Open Hippo prioritizes the protection of your privacy and the security of your personal data.
This Privacy Policy is designed to help you understand how we collect and process your personal data when you use our website or contact us.
We believe that you have the right to control your personal data. As such, we have outlined the various rights you have regarding your personal data, including your right to object to certain uses, and your right to access, update, or delete your data.
1. Definitions
"Open Hippo" or "We": refers to Open Hippo GmbH, a German entity registered at the Register Court of Augsburg under Register Number HRB 39923, with its corporate seat at Garmischer Allee 15, 86438 Kissing, Germany.
"User", "Customer" or "You": refers to any person who subscribes to, accesses, or uses Our Services.
"Privacy Policy": refers to this document describing the Processing activities carried out by Open Hippo as Data Controller. This Privacy Policy covers the Processing activities relating to Your use of Our Services.
"Processing": refers to any operation relating to Your Personal Data (for instance: collection, use, access, transfer, deletion, etc.).
"Personal Data" or "User Data": refers to any data that directly or indirectly relates to You.
"Data Controller": refers to the person who makes decisions about Your Personal Data. For instance, the Data Controller decides which Personal Data to collect, where to store such data, for how long, etc.
2. Who is responsible for data protection?
Open Hippo is responsible for handling your personal data. In accordance with Article 37 of the German Federal Data Protection Act, Open Hippo is not obliged to designate a Data Protection Officer.Due to Open Hippo's location, the competent data protection supervisory authority is the Bavarian State Office for Data Protection Supervision. For current contact information, please refer to their website: https://www.lda.bayern.de.
3. What Personal Data do we collect and why?
Following the principle of data minimization, we aim to reduce the collected data to a minimum. However, personal data is collected when you use the website and when you contact Open Hippo.
3.1 What personal data is collected when visiting the website?
When you visit our website, your IP address, browser information, timestamp, and comparable information are saved as part of the server logs. We process server logs on the basis of our legitimate interest to ensure the security and proper functioning of our website. This data is not processed for any other purposes.
3.2 What happens to my data when I contact you in writing?
When you contact us in writing by mail or email we process your personal data on the basis of our legitimate interest to respond to your inquiries. The data you provide when contacting us remains with us until you request deletion, revoke your consent for storage, or the purpose for data storage no longer applies, for example after your request has been processed. Mandatory statutory provisions – especially retention periods – remain unaffected.
4. Who do we forward your Personal Data to?
4.1 Digital Ocean
We host this website with our cloud provider DigitalOcean, LLC, 101 Avenue of the Americas, FL 10, New York, NY, 10013-1905, United States of America.The personal data collected using the website is stored on the servers of Digital Ocean. The server is located in Germany. Digital Ocean assures that the data remains in the selected region and will inform us if this changes. To ensure data protection-compliant processing, we have concluded a data processing agreement with Digital Ocean. The agreement can be accessed at https://www.digitalocean.com/legal/data-processing-agreement.
4.2 Google
We have a legitimate interest in maintaining professional email communication with you as our customer and in conducting video conferences efficiently. To achieve this, we use Google Workspace, a product provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Workspace includes services such as Gmail for business email, Google Meet for video conferencing, and other collaboration tools. When you communicate with us via email or participate in a video conference, your personal data (such as your email address, name, and potentially your image and voice during video calls) may be processed through these services.
Google has committed to processing your personal data solely in accordance with our instructions as the customer, as outlined in the GDPR-compliant data processing agreements. For more information on Google's GDPR compliance, please visit: https://cloud.google.com/privacy/gdpr
Please note that Google is a US-based company, and data may be transferred to and processed in countries outside the EU. To ensure data protection-compliant processing, we have concluded a comprehensive data processing agreement with Google. This agreement governs how Google may process data on our behalf and includes strict data protection and security measures. You can review this agreement at: https://cloud.google.com/terms/data-processing-addendum/
5. What external services do we use?
5.1. Calendly
For convenience we offer you the option to book an meeting with us. The booking page is provided by Calendly LLC, 271 17th St. NW, Ste 1000, Atlanta, Georgia, United States of America. The booking page is not part of our website and is only accessible via an external link. The use of this service is entirely voluntary. Thus the consent for usage is managed directly by Calendly. When you give your consent, personal data related to the meeting, such as your name and preferred meeting time, is shared with Calendly.
It's important to note that by using Calendly's service, you are subject to their privacy policy and terms of service. We recommend reviewing these before proceeding with a booking. For further information on Calendly's data protection practices, please visit https://calendly.com/legal.
In this process, personal data will be transferred to the United States of America. We have implemented appropriate safeguards, including Standard Contractual Clauses, to ensure the protection of your data when it is transferred outside the EU/EEA. The data processing addendum is part of Calendlys terms of use. However, please be aware that data protection laws in the United States of America may differ from those in the EU. If you prefer not to use Calendly, please contact us directly at [email protected] to arrange a meeting.
5.2 LinkedIn
Open Hippo maintains a social media presence on LinkedIn, operated by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.
We prioritize your privacy and do not use any analytics tools or cookies on our own website. Similarly, we do not actively collect or process any data from our LinkedIn page. There is no direct data transfer between Open Hippo and LinkedIn regarding user data.However, it's important to understand that by interacting with our LinkedIn page, you are using LinkedIn's platform and are therefore subject to LinkedIn's data processing practices. LinkedIn may collect and process personal data about you when you visit our LinkedIn page or interact with our content, even if you don't have a LinkedIn account.
If you choose to interact with us on LinkedIn (e.g., by commenting, liking, or sending us a message), we will only see the information that LinkedIn makes visible to page administrators, which is typically limited to publicly available profile information and the content of your interaction. Before engaging with our LinkedIn presence, we strongly recommend that you review LinkedIn's Privacy Policy at https://www.linkedin.com/legal/privacy-policy to understand how they collect, use, and share your data.
Please note that LinkedIn is a US-based company, and data may be transferred to and processed in countries outside the EU. LinkedIn states that it uses Standard Contractual Clauses and additional safeguards for these transfers. Remember, your use of LinkedIn is subject to your own agreement with LinkedIn. Open Hippo is not responsible for LinkedIn's data processing practices and does not have control over data collected or processed by LinkedIn.
6. What rights do you have as a user?
Under data protection law, you as a user have the following rights regarding your personal data:- the right to information
- the right to rectification and deletion
- the right to restrict processing
- the right to object to processing
- the right to data portability
You have the right to withdraw your consent at any time, where we rely on consent as a legal basis for processing. This withdrawal will not affect the lawfulness of processing based on consent before its withdrawal.In addition, in accordance with data protection law, you also have the right to data disclosure and data destruction.If you wish to exercise your rights, you can inform us informally by email at [email protected], or by mail to our postal address:
Open Hippo GmbH
Garmischer Allee 15
86438 Kissing
Germany