Hatthi - Privacy Policy

Hatthi – Privacy Policy

v1 from 15.01.2025

This document outlines the personal data processed by Hatthi explaining how and where it is used, the protective measures in place, access to it, sharing practices, and your rights in compliance with EU Regulation 2016/679 (GDPR).
As Hatthi operates as a B2B SaaS, the majority of the data processed is company-related. However, personal data of employees of the Beneficiaries, may also be used on Hatthi when creating an account or when contacting us. In strict compliance with GDPR, Hatthi treats all information that may identify a physical person as personal data and ensures appropriate protection.
This Privacy Policy applies to the personal data processed by Hatthi as a data controller on its website.
All definitions found in the Terms and Conditions are applicable to this document and are supplemented with definitions from GDPR Regulation.

1. Data Collection

When a Beneficiary registers on Hatthi, we request the representative’s company data. This may include basic personal data of the company, such as name, telephone number, or email address.
Data may also be collected from Hatthi’s Beneficiaries or visitors when using interactive website tools like customer reviews, posts, or other materials, or during contact through email, telephone, postal mail, or any other communication method, including online communication tools and social media.
For website visitors, technical data necessary for proper website usage is collected, unless specific consent is given for other services (e.g., subscribing to the newsletter or contacting Hatthi).

2. Data Usage

The data collected, as described above, is used for the following purposes:

2.1. Providing Hatthi Services Hatthi is SaaS platform that aims to ease the process of building POC or MVP products for scalable and maintainable Laravel applications, but it can also be used to manage existing, or "grown up" Laravel projects at scale

2.2. Contact and Support Hatthi users may be contacted via phone or email to resolve or process a technical issue, request feedback, or discuss any review, post, or similar communication made on the site.

2.3. Newsletter / Email updates Any person who is subscribed to the newsletter or product updates will receive regular updated information via email. Of course, the person may unsubscribe at any time via email or when opting out when completing the initial form.

2.4. Technical Data

IP Address: IP addresses are processed to identify and prevent fraud. Specific IP addresses may be blocked if they are associated with spam or other malicious activities.
Cookies: Cookies may be collected by Hatthi as described below. Most of the cookies we use are first-party cookies added and managed by Hatthi and have a functional purpose.

Third-Party Cookies

In some special cases, we also use cookies provided by trusted third parties. The following section details which third-party cookies you might encounter through this site.

The Hatthi website uses Google Analytics, which is one of the most widespread and trusted analytics solution on the web for helping us understand how you use the site and ways that we can improve your experience. These cookies may track things such as how much time you spend on the site and the pages that you visit so we can continue to produce engaging content.

Disabling Cookies

You can change the cookie settings by adjusting the settings on your browser (see your browser’s Help section for how to do this) or use a plugin that does that for you – either for first-party or third-party cookies. Without our first-party cookies, the website functionality, including login, might not work.

3. Legal Basis

Below is a summary of the legal basis for each activity.

Type of Activity

Receiving data as a user of the Hatthi – the legal basis for this action is Legitimate Interest, and individuals have the right to object to this processing based on legitimate interests. In the exceptional case when the Hatthi user is a physical person, the legal basis is the contract with the data subject.
Sending emails about other updates or newsletter with similar products and services to your professional email address provided at registration – the legal basis for this action is Legitimate Interest, and individuals have the right to object to this processing based on legitimate interests, including objecting to direct marketing. (based on Recital 47 of GDPR and Romanian law 506/2004, art 12 (2) that is implementing the EU E-privacy directive).

Additionally, no data is used for decisions based solely on automated processing, including profiling, that produces legal effects or similarly significantly affects individuals.

4. Transferring Your Data

In providing its services, Hatthi cooperates with third-party service providers who act as data processors to assist in providing marketplace services. These service providers are in principle Amazon Web Services (for hosting services) and Stripe (only in case of online payments). All necessary contracts and agreements are in place with these providers to ensure compliance with legal and privacy protection requirements.

Essentially, Hatthi will not reveal any personal data about its users to third parties, except as mentioned in the exceptions below.

Exceptions include disclosure of personal data to competent authorities upon their legal request and in accordance with applicable laws, or whenever necessary to protect the rights and interests of clients and Hatthi.

As far as Hatthi is concerned as a data controller in cases where data needs to be transferred to a country without similar protection, reasonable efforts will be made to ensure the recipient of the data complies with the highest international privacy standards. This may include being located in a country offering an adequate level of personal data protection according to European Union standards (art 45 GDPR) or other appropriate safeguards, including Standard Contractual Clauses (art 46.2 GDPR).

5. Storing Data

Data will be retained only for as long as necessary for its intended purpose and/or as legally required.

Account-related personal data will be retained for the entire period while the Beneficiary, or user account is open and for 3 (three) years after its closure. This is to ensure proper fulfillment of the contract between the involved companies or for the establishment, exercise, or defense of legal claims between the parties.
Other data, such as support activities, will be kept for a period of up to 5 (five) years from the date and time the support activities were provided, unless the conditions mentioned in the preceding paragraph apply.
Legitimate interest-based communication data will be stored until an objection is raised or interest is no longer shown in the products and services, unless the conditions mentioned in the first paragraph of this section apply.
If data is collected based on consent, it will be kept until consent is withdrawn or interest is no longer shown in the products and services.

In all the aforementioned cases, log data and other metadata might be retained for unsubscribing or data deletion, in the event a complaint is received or for the establishment, exercise, or defense of legal claims.

If an individual is provided with an username, a password, or any other piece of information as part of the security procedures, they must treat such information as confidential and not disclose it to any other person.

6. Privacy Rights under GDPR

The General Data Protection Regulation (GDPR) provides the data subjects with various privacy rights, many of which have been outlined in previous sections. Here are the data protection rights explained in detail.

Right of Access: The data subject, holds the right to request a copy of the personal information held by Hatthi at any time. This includes verifying the lawful processing of this data.
Right of Rectification: Should the personal information held by Hatthi be inaccurate, outdated, or incomplete, the data subject has the right to request rectification or completion.
Right of Erasure: Under specific circumstances (e.g., when the information is no longer necessary for the purposes for which it was collected or processed or when consent was the legal basis), the data subject can request the erasure of personal information held by Hatthi.
Right to Object or Restrict Processing: In certain situations, the data subject may object to Hatthi’s processing of their personal information. For example, if Hatthi processes the data subject’s information based on legitimate interests and there are no compelling legitimate grounds that override the data subject’s rights and interests.
Right of Data Portability: In certain instances, the data subject is entitled to receive any personal information held by Hatthi in a structured, commonly used, and machine-readable format.
Right to Withdraw Consent: In limited circumstances where the data subject provided consent for the collection, processing, and transfer of their personal information for a specific purpose, they have the right to withdraw their consent for that specific processing at any time. To exercise this right, the client should contact Hatthi at info@stx-software.com

Exercising These Rights

The data subject can exercise their right to withdraw consent and any other rights granted by GDPR by notifying Hatthi via email at info@stx-software.com. Alternatively, the client can write to Hatthi at the provided postal address or inform Hatthi if they prefer to communicate via telephone or other means.
The data subject also has the right to file a complaint with a competent supervisory authority or lodge a complaint in a competent court of law.
This Privacy Policy was adopted on the date indicated in the document’s title and will be revised whenever necessary without prior or subsequent notice of the changes. The new version will take effect upon publication on the website and will be appropriately marked. The current document is accessible at https://hatthi.stx-software.com/privacy