Working with your data

If you're seeking reassurance and information about the security of your data in relation to our services, this document gives you details.

The headlines are:

  • Our Information Security Management System (ISMS) has been certified to the international quality standard ISO 27001 since January 2017. Our certificate numbers is 209495. Our most recent certification for cloud based email validation and confirmation of data accuracy services is valid until January 2023. If you would like to see our policy documents for either of our quality standard certifications ISO 27001 or ISO 9001 please contact our Data Protection Officer by email: [email protected]
  • If you would like to agree and sign a specific data processing agreement with Email Hippo which complies with the data legislation applicable to you such as the EU’s General Data Protection Regulations or the California Consumer Privacy Act please contact us.
  • We are registered with the Information Commissioner's Office; our registration number is ZA309925

Policies detailed below:

Privacy Policy

We take your privacy seriously.

This policy defines how Email Hippo Limited collects, protects and uses any personal information you provide us and includes our use of Cookies.

If you have any questions please contact our Data Protection Officer at [email protected]

We may update this policy from time to time so you should ensure you regularly review this policy to ensure you are happy with any changes.

Data we collect and store

We collect and store information when you visit our website, when you choose to complete any forms we present, when you sign up and use our services.

This information may include:

Personal information - we do not request or store information which is not required to provide you with an efficient service. Our forms typically include: your name; email address; telephone number; and your consent to be contacted about our products and services. You may also provide this information if you contact us by email or by phone.

Payment information - all payment information such as credit cards or PayPal credentials are only stored by our payment gateways:
Stripe for credit cards -
PayPal -

Our cookies - we use session and persistent cookies on our website and customer portal to help improve your user experience

Analytical data and cookies

We collect and log website usage information including IP address, operating system, browser type, pages viewed and duration. This is statistical data about how you have browsed our site and does not include any personally identifiable information. We use Google Analytics to analyse the use of our website. Our analytics service provider generates statistical and other information about website use by means of cookies.
The analytics cookies used by our website have the following names: _ga, _gat.
Our analytics service provider's privacy policy is available at:
Users may opt out of Google Analytics at the following URL - .

Other third party cookies

Our website also uses third party cookies but we do not publish interest-based advertisements on this website. Details of [other] third party cookies used by our website are set out below:
Vimeo. The Vimeo cookie policy details can be found here: (Vimeo cookie policy)
Our email campaigns and landing pages use cookies for analytical purposes. These are managed by Mailchimp. The Mailchimp cookie policy details can be found here: (Mailchimp cookie policy)

Data you specifically submit to our services for processing for example email addresses or domain names.

How we use your data

We use the information we store for the following purposes:

  • To respond to any query you may make
  • To provide you with information about the services you use
  • To provide you with information, products or services that you request from us or in accordance with your marketing preferences
  • To provide statistical analysis of website traffic
  • To provide, operate, optimise, maintain and manage our websites
  • To improve the navigation and content of our websites
  • To customise content and layout of our websites
  • For recruitment purposes if you have applied for a role with Email Hippo
  • To perform the data processing services you have requested under a free trial, a single purchase, or a subscription.
  • To carry out other legitimate business purposes, as well as other lawful purposes

We may also process your personal data without your knowledge or consent, in accordance with this notice, where we are legally required or permitted to do so.

We will not sell or share, in any way, your information with any organisations outside the Rolosoft group of companies - Rolosoft Limited, Email Hippo Limited and eVerify Limited. All these businesses operate from the same premises using the same systems and procedures.

To unsubscribe from our mailing list at any time, please use the unsubscribe feature on one of our emails or email us at [email protected]

To close your account please email us at [email protected] with your account name.

Where we store your data

All of your information is stored on secure servers managed by Email Hippo and by the following sub-processors:Email Hippo sub-processor list

Our subprocessors have been selected because of their adherence to data protection regulations and adoption of industry best practices for securing data.

To help prevent unauthorised access or disclosure to our systems and the data we collect and are given, Email Hippo holds ISO27001 and ISO9001 accreditations. These international standards for information security and quality are independently certified and validates our business management system which includes suitable physical, electronic and managerial procedures to safeguard and secure the information we store .

How long we retain your information

We only retain the information you provide and we collect for as long as is necessary to fulfil the purposes for which it is collected. We take into account:

The services you are using (trials and purchases)
The business needs of Email Hippo
Our statutory and legal obligations
The purpose for which the data was collected
The lawful grounds for processing your data
The types, amount and categories of data we have collected
Whether the purpose of processing could be reasonably fulfilled by other means

Your rights

To make a Subject Access Request to confirm that your data is being used and request a copy of that data
To request that we correct any inaccurate data we may be storing
To make a request to be forgotten and request deletion of all the data we store related to you
To ask us to not process your personal data for direct marketing and promotional purposes
To obtain and reuse your data for your own personal uses.
To object to the way we are processing your data
To prevent automated decision making and profiling in relation to your data
To make a specific and recorded request not to sell your personal data

If you would like to agree and sign a specific data processing agreement with Email Hippo which complies with the data legislation applicable to you such as the EU’s General Data Protection Regulations or the California Consumer Privacy Act please contact us at [email protected]

Please contact us to submit any requests or ask any questions about your data, or to ask for a copy of our Business Management System ISO 27001 / 9001.

For your information, here are our current ISO certificates:

Privacy policy contd.

Additional information on cookies

About cookies

A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.

Cookies may be either "persistent" cookies or "session" cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.

Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.

Cookies can be used by web servers to identify and track users as they navigate different pages on a website and identify users returning to a website.

Blocking cookies

Most browsers allow you to refuse to accept cookies; for example:

in Internet Explorer (version 11) you can block cookies using the cookie handling override settings available by clicking "Tools", "Internet Options", "Privacy" and then "Advanced";
in Firefox (version 36) you can block all cookies by clicking "Tools", "Options", "Privacy", selecting "Use custom settings for history" from the drop-down menu, and unticking "Accept cookies from sites"; and
in Chrome (version 41), you can block all cookies by accessing the "Customise and control" menu, and clicking "Settings", "Show advanced settings" and "Content settings", and then selecting "Block sites from setting any data" under the "Cookies" heading.

Blocking all cookies will have a negative impact upon the usability of many websites.

If you block cookies, you will not be able to use all the features on our website.

Deleting cookies

You can delete cookies already stored on your computer; for example:
in Microsoft Edge (version 41), you can delete cookies by clicking "...", "Settings" and "Choose what to clear" under Clear browsing data, then selecting "Cookies and saved website data", and then clicking "Clear";
in Firefox (version 59), you can delete cookies by clicking "Tools", "Options" and "Privacy & Security", then selecting "remove individual cookies" under “History”, select the website and click “Remove Selected”;
in Chrome (version 65), you can delete all cookies by accessing the "Customise and control" menu, and clicking "Settings", "Advanced" and "Clear browsing data", and then selecting "Cookies and other site data" before clicking "Clear data".
Deleting cookies will have a negative impact on the usability of many websites.

Cookie Preferences

There are no facilities to manage your cookie preferences on our website.


Return to top of page

Data Processing Addendum

Effective May 1, 2020: Numbered Sections 1-12. Annexes A-E

Numbered sections

  1. Definitions
  2. Interpretations
  3. Application of this DPA
  4. Roles and responsibilities
  5. Limitation of liability
  6. Security
  7. Security audits
  8. Data transfers, storage and processing
  9. Sub-processing
  10. Data deletion
  11. Data subject rights and cooperation
  12. Jurisdiction-specific terms


This Data Processing Addendum ("DPA") is incorporated into, and is subject to the terms and conditions of, the Agreement between Email Hippo Limited (“Email Hippo”) and the entity that is a party to the Agreement ("you"/”your”).

1. Definitions

"Agreement" means Email Hippo’s Terms of Service, or other written or electronic agreement, which governs the provision of processor services to You (as amended from time to time).

"Applicable Data Protection Legislation" means all data protection laws and regulations applicable to a party's processing of Your Personal Data under the Agreement, including, where applicable, EU Data Protection Law and Non-EU Data Protection Laws.

"EU Data Protection Law" means all data protection laws and regulations applicable to Europe, including (i) Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) ("GDPR"); (ii) Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector; (iii) applicable national implementations of (i) and (ii); and (iii) in respect of the United Kingdom ("UK") any applicable national legislation that replaces or converts in domestic law the GDPR or any other law relating to data and privacy as a consequence of the UK leaving the European Union).

"Europe" means, for the purposes of this DPA, the European Union, the European Economic Area and/or their member states, Switzerland and the United Kingdom.

“Non-EU Data Protection Laws” means the California Consumer Privacy Act (“CCPA”); the Canadian Personal Information Protection and Electronic Documents Act (“PIPEDA”); and the Brazilian General Data Protection Law ("LGPD"), Federal Law no. 13,709/2018.

“Notification Email Address” means the email address (if any) designated by You, via the user interface of the Processor Services or such other means provided by Email Hippoe, to receive certain notifications from Email Hippo relating to these Data Processing Terms.

“Processor Services” means the applicable services agreed under the Terms of Service, available at

"SCCs" means the standard contractual clauses for processors as approved by the European Commission or Swiss Federal Data Protection Authority (as applicable).

"Security Incident" means a breach of Email Hippo’s security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Your Personal Data on systems managed by or otherwise controlled by Email Hippo. “Data Incidents” will not include unsuccessful attempts or activities that do not compromise the security of Your Personal Data, including unsuccessful login attempts, pings, port scans, denial of service attacks, and other network attacks on firewalls or networked systems.

"Sensitive Data" means (a) social security number, passport number, driver's license number, or similar identifier (or any portion thereof); (b) credit or debit card number (other than the truncated (last four digits) of a credit or debit card); (c) employment, financial, genetic, biometric or health information; (d) racial, ethnic, political or religious affiliation, trade union membership, or information about sexual life or sexual orientation; (e) account passwords; or (f) other information that falls within the definition of "special categories of data" under applicable Data Protection Laws.

"Service Data" means any data relating to the Your use, support and/or operation of the Processor Services, including information relating to volumes, activity logs, payments, or other information regarding the purchase and use of Processor Services.

“Sub-processors” means third parties authorised under these Data Processing Terms to have logical access to and process Your Personal Data in order to provide parts of the Processor Services and any related technical support.

“Your Personal Data” means personal data that is processed by Email Hippo on your behalf in order for Email Hippo to provide the Processor Services.

2. Interpretations

All capitalized terms not defined in this DPA shall have the meanings set forth in the Agreement.

The terms "personal data", "controller", "data subject", "processor" and "processing" shall have the meaning given to them under Applicable Data Protection Legislation or if not defined thereunder, the GDPR.

For the avoidance of doubt, all references to the "Agreement" shall include this DPA (including the SCCs (where applicable), as defined herein).

Either Email Hippo or You may be referred to as a “Party” and collectively as the “Parties”.

Any phrase introduced by the terms “including”, “include” or any similar expression will be construed as illustrative and will not limit the sense of the words preceding those terms. Any examples in this DPA are illustrative and not the sole examples of a particular concept.

Any reference to a legal framework, statute or other legislative enactment is a reference to it as amended or re-enacted from time to time.

3. Application of this DPA

3.1 Term. This DPA shall remain in effect until You cease using the Processor Services and Your Personal Data has been deleted as described in section 10. Data deletion.

3.2 Previous DPAs. The parties agree that this DPA shall replace any existing data processing agreement or similar document that the parties may have previously entered into in connection with the Processor Services.

3.3 Precedence of documents. In the event of any conflict or inconsistency between this DPA and Email Hippo’s Standard Terms of Service, the provisions of the following documents (in order of precedence) shall prevail: (i) SCCs; then (ii) this DPA; and then (iii) Email Hippo’s Standard Terms of Service.

3.4 Governing law and jurisdiction. This DPA shall be governed by and construed in accordance with governing law and jurisdiction provisions in the Agreement, unless required otherwise by Applicable Data Protection Legislation.

3.5 Enforcement. No one other than a party to this DPA, its successors and permitted assignees shall have any right to enforce any of its terms.

3.6 Impact on the Agreement. Except for any changes made by this DPA, the Agreement remains unchanged and in full force and effect.

3.7 Service data. Notwithstanding anything to the contrary in the Agreement (including this DPA), Email Hippo shall have a right to collect, use and disclose Service Data for its legitimate business purposes, such as: (i) for accounting, tax, billing, audit, and compliance purposes; (ii) to provide, develop, optimize and maintain the Service; (iii) to investigate fraud, wrongful or unlawful use of the Service; and/or (iiii) as required by applicable law.

To the extent any such Service Data is considered personal data under Applicable Data Protection Legislation, Email Hippo shall be responsible for and shall process such data in accordance with the Email Hippo Privacy Policy and Data Protection Laws. For the avoidance of doubt, this DPA shall not apply to Service Data.

4. Roles and responsibilities

4.1 Parties’ roles. If EU Data Protection Law or the LGPD applies to either party's processing of Your Personal Data, the parties acknowledge and agree that with regard to the processing of Your Personal Data, You are the controller and Email Hippo is a processor acting on Your behalf, as described further in Annex A – Details of data processing of this DPA.

4.2 Purpose limitation. Email Hippo shall process Your Personal Data: (i) only in accordance with Your documented lawful instructions as defined in this DPA; (ii) as necessary to comply with applicable law; or (iii) as otherwise agreed in writing ("Permitted Purposes"). The parties agree that the Agreement sets out Your instructions to Email Hippo in relation to the processing of Your Personal Data, and that any processing outside the scope of these instructions shall require prior written agreement between the parties.

4.3 Prohibited data. You will not provide (or cause to be provided) any Sensitive Data to Email Hippo for processing under the Agreement, and Email Hippo will have no liability whatsoever for this Sensitive Data, whether in connection with a Security Incident or otherwise. For the avoidance of doubt, this DPA will not apply to Sensitive Data.

4.4 Your compliance. You represent and warrant that (i) You have complied, and will continue to comply, with all applicable laws, including Applicable Data Protection Legislation, in respect of Your processing of Your Personal Data and any processing instructions You issue to Email Hippo; and (ii) You have provided, and will continue to provide, all notice and You have obtained, and will continue to obtain, all consents and rights necessary under Data Protection Laws for Email Hippo to process Your Personal Data for the purposes described in the Agreement. You shall have sole responsibility for the legality of Your Personal Data and the means by which You acquired Your Personal Data.

4.5 Lawfulness of Your instructions. You will ensure that Email Hippo's processing of Your Personal Data in accordance with Your instructions will not cause Email Hippo to violate any applicable law, regulation, or rule, including, without limitation, Applicable Data Protection Legislation. Email Hippo shall promptly notify You in writing, unless prohibited from doing so under EU Data Protection Laws, if it becomes aware or believes that any data processing instruction from You violates the GDPR or any UK implementation of the GDPR.

5. Limitation of Liability

5.1 Liability of the parties. Each party’s liability taken together in the aggregate arising out of or related to this DPA (including the SCCs) shall be subject to the exclusions and limitations of liability set forth in the Agreement.

5.2 Entities making claims. Any claims made against Email Hippo under or in connection with this DPA (including, where applicable, the SCCs) shall be brought solely by Your entity that is a party to the Agreement.

5.3 An individual’s rights. In no event shall any party limit its liability with respect to any individual's data protection rights under this DPA or otherwise.

6. Security

6.1 Security measures. Email Hippo shall implement and maintain appropriate technical and organizational security measures that are designed to:(i) protect Your Personal Data from Security Incidents; and (ii) preserve the security and confidentiality of Your Personal Data in accordance with Email Hippo's security standards as described in Annex C – Technical and organisational security measures of this DPA.

6.2 Updates to security measures. You are responsible for reviewing the information made available by Email Hippo relating to data security and making an independent determination as to whether the Service meets Your requirements and legal obligations under Applicable Data Protection Legislation. You acknowledge that security measures are subject to technical progress and development and that Email Hippo may update or modify the security measures described in Annex C - Technical and organisational security measures of this DPA from time to time, provided that such updates and modifications do not result in the degradation of the overall security of the Service provided to You.

6.3 Security Incident response. Upon becoming aware of a Security Incident, Email Hippo shall: (i) notify You without undue delay, and where feasible, in any event no later than 48 hours from becoming aware of the Security Incident; (ii) provide timely information relating to the Security Incident as it becomes known or as is reasonably requested by You; and (iii) promptly take reasonable steps to contain and investigate any Security Incident. You are solely responsible for providing a notification email address and ensuring that the notification email address is current and valid.

Email Hippo's notification of or response to a Security Incident under this section (6.3 Security Incident response) shall not be construed as an acknowledgment by Email Hippo of any fault or liability with respect to the Security Incident.

6.4 Confidentiality of processing. Email Hippo shall ensure that any person who is authorized by Email Hippo to process Your Personal Data (including its staff, agents and subcontractors) shall be under an appropriate obligation of confidentiality (whether a contractual or statutory duty).

6.5 Your responsibilities. Notwithstanding the above, You agree that except as provided by this DPA, You are responsible for Your secure use of the Processor Services, including securing Your account authentication credentials, protecting the security of Your Personal Data when in transit to and from the Processor Services, and taking any appropriate steps to securely encrypt or backup Your Personal Data uploaded to the Processor Services.

7. Security audits

7.1 Audit rights. Email Hippo shall make available to You all information reasonably necessary to demonstrate compliance with this DPA and allow for and contribute to audits, including inspections by You in order to assess compliance with this DPA. You acknowledge and agree that You shall exercise Your audit rights under this DPA (including this section (7.1 Audit rights) and where applicable, the SCCs) and any audit rights granted by Data Protection Laws, by instructing Email Hippo to comply with the audit measures described in section 7.2 Security due diligence.

7.2 Security due diligence. Email Hippo shall respond to all reasonable requests for information made by You to confirm Email Hippo’s compliance with this DPA provided that You shall not exercise this right more than once per calendar year. All such requests should be made in writing to [email protected]

8. Data transfers, storage and processing

8.1 Processing. You agree that in order to provide the Processor Services (relating to email addresses) individual email addresses (from Your Personal Data) will be sent to the mail servers which host the email address being verified and that these servers may be located anywhere. Furthermore You agree that the only purpose for the email address to be sent to email servers is to interrogate the email server and validate the individual email address to understand its existence and credibility.

8.2 Data center locations. You acknowledge that Email Hippo may transfer and process Your Personal Data within the countries listed under the Sub-processors in Annex B – Sub-processors of this DPA. Email Hippo shall ensure, at all times, that such transfers comply with the requirements of Applicable Data Protection Legislation.

8.3 European data transfers. To the extent that Email Hippo is a recipient of Your Personal Data protected by EU Data Protection Laws ("EU Data"), the parties agree that SCCs will apply.

Email Hippo agrees to abide by and process EU Data in compliance with the SCCs, which are incorporated in full by reference and form an integral part of this DPA. For the purposes of the SCCs: (i) Email Hippo agrees that it is the "data importer" and You are the "data exporter" under the SCCs (notwithstanding that You may be an entity located outside the EU); and (ii) Annexes A, C and D of this DPA shall replace Appendixes 1, 2 and 3 of the SCCs, respectively.

The parties further agree that the SCCs will apply to Your Personal Data that is transferred via the Processor Services from Europe to outside Europe, either directly or via onward transfer, to any country or recipient not recognized by the European Commission as providing an adequate level of protection for personal data (as described in the EU Data Protection Law).

9. Sub-processing

9.1 Authorised sub-processors. You agree that Email Hippo may engage Sub-processors to process Your Personal Data on Your behalf. The Sub-processors currently engaged by Email Hippo and authorised by You are available in Annex B – Sub-processors of this DPA. Email Hippo shall notify You of any changes (additions or removals) to its Sub-processors with at least 10 days notice.

9.2 Sub-processor obligations. Email Hippo shall: (i) enter into a written agreement with each Sub-processor containing data protection obligations that provide at least the same level of protection for Your Personal Data as those in this DPA, to the extent applicable to the nature of the service provided by such Sub-processor; and (ii) remain responsible for such Sub-processor’s compliance with the obligations of this DPA and for any acts or omissions of such Sub-processor that cause Email Hippo to breach any of its obligations under this DPA.

10. Data deletion

10.1 Deletion during term.
10.1.1 Processor Services with delete functionality. During the Term, if the functionality of the Processor Services includes the option for You to delete Your Personal Data and You use the Processor Services to delete certain elements or files containing Your Personal Data You will not be able to recover the data and Email Hippo will delete such Personal Data owned by You from its systems as soon as reasonably practicable and within a maximum period of 90 days, except to the extent required by applicable law.

10.1.2 Processor services without deletion functionality. During the Term, if the functionality of the Processor Services does not include the option for You to delete Your Personal Data, then Email Hippo will comply with any reasonable request from You to perform such deletion, insofar as this is possible and taking into account the nature and functionality of the Processor Services and except to the extent required by applicable law.
Email Hippo may charge a fee (based on Email Hippo’s reasonable costs) for any data deletion under this Section 6.1.2. Email Hippo will provide You with further details of any applicable fee, and the basis of its calculation, in advance of any such data deletion.

10.1.3 Processor Services with automated deletion. During the term, Processor Services with automated deletion will automatically delete Your Personal Data on a rolling basis after a maximum period of 90 days from the date of receiving Your Personal Data.

10.2 Deletion on term expiry.
On termination or expiry of the Term, You may instruct Email Hippo to delete or return all Your Personal Data (including existing copies) from Email Hippo’s systems, except to the extent required by applicable law. Email Hippo will comply with this instruction as soon as reasonably practicable and within a maximum period of 90 days.

11. Data subject rights and cooperation

11.1 Responses to data subject requests. If Email Hippo receives a request from a data subject in relation to Your Personal Data, Email Hippo shall not respond to such communication directly except as appropriate (for example, to direct the data subject to contact You) or legally required, without Your prior authorisation. If Email Hippo is required to respond to such a request, Email Hippo shall promptly notify You and provide You with a copy of the request unless Email Hippo is legally prohibited from doing so.
For the avoidance of doubt, nothing in the Agreement shall restrict or prevent Email Hippo from responding to any data subject or data protection authority requests in relation to personal data for which Email Hippo is a controller.

11.2 Data subject request assistance. Email Hippo shall, taking into account the nature of the processing, provide reasonable additional assistance to You to the extent possible to enable You to comply with Your data protection obligations with respect to data subject rights under Applicable Data Protection Legislation.

11.3 Data protection impact assessment. To the extent required under Applicable Data Protection Legislation, Email Hippo shall (taking into account the nature of the processing and the information available to Email Hippo) provide all reasonably requested information regarding the Processor Services to enable You to carry out data protection impact assessments. Email Hippo shall comply by: (i) complying with Section 5 (Security audits); (ii) providing the information contained in the Agreement; and (iii) if further assistance is required, upon request, providing additional reasonable assistance (at Your expense).

12. Jurisdiction-specific terms

12.1 Jurisdiction-specific terms. To the extent Email Hippo processes Your Personal Data originating from and protected by Data Protection Laws in one of the jurisdictions listed in Annex E - Jurisdiction-specific terms of this DPA, then the applicable jurisdiction terms specified in Annex E shall apply in addition to the terms of this DPA.

In the event of any conflict or ambiguity between the Jurisdiction-Specific Terms and any other terms of this DPA, the applicable Jurisdiction-Specific Terms will take precedence, but only to the extent of their applicability to Email Hippo.


Annex A – Details of data processing

Subject Matter - Email Hippo’s provision of the Processor Services and any related technical support as requested by You.
Duration of the Processing - Processed data is retained for a maximum of 90 days before automated deletion. Specific processor services operate differently but within this timeframe. If deletion is requested outside our automated process then the duration will expire on the deletion of all Your Personal Data.
Nature and Purpose of the Processing - Email Hippo will process (as applicable to the Processor Services and Your instructions in section 4. Roles and responsibilities) and may include the actions: collecting; recording; organising; structuring; storing; altering; retrieving; using; disclosing; combining; erasing; and destroying) Your Personal Data for the purpose of providing the Processor Services and any related technical support to You in accordance with this DPA.
Types of Personal Data - You agree to limit the personal data you provide to Email Hippo to only email addresses. Domain information is not classified as personal data.
Furthermore if you provide Email Hippo with personal data other than email addresses you shall indemnify Email Hippo against any claim, loss, damage, administrative fine or expense (including without limitation legal expenses) suffered or incurred by Email Hippo related to its processing of this personal data.
Categories of Data Subjects - data subjects about whom personal data is transferred to Email Hippo in connection with the Processor Services by You or on Your behalf.

Annex B – Sub-processors

The Sub-processors applicable to the Processor Service are described here (as updated from time to time in accordance with section 9.1 Authorised sub-processors of this DPA).

Annex C – Technical and organisational security measures

The Security Measures applicable to the Processor Service are described here (as updated from time to time in accordance with section 6.2 Updates to security measures of this DPA).

Return to top of page

Technical and organisational security measures

This document details Email Hippo Limited’s (Email Hippo) technical and organisational security measures at a high level.

Email Hippo reserves the right to revise these technical and organisational measures at any time and without notice providing any such revisions will not materially reduce or weaken the overall level of protection. In the unlikely event that Email Hippo does materially reduce its security then Email Hippo will notify its customers.

It is Email Hippo’s policy to maintain technical and organisational security measures which keep our data and our customers’ data secure.

To achieve this:

1. we have implemented and maintain a business management system which has been designed:

  • to meet the quality and information security requirements of ISO9001:2015, and ISO27001:2017;
  • to fulfil the requirements of data protection legislation such as the EU GDPR (General Data Protection Regulation),UK DPA (Data Protection Act) 2018, California Consumer Privacy Act 2018
  • and to meet the security expectations of our customers

2. our management team commit:

  • to satisfy all applicable requirements related to the maintenance of the ISO 27001 Information Security Management System and ISO9001 Quality System;
  • to protect and prevent unauthorised access to any sensitive data;
  • to meet all legal, statutory and regulatory requirements relating to the company’s operations;
  • to provide the resources including people, equipment and training to achieve the objectives;
  • to ensure the policy is communicated and that all employees are aware of their individual obligations;
  • to continually improve the company’s systems;
  • to conduct both internal and external annual audits on our quality and security systems;
  • and to regularly review the system to ensure it remains appropriate and suitable

3. we utilise organisational management and senior staff have been allocated the responsibility for the development, implementation and maintenance of our information security programme

4. we use experienced and qualified independent third party resources to perform all audits to ensure compliance with our policies, processes and procedures

5. we utilise risk assessment and treatment procedures for the identification and assessment of risks to our organization and take steps to ensure that no high risks exist

6. we maintain specific Information security policies and make sure that those policies and measures are regularly reviewed and improved when appropriate

7. all communication with and between our applications is done using cryptographic protocols such as TLS to protect information in transit over public networks

8. at network boundaries we ensure that stateful firewalls, web application firewalls, and DDoS protection are used to filter any attacks

9. our applications follow a multi-tiered model which provides the ability to apply security controls between each layer

10.we have deployed data security controls which include logical segregation of data, restricted (e.g. role-based) access and monitoring, and, where applicable, all data is encrypted at rest using commercially available and industry-standard encryption technologies

11. we use logical access controls which are designed to manage access to data and system functionality based on authority levels and job functions and are on a need-to-know and least privilege basis

12. access to all systems requires unique username and passwords for all users with periodic review and revoking or changing access when job roles change or employment terminates

13. password controls have been implemented to manage and control password strength

14. we use system audits or event logging to proactively record user access and system activity for routine review

15. we utilise vulnerability assessments, patch management, threat protection technologies and scheduled monitoring procedures to identify, assess, mitigate and protect against identified security threats, viruses and other malicious code

16. suppliers are selected and reviewed on regular basis based on a risk profile and the ability to maintain appropriate information security controls

17. we use recognised cloud service providers who have implemented appropriate controls to secure and protect information and infrastructure. These are currently: see Sub-processor list  Annex B (above).

18. the physical and environmental security of our facilities has been designed to:

    • protect information assets from unauthorized physical access
    • manage, monitor and log movement of persons into and out of the building
    • guard against environmental hazards such as fire

19. our operational procedures and controls, which define how Email Hippo operates and provides its services, include system design, development, configuration, monitoring, maintenance, security, support, and communication and are based on prescribed internal and adopted industry standards

20. we securely dispose of systems and storage media to ensure that all information or data is undecipherable or unrecoverable

21. our change management procedures and change tracking systems have been designed to test, approve and monitor all changes to our services and information assets

22. our incident management procedures incorporate stages to: investigate; respond; mitigate; and notify any events as appropriate

23. our business continuity and disaster recovery procedures have been designed to maintain service and/or recover from foreseeable emergency situations or disasters.

Annex D - SCCs

All defined terms used in this Annex D shall have the meaning given to them in the SCCs unless otherwise defined in this Annex.

Appendix 3 to the Standard Contractual Clauses

This Appendix forms part of the Clauses and must be completed by the parties.

This Appendix sets out the parties' interpretation of their respective obligations under specific Clauses identified below. Where a party complies with the interpretations set out in this Appendix, that party shall be deemed by the other party to have complied with its commitments under the Clauses.

For the purposes of this Appendix: (i) "DPA" means the Data Processing Addendum in place between the data importer and the data exporter; (ii) these Clauses are incorporated into the DPA; and (iii) "Agreement" shall have the meaning given to it in the DPA.

Clause 5(a): Suspension of data transfers and termination
The parties acknowledge that the data importer may process the personal data only on behalf of the data exporter and in compliance with its instructions as provided by the data exporter and the Clauses.

The parties acknowledge that if the data importer cannot provide such compliance for whatever reason, it agrees to inform promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the Clauses.

If the data exporter intends to suspend the transfer of personal data and/or terminate these Clauses, it shall endeavour to provide notice to the data importer and provide the data importer with a reasonable period of time to cure the non-compliance (“Cure Period”).

If after the Cure Period the data importer has not or cannot cure the non-compliance then the data exporter may suspend or terminate the transfer of personal data immediately. The data exporter shall not be required to provide such notice in instances where it considers there is a material risk of harm to data subjects or their personal data.

Clause 5(f): Audit
The data exporter acknowledges and agrees that it exercises its audit right under Clause 5(f) by instructing the data importer to comply with the audit measures described in section 7. Security audits of this DPA.

Clause 5(j): Disclosure of sub-processor agreements
The parties acknowledge the obligation of the data importer to send promptly a copy of any onward sub-processor agreement it concludes under the Clauses to the data exporter.

The parties further acknowledge that, pursuant to sub-processor confidentiality restrictions, the data importer may be restricted from disclosing onward sub-processor agreements to the data exporter. Notwithstanding this, the data importer shall use reasonable efforts to require any sub-processor it appoints to permit it to disclose the sub-processor agreement to the data exporter.

Even where the data importer cannot disclose a sub-processor agreement to the data exporter, the parties agree that, upon the request of the data exporter, the data importer shall (on a confidential basis) provide all information it reasonably can in connection with such sub-processing agreement to the data exporter.

Clause 6: Liability
Any claims brought under the Clauses shall be subject to the terms and conditions, including but not to limited to, the exclusions and limitations set forth in the Agreement. In no event shall any party limit its liability with respect to any data subject rights under these Clauses.

Clause 11: Onward sub-processing
The parties acknowledge that, pursuant to FAQ II.1 in Article 29 Working Party Paper WP 176 entitled "FAQs in order to address some issues raised by the entry into force of the EU Commission Decision 2010/87/EU of 5 February 2010 on standard contractual clauses for the transfer of personal data to processors established in third countries under Directive 95/46/EC" the data exporter may provide a general consent to onward sub-processing by the data importer.

Accordingly, the data exporter provides a general consent to the data importer, pursuant to Clause 11 of these Clauses, to engage onward sub-processors. Such consent is conditional on the data importer’s compliance with the requirements set out in section 9. Sub-processing of this DPA.

Annex E - Jurisdiction-specific terms


Objection to sub-processors. You may object in writing to Email Hippo’s appointment of a new sub-processor within five (5) calendar days of receiving notice in accordance with section 9.1 Authorised sub-processors, provided that such objection is based on reasonable grounds relating to data protection. In such an event, the parties shall discuss such concerns in good faith with a view to achieving a commercially reasonable resolution. If no such resolution can be reached, Email Hippo will, at its sole discretion, either not appoint such sub-processor, or permit You to suspend or terminate the affected Processor Services in accordance with the termination provisions in the Agreement without liability to either party (but without prejudice to any fees incurred by You prior to suspension or termination).


The definitions of: “controller” includes “Business”; "processor" includes “Service Provider”; “data subject” includes “Consumer”; “personal data” includes “Personal Information”; in each case as defined under CCPA.

For this “California” section of Annex E only, “Permitted Purposes” shall include processing Your Personal Data only for the purposes described in this DPA and in accordance with Your documented lawful instructions as set forth in this DPA, as necessary to comply with applicable law, as otherwise agreed in writing, or as otherwise may be permitted for “service providers” under the CCPA.

Email Hippo’s obligations regarding data subject requests, as described in section 11. Data subject rights and cooperation of this DPA, apply to a Consumer’s rights under the CCPA. Notwithstanding any use restriction contained elsewhere in this DPA, Email Hippo shall process Your Personal Data only to perform the Processor Services, for the Permitted Purposes and/or in accordance with Your documented lawful instructions, except where otherwise required by applicable law.

Email Hippo may de-identify or aggregate Your Personal Data as part of performing the Processor Services specified in this DPA and the Agreement.

Where Sub-processors process the personal data of Your contacts, Email Hippo takes steps to ensure that such Sub-processors are Service Providers under the CCPA with whom Email Hippo has entered into a written contract that includes terms substantially similar to this DPA or are otherwise exempt from the CCPA’s definition of “sale”. Email Hippo conducts appropriate due diligence on its Sub-processors.


Email Hippo takes steps to ensure that Sub-processors, as described in section 9. Sub-processing of the DPA, are third parties under PIPEDA, with whom Email Hippo has entered into a written contract that includes terms substantially similar to this DPA. Email Hippo conducts appropriate due diligence on its Sub-processors.

Email Hippo will implement technical and organizational measures as set forth in section 6. Security of this DPA.


Return to top of page