Privacy Policy

1. Introduction and Scope

This Privacy Policy ("Policy") describes the privacy practices of Hey Value Tech SRL, a company registered in Romania with Tax Identification Number RO40568221, with its principal place of business in Cluj-Napoca, Romania ("Company," "we," "us," or "our"). This Policy applies to all personal information we collect through our websites, applications, cloud services, and any other products or services that reference this Policy (collectively, the "Services"), including but not limited to HeyCloud, PymeDigital, Hey Websites, Hey Domains, Hey Mail, and Hey Social.

By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with our policies and practices, please do not use our Services. This Policy may change from time to time, and your continued use of the Services after we make changes is deemed to be acceptance of those changes.

This Privacy Policy should be read in conjunction with our Terms of Service. Any capitalized terms not defined in this Policy shall have the meaning given to them in the Terms of Service.

2. Data Controller Information

For the purposes of applicable data protection laws, including but not limited to the General Data Protection Regulation (EU) 2016/679 ("GDPR") and Romanian Law No. 190/2018, the data controller responsible for your personal information is:

3. Information We Collect

We collect information that you provide directly to us, information we collect automatically when you use our Services, and information we obtain from third-party sources. The types of information we collect depend on how you interact with our Services and the choices you make.

3.1 Information You Provide Directly

We collect information you provide when you create an account, subscribe to our Services, make a purchase, contact us, or otherwise communicate with us. This information may include:

Account and Profile Information: When you register for an account, we collect your name, email address, password, and optionally your phone number, job title, company name, and profile photograph. For business accounts, we may also collect your company's legal name, tax identification number, registered address, and authorized representative information.

Billing and Payment Information: When you make a purchase or subscribe to paid Services, we collect billing details including your billing name and address, payment card information (card number, expiration date, and security code), bank account details for direct debit payments, and transaction history. Payment card information is processed by our third-party payment processors and is not stored on our servers in unencrypted form.

Content and Files: We collect and store the content you upload, create, receive, or maintain through our Services. This includes documents, photographs, videos, audio files, emails, calendar entries, contacts, and any other files or data you choose to store in HeyCloud or transmit through our Services.

Communications: When you contact us for support, provide feedback, participate in surveys, or communicate with us through any channel, we collect the content of those communications along with associated metadata such as timestamps and communication method.

Domain Registration Information: When you register or transfer domain names through Hey Domains, we collect domain registration data as required by ICANN and applicable registry policies, including registrant name, organization, address, phone number, and email address.

3.2 Information Collected Automatically

When you access or use our Services, we automatically collect certain information about your device, your use of the Services, and your interaction with our content. This information is collected using cookies, pixel tags, web beacons, and similar technologies, as well as through server logs and application telemetry.

Device and Browser Information: We collect information about the devices you use to access our Services, including hardware model, operating system and version, unique device identifiers (such as IDFA, GAID, or device serial numbers), browser type and version, screen resolution, language preferences, and time zone settings.

Network and Connection Information: We collect your Internet Protocol (IP) address, Internet service provider, mobile carrier information (for mobile devices), connection type (WiFi, cellular, etc.), and network performance metrics.

Usage Information: We collect information about your interactions with our Services, including the pages and features you access, the time and duration of your visits, the links you click, search queries you submit, files you upload or download, storage usage patterns, and the referring URL that brought you to our Services.

Location Information: We may collect information about your approximate location based on your IP address, and with your consent, precise location information from your mobile device's GPS, WiFi, or cellular network triangulation.

Application Logs and Diagnostics: Our desktop and mobile applications may collect diagnostic information including application crash reports, performance metrics, error logs, and feature usage statistics to help us improve the reliability and performance of our Services.

3.3 Information from Third-Party Sources

We may receive information about you from third-party sources and combine it with information we collect directly. These sources include:

Single Sign-On Providers: If you choose to register or log in using a third-party service such as Google, Microsoft, or Apple, we receive information from that service as permitted by your account settings with that provider, which may include your name, email address, and profile photograph.

Business Partners and Resellers: If you access our Services through a business partner, reseller, or enterprise customer, we may receive information about you from that organization, including your name, email address, and the scope of Services you are authorized to access.

Public Sources: We may collect information from publicly available sources, including public websites, social media platforms, and government databases, to supplement the information we hold about business customers for fraud prevention and compliance purposes.

4. Legal Bases for Processing

We process your personal information only when we have a valid legal basis to do so under applicable data protection laws. The legal bases we rely on include:

Performance of Contract: We process personal information as necessary to perform our contractual obligations to you, including providing the Services you have requested, managing your account, processing payments, and providing customer support.

Legitimate Interests: We process personal information for our legitimate business interests, provided those interests are not overridden by your rights and interests. Our legitimate interests include operating and improving our Services, preventing fraud and abuse, ensuring network and information security, and conducting business analytics.

Legal Compliance: We process personal information as necessary to comply with our legal obligations, including tax reporting requirements, responding to lawful requests from public authorities, and maintaining records as required by applicable laws.

Consent: In some cases, we process personal information based on your consent. Where we rely on consent, you have the right to withdraw that consent at any time, though this will not affect the lawfulness of processing conducted prior to withdrawal.

5. How We Use Your Information

We use the information we collect for various purposes related to providing, maintaining, and improving our Services, as well as for communication, security, and compliance purposes.

5.1 Providing and Managing Services

We use your information to create and manage your account, authenticate your identity, provide access to the Services you have requested, process and fulfill your orders and subscriptions, store and synchronize your content across devices, deliver domain registration and DNS management services, send and receive emails through Hey Mail, publish and host websites through Hey Websites, and schedule and publish social media content through Hey Social.

5.2 Communication

We use your information to send you transactional communications related to your account and Services, including purchase confirmations, billing statements, subscription renewals, password reset emails, security alerts, and service notifications. We may also send you promotional communications about new features, products, and services, special offers, and company news, subject to your communication preferences and applicable law.

5.3 Improvement and Development

We use information about how you use our Services to understand usage patterns and trends, identify areas for improvement, develop new features and services, conduct research and analytics, and test new products and features before release. We may use aggregated or de-identified information for these purposes without restriction.

5.4 Security and Fraud Prevention

We use your information to protect our Services and users from unauthorized access, fraud, abuse, and other harmful activities. This includes monitoring for suspicious activity, detecting and preventing security incidents, verifying identity for account access, enforcing our Terms of Service, and investigating potential violations of our policies or applicable laws.

5.5 Legal and Compliance

We use your information to comply with applicable legal requirements, including tax obligations, anti-money laundering requirements, domain registration regulations (ICANN policies), data retention requirements, and responding to lawful requests from law enforcement and regulatory authorities.

6. Information Sharing and Disclosure

We do not sell your personal information to third parties for their marketing purposes. We may share your information in the following circumstances:

6.1 Service Providers

We share information with third-party service providers who perform services on our behalf, including cloud hosting and infrastructure providers (such as Amazon Web Services and Google Cloud Platform), payment processors and billing services, email delivery services, customer support platforms, analytics and monitoring services, domain registrars and DNS providers, content delivery networks, and security and fraud prevention services. These service providers are contractually obligated to use your information only for the purposes of providing services to us and must maintain appropriate security measures.

6.2 Business Partners

We may share information with business partners in connection with offering co-branded services, conducting joint marketing initiatives, or providing integrated functionality. When you access services provided by our partners, their privacy practices will apply to information they collect directly from you.

6.3 Enterprise Customers

If you use our Services through an enterprise or business account, the organization that has contracted for those Services may have access to your account information and content as the account administrator. The organization's privacy practices and policies will apply to such access and use.

6.4 Legal Requirements and Protection of Rights

We may disclose your information if required to do so by law or in response to valid legal process, including subpoenas, court orders, or government requests. We may also disclose information when we believe in good faith that disclosure is necessary to protect our rights, property, or safety, or that of our users or the public; investigate or prevent fraud, security issues, or potential violations of our Terms of Service; or enforce our Terms of Service and other agreements.

6.5 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our Services of any change in ownership or uses of your personal information, as well as any choices you may have regarding your information.

6.6 With Your Consent

We may share your information with third parties when you have given us your explicit consent to do so, or when you direct us to share information with a specific third party.

7. International Data Transfers

We are headquartered in Romania, a member state of the European Union, and our primary data processing facilities are located within the European Economic Area (EEA). However, we may transfer your personal information to countries outside the EEA in connection with providing our Services, including to service providers and partners located in the United States and other countries.

When we transfer personal information outside the EEA, we ensure that appropriate safeguards are in place to protect your information in accordance with applicable data protection laws. These safeguards may include Standard Contractual Clauses approved by the European Commission, binding corporate rules, or transfers to countries that have been determined by the European Commission to provide an adequate level of data protection.

By using our Services, you acknowledge and agree that your information may be transferred to and processed in countries other than your country of residence, which may have different data protection rules than your country. We will take appropriate steps to ensure that your information receives an adequate level of protection in the jurisdictions in which we process it.

8. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements. The retention period for different types of information varies based on the nature of the information and the purposes for which it is processed.

Account Information: We retain your account information for as long as your account remains active. If you close your account, we will delete or anonymize your account information within 90 days, except as necessary to comply with legal obligations, resolve disputes, or enforce our agreements.

Content and Files: We retain the content and files you store in our Services for as long as your account is active and for up to 30 days following account closure to allow for data retrieval. After this period, content is permanently deleted from our systems and backup storage.

Transaction Records: We retain records of transactions, payments, and invoices for a minimum of 10 years to comply with tax and accounting requirements under Romanian and EU law.

Usage Logs: We retain server logs and usage data for a period of 12 months for security, fraud prevention, and service improvement purposes. Aggregated or anonymized usage data may be retained indefinitely.

Communication Records: We retain records of customer support communications and correspondence for a minimum of 5 years for quality assurance and dispute resolution purposes.

9. Data Security

We implement comprehensive technical and organizational security measures designed to protect your personal information against unauthorized access, alteration, disclosure, or destruction. Our security program includes:

Encryption: We use industry-standard encryption protocols to protect data in transit (TLS 1.2 or higher) and at rest (AES-256). Sensitive data such as passwords are hashed using secure algorithms and are never stored in plaintext.

Access Controls: We implement role-based access controls and the principle of least privilege to limit access to personal information to those employees, contractors, and agents who need access to perform their job responsibilities.

Infrastructure Security: Our systems are hosted in secure data centers with physical access controls, environmental controls, and 24/7 monitoring. We maintain firewalls, intrusion detection systems, and conduct regular vulnerability assessments and penetration testing.

Security Monitoring: We continuously monitor our systems for security threats and anomalies. We maintain incident response procedures and will notify affected users and relevant authorities of security incidents as required by applicable law.

Employee Training: All employees with access to personal information receive regular training on data protection and security best practices.

Despite our efforts, no method of transmission over the Internet or method of electronic storage is completely secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

10. Your Rights and Choices

Depending on your location and subject to applicable law, you may have certain rights regarding your personal information. We respect these rights and provide mechanisms for you to exercise them.

10.1 Access and Portability

You have the right to request a copy of the personal information we hold about you. You may also request that we provide your information in a structured, commonly used, and machine-readable format, and transmit it directly to another controller where technically feasible.

10.2 Correction

You have the right to request that we correct inaccurate or incomplete personal information we hold about you. You can update much of your account information directly through your account settings.

10.3 Deletion

You have the right to request that we delete your personal information in certain circumstances, such as when the information is no longer necessary for the purposes for which it was collected, when you withdraw consent, or when the processing is unlawful. Please note that we may be required to retain certain information for legal or legitimate business purposes.

10.4 Restriction and Objection

You have the right to request that we restrict the processing of your personal information in certain circumstances, such as when you contest the accuracy of the information or when the processing is unlawful. You also have the right to object to processing based on our legitimate interests.

10.5 Withdrawal of Consent

Where we process your personal information based on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent will not affect the lawfulness of processing conducted prior to the withdrawal.

10.6 Communication Preferences

You may opt out of receiving promotional communications from us by following the unsubscribe instructions in those communications or by updating your preferences in your account settings. Please note that you may not opt out of transactional or service-related communications.

10.7 Exercising Your Rights

To exercise any of these rights, please contact us at [email protected] or [email protected]. We may need to verify your identity before processing your request. We will respond to your request within the timeframes required by applicable law, typically within 30 days.

10.8 Right to Lodge a Complaint

If you believe that we have violated your privacy rights, you have the right to lodge a complaint with your local data protection authority. In Romania, this is the National Supervisory Authority for Personal Data Processing (ANSPDCP).

11. Cookies and Tracking Technologies

We use cookies, pixels, web beacons, and similar tracking technologies to collect information about your use of our Services, remember your preferences, and deliver personalized experiences. For detailed information about the cookies we use and how to manage your cookie preferences, please see our Cookie Policy.

Essential Cookies: These cookies are necessary for the basic functionality of our Services, including authentication, session management, and security features. You cannot opt out of essential cookies.

Functional Cookies: These cookies enable enhanced functionality and personalization, such as remembering your preferences and settings. If you disable these cookies, some features may not work properly.

Analytics Cookies: We use analytics cookies to understand how visitors interact with our Services, which pages are most popular, and how users navigate through our website. This helps us improve our Services and user experience.

Advertising Cookies: We may use advertising cookies to deliver relevant advertisements to you and to measure the effectiveness of our advertising campaigns. You can opt out of personalized advertising through your browser settings or through industry opt-out mechanisms.

12. Children's Privacy

Our Services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and you believe that your child has provided us with personal information without your consent, please contact us at [email protected]. If we become aware that we have collected personal information from a child under 16 without verification of parental consent, we will take steps to delete that information from our servers promptly.

If you are between the ages of 16 and 18, you may use our Services only with the involvement and consent of a parent or legal guardian.

13. Third-Party Links and Services

Our Services may contain links to third-party websites, applications, or services that are not operated or controlled by us. This Privacy Policy does not apply to any third-party services. We encourage you to review the privacy policies of any third-party services you access through our Services. We are not responsible for the privacy practices or content of third-party services.

When you use integrations or connect third-party services to your account (such as social media platforms for Hey Social), information may be shared between our Services and those third-party services in accordance with your settings and the third party's privacy practices.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes to this Policy, we will notify you by email (sent to the email address associated with your account), through a notice on our website, or through the Services prior to the change becoming effective.

We encourage you to review this Privacy Policy periodically to stay informed about our information practices. The "Last Revised" date at the top of this Policy indicates when it was last updated. Your continued use of our Services after any changes to this Privacy Policy constitutes your acceptance of the updated Policy.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us using the following information:

We will endeavor to respond to all inquiries within a reasonable timeframe and in accordance with applicable legal requirements.