1. Introduction
Welcome to Hopae S.A. ("Hopae", "we," "our," or "us"). We respect your privacy and are committed to protecting your personal data in accordance with the EU General Data Protection Regulation (GDPR), and other applicable data protection regulations.
This Privacy Policy applies solely to personal data collected, stored, and processed through this marketing website (https://www.hopae.com) (the "Site" or “Website”). It does not apply to data collected through our core products, services, or other offline interactions, which are governed by separate agreements.
This policy is designed to help you understand what information we collect, why we collect it, and how you can exercise your rights regarding your personal data.
This Website may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements.
2. Data Controller
Hopae S.A., a company incorporated under the laws of the Grand Duchy of Luxembourg, is the Data Controller responsible for your personal data.
3. Personal Data We Collect
We may collect, use, store, and transfer different kinds of personal data about you, which we have grouped together as follows:
Identity Data: First name, last name
Contact Data: Email address
Professional Data: Company name, job role/title
Technical Data: Internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this Website
Usage Data: Information about how you use our Website
Marketing and Communications Data: Your preferences in receiving marketing from us and our third parties and your communication preferences
4. How We Collect Your Personal Data
Data You Provide to Us
We collect personal data from you when you voluntarily provide such information, such as when you register for access to the services (for example, your name and mailing address), use certain services, contact us with inquiries, or respond to one of our surveys.
Data Collected by Automatic Means
When you interact with Hopae through the Site or Services, we receive and store certain information automatically, including via web server logs and cookies. We use several types of cookies:
Necessary Cookies – These cookies enable basic functions and security. Disabling these cookies by changing your browser settings may affect how the Site functions.
Functional Cookies – These cookies enable videos, maps and personalised content. You can disable those cookies in by selecting ‘Customise’ in the Cookie Settings section of our Site.
Analytical Cookies - These cookies help us understand how the Website is used. You can disable those cookies in by selecting ‘Customise’ in the Cookie Settings section of our Site.
Marketing Cookies – These cookies enable personalised advertising and tracking. You can disable those cookies in by selecting ‘Customise’ in the Cookie Settings section of our Site.
The cookies used on our Site may include Third-Party Cookies. ****These cookies are placed by third-party services that appear on our Website, such as embedded videos or social media content.
Please refer to our Cookie Policy for more information on the cookies we use, including their lifespans and specific purposes.
5. How We Use Your Personal Data
We may use your personal data for the following purposes:
Website Performance & Analytics
To monitor and analyze trends, usage, and activities in connection with our Website. This includes information collected via analytics and performance cookies. We process your personal data on the basis of your consent. You can manage your cookie preferences at any time by adjusting your browser settings or contacting us directly.
For Marketing Purposes
To provide you with information about our services, special offers, or other marketing communications, when you have given your consent. This includes data we collect using marketing cookies. You can opt out of marketing at any time by clicking the "unsubscribe" link in our marketing emails or by contacting us directly.
For Communication Purposes
To communicate with you about product demos, sales inquiries, and other relevant commercial information at your request. We may also use your personal data to respond to your questions, comments, or requests through our Website's contact forms. We process your data based on our legitimate interest in providing timely and relevant responses to your communications and inquiries.
6. Data Retention
As a general rule, we retain your personal data collected via this website for a maximum period of three (3) years from the date of collection or your last active interaction with us (whichever is later).
Exceptions to this rule apply in the following scenarios:
Marketing Subscriptions: If you have explicitly consented to receive our newsletter or marketing emails, we will retain your data for as long as you wish to remain on our list. If you choose to unsubscribe, your data will be promptly removed from our active marketing databases.
Shorter Lifespans (Cookies): Technical and analytical data collected via cookies is stored for shorter durations, typically ranging from a single browser session up to [e.g., 14 months], as detailed in our Cookie Policy.
Once these periods lapse, or upon a valid deletion request, your data will be permanently deleted or anonymized.
7. Data Sharing and Third Parties
We may share your personal data with the following third parties:
We use a third-party service provider to manage our marketing CRM, which processes your data on our behalf.
We use Amazon Web Services (AWS) as our cloud infrastructure provider, which acts as a data processor for storing and processing your personal data. Our data is hosted in AWS data centres located within the European Economic Area (EEA).
Where we share your personal data with third party service providers, we ensure they have robust data protection measures in place and that any sub-processing relationship complies with the GDPR.
Some of our data processors are located outside the European Economic Area (EEA). Such data transfers are carried out on the basis of approved transfer mechanisms, such as the European Commission’s Standard Contractual Clauses (SCCs) or an adequacy decision, where applicable. These measures are designed to ensure that your personal data continues to receive an adequate level of protection when transferred internationally.
You may request a copy of the relevant safeguards by contacting us using the details provided in Section 12.
We will never sell or rent personal data to third parties.
8. Your Data Subject Rights
Under the GDPR, you have the following rights regarding your personal data:
Right to Access (Article 15) – Request information on whether and how Hopae processes your personal data, and obtain a copy if we do.
Right to Rectification (Article 16) – Correct inaccuracies in your data.
Right to Erasure (Article 17) – Request deletion of your data, subject to legal or contractual limitations.
Right to Restrict Processing (Article 18) – Ask us to limit certain processing under specific circumstances.
Right to Data Portability (Article 20) – Obtain your personal data in a structured, commonly used format and transfer it to a third party, if technically feasible.
Right to Object (Article 21) – Object to processing based on legitimate interests.
Automated Decision Making (Article 22) - We do not subject you to decisions based solely on automated processing—including profiling—which produce legal effects concerning you or similarly significantly affect you.
Right to Withdraw Consent (Article 7(3)) – Where processing is based on your consent, withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal.
If local privacy laws grant you additional rights, you may contact us using the contact details above.
9. How to Exercise Your Rights
To exercise any of your rights or to ask questions about how we process your personal data, please contact us using the details provided in the Contact Information section. We aim to respond to all legitimate requests within one month, in accordance with GDPR requirements.
10. Security Measures
Hopae employs robust security controls to protect your personal data:
Encryption of data in transit (TLS/SSL) and at rest (where applicable)
Access controls to ensure only authorized personnel have access to personal data
Network security including firewalls and regular vulnerability assessments
Security policies and training for staff to handle personal data responsibly
Incident response plan to identify and address data breaches promptly, including notification to the competent supervisory authority and affected individuals where required under the GDPR
Despite our best efforts, no security measure is entirely infallible. However, we regularly review and update our protections to minimize risks.
11. U.S. State Privacy Rights (CCPA/CPRA, VCDPA, CPA, CTDPA, UCPA, etc.)
Certain U.S. states, including California (CCPA/CPRA), Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), and Utah (UCPA), have enacted privacy laws that provide residents with specific data rights. If you reside in a state with such laws, you may have the following rights:
Right to Know (Access to Information): You can request information about the personal data we have collected about you, including categories of data, purposes of collection, third parties with whom we've shared it, and specific pieces of data (where applicable).
Right to Correct: Some states grant you the right to request correction of inaccurate personal data.
Right to Delete: You can request the deletion of personal data we have collected from you, subject to legal and operational limitations.
Right to Opt-Out of Targeted Advertising & Data Sharing: Certain states provide you with the right to opt out of targeted advertising, profiling, and data sharing with third parties for commercial purposes. Hopae does not sell personal data; however, if applicable state laws allow you to opt out of certain data processing, you may do so.
Right to Data Portability: Some state laws allow you to request a copy of your personal data in a commonly used format.
Right to Non-Discrimination: We will not discriminate against you for exercising your rights under applicable state laws.
To exercise your rights, please contact us using the details provided in Section 12 (Contact Information). We will verify your identity before processing your request, as required by law.
If you are a California resident, additional details regarding your CCPA/CPRA-specific rights remain applicable as outlined above.
12. Contact Information
For inquiries, questions, or requests concerning this Privacy Policy, you may reach us at:
Hopae S.A.
Address: 20 Rue des Peupliers, L‑2328, Luxembourg
Data Protection Officer (DPO): Eric Kim
Email: dpo@hopae.com
You also have the right to lodge a complaint with a data protection supervisory authority. As our lead supervisory authority is in Luxembourg, you may contact:
Commission nationale pour la protection des données (CNPD)
Address: 15, Boulevard du Jazz, L-4370 Belvaux, Luxembourg
Website: https://cnpd.public.lu
You also retain the right to lodge a complaint with the supervisory authority in your country of residence or place of the alleged infringement.
13. Changes to This Privacy Policy
We may update this policy to reflect changes in our business, services, or legal obligations. Any significant modifications will be posted with a revised Last Updated date. We encourage you to review this policy periodically to remain informed about our data practices.