General Data Protection Regulation (GDPR) and AI Act Compliance Policy

1. Introduction

This policy outlines how HiliosAI Corporation ("we," "our," or "us") complies with the General Data Protection Regulation (GDPR) and the European Union Artificial Intelligence Act (AI Act). We are committed to protecting the privacy and data of our users, ensuring transparency in how we collect, process, store, and share personal data, and maintaining responsible practices when deploying artificial intelligence (AI) systems.

2. Definitions

Personal Data: Any information that identifies or can be used to identify an individual.
Data Subject: An individual whose personal data is processed.
Processing: Any operation performed on personal data, including collection, storage, use, and deletion.
Data Controller: The entity that determines the purpose and means of processing personal data.
Data Processor: The entity that processes data on behalf of the data controller.
AI System: A machine-based system that performs tasks requiring intelligence, such as decision-making, predictions, or recommendations.

3. Data Collection

We collect personal data only as necessary for the purpose of providing our services. This includes:

Name
Email address
Phone number
Payment information
IP address
Any other data explicitly provided by the user through forms or interactions with our services.

4. Legal Basis for Processing

We process personal data based on the following legal grounds:

Consent: When you have explicitly provided your consent.
Contractual Necessity: To fulfill a contract or provide a requested service.
Legal Obligation: To comply with legal requirements.
Legitimate Interest: When processing is necessary for our legitimate interests, provided it does not override your rights and freedoms.

5. Purpose of Data Processing

We process your personal data for the following purposes:

Providing and improving our services.
Processing transactions and sending notifications.
Responding to inquiries and support requests.
Sending marketing communications (with consent).
Complying with legal obligations.

6. AI System Usage and Compliance

In compliance with the AI Act, we ensure that:

AI systems deployed on our website are designed and developed in accordance with the principles of transparency, fairness, and accountability.
Any high-risk AI systems undergo rigorous assessment to ensure compliance with safety, accuracy, and security requirements.
Users are informed when interacting with AI systems and are provided with clear explanations of how AI-based decisions are made.
Mechanisms are in place for users to contest automated decisions and seek human review where applicable.

7. Data Retention

We retain personal data only as long as necessary for the purposes stated above or as required by law. Once the retention period expires, data will be securely deleted or anonymized.

We do not sell or rent personal data. We may share personal data with:

Service providers and partners who process data on our behalf.
Legal authorities when required by law.
Third parties with your explicit consent.

9. Your Rights

As a data subject, you have the following rights:

Access: Request access to your personal data.
Rectification: Request correction of inaccurate data.
Erasure: Request deletion of your data ("Right to be Forgotten").
Restriction: Request restriction of processing.
Data Portability: Request transfer of your data to another service provider.
Objection: Object to processing based on legitimate interest or for marketing purposes.
Withdrawal of Consent: Withdraw consent at any time.

To exercise these rights, contact us at hi@hilios.ai.

10. Data Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, or alteration. These measures include:

Data encryption
Secure access controls
Regular security assessments

11. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your browsing experience on our website. A cookie is a small text file stored on your device when you visit our website.

11.1 Categories of Cookies We Use

a) Strictly Necessary Cookies

Essential for website functionality
Cannot be disabled
Duration: Session/Persistent (max 1 year)
Example: Authentication, shopping cart

b) Functional Cookies

Enable enhanced functionality and personalization
Can be disabled but may affect user experience
Duration: Session/Persistent (max 1 year)
Example: Language preferences, user settings

c) Analytics Cookies

Help us understand how visitors use our website
Can be disabled
Duration: Persistent (max 2 years)
Example: Google Analytics

d) Marketing Cookies

Used to track visitors across websites
Require explicit consent
Duration: Persistent (max 1 year)
Example: Social media plugins, advertising

You can manage your cookie preferences through our cookie consent banner.
Browser settings can be adjusted to refuse cookies.
Blocking certain cookies may impact website functionality.

11.3 Third-Party Cookies

We use the following third-party cookies:

Google Analytics (analytics)
Facebook Pixel (marketing)
[List other third-party cookies]

For detailed information about these third-party cookies, please visit their respective privacy policies.

12. Third-Party Links

Our website may include links to third-party websites. We are not responsible for their privacy practices and encourage you to review their policies.

13. Policy Updates

We may update this policy from time to time to reflect changes in regulations or our practices. Updates will be posted on this page with a revised "Last Updated" date.

14. Records of Processing Activities

We maintain detailed records of our processing activities, including:

Categories of data subjects and personal data
Purposes of processing
Categories of recipients
International transfers
Retention periods
Technical and organizational security measures

15. Data Breach Notification

In case of a personal data breach, we will:

Notify the relevant supervisory authority within 72 hours.
Inform affected individuals without undue delay if high risk.
Document all breaches and remedial actions.

16. Contact Us

For questions or concerns about this policy or our data practices, contact us:

HILIOSAI Corporation
72 Flr., Landmark 81, Vinhomes Central Park, 720A Dien Bien Phu Street, HCMC, Vietnam
hi@hilios.ai
Tel: +84-3-7645 5022

Last Updated: February 1st, 2025

Disclaimer: This policy template is provided for informational purposes only and does not constitute legal advice. Consult a legal professional to ensure full compliance with GDPR, AI Act, and other applicable laws.

1. Introduction​

2. Definitions​

3. Data Collection​

4. Legal Basis for Processing​

5. Purpose of Data Processing​

6. AI System Usage and Compliance​

7. Data Retention​

8. Data Sharing​

9. Your Rights​

10. Data Security​

11. Cookies and Tracking Technologies​

11.1 Categories of Cookies We Use​

a) Strictly Necessary Cookies​

b) Functional Cookies​

c) Analytics Cookies​

d) Marketing Cookies​

11.2 Cookie Management​

11.3 Third-Party Cookies​

12. Third-Party Links​

13. Policy Updates​

14. Records of Processing Activities​

15. Data Breach Notification​

16. Contact Us​