Privacy Policy

Hermetica Labs Privacy Policy

Last Updated: March 20, 2024

Overview

This Privacy Policy explains how Hermetica collects, uses, and discloses information about you through its websites, including web applications, and other online products and services (collectively, the “Services”) or when you otherwise interact with us. We may change this Privacy Policy from time to time. If we make changes, we will notify you by revising the date at the top of the Privacy Policy and, in some cases, we may provide you with additional notice (such as adding a statement to our homepage or sending you a notification). We encourage you to review the Privacy Policy whenever you access the Services or otherwise interact with us to stay informed about our information practices and the choices available to you. Any capitalized terms in this Privacy Policy are defined in our Terms of Service available at https://hermetica.fi/terms.

1. Data Collection

We collect certain information about you when you visit the Services. This information may personally identify you or have the potential to personally identify you (“Personal Information”). This section describes the Personal Information we collect and the sources of that information. Information We Collect • Identifiers. We collect your email address, IP Address, device ID, type of browser, or other unique personal or online identifiers. • Internet or Other Electronic Network Activity Information. We may collect information regarding your interaction with the Services, including time of visit and geolocation data, pages visited, links clicked, emails opened, language preferences, and the pages that led or referred you to our Services. We may also collect information automatically from your device, such as device type, operating system name and version, device manufacturer and model, language, plug-ins, and add-ons. • Geolocation Data. We may collect your physical location or infer your physical location based on your IP address or other network or voluntarily provided information. You may refuse to provide, or request that we delete, certain categories of Personal Information we have about you. However, if our collection of the Personal Information is required by law or contract or is necessary for you to access or use the Services, we may be unable to provide the Services to you. Data Sources • We may automatically collect certain information about the mobile device, computer or other devices that you use to access the Services through commonly used information-gathering tools, such as cookies and web beacons (see our Cookies section below). • You provide some Personal Information to us directly. For example, you provide Identifiers, such as an email address for us to create your account on the Platform. • We may generate information about you based on our relationship with you or your use of the Services. Such information may be aggregated or anonymized before we process it.

2. Data Usage

This section describes the purposes for which we process your Personal Information. We process your Personal Information: • To perform our contractual obligations to you. This includes but is not limited to providing you access to the Services; processing customer service requests; performing our contractual obligations to you under our Terms of Service; and providing you with access to the Products and Services you purchase from us. • For legitimate business interests which outweigh the general privacy rights of individual data subjects. This includes but is not limited to analyzing and improving our Services and business operations; ensuring the security and availability of the Services; and monitoring use of the Services to prevent fraud or abuse. • To comply with a legal obligation or requirement. We use and process your Personal Information when we believe doing so is necessary to comply with laws and regulations, pursuant to a judicial authorization, or to exercise or defend our legal rights or those of a third party. • With your consent. We process your Personal Information if we obtained your affirmative consent to such processing, such as to send you information about the Services and other marketing communications that you requested, or to respond to inquiries and questions that you initiated. If we need to process your Personal Information for a purpose other than that for which the information was initially collected, we will provide you with information about that other purpose before we further process your Personal Information.

3. Data Sharing and Disclosure

We may share your Personal Information with third parties: • With your consent. We share your Personal Information if you affirmatively consent to it. If we are legally obligated to obtain your consent prior to sharing your Personal Information, we notify you of the specific purpose for which we are obtaining your consent, and we do not share beyond that purpose without notifying you of and obtaining additional consent for further disclosure. • With third party service providers and agents. We share Personal Information with a limited number of service providers who process it on our behalf to provide or improve our business functions, and who have agreed to privacy restrictions similar to the ones in our Privacy Policy by making similar commitments. • For legal disclosure. We may share your information with third parties when we reasonably believe disclosure is required or permitted in order to comply with a subpoena, court order or other applicable law, regulation or legal process. • To protect us or others. We may share your information to the extent we believe that sharing such information is necessary to protect the rights, property, or safety of us, our products or services, our customers, or others. • As a result of merger or sale of our business. We may share Personal Information if we are involved in a merger, sale, financing, liquidation, bankruptcy or acquisition of corporate entities or business units. We do not sell any Personal Information for any reason.

4. Data Access and Control

You may access, update, alter, or delete certain Personal Information we have about you by contacting us using the information provided in the “Contact Information” section below.

5. Data Retention

We retain your Personal Information according to applicable laws or regulatory requirements and keep it as long as is necessary to fulfill the purposes described in this Privacy Policy or for which the personal data was collected.

6. Data Security

While no online service is 100% secure, we work to protect information about you against unauthorized access, use, alteration, or destruction, and take reasonable measures to do so. We monitor our Services for potential vulnerabilities and attacks, and we use a variety of security technologies and organizational procedures to help protect your personal data from unauthorized access, use, or disclosure. We also limit access to your Personal Information to those personnel with a need to know in order to perform job duties for us.

7. Children's Privacy

We do not collect Personal Information about or from persons under the age of thirteen. If you are under the age of thirteen you CANNOT use the Services.

8. Third Party Links

We may provide content on the Services that links to third-party websites. For example, we may post links to our social media profiles so you can find us easily. We do not control, and are not responsible for, third parties’ privacy practices and content. When you click on a link to a third-party site, the third party may collect your personal information, which will be governed by the third party’s privacy policy. Please read the third party’s privacy policy to learn about how they collect and process your personal information.

9. Cookies Policy

Cookies are small text files that are stored in a web browser’s memory. Cookies help us remember your preferences and that you have already logged in, and they help us analyze how you use the Services so we can improve the Services. This Cookies Policy explains how we use cookies and other similar technologies to help us ensure that our Services function properly, prevent fraud and other harm, and analyze and improve the Services in accordance with our Privacy Policy. Any capitalized term used and not otherwise defined below has the meaning assigned to it in the Privacy Policy. How We Use Cookies Cookies help us personalize the Services and offer an effective and safe application. We update our cookies periodically, but we generally use cookies for the following purposes: • To operate the Services. We use cookies for functions such as authentication, fraud prevention and detection, and features and preferences. • To analyze and improve the Services. We use cookies to understand how you use the Services so that we can improve your user experience. How You Can Manage Cookies Your web browser may allow you to control the cookies we and other websites set on your computer. Please consult the help section of your web browser for more information on how to delete cookies. However, note that if you choose to delete or disable cookies, we may be unable to provide the Services to you.

10. EU Data Rights

EU residents may have certain rights under applicable data protection laws, including the EU General Data Protection Regulation (GDPR), which include the rights to:

Right to Be Informed

The right to know or be notified about the collection and use of your personal information.

Right to Access

The right to be provided with a copy of your personal information (the right of access).

Right to Rectification

The right to require us to correct any mistakes in your personal information.

Right to be Forgotten

The right to require us to delete your personal information—in certain situations

Right to Restriction of Processing

The right to require us to restrict processing of your personal information—in certain circumstances, e.g., if you contest the accuracy of the data.

Right to Data Portability

The right to receive the personal information you provided to us, in a structured, commonly used, and machine-readable format and/or transmit that data to a third party—in certain situations.

Right to Object

The right to object: • At any time to your personal information being processed for direct marketing (including profiling). • In certain other situations to our continued processing of your personal information, e.g., processing.

Right Not to be Subject to Automated Individual Decision- Making

The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you.

You may request to exercise any of the rights above by contacting us using the information in the Contact Information section below. We may ask you to provide information to verify your identity and right to access the information in your request. We will consider and act upon any such requests in accordance with applicable data protection laws. Legal Bases for Processing The legal bases we rely on for processing your Personal Information are: • To perform a contract, such as to fulfill our obligations under our Terms of Service and to provide the Services; • To comply with a legal obligation, such as to comply with a subpoena or to grant access to personal data in circumstances of high public interest; • For legitimate interests which are not overridden by your data protection interests; and • With your consent. Processing Special Category Data To the extent we process special category data, we rely on the legal bases above and the following exemptions: • You have given your explicit consent to process the special category data; • Processing relates to personal information that you manifestly made public; or • Processing is necessary for the establishment, exercise or defence of legal claims or to comply with a judicial order. If you have complaints or disputes about this Privacy Policy or our privacy practices, please contact us using the Contact Information provided below. We will respond to your complaint in the time period required by applicable law. You may also have a right to lodge a complaint with your local data protection authority (DPA).

11. EEA Data Subjects: Transferring Your Personal Information Out of the EEA

To deliver services to you, it is sometimes necessary for us to share your personal information outside the European Economic Area (EEA), e.g.: • With our offices outside the EEA ‍ • With your and our service providers located outside the EEA • If you are based outside the EEA These transfers are subject to special rules under European and UK data protection law.

12. Promotional Communications

You may opt out of receiving promotional communications from Hermetica by following the instructions in those communications or by emailing us at hello@hermetica.fi. If you opt out, we may still send you non-promotional emails, such as those about your account or our ongoing business relations.

13. Mobile Push Notifications/Alerts

With your consent, we may send promotional and non-promotional push notifications or alerts to your mobile device. You can deactivate these messages at any time by changing the notification settings on your mobile device.

14. Contact Information

You may update, correct or delete information about you at any time by emailing us at hello@hermetica.fi. Please note that we may retain cached or archived copies of information about you for a certain period of time.

15. Changes to this Privacy Policy

We will provide you with notice of changes to the way we process your Personal Information and will obtain your consent as required by applicable law. All changes are effective immediately upon posting a notice of such changes. Your continued access to or use of the Services following the posting of changes constitutes your acknowledgement of such changes. You can see when this Privacy Policy was last updated by checking the “Last Updated” date displayed at the top of this Privacy Policy.

Last updated