Privacy Policy

1. INTRODUCTION

This is the HYPERION Privacy Policy for customers, investors, analysts, journalists, visitors of the Website and business partners’ data. This Privacy Policy provides information on the processing of personal data by HYPERION and any other company from time to time included in the holdings system (the “Holdings System”), hereafter HYPERION, WE or US. This particular site is operated and maintained by HYPERION.

We respect your privacy and the primary purpose of this Privacy Policy is to inform you as we want you to feel secure when visiting our site and we are committed to maintaining your privacy when doing so.

This Privacy Policy may be changed over time. The most up-to-date Privacy Policy is published on our Website. This Privacy Policy was last changed on 15 December 2023.

2. WHEN DOES THIS PRIVACY POLICY APPLY?

This Privacy Policy is applicable to the processing by HYPERION of all personal data of its customers, investors, analysts, journalists, business partners and other individuals. This Privacy Policy does not address the processing of personal data of employees in the context of their employment relationship with HYPERION.

3. WHO IS RESPONSIBLE FOR YOUR PERSONAL DATA?

HYPERION is the controller of the processing of all personal data that fall within the scope of this Privacy Policy. This Privacy Policy indicates what personal data is processed by HYPERION and for what purpose and to which persons or entities the data will or may be provided. HYPERION may share your personal data with third parties, such as parties that help us organizing or hosting our events and in such case we protect your personal data by contractual safeguards and adequate measures, for more information see Section 6 “Who has access to your personal data?”.

4. FOR WHICH PURPOSES DO WE PROCESS YOUR PERSONAL DATA?

4.1 When you interact with us
(a) When you interact with HYPERION (online or offline)

(i) What does this purpose entail?
If you get in touch with us through email at support@TheHyperionSystems.com, inquiries@TheHyperionSystems.com or privacy@TheHyperionSystems.com or via the contact form on the HYPERION website, we will use your personal data in order to reply to or answer your question.

(ii) On what legal ground do we process personal data for this purpose?
The legal basis for processing your personal data is our legitimate interest to communicate with you.

(iii) Which personal data do we process for this purpose?
For this purpose, we process your name, contact details, your correspondence with HYPERION about your information request or question and all other personal data which are necessary to respond to you.

(iv) For what period do we retain your personal data for this purpose?
If you have contacted us via the email addresses on the HYPERION Website or contact form on the HYPERION support page, used our Website to place an Order, then your data will be deleted from our systems after 7 years after we have responded to you or completed your Order.

(b) For relationship management and communications

(i) What does this purpose entail?
HYPERION uses the information stored in its contact database to send you the suitable HYPERION news, updates and event invitations.

(ii) On what legal basis do we process personal data for this purpose?
The legal basis is your consent. We collected your personal data as you have indicated to be interested in the HYPERION news, updates and event invitations and in order to keep you informed about this we process your personal data in our contact database. You have the right to withdraw your consent at any time. This does not affect the lawfulness of processing your data based on consent before withdrawal.

(iii) Which personal data do we process for this purpose?
For this purpose, we process your contact details such as your address and email address, your personal details such as your name, contact preferences and correspondence with us.

(iv) For what period do we retain your personal data for this purpose?
For this purpose, your personal data will be retained until the moment you have informed us that you no longer wish to receive HYPERION news, updates or event invitations or your email address is no longer in use. Immediately after you have revoked your consent your personal data will be deleted from our systems.

You always have the right to unsubscribe from HYPERION news, updates and event invitations or the right to amend or change your personal data by the link at the bottom of HYPERION news, update or event invitation.

4.2 When you use our Website
(a) To deliver you our Website's functionalities and for their technical and functional management

(i) What does this purpose entail?
If you use our Website, we process technical and functional data to offer you our Website functionalities and to allow our Website's administrators to manage and improve our Website's performance. If you enter data in our Website, for example your location to receive relevant information or functionalities, HYPERION processes this data to provide you with the requested information or functionalities.

Further, we process your personal data to allow you to save your data and to share these with others using the sharing options you have configured on your device. HYPERION also uses cookies to ensure you can retrieve information from our Website quickly and easily.

(ii) On what legal ground do we process personal data for this purpose?
We process your personal data based on our legitimate interest to communicate about HYPERION through our Website.

(iii) Which personal data do we process for this purpose?
We process your personal data based on our legitimate interest to communicate about HYPERION through our Website.

(iv) How long do we retain your personal data for this purpose?
For this purpose, your personal data will be retained for 3 months. After this term, your personal data will be deleted from our systems.

(b) To allow you to connect with us (e.g. via social media)

(i) What does this purpose entail?
HYPERION is active on social media platforms like LinkedIn, YouTube, Reddit, Discord, Tiktok, Snapchat, Twitter, Instagram, Facebook and Twitch. When you contact HYPERION via social media, we process your personal data in order to answer your questions and to respond to your messages.

In addition, you can contact us through a variety of communication channels. We provide you with our email address, for you to send us your feedback and suggested improvements, as well as our Website and social media details. When you click one of the corresponding icons we will refer you to the Website or app of the applicable third party, whether this is your email provider or a social media platform.

(ii) On what legal ground do we process personal data for this purpose?
We process your personal data based on your consent. You have the right to withdraw your consent at any time. This does not affect the lawfulness of processing your data based on consent before withdrawal.

(iii) Which personal data do we process for this purpose?
For this, we process the communication channel you have chosen to use to connect with us and the personal data you supply to HYPERION. This includes your (user) name, address, email address, gender and the personal data you have included in your message. In addition, when you click one of the buttons displayed, the relevant third party might place cookies on your device.

(iv) How long do we retain your personal data for this purpose?
For this purpose, your personal data will be retained for 3 months. After this term, your personal data will be deleted from our systems.

4.3 When you do business with us
(a) For the conclusion and execution of agreements

(i) What does this purpose entail?
When you work together with us as a business partner, we process your personal data for administrative purposes such as making payments. We also use your personal data in order to administer your services

When you require access to HYPERION's premises, we process your personal data for admission purposes.

(ii) On what legal ground do we process personal data for this purpose?
The legal basis for processing your personal data is our legitimate interest to enter into contracts with our business partners.

(iii) Which personal data do we process for this purpose?
For this purpose, we process your contact details such as your address and email address, personal details such as your name, payment and credit information, and other data stored in the contract database.

(iv) For what period do we retain your personal data for this purpose?
For this purpose, your personal data will be retained for 7 years after the termination of the contract. After this term, your personal data will be deleted from our systems.

(b) For business process execution and internal management

(i) What does this purpose entail?
We process your personal data in the performance and organization of our business. This includes general internal management. We conduct audits and manage business partner directories. Also, we process your personal data for finance and accounting, archiving and insurance purposes, legal and business consulting in the context of dispute resolution.

(ii) On what legal ground do we process personal data for this purpose?
The legal basis for processing your personal data is our legitimate interest to enter into contracts with our business partners.

(iii) Which personal data do we process for this purpose?
For this purpose, we process your contact details such as your address and email address, personal details such as your name and date of birth, payment and credit information, payment and order history, correspondence with HYPERION and data generated during the performance of the agreement between you and HYPERION.

(iv) For what period do we retain your personal data for this purpose?
For this purpose, your personal data will be retained for 7 years. After this term, your personal data will be deleted from our systems.

(c) To monitor and investigate compliance within HYPERION

(i) What does the purpose entail?
HYPERION monitors its IT systems to check compliance with HYPERION policies and regulations, such as the Code of Conduct and the IT Policy. During monitoring activities, your personal data may be accessed and viewed.

(ii) On what legal ground do we process personal data for this purpose?
The basis for this is the legal obligation to comply with relevant law and regulations.

(iii) Which personal data do we process for this purpose?
For this purpose, any personal data that is stored on HYPERION's IT systems may be accessed and viewed for compliance purposes. The personal data that is accessed and viewed will not be stored for compliance purposes, unless we need them to further investigate potential non-compliant behavior.

(iv) For what period do we retain your personal data for this purpose?
We do not retain your personal data for this purpose, unless they are linked to non-compliant behavior. We will then retain the relevant personal data until the investigation or proceedings have been concluded.

5. COOKIES

We also collect information through the use of cookies. Cookies are small files of information which save and retrieve information about your visit to this Website - for example, how you entered our site, how you navigated through the site, and what information was of interest to you. Please visit our Cookie Policy page, located on this website.

6. WHO HAS ACCESS TO YOUR PERSONAL DATA?

6.1 Access to your personal data within HYPERION

Data we collect may be transferred within HYPERION. We exchange your data for administrative purposes to have a complete overview of our and your contacts with HYPERION. HYPERION employees are authorized to access personal data only to the extent necessary to serve the applicable purpose and to perform their jobs.

6.2 Access to your personal data by third parties

The following third parties have access to your personal data, where relevant, for the provisioning of their services to HYPERION:

• IT(s).
• Accountant(s).
• Parties that help us organizing or hosting our event(s).

When third parties are given access to your personal data, HYPERION will take the required contractual, technical and organizational measures to ensure that your personal data is only processed to the extent that such processing is necessary. The third parties will only process your personal data in accordance with applicable law.

If your personal data is transferred to a recipient in a country that does not provide an adequate level of protection for personal data HYPERION will take measures to ensure that your personal data is adequately protected.

In other cases, your personal data will not be supplied to third parties, except where required by law.

6.3 The use of your personal data by data processors

When a third party processes your personal data solely following HYPERION’s instructions, it acts as a data processor. We enter into an agreement with such a data processor for the processing of personal data. In this agreement we include obligations to ensure that your personal data is processed by the data processor solely to provide services to us.

7. HOW IS YOUR PERSONAL DATA SECURED?

HYPERION has taken adequate safeguards to ensure the confidentiality and security of your personal data. HYPERION has implemented appropriate technical, physical and organizational measures to protect personal data against accidental or unlawful destruction or accidental loss, damage, alteration, unauthorized disclosure or access as well as all other forms of unlawful processing (including, but not limited to, unnecessary collection) or further processing. Examples are IT security policies/procedures, staff training and secure servers.

8. QUESTIONS OR REQUESTS FOR ACCESS, CORRECTION AND REMOVAL

You can request access, correction, restriction, portability or removal of the data that HYPERION processes about you at any time by sending a request to: requests@TheHyperionSystems.com

Should you have any questions regarding the processing of your personal data, please contact: privacy@TheHyperionSystems.com

If you feel that we do not comply with applicable privacy rules you have the right to lodge a complaint with a competent data protection authority.