LEGAL

GDPR Compliance

Our commitment to GDPR and data protection

Effective from June 02, 2025

This page provides an overview of how Happ Labs approaches compliance with the General Data Protection Regulation (Regulation (EU) 2016/679) ("GDPR") with respect to the operation of the Website and the delivery of Our engineering services. We are committed to protecting the privacy and rights of individuals whose Personal Data We Process, and to maintaining transparent, lawful, and fair data handling practices.

This GDPR Compliance page should be read together with Our Privacy Notice and Terms & Conditions, which provide additional detail on how We collect, use, store, and protect Your Personal Data.

Our Commitment to GDPR
Data Controller Information
Legal Basis for Processing
Data We Collect
Your Rights Under GDPR
How to Exercise Your Rights
Data Storage and Security
Data Retention
International Data Transfers
Cookies and Tracking
Data Breach Notification
Data Protection in Engineering Services
Changes to This Page
Contact Information

1. Our Commitment to GDPR

Happ Labs is committed to ensuring that all Personal Data entrusted to Us is handled in full compliance with the GDPR and other applicable data protection laws. As a software engineering company operating a corporate website and delivering custom development services to clients worldwide, We recognize that data protection is both a legal obligation and a fundamental aspect of building trust with Our visitors, clients, and partners.

Our approach to GDPR compliance is built on the following principles:

Lawfulness, fairness, and transparency — We Process Personal Data only when We have a valid legal basis, and We inform individuals clearly about how their Data is used.
Purpose limitation — We collect Personal Data only for specified, explicit, and legitimate purposes and do not Process it in ways incompatible with those purposes.
Data minimization — We collect only the minimum amount of Personal Data necessary for the intended purpose.
Accuracy — We take reasonable steps to ensure that Personal Data is accurate and kept up to date.
Storage limitation — We retain Personal Data only for as long as necessary to fulfill the purpose for which it was collected.
Integrity and confidentiality — We implement appropriate technical and organizational measures to protect Personal Data against unauthorized access, loss, or destruction.
Accountability — We take responsibility for Our data processing activities and can demonstrate compliance with GDPR requirements.

2. Data Controller Information

The Data Controller for Personal Data collected through the Website is:

"Company" — refers collectively to: (a) Individual Entrepreneur Viacheslav Saloid (ФОП Салоїд В’ячеслав Олександрович), registered under the laws of Ukraine, tax identification number 3628308118, registration record №544422567292 dated 12.01.2022; and (b) HAPP LLC (ТОВ "ХАПП"), registered under the laws of Ukraine, EDRPOU code 46116673 (hereinafter — "Company", "Happ Labs", "We", "Us", "Our").

Website: https://labs.happ.tools

Data Protection contact: admin@happ.tools

The Company determines the purposes and means of Processing Personal Data collected through the Website. For any questions, requests, or concerns related to data protection and GDPR compliance, please contact Us at the email address above.

3. Legal Basis for Processing

Under Article 6(1) of the GDPR, We Process Personal Data only when at least one of the following legal bases applies. Below is a summary of each legal basis and how it relates to Our data processing activities:

Legal Basis (Art. 6(1) GDPR)

How We Apply It

(a) Consent

We rely on Your freely given, specific, informed, and unambiguous Consent for non-essential cookies (analytics, marketing) and for sending marketing communications. You may withdraw Consent at any time without affecting the lawfulness of Processing prior to withdrawal.

(f) Legitimate interest

We Process certain Data based on Our legitimate interests, such as operating and improving the Website, ensuring IT security, analyzing usage patterns, preventing fraud, and responding to inquiries submitted through the contact form — provided that such interests do not override Your rights and freedoms.

We may Process Personal Data to comply with applicable legal obligations, including tax, accounting, anti-fraud, and regulatory requirements under EU or Ukrainian law.

(d) Vital interests

In exceptional circumstances, We may Process Personal Data to protect the vital interests of a natural person, such as in emergency situations involving health or safety.

(e) Public interest

Where required by law, We may Process Data for reasons of substantial public interest or when acting under an official mandate (e.g., court orders or requests from competent authorities). This basis is rarely applicable to Our operations.

We ensure that all Processing is fair, transparent, and limited to what is necessary for the stated purposes. We do not Process Personal Data for any purpose beyond those identified in this page and Our Privacy Notice.

4. Data We Collect

4.1. Personal Data provided voluntarily

When You interact with the Website — for example, by submitting the contact form — You may voluntarily provide the following Personal Data:

Your full name;
Your email address;
Your phone number;
the content of Your message.

This information is collected solely for the purpose of responding to Your inquiry, providing support, and initiating business communication. We do not require You to create an account or provide any credentials to use the Website.

4.2. Technical Data collected automatically

When You visit the Website, certain technical Data may be collected automatically through third-party analytics and tracking technologies integrated into the Website, specifically Google Analytics and Meta Pixel. This automatically collected Data may include:

IP address;
browser type and version;
operating system;
screen resolution and device model;
language and time zone;
traffic Data and browsing behavior (pages viewed, duration, clicks, navigation paths);
Cookies and similar tracking technologies.

These tools help Us understand how visitors interact with the Website, improve its performance, and measure the effectiveness of Our communications. Google Analytics and Meta Pixel implement anonymization and pseudonymization mechanisms to comply with GDPR standards. Non-essential cookies are activated only after obtaining Your Consent.

5. Your Rights Under GDPR

The GDPR provides individuals located in the European Economic Area (EEA) with a comprehensive set of rights regarding their Personal Data. You may exercise any of these rights at any time by contacting Us at admin@happ.tools.

Right

Description

Right of access (Art. 15)

You have the right to obtain confirmation as to whether We Process Your Personal Data, and if so, to request access to that Data along with information about the purposes, categories, recipients, and retention periods.

Right to rectification (Art. 16)

You have the right to request the correction of inaccurate Personal Data and the completion of incomplete Personal Data concerning You.

Right to erasure (Art. 17)

You have the right to request the deletion of Your Personal Data where it is no longer necessary for the purpose it was collected, where You withdraw Consent, or where the Data has been unlawfully Processed.

Right to restriction of processing (Art. 18)

You have the right to request that We restrict the Processing of Your Personal Data in certain circumstances, such as when You contest the accuracy of the Data or when Processing is unlawful but You oppose erasure.

Right to data portability (Art. 20)

You have the right to receive Your Personal Data in a structured, commonly used, and machine-readable format, and to request that We transmit that Data to another controller where technically feasible.

Right to object (Art. 21)

You have the right to object to Processing based on legitimate interests or for direct marketing purposes. Upon objection, We will cease Processing unless We demonstrate compelling legitimate grounds that override Your interests.

Right not to be subject to automated decision-making (Art. 22)

You have the right not to be subject to a decision based solely on automated Processing, including profiling, which produces legal effects or similarly significantly affects You. We do not engage in such automated decision-making on Our Website.

Right to lodge a complaint with a supervisory authority

If You believe that Our Processing of Your Personal Data infringes the GDPR, You have the right to lodge a complaint with a Data Protection Authority in the EU Member State of Your habitual residence, place of work, or place of the alleged infringement.

6. How to Exercise Your Rights

To exercise any of the rights described above, please submit Your request by email to admin@happ.tools. Please include sufficient information to allow Us to identify You and specify which right(s) You wish to exercise.

Identity verification. To protect Your privacy and prevent unauthorized access to Personal Data, We may ask You to verify Your identity before processing Your request. This helps ensure that Personal Data is not disclosed to anyone who is not authorized to receive it.

Response time. We will respond to all valid requests within 30 (thirty) calendar days of receipt. If a request is particularly complex or if We receive a large number of requests, We may extend this period by an additional 60 (sixty) calendar days, in which case We will inform You of the extension and the reasons for the delay within the initial 30-day period.

No fee required. In most cases, We will process Your request free of charge. However, if a request is manifestly unfounded or excessive (for example, due to its repetitive character), We may charge a reasonable fee or refuse to act on the request, in accordance with Article 12(5) of the GDPR.

7. Data Storage and Security

Your Personal Data is hosted on secure servers located in Germany, within the European Economic Area (EEA). This ensures that the storage and Processing of Data complies with the strict privacy standards established by the GDPR and EU law.

We implement appropriate technical and organizational measures to protect Personal Data against unauthorized access, accidental loss, alteration, or destruction. These measures include:

Technical measures

Data encryption at rest and in transit;
SSL/HTTPS for all data transfer;
Two-factor authentication (2FA) for administrative access;
Firewall and intrusion detection systems;
Regular encrypted backups;
Automatic Data deletion after expiration of the retention period.

Organizational measures

Internal data protection policies and procedures;
Non-Disclosure Agreements (NDAs) with all team members;
Access control and role-based permissions on a need-to-know basis;
Staff training on data protection best practices;
Action logging and audit trails for data access.

While We take all commercially reasonable steps to protect Your Personal Data, please note that no method of transmission over the Internet or electronic storage is 100% secure. Any transmission is at Your own risk.

8. Data Retention

We retain Personal Data only for as long as necessary to fulfill the purposes for which it was collected, in accordance with the GDPR principle of storage limitation. The specific retention periods are as follows:

Category of Data

Retention Period

Purpose / Notes

Contact form data (name, email, phone, message)

Up to 3 months from last contact

If no cooperation follows, Data is deleted. Retained temporarily to respond to inquiries and initiate business communication

Technical and analytics data (IP, cookies, browsing behavior)

Up to 13 months

Retained for analytics, diagnostics, security monitoring, and Website improvement

Encrypted backups

Additional 6 months after primary retention

Retained for business continuity and disaster recovery, unless earlier deletion is technically possible and legally permitted

Once the relevant retention period expires, or upon a valid erasure request, Your Personal Data will be either securely erased from Our systems or anonymized so that it can no longer be linked to You.

9. International Data Transfers

We store and Process all Personal Data primarily on servers located within the European Economic Area (EEA), in full compliance with the GDPR.

However, certain third-party services integrated into the Website — such as Google Analytics (provided by Google LLC) and Meta Pixel (provided by Meta Platforms, Inc.) — may involve limited cross-border Data transfers outside the EEA. In such cases, We ensure that adequate safeguards are in place, including:

the use of Standard Contractual Clauses (SCCs) approved by the European Commission;
anonymization or pseudonymization of transmitted Data;
vendor assessments to verify compliance with data protection standards.

Should any additional international Data transfers become necessary in the future, We will ensure that they are carried out in full accordance with Chapter V of the GDPR, based on appropriate safeguards such as adequacy decisions, Standard Contractual Clauses, or binding corporate rules.

10. Cookies and Tracking

The Website uses cookies and similar tracking technologies to enhance functionality, analyze usage, and measure the effectiveness of Our communications. In accordance with the GDPR and the ePrivacy Directive, non-essential cookies (such as analytics and marketing cookies) are activated only after We have obtained Your prior Consent.

Strictly necessary cookies, which are required for the basic functioning of the Website, do not require Consent and are placed automatically.

You can manage Your cookie preferences at any time through Your browser settings. For detailed information about the types of cookies We use, their purposes, providers, and retention periods, please refer to Section 10 of Our Privacy Notice.

You have the right to withdraw Your Consent to non-essential cookies at any time. Withdrawal of Consent does not affect the lawfulness of Processing based on Consent before its withdrawal.

11. Data Breach Notification

In the event of a Personal Data breach, We are committed to responding promptly and in accordance with Articles 33 and 34 of the GDPR.

Notification to the supervisory authority (Art. 33)

If a Personal Data breach is likely to result in a risk to the rights and freedoms of natural persons, We will notify the competent supervisory authority without undue delay and, where feasible, within 72 (seventy-two) hours of becoming aware of the breach. The notification will include the nature of the breach, the categories and approximate number of individuals affected, the likely consequences, and the measures taken or proposed to mitigate the effects. If notification is not made within 72 hours, it will be accompanied by reasons for the delay.

Notification to affected individuals (Art. 34)

If the breach is likely to result in a high risk to the rights and freedoms of natural persons, We will also communicate the breach to the affected individuals without undue delay. The communication will describe the nature of the breach in clear and plain language, provide the name and contact details of Our data protection contact, describe the likely consequences, and outline the measures We have taken or propose to take to address the breach and mitigate its adverse effects.

We maintain internal procedures for detecting, investigating, and documenting Personal Data breaches, including assessing the risk to individuals and determining the appropriate course of action.

12. Data Protection in Engineering Services

As a software engineering company, Happ Labs provides custom software development, consulting, and related technical services to clients. While the Website itself is a corporate landing page and does not offer SaaS functionality or user accounts, We recognize that Our engineering work may involve processing or handling Personal Data on behalf of Our clients.

When delivering engineering services, We incorporate GDPR principles and data protection considerations into Our development practices, including:

Data Processing Agreements

Where Our engineering services involve Processing Personal Data on behalf of a client (acting as a Data Processor), We enter into Data Processing Agreements (DPAs) in accordance with Article 28 of the GDPR. These agreements define the scope, nature, and purpose of Processing, as well as the obligations and rights of both parties.

Privacy by Design and by Default

In accordance with Article 25 of the GDPR, We integrate data protection considerations into the design and architecture of the software systems We build for Our clients. This means that data protection safeguards are embedded from the earliest stages of development — not added as an afterthought. By default, only the Personal Data necessary for each specific purpose is Processed.

Data Minimization

We advise and assist Our clients in implementing data minimization principles, ensuring that their systems collect and Process only the minimum amount of Personal Data required for the intended purpose. We design architectures that support selective data collection, pseudonymization, and anonymization where appropriate.

Confidentiality and Security

All team members involved in client projects are bound by strict confidentiality obligations, including NDAs. We apply the same technical and organizational security measures described in Section 7 of this page to all engineering work, including encryption, access control, and secure development practices.

The specific terms governing data protection in connection with Our engineering services are defined in the individual service agreements and DPAs executed with each client. For more information, please contact Us at admin@happ.tools.

13. Changes to This Page

We may update this GDPR Compliance page from time to time to reflect changes in Our data processing practices, legal requirements, or regulatory guidance. When We make material changes, We will update the "Effective from" date at the top of this page.

We encourage You to review this page periodically to stay informed about Our GDPR compliance efforts. If the changes are substantial, We will notify You at least 15 (fifteen) calendar days before such changes take effect and, where legally required, obtain Your Consent again.

14. Contact Information

If You have any questions, concerns, or requests related to GDPR compliance or data protection, please contact Us using any of the following methods:

by email: admin@happ.tools (Data Protection contact),
by phone: +38 (099) 482 9573,
by Telegram: @slavasaloid,
or by using the contact form available on the Website.

We will make every effort to respond to Your inquiry as soon as possible, and no later than 30 (thirty) calendar days from the date of receipt.

For detailed information about how We collect, use, and protect Your Personal Data, please refer to Our Privacy Notice. For information about the terms governing Your use of the Website, please see Our Terms & Conditions.