Hopin takes privacy issues seriously. Therefore, we have prepared this document to assist customers, participants and other stakeholders in respect of some commonly asked privacy questions.
Broadly speaking, our customers and Hopin process two “buckets” of personal data via the Hopin events product - “Participant Data” and “Event Data”.
The sections below describe these in more detail but, at a high level, the former is limited data relating largely to participant contact information and the latter can be more extensive data relating to the participants’ event experience.
“Participant Data” is any personal data relating to individuals in the creation of a Hopin account (or other means of access) to attend or engage with an event such as (a) first / last name; (b) contact details; (c) event participation information (e.g event name, time and date) etc.
Hopin and the customer act as independent controllers of Participant Data and so each party is separately responsible for compliance with applicable data protection laws, such as providing notice to or obtaining consent from participants where required.
“Event Data” is (a) any personal data contained in materials submitted by Customer in the course of creating or during an event (e.g. speaker bios); and (b) personal data embedded in Customer event-related content (e.g. event recordings, participant chat transcripts).
The customer is the controller of Event Data and Hopin only ever acts as a processor of this data. As the controller and where required by law, the customer will be responsible for compliance with applicable data protection laws, such as providing notice to or obtaining consent from individuals where required.
StreamYard can be used as a stand-alone product or in conjunction with Hopin events. In either scenario, the customer is the controller of personal data contained in live/recorded video streams, and Hopin acts solely as a processor of such data. To the extent Participant Data is collected, the parties act as independent controllers.
We are committed to protecting the confidentiality, integrity and availability of our information systems and our customers’ personal data. We are constantly improving our security controls and analyzing their effectiveness to give customers confidence in our products. Our security standards are available at https://hopin.com/legal/security and incorporated into the Global Platform Terms and the Data Processing Addendum. Highlights of our technical and organizational measures in place for both Hopin events and StreamYard include:
Since the same security standards apply to all Customers using the Hopin Events and StreamYard services, we do not accept Customer security terms and cannot modify our security terms on a per-customer basis.
Hopin events is cloud-based and hosted by Amazon AWS. By default, Event Data is stored in the US (us-east-1 – Ashburn, Virginia) and Participant Data is stored in the EU (eu-west-1 region - Dublin, Ireland).
If you are a Hopin events business and enterprise customer, you can choose at the outset of your engagement to store both Event Data and Participant Data (therefore, all of the personal data) in the EU. Just notify your Hopin relationship manager to ensure the desired settings are applied to your account.
Please also see the section “What about international transfers?” below.
Hopin events offers several third-party integrations that you may implement to enhance your event or ensure seamless communication with your organization’s CRM tools, such as Salesforce, Marketo, HubSpot, and many others. A current list of Hopin Events integration providers is available here. If you choose to use one or more of these third-party integrations, the respective integration provider’s use and processing of personal data is controlled by the integration provider’s terms and conditions and/or your agreement with them.
We do not control and are not responsible for the data practices of these third-party integration providers, and you should carefully evaluate these service providers as you would any third party. We also cannot ensure that these providers will store your data in the EU or other specific location. Therefore, if this is important to you, you should liaise with these providers directly.
StreamYard offers cloud-based live streaming and recording and is hosted by Google Cloud in the US. Please also see the section “What about international transfers?” below.
While we are able to offer storage for Hopin events wholly within the EU, we (like almost all SaaS providers) rely on certain credible and trusted sub-processors located outside of the UK/EU, primarily in the US, to provide our services. A list of sub-processors for Hopin events is available here. Please also see the section “What about international transfers?” below.
A list of sub-processors for StreamYard is available here.
Like the overwhelming majority of SaaS providers, our services may involve EU to UK transfers, UK to EU transfers and EU/UK to US transfers. We have taken various steps to ensure compliance in respect of these transfers.
EU to UK transfers - the European Commission has determined that the UK’s data protection laws are “adequate” so that transfers of personal data can take place without further compliance measures.
UK to EU transfers - the UK authorities have determined that the EU’s data protection laws are “adequate” so that transfers of personal data can take place without further compliance measures.
EU/UK to US transfers - we have completed the following:
Unfortunately, the answer is no. Our DPA, which complies with EU GDPR, UK GDPR, and the CCPA is specific to our data handling constructs, services, and privacy practices. A customer DPA does not contain those specificities. This approach is in keeping with almost all SaaS providers.
Moreover, if you are purchasing both Hopin events and StreamYard, our DPA and commercial paper accommodates your purchase of both services.
You can review our DPA online by visiting https://hopin.com/legal/dpa. When you purchase a subscription with us, the DPA is automatically incorporated by reference into the Global Platform Terms and deemed signed by both parties.
In respect of Event Data, the customer is responsible for any data subject requests and we inform any requestors to contact the customers directly. Hopin, as a processor and where required by law, will act on the customer’s instructions to provide assistance. Note, however, that Hopin is unable to remove or obscure personal data like faces, voices and chats from Event Data because they are embedded.
In respect of Participant Data, we inform requestors that they can access this data via their account, delete their account, unsubscribe from any marketing to which they’ve explicitly opted in, and ask for our assistance in respect of the same and any other rights.
These Data FAQs are subject to change at any time without notice, and are provided as a courtesy. They do not constitute legal advice and do not impose obligations on either Hopin or any customer or user of the Hopin suite of products. Any translations of this document to languages other than English are provided for convenience only.
In order to investigate your trademark complaint, please provide all of the information listed below and press submit
Use the form below to identify content that you would like removed based on alleged infringement of your copyright(s)