Privacy Policy
Policy version: 10th of September, 2024
Privacy Policy
Scope of the Privacy Policy
The Company ---, with company number --- which is based at --- in its capacity as Controller, collects and further processes your personal data only if strictly necessary, for clear and legitimate purposes, under Regulation (EU) 2016/679, Cypriotic Laws 125(I)/2018 and 112(I)/2004, as applicable during the operation of its website herahaven.com (hereinafter referred to as the 'Website') on the processing of their personal data.
Useful Data Protection Terms
For the purposes of this, the following terms are important to be defined:
B. Data collected by the Company through the website herahaven.com
When browsing and using the site, the following are collected and further processed:
B.1. Registration
Identification data (e.g. First name)
Communication Data (e.g. Email address)
Gender
You/ Google or X (if you decide to sign up via those accounts)
N/A
Account Creation
Article 6 (1)(b)
5 years after the erasure of your account
1. Data Processors: Hosting Providers
2. Payment services
B.2. Usage of HeraHaven Chat
Image
Video
Audio
Data you may share during chat
The use of our services
Article 22 par. 2 (a)
5 years after the erasure of your account
Data Processors
Hosting service
Our service is based on an AI platform; therefore, we perform automated decision-making processing. It is important to highlight that, for purposes of quality control and amelioration/ patching our model, a periodical sample check will be carried out on the conversations by HeraHaven. Therefore, your communication with the chatbot may become visible by our employees, who are bound by confidentiality agreements.
Data collected automatically
When you use our website, we collect data automatically, some of which can include personal data. These include data such as language settings, IP address, location, device settings, the operating system of the device, activity data, time of use, the referring URL, status report, user information (data on the browser version), the operating system, the browsing result (simple visitor or registered user), browsing history, the type of data you viewed.
Collection and further processing of Minors Personal Data
In principle, the Company does not collect or further process data of minors directly or indirectly (i.e. persons who have not reached the age of 18). However, since it is impossible to cross-check and verify the age of persons entering or using the Company's site, it is recommended that parents and guardians of minors contact the Company immediately if they find any unauthorized disclosure of data on behalf of the minors for whom they are responsible, in order to exercise respectively the rights granted to them, such as the deletion of their data. In case --- realizes that it has collected personal data of a minor, the Company commits to delete them immediately and take every necessary measure for the protection of the minor’s data.
Transfer of Personal Data outside the EEA.
In principle, the Company does not transmit your personal data to third countries. In case of transfer of your personal data to a country outside the European Economic Area (EEA), the Company carries out this transfer under Chapter II of the Regulation in conjunction with:
Your Rights
The Company ensures that it can respond directly to the requests of the subjects, for the exercise of their rights in accordance with the Regulatory Framework. More specifically, every data subject has the following rights:
In addition, he can request the portability/transmission of his personal data either to himself or to third parties and to withdraw at any time his consent he gave for the processing of his personal data, without such withdrawal affecting the legality of the processing until then.
Furthermore, the data subject is entitled to object to the processing of his personal data by the Company.
For the exercise of all the above rights, as well as for any matter relating to the processing of your personal data by the Company, you can contact us by e-mail at [email protected].
In case of exercise of any of the above rights, the Company will respond immediately [in any case within thirty (30) days of the submission of the request], informing you in writing of the progress of its satisfaction.
For any complaint you may make regarding this information note or privacy issues, if we do not meet your request, you may contact the Cypriot Office of the Commissioner for Personal Data Protection via the following link: Cypriot Office of the Commissioner for Personal Data Protection.
Disclaimer for Third Party Sites-Social Media Buttons
On this Site social media buttons are used – Social media widgets (e.g. Facebook, Instagram, Pinrest, YouTube, Twitter) using which, after the user logs on to the social network, creates a special digital footprint, for which both the Company and the social network itself act as joint controllers.
For the Company, the purpose of the processing is to improve the functionality of the website and the services provided as well as to analyze its traffic. Legal basis for the processing is the fulfilment of the Company's legitimate interest in linking its services with new technologies (GDPR Article 6(1)(f)).
The Company does not control or is responsible for any subsequent processing carried out on them by the Joint Managers.
For more information about data processing policy and options for setting up these networks, you can visit the following web pages: