This is a sample page.

Privacy Policy

Effective date: 16 September 2025
Website: https://www.myhybro.me
Contact: support@myhybro.me

1) Scope

This Policy explains how we process personal data when you visit our website, contact us, or purchase our products/services. It applies to visitors from the EEA/UK as well as other jurisdictions where GDPR-equivalent rights apply.

2) What is “personal data”

Personal data is any information relating to an identified or identifiable natural person (e.g., name, email, account details, online identifiers, IP address, location). We do not intentionally collect “special categories” of data (e.g., health, religious beliefs, political opinions). Please do not send such information to us.

3) What we collect & why (purposes + legal bases)

We process the following categories of data strictly on the listed legal bases under Art. 6 GDPR:

• Website operation & security (Legitimate interests, Art. 6(1)(f)):
  server logs (IP address, date/time, URL, referrer, user-agent, error codes); essential cookies.
• Consent-based analytics & attribution (Consent, Art. 6(1)(a)):
  non-essential cookies/SDKs (e.g., analytics, campaign attribution such as Sourcebuster) — loaded only after your consent via our cookie banner (“Manage cookies”).
• Marketing communications (Consent, Art. 6(1)(a)):
  email subscriptions and optional marketing profiling.
• Pre-contract & contract (Art. 6(1)(b)):
  enquiries, quotes, orders; contact and billing details: name, company, job title, email, phone, address.
• Legal obligations (Art. 6(1)(c)):
  invoicing, tax and accounting records.
• Customer support & quality (Legitimate interests, Art. 6(1)(f)):
  responses to your requests, service improvement, anti-fraud and abuse prevention.

We do not use automated decision-making that produces legal or similarly significant effects. Limited profiling may occur only for marketing if you gave consent (and can be withdrawn at any time).

4) Cookies & similar tech

We use a Consent Management Platform (CMP) to collect and record your choices.

• Strictly necessary cookies run by default to make the site work.
• Analytics/Marketing cookies run only if you opt-in. You can change your choices at any time via the “Manage cookies” button.
  See our separate Cookie Policy for details (names, purposes, lifetimes).

5) Data sources

• Directly from you (forms, checkout, emails, phone).
• Automatically from your device/browser
• From publicly available business sources or social networks (B2B context) — where permitted by law.

6) Retention

We keep personal data only as long as needed:

• enquiries/support: typically up to 12 months;
• marketing lists: until you withdraw consent or unsubscribe;
• contract & billing records: typically 7 years (statutory accounting);
• logs & security artifacts: up to 12 months, unless needed longer for security/claims.
  Longer retention may apply if required by law or to establish/exercise/defend legal claims.

7) Sharing (processors & recipients)

We use vetted service providers (data processors) for hosting, email delivery, analytics (consent-based), payment processing, shipping, and customer support. They act under contracts that include confidentiality and GDPR controller–processor clauses (Art. 28). We may also disclose data to: tax authorities, regulators, courts/law enforcement, fraud-prevention bodies, insurers, and professional advisors where legally required.

8) International transfers

Where data is transferred outside the EEA/UK (e.g., to our service providers), we ensure appropriate safeguards: adequacy decisions, EU Standard Contractual Clauses (SCCs) and, where needed, transfer impact assessments and supplementary measures.

9) Security

We apply organizational and technical measures (access controls, encryption in transit, backups, least-privilege, logging). No internet transmission is 100% secure; residual risk remains.

10) Your rights (EEA/UK)

Subject to legal limits, you may: access, rectify, erase, restrict, object, and port your data; withdraw consent at any time (affects future processing only); and lodge a complaint with your local supervisory authority.
To exercise rights, email support@myhybro.me. We may request proof of identity.
(Montenegro reference authority: Agency for Personal Data Protection and Free Access to Information – AZLP.)

11) Children

Our services are not directed to individuals under 16 (or the lower age permitted by your country’s law within the 13–16 range). We do not knowingly collect personal data from children. If we become aware that a child’s data has been provided without the required parental/guardian consent, we will delete it without undue delay. Where parental consent is required by law, we obtain it and make reasonable efforts to verify that the consent is given by the holder of parental responsibility.

12) Changes

We may update this Policy from time to time. Material changes will be posted here with a new “Effective date”.

13) Contact

For privacy questions or to exercise your rights: support@myhybro.me |