Privacy Policy
HELGION Digital LLC
Effective Date: 12/05/2025
HELGION Digital LLC (“we”, “us”, “our”, “HELGION”) is committed to protecting your personal data and privacy.
This Privacy Policy explains how we collect, use, store, transfer and protect personal data when you visit our website, use our digital services, customer portal, SaaS platform, or engage with us as part of our IT services.
This Privacy Policy applies to:
the HELGION Customer Portal (projects, tickets, chat, documents, user accounts)
all IT Services (consulting, development, integration, migrations, support, administration, security, managed services)
- any communication with HELGION (email, support, Microsoft Teams, contact forms)
1. Data Controller
HELGION Digital LLC
3833 Powerline Road Suite 201
Fort Lauderdale, FL 33309
USA
Email: [email protected]
Website: https://www.helgion.com
For EU data subjects, HELGION is subject to GDPR obligations when processing personal data in the EU.
2. Categories of Personal Data We Process
We may process the following categories of data depending on your interaction with us:
2.1. Website Visitors
IP address
timestamps
browser type and operating system
device information
pages accessed
referrer URLs
cookie settings
consent preferences
2.2. Customer Portal Users
We process user account data including:
name and surname
business email address
company information
login credentials (hashed)
roles and permissions
activity logs
project and ticket data
uploaded files and attachments
invoices, contracts and documents
chat and messaging history
2.3. Communication Data
emails and email metadata
contact form submissions
Microsoft Teams messages
support inquiries
screenshots, logs and attachments
recorded technical notes
2.4. IT Services (Professional Services)
When conducting IT-related services, we may process:
system configuration information
server or network metadata
API credentials (encrypted and only if strictly necessary)
internal application logs
user directory information
data relevant to migrations or integrations
customer-side technical documentation
2.5. Billing & Contract Data
billing address
invoice details
transaction records
service agreements and statements of work (SOWs)
3. Purposes of Data Processing
We use personal data for the following purposes:
3.1. Operating the Website
security and fraud prevention
proper delivery of website content
server log file storage
3.2. Providing the HELGION Customer Portal (SaaS)
account creation and management
authentication and access control
project management and ticketing
document storage and retrieval
messaging and communication
user activity tracking
service improvements and maintenance
3.3. Contract Fulfillment
performance of IT services
consulting and analysis
software development and customization
integrations and API operations
cloud configuration and system administration
ongoing support and managed services
3.4. Communication
answering inquiries
providing support
notifications and updates
3.5. Billing & Legal Compliance
issuing invoices
financial administration
compliance with tax and legal requirements
3.6. Analytics (only with consent)
understanding website usage
improving services
optimizing user experience
4. Legal Basis for Processing
When processing data of EU residents, we rely on the following legal bases:
| Purpose | Legal Basis |
|---|---|
| Contract performance | Art. 6(1)(b) GDPR |
| Communication & support | Art. 6(1)(b) GDPR |
| Security & monitoring | Art. 6(1)(f) GDPR |
| Analytics | Art. 6(1)(a) GDPR |
| Compliance / retention | Art. 6(1)(c) GDPR |
5. Hosting & Subprocessors
5.1. Hetzner Online GmbH (EU)
All customer portal data (projects, tickets, documents, chat) is stored exclusively on servers located in the European Union, operated by Hetzner Online GmbH.
5.2. Microsoft 365 (European Data Residency)
We use Microsoft 365 for:
email services
document storage
Microsoft Teams communication
internal file exchange
project-related collaboration
All data is stored within European data centers where configured.
Because Microsoft is a US company, the transfer is governed by:
Standard Contractual Clauses (SCC)
additional encryption measures
access restrictions
5.3. Google Analytics (optional)
We use Google Analytics only after explicit user consent via a cookie banner.
Collected data may include:
IP (anonymized)
device and browser details
page interactions
Data may be transferred to the U.S. under SCC.
6. Cookies & Tracking Technologies
We use a Consent Management Platform (CMP) to:
provide granular cookie choices
store user consent
allow withdrawal at any time
block marketing/analytics cookies before consent
A detailed Cookie Policy is available at:
7. Processing of Customer & Project Data in IT Services
When delivering IT services, we may temporarily process customer-owned data such as:
database content
directory data
configuration files
logs and diagnostics
user lists
email metadata
system credentials (only if absolutely required)
We guarantee:
no unauthorized access
no data transfer without instruction
strict confidentiality
secure encrypted handling of sensitive data
We do not:
store customer production data outside agreed systems
process data for our own purposes
permanently retain unnecessary system access
8. International Data Transfers
Although HELGION is a U.S.-based company, operational data processing is done exclusively within the EU unless a user voluntarily interacts with U.S.-based services.
We rely on:
Standard Contractual Clauses (SCC)
encryption
access minimization
secure configuration of cloud systems
9. Data Retention
We retain data as follows:
| Data Type | Retention Period |
|---|---|
| Portal data | duration of contract + legal retention periods |
| Billing data | 10 years |
| Server logs | 30–180 days |
| Support records | 1–3 years |
| User accounts | until deletion request or contract end |
| Analytics | until consent is withdrawn |
10. Your Rights (EU Data Subjects)
Under GDPR, you have the following rights:
Right of access (Art. 15)
Right to rectification (Art. 16)
Right to erasure (Art. 17)
Right to restriction (Art. 18)
Right to data portability (Art. 20)
Right to object (Art. 21)
Right to withdraw consent (Art. 7(3))
Right to file a complaint with a supervisory authority (Art. 77)
To exercise your rights, contact:
11. Security Measures
We implement industry-standard safeguards including:
TLS encrypted communication
firewalling & intrusion prevention
multi-factor authentication
strict access controls
encrypted storage (where applicable)
continuous security updates
activity logging and monitoring
least-privilege principles
12. Data Processing Agreement (DPA)
For customers processing personal data through our portal or receiving IT services involving end-user data, a DPA under Art. 28 GDPR is required and legally binding.
The DPA is provided upon request or available via:
13. Necessity of Processing
Some data is required for:
using the customer portal
delivering IT services
maintaining user accounts
contractual obligations
If data is not provided, services may be limited or unavailable.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time.
The latest version is always available on our website.
15. Contact Information
HELGION Digital LLC
3833 Powerline Road Suite 201
Fort Lauderdale, FL 33309
USA
Email: [email protected]