GDPR Compliance

Right of Access (Article 15)

You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and access to that data.

Right to Rectification (Article 16)

You have the right to have inaccurate personal data corrected and incomplete data completed.

Right to Erasure (Article 17)

You have the right to have your personal data deleted in certain circumstances ("right to be forgotten").

Right to Restrict Processing (Article 18)

You have the right to restrict the processing of your personal data in certain circumstances.

Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used format and transmit it to another controller.

Right to Object (Article 21)

You have the right to object to processing of your personal data for direct marketing or legitimate interests.

Contract Performance (Article 6(1)(b))

We process your data to provide our property management services as outlined in our Terms of Use.

Legitimate Interests (Article 6(1)(f))

We process data to improve our services, ensure security, and prevent fraud, where our interests do not override your fundamental rights.

Consent (Article 6(1)(a))

We process certain data (like marketing communications) based on your explicit consent, which you can withdraw at any time.

Legal Obligation (Article 6(1)(c))

We may process data to comply with legal requirements, such as tax reporting or regulatory obligations.

Technical Safeguards

• End-to-end encryption for data transmission
• AES-256 encryption for data at rest
• Secure authentication and access controls
• Regular security audits and penetration testing
• Automated monitoring and threat detection

Organizational Measures

• Data Protection Officer (DPO) appointed
• Staff training on data protection principles
• Data processing agreements with all third parties
• Regular privacy impact assessments
• Incident response and breach notification procedures

Data Minimization

We only collect and process data that is necessary for providing our services and comply with the principle of data minimization.

Our Commitment

In the event of a personal data breach that poses a high risk to your rights and freedoms, we will:

• Notify the relevant supervisory authority within 72 hours
• Inform affected individuals without undue delay
• Provide clear information about the breach and its consequences
• Explain measures taken to address the breach
• Offer guidance on steps you can take to protect yourself

How We Notify

We will notify you via email to your registered address and through prominent notices in our platform.

How to Make a Request

To exercise your GDPR rights, you can:

• Use the data management tools in your account settings
• Contact our Data Protection Officer at privacy@hana-ai.com
• Submit a request through our support portal
• Write to us at our registered address

Response Time

We will respond to your request within one month of receipt. In complex cases, we may extend this by up to two additional months, with notification of the extension and reasons.

Verification

We may need to verify your identity before processing your request to ensure data security and prevent unauthorized access.

Right to Lodge a Complaint

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with your local supervisory authority.

Lead Supervisory Authority

Our lead supervisory authority is the Data Protection Commission in Ireland, as our main establishment is in the EU.