Privacy Policy - Jan 2024
LAST MODIFIED January 7, 2024; Last Reviewed: January 4, 2024 | Previous Versions
HYPR Corp.(“HYPR,” “we,” “us,” or “our”) provides identity, access management, and user authentication tools to institutional organizations for internal and external facing applications. This Privacy Policy (“Policy”) explains who we are and describes how we collect, share, and use personal data about visitors to our website at www.hypr.com (together with its subdomains, such as our blog, the “Site”) and users of our mobile, desktop, and web applications (each an “App” and, collectively, the “Apps”), which are available from the Site and third party sellers like the Google Play and Apple App Stores (any such seller, an “App Store”). The Apps and the Site together are the “Services.” Capitalized words used but not defined in this Policy have the meanings provided in our Terms of Service (the “Terms”).
At HYPR, we believe that the less information we have about you, the better. We understand that when you use our Services, you are placing your trust in us to appropriately oversee your personal data. It is this trust that serves as the basis for our commitment to take a straightforward and transparent approach to data protection, and part of this approach is ensuring that you are informed about how we may collect and process your personal data. To ensure you are fully informed of our practices, we recommend that you read the entire Policy.
OUR ROLE
a. Controller (Business/Operator), Processor (Service Provider).
Certain provisions of the Policy apply only to residents of, or people subject to the laws of, jurisdictions with specific statutes governing individuals’ rights over their Personal Data, such as U.S. state laws (including the California Consumer Privacy Act as amended by the California Privacy Rights Act (“CCPA”), the Virginia Consumer Data Protection Act (“VDPA"), and developing legislation in Colorado, Connecticut, and Utah (among others)), the European Union’s General Data Protection Legislation including as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018 (“GDPR”), and Japan’s Act on the Protection of Personal Information (“APPI,” together with CCPA, GDPR and other applicable data protection and privacy legislation, the “Data Protection Law”). These provisions are clearly labeled. Otherwise, the Policy applies to all users of our Services.
Under Data Protection Law, HYPR is the controller of your Personal Data, as described in this Privacy Policy, unless otherwise stated. However, this Privacy Policy does not apply to the extent that we process Personal Data in the role of a processor (or a comparable role such as “service provider” in certain jurisdictions) on behalf of our customers, including where we offer to our customers the Services, through which our customers (and/or their affiliates) connect their own websites and applications to our Services or otherwise collect, use, share, or process Personal Data via our Services. Each of our customers, not HYPR, controls whether they provide you with access and use to our Services, and if they provide you with such access and use, they control what information about you that they submit to our Services. Please reach out to the respective customer directly for privacy information where a HYPR customer uses our Services to collect your Personal Data as HYPR is not responsible for the privacy or data security practices of our customers. If not stated otherwise either in this Privacy Policy or in a separate disclosure, we process such Personal Data in the role of a processor or service provider on behalf of a customer (and/or its affiliates), who is the responsible controller or “business” of the applicable Personal Data. If your Personal Data has been submitted to us by or on behalf of one of our customers and you wish to exercise any rights you may have under applicable data protection laws, please direct your inquiry to the applicable customer directly as we may only access a customer’s data upon instruction from that customer.
b. Personal Data. As used in this Policy, “Personal Data” means information which, either alone or when combined with other information we hold, identifies an individual, such as name, mailing address, email address, IP address, and telephone number. By contrast, “Anonymous Data” means data that, alone or combined with other information available to us or a third party with whom the data is shared, does not permit identification of an individual. We collect and use both Personal Data and Anonymous Data as described below.
c. Why We Need Personal Data? We need certain Personal Data to provide the Services. You will be asked to provide this information — and must agree to this Policy and the Terms —to download and use the Apps. You are not required to provide the Personal Data that we request, but we may not be able to provide you with the Services or respond to your inquiries if you don’t.
INFORMATION WE MAY COLLECT ABOUT YOU
Over the course of the last twelve (12) months, we collect information in the following ways:
a. Information You Provide.
- Contact and Registration Data. We collect contact and professional data about you through communications and through our Services. For example, you provide your contact information to us when you sign up to learn more about our Services, download content, register for an event, and visit our offices. Typically, contact data includes your name and contact methods, such as telephone number, email address, and mailing address, and registration data includes the business name and mailing address, administrator contact information, and may include an end user’s business email address or other information (e.g.,biometrical data) provided to authenticate an end user’s access to an App.
- Contract and Payment Data. We may receive contract details (like signatures) from you or your organization and use third-party payment processing services to collect payment and billing information, which may contain Personal Data such as billing name, billing address and payment card details, in connection with our Services.
- Biographical and Support-related Data.We may also collect biographical and support-related Personal Data from you via our help center and other customer support portals. For example, when you participate in interactive features, trainings, online surveys, contests, promotions, sweepstakes, activities, or events, we may ask you to provide a biographical information, such as your name, occupation, organization name, and areas of expertise. You may also be asked to provide contact information, a summary of the problem you are experiencing, and any other information that would be helpful in resolving a customer support request.
- Feedback. If you provide us with Feedback, including reviews posted on App Stores, or suggestions made via direct research or outreach, we may use Personal Data provided in connection with the Feedback in order to respond to you. We may use Feedback without limitation as described in the Terms.
- Job Applicant Data. You provide your contact and professional information, including your resume with educational and work background, when you apply for a job with us. You may also provide us with sensitive information, like your Social Security Number or other government identifier, racial or ethnic origin, or other such Personal Data in connection with your job application.
- Audio, Electronic, or Visual Data. If you attend a HYPR event, we may record that event, take photos at the event, and interview you at the event. We use this information for business and marketing purposes to better inform the public about HYPR and provide testimonials about our Services.
- Biometric Data. In connection with the Affirm services provided by HYPR, we may collect, capture, receive, or otherwise acquire one or more of the following biometric identifiers about you (collectively, "Your Biometric Data"): Face geometry, Voice print and Video and audio footage to verify customer biometric data. See https://www.hypr.com/trust-center/bdc-consent for additional details.
- Other Data. We may also collect other types of information in the manner disclosed by us when the information is collected.
b. Data Collected by Technology.
- Device and Browser Data. We automatically log the following information about your computer or mobile device when you access the Services: operating system name and version, device identifier, browser type, browser language, geolocation, and IP address, which is collected using cookies, as explained in the Cookie Policy . This data is used to secure your account, ensure the Services are presented in the correct language and optimized for your device, facilitate customer support, and for tax and compliance purposes.
- Usage Data. Like many services, we use logs to collect data about the use of the Services (for example, use of features and interactions with the Apps and the Site) in order to provide and improve the Services (“Usage Data”). Usage Data is kept logically separated from Personal Data. Certain HYPR personnel can access Usage Data to analyze the use of the Services and provide user and technical support. Usage Data is also used to automatically send context-appropriate messaging within the Services ( e.g., account set-up notices), and to generate Aggregated Data.
- Aggregated Data. We derive information about the use of our Services by aggregating Usage Data ( e.g., most popular features). This “Aggregated Data” is Anonymous Data, is owned by us, and is primarily used to help analyze and improve the Services.
- Cookies. As described in our Cookie Policy , we use cookies and similar technologies to recognize you and/or your device(s) and provide a more personal and seamless experience when interacting with the Services. For general information about what cookies are and how they work, please visit here .
- Social Media Platforms. Our Site may use social media features, such as the Facebook “like” button, the Instagram “heart” button, Twitter sharing features, and other sharing widgets (“Social Media Features”). You may be given the option by such Social Media Features to post information about your activities on our Site to a profile page of yours that is provided by a third-party social media network in order to share content with others within your network. Social Media Features are either hosted by the respective social media network or hosted directly on our Site. To the extent the Social Media Features are hosted by the respective social media networks and you click through to these from our Site, the latter may receive information showing that you have visited our website. If you are logged in to your social media account, it is possible that the respective social media network can link your visit to our Site with your social media profile. Your interactions with Social Media Features are governed by the privacy policies of the respective companies that provide the relevant Social Media Features.
c. Data obtained from Third Parties.We receive information about users from our service providers (such as when validating an account with a payment processor) or from your employer, from publicly available sources like social media accounts, and from data providers such as marketing partners and researchers, where they are legally allowed to share your Information with us.
HOW DOES HYPR USE YOUR PERSONAL DATA?
We use Personal Data to provide and promote the Services and respond to your requests, including to:
- Establish, maintain, and secure your account.
- Identify you as a user and provide the Services you request.
- Perform fraud detection and authentication.
- Verify your identity for companies which have implemented the Affirm Services.
- Measure traffic and usage activity to improve the Services and your interactions with them.
- Send you administrative notifications via email or within the Services, such as payment reminders or support and maintenance advisories. You will receive these notices even if you choose not to receive marketing communications.
- Provide you with the correct interfaces and options when you are accessing the Services.
- Provide personalized information across the Services by identifying whether you have used specific features within the Services, visited pages on our Site, or seen one of our advertisements.
- Respond to customer support inquiries and other requests.
- Promote the Services or send you other HYPR marketing information (if you opt-in to receive marketing communications when creating an account or afterwards).
- Manage advertising efforts on third-party sites and platforms as further described below.
We do not use your Personal Data for automated decision-making.
If your Personal Data is processed subject to the GDPR, our legal basis for processing your Personal Data will be the following:
a. Consent. For example where we have obtained your consent to process your information for certain activities (such as the use of cookies for online tracking and analysis). You are free to withdraw your consent at any time by contacting legal@hypr.com. If you withdraw your consent, it will not affect the lawfulness of any processing based on your consent before you withdrew it. Where applicable, we may ask for your consent to processing at the point where you provide your information (e.g.,cookie banner).
b. Contractual Compliance.To comply with a contractual obligation (for example, establishing and securing your account and using your contact information to facilitate payment for the Services). We will advise you upon collection whether the provision of your information is mandatory and of the possible consequences if you do not provide us with your information.
c. Legal Compliance.For compliance with our legal obligations where other laws require the processing of your information (for example, fraud detection and authentication, health and safety, taxation and anti-money laundering laws) or where we need your information to protect your vital interests or those of another person.
d. Legitimate Interests.Our (and our service providers) legitimate interests which include the provision of the Services, and/or the carrying out of marketing and profiling activities, provided always that our legitimate interests are not outweighed by any prejudice or harm your rights and freedoms.
HOW DOES HYPR SHARE PERSONAL DATA?
HYPR does not sell your Personal Data (as “sell” is normally defined – see the YOUR PRIVACY RIGHTS section for information about “sales” as defined in California) or use it except as stated in this Policy. We share your Personal Data in the following circumstances:
- Third Parties You Designate. We may share Personal Data with third parties where you have instructed us to do so ( e.g., by using the Services’ “sharing” or “emergency contact” features). While this data is transferred through our servers, we do not have access to it, as noted elsewhere in this Policy.
- Service Providers. We provide Personal Data to service providers solely as required to provide the Services, including to create accounts, provide technical support, process payments, or enable communication between you and HYPR. We review the security and data privacy practices of these service providers to ensure that they comply with applicable laws and this Policy.
- Users of the Affirm Services. We may provide your Biometric Data to employers and other organization which have subscribed to our Affirm Services for verification of your identity. See HYPR Affirm BIOMETRIC DATA POLICY AND CONSENT TO COLLECT USE AND DISCLOSE BIOMETRIC DATA for additional details.
- Marketing. We provide hashed or deidentified IP addresses and device IDs to service providers to optimize our advertising efforts.
- Administrators. Administrators of the Services within your organization can see the email addresses used to access the plan and certain Usage Data.
- Corporate Restructuring. If HYPR or its business or assets are acquired by, or merged into, another company, that company will possess any Personal Data we hold at such time, and will assume our rights and obligations under this Policy. Accordingly, we may share Personal Data in connection with any such transaction (including in advance of such transaction as part of due diligence). Personal Data and other information may also be transferred as a business asset in the event of HYPR’s insolvency, bankruptcy, or receivership or if HYPR undergoes a restructuring or business reorganization.
- Other Disclosures. We will inform you of any other disclosures or your Personal Data, and obtain your consent, prior to such disclosure. However, regardless of your choices regarding Personal Data, HYPR may disclose your Personal Data (a) where required to comply with law enforcement directives, applicable laws or governmental orders; or (b) if we believe in good faith that doing so is necessary to protect our rights, those of other users, or the Services.
CHILDREN’S PRIVACY
Our Services are not directed to, and we do not intend to or knowingly collect Personal Data online from, children under the age of majority in the countries where the Services are accessed and used. If you are under the age of majority in your country, do not provide us with any Personal Data either directly, on any website forums, or by other means.
If you learn that a child has accessed or used the Services without parental permission, please contact us as set forth in the Contact Us section below.
DATA SECURITY AND RETENTION.
a. Data Security.We use robust physical, organizational, technical, and administrative measures to safeguard all data we hold or process, and we regularly re-assess and revise our policies and practices to improve security. While we go to great lengths to protect your data, no method of data transmission or storage is totally secure; therefore, we cannot guarantee the security of data in our control. If you believe your data may have been compromised by us or the use of the Services, please contact us immediately. As to our Apps, please review our Security FAQ .
b. Data Retention. We will retain your Personal Data for a period of time that is consistent with the original purpose of the data collection, or as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. We determine the appropriate retention period for Personal Data by considering the amount, nature and sensitivity of your Personal Data processed, the potential risk of harm from unauthorized use or disclosure of your Personal Data and whether we can achieve the purposes of the processing through other means, and on the basis of applicable legal requirements (such as applicable statutes of limitation). Please review our Data Retention Policy for more information.
YOUR INFORMATION CHOICES
a. Direct Email Marketing . If you wish to withdraw from direct email marketing communications from us, you may click the “unsubscribe” button included in our emails. Please note, you cannot unsubscribe from critical transactional emails that are related to our provision of our Services (such as those related to security).
b. Analytics.To opt-out of analytics on our Site, you may adjust your cookie preferences as described below. For more information on how to opt-out of tracking technology from Google Analytics, click here. To opt-out of HubSpot’s tracking technology, click here.
c. Applications. You can stop all collection of information by an App by uninstalling that App. You may use the standard uninstall process available as part of your desktop or mobile device or via the mobile application marketplace or network. Uninstalling an App does not delete your Account. To do that, please contact us at support@hypr.com.
d. Cookie Preferences.Please see our Cookie Policy for more information and to adjust your preferences in relation to non-essential cookies. Cookies can also be blocked using your web browser settings but please understand that blocking or deleting non-essential cookies may affect our Services’ functionality. Global Privacy Controls (GPC) or Do Not Track (DNT) is a concept that has been promoted by regulatory agencies such as the U.S. Federal Trade Commission (FTC) and the California Attorney General, for the Internet industry to develop and implement a mechanism for allowing Internet users to control the tracking of their online activities across websites and/or to request opt-out of the sale of personal information by using browser settings and/or browser extensions. We will honor such signal requests and settings (provided the same are correctly configured and activated by the user). If you came to our Site from personalized advertising, then you may further opt out of interest-based advertising from our advertising vendors through the Digital Advertising Alliance here (for US users) and here (for EEA users).Note that any choice with regards to cookie-based advertising only applies to the web browser through which you exercise that choice. You will still continue to see advertising, including potentially from us, even if you opt-out of personalized advertising.
e. Device Settings.Most devices provide users with the ability to change device permissions (e.g.,disable/access location services, contacts). For most devices, these controls are located in the device's settings menu. If you have questions about how to change your device permissions, we recommend you contact your mobile service carrier or your device manufacturer as different devices may have different permission settings. Please note that certain functionality of the Services may be impaired or limited depending on your device settings.
YOUR PRIVACY RIGHTS
a. Generally.You may withdraw your consent to our processing of your Personal Data, in whole or in part ( i.e., for marketing purposes). Certain Services may be ineffective upon opt out.
b. European Economic Area (“EEA”).It you are located in the EEA or the United Kingdom, the following provisions apply:
- Processing Purposes. Our legal basis for collecting, using, and processing your Personal Data is contained in the HOW DOES HYPR USE YOUR PERSONAL DATA section above.
- Your Rights. Where the collection or processing of your information is subject to the GDPR, you have the following data subject rights. Please note that these rights are not absolute and in certain cases are subject to conditions as specified in applicable law:
- Access. You have the right to request information about how we process your Personal Data and to obtain a copy of that Personal Data.
- Rectification. You have the right to request the rectification of inaccurate information about you and for any incomplete information about you to be completed.
- Objection. You have the right to object to the processing of your Personal Data, which is based on our legitimate interests (as described above).
- Erasure. You have the right to request the erasure of your Personal Data (subject to certain conditions).
- Automated decision-making. You have the right not to have a decision made about you that is based solely on automated processing if that decision produces legal or similarly significant effects concerning you.
- Restriction. You have the right to ask us to restrict our processing of your Personal Data, so that we no longer process that Personal Data until the restriction is lifted.
- Portability. You have the right to receive your Personal Data, which you have provided to us, in a structured, commonly used and machine-readable format and to have that Personal Data transmitted to another organization in certain circumstances.
- Complaint.In addition to the above, you have the right to lodge a complaint with a supervisory authority (a list of which is available here) if you consider that our processing of your Personal Data infringes applicable Data Protection Law.
- Personal Data Transfers. Your Personal Data may be processed outside your jurisdiction, and in countries that are not subject to an adequacy decision by the European Commission or your local legislature and/or regulator, and that may not provide for the same level of data protection as your jurisdiction, such as the EEA or UK. We ensure that the recipient of your Personal Data offers an adequate level of data protection, for example, by entering into the appropriate back-to-back agreements and, if required, standard contractual clauses for the transfer of data as approved by the European Commission or UK Secretary of State (as described in Article 46 of the GDPR), or we will ask you for your prior consent to such international data transfers. By using the Services, you acknowledge the transfer, storing and/or processing of your data in accordance with this Policy.
c. California Residents.If you reside in the State of California, the CCPA provides you with specific rights regarding your Personal Data. This section describes those rights and how to exercise them.
- Collection and Disclosure of Personal Data.Our collection of Personal Data is described in sections (a) through (c) of the INFORMATION WE MAY COLLECT ABOUT YOU heading above. We have shared Personal Data as set forth in HOW DOES HYPR SHARE PERSONAL DATA for business or commercial purposes consistent with this Privacy Policy. We never exchange Personal Data for money or any other consideration ( e.g., trade it for free services) . However, the CCPA’s definition of “sale” is very broad, and may include situations like when browsing data is sent to advertisers (when you click on an ad that sends you to HYPR, we send a hashed identifier to the referring site so they can receive credit for the referral). While we only send what is needed to properly record the referral, the fact that you clicked on the link and visited HYPR may be added to your profile by the ad publisher. This is all done on the Site with cookies and other similar technology and opting out of the sale of your Personal Data will automatically turn them off. You may direct us not to sell your Personal Data by contacting us directly.
- Right to Make a Request Under the CCPA. You have the right to request that we disclose certain information to you regarding our collection, use, and disclosure of your Personal Data over the past 12 months, including the categories and specific pieces of Personal Data we possess, the categories of sources of the Personal Data, the business or commercial purpose for collecting the Personal Data, and the categories of third parties with whom we share or sell the information, and the specific pieces of Personal Data we have collected about you. Upon verified request, we will respond to your request for such information. You also have a right to request that we delete your Personal Data. Please note that, in certain cases, we deny a request to delete your Personal Data if we have a legal basis to do so. For example, we may retain certain information for the reasons stated under the HOW DOES HYPR USE YOUR PERSONAL DATA heading above.
- Who May Make a Request? You may make a request on behalf of yourself or you may authorize an agent who is registered with the Secretary of State for the State of California to act on your behalf. You may also make a request on behalf of your minor child.
- Right to Non-Discrimination for Exercise of Consumer’s Privacy Rights . We will not discriminate against individual for exercising their rights under the CCPA.
d. Instructions for Submitting a Verifiable Consumer Request. If you wish to exercise any of these rights, please submit the request by emailing us at legal@hypr.com, or write us at the address below. In your request, please make clear: (i) what Personal Data is concerned; and (ii) which of the above rights you would like to enforce. For your protection, we may only fulfil requests with respect to the Personal Data associated with the email address you send your request from, and we will need to verify your identity before doing so. We will comply with your request promptly, but in any event within the legally mandated timeframes (thirty (30) days for the GDPR and forty-five (45) days for the CCPA). We may need to retain certain information for recordkeeping purposes or to complete transactions that you began prior to requesting such change or deletion.
e. Process Used to Verify a Consumer Request. We will verify all requests by contacting you using contact information retained in our systems. If our information does not allow us to contact you, then we will verify your identity by asking you to confirm the data we have in our system. We cannot respond to requests that cannot be verified.
CHANGES TO THIS POLICY
This Policy may be updated from time to time, to reflect changes in our practices, technologies, additional factors, and to be consistent with applicable Data Protection Law, and other legal requirements. If we do make updates, we will update the “effective date” at the top of this Privacy Policy webpage. If we make a material update, we may provide you with notice prior to the update taking effect, such as by posting a conspicuous notice on our website or by contacting you using the email address you provided.
CONTACT INFORMATION; COMPLAINTS
If you have questions, concerns, or complaints about this Policy or our data collection or processing practices, or if you want to report any security violations, please email legal@hypr.com, or write the address below:
HYPR Corp.
Attn: Legal
1001 Avenue of the Americas, 10th Floor
New York, NY 10018