PlayHT’s commitment to GDPR

The GDPR (General Data Protection Regulation) is an important piece of legislation that is designed to strengthen and unify data protection laws for all individuals within the European Union.

If your company needs to ensure it is GDPR-compliant, it also needs to ensure its providers (i.e. PlayHT) are also GDPR compliant. PlayHT is GDPR-compliant, and strictly enforces the regulation as to protect the user data we store.

Last updated: March 13, 2022

Types of Data collected

If you are a Visitor, User or Business Partner, we may collect one or both of the following types of data from you when you use or access our website, the Services or when you interact with the Technology, as applicable.

The first type of data is aggregated, non-personal, non-identifiable information pertaining to your use of the website or interaction with the Technology (“Non-personal Data “). We are not aware of the identity of the individual from which the Non-personal Data is collected. Non-Personal Data may include your aggregated usage information and technical information transmitted by your device, including certain software and hardware information about your device (e.g., the device you use, the type of browser and operating system your device uses, language preferences, access times and the website’s domain name from which you accessed the Services, etc.), in order to enhance the functionality of the Services and for security and functionality purposes.

The second type of information is individually identifiable information, namely information that identifies an individual or may with reasonable effort identify an individual (“Personal Data“).

For the avoidance of doubt, if we combine Personal Data with Non-personal Data, the combined data will be treated as Personal Data as long as the data types remain combined. We act as a Processor of a User's Personal Data that we process on behalf of our Business Partners. We are considered to be the Controller of the Personal Data we collect from our Business Partners and Visitors.

The types of data that we collect as well as our reasons for processing such data are specified in the tables below:

Data We Collect from Business Partners and Visitors

Type of Data	How do we Use it
Data Provided Voluntarily: If you voluntarily contact us in any manner, whether via our contact form on our website, request a demo, via email, etc., you may be asked to provide us with your contact information such as your full name and email address as well as your Company name and job title.	We will use this data solely for the purpose of responding to your inquiries and to provide you with the support or information you requested. We will retain our correspondence with you for as long as we find necessary, subject to applicable law.
Business Partner’s Registration: If you wish to partner with us and integrate the Technology within your Digital Assets you will be requested to register and create an account. During the registration you will be requested to provide your contact details such as your name, email address, phone number and company name. You may also provide us with your email address through registration or other means of communications if you choose to download our Technology through third parties plugin or app marketplace.	We will use this data to provide the Services and designate your account. Your contact details will be used in order to send you needed information related to our Services and our business engagement (e.g., send you a welcome message, notify you regarding any updates to our Services, send inquiries regarding your use of our Technology and Services for example where we detect you have failed to complete the download or otherwise reached the offered cap, send applicable invoices, etc.) and additional occasional communications and updates related to the Services, as well as provide you with tips related to our Services, and promotional and marketing emails. We may also use the information in order to verify your identity, including by sending you a text message for password verification purposes. We use a third-party payment processor to process the payments in consideration for our Services. We will not obtain your payment details other than as needed for validation purposes (e.g., 4 digits, BIN, expiry date). The processing of your payment details will be subject to the applicable third-party processor's policies.
Newsletter & Marketing List Subscription: If you voluntarily subscribe to our newsletter through our website, or otherwise agree to receive our updates and content, you may be requested to provide us with your contact information such as your name, email address and company name. You can unsubscribe at any time using the unsubscribe option within the body of the applicable email correspondence or by contacting us directly.	We use this data solely in order to provide you with the content that you requested to receive. The Company uses Crisp and Sendinblue for its email marketing services. Please review their privacy policies here: https://crisp.chat/en/privacy/ https://www.sendinblue.com/legal/privacypolicy/
IP and Technical Data: When you access our website or interact with our Services, we may collect certain online identifiers (e.g. your IP address) as well as technical Non-Personal Data (e.g. the type of operating system, type of browser, device type, access time and date, directing URL and your approximate geographical location).	We use this data for our legitimate interests of: (i) operating, providing, maintaining, protecting, managing, customizing and improving our website and the way in which we offer it; (ii) enhancing your experience; (iii) auditing and tracking usage statistics and traffic flow; and (iv) protecting the security of our website. We will obtain your consent, if we are required to do so in accordance with applicable law when we use third party cookies on our website.

Data We Collect from Users:

Type of Data	Purpose of Processing
Online Identifiers & Technical Usage Personal Data: The Company may collect information regarding a User's interaction with the Services. Such information may include Online Identifiers such as the User's IP address, Advertising ID and IDFA. We may also assign a unique ID to your browser. The Company may also collect technical Data, such as, the type of operating system used, the type of browser, device type, access time and date, certain browsing data (e.g. directing URL) and the User's approximate geographical location.	We use this data for (i) operating, providing, maintaining, protecting, managing, customizing and improving our Services and the way in which we offer them as well as. In some cases, to provide Users with personalized Ads; (ii) enhancing your experience; and (iii) auditing and tracking usage statistics and traffic flow as well as calculating payments related to the Services, we provide to Business Partners. Where required under applicable law, we will require our Business Partner to obtain your consent to collect such data and share it with us. Note that, we use Google Ad Manager to operate our advertising campaigns. Google may use and retain certain types of data subject to its policies. Additional information can be found here.

Type of Data

Purpose of Processing

Online Identifiers & Technical Usage Personal Data: The Company may collect information regarding a User's interaction with the Services. Such information may include Online Identifiers such as the User's IP address, Advertising ID and IDFA. We may also assign a unique ID to your browser. The Company may also collect technical Data, such as, the type of operating system used, the type of browser, device type, access time and date, certain browsing data (e.g. directing URL) and the User's approximate geographical location.

We use this data for (i) operating, providing, maintaining, protecting, managing, customizing and improving our Services and the way in which we offer them as well as. In some cases, to provide Users with personalized Ads; (ii) enhancing your experience; and (iii) auditing and tracking usage statistics and traffic flow as well as calculating payments related to the Services, we provide to Business Partners. Where required under applicable law, we will require our Business Partner to obtain your consent to collect such data and share it with us. Note that, we use Google Ad Manager to operate our advertising campaigns. Google may use and retain certain types of data subject to its policies. Additional information can be found here.

Audio Widgets

Our Audio Widgets include: Article Player and Audio Buttons.

Personal Data: When the Visitor or a Business Partner chooses to use our Audio Widgets, we store no personal information.
Non-Personal Data: We do store anonymous statistical data, for the use of our Visitors and Business Partners, in the form of Analytics (Listens, Shares, Downloads).
Email Subscriptions: Under the consent of our Visitors and Business partners, solely for their use, we store Email Lists for Them, for Marketing and Advertising purposes, again with the end user's consent (user who’s benefiting from our Visitors or Business Partners).

You can always choose to Opt-Out of this information sharing, after which the Visitor and Business Partner can exercise their Right of Erasure to remove said information.

How PlayHT collects Data

Depending on the nature of your interaction with the website or the Services, the above mentioned data may be collected as follows:

Voluntarily – In the event you choose to provide us with information, e.g., when you contact us or if you are a Business Partner and you choose to share other information with us via your use of the Services.

Automatically – Your data may be collected automatically including via cookies (as explained below) and other similar tracking technologies. We will ask for your consent to collect Personal Data and offer you the choice to opt-out of such collection if we are required to do so in accordance with applicable law.

Who do we disclose Information to?

We do not share your Personal Data with third parties except as specifically mentioned herein:

Third Party service providers – we may disclose your Personal Data to third parties that perform services on our behalf (e.g. tracking, servers, service functionality and support, marketing, etc.). These entities may be located in a different jurisdiction than you and are prohibited from using your Personal Data for any purposes other than providing us with the requested services;

Our third parties help us use your personal information, as described above, and include:

Third-Party	Privacy Policy and Opt-Out
Firebase	https://firebase.google.com/support/privacy
Google Cloud	https://cloud.google.com/terms/cloud-privacy-notice
Google Analytics	https://policies.google.com/privacy
Hotjar	https://www.hotjar.com/legal/policies/privacy/
Mailgun	https://www.mailgun.com/privacy-policy/
Sendinblue	https://www.sendinblue.com/legal/privacypolicy/
Crisp	https://crisp.chat/en/privacy/
Stripe	https://stripe.com/en-in/privacy
Amazon Web Services	https://aws.amazon.com/privacy/
Google	https://policies.google.com/privacy
IBM	https://www.ibm.com/privacy
Microsoft Azure	https://azure.microsoft.com/en-in/support/legal/
Rewardful	https://www.rewardful.com/privacy
Government third parties, including government agencies, regulatory bodies and law enforcement agencies as required, authorized or permitted by law

Third Party Rights – we may share your Personal Data, solely to the extent needed to prevent harm to the rights (including intellectual property rights and other legal rights), property or safety of us, our Visitors, Business Partners and their Users, yourself or any other third party.

Policy Enforcement – we may share your Personal Data, solely to the extent needed in order to enforce our policies including investigations of potential violations thereof, to establish or exercise our rights to defend against legal claims or to detect, prevent, or take action regarding illegal activities or other wrongdoing, suspected fraud or security issues;

Legal Requirement – we may disclose or share your Personal Data, solely to the extent needed to comply with any applicable law, regulation, legal process or governmental request (i.e., to comply with a court injunction, etc.) or for the purpose of collaborating with law enforcement agencies; or

Affiliated Companies and Corporate Transaction – we may share your Personal Data with a parent company, subsidiaries, joint ventures, or other companies under common control with the Company ("Affiliated Companies") solely if and when applicable or necessary. In addition, we may share information, in the event of a corporate transaction (e.g. sale, merger, consolidation, etc.), provided however, that our Affiliated Companies or acquiring company will be subject to the obligations detailed herein with respect to your Personal Data.

Online Identifiers – we may share Online Identifiers with our Business Partners and advertising partners for the purpose of the Services, as well as to detect fraud and calculate payments.

Your Individual Rights

Right to be informed: we clearly inform our users about the use that will be made of their data

Right of access: our users can access all their data, without restriction, from the Crisp apps
Right of rectification: it's as simple as contacting us, we'll process all your rectification queries
Right of erasure: it's as simple as contacting us, we'll process all your erasure queries
Right to restrict processing: we don't process the data of our customers (and our customers end-users)
Right to data portability: our users may contact us anytime if they wish to get an export of their data (this may take time, however, as the data is fragmented amongst multiple isolated data-stores)
Right to object: we handle all requests on this matter from our users and users end-users (contact us)
Right not to be subject to automated decision-making including profiling: we don't do that (and never will)

Please review our Privacy Rights Policy to learn more.

Change in Control or Sale

We can also share your personal information as part of a sale, merger or change in control, or in preparation for any of these events. Any other entity which buys us or part of our business will have the right to continue to use your information, but only in the manner set out in this Policy unless you agree otherwise.

International transfers of personal information (for users in the Designated Countries)

For our users in the Designated Countries, where we transfer your personal information to a third party provider that is not located in the Designated Country and is not subject to an adequacy decision by the EU Commission, we will require those third party providers to enter into an agreement that provides appropriate safeguards for your information.

Security

Our team closely monitors any unauthorized system access, and has put in place multiple preventive measures to reduce the attack surface on our systems and services. In 4 years, PlayHT has had 0 major security issues, with only a few minor ones, which we fixed the same day they were reported (those would not have allowed a hack or data breach).

Data Retention

We generally retain your personal information as long as you keep your account open or as needed to provide you Services. This includes data you or others provided to us and data generated or inferred from your use of our Services. In some cases we choose to retain certain information (e.g., insights about Services use) in a depersonalized or aggregated form.

Data Protection Officer

PlayHT has a designated Data Protection Officer, as required by GDPR:

Syed Mohammed Zubair
Role: Director of Account Management and Customer Success
Email: [email protected]