Privacy Policy

1. Introduction and Data Controller

This Privacy Policy explains how NewCo Ltd. ("we," "our," or "us") collects, uses, discloses, and protects your personal data when you use the Helix platform and services.

NewCo Ltd. is the data controller responsible for your personal data:

NewCo Ltd.
New Address 1
Company No: NEW123
Email: privacy@helixai.academy

2. Legal Basis for Processing

We process your personal data under the General Data Protection Regulation (GDPR) based on the following lawful grounds:

• Contract performance: Processing necessary to provide our services to you
• Legitimate interests: For improving our services, security, and fraud prevention
• Legal obligation: To comply with EU laws and regulations
• Consent: Where you have given explicit consent for specific processing activities

3. Personal Data We Collect

3.1 Account Information

When you create an account, we collect:

• Name and email address
• Account credentials (encrypted password)
• Profile information you provide
• Communication preferences

3.2 Payment Information

For credit purchases, we collect:

• Billing address
• Payment method details (processed securely by our payment provider)
• Transaction history
• Tax identification information where applicable

3.3 Usage Data

We automatically collect:

• IP address and device information
• Browser type and version
• Pages visited and features used
• Time and date of access
• Referring website addresses

3.4 Research Data

Data you input into our AI services is processed solely to provide the service to you and is not used for any other purpose without your explicit consent.

4. How We Use Your Personal Data

We use your personal data for the following purposes:

• Providing and maintaining our AI research services
• Processing credit purchases and managing your account
• Communicating with you about services, updates, and support
• Ensuring security and preventing fraud
• Complying with legal obligations and regulatory requirements
• Improving our services through anonymized analytics
• Sending marketing communications (only with your consent)

5. Data Sharing and Disclosure

We do not sell your personal data. We may share your data only in the following circumstances:

• With service providers who process data on our behalf (see 5.1)
• When required by law or to protect rights and safety (see 5.2)

5.1 Service Providers

We work with carefully selected third-party service providers who process data on our behalf:

• Payment processors (for secure transaction processing)
• Cloud hosting providers (for data storage and computing)
• Email service providers (for communications)
• Analytics providers (with anonymized data)

All service providers are bound by data processing agreements and must comply with GDPR.

5.2 Legal Obligations

We may disclose your data when required by EU or member state law, or to:

• Comply with legal processes or government requests
• Enforce our Terms of Service
• Protect the rights, property, or safety of NewCo Ltd., our users, or others
• Prevent fraud or security issues

6. International Data Transfers

Your personal data is primarily processed and stored within the European Economic Area (EEA).

If we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, adequacy decisions, or other legally valid transfer mechanisms under GDPR Article 46.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy:

• Account data: Retained while your account is active and for 2 years after account closure
• Transaction records: Retained for 7 years to comply with financial regulations
• Usage data: Retained for up to 2 years or anonymized for longer-term analytics
• Research data: Deleted upon request or when no longer needed for service provision

After the retention period, we securely delete or anonymize your personal data.

8. Your Rights Under GDPR

As a data subject under GDPR, you have the following rights:

8.1 Right of Access

You can request a copy of the personal data we hold about you.

8.2 Right to Rectification

You can request correction of inaccurate or incomplete personal data.

8.3 Right to Erasure

You can request deletion of your personal data ("right to be forgotten"), subject to legal retention obligations.

8.4 Right to Data Portability

You can request your personal data in a structured, commonly used, and machine-readable format (JSON, CSV, or XML).

8.5 Right to Restriction

You can request restriction of processing in certain circumstances.

8.6 Right to Object

You can object to processing based on legitimate interests or for direct marketing.

8.7 Withdrawal of Consent

Where processing is based on consent, you can withdraw it at any time.

8.8 Right to Lodge a Complaint

You have the right to lodge a complaint with your local supervisory authority if you believe we have violated your data protection rights.

9. Exercising Your Rights

To exercise any of your rights, contact us at:

Email: privacy@helixai.academy
Or by contacting our support team at support@helixai.academy

We will respond to your request within one month. If your request is complex, we may extend this by two additional months and will inform you of the extension.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• Encryption of data in transit (TLS/SSL) and at rest
• Regular security assessments and penetration testing
• Access controls and authentication mechanisms
• Employee training on data protection
• Incident response and breach notification procedures
• Regular backups and disaster recovery plans

While we strive to protect your data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

11. Cookies and Tracking

We use cookies and similar tracking technologies. For detailed information about the cookies we use and your choices, please see our Cookie Policy.

You can control cookies through your browser settings. Note that disabling certain cookies may affect the functionality of our services.

12. Children's Privacy

Our services are not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16.

If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately. We will delete such data from our systems.

13. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you without your explicit consent or other lawful basis.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by email or through a prominent notice on our platform. The "Last updated" date at the top indicates when this policy was last revised.