Privacy Policy - Hallederiz Labs - Privacy Policy

1) Introduction and Scope

This Privacy Policy explains how HALLEDERIZ LABS LTD (16815648) collects, uses, and shares personal information when we provide our products and services, operate our websites, or otherwise interact with you in the United Kingdom. We are the data controller for the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Effective date: September 11, 2025.

2) Data Controller and Contact

• Company name: HALLEDERIZ LABS LTD
• Registered company number: 16815648
• Registered office: 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ
• Privacy enquiries: hallederizlabs+privacy@gmail.com

We have not appointed a statutory Data Protection Officer, but you can reach our privacy team using the contact details above.

3) Personal Data We Collect

• Identity and contact details: name, job title, organisation, email address, phone number, postal address.
• Account and usage information: usernames, session activity, device identifiers, IP address, browser information, preferences, and audit logs.
• Transactional and billing data: invoicing records, purchase history, VAT or tax identifiers where required, and limited payment details (processed via our payment providers).
• Support and communications: help-desk tickets, emails, chat messages, survey responses, and feedback you choose to provide.
• Marketing data: subscription status, marketing preferences, and engagement with our campaigns.
• Cookie and analytics data: information collected from cookies and similar technologies that help us understand how our services are used.
• Special category data: we do not intentionally collect sensitive data. If it becomes necessary (for example, accessibility accommodations), we will obtain explicit consent and apply enhanced safeguards.

We collect information directly from you, automatically when you use our services, and from third parties such as integration partners or publicly available sources where this is lawful.

4) How We Use Personal Data and Legal Bases

• To provide and administer services (UK GDPR Article 6(1)(b) - contract): account creation, authentication, customer support, and delivering requested features.
• To improve and secure our products (Article 6(1)(f) - legitimate interests): monitoring performance, fixing bugs, preventing fraud and abuse, and developing new functionality.
• To comply with legal obligations (Article 6(1)(c)): maintaining tax and accounting records, responding to lawful requests from authorities, and meeting regulatory requirements.
• To communicate with you (Article 6(1)(b) or 6(1)(f)): sending service messages, updates, and responding to your queries.
• For marketing with your consent or opt-in (Article 6(1)(a) or 6(1)(f)): sending newsletters, event invitations, and promoting new features. You can opt out at any time.
• To defend legal claims (Article 6(1)(f)): managing disputes, enforcing agreements, and maintaining evidence.

5) Sharing and International Transfers

We share personal data with trusted service providers that support our business, including hosting, cloud infrastructure, analytics, communications, payment processing, and professional advisers. We only allow them to process data on our instructions and subject to contractual safeguards.

If data are transferred outside the UK, we rely on appropriate safeguards such as adequacy regulations, the International Data Transfer Agreement (IDTA), the UK Addendum to the EU Standard Contractual Clauses, or another lawful mechanism. You may contact us for copies of relevant transfer safeguards where permitted.

6) Data Retention

We keep personal data only for as long as necessary to fulfil the purposes outlined in this policy and to meet our legal, accounting, or reporting obligations. Once retention periods expire, we delete, anonymise, or securely archive the data in accordance with our internal retention schedule.

7) Security Measures

• Role-based access controls and authentication policies
• Encryption in transit and at rest where appropriate
• Logging, monitoring, and vulnerability management
• Segregated infrastructure and network security controls
• Backup, disaster recovery, and business continuity processes
• Employee confidentiality obligations and regular training
• Data processing agreements with all subprocessors

8) Cookies and Similar Technologies

We use cookies and similar tools to make our services work, to understand how they are used, and to personalise your experience. You can adjust your preferences through our cookie banner or by changing your browser settings. Non-essential cookies are only set with your consent. For more detail, please refer to our Cookie Notice.

9) Your Rights

Under UK GDPR you have the right to access, correct, delete, or restrict the use of your personal data, to object to processing, and to request data portability. Where processing is based on consent, you may withdraw that consent at any time. You also have the right not to be subject to decisions based solely on automated processing, including profiling, where they produce legal or similarly significant effects.

To exercise your rights, please contact us using the details below. We aim to respond within one month. We may ask for additional information to confirm your identity before fulfilling your request.

10) Children

Our services are not directed at children under 16. If we learn that we have collected personal data from a child without appropriate consent, we will delete it as soon as reasonably practicable.

11) Changes to this Policy

We may update this Privacy Policy from time to time to reflect legal, technical, or business developments. When we make material changes we will take appropriate steps to inform you, consistent with the significance of the changes. The latest version will always be available on this page.

12) Contact and Complaints

Questions or requests about this policy can be sent to hallederizlabs+privacy@gmail.com or by post to 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ. If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, or via https://ico.org.uk.