Privacy Policy

Summary

At Heylean, we are deeply committed to your privacy and the security of your personal data. This policy transparently explains what data we collect when you use our services, why we collect it, how we use and protect it, and your legal rights.

Data Controller: Heylean International, Inc. is the primary entity responsible for processing your personal data. For operations in Turkey, Heylean Teknoloji A.Ş. acts as a local representative.
Data Collection: We collect personal data to provide and improve our Services, ensure security, and comply with our legal obligations.
Data Sharing: Your data may be shared with our global affiliates and trusted partners for service delivery and operational needs, under strict data protection terms.
Your Rights: Depending on your location, you have significant rights, including the right to access, correct, and request the deletion of your personal data, and to object to certain processing activities.
Security: We implement industry-standard technical and organizational security measures to protect your data from unauthorized access, disclosure, and alteration.

1. Purpose and Scope

This Privacy Policy ("Policy") is designed to transparently explain how Heylean International, Inc. and its affiliates ("Heylean," "the Company," "We," "Us") collect, use, share, and protect your personal data when you interact with our websites, mobile applications, platforms, APIs, and all other products and services (collectively, the "Services").

This Policy applies globally and forms an integral part of our Terms of Conditions. By using our Services, you acknowledge that you have read and understood this Policy.

2. Data Controller and Definitions

2.1. Data Controller

The primary data controller responsible for your personal data is:

Heylean International, Inc.
651 N Broad St. Suite 206
Middletown, Delaware, 19709, United States

2.2. Representatives

For data subjects in certain jurisdictions, we have appointed local representatives:

For Turkey: In accordance with the Turkish Law on the Protection of Personal Data (KVKK), our designated representative is Heylean Teknoloji Anonim Şirketi (Güvenevler MAH. 1928 SOK. Ekinci Global İş Merkezi NO:5/10 Yenişehir, Mersin, Turkey).
For the United Kingdom (UK): Our designated representative under the UK GDPR is Heylean.com, Ltd. (Kemp House, 128 City Road, EC1V 2NX, London, United Kingdom).
For the European Union (EU): In accordance with Article 27 of the GDPR, we will appoint a representative. Please contact us for the most current information.

For data subjects in all other regions, the primary point of contact is the Data Controller, Heylean International, Inc., listed above.

2.3. Key Definitions

Personal Data: Any information relating to an identified or identifiable natural person ("Data Subject").
Processing: Any operation performed on Personal Data, such as collection, recording, use, storage, or disclosure.
Data Controller: The entity that determines the purposes and means of the processing of Personal Data.
Data Processor: An entity that processes Personal Data on behalf of the Data Controller.
GDPR: The General Data Protection Regulation (EU) 2016/679.
CCPA/CPRA: The California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020.

3. Information We Collect

We collect and process various categories of Personal Data to the extent necessary for our operations and to provide and improve our Services.

3.1. Data You Provide Directly

Identity Data: Name, username, or similar identifier.
Contact Data: Email address, phone number, postal address.
Professional Data (for Job Applicants): CV/resume, employment history, educational background, and references.
Financial Data: Payment card details (processed by secure third-party payment gateways) and billing information.
User Content: Content you create, upload, or receive from others when using our Services, such as comments, feedback, or support requests.

3.2. Data We Collect Automatically

Technical and Device Data: IP address, MAC address, login data, browser type and version, time zone setting and location, operating system and platform, and other technology on the devices you use to access our Services.
Usage Data: Information about how you use our website, products, and services, including server logs, crash reports, system activity, and referring URLs.
Location Data: We may collect data about your location, derived from your IP address or, with your consent, more precise data from GPS, device sensors, or nearby Wi-Fi access points and cell towers.

3.3. Data from Third Parties and Public Sources

We may receive Personal Data about you from various third parties and public sources, such as business partners, service providers, or publicly available records (e.g., commercial registers) for purposes like identity verification or operational security.

4. How We Use Your Information (Purposes and Lawful Bases)

We process your Personal Data based on one or more lawful bases as required by applicable law (such as the GDPR). Below are the purposes for which we use your data and the corresponding legal grounds.

To provide and manage our Services, including setting up your account, processing transactions, and providing customer support.

Performance of a contract with you.

To maintain and improve our Services, including monitoring performance, fixing errors, and developing new features.

Our legitimate interests (to ensure our Services are effective and innovative).

To ensure security and prevent fraud, including detecting and responding to security risks, abuse, and technical issues.

Our legitimate interests (to protect our Company, users, and the public) and compliance with a legal obligation.

To communicate with you about service updates, security alerts, and administrative messages.

Performance of a contract and our legitimate interests.

To comply with legal obligations, including responding to lawful requests from public authorities.

Compliance with a legal obligation.

For marketing and promotional activities, such as sending you information about our products and special offers.

Your consent.

5. How and Why We Share Your Information

We do not sell your Personal Data. We may share your information with third parties only in the following circumstances:

With Your Consent: We will share Personal Data with companies, organizations, or individuals outside of Heylean when we have your explicit consent to do so.
With Affiliates: We may share your information with our corporate affiliates to help provide, maintain, and improve our Services.
With Service Providers (Data Processors): We provide Personal Data to trusted business partners or persons to process it for us, based on our instructions and in compliance with this Privacy Policy and any other appropriate confidentiality and security measures. For example, we use service providers to operate our data centers, deliver our products, and provide customer support.
For Legal Reasons: We will share Personal Data if we have a good-faith belief that access, use, preservation, or disclosure of the information is reasonably necessary to:
- Meet any applicable law, regulation, legal process, or enforceable governmental request.
- Enforce applicable Terms of Conditions, including investigation of potential violations.
- Detect, prevent, or otherwise address fraud, security, or technical issues.
- Protect against harm to the rights, property, or safety of Heylean, our users, or the public as required or permitted by law.
In Case of a Corporate Transaction: If Heylean is involved in a merger, acquisition, or asset sale, we will continue to ensure the confidentiality of your Personal Data and give affected users notice before Personal Data is transferred or becomes subject to a different privacy policy.

6. International Data Transfers

Heylean is a global company, and your Personal Data may be transferred to, stored, and processed in countries other than your own, including the United States. These countries may have data protection laws that are different from the laws of your country.

When we transfer Personal Data from the European Economic Area (EEA), the UK, or Switzerland to other countries, we use legal mechanisms to ensure your data is appropriately protected. This includes:

Relying on an adequacy decision from the European Commission where applicable.
Utilizing the EU-U.S. Data Privacy Framework (DPF) and the UK Extension to the DPF, for which we are certified.
Implementing Standard Contractual Clauses (SCCs) approved by the European Commission.

7. Your Privacy Rights

Depending on your location, you may have certain rights regarding your Personal Data. We are committed to facilitating the exercise of these rights.

7.1. General Rights

You have the right to access, correct, update, or request deletion of your Personal Data. You can also object to the processing of your Personal Data, ask us to restrict processing, or request portability of your data. To exercise these rights, please contact us using the details provided in the "Contact Us" section below.

7.2. Rights for Residents of the EEA, UK, and Switzerland

If you are a resident of the European Economic Area (EEA), the United Kingdom, or Switzerland, you have the following data protection rights under the GDPR:

Right of Access: To request information about and access to your Personal Data.
Right to Rectification: To request that we correct or update your Personal Data.
Right to Erasure ("Right to be Forgotten"): To request that we delete your Personal Data.
Right to Restrict Processing: To request that we temporarily or permanently stop processing all or some of your Personal Data.
Right to Object: To object to us processing your Personal Data, particularly for direct marketing purposes.
Right to Data Portability: To request a copy of your Personal Data in an electronic format and the right to transmit that data to another controller.
Right to Withdraw Consent: Where you have provided consent, you have the right to withdraw it at any time.
Right to Lodge a Complaint: You have the right to lodge a complaint with a data protection authority about our collection and use of your Personal Data.

7.3. Rights for U.S. Residents (e.g., California, Virginia)

If you are a resident of a U.S. state with a comprehensive privacy law, such as California (CCPA/CPRA) or Virginia (VCDPA), you may have additional rights, including:

Right to Know/Access: The right to know what personal information we have collected about you, including the categories of information, sources, purposes of collection, and categories of third parties to whom we have disclosed it.
Right to Delete: The right to request the deletion of your personal information, subject to certain exceptions.
Right to Correct: The right to request the correction of inaccurate personal information.
Right to Opt-Out of Sale/Sharing: We do not "sell" personal information in the traditional sense. However, under some state laws, sharing data for targeted advertising may be considered a "sale" or "sharing." You have the right to opt out of this activity.
Right to Limit Use of Sensitive Personal Information: The right to limit the use and disclosure of your sensitive personal information to that which is necessary to perform the services or provide the goods reasonably expected.
Right to Non-Discrimination: The right not to be discriminated against for exercising your privacy rights.

To exercise these rights, please contact us at privacy.policy.external.unclassified@heylean.com or through the methods described in the "Contact Us" section.

8. Data Security

We work hard to protect you and Heylean from unauthorized access, alteration, disclosure, or destruction of information we hold. We implement a variety of technical and organizational security measures appropriate to the risk, including:

Using encryption (such as SSL/TLS) to keep your data private while in transit and at rest.
Employing network security measures like firewalls and intrusion detection/prevention systems.
Regularly reviewing our information collection, storage, and processing practices, including physical security measures, to prevent unauthorized access to our systems.
Restricting access to Personal Data to Heylean employees, contractors, and agents who need that information in order to process it ("need-to-know" basis). Anyone with this access is subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.

9. Data Retention

We retain Personal Data for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements. When the retention period expires or the purpose for processing is no longer valid, your data will be securely deleted or anonymized in accordance with applicable laws.

10. Cookies and Similar Technologies

We use cookies and similar tracking technologies on our websites and services to enhance user experience, improve our services, and ensure security. For more detailed information, please refer to our separate Cookie Policy.

11. Children's Privacy

Our Services are not directed to children under the age of 16, and we do not knowingly collect Personal Data from children under 16. If we become aware that we have collected Personal Data from a child under 16, we will take steps to delete such information from our files as soon as possible.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in legal regulations or our company policies. We will not reduce your rights under this Privacy Policy without your explicit consent. The date of the last update is indicated at the top of the page. For significant changes, we will provide a more prominent notice.

13. Contact Us

If you have any questions, comments, or requests regarding this Privacy Policy or our data processing practices, please do not hesitate to contact us:

Email: privacy.policy.external.unclassified@heylean.com

Mailing Address
Attn: Legal Department (Privacy)
Heylean International, Inc.
651 N Broad St. Suite 206
Middletown, Delaware, 19709, United States

LEARN US

WHAT WE DO

LET'S DO TOGETHER

LEARN