Privacy Policy for the Processing of Personal Data
1.1. The Operator prioritizes safeguarding the rights and freedoms of individuals when processing personal data, ensuring protection of privacy, personal and family secrets.
1.2. This Policy applies to all personal data collected from visitors and users of the website https://hroom.ai/.
2. Key Terms Used in the Policy
2.1. Automated processing of personal data – processing personal data by means of automated tools.
2.2. Blocking of personal data – temporary cessation of processing personal data except where further processing is necessary to clarify such data.
2.3. Depersonalization of personal data – actions that make it impossible to associate data with a specific user without additional information.
2.4. Processing of personal data – any action performed with or without the use of automated systems, including collection, recording, organization, storage, updating, usage, transfer, anonymization, deletion, and destruction of personal data.
2.5. Operator – a legal or physical person or entity that determines the purposes and means of processing personal data.
3. Legal Grounds for Processing
3.1. Processing is lawful when based on one of the following legal grounds:
4.1. Data subjects have the following rights under GDPR:
5.1. Personal data will only be stored for as long as necessary to fulfill the purposes for which it was collected, unless otherwise required by law or contract. Once the purpose has been fulfilled, personal data will be securely deleted or anonymized.
5.2. Users may request the deletion of their personal data at any time, and the Operator will comply unless retention is necessary for compliance with legal obligations.
6.Transfer of Personal Data
6.1. The Operator may transfer personal data to third parties when:
For transfers outside of the European Economic Area (EEA), the Operator ensures adequate protection of personal data by using legally binding mechanisms such as Standard Contractual Clauses (SCCs), Binding Corporate Rules (BCRs), or other lawful means as per GDPR requirements.
7.Security Measures
7.1. The Operator implements robust organizational, legal, and technical measures to ensure the confidentiality, integrity, and security of personal data, protecting it from unauthorized access, disclosure, alteration, or destruction.
7.2. Encryption, access controls, regular security audits, and data minimization are part of the measures adopted to protect personal data.
8.Use of Cookies
8.1. The website uses cookies to improve user experience and provide personalized services. Users can manage their cookie preferences through their browser settings. More information about our cookie usage is available in our Cookie Policy.
9.Breach Notification
9.1. In the event of a personal data breach that poses a risk to data subjects, the Operator will notify the relevant supervisory authority within 72 hours of becoming aware of the breach.
9.2. Where there is a high risk to data subjects, the Operator will also directly inform affected individuals without undue delay.
10.Cross-Border Data Transfers
10.1. Personal data may be transferred to countries outside the EU, but only if the recipient country ensures an adequate level of data protection, or if the transfer is protected by appropriate safeguards such as SCCs or BCRs.
11.Confidentiality of Personal Data
11.1. The Operator and any third parties involved in processing personal data are obligated to maintain the confidentiality of personal data and must not disclose it without the consent of the data subject, unless required by law.
12.Changes to the Policy
12.1. The Operator may update this Policy periodically to reflect changes in processing activities or legal requirements.
12.2. The current version of this Policy will always be accessible at https://hroom.ai/privacy-policy-en
13.Contact Information
For any questions or requests regarding personal data processing, you may contact us at team@hroom.ai.
- General Provisions
1.1. The Operator prioritizes safeguarding the rights and freedoms of individuals when processing personal data, ensuring protection of privacy, personal and family secrets.
1.2. This Policy applies to all personal data collected from visitors and users of the website https://hroom.ai/.
2. Key Terms Used in the Policy
2.1. Automated processing of personal data – processing personal data by means of automated tools.
2.2. Blocking of personal data – temporary cessation of processing personal data except where further processing is necessary to clarify such data.
2.3. Depersonalization of personal data – actions that make it impossible to associate data with a specific user without additional information.
2.4. Processing of personal data – any action performed with or without the use of automated systems, including collection, recording, organization, storage, updating, usage, transfer, anonymization, deletion, and destruction of personal data.
2.5. Operator – a legal or physical person or entity that determines the purposes and means of processing personal data.
3. Legal Grounds for Processing
3.1. Processing is lawful when based on one of the following legal grounds:
- Consent: Processing occurs where the data subject has given explicit consent for one or more specific purposes.
- Contractual necessity: Processing is necessary for the performance of a contract to which the data subject is a party.
- Legal obligations: Processing is required to comply with legal obligations the Operator is subject to.
- Legitimate interests: Processing is necessary for the legitimate interests pursued by the Operator, provided it does not override the rights and freedoms of the data subject.
4.1. Data subjects have the following rights under GDPR:
- Right of access: The right to know what personal data is being processed and obtain a copy.
- Right to rectification: The right to correct inaccurate or incomplete data.
- Right to erasure ("Right to be forgotten"): The right to request deletion of personal data, under specific conditions.
- Right to restrict processing: The right to limit how personal data is processed in certain situations.
- Right to data portability: The right to receive personal data in a structured, commonly used format and transfer it to another data controller.
- Right to object: The right to object to processing, including profiling.
- Right to withdraw consent: The right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
5.1. Personal data will only be stored for as long as necessary to fulfill the purposes for which it was collected, unless otherwise required by law or contract. Once the purpose has been fulfilled, personal data will be securely deleted or anonymized.
5.2. Users may request the deletion of their personal data at any time, and the Operator will comply unless retention is necessary for compliance with legal obligations.
6.Transfer of Personal Data
6.1. The Operator may transfer personal data to third parties when:
- The data subject has provided consent.
- The transfer is required for the execution of a contract.
- The transfer is mandated by law.
For transfers outside of the European Economic Area (EEA), the Operator ensures adequate protection of personal data by using legally binding mechanisms such as Standard Contractual Clauses (SCCs), Binding Corporate Rules (BCRs), or other lawful means as per GDPR requirements.
7.Security Measures
7.1. The Operator implements robust organizational, legal, and technical measures to ensure the confidentiality, integrity, and security of personal data, protecting it from unauthorized access, disclosure, alteration, or destruction.
7.2. Encryption, access controls, regular security audits, and data minimization are part of the measures adopted to protect personal data.
8.Use of Cookies
8.1. The website uses cookies to improve user experience and provide personalized services. Users can manage their cookie preferences through their browser settings. More information about our cookie usage is available in our Cookie Policy.
9.Breach Notification
9.1. In the event of a personal data breach that poses a risk to data subjects, the Operator will notify the relevant supervisory authority within 72 hours of becoming aware of the breach.
9.2. Where there is a high risk to data subjects, the Operator will also directly inform affected individuals without undue delay.
10.Cross-Border Data Transfers
10.1. Personal data may be transferred to countries outside the EU, but only if the recipient country ensures an adequate level of data protection, or if the transfer is protected by appropriate safeguards such as SCCs or BCRs.
11.Confidentiality of Personal Data
11.1. The Operator and any third parties involved in processing personal data are obligated to maintain the confidentiality of personal data and must not disclose it without the consent of the data subject, unless required by law.
12.Changes to the Policy
12.1. The Operator may update this Policy periodically to reflect changes in processing activities or legal requirements.
12.2. The current version of this Policy will always be accessible at https://hroom.ai/privacy-policy-en
13.Contact Information
For any questions or requests regarding personal data processing, you may contact us at team@hroom.ai.