GDPR Compliant

Privacy & Cookie Policy

Your privacy is fundamental to our mission. We're committed to protecting your data with enterprise-grade security and complete transparency.

Effective:January 26, 2025
Updated:January 26, 2025

Multi-Tenant Isolation

Perfect data separation with organization_id isolation

Complete Audit Trail

Every action tracked with Smart Code intelligence

GDPR Compliant

Full compliance with EU data protection regulations

Introduction

HERA ERP Ltd. ("HERA", "we", "our", or "us") is committed to protecting and respecting your privacy. This Privacy & Cookie Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our website at heraerp.com or use our enterprise resource planning services.

We comply with the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the UK Data Protection Act 2018, and other applicable data protection laws worldwide. Our revolutionary 6-table universal architecture ensures perfect data isolation through our sacred organization_id boundary, providing enterprise-grade security for all users.

Data Controller Information

Company:HERA ERP Ltd.
Contact:privacy@heraerp.com
DPO:dpo@heraerp.com

What Data We Collect

Personal Data You Provide

Contact Information

Name, email, phone, job title

Business Information

Company, industry, size, address

Account Data

Username, password, preferences

Transaction Data

Business transactions, audit logs

Data We Collect Automatically

Usage Data

IP address, browser type, pages visited, click paths

Performance Data

API response times, system metrics (anonymized)

Cookie Data

Session cookies, preferences, analytics (with consent)

Special Categories

HERA does not intentionally collect sensitive personal data (health, biometric, political opinions). If your business processes such data, it remains isolated within your organization's sacred boundary.

How We Use Your Data

We process your personal data based on the following legal bases under GDPR:

Contract Performance

Article 6(1)(b) GDPR

  • Providing HERA ERP services
  • Managing your account
  • Processing transactions
  • Maintaining audit trails

Legitimate Interest

Article 6(1)(f) GDPR

  • Improving our services
  • Ensuring platform security
  • Service updates & notices
  • Business intelligence

Consent

Article 6(1)(a) GDPR

  • Marketing communications
  • Non-essential cookies
  • Special data categories
  • Newsletter subscriptions

Legal Obligation

Article 6(1)(c) GDPR

  • Regulatory compliance
  • Authority requests
  • Tax records
  • Legal proceedings

Data Storage & Security

Technical & Organizational Measures

Multi-Tenant Isolation

Sacred organization_id boundary ensures zero data leakage

Smart Code Architecture

Every transaction tagged with intelligent business context

Encryption Standards

TLS 1.3 for data in transit, AES-256 for data at rest

Access Control

Role-based access control (RBAC) with JWT authentication

Real-time Monitoring

Security monitoring with Prometheus and Grafana

Backup & Recovery

Automated backups with point-in-time recovery (RPO ≤ 5min)

Data Location & Transfers

Primary data storage is within the European Economic Area (EEA). For international transfers, we rely on:

  • EU-approved Standard Contractual Clauses (SCCs)
  • Adequacy decisions by the European Commission
  • Your explicit consent for specific transfers

Cookies & Tracking Technologies

We use cookies and similar technologies to enhance your experience:

Essential Cookies

Always Active

Required for basic functionality, security, and authentication. Cannot be disabled.

Session managementSecurity tokensOrganization context

Functional Cookies

Optional

Enhance functionality and personalization. Can be disabled in preferences.

Language preferencesTheme settingsDashboard layouts

Analytics Cookies

With Consent

Help us understand usage patterns. Only set with your explicit consent.

Google AnalyticsPerformance monitoringUser journey tracking

Managing Cookies

You can control cookies through our Cookie Banner on first visit, or anytime via your browser settings. Note that disabling cookies may affect functionality.

Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

Right to Access

Request a copy of your personal data we hold

Right to Rectification

Request correction of inaccurate data

Right to Erasure

Request deletion of your data ('right to be forgotten')

Right to Restriction

Request limitation of processing

Right to Data Portability

Receive your data in machine-readable format

Right to Object

Object to processing based on legitimate interests

How to Exercise Your Rights

To exercise any of these rights, contact us through the following channels:

Email

privacy@heraerp.com

DPO

dpo@heraerp.com

Response

Within 30 days

Contact Information

Data Controller

HERA ERP Ltd.
info@heraerp.com
heraerp.com

Data Protection Officer

dpo@heraerp.com
GDPR Compliance Team
Response within 30 days