Hearsay Social, Inc. (“Hearsay”), is a web and mobile-based software platform that allows financial services and insurance companies (“Customers”) and their employees and/or designated agents with access to the Services (“Users”) to utilize electronic communications channels (such as social media, websites, email, mobile voice and text message) to communicate with clients and prospects (“SaaS Services”).

This Privacy Policy applies to Hearsay’s Website and Hearsay’s SaaS Services; collectively “Services.” This Privacy Policy contains details about how we collect, use, disclose, process, share and secure personal information that we obtain from and about you when you interact with our Services. Our collection and processing of information that alone or in conjunction with other information may reasonably identify you (“Personal Information”) may be either for our own purposes, or on behalf of other entities to whom we provide services.

If you have any questions regarding the collection and processing of Personal Information performed by us on behalf of another entity please consult that entity’s privacy policy.  If, after reviewing this Privacy Policy, you have any questions or privacy concerns, please send us an email to privacy@hearsaycorp.com (see the How to Contact Us about Privacy section). We are committed to protecting the privacy of those with whom we interact.

For purposes of this Privacy Policy, the words “our,” “us,” “we,” and “Hearsay” refer to Hearsay Social, Inc., and our affiliates (which includes any person or entity that controls us, is controlled by us, or is under common control with us, such as our subsidiary, parent company, or our employees).

For the purpose of this Notice, Personal Information shall by interchangeable with Personal Data, and each shall have the meaning assigned to it by applicable laws, including, but not limited to, information that directly or indirectly, on its own or in conjunction with other information, identifies an individual. Please read this Notice carefully.

NEVADA, CALIFORNIA, COLORADO, CONNECTICUT, OR VIRGINIA RESIDENTS OR RESIDENTS OF ANOTHER STATE THAT OFFER CERTAIN PRIVACY RIGHTS: If you are a resident of Nevada, California, Colorado, Connecticut, or Virginia or resident of another state that offers certain privacy rights, this entire Privacy Policy applies to you. However, please see Additional Information for California Residents below, which will inform you in detail about our information collection practices and your specific rights.

INDIVIDUALS LOCATED IN THE EEA OR THE U.K.: If you are located in the European Economic Area (“EEA”) or the United Kingdom (“U.K.”), this entire Privacy Policy applies to you. However, please see Additional Information for Individuals in the EEA below, which will inform you in detail about our legal bases for processing and which rights you have in connection with our processing of your personal data.

Applicability

We collect information in several contexts as described below. This policy also does not apply to information we collect in connection with providing services to our business clients, where we act as a service provider and process Personal Information in accordance with their instructions (see “Hearsay Processor and Service Provider Data”).  Such information is subject to the Privacy Policies of the other financial institutions. 

This Policy applies only to Hearsay operated services and applications, including our online services, mobile-based application, and Website. Our Services may contain links to other websites that are not operated or controlled by Hearsay. Hearsay does not control such third-party websites or their privacy practices. Any personal information you choose to give to third-party websites is not covered by this Notice.

Changes to this Privacy Policy

Hearsay may update this Privacy Policy from time to time, in its sole discretion. If we do so, we will post an updated Privacy Policy on the Hearsay Website and provide prompt written notice of such updates, as applicable. Changes, modifications, additions, or deletions will be effective when posted unless stated otherwise. If we make material or significant changes, we may also send our Customers a notice that we have changed this Privacy Policy. Your continued use of the Hearsay Website and Services, and/or your continued provision of personal information to us after the posting of such notice, will be deemed an acceptance of any changes and subject to the terms of the then-current Privacy Policy. If any of the changes are unacceptable to you, you should cease interacting with us. When required under applicable law, we will seek affirmative consent from you before making material changes to the way we handle Personal Information previously collected from you. If you do not provide such consent, Personal Information will continue to be used in a manner that is consistent with the version of this Notice under which it was collected.

International Transfers

We are located in the United States, and the personal information that we collect is stored on servers located in the United States. This means that your Personal Information will be collected, processed, and stored in the United States, which may have data protection laws that are different from (and sometimes less protective than) the laws of your country or region, such as the General Data Protection Regulation 2016/679 (“GDPR”) in the European Union.

By sending us Personal Information, you agree and consent to the processing of your personal information in the United States, which may not offer an equivalent level of protection to that required in other countries (particularly the European Economic Area).

We have implemented safeguards designed to ensure that the Personal Information we process remains protected in accordance with this Privacy Policy, including when processed internationally or by our third-party service providers and partners. The safeguards we may take at our discretion include, for instance, entering into specific agreements in connection with any onward transfers of personal information. We may implement other mechanisms and take similar appropriate safeguards with our third party service providers and partners. Further details can be provided upon request.

Our Data Processing Role

Hearsay acts  as a ‘data controller’ when it collects Personal Information on its own behalf and for its own Business Purposes, such as through our publicly-accessible Website, and  as a ‘data processor’ when it collects and processes personal information on behalf of its Customers in order to provide the SaaS Services.  As such, this Privacy Policy is separated into two main sections that address our different roles:

1. Hearsay Website (Controller and Business Data).  This Section describes the type of Personal Information (or personal data, as used interchangeably) that we collect for our own Business Purposes, such as from the Hearsay Website or from our Customers, as well as how we use and disclose such information.
   

2. Hearsay Processor and SaaS Service Provider Data.  This Section describes the type of Personal Information that we collect on behalf of our Customers in order to provide our SaaS Services.

Please note that how you exercise certain rights will depend on whether Hearsay is processing your Personal Information as a ‘data controller’ or as a ‘data processor’, and is further explained throughout this Privacy Policy:

If you are a visitor of the Hearsay Website or a Customer and have any questions about this Privacy Policy or requests for access to or deletion or rectification of personal information that Hearsay collects and processes contact us at privacy@hearsaycorp.com or by mail at:

Attn: Legal Department

Hearsay Social, Inc. d/b/a Hearsay Systems
600 Harrison Street, Suite 120
San Francisco, CA 94107
United States of America

Individuals in the EEA or the U.K. may contact Hearsay at:

Attn: Legal Department 
Hearsay Social, Inc. d/b/a Hearsay Systems
Koztelek utca 6, 1147 Budapest
privacy@hearsaycorp.com ‍

Below is a description of the personal information that we gather from you as a visitor to Hearsay Website, which includes https://hearsaysystems.com and other websites where this Privacy Policy is posted.  Information about personal information collected through the account portal and the Saas Services can be found in the Hearsay Processor and SaaS Service Provider Data section below.

In this section, “you” refers to an individual visiting the Hearsay Website.

When you visit the Hearsay Website, we collect information directly from you when you provide it to us, such as when you request a demo, and indirectly, such as through the use of cookies and similar technology.

Data Protection Law (as defined below) recognizes that Sensitive Personal Information (or “sensitive personal data” as used interchangeably) requires additional protection. In particular, the GDPR prohibits the processing of sensitive personal data, other than in certain exceptional circumstances. Sensitive personal data in the EEA includes information relating to one’s race or ethnicity, political opinions, religious or philosophical beliefs, membership of a trade union, as well as biometric data and data relating to one’s health or sexual orientation (“Sensitive Personal Information”. Certain US state privacy laws (i.e., “Data Protection Law”) also have different definitions of Sensitive Personal Information, which may also include precise geolocation, citizenship or immigration status, and Personal Information from a known child.

Information Collected Directly from You

Visiting the Hearsay Website

Some pages of the Hearsay Website allow you to fill out a web form and share your personal information with us directly, such as on our “Contact Us” page and on our “Submit a request” page. Information we collect consists of:

• Name
• E-mail address
• Country of residence
• Phone number
• Company name
• Job title and position

Occasionally, we may also offer opportunities for you to share your data with us such as through a survey, to sign up for a newsletter, or to register for or receive details about an event we are sponsoring. If you participate in those surveys, sign up for a newsletter, or register for an event, we will collect the information you provide to us at that time. You will be able to unsubscribe from receiving those types of communication at any time.

In addition, if you send us an email or otherwise contact us, we will collect the personal information that you provide to us at that time.

Information Collected Indirectly

When you visit the Hearsay Website, we, or authorized third parties, collect information, including Device and Usage Information described below, by automated means using cookies, web beacons, server logs or other tracking technologies for analytic purposes. For more information on our use of these technologies and the data that they collect, please see our Cookie Statement. We may also collect information from third parties, as explained below.

Device and Usage Information

When you visit, use or interact with the Hearsay Website, even if you do not have an account, we, or authorized third parties (such as service providers or External Ad Partners (as defined in the Targeted Advertising section below), may collect information about your use of the Hearsay Website via your device. Device and Usage Information that we, or these authorized third parties, collect consists of:

• Device Information:  information about the devices and software you use to access the Hearsay Website – primarily the internet browser or mobile device that you use, the website or source that linked or referred you to the Hearsay Website, your IP address or device ID (or other persistent identifier that uniquely identifies your computer or mobile device on the Internet), the operating system of your computer or mobile device, device screen size, and other similar technical information.
• Usage Information:  information about your interactions with the Hearsay Website, including access dates and times, hardware and software information, device event information, crash data, and cookie data. This information allows us to understand the screens that you view, how you have used the Hearsay Website (which may include administrative and support communications with us or whether you have clicked on third party links), and other actions on the Hearsay Website. We, or our authorized third parties, automatically collect log data when you access and use the Hearsay Website, even if you have not created an account or logged in. We use this anonymized information to administer and improve the Hearsay Website, analyze trends, track users’ use of the Hearsay Website, and gather broad demographic information for aggregate use.
• Location Data:  we, or authorized third parties, collect your location data, including city, metro code, zip code, state, country, latitude and longitude, and area code through your IP address. To disable the collection of precise location information from your mobile device through the Hearsay Website, you can access your mobile device settings and choose to limit that collection.

Information from Third Parties

In some instances, we process personal information from third parties, such as data from our External Ad Partners (see the Targeted Advertising section below). These third parties may also use tracking technologies to serve you advertisements tailored to interests you have shown by browsing on this Website and other sites, applications, destinations, and services you have visited, and for other lawful Business Purposes (as defined below).

To provide you with more relevant and interesting experiences, we may work with third party companies to display ads or customize the content on this Website and on other digital properties and websites. These companies may use cookies and similar tracking technologies as described in this Notice to gather information about your visits to our Website, as well as your visits elsewhere on the Internet. These companies use this information to provide you with more relevant advertising known as interest-based advertising. 

We, or our authorized partners, collect and process personal information in order to:

• Provide you the Hearsay Website and our Services, this includes our collection of Sensitive Personal Information (Business Purpose);
• Ensure that the Hearsay Website is operational and optimized for user experience, as well as enforce our agreements with you if necessary (Business Purpose); 
• Improve the content and general administration of the Hearsay Website (Business Purpose);
• Enhance user experience, including to provide you with customer support or to personalize your experience (Business Purpose);
• Detect fraud, illegal activities, or security breaches (Business Purpose);
• Enable third parties to deliver advertising to you (Commercial Purpose);
• Provide you with notices regarding Services that you have purchased or may wish to purchase in the future including, in some cases, to send you direct marketing communications regarding other services that we may think are of interest to you (Business Purpose and Commercial Purpose);
• Respond to your queries and requests, or otherwise communicate directly with you (Business Purpose);
• Perform system maintenance and upgrades, and enable new features (Business Purpose);
• Understand how you access and use the Hearsay Website in order to provide technical functionality, develop new products and services, and analyze your use of the Hearsay Website, including to conduct statistical analyses and analytics (Business Purpose);
• Provide information to regulatory bodies, when legally required, and only as outlined in this Privacy Policy (Business Purpose); and/or
• To comply with applicable law or protect the rights or property of Hearsay, our Customers or others (Business Purpose).

Additionally, we may disclose information about users (i) if it is required to do so by law or legal process; (ii) as may be required to law enforcement authorities or other government officials, (iii) when Hearsay believes disclosure is necessary or appropriate to prevent physical harm, financial loss or in connection with an investigation of suspected or actual illegal activity, or (iv) to respond to claims by third parties.

For California residents, please see the Additional Information for Certain States Section below for more information on specific purposes of collection for each category of Personal Information collected in the past 12 months as a “Business” under the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act of 2020. For Colorado, Connecticut, and Virginia residents, please also see the Additional Information for Certain States.

For individuals located in the EEA or the U.K., please see the Additional Information for Individuals in the EEA and the U.K. Section below for more information, including our legal bases for processing. 

Disclosure of Your Personal Information 

We disclose your Personal Information under certain circumstances, such as to our service providers or in the event of a business transfer, as further described below.

Hearsay may share Personal Information and/or Sensitive Personal Information with our third party agents, contractors, or service providers who are hired to perform services on Hearsay’s behalf or in order to assist with certain Business Purposes and/or Commercial Purposes. These providers may operate or support certain functions of the Hearsay Website and Services. Below is a list of categories of service providers that we may use to perform these functions (which are subject to change):

• Analytics services
• Customer support services
• Event sponsors
• External Ad Partners
• Hosting and content delivery network services
• Communication tools
• Professional service providers, such as auditors, lawyers, consultants, accountants and insurers

Service providers process your Personal Information and/or Sensitive Personal Information for the specific purpose of providing their services to us (and in accordance with our instructions).

As explained here, we also work with and disclose Personal Information to External Ad Partners who assist us with advertising and marketing our Services.

In some cases, service providers and External Ad Partners collect your Personal Information and/or Sensitive Personal Information directly from you, such as via cookies.

Affiliates

We may share data collected from you from the Hearsay Website with our affiliate entities.

Business Transfers

As we continue to grow, we may purchase websites, applications, subsidiaries, or other businesses or business units. Alternatively, we may sell businesses or business units, merge with other entities, obtain financing, and/or sell assets or stock, in some cases, as part of a reorganization or liquidation in bankruptcy. In order to evaluate and/or as part of these transactions, we may transfer your personal information to a successor entity upon a merger, consolidation, or other corporate reorganization in which Hearsay participates, to investors and/or to a purchaser or acquirer of all or a portion of Hearsay’s assets, including bankruptcy.

Aggregated or Anonymized Information

We share anonymized, aggregated, automatically-collected, or otherwise non-Personal Information with third parties for various purposes, including (i) compliance with reporting obligations; (ii) Business Purposes, Commercial Purposes, and/or marketing purposes; (iii) assistance for us and other parties in understanding our users’ interests, habits, and usage patterns for certain programs, content, services, advertisements, and/or functionality available through the Services. We do not share Personal Information about you in this case.

Legal Obligations and Security

Hearsay may preserve or disclose your Personal Information in limited circumstances (other than as set forth in this Privacy Policy), including: (i) with your consent; (ii) when we have a good faith belief it is required by law, such as pursuant to a valid subpoena, warrant, or other judicial or administrative order (as further explained below); (iii) to protect the safety of any person; (iv) to protect the safety or security of the Hearsay Website and/or Services or to prevent spam, abuse, or other malicious activity of actors with respect to the Hearsay Website and/or Services; or (v) to protect our rights or property or the rights or property of those who use the Hearsay Website and/or Services.

If we are required to disclose Personal Information by law, such as pursuant to a subpoena, warrant, or other judicial or administrative order, we will use reasonable efforts to provide you with notice of this disclosure requirement, unless we are prohibited from doing so by statute, subpoena or court or administrative order. Our policy is to respond to requests that are properly issued by law enforcement within the United States or via mutual legal assistance mechanism (such as a treaty), and to object to requests that we do not believe were issued properly. However, if we receive information that provides us with a good faith belief that there is an exigent emergency involving the danger of death or serious physical injury to a person, we may provide information to law enforcement trying to prevent or mitigate the danger (if we have it), which will be determined on a case-by-case basis.

Information from Children

Our Website is intended for individuals 18 years of age and older. It is not directed at, marketed to, nor intended for, children under 18 years of age. We do not knowingly collect any Personal Information directly from children under the age of 18. If we discover we have inadvertently received any Personal Information from a child under the age of 18 in violation of this Policy, we will take reasonable steps to delete that information as quickly as possible. If you believe that we have any Personal Information from or about anyone under the age of 18, please contact us at privacy@hearsaycorp.com.

Analytics

The Hearsay Website uses third-party analytics tools that drop cookies and/or similar technologies to collect and store information about your device and use of the Hearsay Website. We use analytics tools to calculate visitor, session and campaign data for the Hearsay Website analytics reports.

One of our tools is Google Analytics. We use Google Analytics to generate and process statistical or demographic data. Third parties, like Google, use cookies to compile reports on the website’s activity and website visitors, and provide other services related to website activity and usage. The technologies used by Google may collect information such as your IP address, time of visit, whether you are a return visitor, and any referring website. You can read more about Google’s practices in Google’s privacy policy. You can opt-out from being tracked by Google Analytics in a particular browser on a particular device by downloading and installing the Google Analytics Opt-out Browser Add-on for that browser. To learn more about how to opt-out of tracking by Google Analytics, please click here.

Another tool is the LinkedIn Insight Tag. You can read more about LinkedIn’s practices in LinkedIn’s privacy policy. LinkedIn only provides reports and alerts (which do not identify LinkedIn members) about the Hearsay website audience and ad performance (LinkedIn does not share the personal data of its members with Hearsay). LinkedIn members can control the use of their personal data for advertising purposes through their account settings.

Marketing & Advertising

Direct Marketing

We market our company and Services in a variety of ways.  Below is a description of what data we gather from you, and how we use it for purposes of these marketing activities. We gather information from or about you in the following different roles:

• Individuals, entities and others who have no relationship with Hearsay, meaning that Hearsay has acquired data about them through a third party (“Leads”)
• Individuals, entities or others who have contacted Hearsay or otherwise inquired about Hearsay’s products or services 
• Customers and Users

Occasionally, we may also offer opportunities for you to share your data with us such as through a survey, to sign up for a newsletter, or to register for or receive details about an event we are sponsoring. If you participate in those surveys, sign up for a newsletter, or register for an event, we will collect the information you provide to us at that time. You will be able to unsubscribe from receiving those types of communication at any time.

In some cases, you provide Personal Information directly to Hearsay as part of a marketing event that Hearsay hosts or co-hosts, through email or when you participate in an online webinar.  Occasionally, and only with your consent, we may send you future communications.  We may also acquire personal information about you through a third party. In particular, Hearsay engages third parties who provide us with contact information for Leads. When acquiring information from third parties, Hearsay endeavors to obtain contractual commitments from the third parties that the information was acquired lawfully and with the appropriate level of consent. 

Our communications to you for marketing purposes will contain instructions on how you can opt-out from receiving future communications, and if you consent to our use of your personal information for marketing purposes, you may always withdraw your consent. You may also contact Hearsay directly about its marketing activities at privacy@hearsaycorp.com.

Hearsay engages third-party advertising networks (“External Ad Partners”) to display advertising about our Services when you visit other websites within that advertising network. Like many other companies, we rely on retargeting, also known as remarketing, which is a type of marketing strategy that helps businesses “remind” visitors of their products and services after they leave their websites. For instance, through the use of cookies (and similar technologies) placed by External Ad Partners, online identifiers (considered personal information) are collected and then used to identify visitors to the Hearsay Website on other websites or social media platforms. With this information our External Ad Partners may serve relevant ads on consumers who previously visited the Hearsay Website. 

Individuals in the EEA, the U.K., or certain U.S. state residents (i.e., Consumers, as defined below) have additional rights, as explained here and here.

Social Media 

Hearsay maintains an online presence on social media platforms (“Social Media Platforms”) such as Instagram, Twitter, Facebook and Linkedin, to provide information about our Services and communicate with users and/or visitors to those pages or accounts. When you interact or post to our account, we process your Personal Information. In some cases, the Social Media Platforms are service providers or processors. In other cases, such as with Facebook, we are jointly responsible for the processing, as explained in the section titled Hearsay as a ‘Joint Controller’ with Facebook.

How We Secure Personal Information and Sensitive Personal Information

We use reasonably appropriate security measures designed to protect the security of Personal Information and Sensitive Personal Information both online and offline. These measures vary based on the sensitivity of the information that we collect, process and store and the current state of technology. Please note, though, that no website or internet transmission is completely secure, so while we strive to protect your data, we cannot guarantee that unauthorized access, hacking, data loss or a data breach will never occur.

Do-Not-Track Signals

Certain internet web browsers allow a “do not track” (“DNT”) setting that relies on a technology known as a DNT header, which sends a signal to websites visited by the individual about the individual’s browser DNT setting. At this time, we do respond to DNT signals.  For more information on DNT settings generally, please visit https://allaboutdnt.com.

Hearsay Website

How you make choices about cookies and other tracking technologies depends on the type of cookie or tracking technology being used. For details on how to manage your preferences for cookies and tracking technologies within your web browser, please see our Cookie Statement. 

Marketing Activities  

If you are receiving promotional emails from us, you can choose to stop receiving those by following the unsubscribe/opt-out instructions in those emails. You can also opt-out by contacting customer support at support@hearsaycorp.com.

Accessing and Changing Your Information

To request access to, or to make changes to, data that we have collected from you via the Hearsay Website, please email us at privacy@hearsaycorp.com. Individuals in the EEA, the U.K., or certain U.S. state residents (i.e., Consumers, as defined below) have additional rights, as explained here and here.

Categories of Recipients of Personal Data

The categories of recipients of personal data with whom we may share your personal data are listed in Disclosure of Your Personal Information above.

Purpose(s) of the Processing and Legal Bases

Hearsay as ‘Data Controller’

As a ‘data controller’, Hearsay processes your Personal Information for a number of different purposes. Some are essential for us to provide the Services or to fulfill our legal obligations, some help us run the Services efficiently and effectively, and some enable us to provide you with more relevant and personalized offers and information. In all cases, with respect to individuals in the EEA or the U.K., we must have a reason and a legal ground for processing your personal information. The most common legal grounds on which we rely are briefly explained below:

• Performance of a Contract: we may process your personal data in order to enter into, or perform a contract to which you are a party – in other words, your ability to use the Services - for instance, when a Customer signs up for the Services.
  

• Legitimate Interests: we may process personal data where it is necessary for our legitimate business interests, but only to the extent that they are not outweighed by your own interests or fundamental rights and freedoms. We generally rely on legitimate interests to provide and maintain the Hearsay Website and the Services and ensure that they work well (and securely), to carry out fraud prevention, and to generally improve the Services. When we rely on this legal basis, if required, we will carry out a legitimate interest assessment to ensure we consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws.
  
  
• Consent: We rely on consent where it is required, such as when we are asking you to confirm your marketing preferences. When we rely on consent, you will be asked to confirm that you give your permission to Hearsay to process your personal data. You have the right to withdraw your consent at any time if you no longer want to be part of the Hearsay processing activity where your consent was sought.
  

• Legal Obligation: Hearsay may have legal obligations to retain and/or disclose your personal data, or may cooperate in a legal or governmental investigation. It is essential that Hearsay complies with its legal, regulatory, and contractual requirements, so if you object to this processing, Hearsay will not be able to provide its Services to you.

The following breakdown illustrates in more detail our processing activities and how the above legal bases for processing apply (in brackets):

• Provide you the Hearsay Website and our Services [Legal Basis: Performance of a Contract]
• Ensure that the Hearsay Website is operational and optimized for user experience, as well as enforce our agreements with you if necessary [Legal Basis: Legitimate Interests or Performance of a Contract, depending on the specific use]
• Improve the content and general administration of the Hearsay Website and the Services [Legal Basis: Legitimate Interests]
• Enhance user experience, including to provide you with customer support or to personalize your experience [Legal Basis: Legitimate Interests]
• Detect fraud, illegal activities, or security breaches [Legal Basis: Legitimate Interests]
• Enable third parties to deliver advertising to you [Legal Basis: Legitimate Interests or Consent, depending on the specific circumstances]
• Provide you with notices regarding Services that you have purchased [Legal Basis: Performance of a Contract]
• Providing you information about Services that you may wish to purchase in the future including, in some cases, to send you direct marketing communications regarding other services that we may think are of interest to you [Legal Basis: Legitimate Interests]
• Respond to your queries and requests, or otherwise communicate directly with you [Legal Basis: Legitimate Interests or Performance of a Contract, depending on the specific use]
• Perform system maintenance and upgrades, and enable new features [Legal Basis: Legitimate Interests]
• Understand how you access and use the Hearsay Website in order to provide technical functionality, develop new products and services, and analyze your use of the Hearsay Website, including to conduct statistical analyses and analytics [Legal Basis: Legitimate Interests]
• Provide information to regulatory bodies when legally required, and only as outlined in this Privacy Policy [Legal Basis: Compliance with a Legal Obligations] 
  ‍

We use Facebook’s products and services (“Facebook Products”) in different ways:

• To advertise our Services, as well as to communicate with interested parties or prospects, we also have a presence on Facebook (including Instagram)
• Through Facebook’s social plugins as explained here

With respect to our use of Facebook Products, we are jointly responsible with Facebook Ireland for the processing activities (“Joint Processing”):

Facebook Ireland Ltd., 
4 Grand Canal Square, Grand Canal Harbor
Dublin 2, Ireland 

Information about the personal data that is collected from you by Facebook, as well as how and why it is processed by Facebook, can be found at https://www.facebook.com/about/privacy.

Hearsay and Facebook have entered into an agreement in order to determine the respective responsibilities for compliance with our obligations in connection with the Joint Processing within the meaning of the GDPR. This joint controller agreement, which sets out the reciprocal obligations, is available here.

Hearsay’s legal basis for processing your personal data via Facebook Products is our legitimate interest in increasing and analyzing the communication, sales, and promotion of Services. Our legal basis may also be your consent, which may be revoked at any time.

Some processing by Facebook Ireland Ltd. might take place in the United States by Facebook Inc.

How Long Do We Keep Your Personal Information?

We use the following criteria to determine our retention periods: the amount, nature and sensitivity of your information, the reasons for which we collect and process your personal data, the length of time we have an ongoing relationship with you and provide you with access to our Services, and applicable legal requirements. We will retain personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to comply with applicable legal, tax, or accounting requirements), when we are unable to reasonably verify your identity, or as may otherwise be required under GDPR. Additionally, we cannot delete information when it is needed for the establishment, exercise, or defense of a legal claim (also known as a “litigation hold”). In this case, the information must be retained as long as needed for exercising respective potential legal claims.

When we no longer have a legitimate business need to process your personal information, it is deleted and/or anonymized. If you have questions about, or need further information concerning, our data retention periods, please email privacy@hearsaycorp.com.

Staying in Control of Your Information: Your Rights

If the GDPR or the U.K., applies to you because you are in the EEA or the U.K., you have certain rights in relation to your personal data:

• The right to be informed – our obligation to inform you that we process your personal data (and that is what we are doing in this Privacy Notice)
• The right of access – your right to request a copy of the personal data we hold about you (also known as a ‘data subject access request’)
• The right to rectification – your right to request that we correct personal data about you if it is incomplete or inaccurate (though we generally recommend first making any changes in your Account Settings)
• The right to erasure (also known as the ‘right to be forgotten’) – under certain circumstances, you may ask us to delete the personal data we have about you (unless there is an overriding legal reason we need to keep it)
• The right to restrict processing – your right, under certain circumstances, to ask us to suspend our processing of your personal data
• The right to data portability – your right to ask us for a copy of your personal data in a common format (for example, a .csv file)
• The right to object – your right to object to us processing your personal data (for example, if you object to us processing your data for direct marketing)
• Rights in relation to automated decision-making and profiling – our obligation to be transparent about any profiling we do, or any automated decision-making,
  ‍

These rights are subject to certain rules around when you can exercise them. If you are located in the EEA or the U.K. and wish to exercise any of the rights set out above, please contact us (see How to Contact Us about Privacy).

We will respond to all legitimate requests within one month. Occasionally, it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated as required by law.

Finally, you have the right to make a complaint at any time to the supervisory authority for data protection issues in your country of residence. We would, however, appreciate the chance to address your concerns before you approach the supervisory authority, so please contact us directly first at privacy@hearsaycorp.com.

This privacy notice for Nevada, California, Colorado, Connecticut, and Virginia residents, and residents of other states with applicable privacy laws (“State Privacy Notice”) supplements the information contained in the Privacy Policy and applies solely to individuals who reside in the applicable state (“Consumers”). We have created this State Privacy Notice in order to comply with the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act (collectively, “CPRA”), the Colorado Privacy Act (“CPA”), the Connecticut Data Privacy Act (“CTDPA”), the Virginia Consumer Data Protection Act (“VCDPA”), and other applicable privacy laws (collectively, “Data Protection Law”).

Scope

This CPRA Notice applies to Personal Information that Hearsay collects for its own purposes. It does not apply to:

• Personal Information that Hearsay collects as a service provider on behalf of its Customers
• Personal Information collected in the employment context from employees and job applicants

Categories of Information We Collect

We collect Personal Information as that term is defined in CPRA. Within the last twelve (12) months, Hearsay has collected the following categories of Personal Information from or about Consumers:

• Identifiers, such as a real name, unique personal identifier, online identifier, IP Address, email address, or account name
• Personal information categories listed in the California Customer Records Statute (Cal. Civ. Code § 1798.80(e)), such as a name, signature or telephone number
• Protected classification characteristics under California or federal law, such as age, ancestry and national origin, genetic information, marital status, race, religion or gender
• Commercial information, such as records of products purchased, obtained, or considered, or other purchasing or consuming histories or tendencies
• Internet or other similar network activity, such as browsing history or information on a Consumer’s interaction with a website or application
• Geolocation data, such as physical location
• Professional or employment-related information, such as a job title or position
• Inferences drawn from other Personal Information, such as profile information reflecting a person’s preferences.
• Sensitive Personal Information, such as geolocation data and contents of social and text messages.

Personal information does not include:

• Publicly available information from government records
• Deidentified or aggregated Consumer information
• Certain other information that is already regulated by other laws or regulations
• Information that is specifically exempt from the scope of the CPRA.

Categories of Sources of Personal Information and/or Sensitive Personal Information

As explained in more detail here, Hearsay obtains the categories of personal information listed above from the following categories of sources:

‍
How We Process Your Personal Information and Our Legal Bases for Doing So

We collect and process your Personal Information and/or Sensitive Personal Information whenever you use our Website and/or Services.

Under the CPRA, we must disclose the purposes for which we collect your information. Our purposes include Business Purpose and Commercial Purposes, as generally described below.

• Business Purposes, which include auditing, security, debugging/repair, certain short-term uses, performing services, internal research for technical development, quality and safety maintenance and verification, as well as the use of your Personal Information for our operational purposes, or other notified purposes that use your Personal Information and/or Sensitive Personal Information as reasonably necessary and proportionate to achieve the operational purpose; and
• Commercial Purposes, which include use of your Personal Information and/or Sensitive Personal Information to advance our commercial or economic interests, such as encouraging others to buy, rent, lease, join, subscribe to, provide, or exchange products, goods, property, information, or services, or enabling or effecting, directly or indirectly, a commercial transaction.

In the section Why We Collect Your Personal Information and How We Use It, we explain the purposes for which we process this information, pursuant to Data Protection Law(s), along with the relevant categories of data we use and the legal basis we rely on to do so or other permitted reasons for processing (e.g. Business Purposes or Commercial Purposes under the CPRA). For clarity, the terms Business Purpose and Commercial Purpose, are being used to sufficiently describe the purpose of processing, transferring, sharing, sale, and/or sharing, as applicable, of all your Personal Information and/or Sensitive Personal Information under all Data Protection Law(s). As previously mentioned, Hearsay transfers and/or discloses your geolocation data and the contents of your social and text messages, which is Sensitive Personal Information, in order to provide the Service as well as for compliance reasons.

Disclosure of Personal Information

Hearsay may disclose your Personal Information to service providers, contractors, and/or third parties (as defined by CPRA) (or processor or third party, as defined by applicable Data Protection Law(s)) for a Business Purpose and/or Commercial Purpose. When we disclose Personal Information for a Business Purpose and/or Commercial Purpose, we enter into a contract that describes the purpose and requires the recipient to both keep that Personal Information confidential and not use it for any purpose except performing the services for us. As explained in more detail here, we also share your Personal Information with certain categories of service providers, contractors, and/or third parties who assist us in providing the Hearsay Website and Services and with our business.
‍

Disclosure of Personal Information and/or Sensitive Personal Information For Business Purposes and/or Commercial Purposes in the Past 12 Months

We disclose your Personal Information and/or Sensitive Personal Information for a Business Purpose and/or Commercial Purpose to the following categories of Service Providers:

• Companies that do things to help us provide the Services: hosting service providers, user engagement and customer support providers, certain analytics providers,, communication tools
• Professional service providers, such as auditors, lawyers, consultants, accountants and insurers.

The following chart describes the categories of Personal Information and Sensitive Personal Information that we disclosed to service providers, contractors, and/or third parties for a Business Purpose and/or Commercial Purpose in the 12 months prior to the date of this Privacy Policy. As noted below in the chart, Hearsay transfers and/or discloses your geolocation data and the contents of your social and text messages, which is Sensitive Personal Information, in order to provide the Service as well as for compliance reasons.

Sale and Sharing of Personal Information and Sensitive Personal Information

The CPRA defines ‘sale’ and ‘share’ very broadly. ’Sale’ includes the sharing of Personal Information with third parties in exchange for anything of value, while ‘share’ means disclosure of Personal Information to third parties for cross contextual behavioral advertising. According to these broad definitions, in the 12 months before this section was last updated, we may have sold or shared the following categories of Personal Information to third parties:

• A. Identifiers
• B. Personal Information categories listed in the California Customer Records Statute (Cal. Civ. Code § 1798.80(e))
• C. Protected classification characteristics under California or federal law
• D. Commercial Information
• F. Internet or other similar network activity
• G. Geolocation data
• H. Visual information
• I. Professional or employment-related information
• K. Inferences drawn from other Personal Information
  ‍

Your Rights and Choices Under CPRA

The CPRA provides Consumers with specific rights regarding their Personal Information, provided that we are able to verify their identities as explained below. This section describes your CPRA rights and explains how to exercise them.

Please note that the rights to opt-out, access and deletion do not apply to Personal Information reflecting a written or verbal communication or a transaction between Hearsay and a Consumer, where the Consumer is a natural person who is acting on behalf of a company, partnership, sole proprietorship, non-profit, or government agency (“Entity”) and whose communications or transaction with Hearsay occur solely within the context of Hearsay conducting due diligence regarding, or providing or receiving the Services to or from such Entity.

Opting-out of Sales or Sharing of Your Personal Information

You have the right to opt-out of our sharing or selling of your Personal Information with some External Ad Partners in certain circumstances. If you would like to opt-out of the sale of Personal Information, please click here.You can also opt-out of the sale or sharing of your Personal Information that is collected automatically when you visit the Website by clicking here.

Hearsay does not sell or share Personal Information collected on the Hearsay mobile-based software platform.

Access to Specific Information

You have the right to request that Hearsay disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive your request and verify your identity, as explained in Exercising Your Consumer Rights, we will disclose such information to you.

Right to Data Portability

You have the right to receive the Personal Information that you have provided to Hearsay, in a structured, commonly used and machine-readable format, and you have the right to transmit that information to another controller, including to have it transmitted directly, where technically feasible.

Right to Correction

As of January 1, 2023, you have the right to have your Personal Information corrected.

Deletion Request Rights

You have the right to request that Hearsay delete your personal information, subject to certain exceptions listed in the CPRA. Once we receive your request and verify your identity, as explained in Exercising Your Consumer Rights, we will delete (and direct our service providers, contractors, third parties, and/or processors, as applicable, to delete) your Personal Information from our records, unless an exception applies.

Your Right to Limit the Use Sensitive Personal Information We Have Collected About You

You have the right to limit our use of your Sensitive Personal Information if we use it for purposes other than providing the Services to you. We currently do not use your Sensitive Personal Information for purposes other than providing the Service/ for the Business Purposes above.

Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable Consumer request related to your personal information.

An authorized agent is a natural person or a business entity registered with the Secretary of State that a Consumer has authorized to act on his or her behalf. When a Consumer uses an authorized agent to submit a request to know or a request to delete, Hearsay may require that the Consumer provide the authorized agent written permission to do so and verify his or her own identity directly with Hearsay, unless the Consumer has provided the authorized agent with a valid power of attorney. Hearsay may deny a request from an agent that does not submit proof that he or she has been authorized by the Consumer to act on his or her behalf.

To exercise the rights described above, please submit a verifiable Consumer request to us by either calling us at 1-888-399-2280 or mailing privacy@hearsaycorp.com.

You may only make a verifiable Consumer request for access or data portability twice within a 12-month period. In particular, you can request the following:

1. Specific Pieces of Information

• The specific pieces of your personal information that we’ve collected about you in the past 12 months.

2. Categories of Information

• The categories of your personal information that we’ve collected in the past 12 months.
• The categories of sources from which we collected personal information.
• The business or commercial purposes for which we collected or sold personal information.
• The categories of third parties with which we shared personal information in the past 12 months. 
• The categories of third parties to whom we’ve sold personal information in the past 12 months, and the category or categories of personal information sold to each.
• The categories of personal information that we’ve shared with service providers who provide services for us in the past 12 months, like processing your bill, and the category or categories of personal information sold to each. 
  ‍

The verifiable Consumer request must:

• Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
• Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. We will notify you to explain the basis of the denial.

If we have a good-faith, reasonable belief that a request to opt-out of the sale or sharing of Personal Information is fraudulent, we may deny the request. Should this occur, we will inform you and explain why we believe the request is fraudulent.

Making a verifiable Consumer request does not require you to create an account with us. Please note that the methods for verification are set forth in the CCPA, which also requires us to consider a number of factors, such as the type, sensitivity, and value of the personal information or the risk of harm posed by unauthorized access or deletion, on a case-by-case basis.

We will only use personal information provided in a verifiable Consumer request to verify the requestor’s identity or authority to make the request.

Upon your request, we will delete the Personal Information we have collected about you, except for situations where the CPRA authorizes us to retain specific information, including when it is necessary for us to provide you with a good or service that you requested; perform a contract we entered into with you; maintain the functionality or security of our systems; or comply with or exercise rights provided by the law. The law also permits us to retain specific information for our exclusively internal use, but only in ways that are compatible with the context in which you provided the information to us or that are reasonably aligned with your expectations based on your relationship with us. We will act on your deletion request within the timeframes set forth below.

Response Timing

We endeavor to respond to a verifiable Consumer request generally within 45 days of its receipt, or as otherwise required by the CPRA, although we may take longer to process your request under certain circumstances. If we expect your request is going to take us longer than normal to fulfill, we will let you know. 

Any disclosures we provide will only cover the 12-month period preceding our receipt of the verifiable Consumer’s request. If applicable, in our response, we will also explain the reasons we cannot comply with a request. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We usually act on requests and provide information free of charge, but we may charge a reasonable fee to cover our administrative costs of providing the information in certain situations. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request. In some cases, the law may allow us to refuse to act on certain requests. When this is the case, we will endeavor to provide you with an explanation as to why.

Non-Discrimination and Notice of Financial Incentives

We will not discriminate against you in a manner prohibited by the CCPA because you exercise your CCPA rights. Please note that to use our Services, we do require the collection of your personal information – for example, to sign you up. While you may request to delete your personal information under CCPA, such deletions may affect our ability to offer the Services.

Requests for Household Information

There may be some types of Personal Information that can be associated with a household (a group of people living together in a single dwelling). Requests for access or deletion of household Personal Information must be made by each member of the household. We will verify the identity of each member of the household using the verification criteria explained above and will also verify that each household member is currently a member of the household. 

If we are unable to verify the identity of each household member with the degree of certainty required, we will not be able to respond to the request. We will notify you to explain the basis of our denial. 

California Shine the Light

California Civil Code Section 1798.83, also known as the “Shine the Light” law, permits California residents to annually request, free of charge, information about certain categories of Personal Information a business has disclosed to third parties for direct marketing purposes in the preceding calendar year. California residents may make such request to us at privacy@hearsaycorp.com. We will provide a list of the categories of personal information disclosed to such third parties for their direct marketing purposes during the immediately preceding calendar year, along with the names and addresses or these third parties. This request may be made no more than once per calendar year. We reserve our right not to respond to requests submitted other than to the email specified in this section.

‍

Notice and Consumer Rights Under Other US State Privacy Laws

Notice to Nevada Consumers

We do not sell your Personal Information within the scope of, and according to the defined meaning of, a “sale” under NRS 603A.

Virginia Residents:  Your Virginia Privacy Rights (Effective January 1, 2023)

Under Virginia’s Consumer Data Protection Act (“VCDPA”), which goes into effect January 1, 2023, Virginia residents have certain rights around Hearsay’s collection, use, and sharing of their personal data. Hearsay may sell your personal data and has provided you with notice and an opportunity to opt-out of such sale as required by law. Similarly, Hearsay may engage in profiling in furtherance of decisions that produce legal or similarly significant effects. Hearsay may engage in “targeted advertising” as that term is defined in the VCDPA. As of January 1, 2023 you have the right to opt-out of targeted advertising here. Hearsay collects various categories of personal data when you use the Services, including identifiers, commercial information, internet or other electronic network or device activity information, geolocation data, and professional information . A more detailed description of the information Hearsay collects and how we use it is provided above in the sections Information We Collect Directly From You, Information We Collect Indirectly From You, Use of Your Personal Information, How We Process Your Information and Our Legal Bases for Doing So, and Disclosure of Personal Information. Disclosure of Personal Information describes the categories of third parties with whom we share personal data, and what information may be shared under different circumstances. If you are a resident of Virginia, starting January 1, 2023 you will have the right to (1) request to know what personal data has been collected about you, and to access that information; (2) request to correct inaccuracies in your personal data; (3) request deletion of your personal data, though exceptions under the CDPA and other laws may allow Hearsay to retain and use certain personal data notwithstanding your deletion request; (4) obtain a copy of your personal data (i.e., right of data portability); and (5) the right to opt out personal data processing for the purpose of (i) targeted advertising; (ii) the sale of personal data; or (iii) profiling in further of decisions that produce legal or similarly significant effects concerning the consumer. You can learn more about how to submit a data rights request, or appeal denial of a request, as applicable, at the Exercising Your Consumer Rights section above. You may also send your request by email to privacy@hearsaycorp.com.

Colorado Residents:  Your Colorado Privacy Rights (Effective July 1, 2023)

Under Colorado’s Consumer Privacy Act (“CPA”), which goes into effect July 1, 2023, Colorado residents have certain rights around Hearsay’s collection, use, and sharing of their personal data. Hearsay may sell your personal data and has provided you with notice and an opportunity to opt-out of such sale as required by law. Similarly, Hearsay may engage in profiling in furtherance of decisions that produce legal or similarly significant effects. Hearsay may engage in “targeted advertising” as that term is defined in the CPA. As of July 1, 2023 you will have the right to opt-out of targeted advertising here. Hearsay collects various categories of personal data when you use the Services, including identifiers, commercial information, internet or other electronic network or device activity information, geolocation data, and professional information. A more detailed description of the information Hearsay collects and how we use it is provided above in the sections Information We Collect Directly From You, Information We Collect Indirectly From You, Use of Your Personal Information, How We Process Your Information and Our Legal Bases for Doing So, and Disclosure of Personal Information. Disclosure of Personal Information describes the categories of third parties with whom we share personal data, and what information may be shared under different circumstances. If you are a resident of Colorado, starting July 1, 2023 you will have the right to (1) request to know what personal data has been collected about you, and to access that information; (2) request to correct inaccuracies in your personal data; (3) request deletion of your personal data, though exceptions under the CPA and other laws may allow Hearsay to retain and use certain personal data notwithstanding your deletion request; (4) obtain a copy of your personal data (i.e., right of data portability); and (5) the right to opt out personal data processing for the purpose of (i) targeted advertising; (ii) the sale of personal data; or (iii) profiling in further of decisions that produce legal or similarly significant effects concerning the consumer. You can learn more about how to submit a data rights request, or appeal denial of a request, as applicable, at the Exercising Your Consumer Rights section above. You may also send your request by email to privacy@hearsaycorp.com.

Connecticut Residents:  Your Connecticut Privacy Rights (Effective July 1, 2023) 

Under Connecticut’s Data Privacy Act (“CTDPA”), which goes into effect July 1, 2023, Connecticut residents have certain rights around Hearsay’s collection, use, and sharing of their personal data. Hearsay may sell your personal data and has provided you with notice and an opportunity to opt-out of such sale as required by law. Similarly, Hearsay may engage in profiling in furtherance of decisions that produce legal or similarly significant effects. Hearsay may engage in “targeted advertising” as that term is defined in the CTDPA. As of July 1, 2023 you will have the right to opt-out of targeted advertising here. Hearsay collects various categories of personal data when you use the Services, including identifiers, commercial information, internet or other electronic network or device activity information, geolocation data, and professional information. A more detailed description of the information Hearsay collects and how we use it is provided above in the sections Information We Collect Directly From You, Information We Collect Indirectly From You, Use of Your Personal Information, How We Process Your Information and Our Legal Bases for Doing So, and Disclosure of Personal Information. Disclosure of Personal Information describes the categories of third parties with whom we share personal data, and what information may be shared under different circumstances. If you are a resident of Connecticut, starting July 1, 2023 you will have the right to (1) request to know what personal data has been collected about you, and to access that information; (2) request to correct inaccuracies in your personal data; (3) request deletion of your personal data, though exceptions under the CTDPA and other laws may allow Hearsay to retain and use certain personal data notwithstanding your deletion request; (4) obtain a copy of your personal data (i.e., right of data portability); and (5) the right to opt out personal data processing for the purpose of (i) targeted advertising; (ii) the sale of personal data; or (iii) profiling in further of decisions that produce legal or similarly significant effects concerning the consumer. You can learn more about how to submit a data rights request, or appeal denial of a request, as applicable, at the Exercising Your Consumer Rights section above. You may also send your request by email to privacy@hearsaycorp.com.

If you have any questions regarding this State Notice, please contact us directly.

As explained above, we process personal information from individuals described below on behalf of our Customers in order to provide our Services, in accordance with their Instructions. When we process personal information on behalf of our Customers, we are a ‘data processor’ or service provider. This includes certain information that we collect through our account portal (https://my.hearsaysocial.com/) when Users log into their accounts with Hearsay, as well as other information that is collected through the various products offered by Hearsay as part of the Services. 

For purposes of this Section, “You” may refer to a variety of people, including:

• Customers, which include individuals, entities and others who have entered into a master services or other agreement with Hearsay for the Services 
• Users, who are the individuals, entities or others who are authorized on behalf of Customers to use the Services 
• User Contacts, meaning individuals, entities and others who interact with the Services

If there are special terms and considerations, we will address the individual group by the capitalized term (Customer, User or User Contacts).  Where terms apply to all groups, we will address the group as “you.”

Personal Information We Process 

We process information (1) received directly from Customers and Users, other than personal information collected on signing up as a User of the Services, (2) from or about User Contacts through the use of the Services by Customers and Users, and (3) obtained indirectly, such as through the use of cookies or CRM integrations. 

The information that we process as part of the Services is described below in further detail. Collectively, all information processed by Hearsay in order to provide the Services is referred to “Services Information” for purposes of this Privacy Policy.

Information Collected Directly from Customers and Users

Through the Services, Customers and Users can populate their accounts with information submitted by a Customer or a User to Hearsay, or uploaded by Customer or a User to the Services, which is meant to be used and shared through the Services.  Examples of such content include articles, logos and other assets uploaded by a Customer or User to personalize a web page. In uploading or submitting this information, Customers and Users must not include any personally identifiable information contained within the uploaded materials. 

Hearsay may also contact Customers and Users to provide feedback on the Services by email or other means in order to better understand how Customers and Users use the Services. Some of the questions might include requests with a voluntary answer to provide certain additional personal identifiable information, such as name, age and geographic location. Information gathered by Hearsay will be used solely in connection with or to improve or expand the Services; however, this may include using this information within third-party services that are associated with the Services.  Please see our cookies section to better understand how we use performance cookies to improve the Services.  

Information From or About User Contacts

As part of our Services, Hearsay allows Users to connect certain digital assets such as social media accounts (including private messaging in some cases), email addresses and telephone numbers to the Services in order to communicate with User Contacts. Customers may also have their own websites hosted by Hearsay (“Customer Sites”). As a result, Hearsay processes personal information from or about User Contacts that is collected via the Customer Sites, User social media accounts and/or other connections to the Services, depending on the level of permission. For instance, when using social media networks, if Hearsay is allowed to collect social media activity about the User Contact, Hearsay will collect such information and present a summary of this information to the User. With respect to text message correspondence, Hearsay may collect, store and retain the telephone number of the User Contact, call history with the User Contact, and any contents of a text message that a User Contact made in text message communications with the User.  

Hearsay collects and/or processes Sensitive Personal Information, including precise geolocation and content of social and text messages. As explained below, the contents of social and text messages may contain additional Sensitive Personal Information that is shared by the Customer and/or User.

Any information that a User or a User Contact submits to the Services will be captured and retained by Hearsay as part of the Services.

If you are a User Contact, you may have been directed to review this Privacy Policy by one of our Customers in lieu of their own Privacy Policy.  In this case, any information about you as a User Contact that Hearsay collects will be processed and maintained in accordance with this policy. However, to understand how the Customer uses the information or to exercise any rights, please contact the Customer directly. 

Information Collected Indirectly

CRM Integrations

Certain Customers integrate their customer relationship management (CRM) systems with the Services. When this happens, Hearsay receives any information about Users and User Contacts that a Customer has collected and wishes to share with Hearsay. Hearsay will use this information within the Service to enable certain functionality (e.g., populating email contacts from a CRM so that a  User may utilize email functionality), or use insights in order to recommend certain actions (e.g., based on a combination of activity documented in CRM and the Services with a User Contact, a User might receive a recommendation to make a future communication with the same User Contact).

Publicly Available Information about Users and User Contacts

In order to better understand Users and provide a better experience, Hearsay creates various “profiles” within the Services, in order to provide more targeted content and suggest action items for a User to take within the Services. “Profiles” are not composites of personal information nor based on actual individuals, but are common characteristics identified by Hearsay to describe certain behaviors or preferences.  In order to make recommendations or suggest content, Hearsay endeavors to find out more about its Users and User Contacts. In some instances, when building these “profiles,” Hearsay may retain third parties to collect publicly available information about Users. This information may include your industry, the size of your office, and your online directory listing, to help Hearsay understand more about our customer base and to tailor information we send you about the Services.   

Anonymized Aggregated Data

Hearsay has developed proprietary algorithms that monitor all communications and transactions that occur within the Services.  Hearsay engages third parties to perform data analysis on data sets provided by Hearsay in order to improve Hearsay’s algorithms. The purpose of these algorithms is to identify patterns of behavior, either unique to a User or to defined categories of people, which may enhance a User’s use of the Services. Any data created or identified within an algorithm does not identify the activity of an individual User or User Contacts. For example, the Services may identify that a User’s social media network contacts are most active between the hours of 10 AM to 12 PM on weekdays, and would therefore recommend a User to schedule social media posts during this time. The Services algorithms gather this information based on the volume activity occurring within this network; this recommendation, or any data associated with this recommendation, would not identify the posting habits of any individual User Contact or a User. For text message communication, the Services may suggest prepopulated quick replies to certain text messages. The Services algorithms make these suggestions based on gathered information from previous replies and conversations.  

Industry Information

Hearsay collects information relating to the industry with which a User is associated: acquiring data sets about certain financial services industries, reviewing census results to identify purchasing habits of consumers, etc. The purpose of acquiring this information is to provide more information and insight for the User when using the Services.

Why We Collect Services Data and How We Use It

We or our authorized service providers process the Services Information solely as a data processor, in order to:

• Provide our Services to our Customers (and their Users) (Business Purpose);
• Deliver our Customers’ and Users’ communications to their intended destination (Business Purpose);
• Analyze the use of the Services (Business Purpose);
• Improve, enhance and expand our Services (Business Purpose);
• Detect fraudulent or unlawful activity in connection with a Hearsay account (Business Purpose); and/or
• Comply with our legal obligations (Business Purpose).
  ‍

We disclose Services Information under certain circumstances, as further described below.

External Services

The Services allow Users to send or receive communications from User Contacts through social media, email, text messaging and voice communications. If Users send communications through the Services, Hearsay will deliver those communications to third parties in order for the User Contact to share and receive those communications. We call these third party delivery networks “External Services.” Examples of External Services include Facebook, Twitter, LinkedIn and Instagram (for social media). 

Third-party Service Providers or Consultants

We may share Services Information with third-party service providers or consultants who need access to the data to perform their work on Hearsay’s behalf. These third party service providers are limited to only accessing or using this data to provide services to us and must provide reasonable assurances that they will appropriately safeguard any data provided by Hearsay. These include Amazon Web Services for website hosting, Sendgrid for email delivery and Twilio for text messaging.

Regulatory Audits

Hearsay is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).  Telecommunications activity performed by Hearsay is regulated and overseen by the Federal Communications Commission (FCC) and various state public utility commissions. We may disclose Services Information pertaining to a regulatory audit conducted by these entities as well as oversight organizations for the financial services industry, such as FINRA, SEC, or similar state and international regulators.  When responding to a financial services regulatory audit, we will endeavor to first contact the Customer before disclosing any such information unless we are prohibited from doing so. The Customer is solely responsible for contacting any Users or User Contacts as part of the regulatory audit and disclosure of Services Information.

Affiliates

We may share data collected from you from the Services with our affiliates.

Business Transfers

As we continue to grow, we may purchase websites, applications, subsidiaries, or other businesses or business units. Alternatively, we may sell businesses or business units, merge with other entities, obtain financing, and/or sell assets or stock, in some cases, as part of a reorganization or liquidation in bankruptcy. In order to evaluate and/or as part of these transactions, we may transfer your personal information to a successor entity upon a merger, consolidation, or other corporate reorganization in which Hearsay participates, to investors and/or to a purchaser or acquirer of all or a portion of Hearsay’s assets, bankruptcy included.

Aggregated or Anonymized Information

We share anonymized, aggregated, automatically-collected, or otherwise non-personal information with third parties for various purposes, including (i) compliance with reporting obligations; (ii) business or marketing purposes; (iii) assistance for us and other parties in understanding our Customers’ and Users’ interests, habits, and usage patterns for certain programs, content, services, advertisements, and/or functionality available through the Services. We do not share personal information about you in this case.

Legal Obligations and Security

Hearsay may preserve or disclose your personal information in limited circumstances (other than as set forth in this Privacy Policy), including: (i) with your consent; (ii) when we have a good faith belief it is required by law, such as pursuant to a valid subpoena, warrant, or other judicial or administrative order (as further explained below); (iii) to protect the safety of any person; (iv) to protect the safety or security of the Hearsay Website and/or Services or to prevent spam, abuse, or other malicious activity of actors with respect to the Hearsay Website and/or Services; or (v) to protect our rights or property or the rights or property of those who use the Hearsay Website and/or Services.

If we are required to disclose personal information by law, such as pursuant to a subpoena, warrant, or other judicial or administrative order, we will use reasonable efforts to provide you with notice of this disclosure requirement, unless we are prohibited from doing so by statute, subpoena or court or administrative order. Our policy is to respond to requests that are properly issued by law enforcement within the United States or via mutual legal assistance mechanism (such as a treaty), and to object to requests that we do not believe were issued properly. However, if we receive information that provides us with a good faith belief that there is an exigent emergency involving the danger of death or serious physical injury to a person, we may provide information to law enforcement trying to prevent or mitigate the danger (if we have it), which will be determined on a case-by-case basis.

Value Added Partners

Certain Customers may purchase services from third parties that have a partnership relationship with Hearsay and are authorized to access the Services (“Value Added Partners”). In such cases, Hearsay will allow the Value Added Partner(s) to access the relevant Services account if the Customer has given the requisite permission. This access may include being able to read Services Information. 

As ‘data controllers’ of Services Information, Customers are responsible for providing information to individuals in the EEA and/or the U.K., including the purposes of collection, legal bases, and your rights, as well as residents of certain states that provide consumer rights. If we receive a notification from a Customer regarding an individual wishing to exercise his/her exercising, we will assist said Customer with responding to and honoring such requests according to the Customer’s instructions.

CONTACT

privacy@hearsaycorp.com

When you visit the Hearsay Website or use the Services, we and our service providers acting on our behalf automatically collect certain data using tracking technologies like cookies, web beacons, and similar tracking technologies. 

A cookie is a small amount of data, which often includes an anonymous unique identifier that is sent to your browser from a website’s computers and stored on your computer’s hard drive.

These technologies are used to help us better understand User behavior and facilitate and measure the effectiveness of our Hearsay Website and Services. We treat information collected by cookies and other technologies as non-personal information.

We use cookies to record current session information.  We also use third party cookies (e.g. Google Analytics) to provide anonymized and aggregated information on website usage statistics and patterns.

All modern Internet browsers allow you to control your cookie settings. These settings are usually accessed in the ‘Options’ or ‘Preferences’ section of your browser. Please note that certain features of the website will not be available once cookies are disabled.  For further information about cookies and how to manage them, please visit www.allaboutcookies.org.

Hearsay uses web beacons with cookies or separately to compile information about your engagement with us.  Web beacons are clear electronic images that can recognize certain types of information on your computer, such as cookies, when you view a particular website tied to the web beacon, and a description of a website tied to the web beacon.

Here is a basic description and overview of the type of cookies Hearsay may use: