Legal Notice
Privacy Policy
Open Hippo prioritizes the protection of your privacy and the security of your personal data.
This Privacy Policy is designed to help you understand how we collect and process your personal data when you use our website or contact us. We believe that you have the right to control your personal data. As such, we have outlined the various rights you have regarding your personal data, including your right to object to certain uses, and your right to access, update, or delete your data.
1. Definitions
“Open Hippo” or “We”: refers to Open Hippo GmbH, a German entity registered at the Register Court of Augsburg under Register Number HRB 39923, with its corporate seat at Garmischer Allee 15, 86438 Kissing, Germany.
“User”, “Customer” or “You”: refers to any person who subscribes to, accesses, or uses Our Services.
“Privacy Policy”: refers to this document describing the Processing activities carried out by Open Hippo as Data Controller. This Privacy Policy covers the Processing activities relating to Your use of Our Services.
“Processing”: refers to any operation relating to Your Personal Data (for instance: collection, use, access, transfer, deletion, etc.).
“Personal Data” or “User Data”: refers to any data that directly or indirectly relates to You.
“Data Controller”: refers to the person who makes decisions about Your Personal Data. For instance, the Data Controller decides which Personal Data to collect, where to store such data, for how long, etc.
2. Who is responsible for data protection?
Open Hippo is responsible for handling your personal data. In accordance with Article 37 of the German Federal Data Protection Act, Open Hippo is not obliged to designate a Data Protection Officer. Due to Open Hippo’s location, the competent data protection supervisory authority is the Bavarian State Office for Data Protection Supervision. For current contact information, please refer to their website: https://www.lda.bayern.de.
3. What Personal Data do we collect and why?
Following the principle of data minimization, we aim to reduce the collected data to a minimum. However, personal data is collected when you use the website and our services and when you contact Open Hippo.
3.1 What personal data is collected when visiting the website?
When you visit our website and our services, your IP address, browser information, timestamp, and comparable information are saved as part of the server logs. We process server logs on the basis of our legitimate interest to ensure the security and proper functioning of our website and services. This data is not processed for any other purposes.
3.2 What personal data is collected when using Hippo Token?
In addition to the data collected as described in section 3.1, when you use our Hippo API service, called Hippo Token, we collect and store usage data including consumed tokens and credits, subscription data, as well as your contact information. Payment data is stored by our third-party payment processor (as described in section 4.3). We process this data on the basis of our legitimate interest to provide our services, ensure accurate billing, and monitor service usage. This data is retained only as long as necessary for these purposes and in accordance with applicable legal requirements.
3.3 Do you track my usage of the website and services?
We use self-hosted analytics tools to track your usage of our website and services. This includes monitoring which pages are accessed, how long you spend on each page, and which elements you interact with. We collect this data solely to improve our website functionality and enhance our services. The analytics data we collect includes page views, session duration, click patterns, and general usage statistics. This tracking is conducted entirely through our own infrastructure, meaning your data remains within our systems and is not forwarded to any third parties. We process this data on the basis of our legitimate interest to improve our services and user experience. The data is stored securely on our servers and is retained only as long as necessary for analysis purposes, typically no longer than 12 months.
3.2 What happens to my data when I contact you in writing?
When you contact us in writing by mail or email we process your personal data on the basis of our legitimate interest to respond to your inquiries. The data you provide when contacting us remains with us until you request deletion, revoke your consent for storage, or the purpose for data storage no longer applies, for example after your request has been processed. Mandatory statutory provisions – especially retention periods – remain unaffected.
4. Who do we forward your Personal Data to?
4.1 GitHub Pages
We host this website using GitHub Pages, a static site hosting service provided by GitHub, Inc., 88 Colin P Kelly Jr St, San Francisco, CA 94107, United States of America. The personal data collected using the website is processed through GitHub’s infrastructure. GitHub Pages hosts static websites and does not process dynamic content or store user-submitted data beyond standard web server logs. To ensure data protection-compliant processing, GitHub has implemented appropriate safeguards including Standard Contractual Clauses for international data transfers. For more information about GitHub’s data protection practices, please visit their privacy statement at https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement.
4.2 Google
We have a legitimate interest in maintaining professional email communication with you as our customer and in conducting video conferences efficiently. To achieve this, we use Google Workspace, a product provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Workspace includes services such as Gmail for business email, Google Meet for video conferencing, and other collaboration tools. When you communicate with us via email or participate in a video conference, your personal data (such as your email address, name, and potentially your image and voice during video calls) may be processed through these services.
Google has committed to processing your personal data solely in accordance with our instructions as the customer, as outlined in the GDPR-compliant data processing agreements. For more information on Google’s GDPR compliance, please visit: https://cloud.google.com/privacy/gdpr
Please note that Google is a US-based company, and data may be transferred to and processed in countries outside the EU. To ensure data protection-compliant processing, we have concluded a comprehensive data processing agreement with Google. This agreement governs how Google may process data on our behalf and includes strict data protection and security measures. You can review this agreement at: https://cloud.google.com/terms/data-processing-addendum/
4.3 Stripe
To ensure efficient and secure payment processing, we use a service provided by Stripe Payments Europe, Limited (SPEL), located at 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland. The payment page and the manage subsciption page is not part of our website and is hosted by Stripe. It is accessible via an external link. By choosing to subscribe to our services and providing your payment details, you consent to the terms and conditions set forth by Stripe. When you provide your payment details, such as your credit card number, expiration date, and billing address, this information is securely transmitted to Stripe for processing. It’s important to note that by using Stripe’s services, you are subject to their privacy policy and terms of service, which we recommend reviewing before proceeding with a transaction. For further information on Stripe’s data protection practices, please visit Stripe’s privacy policy page.
Stripe is a U.S.-based company, and we ensure that only necessary transactional information, such as the details of the services used (e.g., Hippo Token credits) and the timestamp of the transaction, is shared with Stripe. No additional information related to the processing or usage of our services is disclosed. If you have any concerns or prefer alternative arrangements, please contact us directly at privacy@openhippo.ai.
4.4 Supabase
We use Supabase, a backend-as-a-service platform provided by Supabase Inc., to power our API services including user authentication, profile management, and API key storage. Supabase provides the infrastructure for our database, authentication system, and API services that enable core functionality of our API services.
When you create an account, log in, or use our services, your personal data such as email address, profile information, authentication tokens, and API keys are processed and stored through Supabase’s infrastructure. We have configured our Supabase instance to use European servers exclusively, ensuring that your data remains within the EU jurisdiction and is subject to European data protection standards.
We process this data on the basis of our legitimate interest to provide secure and reliable services, as well as to fulfill our contractual obligations when you use our API services. Supabase acts as a data processor on our behalf and processes your personal data solely in accordance with our instructions and the terms of our data processing agreement.
Supabase has implemented appropriate technical and organizational measures to ensure the security of your personal data, including encryption at rest and in transit, regular security audits, and compliance with industry standards. For more information about Supabase’s data protection practices and security measures, please visit their privacy policy at https://supabase.com/privacy.
5. What external services do we use?
5.1 Calendly
For convenience we offer you the option to book a meeting with us. The booking page is provided by Calendly LLC, 271 17th St. NW, Ste 1000, Atlanta, Georgia, United States of America. The booking page is not part of our website and is only accessible via an external link. The use of this service is entirely voluntary. Thus the consent for usage is managed directly by Calendly. When you give your consent, personal data related to the meeting, such as your name and preferred meeting time, is shared with Calendly.
It’s important to note that by using Calendly’s service, you are subject to their privacy policy and terms of service. We recommend reviewing these before proceeding with a booking. For further information on Calendly’s data protection practices, please visit https://calendly.com/legal.
In this process, personal data will be transferred to the United States of America. We have implemented appropriate safeguards, including Standard Contractual Clauses, to ensure the protection of your data when it is transferred outside the EU/EEA. The data processing addendum is part of Calendly’s terms of use. However, please be aware that data protection laws in the United States of America may differ from those in the EU. If you prefer not to use Calendly, please contact us directly at privacy@openhippo.ai to arrange a meeting.
5.2 LinkedIn
Open Hippo maintains a social media presence on LinkedIn, operated by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.
We prioritize your privacy and do not use any analytics tools or cookies on our own website. Similarly, we do not actively collect or process any data from our LinkedIn page. There is no direct data transfer between Open Hippo and LinkedIn regarding user data. However, it’s important to understand that by interacting with our LinkedIn page, you are using LinkedIn’s platform and are therefore subject to LinkedIn’s data processing practices. LinkedIn may collect and process personal data about you when you visit our LinkedIn page or interact with our content, even if you don’t have a LinkedIn account.
If you choose to interact with us on LinkedIn (e.g., by commenting, liking, or sending us a message), we will only see the information that LinkedIn makes visible to page administrators, which is typically limited to publicly available profile information and the content of your interaction. Before engaging with our LinkedIn presence, we strongly recommend that you review LinkedIn’s Privacy Policy at https://www.linkedin.com/legal/privacy-policy to understand how they collect, use, and share your data.
Please note that LinkedIn is a US-based company, and data may be transferred to and processed in countries outside the EU. LinkedIn states that it uses Standard Contractual Clauses and additional safeguards for these transfers. Remember, your use of LinkedIn is subject to your own agreement with LinkedIn. Open Hippo is not responsible for LinkedIn’s data processing practices and does not have control over data collected or processed by LinkedIn.
5.3 Ticket Tailor
We use the Ticket Tailor platform to streamline ticket purchases and event registration for our trainings. Ticket Tailor, operated by Zimma Ltd., 203-213 Mare Street, London, E8 3LY, processes your personal data in compliance with the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).
Before you use the platform, we recommend that you familiarize yourself with how your data is processed. For example, Google Analytics is also used to collect anonymized data about website usage. For information on Ticket Tailor’s about how your personal data is processed, we refer to their Privacy Policy at https://www.tickettailor.com/legal/privacy-policy.
We collect, process, store and use personal data when you book a ticket and buy any of our associated products and services to an event including your name, address and email address together with payment information. We may also collect personal data that you give to us about other people if you register them to attend an event. You agree that you have notified any other person whose personal data that you provide to us of this privacy notice and, where necessary, obtained their consent so that we can lawfully process their personal data in accordance with this policy. When you visit the platform, information is collected. This information could include your computer or other device’s unique ID number, technical information about your device such as type of device, web browser or operating system, your preferences and settings such as time zone and language and statistical data about your browsing actions and patterns. Ticket Tailor collects this information using cookies. They use the information on an anonymous basis to improve their event ticket shop, the events and the products and services they provide, and for analytical and research purposes.
We will use your personal data in order to comply with our contractual obligation to supply to you your tickets to an event and any associated products and services, including to contact you with any information relating to the event or your purchases, to deliver the event and your purchases to you in accordance with any requests you make and that we agree to, and to deal with any questions, comments or complaints you have in relation to the event or your purchases. We may also use your personal data for our legitimate interests, including dealing with any customer services you require.
Your personal data may be shared with any service providers, sub-contractors and agents that we may appoint to perform functions on our behalf and in accordance with our instructions, including payment providers, event ticketing providers, email communication providers, IT service providers, accountants, auditors and lawyers.
According to Ticket Tailor, their servers and databases are located in the EU, specifically in Ireland. However, they state that they use a small number of third parties, some of which are outside the EU, to provide their ticketing service. These third parties are bound by contracts that oblige them to comply with GDPR. You can find more information at https://www.tickettailor.com/legal/gdpr-third-parties.
If you attend a training session but do not want to use Ticket Tailor, please feel free to contact us.
6. What rights do you have as a user?
Under data protection law, you as a user have the following rights regarding your personal data:
- the right to information
- the right to rectification and deletion
- the right to restrict processing
- the right to object to processing
- the right to data portability
You have the right to withdraw your consent at any time, where we rely on consent as a legal basis for processing. This withdrawal will not affect the lawfulness of processing based on consent before its withdrawal. In addition, in accordance with data protection law, you also have the right to data disclosure and data destruction. If you wish to exercise your rights, you can inform us informally by email at privacy@openhippo.ai, or by mail to our postal address:
Open Hippo GmbH, Garmischer Allee 15, 86438 Kissing, Germany
You also have the right to lodge a complaint with a data protection supervisory authority about our processing of your personal data.