L.
Back to Home

Privacy Policy

Effective Date: May 8, 2025

1. Introduction and Scope

This Privacy Policy describes how Hero Technologies SL ("we," "us," "our," or "Hero Technologies") collects, uses, shares, and protects your personal data when you visit our website herodev.ai (the "Website"), contact us, or use our AI consulting and development services, including the building of autonomous agents, training of software engineers into AI engineers, and custom Large Language Model (LLM) development (collectively, the "Services").

We are committed to protecting your privacy and handling your personal data in an open and transparent manner, in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR).

2. Who We Are (Data Controller)

The data controller for the personal data processed in connection with our Website and direct client engagements (where we determine the purposes and means of processing) is:

Hero Technologies SL
B75454009
Barcelona, Spain
Email for privacy inquiries: privacy@herodev.ai

When we process personal data provided by our clients as part of service delivery (e.g., datasets for LLM training, user data for agent development), we typically act as a Data Processor on behalf of our client, who is the Data Controller. Such processing is governed by a separate Data Processing Addendum (DPA) with the respective client.

3. Information We Collect (Personal Data)

We may collect and process the following categories of personal data:

a. Information You Provide Directly to Us:

  • Contact Form and Direct Inquiries: When you contact us via our Website's contact form, email, or other communication channels, we may collect your First Name, Last Name, Company Name, Role/Title, Work Email Address, and any information you provide regarding your AI challenges, project goals, or inquiries.
  • Service Engagement: During consultations and service delivery, we may collect further business contact information, project requirements, business needs, and any other personal data you voluntarily provide.
  • Billing and Contract Information: To manage our contractual relationship, we collect contact details (name, address, email, phone) and payment information for invoicing and administrative purposes.

b. Information We Collect Automatically (Website Usage):

  • Log Data: When you visit our Website, our servers may automatically record information, including your IP address, browser type and settings, operating system, referring and exit pages, URLs, device information, date and time stamps of your visit, and details of your interactions with our Website (e.g., pages viewed, time spent on pages).
  • Cookies and Similar Technologies: We use cookies and similar tracking technologies to analyze trends, administer the Website, track users' movements around the Website, and gather demographic information about our user base as a whole.

c. Information Related to Service Delivery (as a Data Processor):

  • Client Personnel Information: Names, job titles, work email addresses, and phone numbers of our clients' employees or representatives involved in projects or training sessions.
  • Client-Provided Data for AI Development and Training: In the course of providing our Services, our clients (acting as Data Controllers) may provide us with access to datasets or systems containing personal data (e.g., customer data for LLM training, user interaction data for agent development). We process such data strictly as a Data Processor, based on our client's documented instructions and for the sole purpose of fulfilling our contractual obligations, as detailed in a separate Data Processing Addendum (DPA) with the client. We do not use this client-provided data for our own purposes.

4. How We Use Your Information (Purposes and Legal Basis for Processing)

We use your personal data for the following purposes, relying on the specified legal bases under GDPR:

a. To Respond to Your Inquiries and Provide Information:

Purpose: To address your questions, provide information about our Services, and schedule consultations.

Legal Basis: Legitimate interest (Article 6(1)(f) GDPR) to respond to potential clients and engage in business development; Consent (Article 6(1)(a) GDPR) if we intend to use your details for marketing purposes unrelated to your initial inquiry and have obtained your explicit consent.

b. To Provide and Manage Our Services:

Purpose: To deliver our AI consulting, autonomous agent development, engineer training, and custom LLM development services as agreed with our clients.

Legal Basis: Performance of a contract (Article 6(1)(b) GDPR) to which our client is a party.

c. To Train Client Engineers:

Purpose: To deliver training programs and enable our clients' software engineers to become proficient AI engineers.

Legal Basis: Performance of a contract (Article 6(1)(b) GDPR) with our client organization.

d. To Improve Our Website and Services:

Purpose: To analyze how users interact with our Website, identify areas for improvement, and enhance user experience and our service offerings.

Legal Basis: Legitimate interest (Article 6(1)(f) GDPR) to improve our business operations; Consent (Article 6(1)(a) GDPR) for the use of non-essential cookies and similar tracking technologies.

e. For Billing, Contract Administration, and Relationship Management:

Purpose: To issue invoices, manage payments, administer contracts, and maintain our business relationship with you or your organization.

Legal Basis: Performance of a contract (Article 6(1)(b) GDPR); Legal obligation (Article 6(1)(c) GDPR) (e.g., for tax and accounting purposes).

f. To Communicate With You Regarding Services:

Purpose: To send you important updates about our Services, project progress, changes to our terms, or other administrative information relevant to our engagement.

Legal Basis: Performance of a contract (Article 6(1)(b) GDPR); Legitimate interest (Article 6(1)(f) GDPR) to maintain effective communication.

g. To Comply with Legal and Regulatory Obligations:

Purpose: To comply with applicable laws, regulations, court orders, or other legal processes, such as responding to lawful requests from public authorities.

Legal Basis: Legal obligation (Article 6(1)(c) GDPR).

5. How We Share Your Information

We do not sell your personal data. We may share your personal data in the following limited circumstances:

  • Service Providers (Sub-processors): We may engage trusted third-party companies and individuals to perform services on our behalf (e.g., website hosting, cloud computing services for development and LLM training, analytics providers, communication tools, payment processors). These third parties will have access to your personal data only to perform these tasks on our behalf and are obligated by contract not to disclose or use it for any other purpose. We will maintain a list of our key sub-processors where required by law and ensure they provide adequate data protection safeguards.
  • Our Clients: We may share information related to their specific projects or the participation of their employees in our training programs directly with our clients.
  • Legal Requirements: We may disclose your personal data if required to do so by law or in the good faith belief that such action is necessary to: (i) comply with a legal obligation; (ii) protect and defend the rights or property of Hero Technologies SL; (iii) prevent or investigate possible wrongdoing in connection with the Services; (iv) protect the personal safety of users of the Services or the public; or (v) protect against legal liability.
  • Business Transfers: In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your personal data may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our Website of any change in ownership or uses of your personal data, as well as any choices you may have regarding your personal data.

6. Data Security

We are committed to protecting the security of your personal data. We implement appropriate technical and organizational measures designed to protect your personal data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures include, but are not limited to, encryption where appropriate, access controls, secure server environments, and regular security assessments. However, please note that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.

7. Data Retention

We will retain your personal data only for as long as is necessary for the purposes set out in this Privacy Policy, unless a longer retention period is required or permitted by law (such as for tax, accounting, or other legal requirements).

  • Personal data collected via our Website contact form or for initial inquiries will be retained for as long as necessary to address your inquiry and for a reasonable period thereafter for follow-up or as permitted by your consent.
  • Personal data related to client engagements will be retained for the duration of the contractual relationship and for a subsequent period as required by legal or contractual obligations (e.g., statutory limitation periods for claims, financial record-keeping).
  • Client-provided data processed by us as a Data Processor will be retained, returned, or deleted in accordance with the terms of the Data Processing Addendum (DPA) with the respective client.
  • Website usage data (log data, cookie data) is retained for varying periods as detailed in our Cookie Policy.

8. Your Data Protection Rights (Under GDPR)

If you are located in the European Economic Area (EEA), you have the following data protection rights:

  • Right of Access: You have the right to request copies of your personal data.
  • Right to Rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
  • Right to Erasure ('Right to be Forgotten'): You have the right to request that we erase your personal data, under certain conditions.
  • Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
  • Right to Object to Processing: You have the right to object to our processing of your personal data where it is based on our legitimate interests, under certain conditions.
  • Right to Data Portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
  • Right to Withdraw Consent: If we are processing your personal data based on your consent, you have the right to withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal data conducted in reliance on lawful processing grounds other than consent.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR. The Spanish Data Protection Agency (AEPD) is the relevant authority in Spain.

To exercise any of these rights, please contact us at privacy@herodev.ai. We will respond to your request in accordance with applicable data protection laws. We may need to verify your identity before processing your request.

9. Cookies and Tracking Technologies

Our Website uses cookies and similar technologies to enhance user experience, analyze website traffic, and for other purposes. You will be presented with a cookie consent banner upon your first visit to our Website to manage your preferences for non-essential cookies.

10. International Data Transfers

Your personal data may be transferred to, and processed in, countries other than the country in which you are resident. These countries may have data protection laws that are different from the laws of your country.

Specifically, some of our third-party service providers (e.g., cloud hosting, analytics tools) may be located outside the European Economic Area (EEA). Where we transfer your personal data out of the EEA to countries not deemed by the European Commission to provide an adequate level of personal data protection, we take appropriate safeguards to require that your personal data remains protected in accordance with this Privacy Policy and applicable law. These safeguards may include implementing the European Commission's Standard Contractual Clauses (SCCs) for transfers of personal data.

11. Children's Privacy

Our Website and Services are not directed to individuals under the age of 18 (or any lower age of digital consent applicable in your jurisdiction). We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected personal data from a child without verification of parental consent, we will take steps to delete that information from our servers. If you believe that we might have any information from or about a child, please contact us at privacy@herodev.ai.

12. Links to Other Websites

Our Website may contain links to other websites that are not operated by us (e.g., links to your LinkedIn articles). If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time in response to changing legal, technical, or business developments. When we update our Privacy Policy, we will take appropriate measures to inform you, consistent with the significance of the changes we make. We will obtain your consent to any material Privacy Policy changes if and where this is required by applicable data protection laws.

You can see when this Privacy Policy was last updated by checking the "Effective Date" displayed at the top of this Privacy Policy. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

14. Contact Us

If you have any questions, comments, or concerns about this Privacy Policy or our data protection practices, or if you wish to exercise your data protection rights, please contact us at:

Hero Technologies SL
Barcelona, Spain
Email: privacy@herodev.ai