HamHey Logo

POLICIES

GDPR Compliant

✅ Hamhey's privacy practices and internal controls have been designed to meet EU GDPR requirements, verified through regular internal reviews and external audits for your peace of mind.

Privacy Policy

Last Updated: September 9, 2025

Hamhey Corporation ("Hamhey," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains what personal data we collect from users of our AI relocation services, how and why we process that data, and your rights regarding your data under the EU General Data Protection Regulation (GDPR). This Policy applies to all personal information collected through our website and services from students, expats, and any users moving abroad with our assistance.

By using our services, you acknowledge that you have read and understood this Privacy Policy (which is provided in clear and plain language, as required under GDPR).

Data We Collect

We only collect data that is necessary for providing and improving our relocation services. Personal data we collect may include:

Contact Information

Name, email address, telephone number, and mailing address. This allows us to create your account and communicate with you (e.g. to provide relocation advice or updates).

Identification and Profile Data

Information you provide about your background and relocation needs (such as nationality, destination country, university or employer if relevant, and housing preferences). This helps us tailor our AI-driven relocation recommendations.

Transactional Data

If you make payments for premium services, we collect payment-related information (e.g. billing address). Note that credit card details are handled by our payment processor (Stripe) and not stored on our servers for security.

Usage Data

Technical data collected automatically when you interact with our site, including IP address, browser type, pages viewed, date/time of visits, and referring website. This usage data helps us analyze service performance and user engagement.

Cookies and Tracking

We use cookies and similar technologies (like web beacons) to recognize you and collect information about your interaction with our site. For details, see our Cookie Policy section below.

Important:

We do not intentionally collect any special categories of sensitive personal data (such as race, health, or biometrics) as part of our services. We ask that you do not provide such data to us.

Legal Bases for Processing

Under the GDPR, we must have a valid legal basis to process your personal data. Depending on the context, Hamhey relies on the following legal grounds:

Performance of a Contract

Most data is processed to provide our services to you and fulfill our contract.

Consent

For marketing communications and optional analytics/marketing cookies (you can withdraw consent at any time).

Legitimate Interests

For improving and securing our website, preventing fraud, and communicating service updates.

Legal Obligation

When we must process data to comply with legal requirements.

Purpose of Collection and Use of Data

We use personal data only for specified, explicit, and legitimate purposes, which include:

Providing and Personalizing Services

  • Operating the AI relocation platform and generating personalized recommendations
  • Matching you with suitable housing options, visa guidance, and local service referrals
  • Personalizing content based on your destination and preferences

Account Management and Customer Support

  • Creating and maintaining your user account
  • Authenticating you upon login
  • Communicating with you about your account or support inquiries

Processing Payments

  • Processing transactions via our third-party payment processor (Stripe)
  • Maintaining records of payments for accounting purposes

Service Improvements

  • Analyzing usage data to understand how our services are used
  • Debugging issues and optimizing our AI algorithms
  • Developing new features that enhance user experience

Marketing and Communication (with consent)

  • Sending newsletters, product updates, or special offers (with your permission)
  • You can opt out at any time via unsubscribe links or by contacting us

Third-Party Processors and Data Sharing

Hamhey does not sell your personal data. We only share information in the following circumstances:

Service Providers (Processors)

We use trusted third-party companies to help us operate the service. These providers process data only under our instruction:

Payment Processing: Stripe (for secure payment processing)

We share minimal necessary data (transaction amount, name/email) to complete payments

Analytics: Google Analytics (with IP anonymization)

Only with your consent via cookie banner; helps us understand website usage

Hosting and Infrastructure: AWS and other certified cloud providers

For secure storage and backup with Data Processing Agreements in place

Communication Tools: Email automation services

For sending service emails and newsletters (with consent)

Business Transfers

If Hamhey is involved in a merger, acquisition, or asset sale, personal data may be transferred to the new owner. We will ensure the successor honors this Policy and provide notice of any changes.

Legal Requirements

We may disclose personal data if required by law or to protect rights, property, and safety. We will only disclose what is necessary and inform you if legally permitted.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes described above, unless a longer retention period is required by law:

Account Information

Retained while your account is active. Deleted upon request (except data required for legal reasons). Backup copies purged on routine schedule.

Relocation Service Data

Kept through the duration of relocation assistance and for a reasonable period afterward (typically 2 years), unless you request earlier deletion.

Usage Data

Analytics data retained for 6 months, unless aggregated for long-term trend analysis (anonymized).

Legal Retention

Financial records kept for at least 7 years under U.S. accounting rules, as required by law.

Cross-Border Data Transfers

Hamhey Corporation is based in Delaware, USA. If you are located in the European Economic Area (EEA), United Kingdom, or other regions with data transfer restrictions, your personal data may be transferred to and stored on servers in the United States.

Our compliance measures include:

  • EU-U.S. Data Privacy Framework: We are evaluating participation in the new EU-U.S. Data Privacy Framework for strong privacy protections
  • Standard Contractual Clauses (SCCs): We use European Commission's SCCs in our agreements with service providers
  • Additional Safeguards: Encryption in transit and at rest, access controls, and policies to prevent unauthorized access
  • Transfer Impact Assessments: We continuously monitor legal developments and adjust our practices accordingly

Transparency Commitment:

If you have questions about international transfer of your data or want a copy of the relevant transfer safeguards (e.g., SCCs), you can contact us at privacy@hamhey.com.

Your GDPR Data Protection Rights

As a user of Hamhey's services and as a data subject in the EU, you have certain rights over your personal data. We are committed to facilitating the exercise of these rights.

Right to Be Informed

Clear information about how we use your personal data (this Privacy Policy and our Cookie Policy).

Right of Access

Request a copy of the personal data we hold about you in a common format.

Right to Rectification

Request correction or completion of inaccurate or incomplete personal data.

Right to Erasure

"Right to be forgotten" - ask us to delete your personal data (unless legally required to keep it).

Right to Restrict Processing

Ask us to restrict or pause processing of your data in certain circumstances.

Right to Data Portability

Receive your data in a structured, machine-readable format to transmit to another controller.

Right to Object

Object to processing based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision-Making

Protection against purely automated decisions that significantly affect you.

Exercising Your Rights:

Contact us at privacy@hamhey.com or through your account settings. We will respond within 30 days and may require identity verification. You also have the right to lodge a complaint with a supervisory data protection authority.

Data Security

Hamhey employs appropriate security measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction. We maintain administrative, technical, and physical controls following industry best practices.

Security Measures Include:

  • Encryption: TLS encryption for data in transit and encryption of sensitive data at rest
  • Access Controls: Restricting employee access to data on a need-to-know basis
  • Regular Audits: Security audits and employee training to maintain compliance
  • Third-Party Security: Our processors have independent security certifications (SOC 2, ISO 27001)
  • Anonymization/Pseudonymization: Where suitable to protect personal data

Data Breach Response:

In the unlikely event of a data breach, we will notify affected individuals and relevant authorities within the timelines set by GDPR. We have an internal Data Breach Response Plan to handle such situations swiftly.

Cookie Policy

This section explains how Hamhey uses cookies and similar tracking technologies on our website, in accordance with GDPR and the ePrivacy Directive.

What are Cookies?

Cookies are small text files that websites save to your device when you visit. They serve various functions like remembering site preferences and enabling certain features.

Types of Cookies We Use:

Necessary Cookies (Always Active)

  • • Session management (keeping you logged in)
  • • Cookie preferences storage
  • • Load balancing and performance

Analytics Cookies (Opt-in Required)

  • • Google Analytics (with IP anonymization)
  • • Website usage tracking
  • • Performance monitoring

Preference Cookies (Optional)

  • • Language selection
  • • Region preferences
  • • Personalization settings

Marketing Cookies (Currently None)

  • • Currently not used
  • • Would require explicit consent
  • • Transparent opt-in if implemented

Cookie Consent:

We use a GDPR-compliant cookie banner that allows you to Accept All, Reject All, or Customize your preferences. Non-essential cookies are disabled by default until you opt-in. You can change your preferences at any time via the cookie settings link.

Contact Information

Data Controller: Hamhey Corporation is the "data controller" responsible for your personal data under GDPR.

Email: privacy@hamhey.com

Data Protection Officer: dpo@hamhey.com

Postal Address: Hamhey Corporation, Attn: Privacy Team, Delaware, USA

Response Time: Within 30 days of receiving your request

Supervisory Authority:

If you are not satisfied with our response, you have the right to lodge a complaint with your local Data Protection Authority. A list of EU supervisory authorities can be found at your national data protection authority website.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time (for example, to comply with new legal requirements or to reflect changes in our services). If we make material changes, we will notify users by posting a prominent notice on our website or via email, and indicate the "Last Updated" date at the top.

We encourage you to review this Policy periodically. Continued use of our services after updates constitute acknowledgment of the revised Privacy Policy. We maintain an archived history of previous privacy policy versions for transparency.

Questions about our policies?

If you have any questions about these policies or need clarification, our privacy team is here to help.