Privacy Policy

PRIVACY POLICY

Hael Global Limited
Effective Date: 7 May 2025
Last Updated: 7 May 2025

1. INTRODUCTION

Hael Global Limited (company number 16497076) ("Hael," "we," "us," or "our") provides stablecoin-based financial services through our website at www.hael.ai and associated mobile applications (collectively, the "Platform"). This Privacy Policy describes how we collect, use, disclose, and protect personal information in connection with the Platform and our services.

By accessing the Platform or using our services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, you should not use the Platform or our services.

2. DATA CONTROLLER AND CONTACT INFORMATION

Hael Global Limited is the data controller responsible for your personal information.

Contact Details:
Email: hello@hael.ai
Registered Office: England and Wales

For questions relating to this Privacy Policy or to exercise your data protection rights, contact us at the email address above.

Supervisory Authority:
You have the right to lodge a complaint with the Information Commissioner's Office (ICO) in the United Kingdom or your local data protection authority. We request the opportunity to address your concerns directly before you contact the supervisory authority.

3. INFORMATION WE COLLECT

3.1 Identity and Contact Information

Full legal name, date of birth, nationality
Residential address, email address, telephone number
Government-issued identification documents (passport, national ID card, driver's license)
Photographic identification and biometric verification data (facial recognition for identity verification)

3.2 Financial Information

Bank account details (account number, sort code, IBAN, SWIFT/BIC)
Payment card information (card number, expiration date, CVV)
Blockchain wallet addresses
Transaction history (amounts, dates, counterparties, purposes)
Source of funds documentation

3.3 Compliance and Verification Data

Information collected to comply with anti-money laundering (AML) and counter-terrorist financing (CTF) obligations
Sanctions screening results
Politically exposed person (PEP) status
Beneficial ownership information (for business accounts)
Tax identification numbers where legally required

3.4 Technical and Usage Data

IP address, device identifiers, browser type and version
Operating system, time zone settings
Log data including access times, pages viewed, features used
Geolocation data (approximate location based on IP address)
Session information and authentication logs

3.5 Communications

Customer support correspondence
Feedback, survey responses, and complaints
Marketing preferences and communication history

We do not intentionally collect special categories of personal data (racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, biometric data used solely for identification, health data, or data concerning sex life or sexual orientation) except where required by applicable law or with your explicit consent.

4. HOW WE COLLECT INFORMATION

4.1 Direct Collection

You provide information when you:

Create an account or complete identity verification
Initiate transactions or update account details
Contact customer support or provide feedback
Subscribe to marketing communications

4.2 Automated Collection

We automatically collect technical and usage data through cookies, server logs, and similar technologies when you interact with the Platform.

4.3 Third-Party Sources

We obtain information from:

Identity verification service providers
Payment processors and financial infrastructure providers
Banking partners
Blockchain networks (publicly available transaction data)
Credit reference agencies and fraud prevention services
Publicly available sources (corporate registries, sanctions lists, regulatory databases)

5. LEGAL BASIS FOR PROCESSING

We process personal information only where we have a lawful basis. Our legal bases include:

5.1 Contract Performance

Processing necessary to provide our services, including account creation, transaction processing, and customer support.

5.2 Legal Obligation

Processing necessary to comply with:

Anti-money laundering and counter-terrorist financing regulations (UK Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017, as amended)
Financial sanctions obligations (OFAC, EU, UN sanctions regimes)
Tax reporting requirements
Court orders, law enforcement requests, and regulatory inquiries

5.3 Legitimate Interests

Processing necessary for our legitimate business interests, including:

Fraud prevention and security monitoring
Risk management and transaction monitoring
Product development and service improvement
Direct marketing to existing customers (with right to opt out)

5.4 Consent

Where required by law or where no other legal basis applies, we obtain your explicit consent before processing your personal information.

6. HOW WE USE YOUR INFORMATION

6.1 Service Delivery

Account creation, maintenance, and authentication
Transaction processing, execution, and settlement
Customer identification and verification (KYC)
Provision of payment instructions and account details

6.2 Compliance and Risk Management

AML/CTF screening and ongoing monitoring
Sanctions compliance screening
Fraud detection and prevention
Transaction monitoring for suspicious activity
Regulatory reporting to financial intelligence units and law enforcement

6.3 Customer Support and Communication

Responding to inquiries and resolving disputes
Notifying you of account activity, service updates, or security alerts
Sending transactional communications (deposit confirmations, withdrawal notifications)

6.4 Business Operations

Internal record-keeping and audit
Analytics and performance measurement
Product development and service enhancement
Marketing and promotional communications (where you have consented or where permitted by law)

6.5 Legal and Enforcement

Enforcing our Terms of Service and other agreements
Protecting our rights, property, and safety, and those of our users and the public
Defending legal claims and cooperating with law enforcement

7. DATA SHARING AND DISCLOSURE

7.1 Service Providers

We share personal information with third-party service providers who perform functions on our behalf, including:

Platform and Technology Infrastructure:

Cloud hosting and data storage providers
Platform infrastructure and API services
Database management and backup services

Financial Services:

Payment processors and transaction execution providers
Custody and digital asset management services
Banking and payment rail providers
Card issuing and processing services
Stablecoin infrastructure providers

Compliance and Security:

Identity verification and KYC service providers
AML/CTF screening and transaction monitoring services
Fraud detection and prevention services
Blockchain analytics and wallet screening providers
Cybersecurity and information security services

Business Operations:

Customer support platforms
Email and communication services
Analytics and performance measurement tools
Marketing and advertising platforms

Professional Services:

Legal advisers and external counsel
Accountants and auditors
Compliance consultants
Insurance providers

These service providers are contractually obligated to process personal information only for specified purposes and in accordance with our instructions and applicable data protection laws.

7.2 Regulatory and Law Enforcement Authorities

We disclose personal information when required by law or in response to valid legal process, including:

Financial intelligence units and anti-money laundering authorities
Tax authorities
Financial services regulators
Law enforcement agencies pursuant to court orders, subpoenas, or warrants
Government agencies with lawful authority

7.3 Business Transfers

If Hael is involved in a merger, acquisition, asset sale, or bankruptcy, personal information may be transferred to the acquiring entity. We will notify affected users and provide options regarding their personal information where required by law.

7.4 Blockchain Disclosure

Cryptocurrency transactions are recorded on public blockchains. Once a transaction is broadcast to a blockchain network, the transaction details (including wallet addresses and amounts) become publicly visible and permanently recorded. We cannot delete or modify blockchain transaction records.

7.5 Fraud Prevention Networks

We may share information with fraud prevention agencies and financial crime intelligence networks to prevent fraud, money laundering, and terrorist financing.

7.6 With Your Consent

We may share personal information for purposes not described in this Privacy Policy where we have obtained your explicit consent.

We do not sell, rent, or trade personal information to third parties for their marketing purposes.

8. INTERNATIONAL DATA TRANSFERS

Our service providers operate globally, which may require transferring your personal information outside your country of residence, including to the United States, European Economic Area, and other jurisdictions.

8.1 Transfer Safeguards

We implement appropriate safeguards for international transfers:

Standard Contractual Clauses: Approved by the European Commission or UK Information Commissioner's Office
Adequacy Decisions: Transfers to countries deemed to provide adequate data protection
Data Privacy Framework: Transfers to certified organizations under applicable privacy frameworks

8.2 Categories of Transfers

We may transfer personal information internationally to:

Cloud infrastructure providers (data storage and processing)
Payment processors and financial infrastructure providers
Identity verification and compliance services
Customer support platforms
Analytics and marketing services

9. DATA RETENTION

9.1 Deletion Process

Upon expiration of retention periods, we securely delete or anonymize personal information unless extended retention is required by law or ongoing legal proceedings. Anonymized data may be retained indefinitely for statistical and research purposes.

10. DATA SECURITY

We implement technical and organizational measures to protect personal information against unauthorized access, loss, destruction, or alteration:

Encryption: Industry-standard encryption for data in transit and at rest
Access Controls: Role-based access with multi-factor authentication; least privilege principle
Network Security: Firewalls, intrusion detection systems, DDoS protection
Monitoring: Continuous security monitoring, automated threat detection, comprehensive audit logging
Vendor Management: Due diligence and contractual security requirements for all service providers
Incident Response: Documented breach notification procedures compliant with applicable law

No security system is impenetrable. While we implement reasonable security measures appropriate to the risk, we cannot guarantee absolute security of personal information.

11. YOUR RIGHTS

Depending on your jurisdiction, you may have the following rights:

11.1 Access

Request copies of your personal information and confirmation of processing activities.

11.2 Rectification

Correct inaccurate or incomplete personal information. Identity documents require re-verification if updated.

11.3 Erasure

Request deletion of personal information where no legal obligation to retain it exists. We must retain compliance records (identity verification, transaction history) for 7 years after account closure under anti-money laundering regulations.

11.4 Restriction of Processing

Request temporary suspension of processing in specific circumstances (e.g., disputing data accuracy).

11.5 Data Portability

Receive your personal information in structured, machine-readable format (JSON) and transmit to another controller where technically feasible.

11.6 Objection

Object to processing based on legitimate interests. We will cease processing unless we demonstrate compelling legitimate grounds overriding your interests or legal claims require continued processing.

11.7 Automated Decision-Making

We do not make solely automated decisions with legal or similarly significant effects. Transaction monitoring uses automated systems, but decisions to suspend accounts or report suspicious activity involve human review.

11.8 Withdraw Consent

Withdraw consent for processing based on consent at any time. This does not affect the lawfulness of processing before withdrawal.

11.9 Exercising Your Rights

Submit requests to hello@hael.ai. We will verify your identity before fulfilling requests and respond within one month (extendable to three months for complex requests with notification).

We may decline requests that are manifestly unfounded, excessive, or would compromise the rights of others or conflict with legal obligations.

12. COOKIES AND TRACKING TECHNOLOGIES

We use cookies and similar technologies (web beacons, pixels, local storage) to:

Authenticate users and prevent fraud
Remember preferences and settings
Analyze Platform usage and performance
Deliver targeted advertising (with consent where required)

Essential Cookies: Required for Platform functionality (session management, security). No consent required.
Analytics Cookies: Measure usage and improve services. Consent required in certain jurisdictions.
Marketing Cookies: Deliver personalized advertising. Consent required.

Manage cookie preferences through browser settings or our cookie consent tool. Disabling essential cookies may impair Platform functionality.

For detailed information, see our Cookie Policy.

13. CHILDREN'S PRIVACY

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from minors. If we discover we have collected information from a minor, we will delete it promptly. Parents or guardians who believe we have collected information from a minor should contact us immediately.

14. MARKETING COMMUNICATIONS

14.1 Opt-In and Opt-Out

We send marketing communications only where you have consented or where permitted under applicable law (e.g., soft opt-in for existing customers).

Opt out at any time by:

Clicking "unsubscribe" in email communications
Updating preferences in account settings
Emailing hello@hael.ai

14.2 Transactional Communications

You cannot opt out of transactional communications (account notifications, security alerts, regulatory notices) as these are necessary for service delivery and legal compliance.

15. THIRD-PARTY LINKS

The Platform may contain links to third-party websites and services not controlled by Hael. This Privacy Policy does not apply to third-party sites. We are not responsible for third-party privacy practices. Review the privacy policies of any third-party sites you visit.

16. JURISDICTION-SPECIFIC PROVISIONS

16.1 European Economic Area and United Kingdom

If you reside in the EEA or UK, you have rights under the General Data Protection Regulation (EU GDPR) or UK GDPR as described in Section 11. Our lawful bases for processing are set out in Section 5.

Data Protection Officer: Contact hello@hael.ai for data protection inquiries.

16.2 United States

California Residents: California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide specific rights including the right to know what personal information is collected, the right to delete personal information, and the right to opt out of sale or sharing of personal information. We do not sell personal information. Exercise CPRA rights by contacting hello@hael.ai.

Nevada Residents: Nevada Revised Statutes Chapter 603A provides opt-out rights for sale of personal information. We do not sell personal information.

Other States: Residents of Colorado, Connecticut, Utah, Virginia, and other states with comprehensive privacy laws have rights including access, deletion, correction, and opt-out of targeted advertising. Contact hello@hael.ai to exercise these rights.

16.3 Other Jurisdictions

We comply with applicable data protection laws in all jurisdictions where we operate. Contact us for jurisdiction-specific information.

17. DO NOT TRACK SIGNALS

We do not currently respond to "Do Not Track" browser signals due to lack of industry consensus on implementation standards. Manage tracking preferences through our cookie consent tool.

18. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy to reflect changes in our practices, legal requirements, or business operations. Material changes will be notified by:

Email to registered users (if email address provided)
Prominent notice on the Platform
Updated "Last Updated" date

Continued use of the Platform after changes constitutes acceptance of the updated Privacy Policy. If changes materially affect how we process your personal information, we will obtain fresh consent where required by law.

19. CONTACT US

For questions, concerns, or requests regarding this Privacy Policy or our data practices:

Email: hello@hael.ai

Data Protection Officer: Contact via email above

Complaints: We aim to resolve privacy concerns promptly. If dissatisfied with our response, you may lodge a complaint with:

UK: Information Commissioner's Office (ico.org.uk)
EEA: Your local data protection supervisory authority
US (California): California Attorney General

Hael Global Limited (Company No. 16497076)
Registered in England and Wales