Welcome to the privacy policy of https://halaofficial.com/. This policy will help you understand what data we collect, why we collect it, and what your rights are in relation to it.
We automatically collect data from you for example when you visit https://halaofficial.com/.
We collect the data you give to us for example when you sign up for our newsletter.
Owner contact email: info@halaofficial.com
Among the types of Personal Data that this Application collects, by itself or through third parties, there are:
Complete details on each type of Personal Data collected are provided in the dedicated sections of this privacy policy or by specific explanation texts displayed prior to the Data collection.
Personal Data may be freely provided by the User, or, in case of Usage Data, collected automatically when using this Application.
Unless specified otherwise, all Data requested by this Application is mandatory and failure to provide this Data may make it impossible for this Application to provide its services. In cases where this Application specifically states that some Data is not mandatory, Users are free not to communicate this Data without consequences to the availability or the functioning of the Service.
Users who are uncertain about which Personal Data is mandatory are welcome to contact the Owner.
Any use of Cookies – or of other tracking tools — by this Application or by the owners of third-party services used by this Application serves the purpose of providing the Service required by the User, in addition to any other purposes described in the present document and in the Cookie Policy.
Users are responsible for any third-party Personal Data obtained, published or shared through this Application.
The Owner takes appropriate security measures to prevent unauthorised access, disclosure, modification, or unauthorised destruction of the Data.
The Data processing is carried out using computers and/or IT enabled tools, following organisational procedures and modes strictly related to the purposes indicated. In addition to the Owner, in some cases, the Data may be accessible to certain types of persons in charge, involved with the operation of this Application (administration, sales, marketing, legal, system administration) or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as Data Processors by the Owner. The updated list of these parties may be requested from the Owner at any time.
The Data is processed at the Owner's operating offices and in any other places where the parties involved in the processing are located.
Depending on the User's location, data transfers may involve transferring the User's Data to a country other than their own. To find out more about the place of processing of such transferred Data, Users can check the section containing details about the processing of Personal Data.
Personal Data shall be processed and stored for as long as required by the purpose they have been collected for.
The Data concerning the User is collected to allow the Owner to provide its Service, comply with its legal obligations, respond to enforcement requests, protect its rights and interests (or those of its Users or third parties), detect any malicious or fraudulent activity, as well as the following:
The services contained in this section enable the Owner to monitor and analyse web traffic and can be used to keep track of User behaviour.
Google Analytics 4 is a web analysis service provided by Google LLC (“Google”). Google utilizes the Data collected to track and examine the use of this Application, to prepare reports on its activities and share them with other Google services. Google may use the Data collected to contextualize and personalize the ads of its own advertising network. In Google Analytics 4, IP addresses are used at collection time and then discarded before Data is logged in any data center or server. Users can learn more by consulting Google’s official documentation.
In order to understand Google's use of Data, consult their partner policy and their Business Data page.
This service enables the Data Controller to collect, organize, and process technical, operational, and statistical data derived from the use of the HALA platform and from activities associated with Digital Product Passports in order to generate aggregated, statistical, or anonymized information relating to the services provided, the registered products, and the events associated with their lifecycle.
The data processed may include information relating to platform usage, events recorded within Digital Product Passports, operations performed on digitized assets, product ownership transfers, transactions associated with registered goods, technical metadata generated during the use of the services, interactions with platform functionalities, and other operational data necessary to understand the functioning of the system and product dynamics over time.
Within the scope of analytical activities, HALA may also process information relating to the temporal sequence of recorded events, the frequency of ownership transfers, the geographical distribution of products, the average duration of product lifecycle, circularity and reuse dynamics, and other technical and statistical indicators useful for understanding product behavior within the markets in which they circulate.
Such information may be processed in order to produce statistical datasets, market indicators, industry analyses, benchmarking tools, and other analytical systems designed to better understand the dynamics of products registered on the platform, the functioning of HALA’s services, and the evolution of the markets in which such products are distributed or traded.
The processing activities carried out through this service may also contribute to the development of analytical dashboards, operational reports, economic indicators, decision-support tools, and other informational systems made available to business clients of the platform or used internally by the Data Controller to improve the services offered.
Where possible, such processing is carried out using aggregated, anonymized, or pseudonymized data in order to reduce identifiability and minimize the processing of personal data. Where data has been effectively anonymized, it is no longer considered personal data.
Certain datasets or outputs generated through such processing may, alone or in combination with other information, relate to an identified or identifiable natural person. Where data is linked or reasonably linkable to an individual, it is treated as personal data in accordance with applicable data protection laws.
The resulting information may be used by the Data Controller for research purposes, market analysis, technological development, improvement of platform functionalities, development of new analytical services, and the production of reports or statistical indicators relating to the products and markets monitored through the HALA platform.
HALA may also use or share aggregated or anonymized information with business clients, commercial partners, research institutions, academic entities, or other third parties for industry studies, economic analyses, or market research, provided that such information does not allow the identification of individuals or is otherwise processed in compliance with applicable data protection laws.
The data processing carried out within the scope of this service is performed in compliance with the principles of data minimization, proportionality, and security as required by applicable regulations and limits the use of personal data to what is strictly necessary for the operation of the services provided by the platform.
This service enables the Data Controller to collect, analyze, and process technical, operational, and statistical data generated through the use of the HALA platform in order to carry out research activities, technological development, experimentation of new functionalities, and improvement of the digital solutions offered by the platform.
The data processed may include technical metadata, operational information relating to the services provided, system logs, performance metrics, events recorded within Digital Product Passports, information relating to operations carried out on the platform, data relating to the lifecycle of digitized products, and other technical information generated by the digital infrastructure used to deliver the services.
Within the context of research and development activities, HALA may use such information to design, develop, and test new platform functionalities, improve Digital Product Passport management systems, develop advanced analytical tools, statistical models, data analysis systems, and other technological solutions aimed at enhancing the management, traceability, and analysis of products registered on the platform.
Research and development activities may also include the experimentation of new analytical models, decision-support tools, predictive analysis systems, data analytics solutions, and other technological systems aimed at better understanding the dynamics of products registered on the platform, the functioning of the services offered, and the evolution of the markets monitored through Digital Product Passports.
Where possible, such activities are carried out using aggregated, anonymized, or pseudonymized data in order to reduce identifiability and minimize the processing of personal data. Where data has been effectively anonymized, it is no longer considered personal data.
Certain datasets used in research and development may, alone or in combination with other information, relate to an identified or identifiable natural person, including where technical metadata, usage data, or interaction records are associated with a specific account or individual. Where such data is linked or reasonably linkable to an individual, it is treated as personal data in accordance with applicable data protection laws.
Processing activities carried out within the scope of this service may also contribute to the development of new platform functionalities, the improvement of technological infrastructure, the optimization of data management systems, and the creation of new data-driven services.
The data processing carried out for these purposes is performed in compliance with the principles of data minimization, proportionality, and security as required by applicable data protection laws.
Where personal data is processed within the scope of these activities, such processing is carried out on the basis of the legitimate interests pursued by the Data Controller, including the development, improvement, and security of the platform and its services, provided that such interests are not overridden by the rights and freedoms of the data subjects. Where required under applicable law, processing is based on the consent of the data subject.
This service enables the Data Controller to collect, analyze, and process technical, operational, and statistical data derived from the use of the HALA platform for the purpose of developing, training, improving, and optimizing analytical models, data analysis systems, and decision-support tools used within the platform.
The data processed may include technical metadata generated during the use of the services, events recorded within Digital Product Passports, information relating to operations performed on the platform, data concerning product ownership transfers, metadata relating to transactions associated with registered assets, operational information relating to product lifecycle management, and other technical data generated by the platform’s digital infrastructure.
Within the scope of this service, HALA may use such information to develop and improve statistical models, analytical tools, data analysis systems, and other technological tools designed to support the analysis of information generated through the platform.
Such models and analytical systems may be used, for example, to:
analyze the lifecycle dynamics of products registered on the platform;
understand patterns of transfer and circulation of products within the secondary market;
identify operational or statistical trends relating to products tracked through Digital Product Passports;
enhance analytical tools and dashboards made available to the platform’s business clients;
develop new data analysis and decision-support tools based on information generated by the platform.
The development and improvement activities relating to analytical models may also include the use of statistical analysis techniques, data processing systems, predictive models, and other advanced analytical methodologies aimed at better understanding the dynamics of products and markets monitored through the HALA platform.
Where possible, such processing is carried out using aggregated, anonymized, or pseudonymized data in order to reduce identifiability and minimize the processing of personal data. Where data has been effectively anonymized, it is no longer considered personal data.
Certain datasets or outputs used for training and improving analytical models may, alone or in combination with other information, relate to an identified or identifiable natural person. Where data is linked or reasonably linkable to an individual, it is treated as personal data in accordance with applicable data protection laws.
Such processing for model development and enhancement is carried out in a manner designed to avoid the identification of individual users or specific parties, unless otherwise permitted under applicable law.
The data processing carried out within the scope of this service is performed in compliance with the principles of data minimization, proportionality, and security as required by applicable regulations and is aimed at the continuous development and improvement of the analytical capabilities of the HALA platform.
This service enables the Data Controller to collect, analyze, and process technical, operational, and statistical data relating to products registered on the HALA platform and to events associated with their respective Digital Product Passports, in order to generate comparative indicators, market benchmarks, and statistical analyses concerning the products monitored through the platform.
The data processed may include product identifiers, events recorded within Digital Product Passports, data relating to ownership transfers, information concerning operations performed on digitized products, operational metadata generated during the use of the platform, and other technical or statistical data necessary to analyze product behavior over time.
Within the scope of this service, HALA may process such information to produce comparative indicators relating to products registered on the platform, analyze product lifecycle dynamics, assess the frequency of ownership transfers, evaluate the average lifespan of products over time, and examine other relevant factors necessary to understand product behavior within the markets in which they circulate.
The processing activities carried out within the scope of this service may contribute to the creation of statistical benchmarks relating to specific product categories, market segments, or groups of products registered on the platform.
Such benchmarks may be used to produce analytical reports, comparative indicators, benchmarking tools, and other informational systems designed to support the platform’s business clients in better understanding product performance over time, secondary market dynamics, and the evolution of the markets in which such products are distributed or traded.
Where possible, such processing is carried out using aggregated, anonymized, or pseudonymized data in order to reduce identifiability and minimize the processing of personal data. Where data has been effectively anonymized, it is no longer considered personal data.
Certain datasets or benchmarking outputs may, alone or in combination with other information, relate to an identified or identifiable natural person. Where data is linked or reasonably linkable to an individual, it is treated as personal data in accordance with applicable data protection laws.
The information resulting from such processing may be used by the Data Controller for statistical analysis purposes, the development of analytical tools, the improvement of the services offered by the platform, and the production of reports or market indicators intended for business clients or other industry analysis activities, provided that such outputs do not allow the identification of individual users or specific parties, unless otherwise permitted under applicable law.
This service enables the Data Controller to collect, organize, process, and use technical, operational, and statistical data generated through the use of the HALA platform in order to develop analytical datasets, statistical indicators, informational models, and other tools based on the processing of data generated by the system.
Within the context of platform usage, HALA may collect information relating to events recorded within Digital Product Passports, operations performed on digitized products, ownership transfers of goods, interactions with platform functionalities, and other technical or operational metadata generated by the digital infrastructure.
Such information may be processed by the Data Controller to generate aggregated datasets, analytical models, statistical indicators, informational reports, market analysis tools, and other data processing systems aimed at improving the services offered by the platform or developing new functionalities.
The datasets, analyses, statistical models, and informational tools derived from the processing of data generated by the platform constitute informational assets of the Data Controller. Such assets may be used by HALA for technological development, research, market analysis, service improvement, and the creation of new analytical tools, provided that such use does not involve the identification of individual users unless permitted under applicable law.
Where possible, such processing is carried out using aggregated, anonymized, or pseudonymized data in order to reduce identifiability and minimize the processing of personal data. Where data has been effectively anonymized, it is no longer considered personal data.
Certain datasets or outputs generated through the Platform may, alone or in combination with other information, relate to an identified or identifiable natural person. Where data is linked or reasonably linkable to an individual, it is treated as personal data in accordance with applicable data protection laws.
The information resulting from such processing may be used by the Data Controller to produce statistical analyses, informational reports, market indicators, and other analytical tools relating to products registered on the platform and to the dynamics of the markets in which such products circulate.
The data processing carried out within the scope of this service is performed in compliance with the principles of data minimization, proportionality, and security as required by applicable regulations.
The processing of personal data, where applicable, is carried out on the basis of one or more of the following legal grounds, depending on the specific context of the processing:
– the performance of a contract or pre-contractual measures requested by the user;
– compliance with applicable legal or regulatory obligations;
– the legitimate interests pursued by the Data Controller, including ensuring the security, integrity, improvement, and proper functioning of the platform, as well as the development of analytical and technological solutions, provided that such interests are not overridden by the rights and freedoms of the data subjects;
– the consent of the data subject, where required under applicable law.
Where processing is based on legitimate interests, the Data Controller carries out a balancing test to ensure that such interests are not overridden by the fundamental rights and freedoms of the data subjects.
This type of service allows this Application to collect and store Users’ preferences related to the collection, use, and processing of their personal information, as requested by the applicable privacy legislation.
This service enables the recording, storage, management, and updating of privacy preferences and any consents provided by users in relation to specific personal data processing activities carried out through the HALA platform.
The system allows for the collection and documentation of users’ choices regarding processing activities that require the data subject’s consent, as well as the management of any modifications or withdrawals of such preferences.
The data processed may include the identifier of the user or the relevant account, the type of consent provided, the status of the consent, the date and time the consent was given, any withdrawal or modification of preferences, identifiers of the service or processing activity to which the consent relates, and technical metadata associated with the context in which the consent was collected (such as the method of collection, the version of the privacy notice, or technical identifiers of the request).
Within the scope of this service, HALA may also process technical information necessary to demonstrate the proper collection and management of consents, including consent activity logs, session identifiers, or system events associated with the provision or withdrawal of consent.
Such data is processed for the purpose of documenting the choices expressed by the user, managing preferences relating to personal data processing, ensuring compliance with the data subject’s decisions, and guaranteeing adherence to applicable data protection regulations.
The processing of such information is also necessary to enable the Data Controller to demonstrate compliance with applicable data protection obligations and to manage any requests from data subjects relating to the exercise of their rights.
Data relating to consents and privacy preferences is retained for the period necessary to document the validity of the choices expressed by users and to ensure the traceability of operations carried out in relation to consent management.
By registering on the mailing list or for the newsletter, the User’s email address will be added to the contact list of those who may receive email messages containing information of commercial or promotional nature concerning this Application. Your email address might also be added to this list as a result of signing up to this Application or after making a purchase.
By completing the contact form with their information, the User authorises this Application to use these details to respond to the inquiries (like quotes, and any other requests).
This Application requests certain permissions from Users that allow it to access the User's device Data as described below.
This Application requests certain permissions from Users that allow it to access the User's device Data as summarized here and described within this document.
This type of service allows the Owner to use the activity or biometric data collected by your device in order for this Application to operate or to provide specific features. This may include movements, heartbeat, change in altitude or data about the surroundings.
Depending on what is described below, third parties may be involved in the activity tracking.
Most devices allow for the User to control which Data is accessed or stored.
This service enables the creation, management, updating, storage, and consultation of Digital Product Passports (DPPs) associated with products managed through the HALA platform.
Digital Product Passports constitute structured digital records designed to collect, organize, and make accessible information relating to product lifecycle, digital identity, and events associated with their existence and management over time.
The data processed may include, depending on the functionalities used and the configurations adopted by the platform’s business clients:
unique product identifiers;
serial numbers or other technical identifiers;
production dates or manufacturing-related information;
technical or descriptive product information;
product catalog or classification data;
information relating to the status of the Digital Product Passport;
data relating to product ownership or possession;
information relating to product lifecycle events (such as creation, update, transfer, or verification).
When a user interacts with a Digital Product Passport through the HALA platform or via product identification technologies (such as digital identifiers or equivalent systems), the system may process data relating to the access or consultation event, including:
identifier of the user or entity performing the interaction;
date and time of the event;
technical metadata relating to the interaction;
operational information necessary to record the event within the system.
Such information is processed exclusively to enable the functioning of the Digital Product Passports, ensure the authenticity and integrity of recorded information, maintain continuous product traceability, verify product ownership or status, and preserve the reliability and security of the HALA platform’s digital infrastructure.
While Digital Product Passports primarily concern product-related information, certain data associated with lifecycle events, ownership or possession records, account interactions, or access events may, alone or in combination with other information, relate to an identified or identifiable natural person. Where such data is linked or reasonably linkable to an individual, it is treated as personal data in accordance with applicable data protection laws.
Where possible, processing is carried out using data that does not directly identify individuals, or through aggregation, anonymization, or pseudonymization techniques in order to reduce identifiability and minimize the processing of personal data. Where data has been effectively anonymized, it is no longer considered personal data.
Any personal data associated with Digital Product Passports is processed strictly to the extent necessary for the operation of the service, in compliance with the principles of data minimization, proportionality, and security.
The processing of data related to Digital Product Passports is also aimed at supporting product traceability, managing product digital identity, recording lifecycle events, preventing fraud or data tampering, and ensuring the proper functioning of the services provided through the HALA platform.
Where personal data is processed within the scope of this service, such processing is carried out on the basis of the performance of a contract or pre-contractual measures requested by the user, compliance with applicable legal or regulatory obligations, and, where applicable, the legitimate interests pursued by the Data Controller, including ensuring the proper functioning, integrity, and security of the platform.
This service enables the management, recording, and administration of ownership transfers of products associated with Digital Product Passports (DPPs), as well as the related operations carried out through the HALA platform.
The data processed may include identifiers of the parties involved in the transfer (such as user or account identifiers), information relating to the current owner and any previous owners of the product, country of origin or destination of the transfer, data relating to transfer requests, information relating to any claims or disputes, as well as technical information and metadata necessary to validate, authorize, and record the transaction.
Within the context of transfer operations, HALA may also process information relating to the transaction event, including the date and time of the operation, product or digital passport identifiers, transaction status, system technical metadata, and operational information necessary to ensure the correct execution, recording, and integrity of the transaction.
Certain data processed in connection with ownership transfers and transaction records may, alone or in combination with other information, relate to an identified or identifiable natural person. This may include, for example, ownership history, account identifiers, transaction logs, timestamps, and geographic information. Where such data is linked or reasonably linkable to an individual, it is treated as personal data in accordance with applicable data protection laws.
Such data is processed to enable the secure recording of ownership transfers of digitized products, ensure continuous traceability throughout the product lifecycle, verify the legitimacy of operations carried out on the platform, manage any claims or disputes between the parties involved, ensure the consistency and reliability of the platform’s internal records, and safeguard the security, integrity, and proper functioning of HALA’s technological infrastructure.
The processing of such data may also be necessary to prevent fraudulent use of the platform, detect operational anomalies, comply with applicable legal obligations, and ensure compliance with the platform’s terms of use.
HALA processes such information strictly to the extent necessary to enable the operation of the services provided, maintain system integrity, and ensure a high level of security and reliability in the management of product digital identities and related operations.
The processing of personal data, where applicable, is carried out on the basis of one or more of the following legal grounds, depending on the specific context of the processing:
– the performance of a contract or pre-contractual measures requested by the user;
– compliance with applicable legal or regulatory obligations;
– the legitimate interests pursued by the Data Controller, including ensuring the security, integrity, improvement, and proper functioning of the platform, as well as the development of analytical and technological solutions, provided that such interests are not overridden by the rights and freedoms of the data subjects;
– the consent of the data subject, where required under applicable law.
Where processing is based on legitimate interests, the Data Controller carries out a balancing test to ensure that such interests are not overridden by the fundamental rights and freedoms of the data subjects.
This service enables the Data Controller to record, store, and manage information relating to products digitized through Digital Product Passports (DPPs) based on data provided by users, business clients, or other authorized parties using the HALA platform.
The data processed may include product identifiers, serial numbers, identification codes, catalog information, data relating to product manufacturing or distribution, technical information, product images, data relating to ownership or product transfers, and other information submitted by users or by parties responsible for registering or managing Digital Product Passports on the platform.
The HALA platform provides a technological infrastructure for the creation, management, and consultation of Digital Product Passports, as well as for the recording of events associated with the product lifecycle.
The information contained within Digital Product Passports is generally provided by users, business clients, or other authorized parties using the platform and remains under their responsibility.
The Data Controller does not systematically verify the authenticity, accuracy, completeness, or reliability of the information provided in connection with Digital Product Passports and does not perform a general monitoring obligation over the data submitted to the platform.
Responsibility for the correctness, authenticity, lawfulness, and updating of data entered into Digital Product Passports remains with the parties who register or manage such information on the platform.
To the maximum extent permitted by applicable law, the Data Controller shall not be held liable for any inaccurate, incomplete, misleading, or unlawful information relating to products registered on the platform, nor for the registration of counterfeit, non-authentic, or unauthorized products by users or other parties using the service.
The Data Controller may, however, carry out technical, operational, or automated checks aimed at identifying anomalies in recorded data, inconsistencies in digital records, improper use of the system, or potentially fraudulent behavior.
Such checks may include the analysis of technical metadata, detection of anomalous patterns in product registration, transfer, or usage, and other controls aimed at ensuring the proper functioning, integrity, and security of the platform.
Any verification or control activities carried out by the Data Controller are limited in scope and do not constitute a guarantee of the authenticity of products registered on the platform, nor a certification, endorsement, or validation of the underlying goods or related information.
While the data processed within the scope of this service primarily relates to product and lifecycle information, certain data associated with product registration, ownership records, account interactions, or transfer events may, alone or in combination with other information, relate to an identified or identifiable natural person. Where such data is linked or reasonably linkable to an individual, it is treated as personal data in accordance with applicable data protection laws.
Where possible, processing is carried out using data that does not directly identify individuals, or through aggregation, anonymization, or pseudonymization techniques in order to reduce identifiability and minimize the processing of personal data. Where data has been effectively anonymized, it is no longer considered personal data.
The data processing carried out within the scope of this service is limited to what is strictly necessary to enable the operation of the platform, maintain the integrity of digital records, and ensure the proper functioning and security of the services provided.
Where personal data is processed within the scope of this service, such processing is carried out on the basis of the performance of a contract or pre-contractual measures, compliance with applicable legal obligations, and, where applicable, the legitimate interests pursued by the Data Controller, including ensuring the proper functioning, integrity, and security of the platform.
This service enables the Data Controller to collect, record, and retain technical and operational logs relating to activities carried out on the HALA platform in order to document events recorded within the system, ensure the traceability of operations, support technical, security, or legal verifications, and maintain the operational continuity of the service.
The data processed may include technical logs relating to platform access, system events, records of operations performed within the system, metadata associated with interactions with the platform, information relating to Digital Product Passports, logs of creation, update, or consultation of digital passports, events relating to product ownership or transfer records, and other technical data generated during the use of the digital infrastructure.
Within the scope of this service, HALA may retain such logs in order to:
ensure the traceability of operations carried out on the platform;
document events associated with Digital Product Passports and operations recorded within the system;
support technical audits, security assessments, or operational checks;
detect, analyze, and prevent anomalies, malfunctions, or unauthorized activities;
manage claims, disputes, or verifications relating to operations carried out on the platform;
protect the integrity and reliability of digital records associated with products;
support legal verifications or respond to lawful requests from competent authorities.
The information retained within the scope of this service may include data relating to the chronological sequence of events recorded on the platform, identifiers associated with operations, timestamps, technical metadata, and, where applicable, identifiers associated with user accounts or entities involved in such operations, to the extent necessary to reconstruct activities carried out within the system.
Such logs are retained only for as long as necessary to fulfill the purposes described above, including ensuring security, traceability, and compliance with applicable legal obligations, after which they are deleted, anonymized, or securely archived in accordance with applicable data retention requirements.
Where possible, technical and operational logs are processed using appropriate technical and organizational measures, including access controls, encryption, and security protocols, in order to protect their integrity, prevent unauthorized access, and ensure the protection of the recorded information.
Certain technical and operational logs may, alone or in combination with other information, relate to an identified or identifiable natural person, including where user identifiers, timestamps, access events, or interaction records are associated with a specific account or individual. Where such data is linked or reasonably linkable to an individual, it is treated as personal data in accordance with applicable data protection laws.
The data processing carried out within the scope of this service is performed in compliance with the principles of data minimization, proportionality, and security as required by applicable regulations.
Where personal data is processed within the scope of this service, such processing is carried out on the basis of the legitimate interests pursued by the Data Controller, including ensuring the security, integrity, traceability, and proper functioning of the platform, as well as compliance with applicable legal obligations.
This service enables the Data Controller to collect, process, and use technical, operational, and administrative data relating to products registered on the HALA platform and to the use of the services provided, in order to manage relationships with commercial partners, business clients, technology providers, and other parties involved in the delivery, integration, or development of the platform’s services.
The data processed may include information relating to products registered through Digital Product Passports, operational data relating to activities carried out on the platform, technical metadata associated with operations recorded within the system, information relating to the use of platform functionalities by business clients, as well as administrative or technical data necessary to manage operational relationships with commercial partners or service providers.
Within the scope of this service, HALA may process such information in order to:
manage operational relationships with business clients using the platform for the registration and management of Digital Product Passports;
coordinate technical or operational activities with commercial or technology partners involved in service delivery;
support the integration of the platform with third-party information systems or technological infrastructures;
ensure the proper functioning of services provided to business clients;
manage technical assistance, onboarding, and operational support activities for partners and corporate clients;
monitor the use of services by commercial partners and business clients.
The information processed within the scope of this service may also be used to coordinate operational activities with technology providers supporting the platform’s functionality, such as cloud infrastructure providers, payment system providers, analytical tools, or other digital services integrated into the system.
Where necessary, certain technical or operational information may be shared with commercial partners or technology providers involved in the delivery of the platform’s services, strictly to the extent necessary to ensure the proper functioning of the services or to manage operational relationships with such parties, and in accordance with applicable data protection laws.
While this processing primarily concerns product-related, technical, and operational data, certain information associated with partner relationships, onboarding activities, support interactions, or service usage may, alone or in combination with other information, relate to an identified or identifiable natural person. Where such data is linked or reasonably linkable to an individual, it is treated as personal data in accordance with applicable data protection laws.
Where possible, processing is carried out using aggregated, anonymized, or pseudonymized data in order to reduce identifiability and minimize the processing of personal data. Where data has been effectively anonymized, it is no longer considered personal data.
The data processing carried out within the scope of this service is performed in compliance with the principles of data minimization, proportionality, and security as required by applicable regulations and is exclusively aimed at managing operational relationships with commercial partners, business clients, and technology providers involved in the HALA platform ecosystem.
Where personal data is processed within the scope of this service, such processing is carried out on the basis of the performance of a contract or pre-contractual measures, compliance with applicable legal obligations, and, where applicable, the legitimate interests pursued by the Data Controller, including ensuring the proper functioning, integration, and management of the platform and its related services.
This service enables the Data Controller to collect, process, and retain technical, operational, and administrative data in order to comply with applicable legal and regulatory obligations and to ensure that the HALA platform operates in accordance with the laws and regulations governing digital services and data management.
The data processed may include technical information relating to the functioning of the platform, operational metadata associated with user activities, technical logs of operations performed within the system, information relating to products registered through Digital Product Passports, as well as administrative data necessary to document compliance with applicable regulations.
Within the scope of this service, HALA may process such information in order to:
comply with regulatory obligations applicable to digital services and IT infrastructures;
ensure compliance with regulations relating to product traceability and the management of information associated with digitized goods;
meet any regulatory requirements relating to Digital Product Passports or other applicable European or national regulations governing product data management;
support audit activities, technical inspections, or regulatory assessments relating to the operation of the platform;
document operations performed within the system in the event of inspections by competent authorities;
respond to lawful requests from public authorities, regulatory bodies, or other entities authorized by law.
The information processed within the scope of this service may also be used to demonstrate compliance with applicable regulations, manage regulatory audits or inspections, and support the fulfillment of obligations relating to cybersecurity, personal data protection, and digital services.
Where possible, such activities are carried out by limiting processing to data strictly necessary to fulfill regulatory obligations and by implementing appropriate technical and organizational measures to ensure the security and protection of the information processed.
Certain information processed for compliance purposes may, alone or in combination with other information, relate to an identified or identifiable natural person, including where technical logs, activity records, or operational metadata are associated with a specific account or user. Where such data is linked or reasonably linkable to an individual, it is treated as personal data in accordance with applicable data protection laws.
The data processing carried out within the scope of this service is performed in compliance with the principles of data minimization, proportionality, and security as required by applicable regulations and is exclusively aimed at fulfilling the legal and regulatory obligations applicable to the HALA platform.
Where personal data is processed within the scope of this service, such processing is carried out on the basis of compliance with applicable legal or regulatory obligations and, where relevant, the legitimate interests pursued by the Data Controller, including ensuring the proper functioning, security, and regulatory compliance of the platform.
Unless otherwise specified, this Application processes any payments by credit card, bank transfer or other means via external payment service providers. In general and unless where otherwise stated, Users are requested to provide their payment details and personal information directly to such payment service providers. This Application isn't involved in the collection and processing of such information: instead, it will only receive a notification by the relevant payment service provider as to whether payment has been successfully completed.
In the event that the chosen payment method is a direct bank transfer to the current account indicated by this Application, the Owner will collect the payment details of the User, i. e. the current account number of the sender, the SWIFT code, the bank and the name of the sender. Such data will be collected and processed exclusively within the transaction and for billing purposes only.
Stripe is a payment service provided by Stripe Inc.
This service enables the management of payments, payment methods, and invoicing-related activities associated with the services offered through the HALA platform, including any fees due for the use of services, platform functionalities, or transactions carried out through the platform.
The data processed may include payment method identifiers, the last four digits of payment cards, card network, name associated with the payment method, transaction identifiers provided by payment service providers, transaction status data, billing information, and other administrative data necessary for the accounting, tax, and contractual management of the relationship with the user or business client.
Payments may be processed through third-party payment service providers acting as independent data controllers for payment operations. HALA does not store or have access to full payment card details or other sensitive financial information processed directly by such providers.
Within the context of payment operations, HALA may also process information relating to transaction events, including the date and time of the transaction, technical transaction identifiers, payment status, technical metadata, and operational information necessary to ensure the correct execution, recording, and reconciliation of financial transactions.
Such data is processed exclusively to enable the execution of payments, verification and recording of transactions, management of invoicing, accounting reconciliation of operations, prevention of errors or fraudulent use of payment systems, and compliance with applicable legal, tax, and administrative obligations.
The processing of such data is also necessary to ensure transaction security, the proper functioning of payment systems integrated into the platform, and the handling of any support requests, disputes, or verifications relating to transactions carried out.
This type of service has the purpose of hosting Data and files that enable this Application to run and be distributed or to provide a ready-made infrastructure to run specific features or parts of this Application.
Some services among those listed below, if any, may work through geographically distributed servers, making it difficult to determine the actual location where the Personal Data are stored.
Vercel is a hosting and backend service provided by Vercel Inc.
This type of service allows this Application to monitor the use and behaviour of its components so its performance, operation, maintenance and troubleshooting can be improved.
Which Personal Data are processed depends on the characteristics and mode of implementation of these services, whose function is to filter the activities of this Application.
This service enables the collection, recording, and analysis of technical logs, system events, and operational metadata in order to ensure the security, integrity, availability, and reliability of the HALA platform and its underlying technological infrastructure.
The data processed may include IP addresses, endpoints or system resources accessed, user identifiers where associated with specific actions, system-generated activity logs, metadata relating to operational events, the state of entities before and after specific operations, technical identifiers of requests, cryptographic hashes, session identifiers, API keys in protected or pseudonymized form, and other technical data necessary to monitor and manage the proper functioning of the infrastructure.
Within the scope of monitoring and security activities, HALA may also process information relating to platform access, requests made to application services, interactions with APIs, and other technical events relevant to the operational management of the system.
Such data is processed for the purpose of preventing unauthorized access, detecting operational anomalies, countering fraudulent or abusive activities, identifying attempts to compromise the platform, ensuring the security of information systems, and maintaining the integrity of the technological infrastructure.
The processing of such information is also necessary to document security-relevant events, enable technical auditing activities, investigate security incidents, restore proper system functionality in the event of malfunctions or cyberattacks, and improve the resilience, reliability, and overall performance of the platform.
Technical logs and operational metadata may also be used for system maintenance purposes, technical diagnostics, performance analysis, and the continuous improvement of the technological infrastructure and services offered by the HALA platform.
Where possible, such processing is carried out using technical, aggregated, anonymized, or pseudonymized data in order to reduce identifiability and minimize the processing of personal data. Where data has been effectively anonymized, it is no longer considered personal data.
Certain technical logs, metadata, or monitoring records may, alone or in combination with other information, relate to an identified or identifiable natural person, including where IP addresses, user identifiers, session data, or access events are associated with a specific account, device, or individual. Where such data is linked or reasonably linkable to an individual, it is treated as personal data in accordance with applicable data protection laws.
Such data processing is carried out strictly to the extent necessary to ensure the security, stability, and proper functioning of the systems and in compliance with the technical and organizational measures adopted to protect the data processed.
Where personal data is processed within the scope of this service, such processing is carried out on the basis of the legitimate interests pursued by the Data Controller, including ensuring the security, integrity, availability, and proper functioning of the platform and its technological infrastructure, as well as compliance with applicable legal obligations.
This service enables the Data Controller to collect, analyze, and process technical and operational data in order to ensure the security of the HALA platform’s digital infrastructure, prevent unauthorized access, detect anomalous behavior, identify potential vulnerabilities, and protect the IT systems used to deliver the services.
The data processed may include IP addresses, technical session identifiers, access logs, system events, metadata relating to operations carried out on the platform, user identifiers associated with such operations, information relating to the devices used to access the service, data relating to endpoints and requests made to the platform’s infrastructure, as well as other technical metadata necessary to monitor system performance and security.
Within the scope of this service, HALA may analyze such information in order to:
detect unauthorized access attempts or suspicious activities;
prevent or mitigate cyberattacks, system abuse, or improper use of the platform;
identify operational anomalies or potentially fraudulent behavior;
ensure the security of Digital Product Passports and digital records associated with products;
protect the integrity of data recorded within the platform;
monitor the stability and reliability of the technological infrastructure;
support technical audits, cybersecurity activities, and incident management.
The information processed within the scope of this service may also be used to improve the security measures implemented within the platform, strengthen authentication and authorization mechanisms, identify and remediate vulnerabilities in IT systems, and ensure the operational continuity of the services provided.
Where possible, such processing is carried out using technical, aggregated, anonymized, or pseudonymized data in order to reduce identifiability and minimize the processing of personal data. Where data has been effectively anonymized, it is no longer considered personal data.
Certain technical and operational data processed within the scope of this service may, alone or in combination with other information, relate to an identified or identifiable natural person, including where IP addresses, user identifiers, session data, or access events are associated with a specific account, device, or individual. Where such data is linked or reasonably linkable to an individual, it is treated as personal data in accordance with applicable data protection laws.
The information collected through this service may also be used to document security events, support investigations relating to cybersecurity incidents, and comply with applicable regulatory obligations concerning information security and IT systems.
The data processing carried out within the scope of this service is performed in compliance with the principles of data minimization, proportionality, and security as required by applicable regulations and is limited to what is strictly necessary to ensure the protection, integrity, and proper functioning of the HALA platform and its underlying infrastructure.
Where personal data is processed within the scope of this service, such processing is carried out on the basis of the legitimate interests pursued by the Data Controller, including ensuring the security, integrity, availability, and resilience of the platform and its systems, as well as compliance with applicable legal obligations.
This service enables the Data Controller to collect and analyze technical, operational, and behavioral data generated during the use of the HALA platform in order to prevent fraudulent activities, detect misuse of the system, and protect the integrity of the services provided.
The data processed may include technical logs, IP addresses, session identifiers, events recorded within Digital Product Passports, metadata relating to operations carried out on the platform, information relating to system access, logs of operations performed on digitized products, and other technical data necessary to monitor the proper use of the digital infrastructure.
Within the scope of this service, HALA may analyze such information in order to:
detect unauthorized access attempts to the platform;
prevent improper, abusive, or non-compliant use of the services provided;
identify attempts to manipulate digital records or Digital Product Passports;
detect potentially fraudulent product registrations or inaccurate or misleading information entered into the platform;
prevent the creation or use of Digital Product Passports associated with counterfeit or non-authentic products;
identify anomalous or suspicious behavior in operations recorded within the platform;
protect data integrity and the security of the digital infrastructure.
The analyses carried out within the scope of this service may also be used to improve fraud prevention mechanisms, enhance security controls, and ensure proper and compliant use of the services provided.
Where possible, such processing is carried out using technical, aggregated, anonymized, or pseudonymized data in order to reduce identifiability and minimize the processing of personal data. Where data has been effectively anonymized, it is no longer considered personal data.
Certain technical, operational, or behavioral data processed within the scope of this service may, alone or in combination with other information, relate to an identified or identifiable natural person, including where IP addresses, session data, user identifiers, or activity patterns are associated with a specific account, device, or individual. Where such data is linked or reasonably linkable to an individual, it is treated as personal data in accordance with applicable data protection laws.
Processing activities carried out within the scope of this service may involve the analysis of patterns or anomalies in system usage for the sole purpose of detecting fraudulent or abusive activities and protecting the platform. Such processing does not result in decisions producing legal effects concerning individuals or similarly significantly affecting them, unless otherwise required or permitted under applicable law.
The data processing carried out within the scope of this service is limited to what is strictly necessary to ensure the security, integrity, and proper functioning of the HALA platform and is performed in compliance with the principles of data minimization, proportionality, and security as required by applicable regulations.
Where personal data is processed within the scope of this service, such processing is carried out on the basis of the legitimate interests pursued by the Data Controller, including preventing fraud, protecting the platform and its users, and ensuring the integrity and security of the services provided, as well as, where applicable, compliance with legal obligations.
This type of service makes it possible to manage a database of email contacts, phone contacts or any other contact information to communicate with the User.
These services may also collect data concerning the date and time when the message was viewed by the User, as well as when the User interacted with it, such as by clicking on links included in the message.
This service enables the sending, management, and logging of notifications, operational communications, and support messages addressed to users of the HALA platform.
Communications may be automatically generated by the system or sent in the context of support and service management activities and may relate to relevant events concerning the use of the platform, the functioning of the services, or the status of operations performed by users.
The data processed may include the identifier of the user or account receiving the communication, email address or other contact details associated with the account, subject and content of the notification, metadata associated with the message, references to related entities or operations (such as products, Digital Product Passports, transfers, or transactions), notification status, date and time of sending or receipt, and other information strictly necessary for the proper management of system communications.
Such data is processed to inform users about relevant events concerning their account, products managed through the platform, Digital Product Passports, ownership transfers, transactions carried out, security-related activities, or any anomalies detected by the system.
The processing of such information is also necessary to manage the platform’s operational communications, provide technical assistance to users, respond to support requests, notify updates or changes relating to the service, and ensure the proper use and functioning of the features offered by HALA.
Communications sent within the scope of this service are strictly related to the provision of the service and the operational management of the platform and are not used for marketing or promotional purposes.
This service enables the Data Controller to collect, organize, and process information relating to products managed through the HALA platform in order to analyze the lifecycle of digitized products, monitor their evolution over time, and generate analytical insights for business clients using the platform.
The analytical activities may cover the entire product lifecycle, including production, distribution, sale, use, transfer of ownership, potential resale on the secondary market, and any other operations recorded through Digital Product Passports.
The data processed may include product identifiers, Digital Product Passport identifiers, technical and catalog information relating to products, lifecycle-related events, data concerning ownership transfers, information relating to transactions involving the products, operational metadata generated during the use of the platform, data relating to the status of the product or its digital passport, and other technical data associated with operations recorded within the system.
Within the scope of these analytical activities, HALA may also process information relating to the temporal sequence of recorded events, the frequency of ownership transfers, the geographical distribution of products, the average duration of product usage, circulation dynamics within the secondary market, and other technical and statistical indicators useful for understanding product behavior over time.
Such data may be used to generate analyses relating to product lifespan, frequency of secondary market transfers, product usage patterns, circularity and sustainability dynamics, product resilience and durability, value evolution over time, and other indicators relevant to assessing product performance throughout its lifecycle.
The analyses generated through this service are primarily intended for the platform’s business clients and may be used to support product lifecycle monitoring, secondary market analysis, product quality and durability improvement, optimization of sustainability strategies, and the development of new business models based on circularity and product reuse.
The processing activities carried out through this service may also contribute to the development of advanced analytical tools, monitoring dashboards, operational reports, and other decision-support systems made available to companies using the HALA platform.
While such analyses primarily concern product and lifecycle data, certain datasets or analytical outputs may, alone or in combination with other information, relate to an identified or identifiable natural person. Where data is linked or reasonably linkable to an individual, it is treated as personal data in accordance with applicable data protection laws.
Where possible, analyses are conducted using aggregated, pseudonymized, or non-directly identifiable data in order to reduce identifiability and minimize the processing of personal data. Where data has been effectively anonymized, it is no longer considered personal data.
The data processing carried out within the scope of this service is limited to the information strictly necessary for the analytical purposes described above and is performed in compliance with the principles of data minimization, proportionality, and security as required by applicable regulations.
The processing of personal data, where applicable, is carried out on the basis of one or more of the following legal grounds, depending on the specific context of the processing:
– the performance of a contract or pre-contractual measures requested by the user;
– compliance with applicable legal or regulatory obligations;
– the legitimate interests pursued by the Data Controller, including ensuring the security, integrity, improvement, and proper functioning of the platform, as well as the development of analytical and technological solutions, provided that such interests are not overridden by the rights and freedoms of the data subjects;
– the consent of the data subject, where required under applicable law.
Where processing is based on legitimate interests, the Data Controller carries out a balancing test to ensure that such interests are not overridden by the fundamental rights and freedoms of the data subjects.
This service enables the Data Controller to collect, analyze, and use technical, operational, and functional data generated during the use of the HALA platform in order to ensure the continuous improvement of the services provided, optimize the performance of the technological infrastructure, develop new functionalities, and ensure an efficient, stable, and secure user experience.
The data processed may include technical logs, system events, performance metrics, response times, information relating to the proper functioning of platform features, application errors, crashes, operational anomalies, usage patterns of different sections or tools available, metadata relating to interactions with the platform, and other technical or statistical data necessary to understand how the service operates and to improve its quality.
Within the scope of this service, HALA may also analyze information relating to how users and business clients interact with the platform, including usage flows of functionalities, the most frequent operational sequences, the most utilized areas of the system, technical issues encountered by users, and situations in which certain processes are inefficient, incomplete, or require improvement.
Such data is processed in order to:
improve existing platform functionalities;
develop new technological solutions, operational modules, or analytical tools;
optimize system stability, speed, and overall performance;
prevent malfunctions, application errors, and service interruptions;
identify technical issues and areas for improvement;
enhance usability, accessibility, and the overall experience of users and business clients;
support testing, updates, maintenance, and product development activities.
Processing activities carried out within the scope of this service may also be used to guide the Data Controller’s product decisions, define development priorities, improve the architecture of the digital services offered by HALA, and adapt the platform to the operational, technical, and regulatory needs of its users.
Where possible, such activities are carried out using aggregated, anonymized, or pseudonymized data in order to reduce identifiability and minimize the processing of personal data. Where data has been effectively anonymized, it is no longer considered personal data.
Certain datasets processed within the scope of this service may, alone or in combination with other information, relate to an identified or identifiable natural person, including where usage patterns, interaction data, or technical metadata are associated with a specific account, device, or user. Where such data is linked or reasonably linkable to an individual, it is treated as personal data in accordance with applicable data protection laws.
The data processing carried out within the scope of this service is performed in compliance with the principles of data minimization, proportionality, and security as required by applicable regulations and is exclusively aimed at the continuous improvement of the HALA platform and its related services.
Where personal data is processed within the scope of this service, such processing is carried out on the basis of the legitimate interests pursued by the Data Controller, including improving the platform, optimizing system performance, developing new functionalities, and ensuring the security and reliability of the services provided, provided that such interests are not overridden by the rights and freedoms of the data subjects.
Where processing is based on legitimate interests, the Data Controller carries out an assessment to ensure that such interests are not overridden by the rights and freedoms of the data subjects.
By registering or authenticating, Users allow this Application to identify them and give them access to dedicated services.
Depending on what is described below, third parties may provide registration and authentication services. In this case, this Application will be able to access some Data, stored by these third-party services, for registration or identification purposes.
Some of the services listed below may also collect Personal Data for targeting and profiling purposes; to find out more, please refer to the description of each service.
HALA account registration and management: This service enables the registration, creation, management, administration, and protection of user accounts within the HALA platform, as well as the management of related access profiles, permissions, and settings associated with the use of the service.
The data processed may include, depending on the type of account and the functionalities used: email address, unique user identifier, authentication credentials or related protected technical references, account role, account status, name of the company or organization associated with the user, country, profile preferences and settings, metadata relating to authentication, account verification and access, as well as any information relating to KYC or KYB verification processes, where applicable.
While the Platform primarily processes product-related and operational data, certain information associated with user accounts, identifiers, and access activities may, alone or in combination with other data, relate to an identified or identifiable natural person. Where such data is linked or reasonably linkable to an individual, it is treated as personal data in accordance with applicable data protection laws.
Such data is processed to enable user registration, secure authentication, session management, assignment and control of permissions, technical and organizational administration of accounts, protection of HALA’s digital infrastructure, prevention of unauthorized access, user support, and, more generally, the provision, maintenance, and proper operation of the platform.
Where necessary, the data may also be processed to comply with applicable legal, regulatory, or security obligations, as well as to establish, exercise, or defend legal claims in judicial or extrajudicial proceedings.
Processing is carried out in accordance with the principles of lawfulness, fairness, transparency, data minimization, and storage limitation, and appropriate technical and organizational measures are implemented to ensure the security, confidentiality, and integrity of the data processed.
The processing of personal data, where applicable, is carried out on the basis of one or more of the following legal grounds, depending on the specific context of the processing:
– the performance of a contract or pre-contractual measures requested by the user;
– compliance with applicable legal or regulatory obligations;
– the legitimate interests pursued by the Data Controller, including ensuring the security, integrity, improvement, and proper functioning of the platform, as well as the development of analytical and technological solutions, provided that such interests are not overridden by the rights and freedoms of the data subjects;
– the consent of the data subject, where required under applicable law.
Where processing is based on legitimate interests, the Data Controller carries out a balancing test to ensure that such interests are not overridden by the fundamental rights and freedoms of the data subjects.
By registering or authenticating, Users allow this Application to identify them and give them access to dedicated services. The Personal Data is collected and stored for registration or identification purposes only. The Data collected are only those necessary for the provision of the service requested by the Users.
The User registers by filling out the registration form and providing the Personal Data directly to this Application.
This type of service helps the Owner to manage the tags or scripts needed on this Application in a centralised fashion.
This results in the Users' Data flowing through these services, potentially resulting in the retention of this Data.
Google Tag Manager is a tag management service provided by Google LLC.
In order to understand Google's use of Data, consult their partner policy and their Business Data page.
In addition to any opt-out feature provided by any of the services listed in this document, Users may learn more on how to generally opt out of interest-based advertising within the dedicated section of the Cookie Policy.
This Application may send push notifications to the User to achieve the purposes outlined in this privacy policy.
Users may in most cases opt-out of receiving push notifications by visiting their device settings, such as the notification settings for mobile phones, and then change those settings for this Application, some or all of the apps on the particular device. Users must be aware that disabling push notifications may negatively affect the utility of this Application.
The Owner may process Personal Data relating to Users if one of the following applies:
Personal Data shall be processed and stored for as long as required by the purpose they have been collected for.
Therefore:
The Owner may be allowed to retain Personal Data for a longer period whenever the User has given consent to such processing, as long as such consent is not withdrawn. Furthermore, the Owner may be obliged to retain Personal Data for a longer period whenever required to fulfil a legal obligation or upon order of an authority.
Once the retention period expires, Personal Data shall be deleted. Therefore, the right of access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after expiration of the retention period.
Users may exercise certain rights regarding their Data processed by the Owner.
In particular, Users have the right to do the following, to the extent permitted by law:
Users are also entitled to learn about the legal basis of Data transfers to a country outside the European Union or to any international organisation governed by public international law or set up by two or more countries, such as the UN, and about the security measures taken by the Owner to safeguard their Data.
If any such transfer takes place, Users can find out more by checking the relevant sections of this document or enquire with the Owner using the information provided in the contact section.
Where Personal Data is processed for a public interest, in the exercise of an official authority vested in the Owner or for the purposes of the legitimate interests pursued by the Owner, Users may object to such processing by providing a ground related to their particular situation to justify the objection.
Users must know that, however, should their Personal Data be processed for direct marketing purposes, they can object to that processing at any time, free of charge and without providing any justification. Where the User objects to processing for direct marketing purposes, the Personal Data will no longer be processed for such purposes. To learn whether the Owner is processing Personal Data for direct marketing purposes, Users may refer to the relevant sections of this document.
Any requests to exercise User rights can be directed to the Owner through the contact details provided in this document. Such requests are free of charge and will be answered by the Owner as early as possible and always within one month, providing Users with the information required by law. Any rectification or erasure of Personal Data or restriction of processing will be communicated by the Owner to each recipient, if any, to whom the Personal Data has been disclosed unless this proves impossible or involves disproportionate effort. At the Users’ request, the Owner will inform them about those recipients.
This section applies to Users in Switzerland, and, for such Users, supersedes any other possibly divergent or conflicting information contained in the privacy policy.
Further details regarding the categories of Data processed, the purposes of processing, the categories of recipients of the personal data, if any, the retention period and further information about Personal Data can be found in the section titled “Detailed information on the processing of Personal Data” within this document.
Users may exercise certain rights regarding their Data within the limits of law, including the following:
Any requests to exercise User rights can be directed to the Owner through the contact details provided in this document. Such requests are free of charge and will be answered by the Owner as early as possible, providing Users with the information required by law.
This section of the document integrates with and supplements the information contained in the rest of the privacy policy and is provided by the entity running this Application and, if the case may be, its parent, subsidiaries and affiliates (for the purposes of this section referred to collectively as “we”, “us”, “our”).
This section applies to all Users in Brazil (Users are referred to below, simply as “you”, “your”, “yours”), according to the "Lei Geral de Proteção de Dados" (the "LGPD"), and for such Users, it supersedes any other possibly divergent or conflicting information contained in the privacy policy.
This part of the document uses the term “personal information“ as it is defined in the LGPD.
We can process your personal information solely if we have a legal basis for such processing. Legal bases are as follows:
To find out more about the legal bases, you can contact us at any time using the contact details provided in this document.
To find out what categories of your personal information are processed, you can read the section titled “Detailed information on the processing of Personal Data” within this document.
To find out why we process your personal information, you can read the sections titled “Detailed information on the processing of Personal Data” and “The purposes of processing” within this document.
You have the right to:
You will never be discriminated against, or otherwise suffer any sort of detriment, if you exercise your rights.
You can file your express request to exercise your rights free from any charge, at any time, by using the contact details provided in this document, or via your legal representative.
We will strive to promptly respond to your requests.
In any case, should it be impossible for us to do so, we’ll make sure to communicate to you the factual or legal reasons that prevent us from immediately, or otherwise ever, complying with your requests. In cases where we are not processing your personal information, we will indicate to you the physical or legal person to whom you should address your requests, if we are in the position to do so.
In the event that you file an access or personal information processing confirmation request, please make sure that you specify whether you’d like your personal information to be delivered in electronic or printed form.
You will also need to let us know whether you want us to answer your request immediately, in which case we will answer in a simplified fashion, or if you need a complete disclosure instead.
In the latter case, we’ll respond within 15 days from the time of your request, providing you with all the information on the origin of your personal information, confirmation on whether or not records exist, any criteria used for the processing and the purposes of the processing, while safeguarding our commercial and industrial secrets.
In the event that you file a rectification, deletion, anonymization or personal information blocking request, we will make sure to immediately communicate your request to other parties with whom we have shared your personal information in order to enable such third parties to also comply with your request – except in cases where such communication is proven impossible or involves disproportionate effort on our side.
We are allowed to transfer your personal information outside of the Brazilian territory in the following cases:
This part of the document integrates with and supplements the information contained in the rest of the privacy policy and is provided by the business running this Application and, if the case may be, its parent, subsidiaries and affiliates (for the purposes of this section referred to collectively as “we”, “us”, “our”). The information contained in this section applies to all Users (Users are referred to below, simply as “you”, “your”, “yours”), who are residents in the following states: California, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Nevada, Delaware, Iowa, New Hampshire, New Jersey, Nebraska, Tennessee, Minnesota, Maryland, Indiana, Kentucky, Rhode Island and Montana. For such Users, this information supersedes any other possibly divergent or conflicting provisions contained in the privacy policy. This part of the document uses the term Personal Information (and Sensitive Personal Information).
The following Notice at collection provides you with timely notice about the categories of Personal Information collected or disclosed in the past 12 months so that you can exercise meaningful control over our use of that Information. While such categorization of Personal Information is mainly based on California privacy laws, it can also be helpful for anyone who is not a California resident to get a general idea of what types of Personal Information are collected.
password
for the time necessary to fulfill the purpose
No
No
Stripe Inc, Vercel Inc.
password
for the time necessary to fulfill the purpose
No
No
Stripe Inc, Vercel Inc., Google LLC
payment info
for the time necessary to fulfill the purpose
No
No
this Application
ℹ️ You can read the definitions of these concepts inside the “Definitions and legal references section” of the privacy policy.
To know more about your rights to limit the use of your sensitive personal information (“Limit the Use of My Sensitive Personal Information”) you can refer to the “Your privacy rights under US state laws” section of our privacy policy.
For more details on the collection of Personal Information, please read the section “Detailed information on the processing of Personal Data” of our privacy policy.
We won’t process your Information for unexpected purposes, or for purposes that are not reasonably necessary to and compatible with the purposes originally disclosed, without your consent.
We collect the above-mentioned categories of Personal Information, either directly or indirectly, from you when you use this Application.
For example, you directly provide your Personal Information when you submit requests via any forms on this Application. You also provide Personal Information indirectly when you navigate this Application, as Personal Information about you is automatically observed and collected.
Finally, we may collect your Personal Information from third parties that work with us in connection with the Service or with the functioning of this Application and features thereof.
You may exercise certain rights regarding your Personal Information. In particular, to the extent permitted by applicable law, you have:
In addition to the rights listed above common to all Users in the United States, as a User residing in California, you have:
In addition to the rights listed above common to all Users in the United States, as a User residing in Virginia, Colorado, Connecticut, Texas, Oregon, Nevada, Delaware, Iowa, New Hampshire, New Jersey, Nebraska, Tennessee, Minnesota, Maryland, Indiana, Kentucky, Rhode Island and Montana you have
In Minnesota and Maryland Users also have the right to obtain a list of the specific third parties to which the controller has disclosed the consumer's personal data
* Note that in some states like Minnesota you have the following specific rights connected to profiling:
In addition to the rights listed above common to all Users in the United States, as a User residing in Utah and Iowa, you have:
To exercise the rights described above, you need to submit your request to us by contacting us via the contact details provided in this document.
For us to respond to your request, we must know who you are. We will not respond to any request if we are unable to verify your identity and therefore confirm the Personal Information in our possession relates to you. You are not required to create an account with us to submit your request. We will use any Personal Information collected from you in connection with the verification of your request solely for verification and shall not further disclose the Personal Information, retain it longer than necessary for purposes of verification, or use it for unrelated purposes.
If you are an adult, you can make a request on behalf of a child under your parental authority.
In addition to what is stated above, to exercise your right to opt-out of Sale or Sharing and Targeted Advertising you can also use the privacy choices link provided on this Application.
If you want to submit requests to opt out of Sale or Sharing and Targeted Advertising activities via a user-enabled global privacy control, such as for example the Global Privacy Control (“GPC”), you are free to do so and we will abide by such request in a frictionless manner.
We will respond to your request without undue delay, but in all cases within the timeframe required by applicable law. Should we need more time, we will explain to you the reasons why, and how much more time we need.
Should we deny your request, we will explain to you the reasons behind our denial (where envisaged by applicable law you may then contact the relevant authority to submit a complaint).
We do not charge a fee to process or respond to your request unless such request is manifestly unfounded or excessive and in all other cases where it is permitted by the applicable law. In such cases, we may charge a reasonable fee or refuse to act on the request. In either case, we will communicate our choices and explain the reasons behind them.
The User's Personal Data may be used for legal purposes by the Owner in Court or in the stages leading to possible legal action arising from improper use of this Application or the related Services.
The User declares to be aware that the Owner may be required to reveal personal data upon request of public authorities.
In addition to the information contained in this privacy policy, this Application may provide the User with additional and contextual information concerning particular Services or the collection and processing of Personal Data upon request.
For operation and maintenance purposes, this Application and any third-party services may collect files that record interaction with this Application (System logs) or use other Personal Data (such as the IP Address) for this purpose.
More details concerning the collection or processing of Personal Data may be requested from the Owner at any time. Please see the contact information at the beginning of this document.
The Owner reserves the right to make changes to this privacy policy at any time by notifying its Users on this page and possibly within this Application and/or - as far as technically and legally feasible - sending a notice to Users via any contact information available to the Owner. It is strongly recommended to check this page often, referring to the date of the last modification listed at the bottom.
Should the changes affect processing activities performed on the basis of the User’s consent, the Owner shall collect new consent from the User, where required.
Any information that directly, indirectly, or in connection with other information — including a personal identification number — allows for the identification or identifiability of a natural person.
Sensitive Personal Information means any Personal Information that is not publicly available and reveals information considered sensitive according to the applicable privacy law.
Information collected automatically through this Application (or third-party services employed in this Application), which can include: the IP addresses or domain names of the computers utilised by the Users who use this Application, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilised to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server's answer (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system utilised by the User, the various time details per visit (e.g., the time spent on each page within the Application) and the details about the path followed within the Application with special reference to the sequence of pages visited, and other parameters about the device operating system and/or the User's IT environment.
The individual using this Application who, unless otherwise specified, coincides with the Data Subject.
The natural person to whom the Personal Data refers.
The natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Controller, as described in this privacy policy.
The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data, including the security measures concerning the operation and use of this Application. The Data Controller, unless otherwise specified, is the Owner of this Application.
The means by which the Personal Data of the User is collected and processed.
The service provided by this Application as described in the relative terms (if available) and on this site/application.
Sale means any exchange of Personal Information by the Owner to a third party, for monetary or other valuable consideration, as defined by the applicable privacy US state law. Please note that the exchange of Personal Information with a service provider pursuant to a written contract that meets the requirements set by the applicable law, does not constitute a Sale of your Personal Information.
Sharing means any sharing, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer's Personal Information by the business to a third party for cross-context behavioural advertising, whether for monetary or other valuable consideration, including transactions between a business and a third party for cross-context behavioural advertising for the benefit of a business in which no money is exchanged, as defined by the California privacy laws. Please note that the exchange of Personal Information with a service provider pursuant to a written contract that meets the requirements set by the California privacy laws, does not constitute sharing of your Personal Information.
Targeted advertising means displaying advertisements to a consumer where the advertisement is selected based on Personal Information obtained from that consumer’s activities over time and across nonaffiliated websites or online applications to predict such consumer’s preferences or interests, as defined by the applicable privacy US state law.
Unless otherwise specified, all references made within this document to the European Union include all current member states to the European Union and the European Economic Area.
Cookies are Trackers consisting of small sets of data stored in the User's browser.
Tracker indicates any technology - e.g Cookies, unique identifiers, web beacons, embedded scripts, e-tags and fingerprinting - that enables the tracking of Users, for example by accessing or storing information on the User’s device.
This policy has been prepared based on provisions of multiple legislations.
This policy relates solely to this Application, if not stated otherwise within this document.