linkedin, to provide information about our Services and communicate with users and/or visitors to those pages or accounts. When you interact or post to our account, we process your Personal Information. In some cases, the Social Media Platforms are service providers or processors. In other cases, such as with Facebook, we are jointly responsible for the processing, as explained in the section titled Hearsay as a ‘Joint Controller’ with Facebook.
We use reasonably appropriate security measures designed to protect the security of Personal Information and Sensitive Personal Information both online and offline. These measures vary based on the sensitivity of the information that we collect, process and store and the current state of technology. Please note, though, that no website or internet transmission is completely secure, so while we strive to protect your data, we cannot guarantee that unauthorized access, hacking, data loss or a data breach will never occur.
Certain internet web browsers allow a “do not track” (“DNT”) setting that relies on a technology known as a DNT header, which sends a signal to websites visited by the individual about the individual’s browser DNT setting. At this time, we do respond to DNT signals. For more information on DNT settings generally, please visit https://allaboutdnt.com.
How you make choices about cookies and other tracking technologies depends on the type of cookie or tracking technology being used. For details on how to manage your preferences for cookies and tracking technologies within your web browser, please see our Cookie Statement.
If you are receiving promotional emails from us, you can choose to stop receiving those by following the unsubscribe/opt-out instructions in those emails. You can also opt-out by contacting customer support at support@hearsaycorp.com.
To request access to, or to make changes to, data that we have collected from you via the Hearsay Website, please email us at privacy@hearsaycorp.com. Individuals in the EEA, the U.K., or certain U.S. state residents (i.e., Consumers, as defined below) have additional rights, as explained here and here.
The categories of recipients of personal data with whom we may share your personal data are listed in Disclosure of Your Personal Information above.
Hearsay as ‘Data Controller’
As a ‘data controller’, Hearsay processes your Personal Information for a number of different purposes. Some are essential for us to provide the Services or to fulfill our legal obligations, some help us run the Services efficiently and effectively, and some enable us to provide you with more relevant and personalized offers and information. In all cases, with respect to individuals in the EEA or the U.K., we must have a reason and a legal ground for processing your personal information. The most common legal grounds on which we rely are briefly explained below:
The following breakdown illustrates in more detail our processing activities and how the above legal bases for processing apply (in brackets):
We use Facebook’s products and services (“Facebook Products”) in different ways:
With respect to our use of Facebook Products, we are jointly responsible with Facebook Ireland for the processing activities (“Joint Processing”):
Facebook Ireland Ltd.,
4 Grand Canal Square, Grand Canal Harbor
Dublin 2, Ireland
Information about the personal data that is collected from you by Facebook, as well as how and why it is processed by Facebook, can be found at https://www.facebook.com/about/privacy.
Hearsay and Facebook have entered into an agreement in order to determine the respective responsibilities for compliance with our obligations in connection with the Joint Processing within the meaning of the GDPR. This joint controller agreement, which sets out the reciprocal obligations, is available here.
Hearsay’s legal basis for processing your personal data via Facebook Products is our legitimate interest in increasing and analyzing the communication, sales, and promotion of Services. Our legal basis may also be your consent, which may be revoked at any time.
Some processing by Facebook Ireland Ltd. might take place in the United States by Facebook Inc.
We use the following criteria to determine our retention periods: the amount, nature and sensitivity of your information, the reasons for which we collect and process your personal data, the length of time we have an ongoing relationship with you and provide you with access to our Services, and applicable legal requirements. We will retain personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to comply with applicable legal, tax, or accounting requirements), when we are unable to reasonably verify your identity, or as may otherwise be required under GDPR. Additionally, we cannot delete information when it is needed for the establishment, exercise, or defense of a legal claim (also known as a “litigation hold”). In this case, the information must be retained as long as needed for exercising respective potential legal claims.
When we no longer have a legitimate business need to process your personal information, it is deleted and/or anonymized. If you have questions about, or need further information concerning, our data retention periods, please email privacy@hearsaycorp.com.
If the GDPR or the U.K., applies to you because you are in the EEA or the U.K., you have certain rights in relation to your personal data:
These rights are subject to certain rules around when you can exercise them. If you are located in the EEA or the U.K. and wish to exercise any of the rights set out above, please contact us (see How to Contact Us about Privacy).
We will respond to all legitimate requests within one month. Occasionally, it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated as required by law.
Finally, you have the right to make a complaint at any time to the supervisory authority for data protection issues in your country of residence. We would, however, appreciate the chance to address your concerns before you approach the supervisory authority, so please contact us directly first at privacy@hearsaycorp.com.
This privacy notice for Nevada, California, Colorado, Connecticut, and Virginia residents, and residents of other states with applicable privacy laws (“State Privacy Notice”) supplements the information contained in the Privacy Policy and applies solely to individuals who reside in the applicable state (“Consumers”). We have created this State Privacy Notice in order to comply with the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act (collectively, “CCPA”), the Colorado Privacy Act (“CPA”), the Connecticut Data Privacy Act (“CTDPA”), the Virginia Consumer Data Protection Act (“VCDPA”), and other applicable privacy laws (collectively, “Data Protection Law”).
This CCPA Notice applies to Personal Information that Hearsay collects for its own purposes. It does not apply to:
We collect Personal Information as that term is defined in CCPA. Within the last twelve (12) months, Hearsay has collected the following categories of Personal Information from or about Consumers:
Personal information does not include:
As explained in more detail here, Hearsay obtains the categories of personal information listed above from the following categories of sources:
We collect and process your Personal Information and/or Sensitive Personal Information whenever you use our Website and/or Services.
Under the CCPA, we must disclose the purposes for which we collect your information. Our purposes include Business Purpose and Commercial Purposes, as generally described below.
In the section Why We Collect Your Personal Information and How We Use It, we explain the purposes for which we process this information, pursuant to Data Protection Law(s), along with the relevant categories of data we use and the legal basis we rely on to do so or other permitted reasons for processing (e.g. Business Purposes or Commercial Purposes under the CCPA). For clarity, the terms Business Purpose and Commercial Purpose, are being used to sufficiently describe the purpose of processing, transferring, sharing, sale, and/or sharing, as applicable, of all your Personal Information and/or Sensitive Personal Information under all Data Protection Law(s). As previously mentioned, Hearsay transfers and/or discloses your geolocation data and the contents of your social and text messages, which is Sensitive Personal Information, in order to provide the Service as well as for compliance reasons.
Hearsay may disclose your Personal Information to service providers, contractors, and/or third parties (as defined by CCPA) (or processor or third party, as defined by applicable Data Protection Law(s)) for a Business Purpose and/or Commercial Purpose. When we disclose Personal Information for a Business Purpose and/or Commercial Purpose, we enter into a contract that describes the purpose and requires the recipient to both keep that Personal Information confidential and not use it for any purpose except performing the services for us. As explained in more detail here, we also share your Personal Information with certain categories of service providers, contractors, and/or third parties who assist us in providing the Hearsay Website and Services and with our business.
We disclose your Personal Information and/or Sensitive Personal Information for a Business Purpose and/or Commercial Purpose to the following categories of Service Providers:
The following chart describes the categories of Personal Information and Sensitive Personal Information that we disclosed to service providers, contractors, and/or third parties for a Business Purpose and/or Commercial Purpose in the 12 months prior to the date of this Privacy Policy. As noted below in the chart, Hearsay transfers and/or discloses your geolocation data and the contents of your social and text messages, which is Sensitive Personal Information, in order to provide the Service as well as for compliance reasons.
The CCPA defines ‘sale’ and ‘share’ very broadly. ’Sale’ includes the sharing of Personal Information with third parties in exchange for anything of value, while ‘share’ means disclosure of Personal Information to third parties for cross contextual behavioral advertising. According to these broad definitions, in the 12 months before this section was last updated, we may have sold or shared the following categories of Personal Information to third parties:
The CCPA provides Consumers with specific rights regarding their Personal Information, provided that we are able to verify their identities as explained below. This section describes your CCPA rights and explains how to exercise them.
Opting-out of Sales or Sharing of Your Personal Information
You have the right to opt-out of our sharing or selling of your Personal Information with some External Ad Partners in certain circumstances. If you would like to opt-out of the sale of Personal Information, please click here.You can also opt-out of the sale or sharing of your Personal Information that is collected automatically when you visit the Website by clicking here.
Hearsay does not sell or share Personal Information collected on the Hearsay mobile-based software platform.
Access to Specific Information
You have the right to request that Hearsay disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive your request and verify your identity, as explained in Exercising Your Consumer Rights, we will disclose such information to you.
Right to Data Portability
You have the right to receive the Personal Information that you have provided to Hearsay, in a structured, commonly used and machine-readable format, and you have the right to transmit that information to another controller, including to have it transmitted directly, where technically feasible.
Right to Correction
You have the right to have your Personal Information corrected.
Deletion Request Rights
You have the right to request that Hearsay delete your personal information, subject to certain exceptions listed in the CCPA. Once we receive your request and verify your identity, as explained in Exercising Your Consumer Rights, we will delete (and direct our service providers, contractors, third parties, and/or processors, as applicable, to delete) your Personal Information from our records, unless an exception applies.
Your Right to Limit the Use Sensitive Personal Information We Have Collected About You
You have the right to limit our use of your Sensitive Personal Information if we use it for purposes other than providing the Services to you. We currently do not use your Sensitive Personal Information for purposes other than providing the Service/ for the Business Purposes above.
Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable Consumer request related to your personal information.
An authorized agent is a natural person or a business entity registered with the Secretary of State that a Consumer has authorized to act on his or her behalf. When a Consumer uses an authorized agent to submit a request to know or a request to delete, Hearsay may require that the Consumer provide the authorized agent written permission to do so and verify his or her own identity directly with Hearsay, unless the Consumer has provided the authorized agent with a valid power of attorney. Hearsay may deny a request from an agent that does not submit proof that he or she has been authorized by the Consumer to act on his or her behalf.
To exercise the rights described above, please submit a verifiable Consumer request to us by either calling us at 1-888-399-2280 or mailing privacy@hearsaycorp.com.
You may only make a verifiable Consumer request for access or data portability twice within a 12-month period. In particular, you can request the following:
1. Specific Pieces of Information
2. Categories of Information
The verifiable Consumer request must:
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. We will notify you to explain the basis of the denial.
If we have a good-faith, reasonable belief that a request to opt-out of the sale or sharing of Personal Information is fraudulent, we may deny the request. Should this occur, we will inform you and explain why we believe the request is fraudulent.
Making a verifiable Consumer request does not require you to create an account with us. Please note that the methods for verification are set forth in the CCPA, which also requires us to consider a number of factors, such as the type, sensitivity, and value of the personal information or the risk of harm posed by unauthorized access or deletion, on a case-by-case basis.
We will only use personal information provided in a verifiable Consumer request to verify the requestor’s identity or authority to make the request.
Upon your request, we will delete the Personal Information we have collected about you, except for situations where the CCPA authorizes us to retain specific information, including when it is necessary for us to provide you with a good or service that you requested; perform a contract we entered into with you; maintain the functionality or security of our systems; or comply with or exercise rights provided by the law. The law also permits us to retain specific information for our exclusively internal use, but only in ways that are compatible with the context in which you provided the information to us or that are reasonably aligned with your expectations based on your relationship with us. We will act on your deletion request within the timeframes set forth below.
Response Timing
We endeavor to respond to a verifiable Consumer request generally within 45 days of its receipt, or as otherwise required by the CCPA, although we may take longer to process your request under certain circumstances. If we expect your request is going to take us longer than normal to fulfill, we will let you know.
Any disclosures we provide will only cover the 12-month period preceding our receipt of the verifiable Consumer’s request. If applicable, in our response, we will also explain the reasons we cannot comply with a request. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We usually act on requests and provide information free of charge, but we may charge a reasonable fee to cover our administrative costs of providing the information in certain situations. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request. In some cases, the law may allow us to refuse to act on certain requests. When this is the case, we will endeavor to provide you with an explanation as to why.
We will not discriminate against you in a manner prohibited by the CCPA because you exercise your CCPA rights. Please note that to use our Services, we do require the collection of your personal information – for example, to sign you up. While you may request to delete your personal information under CCPA, such deletions may affect our ability to offer the Services.
California Civil Code Section 1798.83, also known as the “Shine the Light” law, permits California residents to annually request, free of charge, information about certain categories of Personal Information a business has disclosed to third parties for direct marketing purposes in the preceding calendar year. California residents may make such request to us at privacy@hearsaycorp.com. We will provide a list of the categories of personal information disclosed to such third parties for their direct marketing purposes during the immediately preceding calendar year, along with the names and addresses or these third parties. This request may be made no more than once per calendar year. We reserve our right not to respond to requests submitted other than to the email specified in this section.
We do not sell your Personal Information within the scope of, and according to the defined meaning of, a “sale” under NRS 603A.
Under Virginia’s Consumer Data Protection Act (“VCDPA”), solely as to Personal Information of users acting in an individual or household context, Virginia residents have certain rights around Hearsay’s collection, use, and sharing of their personal data. Hearsay may sell your personal data and has provided you with notice and an opportunity to opt-out of such sale as required by law. Similarly, Hearsay may engage in profiling in furtherance of decisions that produce legal or similarly significant effects. Hearsay may engage in “targeted advertising” as that term is defined in the VCDPA. You have the right to opt-out of targeted advertising here. Hearsay collects various categories of personal data when you use the Services, including identifiers, commercial information, internet or other electronic network or device activity information, geolocation data, and professional information . A more detailed description of the information Hearsay collects and how we use it is provided above in the sections Information We Collect Directly From You, Information We Collect Indirectly From You, Use of Your Personal Information, How We Process Your Information and Our Legal Bases for Doing So, and Disclosure of Personal Information. Disclosure of Personal Information describes the categories of third parties with whom we share personal data, and what information may be shared under different circumstances. If you are a resident of Virginia, you will have the right to (1) request to know what personal data has been collected about you, and to access that information; (2) request to correct inaccuracies in your personal data; (3) request deletion of your personal data, though exceptions under the CDPA and other laws may allow Hearsay to retain and use certain personal data notwithstanding your deletion request; (4) obtain a copy of your personal data (i.e., right of data portability); and (5) the right to opt out personal data processing for the purpose of (i) targeted advertising; (ii) the sale of personal data; or (iii) profiling in further of decisions that produce legal or similarly significant effects concerning the consumer. You can learn more about how to submit a data rights request, or appeal denial of a request, as applicable, at the Exercising Your Consumer Rights section above. You may also send your request by email to privacy@hearsaycorp.com.
Under Colorado’s Consumer Privacy Act (“CPA”), solely as to Personal Information of users when acting in an individual or household context, Colorado residents have certain rights around Hearsay’s collection, use, and sharing of their personal data. Hearsay may sell your personal data and has provided you with notice and an opportunity to opt-out of such sale as required by law. Similarly, Hearsay may engage in profiling in furtherance of decisions that produce legal or similarly significant effects. Hearsay may engage in “targeted advertising” as that term is defined in the CPA. You will have the right to opt-out of targeted advertising here. Hearsay collects various categories of personal data when you use the Services, including identifiers, commercial information, internet or other electronic network or device activity information, geolocation data, and professional information. A more detailed description of the information Hearsay collects and how we use it is provided above in the sections Information We Collect Directly From You, Information We Collect Indirectly From You, Use of Your Personal Information, How We Process Your Information and Our Legal Bases for Doing So, and Disclosure of Personal Information. Disclosure of Personal Information describes the categories of third parties with whom we share personal data, and what information may be shared under different circumstances. If you are a resident of Colorado, you will have the right to (1) request to know what personal data has been collected about you, and to access that information; (2) request to correct inaccuracies in your personal data; (3) request deletion of your personal data, though exceptions under the CPA and other laws may allow Hearsay to retain and use certain personal data notwithstanding your deletion request; (4) obtain a copy of your personal data (i.e., right of data portability); and (5) the right to opt out personal data processing for the purpose of (i) targeted advertising; (ii) the sale of personal data; or (iii) profiling in further of decisions that produce legal or similarly significant effects concerning the consumer. You can learn more about how to submit a data rights request, or appeal denial of a request, as applicable, at the Exercising Your Consumer Rights section above. You may also send your request by email to privacy@hearsaycorp.com.
Under Connecticut’s Data Privacy Act (“CTDPA”), solely as to Personal Information of users when acting in an individual or household context, Connecticut residents have certain rights around Hearsay’s collection, use, and sharing of their personal data. Hearsay may sell your personal data and has provided you with notice and an opportunity to opt-out of such sale as required by law. Similarly, Hearsay may engage in profiling in furtherance of decisions that produce legal or similarly significant effects. Hearsay may engage in “targeted advertising” as that term is defined in the CTDPA. You will have the right to opt-out of targeted advertising here. Hearsay collects various categories of personal data when you use the Services, including identifiers, commercial information, internet or other electronic network or device activity information, geolocation data, and professional information. A more detailed description of the information Hearsay collects and how we use it is provided above in the sections Information We Collect Directly From You, Information We Collect Indirectly From You, Use of Your Personal Information, How We Process Your Information and Our Legal Bases for Doing So, and Disclosure of Personal Information. Disclosure of Personal Information describes the categories of third parties with whom we share personal data, and what information may be shared under different circumstances. If you are a resident of Connecticut, you will have the right to (1) request to know what personal data has been collected about you, and to access that information; (2) request to correct inaccuracies in your personal data; (3) request deletion of your personal data, though exceptions under the CTDPA and other laws may allow Hearsay to retain and use certain personal data notwithstanding your deletion request; (4) obtain a copy of your personal data (i.e., right of data portability); and (5) the right to opt out personal data processing for the purpose of (i) targeted advertising; (ii) the sale of personal data; or (iii) profiling in further of decisions that produce legal or similarly significant effects concerning the consumer. You can learn more about how to submit a data rights request, or appeal denial of a request, as applicable, at the Exercising Your Consumer Rights section above. You may also send your request by email to privacy@hearsaycorp.com.
If you have any questions regarding this State Notice, please contact us directly.
As explained above, we process personal information from individuals described below on behalf of our Customers in order to provide our Services, in accordance with their Instructions. When we process personal information on behalf of our Customers, we are a ‘data processor’ or service provider. This includes certain information that we collect through our account portal (https://my.hearsaysocial.com/) when Users log into their accounts with Hearsay, as well as other information that is collected through the various products offered by Hearsay as part of the Services.
Hearsay’s Customers are controllers of the Personal Information because they decide how or why your Personal Information is processed. When our Customers process Personal Information through our Services, they are responsible for ensuring that they do so in compliance with the law, including providing their customers and users with their own privacy policies.
Hearsay’s processing activity as a service provider and processor is governed by the contracts we have with our Customers. Under the terms of those agreements, we will direct any data subject request you make to Hearsay for Personal Information that we process as a processor under this section to our Customers.
For purposes of this Section, “You” may refer to a variety of people, including:
If there are special terms and considerations, we will address the individual group by the capitalized term (Customer, User or User Contacts). Where terms apply to all groups, we will address the group as “you.”
We process information (1) received directly from Customers and Users, other than personal information collected on signing up as a User of the Services, (2) from or about User Contacts through the use of the Services by Customers and Users, and (3) obtained indirectly, such as through the use of cookies or CRM integrations.
The information that we process as part of the Services is described below in further detail. Collectively, all information processed by Hearsay in order to provide the Services is referred to “Services Information” for purposes of this Privacy Policy.
Through the Services, Customers and Users can populate their accounts with information submitted by a Customer or a User to Hearsay, or uploaded by Customer or a User to the Services, which is meant to be used and shared through the Services. Examples of such content include articles, logos and other assets uploaded by a Customer or User to personalize a web page. In uploading or submitting this information, Customers and Users must not include any personally identifiable information contained within the uploaded materials.
Hearsay may also contact Customers and Users to provide feedback on the Services by email or other means in order to better understand how Customers and Users use the Services. Some of the questions might include requests with a voluntary answer to provide certain additional personal identifiable information, such as name, age and geographic location. Information gathered by Hearsay will be used solely in connection with or to improve or expand the Services; however, this may include using this information within third-party services that are associated with the Services. Please see our cookies section to better understand how we use performance cookies to improve the Services.
As part of our Services, Hearsay allows Users to connect certain digital assets such as social media accounts (including private messaging in some cases), email addresses and telephone numbers to the Services in order to communicate with User Contacts. Customers may also have their own websites hosted by Hearsay (“Customer Sites”). As a result, Hearsay processes personal information from or about User Contacts that is collected via the Customer Sites, User social media accounts and/or other connections to the Services, depending on the level of permission. For instance, when using social media networks, if Hearsay is allowed to collect social media activity about the User Contact, Hearsay will collect such information and present a summary of this information to the User. With respect to text message correspondence, Hearsay may collect, store and retain the telephone number of the User Contact, call history with the User Contact, and any contents of a text message that a User Contact made in text message communications with the User.
Hearsay collects and/or processes Sensitive Personal Information, including precise geolocation and content of social and text messages. As explained below, the contents of social and text messages may contain additional Sensitive Personal Information that is shared by the Customer and/or User.
Any information that a User or a User Contact submits to the Services will be captured and retained by Hearsay as part of the Services.
If you are a User Contact, you may have been directed to review this Privacy Policy by one of our Customers in lieu of their own Privacy Policy. In this case, any information about you as a User Contact that Hearsay collects will be processed and maintained in accordance with this policy. However, to understand how the Customer uses the information or to exercise any rights, please contact the Customer directly.
CRM Integrations
Certain Customers integrate their customer relationship management (CRM) systems with the Services. When this happens, Hearsay receives any information about Users and User Contacts that a Customer has collected and wishes to share with Hearsay. Hearsay will use this information within the Service to enable certain functionality (e.g., populating email contacts from a CRM so that a User may utilize email functionality), or use insights in order to recommend certain actions (e.g., based on a combination of activity documented in CRM and the Services with a User Contact, a User might receive a recommendation to make a future communication with the same User Contact).
Publicly Available Information about Users and User Contacts
In order to better understand Users and provide a better experience, Hearsay creates various “profiles” within the Services, in order to provide more targeted content and suggest action items for a User to take within the Services. “Profiles” are not composites of personal information nor based on actual individuals, but are common characteristics identified by Hearsay to describe certain behaviors or preferences. In order to make recommendations or suggest content, Hearsay endeavors to find out more about its Users and User Contacts. In some instances, when building these “profiles,” Hearsay may retain third parties to collect publicly available information about Users. This information may include your industry, the size of your office, and your online directory listing, to help Hearsay understand more about our customer base and to tailor information we send you about the Services.
Anonymized Aggregated Data
Hearsay has developed proprietary algorithms that monitor all communications and transactions that occur within the Services. Hearsay engages third parties to perform data analysis on data sets provided by Hearsay in order to improve Hearsay’s algorithms. The purpose of these algorithms is to identify patterns of behavior, either unique to a User or to defined categories of people, which may enhance a User’s use of the Services. Any data created or identified within an algorithm does not identify the activity of an individual User or User Contacts. For example, the Services may identify that a User’s social media network contacts are most active between the hours of 10 AM to 12 PM on weekdays, and would therefore recommend a User to schedule social media posts during this time. The Services algorithms gather this information based on the volume activity occurring within this network; this recommendation, or any data associated with this recommendation, would not identify the posting habits of any individual User Contact or a User. For text message communication, the Services may suggest prepopulated quick replies to certain text messages. The Services algorithms make these suggestions based on gathered information from previous replies and conversations.
Industry Information
Hearsay collects information relating to the industry with which a User is associated: acquiring data sets about certain financial services industries, reviewing census results to identify purchasing habits of consumers, etc. The purpose of acquiring this information is to provide more information and insight for the User when using the Services.
We or our authorized service providers process the Services Information solely as a data processor, in order to:
We disclose Services Information under certain circumstances, as further described below.
The Services allow Users to send or receive communications from User Contacts through social media, email, text messaging and voice communications. If Users send communications through the Services, Hearsay will deliver those communications to third parties in order for the User Contact to share and receive those communications. We call these third party delivery networks “External Services.” Examples of External Services include Facebook, Twitter, LinkedIn and Instagram (for social media).
We may share Services Information with third-party service providers or consultants who need access to the data to perform their work on Hearsay’s behalf. These third party service providers are limited to only accessing or using this data to provide services to us and must provide reasonable assurances that they will appropriately safeguard any data provided by Hearsay. These include Amazon Web Services for website hosting, Sendgrid for email delivery and Twilio for text messaging.
Hearsay is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). Telecommunications activity performed by Hearsay is regulated and overseen by the Federal Communications Commission (FCC) and various state public utility commissions. We may disclose Services Information pertaining to a regulatory audit conducted by these entities as well as oversight organizations for the financial services industry, such as FINRA, SEC, or similar state and international regulators. When responding to a financial services regulatory audit, we will endeavor to first contact the Customer before disclosing any such information unless we are prohibited from doing so. The Customer is solely responsible for contacting any Users or User Contacts as part of the regulatory audit and disclosure of Services Information.
We may share data collected from you from the Services with our affiliates.
As we continue to grow, we may purchase websites, applications, subsidiaries, or other businesses or business units. Alternatively, we may sell businesses or business units, merge with other entities, obtain financing, and/or sell assets or stock, in some cases, as part of a reorganization or liquidation in bankruptcy. In order to evaluate and/or as part of these transactions, we may transfer your personal information to a successor entity upon a merger, consolidation, or other corporate reorganization in which Hearsay participates, to investors and/or to a purchaser or acquirer of all or a portion of Hearsay’s assets, bankruptcy included.
We share anonymized, aggregated, automatically-collected, or otherwise non-personal information with third parties for various purposes, including (i) compliance with reporting obligations; (ii) business or marketing purposes; (iii) assistance for us and other parties in understanding our Customers’ and Users’ interests, habits, and usage patterns for certain programs, content, services, advertisements, and/or functionality available through the Services. We do not share personal information about you in this case.
Hearsay may preserve or disclose your personal information in limited circumstances (other than as set forth in this Privacy Policy), including: (i) with your consent; (ii) when we have a good faith belief it is required by law, such as pursuant to a valid subpoena, warrant, or other judicial or administrative order (as further explained below); (iii) to protect the safety of any person; (iv) to protect the safety or security of the Hearsay Website and/or Services or to prevent spam, abuse, or other malicious activity of actors with respect to the Hearsay Website and/or Services; or (v) to protect our rights or property or the rights or property of those who use the Hearsay Website and/or Services.
If we are required to disclose personal information by law, such as pursuant to a subpoena, warrant, or other judicial or administrative order, we will use reasonable efforts to provide you with notice of this disclosure requirement, unless we are prohibited from doing so by statute, subpoena or court or administrative order. Our policy is to respond to requests that are properly issued by law enforcement within the United States or via mutual legal assistance mechanism (such as a treaty), and to object to requests that we do not believe were issued properly. However, if we receive information that provides us with a good faith belief that there is an exigent emergency involving the danger of death or serious physical injury to a person, we may provide information to law enforcement trying to prevent or mitigate the danger (if we have it), which will be determined on a case-by-case basis.
Certain Customers may purchase services from third parties that have a partnership relationship with Hearsay and are authorized to access the Services (“Value Added Partners”). In such cases, Hearsay will allow the Value Added Partner(s) to access the relevant Services account if the Customer has given the requisite permission. This access may include being able to read Services Information.
As ‘data controllers’ of Services Information, Customers are responsible for providing information to individuals in the EEA and/or the U.K., including the purposes of collection, legal bases, and your rights, as well as residents of certain states that provide consumer rights. If we receive a notification from a Customer regarding an individual wishing to exercise his/her exercising, we will assist said Customer with responding to and honoring such requests according to the Customer’s instructions.
When you visit the Hearsay Website or use the Services, we and our service providers acting on our behalf automatically collect certain data using tracking technologies like cookies, web beacons, and similar tracking technologies.
A cookie is a small amount of data, which often includes an anonymous unique identifier that is sent to your browser from a website’s computers and stored on your computer’s hard drive.
These technologies are used to help us better understand User behavior and facilitate and measure the effectiveness of our Hearsay Website and Services. We treat information collected by cookies and other technologies as non-personal information.
We use cookies to record current session information. We also use third party cookies (e.g. Google Analytics) to provide anonymized and aggregated information on website usage statistics and patterns.
All modern Internet browsers allow you to control your cookie settings. These settings are usually accessed in the ‘Options’ or ‘Preferences’ section of your browser. Please note that certain features of the website will not be available once cookies are disabled. For further information about cookies and how to manage them, please visit www.allaboutcookies.org.
Hearsay uses web beacons with cookies or separately to compile information about your engagement with us. Web beacons are clear electronic images that can recognize certain types of information on your computer, such as cookies, when you view a particular website tied to the web beacon, and a description of a website tied to the web beacon.
Here is a basic description and overview of the type of cookies Hearsay may use:
Hearsay Social, Inc. (“Hearsay”), is a web and mobile-based software platform that allows financial services and insurance companies (“Customers”) and their employees and/or designated agents with access to the Services (“Users”) to utilize electronic communications channels (such as social media, websites, email, mobile voice and text message) to communicate with clients and prospects (“SaaS Services”).
This Privacy Policy applies to Hearsay’s Website and Hearsay’s SaaS Services; collectively “Services.” This Privacy Policy contains details about how we collect, use, disclose, process, share and secure personal information that we obtain from and about you when you interact with our Services. Our collection and processing of information that alone or in conjunction with other information may reasonably identify you (“Personal Information”) may be either for our own purposes, or on behalf of other entities to whom we provide services.
If you have any questions regarding the collection and processing of Personal Information performed by us on behalf of another entity please consult that entity’s privacy policy. If, after reviewing this Privacy Policy, you have any questions or privacy concerns, please send us an email to privacy@hearsaycorp.com (see the How to Contact Us about Privacy section). We are committed to protecting the privacy of those with whom we interact.
For purposes of this Privacy Policy, the words “our,” “us,” “we,” and “Hearsay” refer to Hearsay Social, Inc., and our affiliates (which includes any person or entity that controls us, is controlled by us, or is under common control with us, such as our subsidiary, parent company, or our employees).
For the purpose of this Notice, Personal Information shall by interchangeable with Personal Data, and each shall have the meaning assigned to it by applicable laws, including, but not limited to, information that directly or indirectly, on its own or in conjunction with other information, identifies an individual. Please read this Notice carefully.
NEVADA, CALIFORNIA, COLORADO, CONNECTICUT, OR VIRGINIA RESIDENTS OR RESIDENTS OF ANOTHER STATE THAT OFFER CERTAIN PRIVACY RIGHTS: If you are a resident of Nevada, California, Colorado, Connecticut, or Virginia or resident of another state that offers certain privacy rights, this entire Privacy Policy applies to you. However, please see Additional Information for Certain States below, which will inform you in detail about our information collection practices and your specific rights.
INDIVIDUALS LOCATED IN THE EEA OR THE U.K.: If you are located in the European Economic Area (“EEA”) or the United Kingdom (“U.K.”), this entire Privacy Policy applies to you. However, please see Additional Information for Individuals in the EEA below, which will inform you in detail about our legal bases for processing and which rights you have in connection with our processing of your personal data.
We collect information in several contexts as described below. This policy also does not apply to information we collect in connection with providing services to our business clients, where we act as a service provider and process Personal Information in accordance with their instructions (see “Hearsay Processor and Service Provider Data”). Such information is subject to the Privacy Policies of the other financial institutions.
This Policy applies only to Hearsay operated services and applications, including our online services, mobile-based application, and Website. Our Services may contain links to other websites that are not operated or controlled by Hearsay. Hearsay does not control such third-party websites or their privacy practices. Any personal information you choose to give to third-party websites is not covered by this Notice.
Hearsay may update this Privacy Policy from time to time, in its sole discretion. If we do so, we will post an updated Privacy Policy on the Hearsay Website and provide prompt written notice of such updates, as applicable. Changes, modifications, additions, or deletions will be effective when posted unless stated otherwise. If we make material or significant changes, we may also send our Customers a notice that we have changed this Privacy Policy. Your continued use of the Hearsay Website and Services, and/or your continued provision of personal information to us after the posting of such notice, will be deemed an acceptance of any changes and subject to the terms of the then-current Privacy Policy. If any of the changes are unacceptable to you, you should cease interacting with us. When required under applicable law, we will seek affirmative consent from you before making material changes to the way we handle Personal Information previously collected from you. If you do not provide such consent, Personal Information will continue to be used in a manner that is consistent with the version of this Notice under which it was collected.
We are located in the United States, and the personal information that we collect is stored on servers located in the United States. This means that your Personal Information will be collected, processed, and stored in the United States, which may have data protection laws that are different from (and sometimes less protective than) the laws of your country or region, such as the General Data Protection Regulation 2016/679 (“GDPR”) in the European Union.
By sending us Personal Information, you agree and consent to the processing of your personal information in the United States, which may not offer an equivalent level of protection to that required in other countries (particularly the European Economic Area).
We have implemented safeguards designed to ensure that the Personal Information we process remains protected in accordance with this Privacy Policy, including when processed internationally or by our third-party service providers and partners. The safeguards we may take at our discretion include, for instance, entering into specific agreements in connection with any onward transfers of personal information. We may implement other mechanisms and take similar appropriate safeguards with our third party service providers and partners. Further details can be provided upon request.
Hearsay acts as a ‘data controller’ when it collects Personal Information on its own behalf and for its own Business Purposes, such as through our publicly-accessible Website, and as a ‘data processor’ when it collects and processes personal information on behalf of its Customers in order to provide the SaaS Services. As such, this Privacy Policy is separated into two main sections that address our different roles:
Please note that how you exercise certain rights will depend on whether Hearsay is processing your Personal Information as a ‘data controller’ or as a ‘data processor’, and is further explained throughout this Privacy Policy:
If you are a visitor of the Hearsay Website or a Customer and have any questions about this Privacy Policy or requests for access to or deletion or rectification of personal information that Hearsay collects and processes contact us at privacy@hearsaycorp.com or by mail at:
Attn: Legal Department
Hearsay Social, Inc. d/b/a Hearsay Systems
2261 Market Street, Ste. 5397
San Francisco, CA 94114
United States of America
Individuals in the EEA or the U.K. may contact Hearsay at:
Attn: Legal Department
Hearsay Social, Inc. d/b/a Hearsay Systems
Koztelek utca 6, 1147 Budapest
privacy@hearsaycorp.com
Below is a description of the personal information that we gather from you as a visitor to Hearsay Website, which includes https://hearsaysystems.com and other websites where this Privacy Policy is posted. Information about personal information collected through the account portal and the Saas Services can be found in the Hearsay Processor and SaaS Service Provider Data section below.
In this section, “you” refers to an individual visiting the Hearsay Website.
When you visit the Hearsay Website, we collect information directly from you when you provide it to us, such as when you request a demo, and indirectly, such as through the use of cookies and similar technology.
Data Protection Law (as defined below) recognizes that Sensitive Personal Information (or “sensitive personal data” as used interchangeably) requires additional protection. In particular, the GDPR prohibits the processing of sensitive personal data, other than in certain exceptional circumstances. Sensitive personal data in the EEA includes information relating to one’s race or ethnicity, political opinions, religious or philosophical beliefs, membership of a trade union, as well as biometric data and data relating to one’s health or sexual orientation (“Sensitive Personal Information”. Certain US state privacy laws (i.e., “Data Protection Law”) also have different definitions of Sensitive Personal Information, which may also include precise geolocation, citizenship or immigration status, and Personal Information from a known child.
Visiting the Hearsay Website
Some pages of the Hearsay Website allow you to fill out a web form and share your personal information with us directly, such as on our “Contact Us” page and on our “Submit a request” page. Information we collect consists of:
Occasionally, we may also offer opportunities for you to share your data with us such as through a survey, to sign up for a newsletter, or to register for or receive details about an event we are sponsoring. If you participate in those surveys, sign up for a newsletter, or register for an event, we will collect the information you provide to us at that time. You will be able to unsubscribe from receiving those types of communication at any time.
In addition, if you send us an email or otherwise contact us, we will collect the personal information that you provide to us at that time.
When you visit the Hearsay Website, we, or authorized third parties, collect information, including Device and Usage Information described below, by automated means using cookies, web beacons, server logs or other tracking technologies for analytic purposes. For more information on our use of these technologies and the data that they collect, please see our Cookie Statement. We may also collect information from third parties, as explained below.
Device and Usage Information
When you visit, use or interact with the Hearsay Website, even if you do not have an account, we, or authorized third parties (such as service providers or External Ad Partners (as defined in the Targeted Advertising section below), may collect information about your use of the Hearsay Website via your device. Device and Usage Information that we, or these authorized third parties, collect consists of:
Information from Third Parties
In some instances, we process personal information from third parties, such as data from our External Ad Partners (see the Targeted Advertising section below). These third parties may also use tracking technologies to serve you advertisements tailored to interests you have shown by browsing on this Website and other sites, applications, destinations, and services you have visited, and for other lawful Business Purposes (as defined below).
To provide you with more relevant and interesting experiences, we may work with third party companies to display ads or customize the content on this Website and on other digital properties and websites. These companies may use cookies and similar tracking technologies as described in this Notice to gather information about your visits to our Website, as well as your visits elsewhere on the Internet. These companies use this information to provide you with more relevant advertising known as interest-based advertising.
We, or our authorized partners, collect and process personal information in order to:
Additionally, we may disclose information about users (i) if it is required to do so by law or legal process; (ii) as may be required to law enforcement authorities or other government officials, (iii) when Hearsay believes disclosure is necessary or appropriate to prevent physical harm, financial loss or in connection with an investigation of suspected or actual illegal activity, or (iv) to respond to claims by third parties.
For California residents, please see the Additional Information for Certain States Section below for more information on specific purposes of collection for each category of Personal Information collected in the past 12 months as a “Business” under the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act of 2020. For Colorado, Connecticut, and Virginia residents, please also see the Additional Information for Certain States.
For individuals located in the EEA or the U.K., please see the Additional Information for Individuals in the EEA and the U.K. Section below for more information, including our legal bases for processing.
We disclose your Personal Information under certain circumstances, such as to our service providers or in the event of a business transfer, as further described below.
Hearsay may share Personal Information and/or Sensitive Personal Information with our third party agents, contractors, or service providers who are hired to perform services on Hearsay’s behalf or in order to assist with certain Business Purposes and/or Commercial Purposes. These providers may operate or support certain functions of the Hearsay Website and Services. Below is a list of categories of service providers that we may use to perform these functions (which are subject to change):
Service providers process your Personal Information and/or Sensitive Personal Information for the specific purpose of providing their services to us (and in accordance with our instructions).
As explained here, we also work with and disclose Personal Information to External Ad Partners who assist us with advertising and marketing our Services.
In some cases, service providers and External Ad Partners collect your Personal Information and/or Sensitive Personal Information directly from you, such as via cookies.
We may share data collected from you from the Hearsay Website with our affiliate entities.
As we continue to grow, we may purchase websites, applications, subsidiaries, or other businesses or business units. Alternatively, we may sell businesses or business units, merge with other entities, obtain financing, and/or sell assets or stock, in some cases, as part of a reorganization or liquidation in bankruptcy. In order to evaluate and/or as part of these transactions, we may transfer your personal information to a successor entity upon a merger, consolidation, or other corporate reorganization in which Hearsay participates, to investors and/or to a purchaser or acquirer of all or a portion of Hearsay’s assets, including bankruptcy.
We share anonymized, aggregated, automatically-collected, or otherwise non-Personal Information with third parties for various purposes, including (i) compliance with reporting obligations; (ii) Business Purposes, Commercial Purposes, and/or marketing purposes; (iii) assistance for us and other parties in understanding our users’ interests, habits, and usage patterns for certain programs, content, services, advertisements, and/or functionality available through the Services. We do not share Personal Information about you in this case.
Hearsay may preserve or disclose your Personal Information in limited circumstances (other than as set forth in this Privacy Policy), including: (i) with your consent; (ii) when we have a good faith belief it is required by law, such as pursuant to a valid subpoena, warrant, or other judicial or administrative order (as further explained below); (iii) to protect the safety of any person; (iv) to protect the safety or security of the Hearsay Website and/or Services or to prevent spam, abuse, or other malicious activity of actors with respect to the Hearsay Website and/or Services; or (v) to protect our rights or property or the rights or property of those who use the Hearsay Website and/or Services.
If we are required to disclose Personal Information by law, such as pursuant to a subpoena, warrant, or other judicial or administrative order, we will use reasonable efforts to provide you with notice of this disclosure requirement, unless we are prohibited from doing so by statute, subpoena or court or administrative order. Our policy is to respond to requests that are properly issued by law enforcement within the United States or via mutual legal assistance mechanism (such as a treaty), and to object to requests that we do not believe were issued properly. However, if we receive information that provides us with a good faith belief that there is an exigent emergency involving the danger of death or serious physical injury to a person, we may provide information to law enforcement trying to prevent or mitigate the danger (if we have it), which will be determined on a case-by-case basis.
Our Website is intended for individuals 18 years of age and older. It is not directed at, marketed to, nor intended for, children under 18 years of age. We do not knowingly collect any Personal Information directly from children under the age of 18. If we discover we have inadvertently received any Personal Information from a child under the age of 18 in violation of this Policy, we will take reasonable steps to delete that information as quickly as possible. If you believe that we have any Personal Information from or about anyone under the age of 18, please contact us at privacy@hearsaycorp.com.
The Hearsay Website uses third-party analytics tools that drop cookies and/or similar technologies to collect and store information about your device and use of the Hearsay Website. We use analytics tools to calculate visitor, session and campaign data for the Hearsay Website analytics reports.
One of our tools is Google Analytics. We use Google Analytics to generate and process statistical or demographic data. Third parties, like Google, use cookies to compile reports on the website’s activity and website visitors, and provide other services related to website activity and usage. The technologies used by Google may collect information such as your IP address, time of visit, whether you are a return visitor, and any referring website. You can read more about Google’s practices in Google’s privacy policy. You can opt-out from being tracked by Google Analytics in a particular browser on a particular device by downloading and installing the Google Analytics Opt-out Browser Add-on for that browser. To learn more about how to opt-out of tracking by Google Analytics, please click here.
Another tool is the LinkedIn Insight Tag. You can read more about LinkedIn’s practices in LinkedIn’s privacy policy. LinkedIn only provides reports and alerts (which do not identify LinkedIn members) about the Hearsay website audience and ad performance (LinkedIn does not share the personal data of its members with Hearsay). LinkedIn members can control the use of their personal data for advertising purposes through their account settings.
We market our company and Services in a variety of ways. Below is a description of what data we gather from you, and how we use it for purposes of these marketing activities. We gather information from or about you in the following different roles:
Occasionally, we may also offer opportunities for you to share your data with us such as through a survey, to sign up for a newsletter, or to register for or receive details about an event we are sponsoring. If you participate in those surveys, sign up for a newsletter, or register for an event, we will collect the information you provide to us at that time. You will be able to unsubscribe from receiving those types of communication at any time.
In some cases, you provide Personal Information directly to Hearsay as part of a marketing event that Hearsay hosts or co-hosts, through email or when you participate in an online webinar. Occasionally, and only with your consent, we may send you future communications. We may also acquire personal information about you through a third party. In particular, Hearsay engages third parties who provide us with contact information for Leads. When acquiring information from third parties, Hearsay endeavors to obtain contractual commitments from the third parties that the information was acquired lawfully and with the appropriate level of consent.
Our communications to you for marketing purposes will contain instructions on how you can opt-out from receiving future communications, and if you consent to our use of your personal information for marketing purposes, you may always withdraw your consent. You may also contact Hearsay directly about its marketing activities at privacy@hearsaycorp.com.
Hearsay engages third-party advertising networks (“External Ad Partners”) to display advertising about our Services when you visit other websites within that advertising network. Like many other companies, we rely on retargeting, also known as remarketing, which is a type of marketing strategy that helps businesses “remind” visitors of their products and services after they leave their websites. For instance, through the use of cookies (and similar technologies) placed by External Ad Partners, online identifiers (considered personal information) are collected and then used to identify visitors to the Hearsay Website on other websites or social media platforms. With this information our External Ad Partners may serve relevant ads on consumers who previously visited the Hearsay Website.
Individuals in the EEA, the U.K., or certain U.S. state residents (i.e., Consumers, as defined below) have additional rights, as explained here and here.
Hearsay maintains an online presence on social media platforms (“Social Media Platforms”) such as Instagram, Twitter, Facebook and Linkedin, to provide information about our Services and communicate with users and/or visitors to those pages or accounts. When you interact or post to our account, we process your Personal Information. In some cases, the Social Media Platforms are service providers or processors. In other cases, such as with Facebook, we are jointly responsible for the processing, as explained in the section titled Hearsay as a ‘Joint Controller’ with Facebook.
We use reasonably appropriate security measures designed to protect the security of Personal Information and Sensitive Personal Information both online and offline. These measures vary based on the sensitivity of the information that we collect, process and store and the current state of technology. Please note, though, that no website or internet transmission is completely secure, so while we strive to protect your data, we cannot guarantee that unauthorized access, hacking, data loss or a data breach will never occur.
Certain internet web browsers allow a “do not track” (“DNT”) setting that relies on a technology known as a DNT header, which sends a signal to websites visited by the individual about the individual’s browser DNT setting. At this time, we do respond to DNT signals. For more information on DNT settings generally, please visit https://allaboutdnt.com.
How you make choices about cookies and other tracking technologies depends on the type of cookie or tracking technology being used. For details on how to manage your preferences for cookies and tracking technologies within your web browser, please see our Cookie Statement.
If you are receiving promotional emails from us, you can choose to stop receiving those by following the unsubscribe/opt-out instructions in those emails. You can also opt-out by contacting customer support at support@hearsaycorp.com.
To request access to, or to make changes to, data that we have collected from you via the Hearsay Website, please email us at privacy@hearsaycorp.com. Individuals in the EEA, the U.K., or certain U.S. state residents (i.e., Consumers, as defined below) have additional rights, as explained here and here.
The categories of recipients of personal data with whom we may share your personal data are listed in Disclosure of Your Personal Information above.
Hearsay as ‘Data Controller’
As a ‘data controller’, Hearsay processes your Personal Information for a number of different purposes. Some are essential for us to provide the Services or to fulfill our legal obligations, some help us run the Services efficiently and effectively, and some enable us to provide you with more relevant and personalized offers and information. In all cases, with respect to individuals in the EEA or the U.K., we must have a reason and a legal ground for processing your personal information. The most common legal grounds on which we rely are briefly explained below:
The following breakdown illustrates in more detail our processing activities and how the above legal bases for processing apply (in brackets):
We use Facebook’s products and services (“Facebook Products”) in different ways:
With respect to our use of Facebook Products, we are jointly responsible with Facebook Ireland for the processing activities (“Joint Processing”):
Facebook Ireland Ltd.,
4 Grand Canal Square, Grand Canal Harbor
Dublin 2, Ireland
Information about the personal data that is collected from you by Facebook, as well as how and why it is processed by Facebook, can be found at https://www.facebook.com/about/privacy.
Hearsay and Facebook have entered into an agreement in order to determine the respective responsibilities for compliance with our obligations in connection with the Joint Processing within the meaning of the GDPR. This joint controller agreement, which sets out the reciprocal obligations, is available here.
Hearsay’s legal basis for processing your personal data via Facebook Products is our legitimate interest in increasing and analyzing the communication, sales, and promotion of Services. Our legal basis may also be your consent, which may be revoked at any time.
Some processing by Facebook Ireland Ltd. might take place in the United States by Facebook Inc.
We use the following criteria to determine our retention periods: the amount, nature and sensitivity of your information, the reasons for which we collect and process your personal data, the length of time we have an ongoing relationship with you and provide you with access to our Services, and applicable legal requirements. We will retain personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to comply with applicable legal, tax, or accounting requirements), when we are unable to reasonably verify your identity, or as may otherwise be required under GDPR. Additionally, we cannot delete information when it is needed for the establishment, exercise, or defense of a legal claim (also known as a “litigation hold”). In this case, the information must be retained as long as needed for exercising respective potential legal claims.
When we no longer have a legitimate business need to process your personal information, it is deleted and/or anonymized. If you have questions about, or need further information concerning, our data retention periods, please email privacy@hearsaycorp.com.
If the GDPR or the U.K., applies to you because you are in the EEA or the U.K., you have certain rights in relation to your personal data:
These rights are subject to certain rules around when you can exercise them. If you are located in the EEA or the U.K. and wish to exercise any of the rights set out above, please contact us (see How to Contact Us about Privacy).
We will respond to all legitimate requests within one month. Occasionally, it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated as required by law.
Finally, you have the right to make a complaint at any time to the supervisory authority for data protection issues in your country of residence. We would, however, appreciate the chance to address your concerns before you approach the supervisory authority, so please contact us directly first at privacy@hearsaycorp.com.
This privacy notice for Nevada, California, Colorado, Connecticut, and Virginia residents, and residents of other states with applicable privacy laws (“State Privacy Notice”) supplements the information contained in the Privacy Policy and applies solely to individuals who reside in the applicable state (“Consumers”). We have created this State Privacy Notice in order to comply with the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act (collectively, “CCPA”), the Colorado Privacy Act (“CPA”), the Connecticut Data Privacy Act (“CTDPA”), the Virginia Consumer Data Protection Act (“VCDPA”), and other applicable privacy laws (collectively, “Data Protection Law”).
This CCPA Notice applies to Personal Information that Hearsay collects for its own purposes. It does not apply to:
We collect Personal Information as that term is defined in CCPA. Within the last twelve (12) months, Hearsay has collected the following categories of Personal Information from or about Consumers:
Personal information does not include:
As explained in more detail here, Hearsay obtains the categories of personal information listed above from the following categories of sources:
We collect and process your Personal Information and/or Sensitive Personal Information whenever you use our Website and/or Services.
Under the CCPA, we must disclose the purposes for which we collect your information. Our purposes include Business Purpose and Commercial Purposes, as generally described below.
In the section Why We Collect Your Personal Information and How We Use It, we explain the purposes for which we process this information, pursuant to Data Protection Law(s), along with the relevant categories of data we use and the legal basis we rely on to do so or other permitted reasons for processing (e.g. Business Purposes or Commercial Purposes under the CCPA). For clarity, the terms Business Purpose and Commercial Purpose, are being used to sufficiently describe the purpose of processing, transferring, sharing, sale, and/or sharing, as applicable, of all your Personal Information and/or Sensitive Personal Information under all Data Protection Law(s). As previously mentioned, Hearsay transfers and/or discloses your geolocation data and the contents of your social and text messages, which is Sensitive Personal Information, in order to provide the Service as well as for compliance reasons.
Hearsay may disclose your Personal Information to service providers, contractors, and/or third parties (as defined by CCPA) (or processor or third party, as defined by applicable Data Protection Law(s)) for a Business Purpose and/or Commercial Purpose. When we disclose Personal Information for a Business Purpose and/or Commercial Purpose, we enter into a contract that describes the purpose and requires the recipient to both keep that Personal Information confidential and not use it for any purpose except performing the services for us. As explained in more detail here, we also share your Personal Information with certain categories of service providers, contractors, and/or third parties who assist us in providing the Hearsay Website and Services and with our business.
We disclose your Personal Information and/or Sensitive Personal Information for a Business Purpose and/or Commercial Purpose to the following categories of Service Providers:
The following chart describes the categories of Personal Information and Sensitive Personal Information that we disclosed to service providers, contractors, and/or third parties for a Business Purpose and/or Commercial Purpose in the 12 months prior to the date of this Privacy Policy. As noted below in the chart, Hearsay transfers and/or discloses your geolocation data and the contents of your social and text messages, which is Sensitive Personal Information, in order to provide the Service as well as for compliance reasons.
The CCPA defines ‘sale’ and ‘share’ very broadly. ’Sale’ includes the sharing of Personal Information with third parties in exchange for anything of value, while ‘share’ means disclosure of Personal Information to third parties for cross contextual behavioral advertising. According to these broad definitions, in the 12 months before this section was last updated, we may have sold or shared the following categories of Personal Information to third parties:
The CCPA provides Consumers with specific rights regarding their Personal Information, provided that we are able to verify their identities as explained below. This section describes your CCPA rights and explains how to exercise them.
Opting-out of Sales or Sharing of Your Personal Information
You have the right to opt-out of our sharing or selling of your Personal Information with some External Ad Partners in certain circumstances. If you would like to opt-out of the sale of Personal Information, please click here.You can also opt-out of the sale or sharing of your Personal Information that is collected automatically when you visit the Website by clicking here.
Hearsay does not sell or share Personal Information collected on the Hearsay mobile-based software platform.
Access to Specific Information
You have the right to request that Hearsay disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive your request and verify your identity, as explained in Exercising Your Consumer Rights, we will disclose such information to you.
Right to Data Portability
You have the right to receive the Personal Information that you have provided to Hearsay, in a structured, commonly used and machine-readable format, and you have the right to transmit that information to another controller, including to have it transmitted directly, where technically feasible.
Right to Correction
You have the right to have your Personal Information corrected.
Deletion Request Rights
You have the right to request that Hearsay delete your personal information, subject to certain exceptions listed in the CCPA. Once we receive your request and verify your identity, as explained in Exercising Your Consumer Rights, we will delete (and direct our service providers, contractors, third parties, and/or processors, as applicable, to delete) your Personal Information from our records, unless an exception applies.
Your Right to Limit the Use Sensitive Personal Information We Have Collected About You
You have the right to limit our use of your Sensitive Personal Information if we use it for purposes other than providing the Services to you. We currently do not use your Sensitive Personal Information for purposes other than providing the Service/ for the Business Purposes above.
Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable Consumer request related to your personal information.
An authorized agent is a natural person or a business entity registered with the Secretary of State that a Consumer has authorized to act on his or her behalf. When a Consumer uses an authorized agent to submit a request to know or a request to delete, Hearsay may require that the Consumer provide the authorized agent written permission to do so and verify his or her own identity directly with Hearsay, unless the Consumer has provided the authorized agent with a valid power of attorney. Hearsay may deny a request from an agent that does not submit proof that he or she has been authorized by the Consumer to act on his or her behalf.
To exercise the rights described above, please submit a verifiable Consumer request to us by either calling us at 1-888-399-2280 or mailing privacy@hearsaycorp.com.
You may only make a verifiable Consumer request for access or data portability twice within a 12-month period. In particular, you can request the following:
1. Specific Pieces of Information
2. Categories of Information
The verifiable Consumer request must:
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. We will notify you to explain the basis of the denial.
If we have a good-faith, reasonable belief that a request to opt-out of the sale or sharing of Personal Information is fraudulent, we may deny the request. Should this occur, we will inform you and explain why we believe the request is fraudulent.
Making a verifiable Consumer request does not require you to create an account with us. Please note that the methods for verification are set forth in the CCPA, which also requires us to consider a number of factors, such as the type, sensitivity, and value of the personal information or the risk of harm posed by unauthorized access or deletion, on a case-by-case basis.
We will only use personal information provided in a verifiable Consumer request to verify the requestor’s identity or authority to make the request.
Upon your request, we will delete the Personal Information we have collected about you, except for situations where the CCPA authorizes us to retain specific information, including when it is necessary for us to provide you with a good or service that you requested; perform a contract we entered into with you; maintain the functionality or security of our systems; or comply with or exercise rights provided by the law. The law also permits us to retain specific information for our exclusively internal use, but only in ways that are compatible with the context in which you provided the information to us or that are reasonably aligned with your expectations based on your relationship with us. We will act on your deletion request within the timeframes set forth below.
Response Timing
We endeavor to respond to a verifiable Consumer request generally within 45 days of its receipt, or as otherwise required by the CCPA, although we may take longer to process your request under certain circumstances. If we expect your request is going to take us longer than normal to fulfill, we will let you know.
Any disclosures we provide will only cover the 12-month period preceding our receipt of the verifiable Consumer’s request. If applicable, in our response, we will also explain the reasons we cannot comply with a request. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We usually act on requests and provide information free of charge, but we may charge a reasonable fee to cover our administrative costs of providing the information in certain situations. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request. In some cases, the law may allow us to refuse to act on certain requests. When this is the case, we will endeavor to provide you with an explanation as to why.
We will not discriminate against you in a manner prohibited by the CCPA because you exercise your CCPA rights. Please note that to use our Services, we do require the collection of your personal information – for example, to sign you up. While you may request to delete your personal information under CCPA, such deletions may affect our ability to offer the Services.
California Civil Code Section 1798.83, also known as the “Shine the Light” law, permits California residents to annually request, free of charge, information about certain categories of Personal Information a business has disclosed to third parties for direct marketing purposes in the preceding calendar year. California residents may make such request to us at privacy@hearsaycorp.com. We will provide a list of the categories of personal information disclosed to such third parties for their direct marketing purposes during the immediately preceding calendar year, along with the names and addresses or these third parties. This request may be made no more than once per calendar year. We reserve our right not to respond to requests submitted other than to the email specified in this section.
We do not sell your Personal Information within the scope of, and according to the defined meaning of, a “sale” under NRS 603A.
Under Virginia’s Consumer Data Protection Act (“VCDPA”), solely as to Personal Information of users acting in an individual or household context, Virginia residents have certain rights around Hearsay’s collection, use, and sharing of their personal data. Hearsay may sell your personal data and has provided you with notice and an opportunity to opt-out of such sale as required by law. Similarly, Hearsay may engage in profiling in furtherance of decisions that produce legal or similarly significant effects. Hearsay may engage in “targeted advertising” as that term is defined in the VCDPA. You have the right to opt-out of targeted advertising here. Hearsay collects various categories of personal data when you use the Services, including identifiers, commercial information, internet or other electronic network or device activity information, geolocation data, and professional information . A more detailed description of the information Hearsay collects and how we use it is provided above in the sections Information We Collect Directly From You, Information We Collect Indirectly From You, Use of Your Personal Information, How We Process Your Information and Our Legal Bases for Doing So, and Disclosure of Personal Information. Disclosure of Personal Information describes the categories of third parties with whom we share personal data, and what information may be shared under different circumstances. If you are a resident of Virginia, you will have the right to (1) request to know what personal data has been collected about you, and to access that information; (2) request to correct inaccuracies in your personal data; (3) request deletion of your personal data, though exceptions under the CDPA and other laws may allow Hearsay to retain and use certain personal data notwithstanding your deletion request; (4) obtain a copy of your personal data (i.e., right of data portability); and (5) the right to opt out personal data processing for the purpose of (i) targeted advertising; (ii) the sale of personal data; or (iii) profiling in further of decisions that produce legal or similarly significant effects concerning the consumer. You can learn more about how to submit a data rights request, or appeal denial of a request, as applicable, at the Exercising Your Consumer Rights section above. You may also send your request by email to privacy@hearsaycorp.com.
Under Colorado’s Consumer Privacy Act (“CPA”), solely as to Personal Information of users when acting in an individual or household context, Colorado residents have certain rights around Hearsay’s collection, use, and sharing of their personal data. Hearsay may sell your personal data and has provided you with notice and an opportunity to opt-out of such sale as required by law. Similarly, Hearsay may engage in profiling in furtherance of decisions that produce legal or similarly significant effects. Hearsay may engage in “targeted advertising” as that term is defined in the CPA. You will have the right to opt-out of targeted advertising here. Hearsay collects various categories of personal data when you use the Services, including identifiers, commercial information, internet or other electronic network or device activity information, geolocation data, and professional information. A more detailed description of the information Hearsay collects and how we use it is provided above in the sections Information We Collect Directly From You, Information We Collect Indirectly From You, Use of Your Personal Information, How We Process Your Information and Our Legal Bases for Doing So, and Disclosure of Personal Information. Disclosure of Personal Information describes the categories of third parties with whom we share personal data, and what information may be shared under different circumstances. If you are a resident of Colorado, you will have the right to (1) request to know what personal data has been collected about you, and to access that information; (2) request to correct inaccuracies in your personal data; (3) request deletion of your personal data, though exceptions under the CPA and other laws may allow Hearsay to retain and use certain personal data notwithstanding your deletion request; (4) obtain a copy of your personal data (i.e., right of data portability); and (5) the right to opt out personal data processing for the purpose of (i) targeted advertising; (ii) the sale of personal data; or (iii) profiling in further of decisions that produce legal or similarly significant effects concerning the consumer. You can learn more about how to submit a data rights request, or appeal denial of a request, as applicable, at the Exercising Your Consumer Rights section above. You may also send your request by email to privacy@hearsaycorp.com.
Under Connecticut’s Data Privacy Act (“CTDPA”), solely as to Personal Information of users when acting in an individual or household context, Connecticut residents have certain rights around Hearsay’s collection, use, and sharing of their personal data. Hearsay may sell your personal data and has provided you with notice and an opportunity to opt-out of such sale as required by law. Similarly, Hearsay may engage in profiling in furtherance of decisions that produce legal or similarly significant effects. Hearsay may engage in “targeted advertising” as that term is defined in the CTDPA. You will have the right to opt-out of targeted advertising here. Hearsay collects various categories of personal data when you use the Services, including identifiers, commercial information, internet or other electronic network or device activity information, geolocation data, and professional information. A more detailed description of the information Hearsay collects and how we use it is provided above in the sections Information We Collect Directly From You, Information We Collect Indirectly From You, Use of Your Personal Information, How We Process Your Information and Our Legal Bases for Doing So, and Disclosure of Personal Information. Disclosure of Personal Information describes the categories of third parties with whom we share personal data, and what information may be shared under different circumstances. If you are a resident of Connecticut, you will have the right to (1) request to know what personal data has been collected about you, and to access that information; (2) request to correct inaccuracies in your personal data; (3) request deletion of your personal data, though exceptions under the CTDPA and other laws may allow Hearsay to retain and use certain personal data notwithstanding your deletion request; (4) obtain a copy of your personal data (i.e., right of data portability); and (5) the right to opt out personal data processing for the purpose of (i) targeted advertising; (ii) the sale of personal data; or (iii) profiling in further of decisions that produce legal or similarly significant effects concerning the consumer. You can learn more about how to submit a data rights request, or appeal denial of a request, as applicable, at the Exercising Your Consumer Rights section above. You may also send your request by email to privacy@hearsaycorp.com.
If you have any questions regarding this State Notice, please contact us directly.
As explained above, we process personal information from individuals described below on behalf of our Customers in order to provide our Services, in accordance with their Instructions. When we process personal information on behalf of our Customers, we are a ‘data processor’ or service provider. This includes certain information that we collect through our account portal (https://my.hearsaysocial.com/) when Users log into their accounts with Hearsay, as well as other information that is collected through the various products offered by Hearsay as part of the Services.
Hearsay’s Customers are controllers of the Personal Information because they decide how or why your Personal Information is processed. When our Customers process Personal Information through our Services, they are responsible for ensuring that they do so in compliance with the law, including providing their customers and users with their own privacy policies.
Hearsay’s processing activity as a service provider and processor is governed by the contracts we have with our Customers. Under the terms of those agreements, we will direct any data subject request you make to Hearsay for Personal Information that we process as a processor under this section to our Customers.
For purposes of this Section, “You” may refer to a variety of people, including:
If there are special terms and considerations, we will address the individual group by the capitalized term (Customer, User or User Contacts). Where terms apply to all groups, we will address the group as “you.”
We process information (1) received directly from Customers and Users, other than personal information collected on signing up as a User of the Services, (2) from or about User Contacts through the use of the Services by Customers and Users, and (3) obtained indirectly, such as through the use of cookies or CRM integrations.
The information that we process as part of the Services is described below in further detail. Collectively, all information processed by Hearsay in order to provide the Services is referred to “Services Information” for purposes of this Privacy Policy.
Through the Services, Customers and Users can populate their accounts with information submitted by a Customer or a User to Hearsay, or uploaded by Customer or a User to the Services, which is meant to be used and shared through the Services. Examples of such content include articles, logos and other assets uploaded by a Customer or User to personalize a web page. In uploading or submitting this information, Customers and Users must not include any personally identifiable information contained within the uploaded materials.
Hearsay may also contact Customers and Users to provide feedback on the Services by email or other means in order to better understand how Customers and Users use the Services. Some of the questions might include requests with a voluntary answer to provide certain additional personal identifiable information, such as name, age and geographic location. Information gathered by Hearsay will be used solely in connection with or to improve or expand the Services; however, this may include using this information within third-party services that are associated with the Services. Please see our cookies section to better understand how we use performance cookies to improve the Services.
As part of our Services, Hearsay allows Users to connect certain digital assets such as social media accounts (including private messaging in some cases), email addresses and telephone numbers to the Services in order to communicate with User Contacts. Customers may also have their own websites hosted by Hearsay (“Customer Sites”). As a result, Hearsay processes personal information from or about User Contacts that is collected via the Customer Sites, User social media accounts and/or other connections to the Services, depending on the level of permission. For instance, when using social media networks, if Hearsay is allowed to collect social media activity about the User Contact, Hearsay will collect such information and present a summary of this information to the User. With respect to text message correspondence, Hearsay may collect, store and retain the telephone number of the User Contact, call history with the User Contact, and any contents of a text message that a User Contact made in text message communications with the User.
Hearsay collects and/or processes Sensitive Personal Information, including precise geolocation and content of social and text messages. As explained below, the contents of social and text messages may contain additional Sensitive Personal Information that is shared by the Customer and/or User.
Any information that a User or a User Contact submits to the Services will be captured and retained by Hearsay as part of the Services.
If you are a User Contact, you may have been directed to review this Privacy Policy by one of our Customers in lieu of their own Privacy Policy. In this case, any information about you as a User Contact that Hearsay collects will be processed and maintained in accordance with this policy. However, to understand how the Customer uses the information or to exercise any rights, please contact the Customer directly.
CRM Integrations
Certain Customers integrate their customer relationship management (CRM) systems with the Services. When this happens, Hearsay receives any information about Users and User Contacts that a Customer has collected and wishes to share with Hearsay. Hearsay will use this information within the Service to enable certain functionality (e.g., populating email contacts from a CRM so that a User may utilize email functionality), or use insights in order to recommend certain actions (e.g., based on a combination of activity documented in CRM and the Services with a User Contact, a User might receive a recommendation to make a future communication with the same User Contact).
Publicly Available Information about Users and User Contacts
In order to better understand Users and provide a better experience, Hearsay creates various “profiles” within the Services, in order to provide more targeted content and suggest action items for a User to take within the Services. “Profiles” are not composites of personal information nor based on actual individuals, but are common characteristics identified by Hearsay to describe certain behaviors or preferences. In order to make recommendations or suggest content, Hearsay endeavors to find out more about its Users and User Contacts. In some instances, when building these “profiles,” Hearsay may retain third parties to collect publicly available information about Users. This information may include your industry, the size of your office, and your online directory listing, to help Hearsay understand more about our customer base and to tailor information we send you about the Services.
Anonymized Aggregated Data
Hearsay has developed proprietary algorithms that monitor all communications and transactions that occur within the Services. Hearsay engages third parties to perform data analysis on data sets provided by Hearsay in order to improve Hearsay’s algorithms. The purpose of these algorithms is to identify patterns of behavior, either unique to a User or to defined categories of people, which may enhance a User’s use of the Services. Any data created or identified within an algorithm does not identify the activity of an individual User or User Contacts. For example, the Services may identify that a User’s social media network contacts are most active between the hours of 10 AM to 12 PM on weekdays, and would therefore recommend a User to schedule social media posts during this time. The Services algorithms gather this information based on the volume activity occurring within this network; this recommendation, or any data associated with this recommendation, would not identify the posting habits of any individual User Contact or a User. For text message communication, the Services may suggest prepopulated quick replies to certain text messages. The Services algorithms make these suggestions based on gathered information from previous replies and conversations.
Industry Information
Hearsay collects information relating to the industry with which a User is associated: acquiring data sets about certain financial services industries, reviewing census results to identify purchasing habits of consumers, etc. The purpose of acquiring this information is to provide more information and insight for the User when using the Services.
We or our authorized service providers process the Services Information solely as a data processor, in order to:
We disclose Services Information under certain circumstances, as further described below.
The Services allow Users to send or receive communications from User Contacts through social media, email, text messaging and voice communications. If Users send communications through the Services, Hearsay will deliver those communications to third parties in order for the User Contact to share and receive those communications. We call these third party delivery networks “External Services.” Examples of External Services include Facebook, Twitter, LinkedIn and Instagram (for social media).
We may share Services Information with third-party service providers or consultants who need access to the data to perform their work on Hearsay’s behalf. These third party service providers are limited to only accessing or using this data to provide services to us and must provide reasonable assurances that they will appropriately safeguard any data provided by Hearsay. These include Amazon Web Services for website hosting, Sendgrid for email delivery and Twilio for text messaging.
Hearsay is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). Telecommunications activity performed by Hearsay is regulated and overseen by the Federal Communications Commission (FCC) and various state public utility commissions. We may disclose Services Information pertaining to a regulatory audit conducted by these entities as well as oversight organizations for the financial services industry, such as FINRA, SEC, or similar state and international regulators. When responding to a financial services regulatory audit, we will endeavor to first contact the Customer before disclosing any such information unless we are prohibited from doing so. The Customer is solely responsible for contacting any Users or User Contacts as part of the regulatory audit and disclosure of Services Information.
We may share data collected from you from the Services with our affiliates.
As we continue to grow, we may purchase websites, applications, subsidiaries, or other businesses or business units. Alternatively, we may sell businesses or business units, merge with other entities, obtain financing, and/or sell assets or stock, in some cases, as part of a reorganization or liquidation in bankruptcy. In order to evaluate and/or as part of these transactions, we may transfer your personal information to a successor entity upon a merger, consolidation, or other corporate reorganization in which Hearsay participates, to investors and/or to a purchaser or acquirer of all or a portion of Hearsay’s assets, bankruptcy included.
We share anonymized, aggregated, automatically-collected, or otherwise non-personal information with third parties for various purposes, including (i) compliance with reporting obligations; (ii) business or marketing purposes; (iii) assistance for us and other parties in understanding our Customers’ and Users’ interests, habits, and usage patterns for certain programs, content, services, advertisements, and/or functionality available through the Services. We do not share personal information about you in this case.
Hearsay may preserve or disclose your personal information in limited circumstances (other than as set forth in this Privacy Policy), including: (i) with your consent; (ii) when we have a good faith belief it is required by law, such as pursuant to a valid subpoena, warrant, or other judicial or administrative order (as further explained below); (iii) to protect the safety of any person; (iv) to protect the safety or security of the Hearsay Website and/or Services or to prevent spam, abuse, or other malicious activity of actors with respect to the Hearsay Website and/or Services; or (v) to protect our rights or property or the rights or property of those who use the Hearsay Website and/or Services.
If we are required to disclose personal information by law, such as pursuant to a subpoena, warrant, or other judicial or administrative order, we will use reasonable efforts to provide you with notice of this disclosure requirement, unless we are prohibited from doing so by statute, subpoena or court or administrative order. Our policy is to respond to requests that are properly issued by law enforcement within the United States or via mutual legal assistance mechanism (such as a treaty), and to object to requests that we do not believe were issued properly. However, if we receive information that provides us with a good faith belief that there is an exigent emergency involving the danger of death or serious physical injury to a person, we may provide information to law enforcement trying to prevent or mitigate the danger (if we have it), which will be determined on a case-by-case basis.
Certain Customers may purchase services from third parties that have a partnership relationship with Hearsay and are authorized to access the Services (“Value Added Partners”). In such cases, Hearsay will allow the Value Added Partner(s) to access the relevant Services account if the Customer has given the requisite permission. This access may include being able to read Services Information.
As ‘data controllers’ of Services Information, Customers are responsible for providing information to individuals in the EEA and/or the U.K., including the purposes of collection, legal bases, and your rights, as well as residents of certain states that provide consumer rights. If we receive a notification from a Customer regarding an individual wishing to exercise his/her exercising, we will assist said Customer with responding to and honoring such requests according to the Customer’s instructions.
When you visit the Hearsay Website or use the Services, we and our service providers acting on our behalf automatically collect certain data using tracking technologies like cookies, web beacons, and similar tracking technologies.
A cookie is a small amount of data, which often includes an anonymous unique identifier that is sent to your browser from a website’s computers and stored on your computer’s hard drive.
These technologies are used to help us better understand User behavior and facilitate and measure the effectiveness of our Hearsay Website and Services. We treat information collected by cookies and other technologies as non-personal information.
We use cookies to record current session information. We also use third party cookies (e.g. Google Analytics) to provide anonymized and aggregated information on website usage statistics and patterns.
All modern Internet browsers allow you to control your cookie settings. These settings are usually accessed in the ‘Options’ or ‘Preferences’ section of your browser. Please note that certain features of the website will not be available once cookies are disabled. For further information about cookies and how to manage them, please visit www.allaboutcookies.org.
Hearsay uses web beacons with cookies or separately to compile information about your engagement with us. Web beacons are clear electronic images that can recognize certain types of information on your computer, such as cookies, when you view a particular website tied to the web beacon, and a description of a website tied to the web beacon.
Here is a basic description and overview of the type of cookies Hearsay may use:
Hearsay Social, Inc. (“Hearsay”), is a web and mobile-based software platform that allows financial services and insurance companies (“Customers”) and their employees and/or designated agents with access to the Services (“Users”) to utilize electronic communications channels (such as social media, websites, email, mobile voice and text message) to communicate with clients and prospects (“SaaS Services”).
This Privacy Policy applies to Hearsay’s Website and Hearsay’s SaaS Services; collectively “Services.” This Privacy Policy contains details about how we collect, use, disclose, process, share and secure personal information that we obtain from and about you when you interact with our Services. Our collection and processing of information that alone or in conjunction with other information may reasonably identify you (“Personal Information”) may be either for our own purposes, or on behalf of other entities to whom we provide services.
If you have any questions regarding the collection and processing of Personal Information performed by us on behalf of another entity please consult that entity’s privacy policy. If, after reviewing this Privacy Policy, you have any questions or privacy concerns, please send us an email to privacy@hearsaycorp.com (see the How to Contact Us about Privacy section). We are committed to protecting the privacy of those with whom we interact.
For purposes of this Privacy Policy, the words “our,” “us,” “we,” and “Hearsay” refer to Hearsay Social, Inc., and our affiliates (which includes any person or entity that controls us, is controlled by us, or is under common control with us, such as our subsidiary, parent company, or our employees).
For the purpose of this Notice, Personal Information shall by interchangeable with Personal Data, and each shall have the meaning assigned to it by applicable laws, including, but not limited to, information that directly or indirectly, on its own or in conjunction with other information, identifies an individual. Please read this Notice carefully.
NEVADA, CALIFORNIA, COLORADO, CONNECTICUT, OR VIRGINIA RESIDENTS OR RESIDENTS OF ANOTHER STATE THAT OFFER CERTAIN PRIVACY RIGHTS: If you are a resident of Nevada, California, Colorado, Connecticut, or Virginia or resident of another state that offers certain privacy rights, this entire Privacy Policy applies to you. However, please see Additional Information for Certain States below, which will inform you in detail about our information collection practices and your specific rights.
INDIVIDUALS LOCATED IN THE EEA OR THE U.K.: If you are located in the European Economic Area (“EEA”) or the United Kingdom (“U.K.”), this entire Privacy Policy applies to you. However, please see Additional Information for Individuals in the EEA below, which will inform you in detail about our legal bases for processing and which rights you have in connection with our processing of your personal data.
We collect information in several contexts as described below. This policy also does not apply to information we collect in connection with providing services to our business clients, where we act as a service provider and process Personal Information in accordance with their instructions (see “Hearsay Processor and Service Provider Data”). Such information is subject to the Privacy Policies of the other financial institutions.
This Policy applies only to Hearsay operated services and applications, including our online services, mobile-based application, and Website. Our Services may contain links to other websites that are not operated or controlled by Hearsay. Hearsay does not control such third-party websites or their privacy practices. Any personal information you choose to give to third-party websites is not covered by this Notice.
Hearsay may update this Privacy Policy from time to time, in its sole discretion. If we do so, we will post an updated Privacy Policy on the Hearsay Website and provide prompt written notice of such updates, as applicable. Changes, modifications, additions, or deletions will be effective when posted unless stated otherwise. If we make material or significant changes, we may also send our Customers a notice that we have changed this Privacy Policy. Your continued use of the Hearsay Website and Services, and/or your continued provision of personal information to us after the posting of such notice, will be deemed an acceptance of any changes and subject to the terms of the then-current Privacy Policy. If any of the changes are unacceptable to you, you should cease interacting with us. When required under applicable law, we will seek affirmative consent from you before making material changes to the way we handle Personal Information previously collected from you. If you do not provide such consent, Personal Information will continue to be used in a manner that is consistent with the version of this Notice under which it was collected.
We are located in the United States, and the personal information that we collect is stored on servers located in the United States. This means that your Personal Information will be collected, processed, and stored in the United States, which may have data protection laws that are different from (and sometimes less protective than) the laws of your country or region, such as the General Data Protection Regulation 2016/679 (“GDPR”) in the European Union.
By sending us Personal Information, you agree and consent to the processing of your personal information in the United States, which may not offer an equivalent level of protection to that required in other countries (particularly the European Economic Area).
We have implemented safeguards designed to ensure that the Personal Information we process remains protected in accordance with this Privacy Policy, including when processed internationally or by our third-party service providers and partners. The safeguards we may take at our discretion include, for instance, entering into specific agreements in connection with any onward transfers of personal information. We may implement other mechanisms and take similar appropriate safeguards with our third party service providers and partners. Further details can be provided upon request.
Hearsay acts as a ‘data controller’ when it collects Personal Information on its own behalf and for its own Business Purposes, such as through our publicly-accessible Website, and as a ‘data processor’ when it collects and processes personal information on behalf of its Customers in order to provide the SaaS Services. As such, this Privacy Policy is separated into two main sections that address our different roles:
Please note that how you exercise certain rights will depend on whether Hearsay is processing your Personal Information as a ‘data controller’ or as a ‘data processor’, and is further explained throughout this Privacy Policy:
If you are a visitor of the Hearsay Website or a Customer and have any questions about this Privacy Policy or requests for access to or deletion or rectification of personal information that Hearsay collects and processes contact us at privacy@hearsaycorp.com or by mail at:
Attn: Legal Department
Hearsay Social, Inc. d/b/a Hearsay Systems
2261 Market Street, Ste. 5397
San Francisco, CA 94114
United States of America
Individuals in the EEA or the U.K. may contact Hearsay at:
Attn: Legal Department
Hearsay Social, Inc. d/b/a Hearsay Systems
Koztelek utca 6, 1147 Budapest
privacy@hearsaycorp.com
Below is a description of the personal information that we gather from you as a visitor to Hearsay Website, which includes https://hearsaysystems.com and other websites where this Privacy Policy is posted. Information about personal information collected through the account portal and the Saas Services can be found in the Hearsay Processor and SaaS Service Provider Data section below.
In this section, “you” refers to an individual visiting the Hearsay Website.
When you visit the Hearsay Website, we collect information directly from you when you provide it to us, such as when you request a demo, and indirectly, such as through the use of cookies and similar technology.
Data Protection Law (as defined below) recognizes that Sensitive Personal Information (or “sensitive personal data” as used interchangeably) requires additional protection. In particular, the GDPR prohibits the processing of sensitive personal data, other than in certain exceptional circumstances. Sensitive personal data in the EEA includes information relating to one’s race or ethnicity, political opinions, religious or philosophical beliefs, membership of a trade union, as well as biometric data and data relating to one’s health or sexual orientation (“Sensitive Personal Information”. Certain US state privacy laws (i.e., “Data Protection Law”) also have different definitions of Sensitive Personal Information, which may also include precise geolocation, citizenship or immigration status, and Personal Information from a known child.
Visiting the Hearsay Website
Some pages of the Hearsay Website allow you to fill out a web form and share your personal information with us directly, such as on our “Contact Us” page and on our “Submit a request” page. Information we collect consists of:
Occasionally, we may also offer opportunities for you to share your data with us such as through a survey, to sign up for a newsletter, or to register for or receive details about an event we are sponsoring. If you participate in those surveys, sign up for a newsletter, or register for an event, we will collect the information you provide to us at that time. You will be able to unsubscribe from receiving those types of communication at any time.
In addition, if you send us an email or otherwise contact us, we will collect the personal information that you provide to us at that time.
When you visit the Hearsay Website, we, or authorized third parties, collect information, including Device and Usage Information described below, by automated means using cookies, web beacons, server logs or other tracking technologies for analytic purposes. For more information on our use of these technologies and the data that they collect, please see our Cookie Statement. We may also collect information from third parties, as explained below.
Device and Usage Information
When you visit, use or interact with the Hearsay Website, even if you do not have an account, we, or authorized third parties (such as service providers or External Ad Partners (as defined in the Targeted Advertising section below), may collect information about your use of the Hearsay Website via your device. Device and Usage Information that we, or these authorized third parties, collect consists of:
Information from Third Parties
In some instances, we process personal information from third parties, such as data from our External Ad Partners (see the Targeted Advertising section below). These third parties may also use tracking technologies to serve you advertisements tailored to interests you have shown by browsing on this Website and other sites, applications, destinations, and services you have visited, and for other lawful Business Purposes (as defined below).
To provide you with more relevant and interesting experiences, we may work with third party companies to display ads or customize the content on this Website and on other digital properties and websites. These companies may use cookies and similar tracking technologies as described in this Notice to gather information about your visits to our Website, as well as your visits elsewhere on the Internet. These companies use this information to provide you with more relevant advertising known as interest-based advertising.
We, or our authorized partners, collect and process personal information in order to:
Additionally, we may disclose information about users (i) if it is required to do so by law or legal process; (ii) as may be required to law enforcement authorities or other government officials, (iii) when Hearsay believes disclosure is necessary or appropriate to prevent physical harm, financial loss or in connection with an investigation of suspected or actual illegal activity, or (iv) to respond to claims by third parties.
For California residents, please see the Additional Information for Certain States Section below for more information on specific purposes of collection for each category of Personal Information collected in the past 12 months as a “Business” under the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act of 2020. For Colorado, Connecticut, and Virginia residents, please also see the Additional Information for Certain States.
For individuals located in the EEA or the U.K., please see the Additional Information for Individuals in the EEA and the U.K. Section below for more information, including our legal bases for processing.
We disclose your Personal Information under certain circumstances, such as to our service providers or in the event of a business transfer, as further described below.
Hearsay may share Personal Information and/or Sensitive Personal Information with our third party agents, contractors, or service providers who are hired to perform services on Hearsay’s behalf or in order to assist with certain Business Purposes and/or Commercial Purposes. These providers may operate or support certain functions of the Hearsay Website and Services. Below is a list of categories of service providers that we may use to perform these functions (which are subject to change):
Service providers process your Personal Information and/or Sensitive Personal Information for the specific purpose of providing their services to us (and in accordance with our instructions).
As explained here, we also work with and disclose Personal Information to External Ad Partners who assist us with advertising and marketing our Services.
In some cases, service providers and External Ad Partners collect your Personal Information and/or Sensitive Personal Information directly from you, such as via cookies.
We may share data collected from you from the Hearsay Website with our affiliate entities.
As we continue to grow, we may purchase websites, applications, subsidiaries, or other businesses or business units. Alternatively, we may sell businesses or business units, merge with other entities, obtain financing, and/or sell assets or stock, in some cases, as part of a reorganization or liquidation in bankruptcy. In order to evaluate and/or as part of these transactions, we may transfer your personal information to a successor entity upon a merger, consolidation, or other corporate reorganization in which Hearsay participates, to investors and/or to a purchaser or acquirer of all or a portion of Hearsay’s assets, including bankruptcy.
We share anonymized, aggregated, automatically-collected, or otherwise non-Personal Information with third parties for various purposes, including (i) compliance with reporting obligations; (ii) Business Purposes, Commercial Purposes, and/or marketing purposes; (iii) assistance for us and other parties in understanding our users’ interests, habits, and usage patterns for certain programs, content, services, advertisements, and/or functionality available through the Services. We do not share Personal Information about you in this case.
Hearsay may preserve or disclose your Personal Information in limited circumstances (other than as set forth in this Privacy Policy), including: (i) with your consent; (ii) when we have a good faith belief it is required by law, such as pursuant to a valid subpoena, warrant, or other judicial or administrative order (as further explained below); (iii) to protect the safety of any person; (iv) to protect the safety or security of the Hearsay Website and/or Services or to prevent spam, abuse, or other malicious activity of actors with respect to the Hearsay Website and/or Services; or (v) to protect our rights or property or the rights or property of those who use the Hearsay Website and/or Services.
If we are required to disclose Personal Information by law, such as pursuant to a subpoena, warrant, or other judicial or administrative order, we will use reasonable efforts to provide you with notice of this disclosure requirement, unless we are prohibited from doing so by statute, subpoena or court or administrative order. Our policy is to respond to requests that are properly issued by law enforcement within the United States or via mutual legal assistance mechanism (such as a treaty), and to object to requests that we do not believe were issued properly. However, if we receive information that provides us with a good faith belief that there is an exigent emergency involving the danger of death or serious physical injury to a person, we may provide information to law enforcement trying to prevent or mitigate the danger (if we have it), which will be determined on a case-by-case basis.
Our Website is intended for individuals 18 years of age and older. It is not directed at, marketed to, nor intended for, children under 18 years of age. We do not knowingly collect any Personal Information directly from children under the age of 18. If we discover we have inadvertently received any Personal Information from a child under the age of 18 in violation of this Policy, we will take reasonable steps to delete that information as quickly as possible. If you believe that we have any Personal Information from or about anyone under the age of 18, please contact us at privacy@hearsaycorp.com.
The Hearsay Website uses third-party analytics tools that drop cookies and/or similar technologies to collect and store information about your device and use of the Hearsay Website. We use analytics tools to calculate visitor, session and campaign data for the Hearsay Website analytics reports.
One of our tools is Google Analytics. We use Google Analytics to generate and process statistical or demographic data. Third parties, like Google, use cookies to compile reports on the website’s activity and website visitors, and provide other services related to website activity and usage. The technologies used by Google may collect information such as your IP address, time of visit, whether you are a return visitor, and any referring website. You can read more about Google’s practices in Google’s privacy policy. You can opt-out from being tracked by Google Analytics in a particular browser on a particular device by downloading and installing the Google Analytics Opt-out Browser Add-on for that browser. To learn more about how to opt-out of tracking by Google Analytics, please click here.
Another tool is the LinkedIn Insight Tag. You can read more about LinkedIn’s practices in LinkedIn’s privacy policy. LinkedIn only provides reports and alerts (which do not identify LinkedIn members) about the Hearsay website audience and ad performance (LinkedIn does not share the personal data of its members with Hearsay). LinkedIn members can control the use of their personal data for advertising purposes through their account settings.
We market our company and Services in a variety of ways. Below is a description of what data we gather from you, and how we use it for purposes of these marketing activities. We gather information from or about you in the following different roles:
Occasionally, we may also offer opportunities for you to share your data with us such as through a survey, to sign up for a newsletter, or to register for or receive details about an event we are sponsoring. If you participate in those surveys, sign up for a newsletter, or register for an event, we will collect the information you provide to us at that time. You will be able to unsubscribe from receiving those types of communication at any time.
In some cases, you provide Personal Information directly to Hearsay as part of a marketing event that Hearsay hosts or co-hosts, through email or when you participate in an online webinar. Occasionally, and only with your consent, we may send you future communications. We may also acquire personal information about you through a third party. In particular, Hearsay engages third parties who provide us with contact information for Leads. When acquiring information from third parties, Hearsay endeavors to obtain contractual commitments from the third parties that the information was acquired lawfully and with the appropriate level of consent.
Our communications to you for marketing purposes will contain instructions on how you can opt-out from receiving future communications, and if you consent to our use of your personal information for marketing purposes, you may always withdraw your consent. You may also contact Hearsay directly about its marketing activities at privacy@hearsaycorp.com.
Hearsay engages third-party advertising networks (“External Ad Partners”) to display advertising about our Services when you visit other websites within that advertising network. Like many other companies, we rely on retargeting, also known as remarketing, which is a type of marketing strategy that helps businesses “remind” visitors of their products and services after they leave their websites. For instance, through the use of cookies (and similar technologies) placed by External Ad Partners, online identifiers (considered personal information) are collected and then used to identify visitors to the Hearsay Website on other websites or social media platforms. With this information our External Ad Partners may serve relevant ads on consumers who previously visited the Hearsay Website.
Individuals in the EEA, the U.K., or certain U.S. state residents (i.e., Consumers, as defined below) have additional rights, as explained here and here.
Hearsay maintains an online presence on social media platforms (“Social Media Platforms”) such as Instagram, Twitter, Facebook and Linkedin, to provide information about our Services and communicate with users and/or visitors to those pages or accounts. When you interact or post to our account, we process your Personal Information. In some cases, the Social Media Platforms are service providers or processors. In other cases, such as with Facebook, we are jointly responsible for the processing, as explained in the section titled Hearsay as a ‘Joint Controller’ with Facebook.
We use reasonably appropriate security measures designed to protect the security of Personal Information and Sensitive Personal Information both online and offline. These measures vary based on the sensitivity of the information that we collect, process and store and the current state of technology. Please note, though, that no website or internet transmission is completely secure, so while we strive to protect your data, we cannot guarantee that unauthorized access, hacking, data loss or a data breach will never occur.
Certain internet web browsers allow a “do not track” (“DNT”) setting that relies on a technology known as a DNT header, which sends a signal to websites visited by the individual about the individual’s browser DNT setting. At this time, we do respond to DNT signals. For more information on DNT settings generally, please visit https://allaboutdnt.com.
How you make choices about cookies and other tracking technologies depends on the type of cookie or tracking technology being used. For details on how to manage your preferences for cookies and tracking technologies within your web browser, please see our Cookie Statement.
If you are receiving promotional emails from us, you can choose to stop receiving those by following the unsubscribe/opt-out instructions in those emails. You can also opt-out by contacting customer support at support@hearsaycorp.com.
To request access to, or to make changes to, data that we have collected from you via the Hearsay Website, please email us at privacy@hearsaycorp.com. Individuals in the EEA, the U.K., or certain U.S. state residents (i.e., Consumers, as defined below) have additional rights, as explained here and here.
The categories of recipients of personal data with whom we may share your personal data are listed in Disclosure of Your Personal Information above.
Hearsay as ‘Data Controller’
As a ‘data controller’, Hearsay processes your Personal Information for a number of different purposes. Some are essential for us to provide the Services or to fulfill our legal obligations, some help us run the Services efficiently and effectively, and some enable us to provide you with more relevant and personalized offers and information. In all cases, with respect to individuals in the EEA or the U.K., we must have a reason and a legal ground for processing your personal information. The most common legal grounds on which we rely are briefly explained below:
The following breakdown illustrates in more detail our processing activities and how the above legal bases for processing apply (in brackets):
We use Facebook’s products and services (“Facebook Products”) in different ways:
With respect to our use of Facebook Products, we are jointly responsible with Facebook Ireland for the processing activities (“Joint Processing”):
Facebook Ireland Ltd.,
4 Grand Canal Square, Grand Canal Harbor
Dublin 2, Ireland
Information about the personal data that is collected from you by Facebook, as well as how and why it is processed by Facebook, can be found at https://www.facebook.com/about/privacy.
Hearsay and Facebook have entered into an agreement in order to determine the respective responsibilities for compliance with our obligations in connection with the Joint Processing within the meaning of the GDPR. This joint controller agreement, which sets out the reciprocal obligations, is available here.
Hearsay’s legal basis for processing your personal data via Facebook Products is our legitimate interest in increasing and analyzing the communication, sales, and promotion of Services. Our legal basis may also be your consent, which may be revoked at any time.
Some processing by Facebook Ireland Ltd. might take place in the United States by Facebook Inc.
We use the following criteria to determine our retention periods: the amount, nature and sensitivity of your information, the reasons for which we collect and process your personal data, the length of time we have an ongoing relationship with you and provide you with access to our Services, and applicable legal requirements. We will retain personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to comply with applicable legal, tax, or accounting requirements), when we are unable to reasonably verify your identity, or as may otherwise be required under GDPR. Additionally, we cannot delete information when it is needed for the establishment, exercise, or defense of a legal claim (also known as a “litigation hold”). In this case, the information must be retained as long as needed for exercising respective potential legal claims.
When we no longer have a legitimate business need to process your personal information, it is deleted and/or anonymized. If you have questions about, or need further information concerning, our data retention periods, please email privacy@hearsaycorp.com.
If the GDPR or the U.K., applies to you because you are in the EEA or the U.K., you have certain rights in relation to your personal data:
These rights are subject to certain rules around when you can exercise them. If you are located in the EEA or the U.K. and wish to exercise any of the rights set out above, please contact us (see How to Contact Us about Privacy).
We will respond to all legitimate requests within one month. Occasionally, it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated as required by law.
Finally, you have the right to make a complaint at any time to the supervisory authority for data protection issues in your country of residence. We would, however, appreciate the chance to address your concerns before you approach the supervisory authority, so please contact us directly first at privacy@hearsaycorp.com.
This privacy notice for Nevada, California, Colorado, Connecticut, and Virginia residents, and residents of other states with applicable privacy laws (“State Privacy Notice”) supplements the information contained in the Privacy Policy and applies solely to individuals who reside in the applicable state (“Consumers”). We have created this State Privacy Notice in order to comply with the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act (collectively, “CCPA”), the Colorado Privacy Act (“CPA”), the Connecticut Data Privacy Act (“CTDPA”), the Virginia Consumer Data Protection Act (“VCDPA”), and other applicable privacy laws (collectively, “Data Protection Law”).
This CCPA Notice applies to Personal Information that Hearsay collects for its own purposes. It does not apply to:
We collect Personal Information as that term is defined in CCPA. Within the last twelve (12) months, Hearsay has collected the following categories of Personal Information from or about Consumers:
Personal information does not include:
As explained in more detail here, Hearsay obtains the categories of personal information listed above from the following categories of sources:
We collect and process your Personal Information and/or Sensitive Personal Information whenever you use our Website and/or Services.
Under the CCPA, we must disclose the purposes for which we collect your information. Our purposes include Business Purpose and Commercial Purposes, as generally described below.
In the section Why We Collect Your Personal Information and How We Use It, we explain the purposes for which we process this information, pursuant to Data Protection Law(s), along with the relevant categories of data we use and the legal basis we rely on to do so or other permitted reasons for processing (e.g. Business Purposes or Commercial Purposes under the CCPA). For clarity, the terms Business Purpose and Commercial Purpose, are being used to sufficiently describe the purpose of processing, transferring, sharing, sale, and/or sharing, as applicable, of all your Personal Information and/or Sensitive Personal Information under all Data Protection Law(s). As previously mentioned, Hearsay transfers and/or discloses your geolocation data and the contents of your social and text messages, which is Sensitive Personal Information, in order to provide the Service as well as for compliance reasons.
Hearsay may disclose your Personal Information to service providers, contractors, and/or third parties (as defined by CCPA) (or processor or third party, as defined by applicable Data Protection Law(s)) for a Business Purpose and/or Commercial Purpose. When we disclose Personal Information for a Business Purpose and/or Commercial Purpose, we enter into a contract that describes the purpose and requires the recipient to both keep that Personal Information confidential and not use it for any purpose except performing the services for us. As explained in more detail here, we also share your Personal Information with certain categories of service providers, contractors, and/or third parties who assist us in providing the Hearsay Website and Services and with our business.
We disclose your Personal Information and/or Sensitive Personal Information for a Business Purpose and/or Commercial Purpose to the following categories of Service Providers:
The following chart describes the categories of Personal Information and Sensitive Personal Information that we disclosed to service providers, contractors, and/or third parties for a Business Purpose and/or Commercial Purpose in the 12 months prior to the date of this Privacy Policy. As noted below in the chart, Hearsay transfers and/or discloses your geolocation data and the contents of your social and text messages, which is Sensitive Personal Information, in order to provide the Service as well as for compliance reasons.
The CCPA defines ‘sale’ and ‘share’ very broadly. ’Sale’ includes the sharing of Personal Information with third parties in exchange for anything of value, while ‘share’ means disclosure of Personal Information to third parties for cross contextual behavioral advertising. According to these broad definitions, in the 12 months before this section was last updated, we may have sold or shared the following categories of Personal Information to third parties:
The CCPA provides Consumers with specific rights regarding their Personal Information, provided that we are able to verify their identities as explained below. This section describes your CCPA rights and explains how to exercise them.
Opting-out of Sales or Sharing of Your Personal Information
You have the right to opt-out of our sharing or selling of your Personal Information with some External Ad Partners in certain circumstances. If you would like to opt-out of the sale of Personal Information, please click here.You can also opt-out of the sale or sharing of your Personal Information that is collected automatically when you visit the Website by clicking here.
Hearsay does not sell or share Personal Information collected on the Hearsay mobile-based software platform.
Access to Specific Information
You have the right to request that Hearsay disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive your request and verify your identity, as explained in Exercising Your Consumer Rights, we will disclose such information to you.
Right to Data Portability
You have the right to receive the Personal Information that you have provided to Hearsay, in a structured, commonly used and machine-readable format, and you have the right to transmit that information to another controller, including to have it transmitted directly, where technically feasible.
Right to Correction
You have the right to have your Personal Information corrected.
Deletion Request Rights
You have the right to request that Hearsay delete your personal information, subject to certain exceptions listed in the CCPA. Once we receive your request and verify your identity, as explained in Exercising Your Consumer Rights, we will delete (and direct our service providers, contractors, third parties, and/or processors, as applicable, to delete) your Personal Information from our records, unless an exception applies.
Your Right to Limit the Use Sensitive Personal Information We Have Collected About You
You have the right to limit our use of your Sensitive Personal Information if we use it for purposes other than providing the Services to you. We currently do not use your Sensitive Personal Information for purposes other than providing the Service/ for the Business Purposes above.
Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable Consumer request related to your personal information.
An authorized agent is a natural person or a business entity registered with the Secretary of State that a Consumer has authorized to act on his or her behalf. When a Consumer uses an authorized agent to submit a request to know or a request to delete, Hearsay may require that the Consumer provide the authorized agent written permission to do so and verify his or her own identity directly with Hearsay, unless the Consumer has provided the authorized agent with a valid power of attorney. Hearsay may deny a request from an agent that does not submit proof that he or she has been authorized by the Consumer to act on his or her behalf.
To exercise the rights described above, please submit a verifiable Consumer request to us by either calling us at 1-888-399-2280 or mailing privacy@hearsaycorp.com.
You may only make a verifiable Consumer request for access or data portability twice within a 12-month period. In particular, you can request the following:
1. Specific Pieces of Information
2. Categories of Information
The verifiable Consumer request must:
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. We will notify you to explain the basis of the denial.
If we have a good-faith, reasonable belief that a request to opt-out of the sale or sharing of Personal Information is fraudulent, we may deny the request. Should this occur, we will inform you and explain why we believe the request is fraudulent.
Making a verifiable Consumer request does not require you to create an account with us. Please note that the methods for verification are set forth in the CCPA, which also requires us to consider a number of factors, such as the type, sensitivity, and value of the personal information or the risk of harm posed by unauthorized access or deletion, on a case-by-case basis.
We will only use personal information provided in a verifiable Consumer request to verify the requestor’s identity or authority to make the request.
Upon your request, we will delete the Personal Information we have collected about you, except for situations where the CCPA authorizes us to retain specific information, including when it is necessary for us to provide you with a good or service that you requested; perform a contract we entered into with you; maintain the functionality or security of our systems; or comply with or exercise rights provided by the law. The law also permits us to retain specific information for our exclusively internal use, but only in ways that are compatible with the context in which you provided the information to us or that are reasonably aligned with your expectations based on your relationship with us. We will act on your deletion request within the timeframes set forth below.
Response Timing
We endeavor to respond to a verifiable Consumer request generally within 45 days of its receipt, or as otherwise required by the CCPA, although we may take longer to process your request under certain circumstances. If we expect your request is going to take us longer than normal to fulfill, we will let you know.
Any disclosures we provide will only cover the 12-month period preceding our receipt of the verifiable Consumer’s request. If applicable, in our response, we will also explain the reasons we cannot comply with a request. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We usually act on requests and provide information free of charge, but we may charge a reasonable fee to cover our administrative costs of providing the information in certain situations. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request. In some cases, the law may allow us to refuse to act on certain requests. When this is the case, we will endeavor to provide you with an explanation as to why.
We will not discriminate against you in a manner prohibited by the CCPA because you exercise your CCPA rights. Please note that to use our Services, we do require the collection of your personal information – for example, to sign you up. While you may request to delete your personal information under CCPA, such deletions may affect our ability to offer the Services.
California Civil Code Section 1798.83, also known as the “Shine the Light” law, permits California residents to annually request, free of charge, information about certain categories of Personal Information a business has disclosed to third parties for direct marketing purposes in the preceding calendar year. California residents may make such request to us at privacy@hearsaycorp.com. We will provide a list of the categories of personal information disclosed to such third parties for their direct marketing purposes during the immediately preceding calendar year, along with the names and addresses or these third parties. This request may be made no more than once per calendar year. We reserve our right not to respond to requests submitted other than to the email specified in this section.
We do not sell your Personal Information within the scope of, and according to the defined meaning of, a “sale” under NRS 603A.
Under Virginia’s Consumer Data Protection Act (“VCDPA”), solely as to Personal Information of users acting in an individual or household context, Virginia residents have certain rights around Hearsay’s collection, use, and sharing of their personal data. Hearsay may sell your personal data and has provided you with notice and an opportunity to opt-out of such sale as required by law. Similarly, Hearsay may engage in profiling in furtherance of decisions that produce legal or similarly significant effects. Hearsay may engage in “targeted advertising” as that term is defined in the VCDPA. You have the right to opt-out of targeted advertising here. Hearsay collects various categories of personal data when you use the Services, including identifiers, commercial information, internet or other electronic network or device activity information, geolocation data, and professional information . A more detailed description of the information Hearsay collects and how we use it is provided above in the sections Information We Collect Directly From You, Information We Collect Indirectly From You, Use of Your Personal Information, How We Process Your Information and Our Legal Bases for Doing So, and Disclosure of Personal Information. Disclosure of Personal Information describes the categories of third parties with whom we share personal data, and what information may be shared under different circumstances. If you are a resident of Virginia, you will have the right to (1) request to know what personal data has been collected about you, and to access that information; (2) request to correct inaccuracies in your personal data; (3) request deletion of your personal data, though exceptions under the CDPA and other laws may allow Hearsay to retain and use certain personal data notwithstanding your deletion request; (4) obtain a copy of your personal data (i.e., right of data portability); and (5) the right to opt out personal data processing for the purpose of (i) targeted advertising; (ii) the sale of personal data; or (iii) profiling in further of decisions that produce legal or similarly significant effects concerning the consumer. You can learn more about how to submit a data rights request, or appeal denial of a request, as applicable, at the Exercising Your Consumer Rights section above. You may also send your request by email to privacy@hearsaycorp.com.
Under Colorado’s Consumer Privacy Act (“CPA”), solely as to Personal Information of users when acting in an individual or household context, Colorado residents have certain rights around Hearsay’s collection, use, and sharing of their personal data. Hearsay may sell your personal data and has provided you with notice and an opportunity to opt-out of such sale as required by law. Similarly, Hearsay may engage in profiling in furtherance of decisions that produce legal or similarly significant effects. Hearsay may engage in “targeted advertising” as that term is defined in the CPA. You will have the right to opt-out of targeted advertising here. Hearsay collects various categories of personal data when you use the Services, including identifiers, commercial information, internet or other electronic network or device activity information, geolocation data, and professional information. A more detailed description of the information Hearsay collects and how we use it is provided above in the sections Information We Collect Directly From You, Information We Collect Indirectly From You, Use of Your Personal Information, How We Process Your Information and Our Legal Bases for Doing So, and Disclosure of Personal Information. Disclosure of Personal Information describes the categories of third parties with whom we share personal data, and what information may be shared under different circumstances. If you are a resident of Colorado, you will have the right to (1) request to know what personal data has been collected about you, and to access that information; (2) request to correct inaccuracies in your personal data; (3) request deletion of your personal data, though exceptions under the CPA and other laws may allow Hearsay to retain and use certain personal data notwithstanding your deletion request; (4) obtain a copy of your personal data (i.e., right of data portability); and (5) the right to opt out personal data processing for the purpose of (i) targeted advertising; (ii) the sale of personal data; or (iii) profiling in further of decisions that produce legal or similarly significant effects concerning the consumer. You can learn more about how to submit a data rights request, or appeal denial of a request, as applicable, at the Exercising Your Consumer Rights section above. You may also send your request by email to privacy@hearsaycorp.com.
Under Connecticut’s Data Privacy Act (“CTDPA”), solely as to Personal Information of users when acting in an individual or household context, Connecticut residents have certain rights around Hearsay’s collection, use, and sharing of their personal data. Hearsay may sell your personal data and has provided you with notice and an opportunity to opt-out of such sale as required by law. Similarly, Hearsay may engage in profiling in furtherance of decisions that produce legal or similarly significant effects. Hearsay may engage in “targeted advertising” as that term is defined in the CTDPA. You will have the right to opt-out of targeted advertising here. Hearsay collects various categories of personal data when you use the Services, including identifiers, commercial information, internet or other electronic network or device activity information, geolocation data, and professional information. A more detailed description of the information Hearsay collects and how we use it is provided above in the sections Information We Collect Directly From You, Information We Collect Indirectly From You, Use of Your Personal Information, How We Process Your Information and Our Legal Bases for Doing So, and Disclosure of Personal Information. Disclosure of Personal Information describes the categories of third parties with whom we share personal data, and what information may be shared under different circumstances. If you are a resident of Connecticut, you will have the right to (1) request to know what personal data has been collected about you, and to access that information; (2) request to correct inaccuracies in your personal data; (3) request deletion of your personal data, though exceptions under the CTDPA and other laws may allow Hearsay to retain and use certain personal data notwithstanding your deletion request; (4) obtain a copy of your personal data (i.e., right of data portability); and (5) the right to opt out personal data processing for the purpose of (i) targeted advertising; (ii) the sale of personal data; or (iii) profiling in further of decisions that produce legal or similarly significant effects concerning the consumer. You can learn more about how to submit a data rights request, or appeal denial of a request, as applicable, at the Exercising Your Consumer Rights section above. You may also send your request by email to privacy@hearsaycorp.com.
If you have any questions regarding this State Notice, please contact us directly.
As explained above, we process personal information from individuals described below on behalf of our Customers in order to provide our Services, in accordance with their Instructions. When we process personal information on behalf of our Customers, we are a ‘data processor’ or service provider. This includes certain information that we collect through our account portal (https://my.hearsaysocial.com/) when Users log into their accounts with Hearsay, as well as other information that is collected through the various products offered by Hearsay as part of the Services.
Hearsay’s Customers are controllers of the Personal Information because they decide how or why your Personal Information is processed. When our Customers process Personal Information through our Services, they are responsible for ensuring that they do so in compliance with the law, including providing their customers and users with their own privacy policies.
Hearsay’s processing activity as a service provider and processor is governed by the contracts we have with our Customers. Under the terms of those agreements, we will direct any data subject request you make to Hearsay for Personal Information that we process as a processor under this section to our Customers.
For purposes of this Section, “You” may refer to a variety of people, including:
If there are special terms and considerations, we will address the individual group by the capitalized term (Customer, User or User Contacts). Where terms apply to all groups, we will address the group as “you.”
We process information (1) received directly from Customers and Users, other than personal information collected on signing up as a User of the Services, (2) from or about User Contacts through the use of the Services by Customers and Users, and (3) obtained indirectly, such as through the use of cookies or CRM integrations.
The information that we process as part of the Services is described below in further detail. Collectively, all information processed by Hearsay in order to provide the Services is referred to “Services Information” for purposes of this Privacy Policy.
Through the Services, Customers and Users can populate their accounts with information submitted by a Customer or a User to Hearsay, or uploaded by Customer or a User to the Services, which is meant to be used and shared through the Services. Examples of such content include articles, logos and other assets uploaded by a Customer or User to personalize a web page. In uploading or submitting this information, Customers and Users must not include any personally identifiable information contained within the uploaded materials.
Hearsay may also contact Customers and Users to provide feedback on the Services by email or other means in order to better understand how Customers and Users use the Services. Some of the questions might include requests with a voluntary answer to provide certain additional personal identifiable information, such as name, age and geographic location. Information gathered by Hearsay will be used solely in connection with or to improve or expand the Services; however, this may include using this information within third-party services that are associated with the Services. Please see our cookies section to better understand how we use performance cookies to improve the Services.
As part of our Services, Hearsay allows Users to connect certain digital assets such as social media accounts (including private messaging in some cases), email addresses and telephone numbers to the Services in order to communicate with User Contacts. Customers may also have their own websites hosted by Hearsay (“Customer Sites”). As a result, Hearsay processes personal information from or about User Contacts that is collected via the Customer Sites, User social media accounts and/or other connections to the Services, depending on the level of permission. For instance, when using social media networks, if Hearsay is allowed to collect social media activity about the User Contact, Hearsay will collect such information and present a summary of this information to the User. With respect to text message correspondence, Hearsay may collect, store and retain the telephone number of the User Contact, call history with the User Contact, and any contents of a text message that a User Contact made in text message communications with the User.
Hearsay collects and/or processes Sensitive Personal Information, including precise geolocation and content of social and text messages. As explained below, the contents of social and text messages may contain additional Sensitive Personal Information that is shared by the Customer and/or User.
Any information that a User or a User Contact submits to the Services will be captured and retained by Hearsay as part of the Services.
If you are a User Contact, you may have been directed to review this Privacy Policy by one of our Customers in lieu of their own Privacy Policy. In this case, any information about you as a User Contact that Hearsay collects will be processed and maintained in accordance with this policy. However, to understand how the Customer uses the information or to exercise any rights, please contact the Customer directly.
CRM Integrations
Certain Customers integrate their customer relationship management (CRM) systems with the Services. When this happens, Hearsay receives any information about Users and User Contacts that a Customer has collected and wishes to share with Hearsay. Hearsay will use this information within the Service to enable certain functionality (e.g., populating email contacts from a CRM so that a User may utilize email functionality), or use insights in order to recommend certain actions (e.g., based on a combination of activity documented in CRM and the Services with a User Contact, a User might receive a recommendation to make a future communication with the same User Contact).
Publicly Available Information about Users and User Contacts
In order to better understand Users and provide a better experience, Hearsay creates various “profiles” within the Services, in order to provide more targeted content and suggest action items for a User to take within the Services. “Profiles” are not composites of personal information nor based on actual individuals, but are common characteristics identified by Hearsay to describe certain behaviors or preferences. In order to make recommendations or suggest content, Hearsay endeavors to find out more about its Users and User Contacts. In some instances, when building these “profiles,” Hearsay may retain third parties to collect publicly available information about Users. This information may include your industry, the size of your office, and your online directory listing, to help Hearsay understand more about our customer base and to tailor information we send you about the Services.
Anonymized Aggregated Data
Hearsay has developed proprietary algorithms that monitor all communications and transactions that occur within the Services. Hearsay engages third parties to perform data analysis on data sets provided by Hearsay in order to improve Hearsay’s algorithms. The purpose of these algorithms is to identify patterns of behavior, either unique to a User or to defined categories of people, which may enhance a User’s use of the Services. Any data created or identified within an algorithm does not identify the activity of an individual User or User Contacts. For example, the Services may identify that a User’s social media network contacts are most active between the hours of 10 AM to 12 PM on weekdays, and would therefore recommend a User to schedule social media posts during this time. The Services algorithms gather this information based on the volume activity occurring within this network; this recommendation, or any data associated with this recommendation, would not identify the posting habits of any individual User Contact or a User. For text message communication, the Services may suggest prepopulated quick replies to certain text messages. The Services algorithms make these suggestions based on gathered information from previous replies and conversations.
Industry Information
Hearsay collects information relating to the industry with which a User is associated: acquiring data sets about certain financial services industries, reviewing census results to identify purchasing habits of consumers, etc. The purpose of acquiring this information is to provide more information and insight for the User when using the Services.
We or our authorized service providers process the Services Information solely as a data processor, in order to:
We disclose Services Information under certain circumstances, as further described below.
The Services allow Users to send or receive communications from User Contacts through social media, email, text messaging and voice communications. If Users send communications through the Services, Hearsay will deliver those communications to third parties in order for the User Contact to share and receive those communications. We call these third party delivery networks “External Services.” Examples of External Services include Facebook, Twitter, LinkedIn and Instagram (for social media).
We may share Services Information with third-party service providers or consultants who need access to the data to perform their work on Hearsay’s behalf. These third party service providers are limited to only accessing or using this data to provide services to us and must provide reasonable assurances that they will appropriately safeguard any data provided by Hearsay. These include Amazon Web Services for website hosting, Sendgrid for email delivery and Twilio for text messaging.
Hearsay is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). Telecommunications activity performed by Hearsay is regulated and overseen by the Federal Communications Commission (FCC) and various state public utility commissions. We may disclose Services Information pertaining to a regulatory audit conducted by these entities as well as oversight organizations for the financial services industry, such as FINRA, SEC, or similar state and international regulators. When responding to a financial services regulatory audit, we will endeavor to first contact the Customer before disclosing any such information unless we are prohibited from doing so. The Customer is solely responsible for contacting any Users or User Contacts as part of the regulatory audit and disclosure of Services Information.
We may share data collected from you from the Services with our affiliates.
As we continue to grow, we may purchase websites, applications, subsidiaries, or other businesses or business units. Alternatively, we may sell businesses or business units, merge with other entities, obtain financing, and/or sell assets or stock, in some cases, as part of a reorganization or liquidation in bankruptcy. In order to evaluate and/or as part of these transactions, we may transfer your personal information to a successor entity upon a merger, consolidation, or other corporate reorganization in which Hearsay participates, to investors and/or to a purchaser or acquirer of all or a portion of Hearsay’s assets, bankruptcy included.
We share anonymized, aggregated, automatically-collected, or otherwise non-personal information with third parties for various purposes, including (i) compliance with reporting obligations; (ii) business or marketing purposes; (iii) assistance for us and other parties in understanding our Customers’ and Users’ interests, habits, and usage patterns for certain programs, content, services, advertisements, and/or functionality available through the Services. We do not share personal information about you in this case.
Hearsay may preserve or disclose your personal information in limited circumstances (other than as set forth in this Privacy Policy), including: (i) with your consent; (ii) when we have a good faith belief it is required by law, such as pursuant to a valid subpoena, warrant, or other judicial or administrative order (as further explained below); (iii) to protect the safety of any person; (iv) to protect the safety or security of the Hearsay Website and/or Services or to prevent spam, abuse, or other malicious activity of actors with respect to the Hearsay Website and/or Services; or (v) to protect our rights or property or the rights or property of those who use the Hearsay Website and/or Services.
If we are required to disclose personal information by law, such as pursuant to a subpoena, warrant, or other judicial or administrative order, we will use reasonable efforts to provide you with notice of this disclosure requirement, unless we are prohibited from doing so by statute, subpoena or court or administrative order. Our policy is to respond to requests that are properly issued by law enforcement within the United States or via mutual legal assistance mechanism (such as a treaty), and to object to requests that we do not believe were issued properly. However, if we receive information that provides us with a good faith belief that there is an exigent emergency involving the danger of death or serious physical injury to a person, we may provide information to law enforcement trying to prevent or mitigate the danger (if we have it), which will be determined on a case-by-case basis.
Certain Customers may purchase services from third parties that have a partnership relationship with Hearsay and are authorized to access the Services (“Value Added Partners”). In such cases, Hearsay will allow the Value Added Partner(s) to access the relevant Services account if the Customer has given the requisite permission. This access may include being able to read Services Information.
As ‘data controllers’ of Services Information, Customers are responsible for providing information to individuals in the EEA and/or the U.K., including the purposes of collection, legal bases, and your rights, as well as residents of certain states that provide consumer rights. If we receive a notification from a Customer regarding an individual wishing to exercise his/her exercising, we will assist said Customer with responding to and honoring such requests according to the Customer’s instructions.
When you visit the Hearsay Website or use the Services, we and our service providers acting on our behalf automatically collect certain data using tracking technologies like cookies, web beacons, and similar tracking technologies.
A cookie is a small amount of data, which often includes an anonymous unique identifier that is sent to your browser from a website’s computers and stored on your computer’s hard drive.
These technologies are used to help us better understand User behavior and facilitate and measure the effectiveness of our Hearsay Website and Services. We treat information collected by cookies and other technologies as non-personal information.
We use cookies to record current session information. We also use third party cookies (e.g. Google Analytics) to provide anonymized and aggregated information on website usage statistics and patterns.
All modern Internet browsers allow you to control your cookie settings. These settings are usually accessed in the ‘Options’ or ‘Preferences’ section of your browser. Please note that certain features of the website will not be available once cookies are disabled. For further information about cookies and how to manage them, please visit www.allaboutcookies.org.
Hearsay uses web beacons with cookies or separately to compile information about your engagement with us. Web beacons are clear electronic images that can recognize certain types of information on your computer, such as cookies, when you view a particular website tied to the web beacon, and a description of a website tied to the web beacon.
Here is a basic description and overview of the type of cookies Hearsay may use:
Hearsay Social, Inc. (“Hearsay”), is a web and mobile-based software platform that allows financial services and insurance companies (“Customers”) and their employees and/or designated agents with access to the Services (“Users”) to utilize electronic communications channels (such as social media, websites, email, mobile voice and text message) to communicate with clients and prospects (“SaaS Services”).
This Privacy Policy applies to Hearsay’s Website and Hearsay’s SaaS Services; collectively “Services.” This Privacy Policy contains details about how we collect, use, disclose, process, share and secure personal information that we obtain from and about you when you interact with our Services. Our collection and processing of information that alone or in conjunction with other information may reasonably identify you (“Personal Information”) may be either for our own purposes, or on behalf of other entities to whom we provide services.
If you have any questions regarding the collection and processing of Personal Information performed by us on behalf of another entity please consult that entity’s privacy policy. If, after reviewing this Privacy Policy, you have any questions or privacy concerns, please send us an email to privacy@hearsaycorp.com (see the How to Contact Us about Privacy section). We are committed to protecting the privacy of those with whom we interact.
For purposes of this Privacy Policy, the words “our,” “us,” “we,” and “Hearsay” refer to Hearsay Social, Inc., and our affiliates (which includes any person or entity that controls us, is controlled by us, or is under common control with us, such as our subsidiary, parent company, or our employees).
For the purpose of this Notice, Personal Information shall by interchangeable with Personal Data, and each shall have the meaning assigned to it by applicable laws, including, but not limited to, information that directly or indirectly, on its own or in conjunction with other information, identifies an individual. Please read this Notice carefully.
NEVADA, CALIFORNIA, COLORADO, CONNECTICUT, OR VIRGINIA RESIDENTS OR RESIDENTS OF ANOTHER STATE THAT OFFER CERTAIN PRIVACY RIGHTS: If you are a resident of Nevada, California, Colorado, Connecticut, or Virginia or resident of another state that offers certain privacy rights, this entire Privacy Policy applies to you. However, please see Additional Information for Certain States below, which will inform you in detail about our information collection practices and your specific rights.
INDIVIDUALS LOCATED IN THE EEA OR THE U.K.: If you are located in the European Economic Area (“EEA”) or the United Kingdom (“U.K.”), this entire Privacy Policy applies to you. However, please see Additional Information for Individuals in the EEA below, which will inform you in detail about our legal bases for processing and which rights you have in connection with our processing of your personal data.
We collect information in several contexts as described below. This policy also does not apply to information we collect in connection with providing services to our business clients, where we act as a service provider and process Personal Information in accordance with their instructions (see “Hearsay Processor and Service Provider Data”). Such information is subject to the Privacy Policies of the other financial institutions.
This Policy applies only to Hearsay operated services and applications, including our online services, mobile-based application, and Website. Our Services may contain links to other websites that are not operated or controlled by Hearsay. Hearsay does not control such third-party websites or their privacy practices. Any personal information you choose to give to third-party websites is not covered by this Notice.
Hearsay may update this Privacy Policy from time to time, in its sole discretion. If we do so, we will post an updated Privacy Policy on the Hearsay Website and provide prompt written notice of such updates, as applicable. Changes, modifications, additions, or deletions will be effective when posted unless stated otherwise. If we make material or significant changes, we may also send our Customers a notice that we have changed this Privacy Policy. Your continued use of the Hearsay Website and Services, and/or your continued provision of personal information to us after the posting of such notice, will be deemed an acceptance of any changes and subject to the terms of the then-current Privacy Policy. If any of the changes are unacceptable to you, you should cease interacting with us. When required under applicable law, we will seek affirmative consent from you before making material changes to the way we handle Personal Information previously collected from you. If you do not provide such consent, Personal Information will continue to be used in a manner that is consistent with the version of this Notice under which it was collected.
We are located in the United States, and the personal information that we collect is stored on servers located in the United States. This means that your Personal Information will be collected, processed, and stored in the United States, which may have data protection laws that are different from (and sometimes less protective than) the laws of your country or region, such as the General Data Protection Regulation 2016/679 (“GDPR”) in the European Union.
By sending us Personal Information, you agree and consent to the processing of your personal information in the United States, which may not offer an equivalent level of protection to that required in other countries (particularly the European Economic Area).
We have implemented safeguards designed to ensure that the Personal Information we process remains protected in accordance with this Privacy Policy, including when processed internationally or by our third-party service providers and partners. The safeguards we may take at our discretion include, for instance, entering into specific agreements in connection with any onward transfers of personal information. We may implement other mechanisms and take similar appropriate safeguards with our third party service providers and partners. Further details can be provided upon request.
Hearsay acts as a ‘data controller’ when it collects Personal Information on its own behalf and for its own Business Purposes, such as through our publicly-accessible Website, and as a ‘data processor’ when it collects and processes personal information on behalf of its Customers in order to provide the SaaS Services. As such, this Privacy Policy is separated into two main sections that address our different roles:
Please note that how you exercise certain rights will depend on whether Hearsay is processing your Personal Information as a ‘data controller’ or as a ‘data processor’, and is further explained throughout this Privacy Policy:
If you are a visitor of the Hearsay Website or a Customer and have any questions about this Privacy Policy or requests for access to or deletion or rectification of personal information that Hearsay collects and processes contact us at privacy@hearsaycorp.com or by mail at:
Attn: Legal Department
Hearsay Social, Inc. d/b/a Hearsay Systems
2261 Market Street, Ste. 5397
San Francisco, CA 94114
United States of America
Individuals in the EEA or the U.K. may contact Hearsay at:
Attn: Legal Department
Hearsay Social, Inc. d/b/a Hearsay Systems
Koztelek utca 6, 1147 Budapest
privacy@hearsaycorp.com
Below is a description of the personal information that we gather from you as a visitor to Hearsay Website, which includes https://hearsaysystems.com and other websites where this Privacy Policy is posted. Information about personal information collected through the account portal and the Saas Services can be found in the Hearsay Processor and SaaS Service Provider Data section below.
In this section, “you” refers to an individual visiting the Hearsay Website.
When you visit the Hearsay Website, we collect information directly from you when you provide it to us, such as when you request a demo, and indirectly, such as through the use of cookies and similar technology.
Data Protection Law (as defined below) recognizes that Sensitive Personal Information (or “sensitive personal data” as used interchangeably) requires additional protection. In particular, the GDPR prohibits the processing of sensitive personal data, other than in certain exceptional circumstances. Sensitive personal data in the EEA includes information relating to one’s race or ethnicity, political opinions, religious or philosophical beliefs, membership of a trade union, as well as biometric data and data relating to one’s health or sexual orientation (“Sensitive Personal Information”. Certain US state privacy laws (i.e., “Data Protection Law”) also have different definitions of Sensitive Personal Information, which may also include precise geolocation, citizenship or immigration status, and Personal Information from a known child.
Visiting the Hearsay Website
Some pages of the Hearsay Website allow you to fill out a web form and share your personal information with us directly, such as on our “Contact Us” page and on our “Submit a request” page. Information we collect consists of:
Occasionally, we may also offer opportunities for you to share your data with us such as through a survey, to sign up for a newsletter, or to register for or receive details about an event we are sponsoring. If you participate in those surveys, sign up for a newsletter, or register for an event, we will collect the information you provide to us at that time. You will be able to unsubscribe from receiving those types of communication at any time.
In addition, if you send us an email or otherwise contact us, we will collect the personal information that you provide to us at that time.
When you visit the Hearsay Website, we, or authorized third parties, collect information, including Device and Usage Information described below, by automated means using cookies, web beacons, server logs or other tracking technologies for analytic purposes. For more information on our use of these technologies and the data that they collect, please see our Cookie Statement. We may also collect information from third parties, as explained below.
Device and Usage Information
When you visit, use or interact with the Hearsay Website, even if you do not have an account, we, or authorized third parties (such as service providers or External Ad Partners (as defined in the Targeted Advertising section below), may collect information about your use of the Hearsay Website via your device. Device and Usage Information that we, or these authorized third parties, collect consists of:
Information from Third Parties
In some instances, we process personal information from third parties, such as data from our External Ad Partners (see the Targeted Advertising section below). These third parties may also use tracking technologies to serve you advertisements tailored to interests you have shown by browsing on this Website and other sites, applications, destinations, and services you have visited, and for other lawful Business Purposes (as defined below).
To provide you with more relevant and interesting experiences, we may work with third party companies to display ads or customize the content on this Website and on other digital properties and websites. These companies may use cookies and similar tracking technologies as described in this Notice to gather information about your visits to our Website, as well as your visits elsewhere on the Internet. These companies use this information to provide you with more relevant advertising known as interest-based advertising.
We, or our authorized partners, collect and process personal information in order to:
Additionally, we may disclose information about users (i) if it is required to do so by law or legal process; (ii) as may be required to law enforcement authorities or other government officials, (iii) when Hearsay believes disclosure is necessary or appropriate to prevent physical harm, financial loss or in connection with an investigation of suspected or actual illegal activity, or (iv) to respond to claims by third parties.
For California residents, please see the Additional Information for Certain States Section below for more information on specific purposes of collection for each category of Personal Information collected in the past 12 months as a “Business” under the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act of 2020. For Colorado, Connecticut, and Virginia residents, please also see the Additional Information for Certain States.
For individuals located in the EEA or the U.K., please see the Additional Information for Individuals in the EEA and the U.K. Section below for more information, including our legal bases for processing.
We disclose your Personal Information under certain circumstances, such as to our service providers or in the event of a business transfer, as further described below.
Hearsay may share Personal Information and/or Sensitive Personal Information with our third party agents, contractors, or service providers who are hired to perform services on Hearsay’s behalf or in order to assist with certain Business Purposes and/or Commercial Purposes. These providers may operate or support certain functions of the Hearsay Website and Services. Below is a list of categories of service providers that we may use to perform these functions (which are subject to change):
Service providers process your Personal Information and/or Sensitive Personal Information for the specific purpose of providing their services to us (and in accordance with our instructions).
As explained here, we also work with and disclose Personal Information to External Ad Partners who assist us with advertising and marketing our Services.
In some cases, service providers and External Ad Partners collect your Personal Information and/or Sensitive Personal Information directly from you, such as via cookies.
We may share data collected from you from the Hearsay Website with our affiliate entities.
As we continue to grow, we may purchase websites, applications, subsidiaries, or other businesses or business units. Alternatively, we may sell businesses or business units, merge with other entities, obtain financing, and/or sell assets or stock, in some cases, as part of a reorganization or liquidation in bankruptcy. In order to evaluate and/or as part of these transactions, we may transfer your personal information to a successor entity upon a merger, consolidation, or other corporate reorganization in which Hearsay participates, to investors and/or to a purchaser or acquirer of all or a portion of Hearsay’s assets, including bankruptcy.
We share anonymized, aggregated, automatically-collected, or otherwise non-Personal Information with third parties for various purposes, including (i) compliance with reporting obligations; (ii) Business Purposes, Commercial Purposes, and/or marketing purposes; (iii) assistance for us and other parties in understanding our users’ interests, habits, and usage patterns for certain programs, content, services, advertisements, and/or functionality available through the Services. We do not share Personal Information about you in this case.
Hearsay may preserve or disclose your Personal Information in limited circumstances (other than as set forth in this Privacy Policy), including: (i) with your consent; (ii) when we have a good faith belief it is required by law, such as pursuant to a valid subpoena, warrant, or other judicial or administrative order (as further explained below); (iii) to protect the safety of any person; (iv) to protect the safety or security of the Hearsay Website and/or Services or to prevent spam, abuse, or other malicious activity of actors with respect to the Hearsay Website and/or Services; or (v) to protect our rights or property or the rights or property of those who use the Hearsay Website and/or Services.
If we are required to disclose Personal Information by law, such as pursuant to a subpoena, warrant, or other judicial or administrative order, we will use reasonable efforts to provide you with notice of this disclosure requirement, unless we are prohibited from doing so by statute, subpoena or court or administrative order. Our policy is to respond to requests that are properly issued by law enforcement within the United States or via mutual legal assistance mechanism (such as a treaty), and to object to requests that we do not believe were issued properly. However, if we receive information that provides us with a good faith belief that there is an exigent emergency involving the danger of death or serious physical injury to a person, we may provide information to law enforcement trying to prevent or mitigate the danger (if we have it), which will be determined on a case-by-case basis.
Our Website is intended for individuals 18 years of age and older. It is not directed at, marketed to, nor intended for, children under 18 years of age. We do not knowingly collect any Personal Information directly from children under the age of 18. If we discover we have inadvertently received any Personal Information from a child under the age of 18 in violation of this Policy, we will take reasonable steps to delete that information as quickly as possible. If you believe that we have any Personal Information from or about anyone under the age of 18, please contact us at privacy@hearsaycorp.com.
The Hearsay Website uses third-party analytics tools that drop cookies and/or similar technologies to collect and store information about your device and use of the Hearsay Website. We use analytics tools to calculate visitor, session and campaign data for the Hearsay Website analytics reports.
One of our tools is Google Analytics. We use Google Analytics to generate and process statistical or demographic data. Third parties, like Google, use cookies to compile reports on the website’s activity and website visitors, and provide other services related to website activity and usage. The technologies used by Google may collect information such as your IP address, time of visit, whether you are a return visitor, and any referring website. You can read more about Google’s practices in Google’s privacy policy. You can opt-out from being tracked by Google Analytics in a particular browser on a particular device by downloading and installing the Google Analytics Opt-out Browser Add-on for that browser. To learn more about how to opt-out of tracking by Google Analytics, please click here.
Another tool is the LinkedIn Insight Tag. You can read more about LinkedIn’s practices in LinkedIn’s privacy policy. LinkedIn only provides reports and alerts (which do not identify LinkedIn members) about the Hearsay website audience and ad performance (LinkedIn does not share the personal data of its members with Hearsay). LinkedIn members can control the use of their personal data for advertising purposes through their account settings.
We market our company and Services in a variety of ways. Below is a description of what data we gather from you, and how we use it for purposes of these marketing activities. We gather information from or about you in the following different roles:
Occasionally, we may also offer opportunities for you to share your data with us such as through a survey, to sign up for a newsletter, or to register for or receive details about an event we are sponsoring. If you participate in those surveys, sign up for a newsletter, or register for an event, we will collect the information you provide to us at that time. You will be able to unsubscribe from receiving those types of communication at any time.
In some cases, you provide Personal Information directly to Hearsay as part of a marketing event that Hearsay hosts or co-hosts, through email or when you participate in an online webinar. Occasionally, and only with your consent, we may send you future communications. We may also acquire personal information about you through a third party. In particular, Hearsay engages third parties who provide us with contact information for Leads. When acquiring information from third parties, Hearsay endeavors to obtain contractual commitments from the third parties that the information was acquired lawfully and with the appropriate level of consent.
Our communications to you for marketing purposes will contain instructions on how you can opt-out from receiving future communications, and if you consent to our use of your personal information for marketing purposes, you may always withdraw your consent. You may also contact Hearsay directly about its marketing activities at privacy@hearsaycorp.com.
Hearsay engages third-party advertising networks (“External Ad Partners”) to display advertising about our Services when you visit other websites within that advertising network. Like many other companies, we rely on retargeting, also known as remarketing, which is a type of marketing strategy that helps businesses “remind” visitors of their products and services after they leave their websites. For instance, through the use of cookies (and similar technologies) placed by External Ad Partners, online identifiers (considered personal information) are collected and then used to identify visitors to the Hearsay Website on other websites or social media platforms. With this information our External Ad Partners may serve relevant ads on consumers who previously visited the Hearsay Website.
Individuals in the EEA, the U.K., or certain U.S. state residents (i.e., Consumers, as defined below) have additional rights, as explained here and here.
Hearsay maintains an online presence on social media platforms (“Social Media Platforms”) such as Instagram, Twitter, Facebook and Linkedin, to provide information about our Services and communicate with users and/or visitors to those pages or accounts. When you interact or post to our account, we process your Personal Information. In some cases, the Social Media Platforms are service providers or processors. In other cases, such as with Facebook, we are jointly responsible for the processing, as explained in the section titled Hearsay as a ‘Joint Controller’ with Facebook.
We use reasonably appropriate security measures designed to protect the security of Personal Information and Sensitive Personal Information both online and offline. These measures vary based on the sensitivity of the information that we collect, process and store and the current state of technology. Please note, though, that no website or internet transmission is completely secure, so while we strive to protect your data, we cannot guarantee that unauthorized access, hacking, data loss or a data breach will never occur.
Certain internet web browsers allow a “do not track” (“DNT”) setting that relies on a technology known as a DNT header, which sends a signal to websites visited by the individual about the individual’s browser DNT setting. At this time, we do respond to DNT signals. For more information on DNT settings generally, please visit https://allaboutdnt.com.
How you make choices about cookies and other tracking technologies depends on the type of cookie or tracking technology being used. For details on how to manage your preferences for cookies and tracking technologies within your web browser, please see our Cookie Statement.
If you are receiving promotional emails from us, you can choose to stop receiving those by following the unsubscribe/opt-out instructions in those emails. You can also opt-out by contacting customer support at support@hearsaycorp.com.
To request access to, or to make changes to, data that we have collected from you via the Hearsay Website, please email us at privacy@hearsaycorp.com. Individuals in the EEA, the U.K., or certain U.S. state residents (i.e., Consumers, as defined below) have additional rights, as explained here and here.
The categories of recipients of personal data with whom we may share your personal data are listed in Disclosure of Your Personal Information above.
Hearsay as ‘Data Controller’
As a ‘data controller’, Hearsay processes your Personal Information for a number of different purposes. Some are essential for us to provide the Services or to fulfill our legal obligations, some help us run the Services efficiently and effectively, and some enable us to provide you with more relevant and personalized offers and information. In all cases, with respect to individuals in the EEA or the U.K., we must have a reason and a legal ground for processing your personal information. The most common legal grounds on which we rely are briefly explained below:
The following breakdown illustrates in more detail our processing activities and how the above legal bases for processing apply (in brackets):
We use Facebook’s products and services (“Facebook Products”) in different ways:
With respect to our use of Facebook Products, we are jointly responsible with Facebook Ireland for the processing activities (“Joint Processing”):
Facebook Ireland Ltd.,
4 Grand Canal Square, Grand Canal Harbor
Dublin 2, Ireland
Information about the personal data that is collected from you by Facebook, as well as how and why it is processed by Facebook, can be found at https://www.facebook.com/about/privacy.
Hearsay and Facebook have entered into an agreement in order to determine the respective responsibilities for compliance with our obligations in connection with the Joint Processing within the meaning of the GDPR. This joint controller agreement, which sets out the reciprocal obligations, is available here.
Hearsay’s legal basis for processing your personal data via Facebook Products is our legitimate interest in increasing and analyzing the communication, sales, and promotion of Services. Our legal basis may also be your consent, which may be revoked at any time.
Some processing by Facebook Ireland Ltd. might take place in the United States by Facebook Inc.
We use the following criteria to determine our retention periods: the amount, nature and sensitivity of your information, the reasons for which we collect and process your personal data, the length of time we have an ongoing relationship with you and provide you with access to our Services, and applicable legal requirements. We will retain personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to comply with applicable legal, tax, or accounting requirements), when we are unable to reasonably verify your identity, or as may otherwise be required under GDPR. Additionally, we cannot delete information when it is needed for the establishment, exercise, or defense of a legal claim (also known as a “litigation hold”). In this case, the information must be retained as long as needed for exercising respective potential legal claims.
When we no longer have a legitimate business need to process your personal information, it is deleted and/or anonymized. If you have questions about, or need further information concerning, our data retention periods, please email privacy@hearsaycorp.com.
If the GDPR or the U.K., applies to you because you are in the EEA or the U.K., you have certain rights in relation to your personal data:
These rights are subject to certain rules around when you can exercise them. If you are located in the EEA or the U.K. and wish to exercise any of the rights set out above, please contact us (see How to Contact Us about Privacy).
We will respond to all legitimate requests within one month. Occasionally, it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated as required by law.
Finally, you have the right to make a complaint at any time to the supervisory authority for data protection issues in your country of residence. We would, however, appreciate the chance to address your concerns before you approach the supervisory authority, so please contact us directly first at privacy@hearsaycorp.com.
This privacy notice for Nevada, California, Colorado, Connecticut, and Virginia residents, and residents of other states with applicable privacy laws (“State Privacy Notice”) supplements the information contained in the Privacy Policy and applies solely to individuals who reside in the applicable state (“Consumers”). We have created this State Privacy Notice in order to comply with the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act (collectively, “CCPA”), the Colorado Privacy Act (“CPA”), the Connecticut Data Privacy Act (“CTDPA”), the Virginia Consumer Data Protection Act (“VCDPA”), and other applicable privacy laws (collectively, “Data Protection Law”).
This CCPA Notice applies to Personal Information that Hearsay collects for its own purposes. It does not apply to:
We collect Personal Information as that term is defined in CCPA. Within the last twelve (12) months, Hearsay has collected the following categories of Personal Information from or about Consumers:
Personal information does not include:
As explained in more detail here, Hearsay obtains the categories of personal information listed above from the following categories of sources:
We collect and process your Personal Information and/or Sensitive Personal Information whenever you use our Website and/or Services.
Under the CCPA, we must disclose the purposes for which we collect your information. Our purposes include Business Purpose and Commercial Purposes, as generally described below.
In the section Why We Collect Your Personal Information and How We Use It, we explain the purposes for which we process this information, pursuant to Data Protection Law(s), along with the relevant categories of data we use and the legal basis we rely on to do so or other permitted reasons for processing (e.g. Business Purposes or Commercial Purposes under the CCPA). For clarity, the terms Business Purpose and Commercial Purpose, are being used to sufficiently describe the purpose of processing, transferring, sharing, sale, and/or sharing, as applicable, of all your Personal Information and/or Sensitive Personal Information under all Data Protection Law(s). As previously mentioned, Hearsay transfers and/or discloses your geolocation data and the contents of your social and text messages, which is Sensitive Personal Information, in order to provide the Service as well as for compliance reasons.
Hearsay may disclose your Personal Information to service providers, contractors, and/or third parties (as defined by CCPA) (or processor or third party, as defined by applicable Data Protection Law(s)) for a Business Purpose and/or Commercial Purpose. When we disclose Personal Information for a Business Purpose and/or Commercial Purpose, we enter into a contract that describes the purpose and requires the recipient to both keep that Personal Information confidential and not use it for any purpose except performing the services for us. As explained in more detail here, we also share your Personal Information with certain categories of service providers, contractors, and/or third parties who assist us in providing the Hearsay Website and Services and with our business.
We disclose your Personal Information and/or Sensitive Personal Information for a Business Purpose and/or Commercial Purpose to the following categories of Service Providers:
The following chart describes the categories of Personal Information and Sensitive Personal Information that we disclosed to service providers, contractors, and/or third parties for a Business Purpose and/or Commercial Purpose in the 12 months prior to the date of this Privacy Policy. As noted below in the chart, Hearsay transfers and/or discloses your geolocation data and the contents of your social and text messages, which is Sensitive Personal Information, in order to provide the Service as well as for compliance reasons.
The CCPA defines ‘sale’ and ‘share’ very broadly. ’Sale’ includes the sharing of Personal Information with third parties in exchange for anything of value, while ‘share’ means disclosure of Personal Information to third parties for cross contextual behavioral advertising. According to these broad definitions, in the 12 months before this section was last updated, we may have sold or shared the following categories of Personal Information to third parties:
The CCPA provides Consumers with specific rights regarding their Personal Information, provided that we are able to verify their identities as explained below. This section describes your CCPA rights and explains how to exercise them.
Opting-out of Sales or Sharing of Your Personal Information
You have the right to opt-out of our sharing or selling of your Personal Information with some External Ad Partners in certain circumstances. If you would like to opt-out of the sale of Personal Information, please click here.You can also opt-out of the sale or sharing of your Personal Information that is collected automatically when you visit the Website by clicking here.
Hearsay does not sell or share Personal Information collected on the Hearsay mobile-based software platform.
Access to Specific Information
You have the right to request that Hearsay disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive your request and verify your identity, as explained in Exercising Your Consumer Rights, we will disclose such information to you.
Right to Data Portability
You have the right to receive the Personal Information that you have provided to Hearsay, in a structured, commonly used and machine-readable format, and you have the right to transmit that information to another controller, including to have it transmitted directly, where technically feasible.
Right to Correction
You have the right to have your Personal Information corrected.
Deletion Request Rights
You have the right to request that Hearsay delete your personal information, subject to certain exceptions listed in the CCPA. Once we receive your request and verify your identity, as explained in Exercising Your Consumer Rights, we will delete (and direct our service providers, contractors, third parties, and/or processors, as applicable, to delete) your Personal Information from our records, unless an exception applies.
Your Right to Limit the Use Sensitive Personal Information We Have Collected About You
You have the right to limit our use of your Sensitive Personal Information if we use it for purposes other than providing the Services to you. We currently do not use your Sensitive Personal Information for purposes other than providing the Service/ for the Business Purposes above.
Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable Consumer request related to your personal information.
An authorized agent is a natural person or a business entity registered with the Secretary of State that a Consumer has authorized to act on his or her behalf. When a Consumer uses an authorized agent to submit a request to know or a request to delete, Hearsay may require that the Consumer provide the authorized agent written permission to do so and verify his or her own identity directly with Hearsay, unless the Consumer has provided the authorized agent with a valid power of attorney. Hearsay may deny a request from an agent that does not submit proof that he or she has been authorized by the Consumer to act on his or her behalf.
To exercise the rights described above, please submit a verifiable Consumer request to us by either calling us at 1-888-399-2280 or mailing privacy@hearsaycorp.com.
You may only make a verifiable Consumer request for access or data portability twice within a 12-month period. In particular, you can request the following:
1. Specific Pieces of Information
2. Categories of Information
The verifiable Consumer request must:
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. We will notify you to explain the basis of the denial.
If we have a good-faith, reasonable belief that a request to opt-out of the sale or sharing of Personal Information is fraudulent, we may deny the request. Should this occur, we will inform you and explain why we believe the request is fraudulent.
Making a verifiable Consumer request does not require you to create an account with us. Please note that the methods for verification are set forth in the CCPA, which also requires us to consider a number of factors, such as the type, sensitivity, and value of the personal information or the risk of harm posed by unauthorized access or deletion, on a case-by-case basis.
We will only use personal information provided in a verifiable Consumer request to verify the requestor’s identity or authority to make the request.
Upon your request, we will delete the Personal Information we have collected about you, except for situations where the CCPA authorizes us to retain specific information, including when it is necessary for us to provide you with a good or service that you requested; perform a contract we entered into with you; maintain the functionality or security of our systems; or comply with or exercise rights provided by the law. The law also permits us to retain specific information for our exclusively internal use, but only in ways that are compatible with the context in which you provided the information to us or that are reasonably aligned with your expectations based on your relationship with us. We will act on your deletion request within the timeframes set forth below.
Response Timing
We endeavor to respond to a verifiable Consumer request generally within 45 days of its receipt, or as otherwise required by the CCPA, although we may take longer to process your request under certain circumstances. If we expect your request is going to take us longer than normal to fulfill, we will let you know.
Any disclosures we provide will only cover the 12-month period preceding our receipt of the verifiable Consumer’s request. If applicable, in our response, we will also explain the reasons we cannot comply with a request. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We usually act on requests and provide information free of charge, but we may charge a reasonable fee to cover our administrative costs of providing the information in certain situations. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request. In some cases, the law may allow us to refuse to act on certain requests. When this is the case, we will endeavor to provide you with an explanation as to why.
We will not discriminate against you in a manner prohibited by the CCPA because you exercise your CCPA rights. Please note that to use our Services, we do require the collection of your personal information – for example, to sign you up. While you may request to delete your personal information under CCPA, such deletions may affect our ability to offer the Services.
California Civil Code Section 1798.83, also known as the “Shine the Light” law, permits California residents to annually request, free of charge, information about certain categories of Personal Information a business has disclosed to third parties for direct marketing purposes in the preceding calendar year. California residents may make such request to us at privacy@hearsaycorp.com. We will provide a list of the categories of personal information disclosed to such third parties for their direct marketing purposes during the immediately preceding calendar year, along with the names and addresses or these third parties. This request may be made no more than once per calendar year. We reserve our right not to respond to requests submitted other than to the email specified in this section.
We do not sell your Personal Information within the scope of, and according to the defined meaning of, a “sale” under NRS 603A.
Under Virginia’s Consumer Data Protection Act (“VCDPA”), solely as to Personal Information of users acting in an individual or household context, Virginia residents have certain rights around Hearsay’s collection, use, and sharing of their personal data. Hearsay may sell your personal data and has provided you with notice and an opportunity to opt-out of such sale as required by law. Similarly, Hearsay may engage in profiling in furtherance of decisions that produce legal or similarly significant effects. Hearsay may engage in “targeted advertising” as that term is defined in the VCDPA. You have the right to opt-out of targeted advertising here. Hearsay collects various categories of personal data when you use the Services, including identifiers, commercial information, internet or other electronic network or device activity information, geolocation data, and professional information . A more detailed description of the information Hearsay collects and how we use it is provided above in the sections Information We Collect Directly From You, Information We Collect Indirectly From You, Use of Your Personal Information, How We Process Your Information and Our Legal Bases for Doing So, and Disclosure of Personal Information. Disclosure of Personal Information describes the categories of third parties with whom we share personal data, and what information may be shared under different circumstances. If you are a resident of Virginia, you will have the right to (1) request to know what personal data has been collected about you, and to access that information; (2) request to correct inaccuracies in your personal data; (3) request deletion of your personal data, though exceptions under the CDPA and other laws may allow Hearsay to retain and use certain personal data notwithstanding your deletion request; (4) obtain a copy of your personal data (i.e., right of data portability); and (5) the right to opt out personal data processing for the purpose of (i) targeted advertising; (ii) the sale of personal data; or (iii) profiling in further of decisions that produce legal or similarly significant effects concerning the consumer. You can learn more about how to submit a data rights request, or appeal denial of a request, as applicable, at the Exercising Your Consumer Rights section above. You may also send your request by email to privacy@hearsaycorp.com.
Under Colorado’s Consumer Privacy Act (“CPA”), solely as to Personal Information of users when acting in an individual or household context, Colorado residents have certain rights around Hearsay’s collection, use, and sharing of their personal data. Hearsay may sell your personal data and has provided you with notice and an opportunity to opt-out of such sale as required by law. Similarly, Hearsay may engage in profiling in furtherance of decisions that produce legal or similarly significant effects. Hearsay may engage in “targeted advertising” as that term is defined in the CPA. You will have the right to opt-out of targeted advertising here. Hearsay collects various categories of personal data when you use the Services, including identifiers, commercial information, internet or other electronic network or device activity information, geolocation data, and professional information. A more detailed description of the information Hearsay collects and how we use it is provided above in the sections Information We Collect Directly From You, Information We Collect Indirectly From You, Use of Your Personal Information, How We Process Your Information and Our Legal Bases for Doing So, and Disclosure of Personal Information. Disclosure of Personal Information describes the categories of third parties with whom we share personal data, and what information may be shared under different circumstances. If you are a resident of Colorado, you will have the right to (1) request to know what personal data has been collected about you, and to access that information; (2) request to correct inaccuracies in your personal data; (3) request deletion of your personal data, though exceptions under the CPA and other laws may allow Hearsay to retain and use certain personal data notwithstanding your deletion request; (4) obtain a copy of your personal data (i.e., right of data portability); and (5) the right to opt out personal data processing for the purpose of (i) targeted advertising; (ii) the sale of personal data; or (iii) profiling in further of decisions that produce legal or similarly significant effects concerning the consumer. You can learn more about how to submit a data rights request, or appeal denial of a request, as applicable, at the Exercising Your Consumer Rights section above. You may also send your request by email to privacy@hearsaycorp.com.
Under Connecticut’s Data Privacy Act (“CTDPA”), solely as to Personal Information of users when acting in an individual or household context, Connecticut residents have certain rights around Hearsay’s collection, use, and sharing of their personal data. Hearsay may sell your personal data and has provided you with notice and an opportunity to opt-out of such sale as required by law. Similarly, Hearsay may engage in profiling in furtherance of decisions that produce legal or similarly significant effects. Hearsay may engage in “targeted advertising” as that term is defined in the CTDPA. You will have the right to opt-out of targeted advertising here. Hearsay collects various categories of personal data when you use the Services, including identifiers, commercial information, internet or other electronic network or device activity information, geolocation data, and professional information. A more detailed description of the information Hearsay collects and how we use it is provided above in the sections Information We Collect Directly From You, Information We Collect Indirectly From You, Use of Your Personal Information, How We Process Your Information and Our Legal Bases for Doing So, and Disclosure of Personal Information. Disclosure of Personal Information describes the categories of third parties with whom we share personal data, and what information may be shared under different circumstances. If you are a resident of Connecticut, you will have the right to (1) request to know what personal data has been collected about you, and to access that information; (2) request to correct inaccuracies in your personal data; (3) request deletion of your personal data, though exceptions under the CTDPA and other laws may allow Hearsay to retain and use certain personal data notwithstanding your deletion request; (4) obtain a copy of your personal data (i.e., right of data portability); and (5) the right to opt out personal data processing for the purpose of (i) targeted advertising; (ii) the sale of personal data; or (iii) profiling in further of decisions that produce legal or similarly significant effects concerning the consumer. You can learn more about how to submit a data rights request, or appeal denial of a request, as applicable, at the Exercising Your Consumer Rights section above. You may also send your request by email to privacy@hearsaycorp.com.
If you have any questions regarding this State Notice, please contact us directly.
As explained above, we process personal information from individuals described below on behalf of our Customers in order to provide our Services, in accordance with their Instructions. When we process personal information on behalf of our Customers, we are a ‘data processor’ or service provider. This includes certain information that we collect through our account portal (https://my.hearsaysocial.com/) when Users log into their accounts with Hearsay, as well as other information that is collected through the various products offered by Hearsay as part of the Services.
Hearsay’s Customers are controllers of the Personal Information because they decide how or why your Personal Information is processed. When our Customers process Personal Information through our Services, they are responsible for ensuring that they do so in compliance with the law, including providing their customers and users with their own privacy policies.
Hearsay’s processing activity as a service provider and processor is governed by the contracts we have with our Customers. Under the terms of those agreements, we will direct any data subject request you make to Hearsay for Personal Information that we process as a processor under this section to our Customers.
For purposes of this Section, “You” may refer to a variety of people, including:
If there are special terms and considerations, we will address the individual group by the capitalized term (Customer, User or User Contacts). Where terms apply to all groups, we will address the group as “you.”
We process information (1) received directly from Customers and Users, other than personal information collected on signing up as a User of the Services, (2) from or about User Contacts through the use of the Services by Customers and Users, and (3) obtained indirectly, such as through the use of cookies or CRM integrations.
The information that we process as part of the Services is described below in further detail. Collectively, all information processed by Hearsay in order to provide the Services is referred to “Services Information” for purposes of this Privacy Policy.
Through the Services, Customers and Users can populate their accounts with information submitted by a Customer or a User to Hearsay, or uploaded by Customer or a User to the Services, which is meant to be used and shared through the Services. Examples of such content include articles, logos and other assets uploaded by a Customer or User to personalize a web page. In uploading or submitting this information, Customers and Users must not include any personally identifiable information contained within the uploaded materials.
Hearsay may also contact Customers and Users to provide feedback on the Services by email or other means in order to better understand how Customers and Users use the Services. Some of the questions might include requests with a voluntary answer to provide certain additional personal identifiable information, such as name, age and geographic location. Information gathered by Hearsay will be used solely in connection with or to improve or expand the Services; however, this may include using this information within third-party services that are associated with the Services. Please see our cookies section to better understand how we use performance cookies to improve the Services.
As part of our Services, Hearsay allows Users to connect certain digital assets such as social media accounts (including private messaging in some cases), email addresses and telephone numbers to the Services in order to communicate with User Contacts. Customers may also have their own websites hosted by Hearsay (“Customer Sites”). As a result, Hearsay processes personal information from or about User Contacts that is collected via the Customer Sites, User social media accounts and/or other connections to the Services, depending on the level of permission. For instance, when using social media networks, if Hearsay is allowed to collect social media activity about the User Contact, Hearsay will collect such information and present a summary of this information to the User. With respect to text message correspondence, Hearsay may collect, store and retain the telephone number of the User Contact, call history with the User Contact, and any contents of a text message that a User Contact made in text message communications with the User.
Hearsay collects and/or processes Sensitive Personal Information, including precise geolocation and content of social and text messages. As explained below, the contents of social and text messages may contain additional Sensitive Personal Information that is shared by the Customer and/or User.
Any information that a User or a User Contact submits to the Services will be captured and retained by Hearsay as part of the Services.
If you are a User Contact, you may have been directed to review this Privacy Policy by one of our Customers in lieu of their own Privacy Policy. In this case, any information about you as a User Contact that Hearsay collects will be processed and maintained in accordance with this policy. However, to understand how the Customer uses the information or to exercise any rights, please contact the Customer directly.
CRM Integrations
Certain Customers integrate their customer relationship management (CRM) systems with the Services. When this happens, Hearsay receives any information about Users and User Contacts that a Customer has collected and wishes to share with Hearsay. Hearsay will use this information within the Service to enable certain functionality (e.g., populating email contacts from a CRM so that a User may utilize email functionality), or use insights in order to recommend certain actions (e.g., based on a combination of activity documented in CRM and the Services with a User Contact, a User might receive a recommendation to make a future communication with the same User Contact).
Publicly Available Information about Users and User Contacts
In order to better understand Users and provide a better experience, Hearsay creates various “profiles” within the Services, in order to provide more targeted content and suggest action items for a User to take within the Services. “Profiles” are not composites of personal information nor based on actual individuals, but are common characteristics identified by Hearsay to describe certain behaviors or preferences. In order to make recommendations or suggest content, Hearsay endeavors to find out more about its Users and User Contacts. In some instances, when building these “profiles,” Hearsay may retain third parties to collect publicly available information about Users. This information may include your industry, the size of your office, and your online directory listing, to help Hearsay understand more about our customer base and to tailor information we send you about the Services.
Anonymized Aggregated Data
Hearsay has developed proprietary algorithms that monitor all communications and transactions that occur within the Services. Hearsay engages third parties to perform data analysis on data sets provided by Hearsay in order to improve Hearsay’s algorithms. The purpose of these algorithms is to identify patterns of behavior, either unique to a User or to defined categories of people, which may enhance a User’s use of the Services. Any data created or identified within an algorithm does not identify the activity of an individual User or User Contacts. For example, the Services may identify that a User’s social media network contacts are most active between the hours of 10 AM to 12 PM on weekdays, and would therefore recommend a User to schedule social media posts during this time. The Services algorithms gather this information based on the volume activity occurring within this network; this recommendation, or any data associated with this recommendation, would not identify the posting habits of any individual User Contact or a User. For text message communication, the Services may suggest prepopulated quick replies to certain text messages. The Services algorithms make these suggestions based on gathered information from previous replies and conversations.
Industry Information
Hearsay collects information relating to the industry with which a User is associated: acquiring data sets about certain financial services industries, reviewing census results to identify purchasing habits of consumers, etc. The purpose of acquiring this information is to provide more information and insight for the User when using the Services.
We or our authorized service providers process the Services Information solely as a data processor, in order to:
We disclose Services Information under certain circumstances, as further described below.
The Services allow Users to send or receive communications from User Contacts through social media, email, text messaging and voice communications. If Users send communications through the Services, Hearsay will deliver those communications to third parties in order for the User Contact to share and receive those communications. We call these third party delivery networks “External Services.” Examples of External Services include Facebook, Twitter, LinkedIn and Instagram (for social media).
We may share Services Information with third-party service providers or consultants who need access to the data to perform their work on Hearsay’s behalf. These third party service providers are limited to only accessing or using this data to provide services to us and must provide reasonable assurances that they will appropriately safeguard any data provided by Hearsay. These include Amazon Web Services for website hosting, Sendgrid for email delivery and Twilio for text messaging.
Hearsay is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). Telecommunications activity performed by Hearsay is regulated and overseen by the Federal Communications Commission (FCC) and various state public utility commissions. We may disclose Services Information pertaining to a regulatory audit conducted by these entities as well as oversight organizations for the financial services industry, such as FINRA, SEC, or similar state and international regulators. When responding to a financial services regulatory audit, we will endeavor to first contact the Customer before disclosing any such information unless we are prohibited from doing so. The Customer is solely responsible for contacting any Users or User Contacts as part of the regulatory audit and disclosure of Services Information.
We may share data collected from you from the Services with our affiliates.
As we continue to grow, we may purchase websites, applications, subsidiaries, or other businesses or business units. Alternatively, we may sell businesses or business units, merge with other entities, obtain financing, and/or sell assets or stock, in some cases, as part of a reorganization or liquidation in bankruptcy. In order to evaluate and/or as part of these transactions, we may transfer your personal information to a successor entity upon a merger, consolidation, or other corporate reorganization in which Hearsay participates, to investors and/or to a purchaser or acquirer of all or a portion of Hearsay’s assets, bankruptcy included.
We share anonymized, aggregated, automatically-collected, or otherwise non-personal information with third parties for various purposes, including (i) compliance with reporting obligations; (ii) business or marketing purposes; (iii) assistance for us and other parties in understanding our Customers’ and Users’ interests, habits, and usage patterns for certain programs, content, services, advertisements, and/or functionality available through the Services. We do not share personal information about you in this case.
Hearsay may preserve or disclose your personal information in limited circumstances (other than as set forth in this Privacy Policy), including: (i) with your consent; (ii) when we have a good faith belief it is required by law, such as pursuant to a valid subpoena, warrant, or other judicial or administrative order (as further explained below); (iii) to protect the safety of any person; (iv) to protect the safety or security of the Hearsay Website and/or Services or to prevent spam, abuse, or other malicious activity of actors with respect to the Hearsay Website and/or Services; or (v) to protect our rights or property or the rights or property of those who use the Hearsay Website and/or Services.
If we are required to disclose personal information by law, such as pursuant to a subpoena, warrant, or other judicial or administrative order, we will use reasonable efforts to provide you with notice of this disclosure requirement, unless we are prohibited from doing so by statute, subpoena or court or administrative order. Our policy is to respond to requests that are properly issued by law enforcement within the United States or via mutual legal assistance mechanism (such as a treaty), and to object to requests that we do not believe were issued properly. However, if we receive information that provides us with a good faith belief that there is an exigent emergency involving the danger of death or serious physical injury to a person, we may provide information to law enforcement trying to prevent or mitigate the danger (if we have it), which will be determined on a case-by-case basis.
Certain Customers may purchase services from third parties that have a partnership relationship with Hearsay and are authorized to access the Services (“Value Added Partners”). In such cases, Hearsay will allow the Value Added Partner(s) to access the relevant Services account if the Customer has given the requisite permission. This access may include being able to read Services Information.
As ‘data controllers’ of Services Information, Customers are responsible for providing information to individuals in the EEA and/or the U.K., including the purposes of collection, legal bases, and your rights, as well as residents of certain states that provide consumer rights. If we receive a notification from a Customer regarding an individual wishing to exercise his/her exercising, we will assist said Customer with responding to and honoring such requests according to the Customer’s instructions.
When you visit the Hearsay Website or use the Services, we and our service providers acting on our behalf automatically collect certain data using tracking technologies like cookies, web beacons, and similar tracking technologies.
A cookie is a small amount of data, which often includes an anonymous unique identifier that is sent to your browser from a website’s computers and stored on your computer’s hard drive.
These technologies are used to help us better understand User behavior and facilitate and measure the effectiveness of our Hearsay Website and Services. We treat information collected by cookies and other technologies as non-personal information.
We use cookies to record current session information. We also use third party cookies (e.g. Google Analytics) to provide anonymized and aggregated information on website usage statistics and patterns.
All modern Internet browsers allow you to control your cookie settings. These settings are usually accessed in the ‘Options’ or ‘Preferences’ section of your browser. Please note that certain features of the website will not be available once cookies are disabled. For further information about cookies and how to manage them, please visit www.allaboutcookies.org.
Hearsay uses web beacons with cookies or separately to compile information about your engagement with us. Web beacons are clear electronic images that can recognize certain types of information on your computer, such as cookies, when you view a particular website tied to the web beacon, and a description of a website tied to the web beacon.
Here is a basic description and overview of the type of cookies Hearsay may use:
Hearsay Social, Inc. (“Hearsay”), is a web and mobile-based software platform that allows financial services and insurance companies (“Customers”) and their employees and/or designated agents with access to the Services (“Users”) to utilize electronic communications channels (such as social media, websites, email, mobile voice and text message) to communicate with clients and prospects (“SaaS Services”).
This Privacy Policy applies to Hearsay’s Website and Hearsay’s SaaS Services; collectively “Services.” This Privacy Policy contains details about how we collect, use, disclose, process, share and secure personal information that we obtain from and about you when you interact with our Services. Our collection and processing of information that alone or in conjunction with other information may reasonably identify you (“Personal Information”) may be either for our own purposes, or on behalf of other entities to whom we provide services.
If you have any questions regarding the collection and processing of Personal Information performed by us on behalf of another entity please consult that entity’s privacy policy. If, after reviewing this Privacy Policy, you have any questions or privacy concerns, please send us an email to privacy@hearsaycorp.com (see the How to Contact Us about Privacy section). We are committed to protecting the privacy of those with whom we interact.
For purposes of this Privacy Policy, the words “our,” “us,” “we,” and “Hearsay” refer to Hearsay Social, Inc., and our affiliates (which includes any person or entity that controls us, is controlled by us, or is under common control with us, such as our subsidiary, parent company, or our employees).
For the purpose of this Notice, Personal Information shall by interchangeable with Personal Data, and each shall have the meaning assigned to it by applicable laws, including, but not limited to, information that directly or indirectly, on its own or in conjunction with other information, identifies an individual. Please read this Notice carefully.
NEVADA, CALIFORNIA, COLORADO, CONNECTICUT, OR VIRGINIA RESIDENTS OR RESIDENTS OF ANOTHER STATE THAT OFFER CERTAIN PRIVACY RIGHTS: If you are a resident of Nevada, California, Colorado, Connecticut, or Virginia or resident of another state that offers certain privacy rights, this entire Privacy Policy applies to you. However, please see Additional Information for Certain States below, which will inform you in detail about our information collection practices and your specific rights.
INDIVIDUALS LOCATED IN THE EEA OR THE U.K.: If you are located in the European Economic Area (“EEA”) or the United Kingdom (“U.K.”), this entire Privacy Policy applies to you. However, please see Additional Information for Individuals in the EEA below, which will inform you in detail about our legal bases for processing and which rights you have in connection with our processing of your personal data.
We collect information in several contexts as described below. This policy also does not apply to information we collect in connection with providing services to our business clients, where we act as a service provider and process Personal Information in accordance with their instructions (see “Hearsay Processor and Service Provider Data”). Such information is subject to the Privacy Policies of the other financial institutions.
This Policy applies only to Hearsay operated services and applications, including our online services, mobile-based application, and Website. Our Services may contain links to other websites that are not operated or controlled by Hearsay. Hearsay does not control such third-party websites or their privacy practices. Any personal information you choose to give to third-party websites is not covered by this Notice.
Hearsay may update this Privacy Policy from time to time, in its sole discretion. If we do so, we will post an updated Privacy Policy on the Hearsay Website and provide prompt written notice of such updates, as applicable. Changes, modifications, additions, or deletions will be effective when posted unless stated otherwise. If we make material or significant changes, we may also send our Customers a notice that we have changed this Privacy Policy. Your continued use of the Hearsay Website and Services, and/or your continued provision of personal information to us after the posting of such notice, will be deemed an acceptance of any changes and subject to the terms of the then-current Privacy Policy. If any of the changes are unacceptable to you, you should cease interacting with us. When required under applicable law, we will seek affirmative consent from you before making material changes to the way we handle Personal Information previously collected from you. If you do not provide such consent, Personal Information will continue to be used in a manner that is consistent with the version of this Notice under which it was collected.
We are located in the United States, and the personal information that we collect is stored on servers located in the United States. This means that your Personal Information will be collected, processed, and stored in the United States, which may have data protection laws that are different from (and sometimes less protective than) the laws of your country or region, such as the General Data Protection Regulation 2016/679 (“GDPR”) in the European Union.
By sending us Personal Information, you agree and consent to the processing of your personal information in the United States, which may not offer an equivalent level of protection to that required in other countries (particularly the European Economic Area).
We have implemented safeguards designed to ensure that the Personal Information we process remains protected in accordance with this Privacy Policy, including when processed internationally or by our third-party service providers and partners. The safeguards we may take at our discretion include, for instance, entering into specific agreements in connection with any onward transfers of personal information. We may implement other mechanisms and take similar appropriate safeguards with our third party service providers and partners. Further details can be provided upon request.
Hearsay acts as a ‘data controller’ when it collects Personal Information on its own behalf and for its own Business Purposes, such as through our publicly-accessible Website, and as a ‘data processor’ when it collects and processes personal information on behalf of its Customers in order to provide the SaaS Services. As such, this Privacy Policy is separated into two main sections that address our different roles:
Please note that how you exercise certain rights will depend on whether Hearsay is processing your Personal Information as a ‘data controller’ or as a ‘data processor’, and is further explained throughout this Privacy Policy:
If you are a visitor of the Hearsay Website or a Customer and have any questions about this Privacy Policy or requests for access to or deletion or rectification of personal information that Hearsay collects and processes contact us at privacy@hearsaycorp.com or by mail at:
Attn: Legal Department
Hearsay Social, Inc. d/b/a Hearsay Systems
2261 Market Street, Ste. 5397
San Francisco, CA 94114
United States of America
Individuals in the EEA or the U.K. may contact Hearsay at:
Attn: Legal Department
Hearsay Social, Inc. d/b/a Hearsay Systems
Koztelek utca 6, 1147 Budapest
privacy@hearsaycorp.com
Below is a description of the personal information that we gather from you as a visitor to Hearsay Website, which includes https://hearsaysystems.com and other websites where this Privacy Policy is posted. Information about personal information collected through the account portal and the Saas Services can be found in the Hearsay Processor and SaaS Service Provider Data section below.
In this section, “you” refers to an individual visiting the Hearsay Website.
When you visit the Hearsay Website, we collect information directly from you when you provide it to us, such as when you request a demo, and indirectly, such as through the use of cookies and similar technology.
Data Protection Law (as defined below) recognizes that Sensitive Personal Information (or “sensitive personal data” as used interchangeably) requires additional protection. In particular, the GDPR prohibits the processing of sensitive personal data, other than in certain exceptional circumstances. Sensitive personal data in the EEA includes information relating to one’s race or ethnicity, political opinions, religious or philosophical beliefs, membership of a trade union, as well as biometric data and data relating to one’s health or sexual orientation (“Sensitive Personal Information”. Certain US state privacy laws (i.e., “Data Protection Law”) also have different definitions of Sensitive Personal Information, which may also include precise geolocation, citizenship or immigration status, and Personal Information from a known child.
Visiting the Hearsay Website
Some pages of the Hearsay Website allow you to fill out a web form and share your personal information with us directly, such as on our “Contact Us” page and on our “Submit a request” page. Information we collect consists of:
Occasionally, we may also offer opportunities for you to share your data with us such as through a survey, to sign up for a newsletter, or to register for or receive details about an event we are sponsoring. If you participate in those surveys, sign up for a newsletter, or register for an event, we will collect the information you provide to us at that time. You will be able to unsubscribe from receiving those types of communication at any time.
In addition, if you send us an email or otherwise contact us, we will collect the personal information that you provide to us at that time.
When you visit the Hearsay Website, we, or authorized third parties, collect information, including Device and Usage Information described below, by automated means using cookies, web beacons, server logs or other tracking technologies for analytic purposes. For more information on our use of these technologies and the data that they collect, please see our Cookie Statement. We may also collect information from third parties, as explained below.
Device and Usage Information
When you visit, use or interact with the Hearsay Website, even if you do not have an account, we, or authorized third parties (such as service providers or External Ad Partners (as defined in the Targeted Advertising section below), may collect information about your use of the Hearsay Website via your device. Device and Usage Information that we, or these authorized third parties, collect consists of:
Information from Third Parties
In some instances, we process personal information from third parties, such as data from our External Ad Partners (see the Targeted Advertising section below). These third parties may also use tracking technologies to serve you advertisements tailored to interests you have shown by browsing on this Website and other sites, applications, destinations, and services you have visited, and for other lawful Business Purposes (as defined below).
To provide you with more relevant and interesting experiences, we may work with third party companies to display ads or customize the content on this Website and on other digital properties and websites. These companies may use cookies and similar tracking technologies as described in this Notice to gather information about your visits to our Website, as well as your visits elsewhere on the Internet. These companies use this information to provide you with more relevant advertising known as interest-based advertising.
We, or our authorized partners, collect and process personal information in order to:
Additionally, we may disclose information about users (i) if it is required to do so by law or legal process; (ii) as may be required to law enforcement authorities or other government officials, (iii) when Hearsay believes disclosure is necessary or appropriate to prevent physical harm, financial loss or in connection with an investigation of suspected or actual illegal activity, or (iv) to respond to claims by third parties.
For California residents, please see the Additional Information for Certain States Section below for more information on specific purposes of collection for each category of Personal Information collected in the past 12 months as a “Business” under the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act of 2020. For Colorado, Connecticut, and Virginia residents, please also see the Additional Information for Certain States.
For individuals located in the EEA or the U.K., please see the Additional Information for Individuals in the EEA and the U.K. Section below for more information, including our legal bases for processing.
We disclose your Personal Information under certain circumstances, such as to our service providers or in the event of a business transfer, as further described below.
Hearsay may share Personal Information and/or Sensitive Personal Information with our third party agents, contractors, or service providers who are hired to perform services on Hearsay’s behalf or in order to assist with certain Business Purposes and/or Commercial Purposes. These providers may operate or support certain functions of the Hearsay Website and Services. Below is a list of categories of service providers that we may use to perform these functions (which are subject to change):
Service providers process your Personal Information and/or Sensitive Personal Information for the specific purpose of providing their services to us (and in accordance with our instructions).
As explained here, we also work with and disclose Personal Information to External Ad Partners who assist us with advertising and marketing our Services.
In some cases, service providers and External Ad Partners collect your Personal Information and/or Sensitive Personal Information directly from you, such as via cookies.
We may share data collected from you from the Hearsay Website with our affiliate entities.
As we continue to grow, we may purchase websites, applications, subsidiaries, or other businesses or business units. Alternatively, we may sell businesses or business units, merge with other entities, obtain financing, and/or sell assets or stock, in some cases, as part of a reorganization or liquidation in bankruptcy. In order to evaluate and/or as part of these transactions, we may transfer your personal information to a successor entity upon a merger, consolidation, or other corporate reorganization in which Hearsay participates, to investors and/or to a purchaser or acquirer of all or a portion of Hearsay’s assets, including bankruptcy.
We share anonymized, aggregated, automatically-collected, or otherwise non-Personal Information with third parties for various purposes, including (i) compliance with reporting obligations; (ii) Business Purposes, Commercial Purposes, and/or marketing purposes; (iii) assistance for us and other parties in understanding our users’ interests, habits, and usage patterns for certain programs, content, services, advertisements, and/or functionality available through the Services. We do not share Personal Information about you in this case.
Hearsay may preserve or disclose your Personal Information in limited circumstances (other than as set forth in this Privacy Policy), including: (i) with your consent; (ii) when we have a good faith belief it is required by law, such as pursuant to a valid subpoena, warrant, or other judicial or administrative order (as further explained below); (iii) to protect the safety of any person; (iv) to protect the safety or security of the Hearsay Website and/or Services or to prevent spam, abuse, or other malicious activity of actors with respect to the Hearsay Website and/or Services; or (v) to protect our rights or property or the rights or property of those who use the Hearsay Website and/or Services.
If we are required to disclose Personal Information by law, such as pursuant to a subpoena, warrant, or other judicial or administrative order, we will use reasonable efforts to provide you with notice of this disclosure requirement, unless we are prohibited from doing so by statute, subpoena or court or administrative order. Our policy is to respond to requests that are properly issued by law enforcement within the United States or via mutual legal assistance mechanism (such as a treaty), and to object to requests that we do not believe were issued properly. However, if we receive information that provides us with a good faith belief that there is an exigent emergency involving the danger of death or serious physical injury to a person, we may provide information to law enforcement trying to prevent or mitigate the danger (if we have it), which will be determined on a case-by-case basis.
Our Website is intended for individuals 18 years of age and older. It is not directed at, marketed to, nor intended for, children under 18 years of age. We do not knowingly collect any Personal Information directly from children under the age of 18. If we discover we have inadvertently received any Personal Information from a child under the age of 18 in violation of this Policy, we will take reasonable steps to delete that information as quickly as possible. If you believe that we have any Personal Information from or about anyone under the age of 18, please contact us at privacy@hearsaycorp.com.
The Hearsay Website uses third-party analytics tools that drop cookies and/or similar technologies to collect and store information about your device and use of the Hearsay Website. We use analytics tools to calculate visitor, session and campaign data for the Hearsay Website analytics reports.
One of our tools is Google Analytics. We use Google Analytics to generate and process statistical or demographic data. Third parties, like Google, use cookies to compile reports on the website’s activity and website visitors, and provide other services related to website activity and usage. The technologies used by Google may collect information such as your IP address, time of visit, whether you are a return visitor, and any referring website. You can read more about Google’s practices in Google’s privacy policy. You can opt-out from being tracked by Google Analytics in a particular browser on a particular device by downloading and installing the Google Analytics Opt-out Browser Add-on for that browser. To learn more about how to opt-out of tracking by Google Analytics, please click here.
Another tool is the LinkedIn Insight Tag. You can read more about LinkedIn’s practices in LinkedIn’s privacy policy. LinkedIn only provides reports and alerts (which do not identify LinkedIn members) about the Hearsay website audience and ad performance (LinkedIn does not share the personal data of its members with Hearsay). LinkedIn members can control the use of their personal data for advertising purposes through their account settings.
We market our company and Services in a variety of ways. Below is a description of what data we gather from you, and how we use it for purposes of these marketing activities. We gather information from or about you in the following different roles:
Occasionally, we may also offer opportunities for you to share your data with us such as through a survey, to sign up for a newsletter, or to register for or receive details about an event we are sponsoring. If you participate in those surveys, sign up for a newsletter, or register for an event, we will collect the information you provide to us at that time. You will be able to unsubscribe from receiving those types of communication at any time.
In some cases, you provide Personal Information directly to Hearsay as part of a marketing event that Hearsay hosts or co-hosts, through email or when you participate in an online webinar. Occasionally, and only with your consent, we may send you future communications. We may also acquire personal information about you through a third party. In particular, Hearsay engages third parties who provide us with contact information for Leads. When acquiring information from third parties, Hearsay endeavors to obtain contractual commitments from the third parties that the information was acquired lawfully and with the appropriate level of consent.
Our communications to you for marketing purposes will contain instructions on how you can opt-out from receiving future communications, and if you consent to our use of your personal information for marketing purposes, you may always withdraw your consent. You may also contact Hearsay directly about its marketing activities at privacy@hearsaycorp.com.
Hearsay engages third-party advertising networks (“External Ad Partners”) to display advertising about our Services when you visit other websites within that advertising network. Like many other companies, we rely on retargeting, also known as remarketing, which is a type of marketing strategy that helps businesses “remind” visitors of their products and services after they leave their websites. For instance, through the use of cookies (and similar technologies) placed by External Ad Partners, online identifiers (considered personal information) are collected and then used to identify visitors to the Hearsay Website on other websites or social media platforms. With this information our External Ad Partners may serve relevant ads on consumers who previously visited the Hearsay Website.
Individuals in the EEA, the U.K., or certain U.S. state residents (i.e., Consumers, as defined below) have additional rights, as explained here and here.
Hearsay maintains an online presence on social media platforms (“Social Media Platforms”) such as Instagram, Twitter, Facebook and Linkedin, to provide information about our Services and communicate with users and/or visitors to those pages or accounts. When you interact or post to our account, we process your Personal Information. In some cases, the Social Media Platforms are service providers or processors. In other cases, such as with Facebook, we are jointly responsible for the processing, as explained in the section titled Hearsay as a ‘Joint Controller’ with Facebook.
We use reasonably appropriate security measures designed to protect the security of Personal Information and Sensitive Personal Information both online and offline. These measures vary based on the sensitivity of the information that we collect, process and store and the current state of technology. Please note, though, that no website or internet transmission is completely secure, so while we strive to protect your data, we cannot guarantee that unauthorized access, hacking, data loss or a data breach will never occur.
Certain internet web browsers allow a “do not track” (“DNT”) setting that relies on a technology known as a DNT header, which sends a signal to websites visited by the individual about the individual’s browser DNT setting. At this time, we do respond to DNT signals. For more information on DNT settings generally, please visit https://allaboutdnt.com.
How you make choices about cookies and other tracking technologies depends on the type of cookie or tracking technology being used. For details on how to manage your preferences for cookies and tracking technologies within your web browser, please see our Cookie Statement.
If you are receiving promotional emails from us, you can choose to stop receiving those by following the unsubscribe/opt-out instructions in those emails. You can also opt-out by contacting customer support at support@hearsaycorp.com.
To request access to, or to make changes to, data that we have collected from you via the Hearsay Website, please email us at privacy@hearsaycorp.com. Individuals in the EEA, the U.K., or certain U.S. state residents (i.e., Consumers, as defined below) have additional rights, as explained here and here.
The categories of recipients of personal data with whom we may share your personal data are listed in Disclosure of Your Personal Information above.
Hearsay as ‘Data Controller’
As a ‘data controller’, Hearsay processes your Personal Information for a number of different purposes. Some are essential for us to provide the Services or to fulfill our legal obligations, some help us run the Services efficiently and effectively, and some enable us to provide you with more relevant and personalized offers and information. In all cases, with respect to individuals in the EEA or the U.K., we must have a reason and a legal ground for processing your personal information. The most common legal grounds on which we rely are briefly explained below:
The following breakdown illustrates in more detail our processing activities and how the above legal bases for processing apply (in brackets):
We use Facebook’s products and services (“Facebook Products”) in different ways:
With respect to our use of Facebook Products, we are jointly responsible with Facebook Ireland for the processing activities (“Joint Processing”):
Facebook Ireland Ltd.,
4 Grand Canal Square, Grand Canal Harbor
Dublin 2, Ireland
Information about the personal data that is collected from you by Facebook, as well as how and why it is processed by Facebook, can be found at https://www.facebook.com/about/privacy.
Hearsay and Facebook have entered into an agreement in order to determine the respective responsibilities for compliance with our obligations in connection with the Joint Processing within the meaning of the GDPR. This joint controller agreement, which sets out the reciprocal obligations, is available here.
Hearsay’s legal basis for processing your personal data via Facebook Products is our legitimate interest in increasing and analyzing the communication, sales, and promotion of Services. Our legal basis may also be your consent, which may be revoked at any time.
Some processing by Facebook Ireland Ltd. might take place in the United States by Facebook Inc.
We use the following criteria to determine our retention periods: the amount, nature and sensitivity of your information, the reasons for which we collect and process your personal data, the length of time we have an ongoing relationship with you and provide you with access to our Services, and applicable legal requirements. We will retain personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to comply with applicable legal, tax, or accounting requirements), when we are unable to reasonably verify your identity, or as may otherwise be required under GDPR. Additionally, we cannot delete information when it is needed for the establishment, exercise, or defense of a legal claim (also known as a “litigation hold”). In this case, the information must be retained as long as needed for exercising respective potential legal claims.
When we no longer have a legitimate business need to process your personal information, it is deleted and/or anonymized. If you have questions about, or need further information concerning, our data retention periods, please email privacy@hearsaycorp.com.
If the GDPR or the U.K., applies to you because you are in the EEA or the U.K., you have certain rights in relation to your personal data:
These rights are subject to certain rules around when you can exercise them. If you are located in the EEA or the U.K. and wish to exercise any of the rights set out above, please contact us (see How to Contact Us about Privacy).
We will respond to all legitimate requests within one month. Occasionally, it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated as required by law.
Finally, you have the right to make a complaint at any time to the supervisory authority for data protection issues in your country of residence. We would, however, appreciate the chance to address your concerns before you approach the supervisory authority, so please contact us directly first at privacy@hearsaycorp.com.
This privacy notice for Nevada, California, Colorado, Connecticut, and Virginia residents, and residents of other states with applicable privacy laws (“State Privacy Notice”) supplements the information contained in the Privacy Policy and applies solely to individuals who reside in the applicable state (“Consumers”). We have created this State Privacy Notice in order to comply with the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act (collectively, “CCPA”), the Colorado Privacy Act (“CPA”), the Connecticut Data Privacy Act (“CTDPA”), the Virginia Consumer Data Protection Act (“VCDPA”), and other applicable privacy laws (collectively, “Data Protection Law”).
This CCPA Notice applies to Personal Information that Hearsay collects for its own purposes. It does not apply to:
We collect Personal Information as that term is defined in CCPA. Within the last twelve (12) months, Hearsay has collected the following categories of Personal Information from or about Consumers:
Personal information does not include:
As explained in more detail here, Hearsay obtains the categories of personal information listed above from the following categories of sources:
We collect and process your Personal Information and/or Sensitive Personal Information whenever you use our Website and/or Services.
Under the CCPA, we must disclose the purposes for which we collect your information. Our purposes include Business Purpose and Commercial Purposes, as generally described below.
In the section Why We Collect Your Personal Information and How We Use It, we explain the purposes for which we process this information, pursuant to Data Protection Law(s), along with the relevant categories of data we use and the legal basis we rely on to do so or other permitted reasons for processing (e.g. Business Purposes or Commercial Purposes under the CCPA). For clarity, the terms Business Purpose and Commercial Purpose, are being used to sufficiently describe the purpose of processing, transferring, sharing, sale, and/or sharing, as applicable, of all your Personal Information and/or Sensitive Personal Information under all Data Protection Law(s). As previously mentioned, Hearsay transfers and/or discloses your geolocation data and the contents of your social and text messages, which is Sensitive Personal Information, in order to provide the Service as well as for compliance reasons.
Hearsay may disclose your Personal Information to service providers, contractors, and/or third parties (as defined by CCPA) (or processor or third party, as defined by applicable Data Protection Law(s)) for a Business Purpose and/or Commercial Purpose. When we disclose Personal Information for a Business Purpose and/or Commercial Purpose, we enter into a contract that describes the purpose and requires the recipient to both keep that Personal Information confidential and not use it for any purpose except performing the services for us. As explained in more detail here, we also share your Personal Information with certain categories of service providers, contractors, and/or third parties who assist us in providing the Hearsay Website and Services and with our business.
We disclose your Personal Information and/or Sensitive Personal Information for a Business Purpose and/or Commercial Purpose to the following categories of Service Providers:
The following chart describes the categories of Personal Information and Sensitive Personal Information that we disclosed to service providers, contractors, and/or third parties for a Business Purpose and/or Commercial Purpose in the 12 months prior to the date of this Privacy Policy. As noted below in the chart, Hearsay transfers and/or discloses your geolocation data and the contents of your social and text messages, which is Sensitive Personal Information, in order to provide the Service as well as for compliance reasons.
The CCPA defines ‘sale’ and ‘share’ very broadly. ’Sale’ includes the sharing of Personal Information with third parties in exchange for anything of value, while ‘share’ means disclosure of Personal Information to third parties for cross contextual behavioral advertising. According to these broad definitions, in the 12 months before this section was last updated, we may have sold or shared the following categories of Personal Information to third parties:
The CCPA provides Consumers with specific rights regarding their Personal Information, provided that we are able to verify their identities as explained below. This section describes your CCPA rights and explains how to exercise them.
Opting-out of Sales or Sharing of Your Personal Information
You have the right to opt-out of our sharing or selling of your Personal Information with some External Ad Partners in certain circumstances. If you would like to opt-out of the sale of Personal Information, please click here.You can also opt-out of the sale or sharing of your Personal Information that is collected automatically when you visit the Website by clicking here.
Hearsay does not sell or share Personal Information collected on the Hearsay mobile-based software platform.
Access to Specific Information
You have the right to request that Hearsay disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive your request and verify your identity, as explained in Exercising Your Consumer Rights, we will disclose such information to you.
Right to Data Portability
You have the right to receive the Personal Information that you have provided to Hearsay, in a structured, commonly used and machine-readable format, and you have the right to transmit that information to another controller, including to have it transmitted directly, where technically feasible.
Right to Correction
You have the right to have your Personal Information corrected.
Deletion Request Rights
You have the right to request that Hearsay delete your personal information, subject to certain exceptions listed in the CCPA. Once we receive your request and verify your identity, as explained in Exercising Your Consumer Rights, we will delete (and direct our service providers, contractors, third parties, and/or processors, as applicable, to delete) your Personal Information from our records, unless an exception applies.
Your Right to Limit the Use Sensitive Personal Information We Have Collected About You
You have the right to limit our use of your Sensitive Personal Information if we use it for purposes other than providing the Services to you. We currently do not use your Sensitive Personal Information for purposes other than providing the Service/ for the Business Purposes above.
Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable Consumer request related to your personal information.
An authorized agent is a natural person or a business entity registered with the Secretary of State that a Consumer has authorized to act on his or her behalf. When a Consumer uses an authorized agent to submit a request to know or a request to delete, Hearsay may require that the Consumer provide the authorized agent written permission to do so and verify his or her own identity directly with Hearsay, unless the Consumer has provided the authorized agent with a valid power of attorney. Hearsay may deny a request from an agent that does not submit proof that he or she has been authorized by the Consumer to act on his or her behalf.
To exercise the rights described above, please submit a verifiable Consumer request to us by either calling us at 1-888-399-2280 or mailing privacy@hearsaycorp.com.
You may only make a verifiable Consumer request for access or data portability twice within a 12-month period. In particular, you can request the following:
1. Specific Pieces of Information
2. Categories of Information
The verifiable Consumer request must:
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. We will notify you to explain the basis of the denial.
If we have a good-faith, reasonable belief that a request to opt-out of the sale or sharing of Personal Information is fraudulent, we may deny the request. Should this occur, we will inform you and explain why we believe the request is fraudulent.
Making a verifiable Consumer request does not require you to create an account with us. Please note that the methods for verification are set forth in the CCPA, which also requires us to consider a number of factors, such as the type, sensitivity, and value of the personal information or the risk of harm posed by unauthorized access or deletion, on a case-by-case basis.
We will only use personal information provided in a verifiable Consumer request to verify the requestor’s identity or authority to make the request.
Upon your request, we will delete the Personal Information we have collected about you, except for situations where the CCPA authorizes us to retain specific information, including when it is necessary for us to provide you with a good or service that you requested; perform a contract we entered into with you; maintain the functionality or security of our systems; or comply with or exercise rights provided by the law. The law also permits us to retain specific information for our exclusively internal use, but only in ways that are compatible with the context in which you provided the information to us or that are reasonably aligned with your expectations based on your relationship with us. We will act on your deletion request within the timeframes set forth below.
Response Timing
We endeavor to respond to a verifiable Consumer request generally within 45 days of its receipt, or as otherwise required by the CCPA, although we may take longer to process your request under certain circumstances. If we expect your request is going to take us longer than normal to fulfill, we will let you know.
Any disclosures we provide will only cover the 12-month period preceding our receipt of the verifiable Consumer’s request. If applicable, in our response, we will also explain the reasons we cannot comply with a request. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We usually act on requests and provide information free of charge, but we may charge a reasonable fee to cover our administrative costs of providing the information in certain situations. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request. In some cases, the law may allow us to refuse to act on certain requests. When this is the case, we will endeavor to provide you with an explanation as to why.
We will not discriminate against you in a manner prohibited by the CCPA because you exercise your CCPA rights. Please note that to use our Services, we do require the collection of your personal information – for example, to sign you up. While you may request to delete your personal information under CCPA, such deletions may affect our ability to offer the Services.
California Civil Code Section 1798.83, also known as the “Shine the Light” law, permits California residents to annually request, free of charge, information about certain categories of Personal Information a business has disclosed to third parties for direct marketing purposes in the preceding calendar year. California residents may make such request to us at privacy@hearsaycorp.com. We will provide a list of the categories of personal information disclosed to such third parties for their direct marketing purposes during the immediately preceding calendar year, along with the names and addresses or these third parties. This request may be made no more than once per calendar year. We reserve our right not to respond to requests submitted other than to the email specified in this section.
We do not sell your Personal Information within the scope of, and according to the defined meaning of, a “sale” under NRS 603A.
Under Virginia’s Consumer Data Protection Act (“VCDPA”), solely as to Personal Information of users acting in an individual or household context, Virginia residents have certain rights around Hearsay’s collection, use, and sharing of their personal data. Hearsay may sell your personal data and has provided you with notice and an opportunity to opt-out of such sale as required by law. Similarly, Hearsay may engage in profiling in furtherance of decisions that produce legal or similarly significant effects. Hearsay may engage in “targeted advertising” as that term is defined in the VCDPA. You have the right to opt-out of targeted advertising here. Hearsay collects various categories of personal data when you use the Services, including identifiers, commercial information, internet or other electronic network or device activity information, geolocation data, and professional information . A more detailed description of the information Hearsay collects and how we use it is provided above in the sections Information We Collect Directly From You, Information We Collect Indirectly From You, Use of Your Personal Information, How We Process Your Information and Our Legal Bases for Doing So, and Disclosure of Personal Information. Disclosure of Personal Information describes the categories of third parties with whom we share personal data, and what information may be shared under different circumstances. If you are a resident of Virginia, you will have the right to (1) request to know what personal data has been collected about you, and to access that information; (2) request to correct inaccuracies in your personal data; (3) request deletion of your personal data, though exceptions under the CDPA and other laws may allow Hearsay to retain and use certain personal data notwithstanding your deletion request; (4) obtain a copy of your personal data (i.e., right of data portability); and (5) the right to opt out personal data processing for the purpose of (i) targeted advertising; (ii) the sale of personal data; or (iii) profiling in further of decisions that produce legal or similarly significant effects concerning the consumer. You can learn more about how to submit a data rights request, or appeal denial of a request, as applicable, at the Exercising Your Consumer Rights section above. You may also send your request by email to privacy@hearsaycorp.com.
Under Colorado’s Consumer Privacy Act (“CPA”), solely as to Personal Information of users when acting in an individual or household context, Colorado residents have certain rights around Hearsay’s collection, use, and sharing of their personal data. Hearsay may sell your personal data and has provided you with notice and an opportunity to opt-out of such sale as required by law. Similarly, Hearsay may engage in profiling in furtherance of decisions that produce legal or similarly significant effects. Hearsay may engage in “targeted advertising” as that term is defined in the CPA. You will have the right to opt-out of targeted advertising here. Hearsay collects various categories of personal data when you use the Services, including identifiers, commercial information, internet or other electronic network or device activity information, geolocation data, and professional information. A more detailed description of the information Hearsay collects and how we use it is provided above in the sections Information We Collect Directly From You, Information We Collect Indirectly From You, Use of Your Personal Information, How We Process Your Information and Our Legal Bases for Doing So, and Disclosure of Personal Information. Disclosure of Personal Information describes the categories of third parties with whom we share personal data, and what information may be shared under different circumstances. If you are a resident of Colorado, you will have the right to (1) request to know what personal data has been collected about you, and to access that information; (2) request to correct inaccuracies in your personal data; (3) request deletion of your personal data, though exceptions under the CPA and other laws may allow Hearsay to retain and use certain personal data notwithstanding your deletion request; (4) obtain a copy of your personal data (i.e., right of data portability); and (5) the right to opt out personal data processing for the purpose of (i) targeted advertising; (ii) the sale of personal data; or (iii) profiling in further of decisions that produce legal or similarly significant effects concerning the consumer. You can learn more about how to submit a data rights request, or appeal denial of a request, as applicable, at the Exercising Your Consumer Rights section above. You may also send your request by email to privacy@hearsaycorp.com.
Under Connecticut’s Data Privacy Act (“CTDPA”), solely as to Personal Information of users when acting in an individual or household context, Connecticut residents have certain rights around Hearsay’s collection, use, and sharing of their personal data. Hearsay may sell your personal data and has provided you with notice and an opportunity to opt-out of such sale as required by law. Similarly, Hearsay may engage in profiling in furtherance of decisions that produce legal or similarly significant effects. Hearsay may engage in “targeted advertising” as that term is defined in the CTDPA. You will have the right to opt-out of targeted advertising here. Hearsay collects various categories of personal data when you use the Services, including identifiers, commercial information, internet or other electronic network or device activity information, geolocation data, and professional information. A more detailed description of the information Hearsay collects and how we use it is provided above in the sections Information We Collect Directly From You, Information We Collect Indirectly From You, Use of Your Personal Information, How We Process Your Information and Our Legal Bases for Doing So, and Disclosure of Personal Information. Disclosure of Personal Information describes the categories of third parties with whom we share personal data, and what information may be shared under different circumstances. If you are a resident of Connecticut, you will have the right to (1) request to know what personal data has been collected about you, and to access that information; (2) request to correct inaccuracies in your personal data; (3) request deletion of your personal data, though exceptions under the CTDPA and other laws may allow Hearsay to retain and use certain personal data notwithstanding your deletion request; (4) obtain a copy of your personal data (i.e., right of data portability); and (5) the right to opt out personal data processing for the purpose of (i) targeted advertising; (ii) the sale of personal data; or (iii) profiling in further of decisions that produce legal or similarly significant effects concerning the consumer. You can learn more about how to submit a data rights request, or appeal denial of a request, as applicable, at the Exercising Your Consumer Rights section above. You may also send your request by email to privacy@hearsaycorp.com.
If you have any questions regarding this State Notice, please contact us directly.
As explained above, we process personal information from individuals described below on behalf of our Customers in order to provide our Services, in accordance with their Instructions. When we process personal information on behalf of our Customers, we are a ‘data processor’ or service provider. This includes certain information that we collect through our account portal (https://my.hearsaysocial.com/) when Users log into their accounts with Hearsay, as well as other information that is collected through the various products offered by Hearsay as part of the Services.
Hearsay’s Customers are controllers of the Personal Information because they decide how or why your Personal Information is processed. When our Customers process Personal Information through our Services, they are responsible for ensuring that they do so in compliance with the law, including providing their customers and users with their own privacy policies.
Hearsay’s processing activity as a service provider and processor is governed by the contracts we have with our Customers. Under the terms of those agreements, we will direct any data subject request you make to Hearsay for Personal Information that we process as a processor under this section to our Customers.
For purposes of this Section, “You” may refer to a variety of people, including:
If there are special terms and considerations, we will address the individual group by the capitalized term (Customer, User or User Contacts). Where terms apply to all groups, we will address the group as “you.”
We process information (1) received directly from Customers and Users, other than personal information collected on signing up as a User of the Services, (2) from or about User Contacts through the use of the Services by Customers and Users, and (3) obtained indirectly, such as through the use of cookies or CRM integrations.
The information that we process as part of the Services is described below in further detail. Collectively, all information processed by Hearsay in order to provide the Services is referred to “Services Information” for purposes of this Privacy Policy.
Through the Services, Customers and Users can populate their accounts with information submitted by a Customer or a User to Hearsay, or uploaded by Customer or a User to the Services, which is meant to be used and shared through the Services. Examples of such content include articles, logos and other assets uploaded by a Customer or User to personalize a web page. In uploading or submitting this information, Customers and Users must not include any personally identifiable information contained within the uploaded materials.
Hearsay may also contact Customers and Users to provide feedback on the Services by email or other means in order to better understand how Customers and Users use the Services. Some of the questions might include requests with a voluntary answer to provide certain additional personal identifiable information, such as name, age and geographic location. Information gathered by Hearsay will be used solely in connection with or to improve or expand the Services; however, this may include using this information within third-party services that are associated with the Services. Please see our cookies section to better understand how we use performance cookies to improve the Services.
As part of our Services, Hearsay allows Users to connect certain digital assets such as social media accounts (including private messaging in some cases), email addresses and telephone numbers to the Services in order to communicate with User Contacts. Customers may also have their own websites hosted by Hearsay (“Customer Sites”). As a result, Hearsay processes personal information from or about User Contacts that is collected via the Customer Sites, User social media accounts and/or other connections to the Services, depending on the level of permission. For instance, when using social media networks, if Hearsay is allowed to collect social media activity about the User Contact, Hearsay will collect such information and present a summary of this information to the User. With respect to text message correspondence, Hearsay may collect, store and retain the telephone number of the User Contact, call history with the User Contact, and any contents of a text message that a User Contact made in text message communications with the User.
Hearsay collects and/or processes Sensitive Personal Information, including precise geolocation and content of social and text messages. As explained below, the contents of social and text messages may contain additional Sensitive Personal Information that is shared by the Customer and/or User.
Any information that a User or a User Contact submits to the Services will be captured and retained by Hearsay as part of the Services.
If you are a User Contact, you may have been directed to review this Privacy Policy by one of our Customers in lieu of their own Privacy Policy. In this case, any information about you as a User Contact that Hearsay collects will be processed and maintained in accordance with this policy. However, to understand how the Customer uses the information or to exercise any rights, please contact the Customer directly.
CRM Integrations
Certain Customers integrate their customer relationship management (CRM) systems with the Services. When this happens, Hearsay receives any information about Users and User Contacts that a Customer has collected and wishes to share with Hearsay. Hearsay will use this information within the Service to enable certain functionality (e.g., populating email contacts from a CRM so that a User may utilize email functionality), or use insights in order to recommend certain actions (e.g., based on a combination of activity documented in CRM and the Services with a User Contact, a User might receive a recommendation to make a future communication with the same User Contact).
Publicly Available Information about Users and User Contacts
In order to better understand Users and provide a better experience, Hearsay creates various “profiles” within the Services, in order to provide more targeted content and suggest action items for a User to take within the Services. “Profiles” are not composites of personal information nor based on actual individuals, but are common characteristics identified by Hearsay to describe certain behaviors or preferences. In order to make recommendations or suggest content, Hearsay endeavors to find out more about its Users and User Contacts. In some instances, when building these “profiles,” Hearsay may retain third parties to collect publicly available information about Users. This information may include your industry, the size of your office, and your online directory listing, to help Hearsay understand more about our customer base and to tailor information we send you about the Services.
Anonymized Aggregated Data
Hearsay has developed proprietary algorithms that monitor all communications and transactions that occur within the Services. Hearsay engages third parties to perform data analysis on data sets provided by Hearsay in order to improve Hearsay’s algorithms. The purpose of these algorithms is to identify patterns of behavior, either unique to a User or to defined categories of people, which may enhance a User’s use of the Services. Any data created or identified within an algorithm does not identify the activity of an individual User or User Contacts. For example, the Services may identify that a User’s social media network contacts are most active between the hours of 10 AM to 12 PM on weekdays, and would therefore recommend a User to schedule social media posts during this time. The Services algorithms gather this information based on the volume activity occurring within this network; this recommendation, or any data associated with this recommendation, would not identify the posting habits of any individual User Contact or a User. For text message communication, the Services may suggest prepopulated quick replies to certain text messages. The Services algorithms make these suggestions based on gathered information from previous replies and conversations.
Industry Information
Hearsay collects information relating to the industry with which a User is associated: acquiring data sets about certain financial services industries, reviewing census results to identify purchasing habits of consumers, etc. The purpose of acquiring this information is to provide more information and insight for the User when using the Services.
We or our authorized service providers process the Services Information solely as a data processor, in order to:
We disclose Services Information under certain circumstances, as further described below.
The Services allow Users to send or receive communications from User Contacts through social media, email, text messaging and voice communications. If Users send communications through the Services, Hearsay will deliver those communications to third parties in order for the User Contact to share and receive those communications. We call these third party delivery networks “External Services.” Examples of External Services include Facebook, Twitter, LinkedIn and Instagram (for social media).
We may share Services Information with third-party service providers or consultants who need access to the data to perform their work on Hearsay’s behalf. These third party service providers are limited to only accessing or using this data to provide services to us and must provide reasonable assurances that they will appropriately safeguard any data provided by Hearsay. These include Amazon Web Services for website hosting, Sendgrid for email delivery and Twilio for text messaging.
Hearsay is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). Telecommunications activity performed by Hearsay is regulated and overseen by the Federal Communications Commission (FCC) and various state public utility commissions. We may disclose Services Information pertaining to a regulatory audit conducted by these entities as well as oversight organizations for the financial services industry, such as FINRA, SEC, or similar state and international regulators. When responding to a financial services regulatory audit, we will endeavor to first contact the Customer before disclosing any such information unless we are prohibited from doing so. The Customer is solely responsible for contacting any Users or User Contacts as part of the regulatory audit and disclosure of Services Information.
We may share data collected from you from the Services with our affiliates.
As we continue to grow, we may purchase websites, applications, subsidiaries, or other businesses or business units. Alternatively, we may sell businesses or business units, merge with other entities, obtain financing, and/or sell assets or stock, in some cases, as part of a reorganization or liquidation in bankruptcy. In order to evaluate and/or as part of these transactions, we may transfer your personal information to a successor entity upon a merger, consolidation, or other corporate reorganization in which Hearsay participates, to investors and/or to a purchaser or acquirer of all or a portion of Hearsay’s assets, bankruptcy included.
We share anonymized, aggregated, automatically-collected, or otherwise non-personal information with third parties for various purposes, including (i) compliance with reporting obligations; (ii) business or marketing purposes; (iii) assistance for us and other parties in understanding our Customers’ and Users’ interests, habits, and usage patterns for certain programs, content, services, advertisements, and/or functionality available through the Services. We do not share personal information about you in this case.
Hearsay may preserve or disclose your personal information in limited circumstances (other than as set forth in this Privacy Policy), including: (i) with your consent; (ii) when we have a good faith belief it is required by law, such as pursuant to a valid subpoena, warrant, or other judicial or administrative order (as further explained below); (iii) to protect the safety of any person; (iv) to protect the safety or security of the Hearsay Website and/or Services or to prevent spam, abuse, or other malicious activity of actors with respect to the Hearsay Website and/or Services; or (v) to protect our rights or property or the rights or property of those who use the Hearsay Website and/or Services.
If we are required to disclose personal information by law, such as pursuant to a subpoena, warrant, or other judicial or administrative order, we will use reasonable efforts to provide you with notice of this disclosure requirement, unless we are prohibited from doing so by statute, subpoena or court or administrative order. Our policy is to respond to requests that are properly issued by law enforcement within the United States or via mutual legal assistance mechanism (such as a treaty), and to object to requests that we do not believe were issued properly. However, if we receive information that provides us with a good faith belief that there is an exigent emergency involving the danger of death or serious physical injury to a person, we may provide information to law enforcement trying to prevent or mitigate the danger (if we have it), which will be determined on a case-by-case basis.
Certain Customers may purchase services from third parties that have a partnership relationship with Hearsay and are authorized to access the Services (“Value Added Partners”). In such cases, Hearsay will allow the Value Added Partner(s) to access the relevant Services account if the Customer has given the requisite permission. This access may include being able to read Services Information.
As ‘data controllers’ of Services Information, Customers are responsible for providing information to individuals in the EEA and/or the U.K., including the purposes of collection, legal bases, and your rights, as well as residents of certain states that provide consumer rights. If we receive a notification from a Customer regarding an individual wishing to exercise his/her exercising, we will assist said Customer with responding to and honoring such requests according to the Customer’s instructions.
When you visit the Hearsay Website or use the Services, we and our service providers acting on our behalf automatically collect certain data using tracking technologies like cookies, web beacons, and similar tracking technologies.
A cookie is a small amount of data, which often includes an anonymous unique identifier that is sent to your browser from a website’s computers and stored on your computer’s hard drive.
These technologies are used to help us better understand User behavior and facilitate and measure the effectiveness of our Hearsay Website and Services. We treat information collected by cookies and other technologies as non-personal information.
We use cookies to record current session information. We also use third party cookies (e.g. Google Analytics) to provide anonymized and aggregated information on website usage statistics and patterns.
All modern Internet browsers allow you to control your cookie settings. These settings are usually accessed in the ‘Options’ or ‘Preferences’ section of your browser. Please note that certain features of the website will not be available once cookies are disabled. For further information about cookies and how to manage them, please visit www.allaboutcookies.org.
Hearsay uses web beacons with cookies or separately to compile information about your engagement with us. Web beacons are clear electronic images that can recognize certain types of information on your computer, such as cookies, when you view a particular website tied to the web beacon, and a description of a website tied to the web beacon.
Here is a basic description and overview of the type of cookies Hearsay may use:
Hearsay Social, Inc. (“Hearsay”), is a web and mobile-based software platform that allows financial services and insurance companies (“Customers”) and their employees and/or designated agents with access to the Services (“Users”) to utilize electronic communications channels (such as social media, websites, email, mobile voice and text message) to communicate with clients and prospects (“SaaS Services”).
This Privacy Policy applies to Hearsay’s Website and Hearsay’s SaaS Services; collectively “Services.” This Privacy Policy contains details about how we collect, use, disclose, process, share and secure personal information that we obtain from and about you when you interact with our Services. Our collection and processing of information that alone or in conjunction with other information may reasonably identify you (“Personal Information”) may be either for our own purposes, or on behalf of other entities to whom we provide services.
If you have any questions regarding the collection and processing of Personal Information performed by us on behalf of another entity please consult that entity’s privacy policy. If, after reviewing this Privacy Policy, you have any questions or privacy concerns, please send us an email to privacy@hearsaycorp.com (see the How to Contact Us about Privacy section). We are committed to protecting the privacy of those with whom we interact.
For purposes of this Privacy Policy, the words “our,” “us,” “we,” and “Hearsay” refer to Hearsay Social, Inc., and our affiliates (which includes any person or entity that controls us, is controlled by us, or is under common control with us, such as our subsidiary, parent company, or our employees).
For the purpose of this Notice, Personal Information shall by interchangeable with Personal Data, and each shall have the meaning assigned to it by applicable laws, including, but not limited to, information that directly or indirectly, on its own or in conjunction with other information, identifies an individual. Please read this Notice carefully.
NEVADA, CALIFORNIA, COLORADO, CONNECTICUT, OR VIRGINIA RESIDENTS OR RESIDENTS OF ANOTHER STATE THAT OFFER CERTAIN PRIVACY RIGHTS: If you are a resident of Nevada, California, Colorado, Connecticut, or Virginia or resident of another state that offers certain privacy rights, this entire Privacy Policy applies to you. However, please see Additional Information for Certain States below, which will inform you in detail about our information collection practices and your specific rights.
INDIVIDUALS LOCATED IN THE EEA OR THE U.K.: If you are located in the European Economic Area (“EEA”) or the United Kingdom (“U.K.”), this entire Privacy Policy applies to you. However, please see Additional Information for Individuals in the EEA below, which will inform you in detail about our legal bases for processing and which rights you have in connection with our processing of your personal data.
We collect information in several contexts as described below. This policy also does not apply to information we collect in connection with providing services to our business clients, where we act as a service provider and process Personal Information in accordance with their instructions (see “Hearsay Processor and Service Provider Data”). Such information is subject to the Privacy Policies of the other financial institutions.
This Policy applies only to Hearsay operated services and applications, including our online services, mobile-based application, and Website. Our Services may contain links to other websites that are not operated or controlled by Hearsay. Hearsay does not control such third-party websites or their privacy practices. Any personal information you choose to give to third-party websites is not covered by this Notice.
Hearsay may update this Privacy Policy from time to time, in its sole discretion. If we do so, we will post an updated Privacy Policy on the Hearsay Website and provide prompt written notice of such updates, as applicable. Changes, modifications, additions, or deletions will be effective when posted unless stated otherwise. If we make material or significant changes, we may also send our Customers a notice that we have changed this Privacy Policy. Your continued use of the Hearsay Website and Services, and/or your continued provision of personal information to us after the posting of such notice, will be deemed an acceptance of any changes and subject to the terms of the then-current Privacy Policy. If any of the changes are unacceptable to you, you should cease interacting with us. When required under applicable law, we will seek affirmative consent from you before making material changes to the way we handle Personal Information previously collected from you. If you do not provide such consent, Personal Information will continue to be used in a manner that is consistent with the version of this Notice under which it was collected.
We are located in the United States, and the personal information that we collect is stored on servers located in the United States. This means that your Personal Information will be collected, processed, and stored in the United States, which may have data protection laws that are different from (and sometimes less protective than) the laws of your country or region, such as the General Data Protection Regulation 2016/679 (“GDPR”) in the European Union.
By sending us Personal Information, you agree and consent to the processing of your personal information in the United States, which may not offer an equivalent level of protection to that required in other countries (particularly the European Economic Area).
We have implemented safeguards designed to ensure that the Personal Information we process remains protected in accordance with this Privacy Policy, including when processed internationally or by our third-party service providers and partners. The safeguards we may take at our discretion include, for instance, entering into specific agreements in connection with any onward transfers of personal information. We may implement other mechanisms and take similar appropriate safeguards with our third party service providers and partners. Further details can be provided upon request.
Hearsay acts as a ‘data controller’ when it collects Personal Information on its own behalf and for its own Business Purposes, such as through our publicly-accessible Website, and as a ‘data processor’ when it collects and processes personal information on behalf of its Customers in order to provide the SaaS Services. As such, this Privacy Policy is separated into two main sections that address our different roles:
Please note that how you exercise certain rights will depend on whether Hearsay is processing your Personal Information as a ‘data controller’ or as a ‘data processor’, and is further explained throughout this Privacy Policy:
If you are a visitor of the Hearsay Website or a Customer and have any questions about this Privacy Policy or requests for access to or deletion or rectification of personal information that Hearsay collects and processes contact us at privacy@hearsaycorp.com or by mail at:
Attn: Legal Department
Hearsay Social, Inc. d/b/a Hearsay Systems
2261 Market Street, Ste. 5397
San Francisco, CA 94114
United States of America
Individuals in the EEA or the U.K. may contact Hearsay at:
Attn: Legal Department
Hearsay Social, Inc. d/b/a Hearsay Systems
Koztelek utca 6, 1147 Budapest
privacy@hearsaycorp.com
Below is a description of the personal information that we gather from you as a visitor to Hearsay Website, which includes https://hearsaysystems.com and other websites where this Privacy Policy is posted. Information about personal information collected through the account portal and the Saas Services can be found in the Hearsay Processor and SaaS Service Provider Data section below.
In this section, “you” refers to an individual visiting the Hearsay Website.
When you visit the Hearsay Website, we collect information directly from you when you provide it to us, such as when you request a demo, and indirectly, such as through the use of cookies and similar technology.
Data Protection Law (as defined below) recognizes that Sensitive Personal Information (or “sensitive personal data” as used interchangeably) requires additional protection. In particular, the GDPR prohibits the processing of sensitive personal data, other than in certain exceptional circumstances. Sensitive personal data in the EEA includes information relating to one’s race or ethnicity, political opinions, religious or philosophical beliefs, membership of a trade union, as well as biometric data and data relating to one’s health or sexual orientation (“Sensitive Personal Information”. Certain US state privacy laws (i.e., “Data Protection Law”) also have different definitions of Sensitive Personal Information, which may also include precise geolocation, citizenship or immigration status, and Personal Information from a known child.
Visiting the Hearsay Website
Some pages of the Hearsay Website allow you to fill out a web form and share your personal information with us directly, such as on our “Contact Us” page and on our “Submit a request” page. Information we collect consists of:
Occasionally, we may also offer opportunities for you to share your data with us such as through a survey, to sign up for a newsletter, or to register for or receive details about an event we are sponsoring. If you participate in those surveys, sign up for a newsletter, or register for an event, we will collect the information you provide to us at that time. You will be able to unsubscribe from receiving those types of communication at any time.
In addition, if you send us an email or otherwise contact us, we will collect the personal information that you provide to us at that time.
When you visit the Hearsay Website, we, or authorized third parties, collect information, including Device and Usage Information described below, by automated means using cookies, web beacons, server logs or other tracking technologies for analytic purposes. For more information on our use of these technologies and the data that they collect, please see our Cookie Statement. We may also collect information from third parties, as explained below.
Device and Usage Information
When you visit, use or interact with the Hearsay Website, even if you do not have an account, we, or authorized third parties (such as service providers or External Ad Partners (as defined in the Targeted Advertising section below), may collect information about your use of the Hearsay Website via your device. Device and Usage Information that we, or these authorized third parties, collect consists of:
Information from Third Parties
In some instances, we process personal information from third parties, such as data from our External Ad Partners (see the Targeted Advertising section below). These third parties may also use tracking technologies to serve you advertisements tailored to interests you have shown by browsing on this Website and other sites, applications, destinations, and services you have visited, and for other lawful Business Purposes (as defined below).
To provide you with more relevant and interesting experiences, we may work with third party companies to display ads or customize the content on this Website and on other digital properties and websites. These companies may use cookies and similar tracking technologies as described in this Notice to gather information about your visits to our Website, as well as your visits elsewhere on the Internet. These companies use this information to provide you with more relevant advertising known as interest-based advertising.
We, or our authorized partners, collect and process personal information in order to:
Additionally, we may disclose information about users (i) if it is required to do so by law or legal process; (ii) as may be required to law enforcement authorities or other government officials, (iii) when Hearsay believes disclosure is necessary or appropriate to prevent physical harm, financial loss or in connection with an investigation of suspected or actual illegal activity, or (iv) to respond to claims by third parties.
For California residents, please see the Additional Information for Certain States Section below for more information on specific purposes of collection for each category of Personal Information collected in the past 12 months as a “Business” under the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act of 2020. For Colorado, Connecticut, and Virginia residents, please also see the Additional Information for Certain States.
For individuals located in the EEA or the U.K., please see the Additional Information for Individuals in the EEA and the U.K. Section below for more information, including our legal bases for processing.
We disclose your Personal Information under certain circumstances, such as to our service providers or in the event of a business transfer, as further described below.
Hearsay may share Personal Information and/or Sensitive Personal Information with our third party agents, contractors, or service providers who are hired to perform services on Hearsay’s behalf or in order to assist with certain Business Purposes and/or Commercial Purposes. These providers may operate or support certain functions of the Hearsay Website and Services. Below is a list of categories of service providers that we may use to perform these functions (which are subject to change):
Service providers process your Personal Information and/or Sensitive Personal Information for the specific purpose of providing their services to us (and in accordance with our instructions).
As explained here, we also work with and disclose Personal Information to External Ad Partners who assist us with advertising and marketing our Services.
In some cases, service providers and External Ad Partners collect your Personal Information and/or Sensitive Personal Information directly from you, such as via cookies.
We may share data collected from you from the Hearsay Website with our affiliate entities.
As we continue to grow, we may purchase websites, applications, subsidiaries, or other businesses or business units. Alternatively, we may sell businesses or business units, merge with other entities, obtain financing, and/or sell assets or stock, in some cases, as part of a reorganization or liquidation in bankruptcy. In order to evaluate and/or as part of these transactions, we may transfer your personal information to a successor entity upon a merger, consolidation, or other corporate reorganization in which Hearsay participates, to investors and/or to a purchaser or acquirer of all or a portion of Hearsay’s assets, including bankruptcy.
We share anonymized, aggregated, automatically-collected, or otherwise non-Personal Information with third parties for various purposes, including (i) compliance with reporting obligations; (ii) Business Purposes, Commercial Purposes, and/or marketing purposes; (iii) assistance for us and other parties in understanding our users’ interests, habits, and usage patterns for certain programs, content, services, advertisements, and/or functionality available through the Services. We do not share Personal Information about you in this case.
Hearsay may preserve or disclose your Personal Information in limited circumstances (other than as set forth in this Privacy Policy), including: (i) with your consent; (ii) when we have a good faith belief it is required by law, such as pursuant to a valid subpoena, warrant, or other judicial or administrative order (as further explained below); (iii) to protect the safety of any person; (iv) to protect the safety or security of the Hearsay Website and/or Services or to prevent spam, abuse, or other malicious activity of actors with respect to the Hearsay Website and/or Services; or (v) to protect our rights or property or the rights or property of those who use the Hearsay Website and/or Services.
If we are required to disclose Personal Information by law, such as pursuant to a subpoena, warrant, or other judicial or administrative order, we will use reasonable efforts to provide you with notice of this disclosure requirement, unless we are prohibited from doing so by statute, subpoena or court or administrative order. Our policy is to respond to requests that are properly issued by law enforcement within the United States or via mutual legal assistance mechanism (such as a treaty), and to object to requests that we do not believe were issued properly. However, if we receive information that provides us with a good faith belief that there is an exigent emergency involving the danger of death or serious physical injury to a person, we may provide information to law enforcement trying to prevent or mitigate the danger (if we have it), which will be determined on a case-by-case basis.
Our Website is intended for individuals 18 years of age and older. It is not directed at, marketed to, nor intended for, children under 18 years of age. We do not knowingly collect any Personal Information directly from children under the age of 18. If we discover we have inadvertently received any Personal Information from a child under the age of 18 in violation of this Policy, we will take reasonable steps to delete that information as quickly as possible. If you believe that we have any Personal Information from or about anyone under the age of 18, please contact us at privacy@hearsaycorp.com.
The Hearsay Website uses third-party analytics tools that drop cookies and/or similar technologies to collect and store information about your device and use of the Hearsay Website. We use analytics tools to calculate visitor, session and campaign data for the Hearsay Website analytics reports.
One of our tools is Google Analytics. We use Google Analytics to generate and process statistical or demographic data. Third parties, like Google, use cookies to compile reports on the website’s activity and website visitors, and provide other services related to website activity and usage. The technologies used by Google may collect information such as your IP address, time of visit, whether you are a return visitor, and any referring website. You can read more about Google’s practices in Google’s privacy policy. You can opt-out from being tracked by Google Analytics in a particular browser on a particular device by downloading and installing the Google Analytics Opt-out Browser Add-on for that browser. To learn more about how to opt-out of tracking by Google Analytics, please click here.
Another tool is the LinkedIn Insight Tag. You can read more about LinkedIn’s practices in LinkedIn’s privacy policy. LinkedIn only provides reports and alerts (which do not identify LinkedIn members) about the Hearsay website audience and ad performance (LinkedIn does not share the personal data of its members with Hearsay). LinkedIn members can control the use of their personal data for advertising purposes through their account settings.
We market our company and Services in a variety of ways. Below is a description of what data we gather from you, and how we use it for purposes of these marketing activities. We gather information from or about you in the following different roles:
Occasionally, we may also offer opportunities for you to share your data with us such as through a survey, to sign up for a newsletter, or to register for or receive details about an event we are sponsoring. If you participate in those surveys, sign up for a newsletter, or register for an event, we will collect the information you provide to us at that time. You will be able to unsubscribe from receiving those types of communication at any time.
In some cases, you provide Personal Information directly to Hearsay as part of a marketing event that Hearsay hosts or co-hosts, through email or when you participate in an online webinar. Occasionally, and only with your consent, we may send you future communications. We may also acquire personal information about you through a third party. In particular, Hearsay engages third parties who provide us with contact information for Leads. When acquiring information from third parties, Hearsay endeavors to obtain contractual commitments from the third parties that the information was acquired lawfully and with the appropriate level of consent.
Our communications to you for marketing purposes will contain instructions on how you can opt-out from receiving future communications, and if you consent to our use of your personal information for marketing purposes, you may always withdraw your consent. You may also contact Hearsay directly about its marketing activities at privacy@hearsaycorp.com.
Hearsay engages third-party advertising networks (“External Ad Partners”) to display advertising about our Services when you visit other websites within that advertising network. Like many other companies, we rely on retargeting, also known as remarketing, which is a type of marketing strategy that helps businesses “remind” visitors of their products and services after they leave their websites. For instance, through the use of cookies (and similar technologies) placed by External Ad Partners, online identifiers (considered personal information) are collected and then used to identify visitors to the Hearsay Website on other websites or social media platforms. With this information our External Ad Partners may serve relevant ads on consumers who previously visited the Hearsay Website.
Individuals in the EEA, the U.K., or certain U.S. state residents (i.e., Consumers, as defined below) have additional rights, as explained here and here.
Hearsay maintains an online presence on social media platforms (“Social Media Platforms”) such as Instagram, Twitter, Facebook and Linkedin, to provide information about our Services and communicate with users and/or visitors to those pages or accounts. When you interact or post to our account, we process your Personal Information. In some cases, the Social Media Platforms are service providers or processors. In other cases, such as with Facebook, we are jointly responsible for the processing, as explained in the section titled Hearsay as a ‘Joint Controller’ with Facebook.
We use reasonably appropriate security measures designed to protect the security of Personal Information and Sensitive Personal Information both online and offline. These measures vary based on the sensitivity of the information that we collect, process and store and the current state of technology. Please note, though, that no website or internet transmission is completely secure, so while we strive to protect your data, we cannot guarantee that unauthorized access, hacking, data loss or a data breach will never occur.
Certain internet web browsers allow a “do not track” (“DNT”) setting that relies on a technology known as a DNT header, which sends a signal to websites visited by the individual about the individual’s browser DNT setting. At this time, we do respond to DNT signals. For more information on DNT settings generally, please visit https://allaboutdnt.com.
How you make choices about cookies and other tracking technologies depends on the type of cookie or tracking technology being used. For details on how to manage your preferences for cookies and tracking technologies within your web browser, please see our Cookie Statement.
If you are receiving promotional emails from us, you can choose to stop receiving those by following the unsubscribe/opt-out instructions in those emails. You can also opt-out by contacting customer support at support@hearsaycorp.com.
To request access to, or to make changes to, data that we have collected from you via the Hearsay Website, please email us at privacy@hearsaycorp.com. Individuals in the EEA, the U.K., or certain U.S. state residents (i.e., Consumers, as defined below) have additional rights, as explained here and here.
The categories of recipients of personal data with whom we may share your personal data are listed in Disclosure of Your Personal Information above.
Hearsay as ‘Data Controller’
As a ‘data controller’, Hearsay processes your Personal Information for a number of different purposes. Some are essential for us to provide the Services or to fulfill our legal obligations, some help us run the Services efficiently and effectively, and some enable us to provide you with more relevant and personalized offers and information. In all cases, with respect to individuals in the EEA or the U.K., we must have a reason and a legal ground for processing your personal information. The most common legal grounds on which we rely are briefly explained below:
The following breakdown illustrates in more detail our processing activities and how the above legal bases for processing apply (in brackets):
We use Facebook’s products and services (“Facebook Products”) in different ways:
With respect to our use of Facebook Products, we are jointly responsible with Facebook Ireland for the processing activities (“Joint Processing”):
Facebook Ireland Ltd.,
4 Grand Canal Square, Grand Canal Harbor
Dublin 2, Ireland
Information about the personal data that is collected from you by Facebook, as well as how and why it is processed by Facebook, can be found at https://www.facebook.com/about/privacy.
Hearsay and Facebook have entered into an agreement in order to determine the respective responsibilities for compliance with our obligations in connection with the Joint Processing within the meaning of the GDPR. This joint controller agreement, which sets out the reciprocal obligations, is available here.
Hearsay’s legal basis for processing your personal data via Facebook Products is our legitimate interest in increasing and analyzing the communication, sales, and promotion of Services. Our legal basis may also be your consent, which may be revoked at any time.
Some processing by Facebook Ireland Ltd. might take place in the United States by Facebook Inc.
We use the following criteria to determine our retention periods: the amount, nature and sensitivity of your information, the reasons for which we collect and process your personal data, the length of time we have an ongoing relationship with you and provide you with access to our Services, and applicable legal requirements. We will retain personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to comply with applicable legal, tax, or accounting requirements), when we are unable to reasonably verify your identity, or as may otherwise be required under GDPR. Additionally, we cannot delete information when it is needed for the establishment, exercise, or defense of a legal claim (also known as a “litigation hold”). In this case, the information must be retained as long as needed for exercising respective potential legal claims.
When we no longer have a legitimate business need to process your personal information, it is deleted and/or anonymized. If you have questions about, or need further information concerning, our data retention periods, please email privacy@hearsaycorp.com.
If the GDPR or the U.K., applies to you because you are in the EEA or the U.K., you have certain rights in relation to your personal data:
These rights are subject to certain rules around when you can exercise them. If you are located in the EEA or the U.K. and wish to exercise any of the rights set out above, please contact us (see How to Contact Us about Privacy).
We will respond to all legitimate requests within one month. Occasionally, it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated as required by law.
Finally, you have the right to make a complaint at any time to the supervisory authority for data protection issues in your country of residence. We would, however, appreciate the chance to address your concerns before you approach the supervisory authority, so please contact us directly first at privacy@hearsaycorp.com.
This privacy notice for Nevada, California, Colorado, Connecticut, and Virginia residents, and residents of other states with applicable privacy laws (“State Privacy Notice”) supplements the information contained in the Privacy Policy and applies solely to individuals who reside in the applicable state (“Consumers”). We have created this State Privacy Notice in order to comply with the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act (collectively, “CCPA”), the Colorado Privacy Act (“CPA”), the Connecticut Data Privacy Act (“CTDPA”), the Virginia Consumer Data Protection Act (“VCDPA”), and other applicable privacy laws (collectively, “Data Protection Law”).
This CCPA Notice applies to Personal Information that Hearsay collects for its own purposes. It does not apply to:
We collect Personal Information as that term is defined in CCPA. Within the last twelve (12) months, Hearsay has collected the following categories of Personal Information from or about Consumers:
Personal information does not include:
As explained in more detail here, Hearsay obtains the categories of personal information listed above from the following categories of sources:
We collect and process your Personal Information and/or Sensitive Personal Information whenever you use our Website and/or Services.
Under the CCPA, we must disclose the purposes for which we collect your information. Our purposes include Business Purpose and Commercial Purposes, as generally described below.
In the section Why We Collect Your Personal Information and How We Use It, we explain the purposes for which we process this information, pursuant to Data Protection Law(s), along with the relevant categories of data we use and the legal basis we rely on to do so or other permitted reasons for processing (e.g. Business Purposes or Commercial Purposes under the CCPA). For clarity, the terms Business Purpose and Commercial Purpose, are being used to sufficiently describe the purpose of processing, transferring, sharing, sale, and/or sharing, as applicable, of all your Personal Information and/or Sensitive Personal Information under all Data Protection Law(s). As previously mentioned, Hearsay transfers and/or discloses your geolocation data and the contents of your social and text messages, which is Sensitive Personal Information, in order to provide the Service as well as for compliance reasons.
Hearsay may disclose your Personal Information to service providers, contractors, and/or third parties (as defined by CCPA) (or processor or third party, as defined by applicable Data Protection Law(s)) for a Business Purpose and/or Commercial Purpose. When we disclose Personal Information for a Business Purpose and/or Commercial Purpose, we enter into a contract that describes the purpose and requires the recipient to both keep that Personal Information confidential and not use it for any purpose except performing the services for us. As explained in more detail here, we also share your Personal Information with certain categories of service providers, contractors, and/or third parties who assist us in providing the Hearsay Website and Services and with our business.
We disclose your Personal Information and/or Sensitive Personal Information for a Business Purpose and/or Commercial Purpose to the following categories of Service Providers:
The following chart describes the categories of Personal Information and Sensitive Personal Information that we disclosed to service providers, contractors, and/or third parties for a Business Purpose and/or Commercial Purpose in the 12 months prior to the date of this Privacy Policy. As noted below in the chart, Hearsay transfers and/or discloses your geolocation data and the contents of your social and text messages, which is Sensitive Personal Information, in order to provide the Service as well as for compliance reasons.
The CCPA defines ‘sale’ and ‘share’ very broadly. ’Sale’ includes the sharing of Personal Information with third parties in exchange for anything of value, while ‘share’ means disclosure of Personal Information to third parties for cross contextual behavioral advertising. According to these broad definitions, in the 12 months before this section was last updated, we may have sold or shared the following categories of Personal Information to third parties:
The CCPA provides Consumers with specific rights regarding their Personal Information, provided that we are able to verify their identities as explained below. This section describes your CCPA rights and explains how to exercise them.
Opting-out of Sales or Sharing of Your Personal Information
You have the right to opt-out of our sharing or selling of your Personal Information with some External Ad Partners in certain circumstances. If you would like to opt-out of the sale of Personal Information, please click here.You can also opt-out of the sale or sharing of your Personal Information that is collected automatically when you visit the Website by clicking here.
Hearsay does not sell or share Personal Information collected on the Hearsay mobile-based software platform.
Access to Specific Information
You have the right to request that Hearsay disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive your request and verify your identity, as explained in Exercising Your Consumer Rights, we will disclose such information to you.
Right to Data Portability
You have the right to receive the Personal Information that you have provided to Hearsay, in a structured, commonly used and machine-readable format, and you have the right to transmit that information to another controller, including to have it transmitted directly, where technically feasible.
Right to Correction
You have the right to have your Personal Information corrected.
Deletion Request Rights
You have the right to request that Hearsay delete your personal information, subject to certain exceptions listed in the CCPA. Once we receive your request and verify your identity, as explained in Exercising Your Consumer Rights, we will delete (and direct our service providers, contractors, third parties, and/or processors, as applicable, to delete) your Personal Information from our records, unless an exception applies.
Your Right to Limit the Use Sensitive Personal Information We Have Collected About You
You have the right to limit our use of your Sensitive Personal Information if we use it for purposes other than providing the Services to you. We currently do not use your Sensitive Personal Information for purposes other than providing the Service/ for the Business Purposes above.
Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable Consumer request related to your personal information.
An authorized agent is a natural person or a business entity registered with the Secretary of State that a Consumer has authorized to act on his or her behalf. When a Consumer uses an authorized agent to submit a request to know or a request to delete, Hearsay may require that the Consumer provide the authorized agent written permission to do so and verify his or her own identity directly with Hearsay, unless the Consumer has provided the authorized agent with a valid power of attorney. Hearsay may deny a request from an agent that does not submit proof that he or she has been authorized by the Consumer to act on his or her behalf.
To exercise the rights described above, please submit a verifiable Consumer request to us by either calling us at 1-888-399-2280 or mailing privacy@hearsaycorp.com.
You may only make a verifiable Consumer request for access or data portability twice within a 12-month period. In particular, you can request the following:
1. Specific Pieces of Information
2. Categories of Information
The verifiable Consumer request must:
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. We will notify you to explain the basis of the denial.
If we have a good-faith, reasonable belief that a request to opt-out of the sale or sharing of Personal Information is fraudulent, we may deny the request. Should this occur, we will inform you and explain why we believe the request is fraudulent.
Making a verifiable Consumer request does not require you to create an account with us. Please note that the methods for verification are set forth in the CCPA, which also requires us to consider a number of factors, such as the type, sensitivity, and value of the personal information or the risk of harm posed by unauthorized access or deletion, on a case-by-case basis.
We will only use personal information provided in a verifiable Consumer request to verify the requestor’s identity or authority to make the request.
Upon your request, we will delete the Personal Information we have collected about you, except for situations where the CCPA authorizes us to retain specific information, including when it is necessary for us to provide you with a good or service that you requested; perform a contract we entered into with you; maintain the functionality or security of our systems; or comply with or exercise rights provided by the law. The law also permits us to retain specific information for our exclusively internal use, but only in ways that are compatible with the context in which you provided the information to us or that are reasonably aligned with your expectations based on your relationship with us. We will act on your deletion request within the timeframes set forth below.
Response Timing
We endeavor to respond to a verifiable Consumer request generally within 45 days of its receipt, or as otherwise required by the CCPA, although we may take longer to process your request under certain circumstances. If we expect your request is going to take us longer than normal to fulfill, we will let you know.
Any disclosures we provide will only cover the 12-month period preceding our receipt of the verifiable Consumer’s request. If applicable, in our response, we will also explain the reasons we cannot comply with a request. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We usually act on requests and provide information free of charge, but we may charge a reasonable fee to cover our administrative costs of providing the information in certain situations. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request. In some cases, the law may allow us to refuse to act on certain requests. When this is the case, we will endeavor to provide you with an explanation as to why.
We will not discriminate against you in a manner prohibited by the CCPA because you exercise your CCPA rights. Please note that to use our Services, we do require the collection of your personal information – for example, to sign you up. While you may request to delete your personal information under CCPA, such deletions may affect our ability to offer the Services.
California Civil Code Section 1798.83, also known as the “Shine the Light” law, permits California residents to annually request, free of charge, information about certain categories of Personal Information a business has disclosed to third parties for direct marketing purposes in the preceding calendar year. California residents may make such request to us at privacy@hearsaycorp.com. We will provide a list of the categories of personal information disclosed to such third parties for their direct marketing purposes during the immediately preceding calendar year, along with the names and addresses or these third parties. This request may be made no more than once per calendar year. We reserve our right not to respond to requests submitted other than to the email specified in this section.
We do not sell your Personal Information within the scope of, and according to the defined meaning of, a “sale” under NRS 603A.
Under Virginia’s Consumer Data Protection Act (“VCDPA”), solely as to Personal Information of users acting in an individual or household context, Virginia residents have certain rights around Hearsay’s collection, use, and sharing of their personal data. Hearsay may sell your personal data and has provided you with notice and an opportunity to opt-out of such sale as required by law. Similarly, Hearsay may engage in profiling in furtherance of decisions that produce legal or similarly significant effects. Hearsay may engage in “targeted advertising” as that term is defined in the VCDPA. You have the right to opt-out of targeted advertising here. Hearsay collects various categories of personal data when you use the Services, including identifiers, commercial information, internet or other electronic network or device activity information, geolocation data, and professional information . A more detailed description of the information Hearsay collects and how we use it is provided above in the sections Information We Collect Directly From You, Information We Collect Indirectly From You, Use of Your Personal Information, How We Process Your Information and Our Legal Bases for Doing So, and Disclosure of Personal Information. Disclosure of Personal Information describes the categories of third parties with whom we share personal data, and what information may be shared under different circumstances. If you are a resident of Virginia, you will have the right to (1) request to know what personal data has been collected about you, and to access that information; (2) request to correct inaccuracies in your personal data; (3) request deletion of your personal data, though exceptions under the CDPA and other laws may allow Hearsay to retain and use certain personal data notwithstanding your deletion request; (4) obtain a copy of your personal data (i.e., right of data portability); and (5) the right to opt out personal data processing for the purpose of (i) targeted advertising; (ii) the sale of personal data; or (iii) profiling in further of decisions that produce legal or similarly significant effects concerning the consumer. You can learn more about how to submit a data rights request, or appeal denial of a request, as applicable, at the Exercising Your Consumer Rights section above. You may also send your request by email to privacy@hearsaycorp.com.
Under Colorado’s Consumer Privacy Act (“CPA”), solely as to Personal Information of users when acting in an individual or household context, Colorado residents have certain rights around Hearsay’s collection, use, and sharing of their personal data. Hearsay may sell your personal data and has provided you with notice and an opportunity to opt-out of such sale as required by law. Similarly, Hearsay may engage in profiling in furtherance of decisions that produce legal or similarly significant effects. Hearsay may engage in “targeted advertising” as that term is defined in the CPA. You will have the right to opt-out of targeted advertising here. Hearsay collects various categories of personal data when you use the Services, including identifiers, commercial information, internet or other electronic network or device activity information, geolocation data, and professional information. A more detailed description of the information Hearsay collects and how we use it is provided above in the sections Information We Collect Directly From You, Information We Collect Indirectly From You, Use of Your Personal Information, How We Process Your Information and Our Legal Bases for Doing So, and Disclosure of Personal Information. Disclosure of Personal Information describes the categories of third parties with whom we share personal data, and what information may be shared under different circumstances. If you are a resident of Colorado, you will have the right to (1) request to know what personal data has been collected about you, and to access that information; (2) request to correct inaccuracies in your personal data; (3) request deletion of your personal data, though exceptions under the CPA and other laws may allow Hearsay to retain and use certain personal data notwithstanding your deletion request; (4) obtain a copy of your personal data (i.e., right of data portability); and (5) the right to opt out personal data processing for the purpose of (i) targeted advertising; (ii) the sale of personal data; or (iii) profiling in further of decisions that produce legal or similarly significant effects concerning the consumer. You can learn more about how to submit a data rights request, or appeal denial of a request, as applicable, at the Exercising Your Consumer Rights section above. You may also send your request by email to privacy@hearsaycorp.com.
Under Connecticut’s Data Privacy Act (“CTDPA”), solely as to Personal Information of users when acting in an individual or household context, Connecticut residents have certain rights around Hearsay’s collection, use, and sharing of their personal data. Hearsay may sell your personal data and has provided you with notice and an opportunity to opt-out of such sale as required by law. Similarly, Hearsay may engage in profiling in furtherance of decisions that produce legal or similarly significant effects. Hearsay may engage in “targeted advertising” as that term is defined in the CTDPA. You will have the right to opt-out of targeted advertising here. Hearsay collects various categories of personal data when you use the Services, including identifiers, commercial information, internet or other electronic network or device activity information, geolocation data, and professional information. A more detailed description of the information Hearsay collects and how we use it is provided above in the sections Information We Collect Directly From You, Information We Collect Indirectly From You, Use of Your Personal Information, How We Process Your Information and Our Legal Bases for Doing So, and Disclosure of Personal Information. Disclosure of Personal Information describes the categories of third parties with whom we share personal data, and what information may be shared under different circumstances. If you are a resident of Connecticut, you will have the right to (1) request to know what personal data has been collected about you, and to access that information; (2) request to correct inaccuracies in your personal data; (3) request deletion of your personal data, though exceptions under the CTDPA and other laws may allow Hearsay to retain and use certain personal data notwithstanding your deletion request; (4) obtain a copy of your personal data (i.e., right of data portability); and (5) the right to opt out personal data processing for the purpose of (i) targeted advertising; (ii) the sale of personal data; or (iii) profiling in further of decisions that produce legal or similarly significant effects concerning the consumer. You can learn more about how to submit a data rights request, or appeal denial of a request, as applicable, at the Exercising Your Consumer Rights section above. You may also send your request by email to privacy@hearsaycorp.com.
If you have any questions regarding this State Notice, please contact us directly.
As explained above, we process personal information from individuals described below on behalf of our Customers in order to provide our Services, in accordance with their Instructions. When we process personal information on behalf of our Customers, we are a ‘data processor’ or service provider. This includes certain information that we collect through our account portal (https://my.hearsaysocial.com/) when Users log into their accounts with Hearsay, as well as other information that is collected through the various products offered by Hearsay as part of the Services.
Hearsay’s Customers are controllers of the Personal Information because they decide how or why your Personal Information is processed. When our Customers process Personal Information through our Services, they are responsible for ensuring that they do so in compliance with the law, including providing their customers and users with their own privacy policies.
Hearsay’s processing activity as a service provider and processor is governed by the contracts we have with our Customers. Under the terms of those agreements, we will direct any data subject request you make to Hearsay for Personal Information that we process as a processor under this section to our Customers.
For purposes of this Section, “You” may refer to a variety of people, including:
If there are special terms and considerations, we will address the individual group by the capitalized term (Customer, User or User Contacts). Where terms apply to all groups, we will address the group as “you.”
We process information (1) received directly from Customers and Users, other than personal information collected on signing up as a User of the Services, (2) from or about User Contacts through the use of the Services by Customers and Users, and (3) obtained indirectly, such as through the use of cookies or CRM integrations.
The information that we process as part of the Services is described below in further detail. Collectively, all information processed by Hearsay in order to provide the Services is referred to “Services Information” for purposes of this Privacy Policy.
Through the Services, Customers and Users can populate their accounts with information submitted by a Customer or a User to Hearsay, or uploaded by Customer or a User to the Services, which is meant to be used and shared through the Services. Examples of such content include articles, logos and other assets uploaded by a Customer or User to personalize a web page. In uploading or submitting this information, Customers and Users must not include any personally identifiable information contained within the uploaded materials.
Hearsay may also contact Customers and Users to provide feedback on the Services by email or other means in order to better understand how Customers and Users use the Services. Some of the questions might include requests with a voluntary answer to provide certain additional personal identifiable information, such as name, age and geographic location. Information gathered by Hearsay will be used solely in connection with or to improve or expand the Services; however, this may include using this information within third-party services that are associated with the Services. Please see our cookies section to better understand how we use performance cookies to improve the Services.
As part of our Services, Hearsay allows Users to connect certain digital assets such as social media accounts (including private messaging in some cases), email addresses and telephone numbers to the Services in order to communicate with User Contacts. Customers may also have their own websites hosted by Hearsay (“Customer Sites”). As a result, Hearsay processes personal information from or about User Contacts that is collected via the Customer Sites, User social media accounts and/or other connections to the Services, depending on the level of permission. For instance, when using social media networks, if Hearsay is allowed to collect social media activity about the User Contact, Hearsay will collect such information and present a summary of this information to the User. With respect to text message correspondence, Hearsay may collect, store and retain the telephone number of the User Contact, call history with the User Contact, and any contents of a text message that a User Contact made in text message communications with the User.
Hearsay collects and/or processes Sensitive Personal Information, including precise geolocation and content of social and text messages. As explained below, the contents of social and text messages may contain additional Sensitive Personal Information that is shared by the Customer and/or User.
Any information that a User or a User Contact submits to the Services will be captured and retained by Hearsay as part of the Services.
If you are a User Contact, you may have been directed to review this Privacy Policy by one of our Customers in lieu of their own Privacy Policy. In this case, any information about you as a User Contact that Hearsay collects will be processed and maintained in accordance with this policy. However, to understand how the Customer uses the information or to exercise any rights, please contact the Customer directly.
CRM Integrations
Certain Customers integrate their customer relationship management (CRM) systems with the Services. When this happens, Hearsay receives any information about Users and User Contacts that a Customer has collected and wishes to share with Hearsay. Hearsay will use this information within the Service to enable certain functionality (e.g., populating email contacts from a CRM so that a User may utilize email functionality), or use insights in order to recommend certain actions (e.g., based on a combination of activity documented in CRM and the Services with a User Contact, a User might receive a recommendation to make a future communication with the same User Contact).
Publicly Available Information about Users and User Contacts
In order to better understand Users and provide a better experience, Hearsay creates various “profiles” within the Services, in order to provide more targeted content and suggest action items for a User to take within the Services. “Profiles” are not composites of personal information nor based on actual individuals, but are common characteristics identified by Hearsay to describe certain behaviors or preferences. In order to make recommendations or suggest content, Hearsay endeavors to find out more about its Users and User Contacts. In some instances, when building these “profiles,” Hearsay may retain third parties to collect publicly available information about Users. This information may include your industry, the size of your office, and your online directory listing, to help Hearsay understand more about our customer base and to tailor information we send you about the Services.
Anonymized Aggregated Data
Hearsay has developed proprietary algorithms that monitor all communications and transactions that occur within the Services. Hearsay engages third parties to perform data analysis on data sets provided by Hearsay in order to improve Hearsay’s algorithms. The purpose of these algorithms is to identify patterns of behavior, either unique to a User or to defined categories of people, which may enhance a User’s use of the Services. Any data created or identified within an algorithm does not identify the activity of an individual User or User Contacts. For example, the Services may identify that a User’s social media network contacts are most active between the hours of 10 AM to 12 PM on weekdays, and would therefore recommend a User to schedule social media posts during this time. The Services algorithms gather this information based on the volume activity occurring within this network; this recommendation, or any data associated with this recommendation, would not identify the posting habits of any individual User Contact or a User. For text message communication, the Services may suggest prepopulated quick replies to certain text messages. The Services algorithms make these suggestions based on gathered information from previous replies and conversations.
Industry Information
Hearsay collects information relating to the industry with which a User is associated: acquiring data sets about certain financial services industries, reviewing census results to identify purchasing habits of consumers, etc. The purpose of acquiring this information is to provide more information and insight for the User when using the Services.
We or our authorized service providers process the Services Information solely as a data processor, in order to:
We disclose Services Information under certain circumstances, as further described below.
The Services allow Users to send or receive communications from User Contacts through social media, email, text messaging and voice communications. If Users send communications through the Services, Hearsay will deliver those communications to third parties in order for the User Contact to share and receive those communications. We call these third party delivery networks “External Services.” Examples of External Services include Facebook, Twitter, LinkedIn and Instagram (for social media).
We may share Services Information with third-party service providers or consultants who need access to the data to perform their work on Hearsay’s behalf. These third party service providers are limited to only accessing or using this data to provide services to us and must provide reasonable assurances that they will appropriately safeguard any data provided by Hearsay. These include Amazon Web Services for website hosting, Sendgrid for email delivery and Twilio for text messaging.
Hearsay is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). Telecommunications activity performed by Hearsay is regulated and overseen by the Federal Communications Commission (FCC) and various state public utility commissions. We may disclose Services Information pertaining to a regulatory audit conducted by these entities as well as oversight organizations for the financial services industry, such as FINRA, SEC, or similar state and international regulators. When responding to a financial services regulatory audit, we will endeavor to first contact the Customer before disclosing any such information unless we are prohibited from doing so. The Customer is solely responsible for contacting any Users or User Contacts as part of the regulatory audit and disclosure of Services Information.
We may share data collected from you from the Services with our affiliates.
As we continue to grow, we may purchase websites, applications, subsidiaries, or other businesses or business units. Alternatively, we may sell businesses or business units, merge with other entities, obtain financing, and/or sell assets or stock, in some cases, as part of a reorganization or liquidation in bankruptcy. In order to evaluate and/or as part of these transactions, we may transfer your personal information to a successor entity upon a merger, consolidation, or other corporate reorganization in which Hearsay participates, to investors and/or to a purchaser or acquirer of all or a portion of Hearsay’s assets, bankruptcy included.
We share anonymized, aggregated, automatically-collected, or otherwise non-personal information with third parties for various purposes, including (i) compliance with reporting obligations; (ii) business or marketing purposes; (iii) assistance for us and other parties in understanding our Customers’ and Users’ interests, habits, and usage patterns for certain programs, content, services, advertisements, and/or functionality available through the Services. We do not share personal information about you in this case.
Hearsay may preserve or disclose your personal information in limited circumstances (other than as set forth in this Privacy Policy), including: (i) with your consent; (ii) when we have a good faith belief it is required by law, such as pursuant to a valid subpoena, warrant, or other judicial or administrative order (as further explained below); (iii) to protect the safety of any person; (iv) to protect the safety or security of the Hearsay Website and/or Services or to prevent spam, abuse, or other malicious activity of actors with respect to the Hearsay Website and/or Services; or (v) to protect our rights or property or the rights or property of those who use the Hearsay Website and/or Services.
If we are required to disclose personal information by law, such as pursuant to a subpoena, warrant, or other judicial or administrative order, we will use reasonable efforts to provide you with notice of this disclosure requirement, unless we are prohibited from doing so by statute, subpoena or court or administrative order. Our policy is to respond to requests that are properly issued by law enforcement within the United States or via mutual legal assistance mechanism (such as a treaty), and to object to requests that we do not believe were issued properly. However, if we receive information that provides us with a good faith belief that there is an exigent emergency involving the danger of death or serious physical injury to a person, we may provide information to law enforcement trying to prevent or mitigate the danger (if we have it), which will be determined on a case-by-case basis.
Certain Customers may purchase services from third parties that have a partnership relationship with Hearsay and are authorized to access the Services (“Value Added Partners”). In such cases, Hearsay will allow the Value Added Partner(s) to access the relevant Services account if the Customer has given the requisite permission. This access may include being able to read Services Information.
As ‘data controllers’ of Services Information, Customers are responsible for providing information to individuals in the EEA and/or the U.K., including the purposes of collection, legal bases, and your rights, as well as residents of certain states that provide consumer rights. If we receive a notification from a Customer regarding an individual wishing to exercise his/her exercising, we will assist said Customer with responding to and honoring such requests according to the Customer’s instructions.
When you visit the Hearsay Website or use the Services, we and our service providers acting on our behalf automatically collect certain data using tracking technologies like cookies, web beacons, and similar tracking technologies.
A cookie is a small amount of data, which often includes an anonymous unique identifier that is sent to your browser from a website’s computers and stored on your computer’s hard drive.
These technologies are used to help us better understand User behavior and facilitate and measure the effectiveness of our Hearsay Website and Services. We treat information collected by cookies and other technologies as non-personal information.
We use cookies to record current session information. We also use third party cookies (e.g. Google Analytics) to provide anonymized and aggregated information on website usage statistics and patterns.
All modern Internet browsers allow you to control your cookie settings. These settings are usually accessed in the ‘Options’ or ‘Preferences’ section of your browser. Please note that certain features of the website will not be available once cookies are disabled. For further information about cookies and how to manage them, please visit www.allaboutcookies.org.
Hearsay uses web beacons with cookies or separately to compile information about your engagement with us. Web beacons are clear electronic images that can recognize certain types of information on your computer, such as cookies, when you view a particular website tied to the web beacon, and a description of a website tied to the web beacon.
Here is a basic description and overview of the type of cookies Hearsay may use:
Hearsay Social, Inc. (“Hearsay”), is a web and mobile-based software platform that allows financial services and insurance companies (“Customers”) and their employees and/or designated agents with access to the Services (“Users”) to utilize electronic communications channels (such as social media, websites, email, mobile voice and text message) to communicate with clients and prospects (“SaaS Services”).
This Privacy Policy applies to Hearsay’s Website and Hearsay’s SaaS Services; collectively “Services.” This Privacy Policy contains details about how we collect, use, disclose, process, share and secure personal information that we obtain from and about you when you interact with our Services. Our collection and processing of information that alone or in conjunction with other information may reasonably identify you (“Personal Information”) may be either for our own purposes, or on behalf of other entities to whom we provide services.
If you have any questions regarding the collection and processing of Personal Information performed by us on behalf of another entity please consult that entity’s privacy policy. If, after reviewing this Privacy Policy, you have any questions or privacy concerns, please send us an email to privacy@hearsaycorp.com (see the How to Contact Us about Privacy section). We are committed to protecting the privacy of those with whom we interact.
For purposes of this Privacy Policy, the words “our,” “us,” “we,” and “Hearsay” refer to Hearsay Social, Inc., and our affiliates (which includes any person or entity that controls us, is controlled by us, or is under common control with us, such as our subsidiary, parent company, or our employees).
For the purpose of this Notice, Personal Information shall by interchangeable with Personal Data, and each shall have the meaning assigned to it by applicable laws, including, but not limited to, information that directly or indirectly, on its own or in conjunction with other information, identifies an individual. Please read this Notice carefully.
NEVADA, CALIFORNIA, COLORADO, CONNECTICUT, OR VIRGINIA RESIDENTS OR RESIDENTS OF ANOTHER STATE THAT OFFER CERTAIN PRIVACY RIGHTS: If you are a resident of Nevada, California, Colorado, Connecticut, or Virginia or resident of another state that offers certain privacy rights, this entire Privacy Policy applies to you. However, please see Additional Information for Certain States below, which will inform you in detail about our information collection practices and your specific rights.
INDIVIDUALS LOCATED IN THE EEA OR THE U.K.: If you are located in the European Economic Area (“EEA”) or the United Kingdom (“U.K.”), this entire Privacy Policy applies to you. However, please see Additional Information for Individuals in the EEA below, which will inform you in detail about our legal bases for processing and which rights you have in connection with our processing of your personal data.
We collect information in several contexts as described below. This policy also does not apply to information we collect in connection with providing services to our business clients, where we act as a service provider and process Personal Information in accordance with their instructions (see “Hearsay Processor and Service Provider Data”). Such information is subject to the Privacy Policies of the other financial institutions.
This Policy applies only to Hearsay operated services and applications, including our online services, mobile-based application, and Website. Our Services may contain links to other websites that are not operated or controlled by Hearsay. Hearsay does not control such third-party websites or their privacy practices. Any personal information you choose to give to third-party websites is not covered by this Notice.
Hearsay may update this Privacy Policy from time to time, in its sole discretion. If we do so, we will post an updated Privacy Policy on the Hearsay Website and provide prompt written notice of such updates, as applicable. Changes, modifications, additions, or deletions will be effective when posted unless stated otherwise. If we make material or significant changes, we may also send our Customers a notice that we have changed this Privacy Policy. Your continued use of the Hearsay Website and Services, and/or your continued provision of personal information to us after the posting of such notice, will be deemed an acceptance of any changes and subject to the terms of the then-current Privacy Policy. If any of the changes are unacceptable to you, you should cease interacting with us. When required under applicable law, we will seek affirmative consent from you before making material changes to the way we handle Personal Information previously collected from you. If you do not provide such consent, Personal Information will continue to be used in a manner that is consistent with the version of this Notice under which it was collected.
We are located in the United States, and the personal information that we collect is stored on servers located in the United States. This means that your Personal Information will be collected, processed, and stored in the United States, which may have data protection laws that are different from (and sometimes less protective than) the laws of your country or region, such as the General Data Protection Regulation 2016/679 (“GDPR”) in the European Union.
By sending us Personal Information, you agree and consent to the processing of your personal information in the United States, which may not offer an equivalent level of protection to that required in other countries (particularly the European Economic Area).
We have implemented safeguards designed to ensure that the Personal Information we process remains protected in accordance with this Privacy Policy, including when processed internationally or by our third-party service providers and partners. The safeguards we may take at our discretion include, for instance, entering into specific agreements in connection with any onward transfers of personal information. We may implement other mechanisms and take similar appropriate safeguards with our third party service providers and partners. Further details can be provided upon request.
Hearsay acts as a ‘data controller’ when it collects Personal Information on its own behalf and for its own Business Purposes, such as through our publicly-accessible Website, and as a ‘data processor’ when it collects and processes personal information on behalf of its Customers in order to provide the SaaS Services. As such, this Privacy Policy is separated into two main sections that address our different roles:
Please note that how you exercise certain rights will depend on whether Hearsay is processing your Personal Information as a ‘data controller’ or as a ‘data processor’, and is further explained throughout this Privacy Policy:
If you are a visitor of the Hearsay Website or a Customer and have any questions about this Privacy Policy or requests for access to or deletion or rectification of personal information that Hearsay collects and processes contact us at privacy@hearsaycorp.com or by mail at:
Attn: Legal Department
Hearsay Social, Inc. d/b/a Hearsay Systems
2261 Market Street, Ste. 5397
San Francisco, CA 94114
United States of America
Individuals in the EEA or the U.K. may contact Hearsay at:
Attn: Legal Department
Hearsay Social, Inc. d/b/a Hearsay Systems
Koztelek utca 6, 1147 Budapest
privacy@hearsaycorp.com
Below is a description of the personal information that we gather from you as a visitor to Hearsay Website, which includes https://hearsaysystems.com and other websites where this Privacy Policy is posted. Information about personal information collected through the account portal and the Saas Services can be found in the Hearsay Processor and SaaS Service Provider Data section below.
In this section, “you” refers to an individual visiting the Hearsay Website.
When you visit the Hearsay Website, we collect information directly from you when you provide it to us, such as when you request a demo, and indirectly, such as through the use of cookies and similar technology.
Data Protection Law (as defined below) recognizes that Sensitive Personal Information (or “sensitive personal data” as used interchangeably) requires additional protection. In particular, the GDPR prohibits the processing of sensitive personal data, other than in certain exceptional circumstances. Sensitive personal data in the EEA includes information relating to one’s race or ethnicity, political opinions, religious or philosophical beliefs, membership of a trade union, as well as biometric data and data relating to one’s health or sexual orientation (“Sensitive Personal Information”. Certain US state privacy laws (i.e., “Data Protection Law”) also have different definitions of Sensitive Personal Information, which may also include precise geolocation, citizenship or immigration status, and Personal Information from a known child.
Visiting the Hearsay Website
Some pages of the Hearsay Website allow you to fill out a web form and share your personal information with us directly, such as on our “Contact Us” page and on our “Submit a request” page. Information we collect consists of:
Occasionally, we may also offer opportunities for you to share your data with us such as through a survey, to sign up for a newsletter, or to register for or receive details about an event we are sponsoring. If you participate in those surveys, sign up for a newsletter, or register for an event, we will collect the information you provide to us at that time. You will be able to unsubscribe from receiving those types of communication at any time.
In addition, if you send us an email or otherwise contact us, we will collect the personal information that you provide to us at that time.
When you visit the Hearsay Website, we, or authorized third parties, collect information, including Device and Usage Information described below, by automated means using cookies, web beacons, server logs or other tracking technologies for analytic purposes. For more information on our use of these technologies and the data that they collect, please see our Cookie Statement. We may also collect information from third parties, as explained below.
Device and Usage Information
When you visit, use or interact with the Hearsay Website, even if you do not have an account, we, or authorized third parties (such as service providers or External Ad Partners (as defined in the Targeted Advertising section below), may collect information about your use of the Hearsay Website via your device. Device and Usage Information that we, or these authorized third parties, collect consists of:
Information from Third Parties
In some instances, we process personal information from third parties, such as data from our External Ad Partners (see the Targeted Advertising section below). These third parties may also use tracking technologies to serve you advertisements tailored to interests you have shown by browsing on this Website and other sites, applications, destinations, and services you have visited, and for other lawful Business Purposes (as defined below).
To provide you with more relevant and interesting experiences, we may work with third party companies to display ads or customize the content on this Website and on other digital properties and websites. These companies may use cookies and similar tracking technologies as described in this Notice to gather information about your visits to our Website, as well as your visits elsewhere on the Internet. These companies use this information to provide you with more relevant advertising known as interest-based advertising.
We, or our authorized partners, collect and process personal information in order to:
Additionally, we may disclose information about users (i) if it is required to do so by law or legal process; (ii) as may be required to law enforcement authorities or other government officials, (iii) when Hearsay believes disclosure is necessary or appropriate to prevent physical harm, financial loss or in connection with an investigation of suspected or actual illegal activity, or (iv) to respond to claims by third parties.
For California residents, please see the Additional Information for Certain States Section below for more information on specific purposes of collection for each category of Personal Information collected in the past 12 months as a “Business” under the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act of 2020. For Colorado, Connecticut, and Virginia residents, please also see the Additional Information for Certain States.
For individuals located in the EEA or the U.K., please see the Additional Information for Individuals in the EEA and the U.K. Section below for more information, including our legal bases for processing.
We disclose your Personal Information under certain circumstances, such as to our service providers or in the event of a business transfer, as further described below.
Hearsay may share Personal Information and/or Sensitive Personal Information with our third party agents, contractors, or service providers who are hired to perform services on Hearsay’s behalf or in order to assist with certain Business Purposes and/or Commercial Purposes. These providers may operate or support certain functions of the Hearsay Website and Services. Below is a list of categories of service providers that we may use to perform these functions (which are subject to change):
Service providers process your Personal Information and/or Sensitive Personal Information for the specific purpose of providing their services to us (and in accordance with our instructions).
As explained here, we also work with and disclose Personal Information to External Ad Partners who assist us with advertising and marketing our Services.
In some cases, service providers and External Ad Partners collect your Personal Information and/or Sensitive Personal Information directly from you, such as via cookies.
We may share data collected from you from the Hearsay Website with our affiliate entities.
As we continue to grow, we may purchase websites, applications, subsidiaries, or other businesses or business units. Alternatively, we may sell businesses or business units, merge with other entities, obtain financing, and/or sell assets or stock, in some cases, as part of a reorganization or liquidation in bankruptcy. In order to evaluate and/or as part of these transactions, we may transfer your personal information to a successor entity upon a merger, consolidation, or other corporate reorganization in which Hearsay participates, to investors and/or to a purchaser or acquirer of all or a portion of Hearsay’s assets, including bankruptcy.
We share anonymized, aggregated, automatically-collected, or otherwise non-Personal Information with third parties for various purposes, including (i) compliance with reporting obligations; (ii) Business Purposes, Commercial Purposes, and/or marketing purposes; (iii) assistance for us and other parties in understanding our users’ interests, habits, and usage patterns for certain programs, content, services, advertisements, and/or functionality available through the Services. We do not share Personal Information about you in this case.
Hearsay may preserve or disclose your Personal Information in limited circumstances (other than as set forth in this Privacy Policy), including: (i) with your consent; (ii) when we have a good faith belief it is required by law, such as pursuant to a valid subpoena, warrant, or other judicial or administrative order (as further explained below); (iii) to protect the safety of any person; (iv) to protect the safety or security of the Hearsay Website and/or Services or to prevent spam, abuse, or other malicious activity of actors with respect to the Hearsay Website and/or Services; or (v) to protect our rights or property or the rights or property of those who use the Hearsay Website and/or Services.
If we are required to disclose Personal Information by law, such as pursuant to a subpoena, warrant, or other judicial or administrative order, we will use reasonable efforts to provide you with notice of this disclosure requirement, unless we are prohibited from doing so by statute, subpoena or court or administrative order. Our policy is to respond to requests that are properly issued by law enforcement within the United States or via mutual legal assistance mechanism (such as a treaty), and to object to requests that we do not believe were issued properly. However, if we receive information that provides us with a good faith belief that there is an exigent emergency involving the danger of death or serious physical injury to a person, we may provide information to law enforcement trying to prevent or mitigate the danger (if we have it), which will be determined on a case-by-case basis.
Our Website is intended for individuals 18 years of age and older. It is not directed at, marketed to, nor intended for, children under 18 years of age. We do not knowingly collect any Personal Information directly from children under the age of 18. If we discover we have inadvertently received any Personal Information from a child under the age of 18 in violation of this Policy, we will take reasonable steps to delete that information as quickly as possible. If you believe that we have any Personal Information from or about anyone under the age of 18, please contact us at privacy@hearsaycorp.com.
The Hearsay Website uses third-party analytics tools that drop cookies and/or similar technologies to collect and store information about your device and use of the Hearsay Website. We use analytics tools to calculate visitor, session and campaign data for the Hearsay Website analytics reports.
One of our tools is Google Analytics. We use Google Analytics to generate and process statistical or demographic data. Third parties, like Google, use cookies to compile reports on the website’s activity and website visitors, and provide other services related to website activity and usage. The technologies used by Google may collect information such as your IP address, time of visit, whether you are a return visitor, and any referring website. You can read more about Google’s practices in Google’s privacy policy. You can opt-out from being tracked by Google Analytics in a particular browser on a particular device by downloading and installing the Google Analytics Opt-out Browser Add-on for that browser. To learn more about how to opt-out of tracking by Google Analytics, please click here.
Another tool is the LinkedIn Insight Tag. You can read more about LinkedIn’s practices in LinkedIn’s privacy policy. LinkedIn only provides reports and alerts (which do not identify LinkedIn members) about the Hearsay website audience and ad performance (LinkedIn does not share the personal data of its members with Hearsay). LinkedIn members can control the use of their personal data for advertising purposes through their account settings.
We market our company and Services in a variety of ways. Below is a description of what data we gather from you, and how we use it for purposes of these marketing activities. We gather information from or about you in the following different roles:
Occasionally, we may also offer opportunities for you to share your data with us such as through a survey, to sign up for a newsletter, or to register for or receive details about an event we are sponsoring. If you participate in those surveys, sign up for a newsletter, or register for an event, we will collect the information you provide to us at that time. You will be able to unsubscribe from receiving those types of communication at any time.
In some cases, you provide Personal Information directly to Hearsay as part of a marketing event that Hearsay hosts or co-hosts, through email or when you participate in an online webinar. Occasionally, and only with your consent, we may send you future communications. We may also acquire personal information about you through a third party. In particular, Hearsay engages third parties who provide us with contact information for Leads. When acquiring information from third parties, Hearsay endeavors to obtain contractual commitments from the third parties that the information was acquired lawfully and with the appropriate level of consent.
Our communications to you for marketing purposes will contain instructions on how you can opt-out from receiving future communications, and if you consent to our use of your personal information for marketing purposes, you may always withdraw your consent. You may also contact Hearsay directly about its marketing activities at privacy@hearsaycorp.com.
Hearsay engages third-party advertising networks (“External Ad Partners”) to display advertising about our Services when you visit other websites within that advertising network. Like many other companies, we rely on retargeting, also known as remarketing, which is a type of marketing strategy that helps businesses “remind” visitors of their products and services after they leave their websites. For instance, through the use of cookies (and similar technologies) placed by External Ad Partners, online identifiers (considered personal information) are collected and then used to identify visitors to the Hearsay Website on other websites or social media platforms. With this information our External Ad Partners may serve relevant ads on consumers who previously visited the Hearsay Website.
Individuals in the EEA, the U.K., or certain U.S. state residents (i.e., Consumers, as defined below) have additional rights, as explained here and here.
Hearsay maintains an online presence on social media platforms (“Social Media Platforms”) such as Instagram, Twitter, Facebook and Linkedin, to provide information about our Services and communicate with users and/or visitors to those pages or accounts. When you interact or post to our account, we process your Personal Information. In some cases, the Social Media Platforms are service providers or processors. In other cases, such as with Facebook, we are jointly responsible for the processing, as explained in the section titled Hearsay as a ‘Joint Controller’ with Facebook.
We use reasonably appropriate security measures designed to protect the security of Personal Information and Sensitive Personal Information both online and offline. These measures vary based on the sensitivity of the information that we collect, process and store and the current state of technology. Please note, though, that no website or internet transmission is completely secure, so while we strive to protect your data, we cannot guarantee that unauthorized access, hacking, data loss or a data breach will never occur.
Certain internet web browsers allow a “do not track” (“DNT”) setting that relies on a technology known as a DNT header, which sends a signal to websites visited by the individual about the individual’s browser DNT setting. At this time, we do respond to DNT signals. For more information on DNT settings generally, please visit https://allaboutdnt.com.
How you make choices about cookies and other tracking technologies depends on the type of cookie or tracking technology being used. For details on how to manage your preferences for cookies and tracking technologies within your web browser, please see our Cookie Statement.
If you are receiving promotional emails from us, you can choose to stop receiving those by following the unsubscribe/opt-out instructions in those emails. You can also opt-out by contacting customer support at support@hearsaycorp.com.
To request access to, or to make changes to, data that we have collected from you via the Hearsay Website, please email us at privacy@hearsaycorp.com. Individuals in the EEA, the U.K., or certain U.S. state residents (i.e., Consumers, as defined below) have additional rights, as explained here and here.
The categories of recipients of personal data with whom we may share your personal data are listed in Disclosure of Your Personal Information above.
Hearsay as ‘Data Controller’
As a ‘data controller’, Hearsay processes your Personal Information for a number of different purposes. Some are essential for us to provide the Services or to fulfill our legal obligations, some help us run the Services efficiently and effectively, and some enable us to provide you with more relevant and personalized offers and information. In all cases, with respect to individuals in the EEA or the U.K., we must have a reason and a legal ground for processing your personal information. The most common legal grounds on which we rely are briefly explained below:
The following breakdown illustrates in more detail our processing activities and how the above legal bases for processing apply (in brackets):
We use Facebook’s products and services (“Facebook Products”) in different ways:
With respect to our use of Facebook Products, we are jointly responsible with Facebook Ireland for the processing activities (“Joint Processing”):
Facebook Ireland Ltd.,
4 Grand Canal Square, Grand Canal Harbor
Dublin 2, Ireland
Information about the personal data that is collected from you by Facebook, as well as how and why it is processed by Facebook, can be found at https://www.facebook.com/about/privacy.
Hearsay and Facebook have entered into an agreement in order to determine the respective responsibilities for compliance with our obligations in connection with the Joint Processing within the meaning of the GDPR. This joint controller agreement, which sets out the reciprocal obligations, is available here.
Hearsay’s legal basis for processing your personal data via Facebook Products is our legitimate interest in increasing and analyzing the communication, sales, and promotion of Services. Our legal basis may also be your consent, which may be revoked at any time.
Some processing by Facebook Ireland Ltd. might take place in the United States by Facebook Inc.
We use the following criteria to determine our retention periods: the amount, nature and sensitivity of your information, the reasons for which we collect and process your personal data, the length of time we have an ongoing relationship with you and provide you with access to our Services, and applicable legal requirements. We will retain personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to comply with applicable legal, tax, or accounting requirements), when we are unable to reasonably verify your identity, or as may otherwise be required under GDPR. Additionally, we cannot delete information when it is needed for the establishment, exercise, or defense of a legal claim (also known as a “litigation hold”). In this case, the information must be retained as long as needed for exercising respective potential legal claims.
When we no longer have a legitimate business need to process your personal information, it is deleted and/or anonymized. If you have questions about, or need further information concerning, our data retention periods, please email privacy@hearsaycorp.com.
If the GDPR or the U.K., applies to you because you are in the EEA or the U.K., you have certain rights in relation to your personal data:
These rights are subject to certain rules around when you can exercise them. If you are located in the EEA or the U.K. and wish to exercise any of the rights set out above, please contact us (see How to Contact Us about Privacy).
We will respond to all legitimate requests within one month. Occasionally, it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated as required by law.
Finally, you have the right to make a complaint at any time to the supervisory authority for data protection issues in your country of residence. We would, however, appreciate the chance to address your concerns before you approach the supervisory authority, so please contact us directly first at privacy@hearsaycorp.com.
This privacy notice for Nevada, California, Colorado, Connecticut, and Virginia residents, and residents of other states with applicable privacy laws (“State Privacy Notice”) supplements the information contained in the Privacy Policy and applies solely to individuals who reside in the applicable state (“Consumers”). We have created this State Privacy Notice in order to comply with the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act (collectively, “CCPA”), the Colorado Privacy Act (“CPA”), the Connecticut Data Privacy Act (“CTDPA”), the Virginia Consumer Data Protection Act (“VCDPA”), and other applicable privacy laws (collectively, “Data Protection Law”).
This CCPA Notice applies to Personal Information that Hearsay collects for its own purposes. It does not apply to:
We collect Personal Information as that term is defined in CCPA. Within the last twelve (12) months, Hearsay has collected the following categories of Personal Information from or about Consumers:
Personal information does not include:
As explained in more detail here, Hearsay obtains the categories of personal information listed above from the following categories of sources:
We collect and process your Personal Information and/or Sensitive Personal Information whenever you use our Website and/or Services.
Under the CCPA, we must disclose the purposes for which we collect your information. Our purposes include Business Purpose and Commercial Purposes, as generally described below.
In the section Why We Collect Your Personal Information and How We Use It, we explain the purposes for which we process this information, pursuant to Data Protection Law(s), along with the relevant categories of data we use and the legal basis we rely on to do so or other permitted reasons for processing (e.g. Business Purposes or Commercial Purposes under the CCPA). For clarity, the terms Business Purpose and Commercial Purpose, are being used to sufficiently describe the purpose of processing, transferring, sharing, sale, and/or sharing, as applicable, of all your Personal Information and/or Sensitive Personal Information under all Data Protection Law(s). As previously mentioned, Hearsay transfers and/or discloses your geolocation data and the contents of your social and text messages, which is Sensitive Personal Information, in order to provide the Service as well as for compliance reasons.
Hearsay may disclose your Personal Information to service providers, contractors, and/or third parties (as defined by CCPA) (or processor or third party, as defined by applicable Data Protection Law(s)) for a Business Purpose and/or Commercial Purpose. When we disclose Personal Information for a Business Purpose and/or Commercial Purpose, we enter into a contract that describes the purpose and requires the recipient to both keep that Personal Information confidential and not use it for any purpose except performing the services for us. As explained in more detail here, we also share your Personal Information with certain categories of service providers, contractors, and/or third parties who assist us in providing the Hearsay Website and Services and with our business.
We disclose your Personal Information and/or Sensitive Personal Information for a Business Purpose and/or Commercial Purpose to the following categories of Service Providers:
The following chart describes the categories of Personal Information and Sensitive Personal Information that we disclosed to service providers, contractors, and/or third parties for a Business Purpose and/or Commercial Purpose in the 12 months prior to the date of this Privacy Policy. As noted below in the chart, Hearsay transfers and/or discloses your geolocation data and the contents of your social and text messages, which is Sensitive Personal Information, in order to provide the Service as well as for compliance reasons.
The CCPA defines ‘sale’ and ‘share’ very broadly. ’Sale’ includes the sharing of Personal Information with third parties in exchange for anything of value, while ‘share’ means disclosure of Personal Information to third parties for cross contextual behavioral advertising. According to these broad definitions, in the 12 months before this section was last updated, we may have sold or shared the following categories of Personal Information to third parties:
The CCPA provides Consumers with specific rights regarding their Personal Information, provided that we are able to verify their identities as explained below. This section describes your CCPA rights and explains how to exercise them.
Opting-out of Sales or Sharing of Your Personal Information
You have the right to opt-out of our sharing or selling of your Personal Information with some External Ad Partners in certain circumstances. If you would like to opt-out of the sale of Personal Information, please click here.You can also opt-out of the sale or sharing of your Personal Information that is collected automatically when you visit the Website by clicking here.
Hearsay does not sell or share Personal Information collected on the Hearsay mobile-based software platform.
Access to Specific Information
You have the right to request that Hearsay disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive your request and verify your identity, as explained in Exercising Your Consumer Rights, we will disclose such information to you.
Right to Data Portability
You have the right to receive the Personal Information that you have provided to Hearsay, in a structured, commonly used and machine-readable format, and you have the right to transmit that information to another controller, including to have it transmitted directly, where technically feasible.
Right to Correction
You have the right to have your Personal Information corrected.
Deletion Request Rights
You have the right to request that Hearsay delete your personal information, subject to certain exceptions listed in the CCPA. Once we receive your request and verify your identity, as explained in Exercising Your Consumer Rights, we will delete (and direct our service providers, contractors, third parties, and/or processors, as applicable, to delete) your Personal Information from our records, unless an exception applies.
Your Right to Limit the Use Sensitive Personal Information We Have Collected About You
You have the right to limit our use of your Sensitive Personal Information if we use it for purposes other than providing the Services to you. We currently do not use your Sensitive Personal Information for purposes other than providing the Service/ for the Business Purposes above.
Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable Consumer request related to your personal information.
An authorized agent is a natural person or a business entity registered with the Secretary of State that a Consumer has authorized to act on his or her behalf. When a Consumer uses an authorized agent to submit a request to know or a request to delete, Hearsay may require that the Consumer provide the authorized agent written permission to do so and verify his or her own identity directly with Hearsay, unless the Consumer has provided the authorized agent with a valid power of attorney. Hearsay may deny a request from an agent that does not submit proof that he or she has been authorized by the Consumer to act on his or her behalf.
To exercise the rights described above, please submit a verifiable Consumer request to us by either calling us at 1-888-399-2280 or mailing privacy@hearsaycorp.com.
You may only make a verifiable Consumer request for access or data portability twice within a 12-month period. In particular, you can request the following:
1. Specific Pieces of Information
2. Categories of Information
The verifiable Consumer request must:
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. We will notify you to explain the basis of the denial.
If we have a good-faith, reasonable belief that a request to opt-out of the sale or sharing of Personal Information is fraudulent, we may deny the request. Should this occur, we will inform you and explain why we believe the request is fraudulent.
Making a verifiable Consumer request does not require you to create an account with us. Please note that the methods for verification are set forth in the CCPA, which also requires us to consider a number of factors, such as the type, sensitivity, and value of the personal information or the risk of harm posed by unauthorized access or deletion, on a case-by-case basis.
We will only use personal information provided in a verifiable Consumer request to verify the requestor’s identity or authority to make the request.
Upon your request, we will delete the Personal Information we have collected about you, except for situations where the CCPA authorizes us to retain specific information, including when it is necessary for us to provide you with a good or service that you requested; perform a contract we entered into with you; maintain the functionality or security of our systems; or comply with or exercise rights provided by the law. The law also permits us to retain specific information for our exclusively internal use, but only in ways that are compatible with the context in which you provided the information to us or that are reasonably aligned with your expectations based on your relationship with us. We will act on your deletion request within the timeframes set forth below.
Response Timing
We endeavor to respond to a verifiable Consumer request generally within 45 days of its receipt, or as otherwise required by the CCPA, although we may take longer to process your request under certain circumstances. If we expect your request is going to take us longer than normal to fulfill, we will let you know.
Any disclosures we provide will only cover the 12-month period preceding our receipt of the verifiable Consumer’s request. If applicable, in our response, we will also explain the reasons we cannot comply with a request. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We usually act on requests and provide information free of charge, but we may charge a reasonable fee to cover our administrative costs of providing the information in certain situations. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request. In some cases, the law may allow us to refuse to act on certain requests. When this is the case, we will endeavor to provide you with an explanation as to why.
We will not discriminate against you in a manner prohibited by the CCPA because you exercise your CCPA rights. Please note that to use our Services, we do require the collection of your personal information – for example, to sign you up. While you may request to delete your personal information under CCPA, such deletions may affect our ability to offer the Services.
California Civil Code Section 1798.83, also known as the “Shine the Light” law, permits California residents to annually request, free of charge, information about certain categories of Personal Information a business has disclosed to third parties for direct marketing purposes in the preceding calendar year. California residents may make such request to us at privacy@hearsaycorp.com. We will provide a list of the categories of personal information disclosed to such third parties for their direct marketing purposes during the immediately preceding calendar year, along with the names and addresses or these third parties. This request may be made no more than once per calendar year. We reserve our right not to respond to requests submitted other than to the email specified in this section.
We do not sell your Personal Information within the scope of, and according to the defined meaning of, a “sale” under NRS 603A.
Under Virginia’s Consumer Data Protection Act (“VCDPA”), solely as to Personal Information of users acting in an individual or household context, Virginia residents have certain rights around Hearsay’s collection, use, and sharing of their personal data. Hearsay may sell your personal data and has provided you with notice and an opportunity to opt-out of such sale as required by law. Similarly, Hearsay may engage in profiling in furtherance of decisions that produce legal or similarly significant effects. Hearsay may engage in “targeted advertising” as that term is defined in the VCDPA. You have the right to opt-out of targeted advertising here. Hearsay collects various categories of personal data when you use the Services, including identifiers, commercial information, internet or other electronic network or device activity information, geolocation data, and professional information . A more detailed description of the information Hearsay collects and how we use it is provided above in the sections Information We Collect Directly From You, Information We Collect Indirectly From You, Use of Your Personal Information, How We Process Your Information and Our Legal Bases for Doing So, and Disclosure of Personal Information. Disclosure of Personal Information describes the categories of third parties with whom we share personal data, and what information may be shared under different circumstances. If you are a resident of Virginia, you will have the right to (1) request to know what personal data has been collected about you, and to access that information; (2) request to correct inaccuracies in your personal data; (3) request deletion of your personal data, though exceptions under the CDPA and other laws may allow Hearsay to retain and use certain personal data notwithstanding your deletion request; (4) obtain a copy of your personal data (i.e., right of data portability); and (5) the right to opt out personal data processing for the purpose of (i) targeted advertising; (ii) the sale of personal data; or (iii) profiling in further of decisions that produce legal or similarly significant effects concerning the consumer. You can learn more about how to submit a data rights request, or appeal denial of a request, as applicable, at the Exercising Your Consumer Rights section above. You may also send your request by email to privacy@hearsaycorp.com.
Under Colorado’s Consumer Privacy Act (“CPA”), solely as to Personal Information of users when acting in an individual or household context, Colorado residents have certain rights around Hearsay’s collection, use, and sharing of their personal data. Hearsay may sell your personal data and has provided you with notice and an opportunity to opt-out of such sale as required by law. Similarly, Hearsay may engage in profiling in furtherance of decisions that produce legal or similarly significant effects. Hearsay may engage in “targeted advertising” as that term is defined in the CPA. You will have the right to opt-out of targeted advertising here. Hearsay collects various categories of personal data when you use the Services, including identifiers, commercial information, internet or other electronic network or device activity information, geolocation data, and professional information. A more detailed description of the information Hearsay collects and how we use it is provided above in the sections Information We Collect Directly From You, Information We Collect Indirectly From You, Use of Your Personal Information, How We Process Your Information and Our Legal Bases for Doing So, and Disclosure of Personal Information. Disclosure of Personal Information describes the categories of third parties with whom we share personal data, and what information may be shared under different circumstances. If you are a resident of Colorado, you will have the right to (1) request to know what personal data has been collected about you, and to access that information; (2) request to correct inaccuracies in your personal data; (3) request deletion of your personal data, though exceptions under the CPA and other laws may allow Hearsay to retain and use certain personal data notwithstanding your deletion request; (4) obtain a copy of your personal data (i.e., right of data portability); and (5) the right to opt out personal data processing for the purpose of (i) targeted advertising; (ii) the sale of personal data; or (iii) profiling in further of decisions that produce legal or similarly significant effects concerning the consumer. You can learn more about how to submit a data rights request, or appeal denial of a request, as applicable, at the Exercising Your Consumer Rights section above. You may also send your request by email to privacy@hearsaycorp.com.
Under Connecticut’s Data Privacy Act (“CTDPA”), solely as to Personal Information of users when acting in an individual or household context, Connecticut residents have certain rights around Hearsay’s collection, use, and sharing of their personal data. Hearsay may sell your personal data and has provided you with notice and an opportunity to opt-out of such sale as required by law. Similarly, Hearsay may engage in profiling in furtherance of decisions that produce legal or similarly significant effects. Hearsay may engage in “targeted advertising” as that term is defined in the CTDPA. You will have the right to opt-out of targeted advertising here. Hearsay collects various categories of personal data when you use the Services, including identifiers, commercial information, internet or other electronic network or device activity information, geolocation data, and professional information. A more detailed description of the information Hearsay collects and how we use it is provided above in the sections Information We Collect Directly From You, Information We Collect Indirectly From You, Use of Your Personal Information, How We Process Your Information and Our Legal Bases for Doing So, and Disclosure of Personal Information. Disclosure of Personal Information describes the categories of third parties with whom we share personal data, and what information may be shared under different circumstances. If you are a resident of Connecticut, you will have the right to (1) request to know what personal data has been collected about you, and to access that information; (2) request to correct inaccuracies in your personal data; (3) request deletion of your personal data, though exceptions under the CTDPA and other laws may allow Hearsay to retain and use certain personal data notwithstanding your deletion request; (4) obtain a copy of your personal data (i.e., right of data portability); and (5) the right to opt out personal data processing for the purpose of (i) targeted advertising; (ii) the sale of personal data; or (iii) profiling in further of decisions that produce legal or similarly significant effects concerning the consumer. You can learn more about how to submit a data rights request, or appeal denial of a request, as applicable, at the Exercising Your Consumer Rights section above. You may also send your request by email to privacy@hearsaycorp.com.
If you have any questions regarding this State Notice, please contact us directly.
As explained above, we process personal information from individuals described below on behalf of our Customers in order to provide our Services, in accordance with their Instructions. When we process personal information on behalf of our Customers, we are a ‘data processor’ or service provider. This includes certain information that we collect through our account portal (https://my.hearsaysocial.com/) when Users log into their accounts with Hearsay, as well as other information that is collected through the various products offered by Hearsay as part of the Services.
Hearsay’s Customers are controllers of the Personal Information because they decide how or why your Personal Information is processed. When our Customers process Personal Information through our Services, they are responsible for ensuring that they do so in compliance with the law, including providing their customers and users with their own privacy policies.
Hearsay’s processing activity as a service provider and processor is governed by the contracts we have with our Customers. Under the terms of those agreements, we will direct any data subject request you make to Hearsay for Personal Information that we process as a processor under this section to our Customers.
For purposes of this Section, “You” may refer to a variety of people, including:
If there are special terms and considerations, we will address the individual group by the capitalized term (Customer, User or User Contacts). Where terms apply to all groups, we will address the group as “you.”
We process information (1) received directly from Customers and Users, other than personal information collected on signing up as a User of the Services, (2) from or about User Contacts through the use of the Services by Customers and Users, and (3) obtained indirectly, such as through the use of cookies or CRM integrations.
The information that we process as part of the Services is described below in further detail. Collectively, all information processed by Hearsay in order to provide the Services is referred to “Services Information” for purposes of this Privacy Policy.
Through the Services, Customers and Users can populate their accounts with information submitted by a Customer or a User to Hearsay, or uploaded by Customer or a User to the Services, which is meant to be used and shared through the Services. Examples of such content include articles, logos and other assets uploaded by a Customer or User to personalize a web page. In uploading or submitting this information, Customers and Users must not include any personally identifiable information contained within the uploaded materials.
Hearsay may also contact Customers and Users to provide feedback on the Services by email or other means in order to better understand how Customers and Users use the Services. Some of the questions might include requests with a voluntary answer to provide certain additional personal identifiable information, such as name, age and geographic location. Information gathered by Hearsay will be used solely in connection with or to improve or expand the Services; however, this may include using this information within third-party services that are associated with the Services. Please see our cookies section to better understand how we use performance cookies to improve the Services.
As part of our Services, Hearsay allows Users to connect certain digital assets such as social media accounts (including private messaging in some cases), email addresses and telephone numbers to the Services in order to communicate with User Contacts. Customers may also have their own websites hosted by Hearsay (“Customer Sites”). As a result, Hearsay processes personal information from or about User Contacts that is collected via the Customer Sites, User social media accounts and/or other connections to the Services, depending on the level of permission. For instance, when using social media networks, if Hearsay is allowed to collect social media activity about the User Contact, Hearsay will collect such information and present a summary of this information to the User. With respect to text message correspondence, Hearsay may collect, store and retain the telephone number of the User Contact, call history with the User Contact, and any contents of a text message that a User Contact made in text message communications with the User.
Hearsay collects and/or processes Sensitive Personal Information, including precise geolocation and content of social and text messages. As explained below, the contents of social and text messages may contain additional Sensitive Personal Information that is shared by the Customer and/or User.
Any information that a User or a User Contact submits to the Services will be captured and retained by Hearsay as part of the Services.
If you are a User Contact, you may have been directed to review this Privacy Policy by one of our Customers in lieu of their own Privacy Policy. In this case, any information about you as a User Contact that Hearsay collects will be processed and maintained in accordance with this policy. However, to understand how the Customer uses the information or to exercise any rights, please contact the Customer directly.
CRM Integrations
Certain Customers integrate their customer relationship management (CRM) systems with the Services. When this happens, Hearsay receives any information about Users and User Contacts that a Customer has collected and wishes to share with Hearsay. Hearsay will use this information within the Service to enable certain functionality (e.g., populating email contacts from a CRM so that a User may utilize email functionality), or use insights in order to recommend certain actions (e.g., based on a combination of activity documented in CRM and the Services with a User Contact, a User might receive a recommendation to make a future communication with the same User Contact).
Publicly Available Information about Users and User Contacts
In order to better understand Users and provide a better experience, Hearsay creates various “profiles” within the Services, in order to provide more targeted content and suggest action items for a User to take within the Services. “Profiles” are not composites of personal information nor based on actual individuals, but are common characteristics identified by Hearsay to describe certain behaviors or preferences. In order to make recommendations or suggest content, Hearsay endeavors to find out more about its Users and User Contacts. In some instances, when building these “profiles,” Hearsay may retain third parties to collect publicly available information about Users. This information may include your industry, the size of your office, and your online directory listing, to help Hearsay understand more about our customer base and to tailor information we send you about the Services.
Anonymized Aggregated Data
Hearsay has developed proprietary algorithms that monitor all communications and transactions that occur within the Services. Hearsay engages third parties to perform data analysis on data sets provided by Hearsay in order to improve Hearsay’s algorithms. The purpose of these algorithms is to identify patterns of behavior, either unique to a User or to defined categories of people, which may enhance a User’s use of the Services. Any data created or identified within an algorithm does not identify the activity of an individual User or User Contacts. For example, the Services may identify that a User’s social media network contacts are most active between the hours of 10 AM to 12 PM on weekdays, and would therefore recommend a User to schedule social media posts during this time. The Services algorithms gather this information based on the volume activity occurring within this network; this recommendation, or any data associated with this recommendation, would not identify the posting habits of any individual User Contact or a User. For text message communication, the Services may suggest prepopulated quick replies to certain text messages. The Services algorithms make these suggestions based on gathered information from previous replies and conversations.
Industry Information
Hearsay collects information relating to the industry with which a User is associated: acquiring data sets about certain financial services industries, reviewing census results to identify purchasing habits of consumers, etc. The purpose of acquiring this information is to provide more information and insight for the User when using the Services.
We or our authorized service providers process the Services Information solely as a data processor, in order to:
We disclose Services Information under certain circumstances, as further described below.
The Services allow Users to send or receive communications from User Contacts through social media, email, text messaging and voice communications. If Users send communications through the Services, Hearsay will deliver those communications to third parties in order for the User Contact to share and receive those communications. We call these third party delivery networks “External Services.” Examples of External Services include Facebook, Twitter, LinkedIn and Instagram (for social media).
We may share Services Information with third-party service providers or consultants who need access to the data to perform their work on Hearsay’s behalf. These third party service providers are limited to only accessing or using this data to provide services to us and must provide reasonable assurances that they will appropriately safeguard any data provided by Hearsay. These include Amazon Web Services for website hosting, Sendgrid for email delivery and Twilio for text messaging.
Hearsay is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). Telecommunications activity performed by Hearsay is regulated and overseen by the Federal Communications Commission (FCC) and various state public utility commissions. We may disclose Services Information pertaining to a regulatory audit conducted by these entities as well as oversight organizations for the financial services industry, such as FINRA, SEC, or similar state and international regulators. When responding to a financial services regulatory audit, we will endeavor to first contact the Customer before disclosing any such information unless we are prohibited from doing so. The Customer is solely responsible for contacting any Users or User Contacts as part of the regulatory audit and disclosure of Services Information.
We may share data collected from you from the Services with our affiliates.
As we continue to grow, we may purchase websites, applications, subsidiaries, or other businesses or business units. Alternatively, we may sell businesses or business units, merge with other entities, obtain financing, and/or sell assets or stock, in some cases, as part of a reorganization or liquidation in bankruptcy. In order to evaluate and/or as part of these transactions, we may transfer your personal information to a successor entity upon a merger, consolidation, or other corporate reorganization in which Hearsay participates, to investors and/or to a purchaser or acquirer of all or a portion of Hearsay’s assets, bankruptcy included.
We share anonymized, aggregated, automatically-collected, or otherwise non-personal information with third parties for various purposes, including (i) compliance with reporting obligations; (ii) business or marketing purposes; (iii) assistance for us and other parties in understanding our Customers’ and Users’ interests, habits, and usage patterns for certain programs, content, services, advertisements, and/or functionality available through the Services. We do not share personal information about you in this case.
Hearsay may preserve or disclose your personal information in limited circumstances (other than as set forth in this Privacy Policy), including: (i) with your consent; (ii) when we have a good faith belief it is required by law, such as pursuant to a valid subpoena, warrant, or other judicial or administrative order (as further explained below); (iii) to protect the safety of any person; (iv) to protect the safety or security of the Hearsay Website and/or Services or to prevent spam, abuse, or other malicious activity of actors with respect to the Hearsay Website and/or Services; or (v) to protect our rights or property or the rights or property of those who use the Hearsay Website and/or Services.
If we are required to disclose personal information by law, such as pursuant to a subpoena, warrant, or other judicial or administrative order, we will use reasonable efforts to provide you with notice of this disclosure requirement, unless we are prohibited from doing so by statute, subpoena or court or administrative order. Our policy is to respond to requests that are properly issued by law enforcement within the United States or via mutual legal assistance mechanism (such as a treaty), and to object to requests that we do not believe were issued properly. However, if we receive information that provides us with a good faith belief that there is an exigent emergency involving the danger of death or serious physical injury to a person, we may provide information to law enforcement trying to prevent or mitigate the danger (if we have it), which will be determined on a case-by-case basis.
Certain Customers may purchase services from third parties that have a partnership relationship with Hearsay and are authorized to access the Services (“Value Added Partners”). In such cases, Hearsay will allow the Value Added Partner(s) to access the relevant Services account if the Customer has given the requisite permission. This access may include being able to read Services Information.
As ‘data controllers’ of Services Information, Customers are responsible for providing information to individuals in the EEA and/or the U.K., including the purposes of collection, legal bases, and your rights, as well as residents of certain states that provide consumer rights. If we receive a notification from a Customer regarding an individual wishing to exercise his/her exercising, we will assist said Customer with responding to and honoring such requests according to the Customer’s instructions.
When you visit the Hearsay Website or use the Services, we and our service providers acting on our behalf automatically collect certain data using tracking technologies like cookies, web beacons, and similar tracking technologies.
A cookie is a small amount of data, which often includes an anonymous unique identifier that is sent to your browser from a website’s computers and stored on your computer’s hard drive.
These technologies are used to help us better understand User behavior and facilitate and measure the effectiveness of our Hearsay Website and Services. We treat information collected by cookies and other technologies as non-personal information.
We use cookies to record current session information. We also use third party cookies (e.g. Google Analytics) to provide anonymized and aggregated information on website usage statistics and patterns.
All modern Internet browsers allow you to control your cookie settings. These settings are usually accessed in the ‘Options’ or ‘Preferences’ section of your browser. Please note that certain features of the website will not be available once cookies are disabled. For further information about cookies and how to manage them, please visit www.allaboutcookies.org.
Hearsay uses web beacons with cookies or separately to compile information about your engagement with us. Web beacons are clear electronic images that can recognize certain types of information on your computer, such as cookies, when you view a particular website tied to the web beacon, and a description of a website tied to the web beacon.
Here is a basic description and overview of the type of cookies Hearsay may use:
Hearsay Social, Inc. (“Hearsay”), is a web and mobile-based software platform that allows financial services and insurance companies (“Customers”) and their employees and/or designated agents with access to the Services (“Users”) to utilize electronic communications channels (such as social media, websites, email, mobile voice and text message) to communicate with clients and prospects (“SaaS Services”).
This Privacy Policy applies to Hearsay’s Website and Hearsay’s SaaS Services; collectively “Services.” This Privacy Policy contains details about how we collect, use, disclose, process, share and secure personal information that we obtain from and about you when you interact with our Services. Our collection and processing of information that alone or in conjunction with other information may reasonably identify you (“Personal Information”) may be either for our own purposes, or on behalf of other entities to whom we provide services.
If you have any questions regarding the collection and processing of Personal Information performed by us on behalf of another entity please consult that entity’s privacy policy. If, after reviewing this Privacy Policy, you have any questions or privacy concerns, please send us an email to privacy@hearsaycorp.com (see the How to Contact Us about Privacy section). We are committed to protecting the privacy of those with whom we interact.
For purposes of this Privacy Policy, the words “our,” “us,” “we,” and “Hearsay” refer to Hearsay Social, Inc., and our affiliates (which includes any person or entity that controls us, is controlled by us, or is under common control with us, such as our subsidiary, parent company, or our employees).
For the purpose of this Notice, Personal Information shall by interchangeable with Personal Data, and each shall have the meaning assigned to it by applicable laws, including, but not limited to, information that directly or indirectly, on its own or in conjunction with other information, identifies an individual. Please read this Notice carefully.
NEVADA, CALIFORNIA, COLORADO, CONNECTICUT, OR VIRGINIA RESIDENTS OR RESIDENTS OF ANOTHER STATE THAT OFFER CERTAIN PRIVACY RIGHTS: If you are a resident of Nevada, California, Colorado, Connecticut, or Virginia or resident of another state that offers certain privacy rights, this entire Privacy Policy applies to you. However, please see Additional Information for Certain States below, which will inform you in detail about our information collection practices and your specific rights.
INDIVIDUALS LOCATED IN THE EEA OR THE U.K.: If you are located in the European Economic Area (“EEA”) or the United Kingdom (“U.K.”), this entire Privacy Policy applies to you. However, please see Additional Information for Individuals in the EEA below, which will inform you in detail about our legal bases for processing and which rights you have in connection with our processing of your personal data.
We collect information in several contexts as described below. This policy also does not apply to information we collect in connection with providing services to our business clients, where we act as a service provider and process Personal Information in accordance with their instructions (see “Hearsay Processor and Service Provider Data”). Such information is subject to the Privacy Policies of the other financial institutions.
This Policy applies only to Hearsay operated services and applications, including our online services, mobile-based application, and Website. Our Services may contain links to other websites that are not operated or controlled by Hearsay. Hearsay does not control such third-party websites or their privacy practices. Any personal information you choose to give to third-party websites is not covered by this Notice.
Hearsay may update this Privacy Policy from time to time, in its sole discretion. If we do so, we will post an updated Privacy Policy on the Hearsay Website and provide prompt written notice of such updates, as applicable. Changes, modifications, additions, or deletions will be effective when posted unless stated otherwise. If we make material or significant changes, we may also send our Customers a notice that we have changed this Privacy Policy. Your continued use of the Hearsay Website and Services, and/or your continued provision of personal information to us after the posting of such notice, will be deemed an acceptance of any changes and subject to the terms of the then-current Privacy Policy. If any of the changes are unacceptable to you, you should cease interacting with us. When required under applicable law, we will seek affirmative consent from you before making material changes to the way we handle Personal Information previously collected from you. If you do not provide such consent, Personal Information will continue to be used in a manner that is consistent with the version of this Notice under which it was collected.
We are located in the United States, and the personal information that we collect is stored on servers located in the United States. This means that your Personal Information will be collected, processed, and stored in the United States, which may have data protection laws that are different from (and sometimes less protective than) the laws of your country or region, such as the General Data Protection Regulation 2016/679 (“GDPR”) in the European Union.
By sending us Personal Information, you agree and consent to the processing of your personal information in the United States, which may not offer an equivalent level of protection to that required in other countries (particularly the European Economic Area).
We have implemented safeguards designed to ensure that the Personal Information we process remains protected in accordance with this Privacy Policy, including when processed internationally or by our third-party service providers and partners. The safeguards we may take at our discretion include, for instance, entering into specific agreements in connection with any onward transfers of personal information. We may implement other mechanisms and take similar appropriate safeguards with our third party service providers and partners. Further details can be provided upon request.
Hearsay acts as a ‘data controller’ when it collects Personal Information on its own behalf and for its own Business Purposes, such as through our publicly-accessible Website, and as a ‘data processor’ when it collects and processes personal information on behalf of its Customers in order to provide the SaaS Services. As such, this Privacy Policy is separated into two main sections that address our different roles:
Please note that how you exercise certain rights will depend on whether Hearsay is processing your Personal Information as a ‘data controller’ or as a ‘data processor’, and is further explained throughout this Privacy Policy:
If you are a visitor of the Hearsay Website or a Customer and have any questions about this Privacy Policy or requests for access to or deletion or rectification of personal information that Hearsay collects and processes contact us at privacy@hearsaycorp.com or by mail at:
Attn: Legal Department
Hearsay Social, Inc. d/b/a Hearsay Systems
2261 Market Street, Ste. 5397
San Francisco, CA 94114
United States of America
Individuals in the EEA or the U.K. may contact Hearsay at:
Attn: Legal Department
Hearsay Social, Inc. d/b/a Hearsay Systems
Koztelek utca 6, 1147 Budapest
privacy@hearsaycorp.com
Below is a description of the personal information that we gather from you as a visitor to Hearsay Website, which includes https://hearsaysystems.com and other websites where this Privacy Policy is posted. Information about personal information collected through the account portal and the Saas Services can be found in the Hearsay Processor and SaaS Service Provider Data section below.
In this section, “you” refers to an individual visiting the Hearsay Website.
When you visit the Hearsay Website, we collect information directly from you when you provide it to us, such as when you request a demo, and indirectly, such as through the use of cookies and similar technology.
Data Protection Law (as defined below) recognizes that Sensitive Personal Information (or “sensitive personal data” as used interchangeably) requires additional protection. In particular, the GDPR prohibits the processing of sensitive personal data, other than in certain exceptional circumstances. Sensitive personal data in the EEA includes information relating to one’s race or ethnicity, political opinions, religious or philosophical beliefs, membership of a trade union, as well as biometric data and data relating to one’s health or sexual orientation (“Sensitive Personal Information”. Certain US state privacy laws (i.e., “Data Protection Law”) also have different definitions of Sensitive Personal Information, which may also include precise geolocation, citizenship or immigration status, and Personal Information from a known child.
Visiting the Hearsay Website
Some pages of the Hearsay Website allow you to fill out a web form and share your personal information with us directly, such as on our “Contact Us” page and on our “Submit a request” page. Information we collect consists of:
Occasionally, we may also offer opportunities for you to share your data with us such as through a survey, to sign up for a newsletter, or to register for or receive details about an event we are sponsoring. If you participate in those surveys, sign up for a newsletter, or register for an event, we will collect the information you provide to us at that time. You will be able to unsubscribe from receiving those types of communication at any time.
In addition, if you send us an email or otherwise contact us, we will collect the personal information that you provide to us at that time.
When you visit the Hearsay Website, we, or authorized third parties, collect information, including Device and Usage Information described below, by automated means using cookies, web beacons, server logs or other tracking technologies for analytic purposes. For more information on our use of these technologies and the data that they collect, please see our Cookie Statement. We may also collect information from third parties, as explained below.
Device and Usage Information
When you visit, use or interact with the Hearsay Website, even if you do not have an account, we, or authorized third parties (such as service providers or External Ad Partners (as defined in the Targeted Advertising section below), may collect information about your use of the Hearsay Website via your device. Device and Usage Information that we, or these authorized third parties, collect consists of: