PLATFORM COMPLIENCE DECLERATION

At HEPO, we are committed to protecting the privacy and security of our customers’ and users’ personal data. We comply with the General Data Protection Regulation (GDPR) and other relevant data privacy regulations. Our platform is designed to safeguard data and empower our users with full control over their personal information.

This declaration outlines our data protection policies and how we ensure GDPR compliance across all aspects of HEPO’s services.

1. Data Collection and Processing

HEPO collects and processes personal data only for specified, legitimate purposes. We ensure that the data we collect is limited to what is necessary for providing and improving our services.

Types of Data Collected: Personal data collected by HEPO includes, but is not limited to, names, email addresses, company details, and other information required for user account management, service provision, and customer support.

Legal Basis for Data Processing: HEPO processes personal data under the following lawful bases:

Consent: Where necessary, we obtain explicit consent from individuals before processing their personal data.

Contractual Necessity: We process data required to fulfill our contractual obligations to our customers.

Legitimate Interests: We may process data for legitimate business purposes, such as improving our platform, ensuring security, and providing customer support, provided these interests do not override the individual's privacy rights.

2. User Consent

HEPO ensures that users provide informed consent before their personal data is collected or processed. We are transparent about the purpose of data collection and use clear, accessible language in our consent forms.

•          Consent Management: Users can easily give, withdraw, or modify their consent at any time through their account settings.

•          Children’s Privacy: HEPO does not knowingly collect personal data from children under the age of 16 without verifiable parental consent, in compliance with GDPR requirements.

3. Data Security

HEPO is committed to protecting the confidentiality, integrity, and availability of personal data. We employ industry-standard security measures to ensure that data is securely stored and processed.

Encryption: We use encryption both in transit and at rest to protect personal data from unauthorized access.

Access Control: Only authorized personnel have access to personal data, and they are bound by strict confidentiality agreements.

Data Breach Notifications: In the event of a data breach, HEPO has procedures in place to notify the relevant authorities and affected individuals within the timeframe required by GDPR (72 hours).

4. User Rights Under GDPR

HEPO respects and upholds the rights of individuals regarding their personal data. As per GDPR, users have the following rights:

Right to Access: Users can request access to the personal data we hold about them and obtain a copy of that data in a structured, commonly used format.

Right to Rectification: Users have the right to request the correction of inaccurate or incomplete personal data.

Right to Erasure (Right to be Forgotten): Users can request that their personal data be deleted, subject to certain conditions (e.g., where it is no longer necessary for the purpose for which it was collected).

Right to Data Portability: Users have the right to request their personal data in a format that can be transferred to another service provider.

Right to Restrict Processing: Users can request a temporary restriction on the processing of their personal data under specific circumstances.

Right to Object: Users have the right to object to the processing of their personal data for marketing purposes or where processing is based on legitimate interests.

Actionable Steps: Users can exercise these rights by contacting us via email at [data.protection@hepo.com] or through their account settings on the HEPO platform. We will respond to all requests within one month, as required by GDPR.

5. Data Retention Policy

HEPO retains personal data only for as long as necessary to fulfill the purposes for which it was collected or to comply with legal, accounting, or reporting obligations.

Data Minimization: We ensure that we only collect and retain the minimum amount of personal data necessary for service provision.

Retention Periods: Once personal data is no longer required, it will be securely deleted or anonymized.

6. Data Transfers

HEPO may transfer personal data to countries outside the European Economic Area (EEA), including to our third-party service providers, where necessary. When doing so, we ensure that appropriate safeguards are in place to protect the privacy and security of personal data, in compliance with GDPR.

Standard Contractual Clauses (SCCs): We use standard contractual clauses and other lawful mechanisms to ensure data protection for international transfers.

Third-Party Processors: Any third-party processors we work with are required to comply with GDPR standards and provide sufficient guarantees regarding data protection.

7. Data Protection Officer (DPO)

HEPO has appointed a Data Protection Officer (DPO) to oversee GDPR compliance and to act as a point of contact for data protection inquiries. Our DPO is responsible for ensuring that all data processing activities comply with GDPR and other relevant regulations.

If you have any questions or concerns about how HEPO handles your personal data, please contact our DPO at [dpo@hepo.com].

8. Continuous Improvement and Updates

HEPO continuously reviews and updates its data protection practices to stay aligned with GDPR and other relevant data protection regulations. Any updates to our data protection policies will be posted on this page, and significant changes will be communicated to users via email.

9. Contact Information

If you have any questions about this GDPR Compliance Declaration or if you would like to exercise your rights under GDPR, please contact us at:

•          Email: [data.protection@hepo.app]

•          Phone: [+]

•          Mailing Address:  

At HEPO, we prioritize the privacy and security of personal data. Our platform is built with GDPR compliance at its core, ensuring that data is handled with the highest standards of care and transparency. We are committed to upholding your privacy rights and providing a secure environment for all users.