Age Verification
This website contains age-restricted material. By entering, you affirm that you are at least 18 years of age or the age of majority in your jurisdiction.

Privacy Policy

Policy version: 10th of September, 2024

Privacy Policy

Scope of the Privacy Policy

The Company ---, with company number --- which is based at --- in its capacity as Controller, collects and further processes your personal data only if strictly necessary, for clear and legitimate purposes, under Regulation (EU) 2016/679, Cypriotic Laws 125(I)/2018 and 112(I)/2004, as applicable during the operation of its website herahaven.com (hereinafter referred to as the 'Website') on the processing of their personal data.

Useful Data Protection Terms

For the purposes of this, the following terms are important to be defined:

  • personal data: any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified by reference to an identifier such as a name, an identification number, location data, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  • personal data of special categories or sensitive personal data: personal information that reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership and genetic data, biometric data which allows to uniquely identify a natural person, health data and/or data regarding sexual orientation.
  • minors’ data: personal data of persons under the age of 18; We do not seek or obtain personal data directly from minors. However, as it is impossible to always determine the age of persons who access and use our websites, we encourage parents or guardians to contact us if they notice any case of unauthorized data provision by minors to exercise accordingly their rights such as deletion of their data.
  • processing: any operation performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
  • controller: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;
  • processor: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
  • recipient: a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
  • third party: a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;
  • consent of the data subject: any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he/she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him/her;
  • Regulatory Framework: The relevant national and EU data protection regulatory framework, namely the Regulation (EU) 2016/679 (hereinafter referred to as the 'GDPR'); Law 125(I)/2018, Law 112(I)/2004, the jurisprudence of the Court of Justice of the European Union (hereinafter referred to as the CJEU) as well as the Decisions, Directives and Opinions of the European Data Protection Board (hereinafter referred to as the 'EDPB') and the Office of the Commissioner for Personal Data Protection (hereinafter referred to as the 'Commissioner').

B. Data collected by the Company through the website herahaven.com

When browsing and using the site, the following are collected and further processed:

B.1. Registration

Categories of Personal Data

Identification data (e.g. First name)

Communication Data (e.g. Email address)

Gender

Origin

You/ Google or X (if you decide to sign up via those accounts)

N/A

Purpose

Account Creation

Legal Basis

Article 6 (1)(b)

Retention Period

5 years after the erasure of your account

Recipients

1. Data Processors: Hosting Providers

2. Payment services

B.2. Usage of HeraHaven Chat

Categories of Personal Data

Image

Video

Audio

Data you may share during chat

Purpose

The use of our services

Legal Basis

Article 22 par. 2 (a)

Retention Period

5 years after the erasure of your account

Recipients

Data Processors

Hosting service

Our service is based on an AI platform; therefore, we perform automated decision-making processing. It is important to highlight that, for purposes of quality control and amelioration/ patching our model, a periodical sample check will be carried out on the conversations by HeraHaven. Therefore, your communication with the chatbot may become visible by our employees, who are bound by confidentiality agreements.

Data collected automatically

When you use our website, we collect data automatically, some of which can include personal data. These include data such as language settings, IP address, location, device settings, the operating system of the device, activity data, time of use, the referring URL, status report, user information (data on the browser version), the operating system, the browsing result (simple visitor or registered user), browsing history, the type of data you viewed.

Collection and further processing of Minors Personal Data
In principle, the Company does not collect or further process data of minors directly or indirectly (i.e. persons who have not reached the age of 18). However, since it is impossible to cross-check and verify the age of persons entering or using the Company's site, it is recommended that parents and guardians of minors contact the Company immediately if they find any unauthorized disclosure of data on behalf of the minors for whom they are responsible, in order to exercise respectively the rights granted to them, such as the deletion of their data. In case --- realizes that it has collected personal data of a minor, the Company commits to delete them immediately and take every necessary measure for the protection of the minor’s data.

Transfer of Personal Data outside the EEA.

In principle, the Company does not transmit your personal data to third countries. In case of transfer of your personal data to a country outside the European Economic Area (EEA), the Company carries out this transfer under Chapter II of the Regulation in conjunction with:

  1. Adequacy Decision of the European Commission (Article 45 GDPR) or
  2. Appropriate safeguards in accordance with the GDPR for the transmission of such data (Article 46 GDPR).
  3. Finally, for occasional processing, the transfer is based on one of the exceptions provided for in Article 49 of the GDPR. (e.g. the explicit consent of the user and its information on the risks involved in the transfer, the transfer is necessary for the performance of a contract at the request of the subject, there are reasons in the public interest, necessary to support legal claims and vital interests of the data subject, etc.).

Your Rights

The Company ensures that it can respond directly to the requests of the subjects, for the exercise of their rights in accordance with the Regulatory Framework. More specifically, every data subject has the following rights:

Access
Rectification
Erasure
Restriction of processing
Portability

In addition, he can request the portability/transmission of his personal data either to himself or to third parties and to withdraw at any time his consent he gave for the processing of his personal data, without such withdrawal affecting the legality of the processing until then.

Furthermore, the data subject is entitled to object to the processing of his personal data by the Company.

For the exercise of all the above rights, as well as for any matter relating to the processing of your personal data by the Company, you can contact us by e-mail at [email protected].

In case of exercise of any of the above rights, the Company will respond immediately [in any case within thirty (30) days of the submission of the request], informing you in writing of the progress of its satisfaction.

For any complaint you may make regarding this information note or privacy issues, if we do not meet your request, you may contact the Cypriot Office of the Commissioner for Personal Data Protection via the following link: Cypriot Office of the Commissioner for Personal Data Protection.

Disclaimer for Third Party Sites-Social Media Buttons
On this Site social media buttons are used – Social media widgets (e.g. Facebook, Instagram, Pinrest, YouTube, Twitter) using which, after the user logs on to the social network, creates a special digital footprint, for which both the Company and the social network itself act as joint controllers.

For the Company, the purpose of the processing is to improve the functionality of the website and the services provided as well as to analyze its traffic. Legal basis for the processing is the fulfilment of the Company's legitimate interest in linking its services with new technologies (GDPR Article 6(1)(f)).

The Company does not control or is responsible for any subsequent processing carried out on them by the Joint Managers.

For more information about data processing policy and options for setting up these networks, you can visit the following web pages: