Privacy Policy

How we collect, use, and protect your personal information

Last updated: August 15, 2025
Effective Date: August 15, 2025

1. Scope & Definitions

This Privacy Policy applies to all services provided by Hiemee JSC ("we", "us", "our") including our website, mobile applications, and all related services. This policy describes how we collect, use, process, and disclose your personal information in accordance with applicable privacy laws including GDPR, CCPA, PDPA, and other regional regulations.

Key Definitions:

  • **Personal Data**: Any information that identifies or can be used to identify you directly or indirectly
  • **Processing**: Any operation performed on personal data, including collection, storage, use, and deletion
  • **Data Controller**: Hiemee JSC, responsible for determining how and why personal data is processed
  • **Data Subject**: You, the individual whose personal data we process
  • **Legal Basis**: The lawful reason we rely on to process your personal data

2. Data We Collect

Information You Provide Directly:

  • Account registration details (name, email, phone number)
  • Profile information and preferences
  • Communication records (support tickets, emails, chat messages)
  • Payment and billing information
  • Investment preferences and financial information (for HieFund)
  • Property preferences and search criteria (for Hie Real Estate)
  • Technical requirements and project details (for Hie-Software)
  • Survey responses and feedback
  • Document uploads and submissions

Information Collected Automatically:

  • Device information (IP address, browser type, device ID)
  • Usage analytics (pages visited, time spent, click patterns)
  • Location data (with your consent)
  • Performance metrics and error logs
  • Security and fraud prevention data
  • Cookies and similar tracking technologies

Information from Third Parties:

  • Social media platforms (when you choose to connect)
  • Payment processors and financial institutions
  • Identity verification services
  • Business partners and affiliates
  • Public databases and data enrichment services
  • Marketing and analytics partners

3. How We Use Your Data

We process your personal data for the following purposes:

  • **Service Provision**: Deliver our real estate, investment, and software services
  • **Account Management**: Create, maintain, and secure your account
  • **Communication**: Send important updates, support responses, and service notifications
  • **Personalization**: Customize your experience and provide relevant recommendations
  • **Payment Processing**: Handle transactions and billing for our services
  • **Legal Compliance**: Meet regulatory requirements and legal obligations
  • **Security**: Protect against fraud, unauthorized access, and security threats
  • **Analytics**: Improve our services through usage analysis and performance monitoring
  • **Marketing**: Send promotional materials and updates (with your consent)
  • **Research**: Conduct surveys and studies to enhance our offerings

Legal Bases for Processing (GDPR):

  • **Contract Performance**: Processing necessary to provide our services
  • **Legitimate Interest**: Improving our services, security, and business operations
  • **Legal Obligation**: Compliance with applicable laws and regulations
  • **Consent**: Where you have provided explicit consent
  • **Vital Interest**: Protection of your safety or that of others

4. Data Sharing & Third Parties

We may share your data with:

  • **Service Providers**: Cloud hosting, payment processing, analytics, and support services
  • **Business Partners**: Real estate agencies, investment platforms, and software integrators
  • **Legal Authorities**: When required by law, court orders, or regulatory requests
  • **Professional Advisors**: Lawyers, accountants, and consultants bound by confidentiality
  • **Business Transfers**: In case of merger, acquisition, or sale of assets
  • **Consent-Based**: Third parties you explicitly authorize us to share with

We Do Not Sell Personal Data

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. Any data sharing is strictly limited to the purposes outlined above and subject to appropriate safeguards.

5. Your Rights

Under GDPR and Similar Laws, You Have the Right To:

  • **Access**: Request copies of your personal data
  • **Rectification**: Correct inaccurate or incomplete information
  • **Erasure**: Request deletion of your personal data ('right to be forgotten')
  • **Portability**: Receive your data in a portable format
  • **Restriction**: Limit how we process your data
  • **Objection**: Object to processing based on legitimate interest
  • **Withdraw Consent**: Revoke consent for consent-based processing
  • **Lodge Complaints**: File complaints with supervisory authorities

California Residents (CCPA) Also Have the Right To:

  • Know what personal information is collected, used, and shared
  • Delete personal information (with certain exceptions)
  • Opt-out of the sale of personal information
  • Non-discrimination for exercising privacy rights

How to Exercise Your Rights:

Contact us at contact@hiemee.com or use our online privacy portal. We will respond within 30 days (GDPR) or 45 days (CCPA). Identity verification may be required for security purposes.

6. Data Storage & Security

Data Retention:

  • **Account Data**: Retained while your account is active and for 7 years after closure
  • **Transaction Records**: Kept for 10 years for legal and tax compliance
  • **Communication Logs**: Stored for 3 years for support and quality purposes
  • **Analytics Data**: Aggregated data retained indefinitely, personal identifiers removed after 2 years
  • **Marketing Data**: Retained until consent is withdrawn or 3 years of inactivity

Security Measures:

  • **Encryption**: End-to-end encryption for data in transit and at rest
  • **Access Controls**: Role-based access and multi-factor authentication
  • **Regular Audits**: Third-party security assessments and penetration testing
  • **Employee Training**: Regular privacy and security training for all staff
  • **Incident Response**: Comprehensive breach detection and response procedures
  • **Compliance**: SOC 2 Type II, ISO 27001, and other security certifications

7. Cookies & Tracking Technologies

Types of Cookies We Use:

  • **Essential Cookies**: Required for basic website functionality
  • **Performance Cookies**: Help us understand how visitors use our site
  • **Functional Cookies**: Remember your preferences and settings
  • **Targeting Cookies**: Used to deliver relevant advertising (with consent)
  • **Third-Party Cookies**: Set by our partners for analytics and advertising

Cookie Controls:

You can control cookies through your browser settings or our cookie preference center. Note that disabling essential cookies may affect website functionality.

Mobile App Tracking:

Our mobile apps may use SDKs and similar technologies. You can control tracking through your device settings or app permissions. We comply with Apple App Tracking Transparency and Google Play policies.

8. International Data Transfer

Cross-Border Processing:

Your data may be processed in countries outside your residence, including the United States, European Union, and Asia-Pacific regions. We ensure adequate protection through:

Transfer Safeguards:

  • **Adequacy Decisions**: Transfers to countries deemed adequate by the EU Commission
  • **Standard Contractual Clauses**: EU-approved contract terms for international transfers
  • **Binding Corporate Rules**: Internal policies ensuring consistent data protection
  • **Certification Schemes**: Participation in recognized privacy frameworks

9. Children's Privacy (COPPA Compliance)

Minimum Age Requirements:

Our services are not intended for children under 16 years old (or the minimum age in your jurisdiction). We do not knowingly collect personal information from children without parental consent.

Parental Rights:

  • Review their child's personal information
  • Request deletion of their child's data
  • Refuse further collection or use of their child's information

Educational Use:

If we provide services to schools, we comply with FERPA and similar educational privacy laws, acting as a service provider under appropriate agreements.

10. Changes to This Policy

Policy Updates:

We may update this Privacy Policy to reflect changes in our practices, legal requirements, or service offerings. Material changes will be communicated through:

How We Notify You:

  • Email notification to registered users
  • Prominent notice on our website
  • In-app notifications for mobile users
  • 30-day advance notice for material changes affecting your rights

Continued Use:

Your continued use of our services after the effective date constitutes acceptance of the updated policy. If you disagree with changes, you may terminate your account.

11. Contact Information

Data Controller:

Hiemee JSC Address: [Company Address] Registration Number: [Business Registration Number]

Privacy Inquiries:

  • **Email**: contact@hiemee.com
  • **Phone**: +84 [Privacy Hotline]
  • **Mail**: Privacy Officer, Hiemee JSC, [Full Address]
  • **Online Portal**: [Privacy Request Portal URL]

Data Protection Officer (EU/EEA):

Email: dpo@hiemee.com Responsible for overseeing data protection compliance and handling privacy inquiries from EU/EEA residents.

Supervisory Authority:

If you're unsatisfied with our response to your privacy concerns, you may lodge a complaint with your local data protection authority or the lead supervisory authority in Ireland.

Questions about this policy?

Contact our privacy team

Contact our privacy team