GDPR Compliance

How PolyLogue complies with the General Data Protection Regulation

Our Commitment to GDPR Compliance

PolyLogue is committed to protecting your personal data and complying with the General Data Protection Regulation (GDPR). This page explains how we ensure compliance with GDPR principles.

1. Lawful Basis for Processing

We process your personal data on the following legal grounds:

  • Contractual Necessity: To provide our subscription service and access to AI models
  • Legitimate Interests: To improve our service and ensure security
  • Consent: For marketing communications (where applicable)
  • Legal Obligation: To comply with financial and tax regulations

2. Data Subject Rights

Under GDPR, you have the following rights:

  • Right to Access: You can request a copy of your personal data.
  • Right to Rectification: You can request correction of inaccurate data.
  • Right to Erasure: You can request deletion of your data under certain circumstances.
  • Right to Restrict Processing: You can request that we limit how we use your data.
  • Right to Data Portability: You can request your data in a structured, commonly used format.
  • Right to Object: You can object to certain types of processing.

To exercise any of these rights, please contact us at office@hypen.ro.

3. Data Protection Measures

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption of sensitive data
  • Secure authentication systems
  • Regular security assessments
  • Staff training on data protection
  • Restricted access to personal data

4. International Data Transfers

If we transfer your data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.

5. Data Protection Officer

While not required for our organization size, we have appointed a data protection contact person who can be reached at dpo@hypen.ro for any data protection concerns or inquiries.

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

  • Account information: For as long as your account is active, plus a retention period after account closure
  • Subscription data: As required by tax and financial regulations (typically 7 years)
  • Conversation history: For a maximum of 12 months, unless you delete it earlier
  • Usage logs: 90 days for security and debugging purposes

7. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours. If the breach poses a high risk to your rights and freedoms, we will also notify you directly.

8. Data Processing Agreements

We have data processing agreements in place with all third-party providers who process personal data on our behalf, ensuring they comply with GDPR requirements.

9. Data Protection Impact Assessments

We conduct Data Protection Impact Assessments (DPIAs) for processing activities that may pose a high risk to your rights and freedoms.

10. Contact Information

For any GDPR-related inquiries, please contact:

Data Protection Team
PolyLogue
bvd. Prof. Dimitrie Mangeron nr 65
Iasi, Romania
Email: dpo@hypen.ro

You also have the right to lodge a complaint with your local data protection authority if you believe that we have not complied with applicable data protection laws.