// policies
Halborn Revised Privacy Policy
Last Modified: April 9, 2025
We take your privacy very seriously. Please read this privacy policy carefully as it contains important information on who we are and our information practices, meaning how and why we collect, use, disclose, sell, share, store, and retain your personal information. It also explains your rights in relation to your personal information and how to contact us or supervisory authorities in the event you have a complaint or request.
We collect, use, and are responsible for certain personal information about you. When we offer goods and services to individuals in the European Economic Area (EEA), we are subject to the EU General Data Protection Regulation (EU GDPR), which applies across the entire European Union. For California consumers, we are subject to the California Consumer Privacy Act of 2018 (CCPA), as amended by the California Privacy Rights Act of 2020 (CPRA). We are responsible as a "controller" of that personal information for the purposes of the GDPR. We are responsible for your personal information as a "business" under the CCPA/CPRA.
I. Introduction
Scope: This Privacy Policy applies to all personal information collected by Halborn Inc. (“Halborn”, “we”, “us”, “our”) through its website, services, and other channels, including communications and interactions with us. This policy describes how Halborn collects, uses, discloses, and protects your personal information. It also explains your rights and choices regarding your personal information. This Privacy Policy applies to all users globally, with specific provisions for residents of certain jurisdictions as required by applicable law.
Halborn Entities: Halborn Inc., a Delaware corporation, is the data controller for the personal information collected under this Privacy Policy. Halborn Global Limited, a BVI business company (“Halborn BVI”) and Halborn Swiss GmbH, a Swiss limited liability company (“Halborn Swiss”), are subsidiaries of Halborn Inc., but they do not act as data controllers under this policy. These entities may process personal information on behalf of Halborn Inc., solely as processors.
Policy Updates: We may update this Privacy Policy from time to time. We will post any changes on this page and update the "Last Modified" date at the top. We encourage you to review this Privacy Policy periodically. For significant changes, we may provide additional notice (e.g., email notification). Your continued use of our website and services after any changes to this Privacy Policy constitutes your acceptance of the revised policy.
II. Definitions
Controller: The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal information.
Personal Information:
For California Consumers: "Personal Information" means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.
For EEA, UK Residents: "Personal Information" means any information relating to an identified or identifiable natural person (“Data Subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Sensitive Personal Information: A subset of Personal Information that reveals (1) a consumer's social security number, driver's license number, state identification card number, passport number, account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; (2) precise geolocation; (3) racial or ethnic origin, religious or philosophical beliefs, or union membership; (4) the contents of a consumer's mail, email, and text messages, unless the business is the intended recipient of the communication; (5) genetic data; (6) biometric information processed for the purpose of uniquely identifying a consumer; (7) personal information collected and analyzed concerning a consumer's health; or (8) personal information collected and analyzed concerning a consumer's sex life or sexual orientation. Sensitive Personal Information that is "publicly available" is not considered sensitive personal information.
Processing: Any operation or set of operations which is performed on personal information or on sets of personal information, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Processor: A natural or legal person, public authority, agency or other body which processespersonal information on behalf of the controller.
Sale: "Sale" or "selling" means the selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating a consumer's personal information to a third party for monetary or other valuable consideration. We have not sold any personal information in the preceding twelve months and will not do so in the future without providing you with notice andan opportunity to opt-out of such sale or sharing.
Share: "Share" or "sharing" means the disclosure, transfer, making available, or communication of a consumer's personal information party for cross-context behavioral advertising. This refers specifically to when we enable the use of your personal information for advertising based on your activities across different businesses, websites, apps, or services that are distinctly branded from those you intentionally interact with. We have not shared any personal information in the preceding twelve months and will not do so in the future without providing you with notice and an opportunity to opt-out of such sale or sharing.
III. Information We Collect
In the preceding 12 months, we have collected, processed, and disclosed the following categories of personal information for the business purposes outlined in Section IV:
Identifiers: Such as your name, email address, postal address, phone number, IP address, onlineidentifiers, account usernames, and other similar identifiers.
Customer Records Information: Similar to Identifiers, plus signature, physical characteristics or description, state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information.
Protected Classification Characteristics under California or Federal Law:Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or militarystatus, genetic information (including familial genetic information).
Commercial Information: Records of personal property, products or services purchased,obtained, or considered, or other purchasing or consuming histories or tendencies.
Internet or Other Similar Network Activity:Browsing history, search history, and information on a consumer's interaction with a website, application, or advertisement.
Geolocation Data: IP addresses and general location.
Professional or Employment-Related Information:Current or past job history, and salary or performance evaluations.
Non-Public Education Information (if applicable and collected in accordance with FERPA): Education records directly related to a student maintained by an educational institution.
Inferences: Inferences drawn from any of the information identified above to create a profile about a consumer reflecting the consumer's preferences, characteristics, psychological trends,predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
In addition to the categories of personal information previously outlined, Halborn can, is, or will be collecting the following personal information through its marketing automation tools:
Email addresses;
Names;
Company names;
Job titles;
IP addresses; and
Behavioral data such as page views, form submissions, and email interactions.
We collect personal information from the following sources:
Directly from you: When you interact with our website, services, or communicate with us.
Third-party service providers: Such as payment processors, analytics providers, and marketingpartners.
Publicly available sources: Where permitted by law.
Automatically collected information: Through cookies and similar technologies when you useour website or services (see Section VI).
IT and Security Systems: Monitoring of our websites and other technical systems, such as our computer networks and connections, access control systems, communications systems, email, and instant messaging systems.
Forms and Landing Pages: When users fill out forms or interact with landing pages.
Cookies: Cookies are used to track visitor and prospect activities on our website. These cookies help in identifying returning visitors and tracking their behavior.
Email Tracking: When users interact with emails, such as opening an email or clicking on a link.
We rely on the following legal bases for processing your personal information under the GDPR:
Consent: For certain processing activities, such as marketing communications, we rely on your freely given, specific, informed, and unambiguous consent. You have the right to withdraw yourconsent at any time.
Contractual Necessity: We process personal information that is necessary for the performance ofa contract with you or to take steps at your request prior to entering into a contract.
Vital Interests: In certain limited circumstances, we may process personal information to protectyour vital interests or the vital interests of another natural person.
Legitimate Interests: We may process personal information for our legitimate interests or the legitimate interests of a third party, provided that such processing is not overridden by your interests or fundamental rights and freedoms. Our legitimate interests include operating and improving our website and services, preventing fraud and abuse, and conducting research and development. We conduct a balancing test to ensure that our legitimate interests do not outweigh your rights.
We provide several tools to manage user consent and data privacy:
Opt-In/Opt-Out: Users can opt-in or opt-out of communications through preferences set in formsand email footers.
Consent Management: We offer consent management features to track and honor user preferencesregarding data collection and communication.
Data Access and Portability: Users can request access to their data and download it. This can bemanaged through our data export tools and APIs.
Privacy Center: For more advanced data privacy management, our Privacy Center can be used to handle data subject requests, including data access, deletion, and portability.
IV. How We Use Your Information
To Provide, Improve, and Secure the Services: We use your personal information to operate, maintain, and improve our website and services; to create and manage user accounts; to process transactions and payments; to provide customer support; to communicate with you about your account or our services; and to protect our services and users from fraud, abuse, and other harmful activities. This includes using usage data to understand how our services are used and to develop new features and improvements. We may also share your personal information with our corporate group for operational services, specifically:
Halborn Global Limited and Halborn Swiss GmbH may process personal information on behalf of Halborn Inc., but they do not determine the purposes or means of processing.
Service Improvement: Analyzing usage data to understand how our services are used and to develop new features and improvements.
Personalization: Customizing your experience with our services based on your preferences and interactions.
Marketing and Communications: With your consent, we may use your personal information to send you marketing communications about Halborn products, services, and events that may be of interest to you. You can opt out of these marketing communications at any time using the unsubscribe link provided in the emails or by contacting us directly. We may also use your information to respond to your inquiries and provide you with information you have requested.
Legal and Regulatory Compliance: We may use and disclose your personal information to comply with legal obligations, such as to responding to subpoena, court order, or legal process; to respond to requests from government authorities; or to enforce our terms of service and other agreements. We may also use your information to protect the rights, property, or safety of Halborn, our users, or others.
Other Business Purposes: We may use your information for other legitimate business purposes, such as data analysis, research, and development; to improve our website and services; and to identify and prevent fraud and other illegal activities. We will only use your information for these purposes where it is necessary and proportionate, and where our legitimate interests are not overridden by your fundamental rights and freedoms.
Sale and Sharing of Personal information: We do not sell personal information. However, we may share personal information with third parties under the following circumstances specified in Section V below.
V. Who We Disclose Your Information To
Service Providers: We may disclose your personal information to third-party service providers who perform services on our behalf, such as payment processing, data analytics, email marketing, hosting, and customer support. These providers are contractually obligated to protect the confidentiality and security of your personal information and to use it only for the purposes we specify.
Business Partners: With your consent or where we have another lawful basis, we may disclose your personal information to business partners who offer products or services that may be of interest to you. We will only do this with your consent or where we have another lawful basis for disclosing the information. This disclosure is not for cross-context behavioral advertising.
Affiliates: We may disclose your personal information to our corporate affiliates (companies that control, are controlled by, or are under common control with Halborn) for business purposes, such as internal administration and data analysis. This disclosure is not for cross-context behavioral advertising.
Government Authorities: We may disclose your personal information to government authorities if required by law, such as to comply with a subpoena, court order, or legal process; to respond to requests from government agencies; or as necessary to protect the rights, property, or safety of Halborn, our users, or others.
Corporate Transactions: In the event of a merger, acquisition, bankruptcy, or other similar corporate transaction involving Halborn, your information may be disclosed to a third party as part of that transaction. We will provide notice to you of any such disclosure and the choices you may have regarding your personal information.
Aggregated and Anonymized Data: We may disclose aggregated or anonymized information that does not directly identify you with third parties for various purposes, such as research, analytics, and marketing.
VI. Cookies and Similar Technologies
Types of Cookies and Similar Technologies Used: We use cookies and similar technologies, such as web beacons, pixels, and local storage, to collect and store information about your use of our website and services.
Purpose of Cookies and Similar Technologies: We use these technologies for various purposes, including:
Essential Cookies: These cookies are necessary for the website to function properly and enable you to navigate and use its features. They are usually set in response to actions made by you, such as setting your privacy preferences, logging in, or filling in forms.
Performance and Analytics Cookies: These cookies collect information about how you use our website and services, such as the pages you visit and the links you click. This information helps us analyze website traffic and improve our services. This data is typically aggregated and anonymized.
Functionality Cookies: These cookies allow the website to remember choices you make (such as your username, language, or region) and provide enhanced, more personalized features.
Targeting and Advertising Cookies: These cookies are used to deliver advertisements that are more relevant to you and your interests. They may also be used to limit the number of times you see an advertisement and measure the effectiveness of advertising campaigns. These cookies may be set through our website by our advertising partners.
Managing Your Cookie Preferences: You can manage your cookie preferences and choose whether to accept or reject certain types of cookies through your browser settings or by using a cookie management tool provided on our website. Blocking or deleting cookies may affect the functionality of our website and services. Note that essential cookies cannot be disabled as they are required for the website to function.
Do Not Track Signals: We do not currently respond to "Do Not Track" signals from your browser.
VII. Data Security
Security Measures: We implement appropriate technical and organizational measures to protect your personal information from unauthorized access, use, disclosure, alteration, or destruction. These measures include, but are not limited to:
Access Control: Limiting access to personal information to authorized personnel on a need to-know basis.
Data Encryption: Encrypting personal information both in transit and at rest using industry standard encryption methods.
System Security: Implementing security measures to protect our systems from unauthorized access, malware, and other threats, including firewalls, intrusion detection systems, and regular security assessments.
Physical Security: Maintaining physical security measures to protect our facilities and equipment where personal information is stored.
Vendor Management: Ensuring that our third-party service providers who process personal information on our behalf implement appropriate security measures.
Employee Training: Providing regular training to our employees on data security and privacy best practices.
Data Breach Notification: In the event of a data breach, we will notify you and the relevant supervisory authorities as required by applicable law. Our notification will include, where possible, a description of the breach, the types of data affected, the steps we have taken to mitigate the breach, and the steps you can take to protect yourself.
Security Assessments and Updates: We regularly review and update our security measures to ensure they remain effective against evolving threats.
VIII. Data Retention
Retention Periods: We will retain your personal information while you have an account with us or while we are providing products or services to you. Thereafter, we will retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. Retention periods may vary depending on the category of personal information and the specific processing activity.
Data Minimization: We strive to minimize the amount of personal information we collect and retain. We regularly review our data retention practices and delete or anonymize personal information that is no longer needed.
Criteria for Determining Retention Periods: When determining retention periods, we consider various factors, including:
The purpose for which the personal information was collected.
Our legal and regulatory obligations.
Industry best practices.
The potential risks to data subjects if the data is retained for too long.
IX. Children's Privacy
Age Restriction: Our website and services are not intended for children under the age of 18. We do not knowingly collect personal information from children. If you are under the age of 18, please do not use our website or services or provide us with any personal information. If you are a parent or guardian and believe that your child under the age of 18 has provided us with personal information, please contact us immediately, and we will take steps to delete such information.
X. Contact Information; Exercising Your Rights
Data Protection Officer: If you have any questions or concerns about this Privacy Policy or our data practices, please contact our Data Protection Officer at:
Email: privacy@halborn.com
Postal Address: Halborn Inc., 114 NW 25th Street, Miami, Florida 33127 USA, Attn: Privacy and Data Protection Officer
Exercising Your Rights. If you would like to exercise any of your rights as described in this Privacy Policy, you can do so by emailing us at privacy@halborn.com. If you choose to contact us, you will need to provide us with:
Enough information to identify you, e.g., your full name, address and customer or matter reference number;
Proof of your identity and address, e.g., a copy of your driving license or passport and a recent utility or credit card bill; and
A description of what right you want to exercise and the information to which your request relates.
We are not obligated to make a data access or data portability disclosure if we cannot verify that the person making the request is the person about whom we collected information or is someone authorized to act on such person's behalf. We endeavor to respond to a verifiable consumer request within forty-five days of its receipt. If we require more time, we will inform you of the reason and extension period in writing.
California, Iowa, Kentucky, Tennessee, Texas, and Virginia residents may make a verifiable consumer request twice within a 12-month period, free of charge, unless the request is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request. Colorado, Connecticut, Delaware, Indiana, Montana, New Hampshire, New Jersey, Oregon, and Utah residents may make a verifiable consumer request, free of charge, once within a twelve 12-month period; subsequent requests from residents in these states may warrant a fee.
Virginia, Colorado, and Connecticut, you have the right to appeal our decision regarding your request to exercise your privacy rights. To submit an appeal, please contact us at privacy@halborn.com with the subject line "Privacy Rights Appeal" and provide details about your original request and why you believe our decision should be reconsidered.
Any personal information we collect from you to verify your identity in connection with you request will be used solely for the purposes of verification.
XI. California Consumers: Your Rights Under the CCPA/CPRA. You have the right under CCPA and certain other privacy and data protection laws, as applicable, to exercise free of charge:
Disclosure of Personal Information We Collect | You have the right to know, and request disclosure of: ● The categories of personal information we have collected about you, including sensitive personal information ● The categories of sources from which the personal information is collected ● Our business or commercial purpose for collecting or sharing personal information ● The categories of third parties to whom we disclose personal information, if any –and– ● The specific pieces of personal information we have collected about you | Please note that we are not required to: ● Retain any personal information about you that was collected for a single one-time transaction if, in the ordinary course of business, that information about you is not retained ● Reidentify or otherwise link any data that, in the ordinary course of business, is not maintained in a manner that would be considered personal information –or– ● Provide the personal information to you more than twice in a 12-month period |
Disclosure of Personal Information Sold, Shared, or Disclosed for a Business Purpose | N/A- Halborn does not sell, share or disclose personal information for business purposes. | N/A- Halborn does not sell, share or disclose personal information for business purposes. |
Right to Limit Use of Sensitive Personal Information | N/A-Halborn does not collect sensitive personal information | N/A-Halborn does not collect sensitive personal information |
Right to Deletion | Subject to certain exceptions set out below, on receipt of a verifiable request from you, we will: ● Delete your personal information from our records – and– ● Direct any service providers or contractors to delete your personal information from their records ● Direct third parties to whom the business has sold or shared your personal information to delete your personal information unless this proves impossible or involves disproportionate effort | Please note that we may not delete your personal information if it is reasonably necessary to: ● Complete the transaction for which the personal information was collected, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, provide a good or service requested by you, or reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform a contract between you and us ● Help to ensure security and integrity to the extent the use of the consumer's personal information is reasonably necessary and proportionate for those purposes ● Debug to identify and repair errors that impair existing intended functionality ● Exercise free speech, ensure the right of another consumer to exercise their right of free speech, or exercise another right provided for by law ● Comply with the California Electronic Communications Privacy Act ● Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when our deletion of the information is likely to render impossible or seriously impair the achievement of such research, provided we have obtained your informed consent ● Enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us ● Comply with an existing legal obligation –or– ● Otherwise use your personal information, internally, in a lawful manner that is compatible with the context in which you provided the information |
Right of Correction | If we maintain inaccurate personal information about you, you have the right to request us to correct that inaccurate personal information. Upon receipt of a verifiable request from you, we will use commercially reasonable efforts to correct the inaccurate personal information. | |
Protection Against Retaliation | You have the right to not be retaliated against by us because you exercised any of your rights under the CCPA/CPRA. This means we cannot, among other things: ● Deny goods or services to you ● Charge different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties ● Provide a different level or quality of goods or services to you –or– ● Suggest that you will receive a different price or rate for goods or services or a different level or quality of goods or services Please note that we may charge a different price or rate or provide a different level or quality of [goods and/or services] to you, if that difference is reasonably related to the value provided to our business by your personal information. We may also offer loyalty, rewards, premium features, discounts, or club card programs consistent with these rights or payments as compensation, for the collection of personal information, the sale of personal information, or the retention of personal information. |
Authorized Agent: See Section XIII (“Your Rights and Choices”).
XII. Specific Provisions for EEA Residents
Right to Be Informed | The right to know or be notified about the collection and use of your personal information |
Right to Access | The right to be provided with a copy of your personal information (the right of access) |
Right to Rectification | The right to require us to correct any mistakes in your personal information |
Right to be Forgotten | The right to require us to delete your personal information—in certain situations |
Right to Restriction of Processing | The right to require us to restrict processing of your personal information—in certain circumstances, e.g., if you contest the accuracy of the data |
Right to Data Portability | The right to receive the personal information you provided to us, in a structured, commonly used, and machine-readable format and/or transmit that data to a third party—in certain situations |
Right to Object | The right to object: ● At any time to your personal information being processed for direct marketing (including profiling) ● In certain other situations to our continued processing of your personal information, e.g., processing carried out for our legitimate interests |
Right Not to be Subject to Automated Individual Decision-Making | The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you |
Where Your Personal Information is Held. Your personal information may be stored and processed in various locations, including:
On secure cloud servers maintained by our cloud service providers. The specific location of these servers may vary; and/or
In the systems of our third-party service providers, who assist us with various business operations (e.g., payment processing, email marketing, customer support). These providers may be located in various countries around the world.
We take steps to ensure that your personal information is protected in accordance with this privacy policy and applicable data protection laws, regardless of where it is processed. This includes implementing appropriate safeguards for data transfers outside the EEA and other jurisdictions with data protection requirements.
Transferring Your Personal Information Out of the EEA. To deliver services to you, it may be necessary for us to transmit your personal information outside the EEA in the following situations:
With our service providers located outside of the EEA;
If you are based outside the EEA; or
Where there is an international dimension to the services we are providing to you. These transfers are subject to special rules under European and UK data protection law.
We ensure that any transfers of personal information outside the EEA comply with European and UK data protection laws. These transfers are protected by appropriate safeguards, such as Standard Contractual Clauses approved by the European Commission or other mechanisms to ensure your information remains secure.
If you would like further information, please contact our Data Protection Officer (see "How To Contact Us" below).
XIII. Your Rights and Choices
Access: You have the right to request access to the personal information we hold about you as described in Section III (“Information We Collect”). This allows you to know what personal information we have collected, its source, and how we use it.
Correction: You have the right to request that we correct any inaccurate or incomplete personal information we hold about you, as described in Section III (“Information We Collect”).
Deletion: You have the right to request that we delete your personal information, subject to certain exceptions. Please note that we may retain certain information as necessary to comply with our legal obligations, as described in Section IV ("How We Use Your Information").
Objection: You have the right to object to the processing of your personal information in certain circumstances, such as for direct marketing purposes. For example, you can object to receiving marketing communications as described in Section IV ("How We Use Your Information").
Restriction of Processing: You have the right to request that we restrict the processing of your personal information in certain circumstances.
Data Portability: You have the right to receive your personal information in a structured, commonly used, and machine-readable format and to transmit that information to another controller.
Information on Disclosures: You have the right to know with whom we have shared your personal information, as detailed in Section V ("Who We Disclose Your Information To").
Withdrawal of Consent: If we are processing your personal information based on your consent, as described in Section III (“Information We Collect”) and Section IV ("How We Use Your Information"), you have the right to withdraw your consent at any time.
Non-Discrimination: We will not discriminate against you for exercising your rights under applicable data protection laws.
Authorized Agent: California consumers can designate an authorized agent to make requests on their behalf related to their personal information. If you choose to use an authorized agent, we require that you:
Provide the authorized agent signed permission to act on your behalf;
Verify your own identity directly with us; and
Provide the authorized agent with a copy of your government issued identification.
To exercise these rights, please contact us using the contact information provided in this Privacy Policy. We will respond to your request within the time frame required by applicable law. Note that with respect to designating an authorized agent, we may deny a request from an authorized agent that does not meet the requirements.
XIV. Compliance
We comply with various data protection regulations, ensuring that personal information is handled lawfully and transparently. This includes:
GDPR Compliance: Adhering to the EU General Data Protection Regulation (GDPR) when processing personal information of individuals in the European Economic Area (EEA).
CCPA/CPRA Compliance: Adhering to the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) when processing personal information of California consumers.
Data Breach Notification: In the event of a data breach, we will notify you and the relevant supervisory authorities as required by applicable law. Our notification will include, where possible, a description of the breach, the types of data affected, the steps we have taken to mitigate the breach, and the steps you can take to protect yourself.
Security Assessments and Updates: Regularly reviewing and updating our security measures to ensure they remain effective against evolving threats.
XV. Transparency Across Notice
The privacy policy has been updated to ensure that references to "Halborn", "Halborn BVI, and "Halborn Swiss" are consistent and clearly define their respective roles throughout the document.
Generic terms like "we" or "our group" have been replaced with specific entity names where applicable to clarify which entity is being referred to in each context.
Disclaimers have been added to indicate when subsidiaries (Halborn BVI and Halborn Swiss) act solely as processors on behalf of Halborn Inc., ensuring this distinction is clear.
XVI. Compliance Notes
The policy addresses the processing of EU residents' data by Halborn and its subsidiaries.
Halborn acknowledges its responsibility to comply with Article 27 of the GDPR if it processes EU residents' data directly or through its subsidiaries and will take steps to appoint an EU representative, if necessary, to ensure compliance.
Halborn commits to regularly reviewing its processing activities within the group to maintain alignment with GDPR principles, including transparency, accountability, and lawful basis for processing.