We take the protection of your privacy and personal data very seriously and are committed to protecting your personal, confidential, and otherwise sensitive information. Hippo aspires to conduct business and process your Personal Data in accordance with all applicable data protection legislation, in all markets within which Hippo operates.
This Privacy Policy describes the types of information we may collect from you or that you may provide when you visit our website www.myhippo.life (our “site” or “Website”) and use our products, services, software, applications or solutions and our practices for collecting, using, maintaining, protecting and disclosing that information including the processing of information provided or collected on the site(s) and/or application(s) where this Privacy Policy applies and/or is posted. This Privacy Policy applies to all users of our service. We follow this Privacy Policy in accordance with applicable law in the places where we operate and process personal information. The personal information we collect is covered by this Privacy Policy. Please note that our site(s) and/or application(s) may contain links to other sites not owned or controlled by us, and therefore we are not responsible for the privacy practices of those sites. We encourage you to be aware when you leave our sites or applications and to read the Privacy Policy of other sites that may collect your personal information.
We act as a “Data Controller” of the Personally Identifiable Information (PII) when we collect and process your personal information that you provide to us on our websites. As such, we are responsible for deciding why and how personal data is processed. We act as a “Data Processor” of the Personally Identifiable Information (PII) when we collect and process your personal information while using the Hippo Virtual Care Platform. As such, we are responsible for processing (or performing any actions on data, whether automated or manual, such as collecting, recording, and organizing personal data on behalf of a data controller).
We may also collect certain information automatically when you visit our website or use our services, such as your IP address, browser type, and usage data.
We may receive personal data about you from other sources to supplement data already collected. This may include publicly available data or data provided by third parties. We may combine this data with the data we already have. We will handle this data in accordance with this Privacy Policy and the purposes outlined when the data was collected. We will notify you if there are any material changes to the way we intend to use this data. Please note that we are not responsible for the accuracy of the data provided by third parties or any consequences arising from the use of such data.
By using our services, you agree to the terms and conditions outlined in this Privacy Policy. Your continued use of our services constitutes implicit consent to the collection, processing, and sharing of your personal data as described herein.
We make every effort to ensure that our privacy practices are transparent and understandable. By using our services, you acknowledge that you have read and understand this Privacy Policy.
If you do not agree with any terms outlined in this policy, please refrain from using our services.
We collect information you provide for the following purposes:
We will not share your personal information with third parties, unless explicitly authorized to do so. Please note that when your personal information is shared with an authorized third- party, the information received by that third-party is controlled by that company, and therefore becomes subject to that company’s Privacy Policy.
We may share your personal information with the following categories of recipients:
As a data subject, we will provide you with the following rights:
You have the right to request access to your personal data that we process. This means you can ask us to provide you with information about what personal data we hold about you and how we use it.
You can request the correction or updating of your personal data if it is inaccurate or incomplete. We will make the necessary changes and inform any third parties to whom we have disclosed the data.
You can request the deletion of your personal data under certain circumstances. This right is not absolute and can be exercised if the data is no longer necessary, you withdraw consent, or the data processing is unlawful.
You have the right to request the restriction of the processing of your personal data under specific circumstances. This means we will limit the way we use your data but not delete it entirely. This right might be exercised when you contest the accuracy of the data, the processing is unlawful, or you need the data for legal claims.
You can request a copy of your personal data in a structured, commonly used, machine- readable format, or you can ask us to transmit it directly to another data controller where technically feasible. This right is applicable when processing is based on consent or the performance of a contract.
You have the right to object to the processing of your personal data, including processing based on legitimate interests or for direct marketing purposes. We will stop processing your data for such purposes unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.
You have the right not to be subject to a decision based solely on automated processing, including profiling, which has legal or significant effects on you. You may request human intervention in the decision-making process. We will inform you when such decisions are made, provide you with the opportunity to express your point of view, and ensure there are human interventions available.
If we process your personal data based on your consent, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.
Any requests submitted by data subjects will be assessed for validity before being processed, including confirming the identity of the data subject.
We implement and maintain reasonable and appropriate technical and electronic safeguards to protect the security of your personal information from loss, misuse, unauthorized access, disclosure, alteration, or destruction.
While we implement these security measures to protect your data, it is important to understand that no online platform can guarantee absolute security. Therefore, we encourage you to take necessary, best-practice security precautions such as strong, unique passwords and being cautious with the sharing of login credentials.
In the event of a data breach or security incident, we will take immediate action to isolate and resolve the incident based on our incident response resolution procedures, notify relevant authorities, and inform affected data subjects in compliance with applicable data protection laws.
We may use “cookies” (or similar tracking technology) on our website for automatic data collection. Cookies (or browser cookies} are small text files that our web server may place on the hard drive of your computer to store your preferences. When you visit our website, you will be presented with a cookie banner requesting your consent to use non-essential cookies. You have the right to accept or decline the use of such cookies. Your consent can be managed and changed at any time through your device or browser settings. However, if you select the setting to refuse cookies, you may be unable to access certain parts of our Website.
Cookies, by themselves, do not provide us with any PII unless you explicitly choose and consent to provide this information to us. Once you choose and consent to provide PII, however, this information may be linked to the data stored in the cookie. If you choose to turn off collection of cookies through your device or browser, certain features of our service may not function properly without the aid of cookies.
Certain features of our Website may use local stored objects (or Flash Cookies) to collect and store information about your preferences and navigation to, from and on our Website. Flash cookies are not managed by the same browser settings as are used for browser cookies.
Certain pages of our Website and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel tags) that permit the Company, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording popularity of certain website content and verifying system and server integrity).
Our website may also incorporate third-party cookies and tracking technologies from time to time. These technologies are subject to the privacy policies and practices of the respective third parties. We encourage you to review the privacy policies of these third parties for information on how they collect and use your personal data.
Our Website is not intended for use by children under sixteen (16) years of age. No one under the age of 16 may provide any personal information on the Website. We do not knowingly collect any information from children under the age of 16. If you are under the age of 16, do not use or provide any information on this website, or provide any information about yourself to us, including your name, address, telephone number, email address, or any screenname
or username you may use. In situations where personal data from anyone under the age of 16 may be needed for data processing activities, we first will obtain authorization from an appropriate parent or guardian. If such authorization is unable to be obtained, data processing activities for that data subject will be terminated. If we discover that a minor under the age of 16 has provided PII to us, we will make efforts to delete the information promptly and as soon as possible. If you have concerns about our website or services offerings, wish to find out if your child under the age of 16 has accessed our services, or wish to remove your child’s personal data from our servers, please contact us at DPO@myhippo.life.
If you are a citizen of the European Union, you may have additional rights under the GDPR or other privacy laws regarding the use of your personal information. These rights are referenced in section 6 of this Privacy Policy and apply if the processing of personal data about you is subject to the European Union (EU) data protection law (“GDPR”), in which case you have certain rights with respect to that data. Please refer to section “6. Data Subject Rights” above for a listing of these rights.
Additionally, our processing of your personal data is based on specific legal bases as defined in EU data protection law. Please refer to section “5. Data Sharing” above for a listing of these legal bases.
Our service is hosted in the United States and all personal information collected with the service is stored in the United States. If you are visiting our site, using our service, or otherwise providing information to us outside the United States/Europe/Australia, please be aware that you are transferring personal data to the United States.
We periodically review this Privacy Policy and may make updates to reflect changes in our practices, for legal reasons, or to meet new compliance and regulatory requirements. Your continued use of our services following any notice of changes to this Privacy Policy means you accept such changes. Please refer to the “Effective Date” above for details on when this Policy was last updated.
If you have any questions, concerns, or requests regarding your personal data or this Privacy Policy, or for specific requests relating to your rights as a data subject including the rights noted in section “6. Data Subject Rights” noted above, please contact our Data Protection Officer (DPO) directly at DPO@myhippo.life.
v1.1 | 12/1/23