Helios

Helios GDPR Privacy Notice. This GDPR Privacy Notice explains how Helios collects, uses, stores, discloses, and otherwise processes personal data of individuals in the European Economic Area, the United Kingdom where relevant local law aligns similarly, and other individuals where the General Data Protection Regulation (“GDPR”) applies. This Notice supplements the Helios Privacy Policy and should be read together with our Terms of Service and other applicable Helios policies. The GDPR requires transparent information about processing activities and applies to controllers and processors handling covered personal data.

1. Scope

This Notice applies to personal data processed by Helios in connection with use of the Helios platform, including account registration, profile creation, marketplace participation, gigs, quick tasks, communications, support, trust and safety review, transactions, and related operations.

For purposes of this Notice, “personal data” means information relating to an identified or identifiable natural person. The GDPR defines personal data broadly and applies to collection, use, disclosure, storage, and other forms of processing.

2. Controller

Helios acts as the controller for personal data it determines the purposes and means of processing, such as account administration, platform operations, safety enforcement, support, and business administration. In some cases, Helios may also act as a processor on behalf of another party where the other party determines the purpose and means of processing. The GDPR distinguishes between controllers and processors and assigns obligations to each.

Data Controller Contact Email: privacy@helios.supplies

3. Categories of Personal Data We May Process

Depending on how you use Helios, we may process categories of personal data such as:

Name, email address, phone number, account identifiers, and login details
Company, role, professional background, certifications, service information, and profile details
Communications, support requests, trust and safety submissions, and dispute-related records
Payment, payout, transaction, and billing-related information processed directly or through service providers
Files, documents, technical materials, portfolio content, and other information you upload or submit
Device, log, usage, and platform interaction data
Verification or compliance-related information where needed for fraud prevention, security, safety, or legal compliance

Under the GDPR, processing must be tied to specified purposes and the categories of data processed should be described transparently to data subjects.

4. How We Collect Personal Data

We may collect personal data:

Directly from you
When you create or update an account or profile
When you use platform features or communicate through Helios
When you submit service requests, applications, verification materials, or support inquiries
From transaction and payment workflows
From service providers supporting operations, security, analytics, verification, or payments
From other users or third parties where reasonably necessary for trust and safety, dispute handling, fraud prevention, or lawful platform operations

5. Purposes of Processing

We may process personal data for purposes such as:

Providing, maintaining, and improving Helios
Creating and managing accounts and profiles
Enabling services, listings, gigs, quick tasks, consultations, and transactions
Communicating with users and responding to support requests
Verifying identity, authority, eligibility, or business affiliation
Enforcing our policies, resolving disputes, and protecting users and the platform
Detecting, preventing, and investigating fraud, abuse, security incidents, or unlawful conduct
Complying with legal, regulatory, tax, accounting, and recordkeeping obligations; and
Establishing, exercising, or defending legal claims

The GDPR requires that personal data be collected for specified, explicit, and legitimate purposes and not further processed incompatibly with those purposes.

6. Lawful Bases for Processing

Where the GDPR applies, Helios processes personal data only where a lawful basis exists. Depending on the context, Helios may rely on one or more of the following:

Consent where you have given consent for one or more specific purposes
Contract where processing is necessary to enter into or perform a contract with you
Legal obligation where processing is necessary for compliance with applicable law
Legitimate interests where processing is necessary for Helios’s legitimate interests or those of a third party, except where overridden by your interests or fundamental rights and freedoms
Vital interests or other lawful grounds where applicable

These lawful bases are set out in GDPR Article 6.

7. Data Minimization, Accuracy, and Retention

Helios aims to limit personal data processing to what is adequate, relevant, and necessary for the stated purposes. We also take reasonable steps to keep personal data accurate and up to date where necessary, and we retain personal data only for as long as needed for the purposes for which it was collected, including legal, compliance, dispute-resolution, recordkeeping, and security needs. The GDPR includes principles of data minimization, accuracy, and storage limitation.

8. Disclosure of Personal Data

We may disclose personal data to:

Service providers and processors supporting hosting, infrastructure, analytics, communications, verification, support, security, payments, and payouts
Transaction counterparties and other users where necessary to provide requested marketplace or collaboration features
Advisers, auditors, insurers, legal counsel, and professional service providers
Competent authorities, regulators, courts, or law enforcement where required or permitted by law
Parties involved in a merger, acquisition, reorganization, financing, or sale of assets, subject to appropriate protections where applicable

Where Helios uses processors, the GDPR requires processing arrangements that govern how processors handle personal data on the controller’s behalf.

9. International Transfers

Helios may process or store personal data outside the EEA. When personal data is transferred outside the EU to a third country, the GDPR requires that the protection travel with the data through approved transfer mechanisms. The European Commission explains that transfers may be based on an adequacy decision or other safeguards such as standard contractual clauses and binding corporate rules.

If Helios transfers personal data internationally, Helios may rely on:

A European Commission adequacy decision, where available
Standard contractual clauses or other approved safeguards
Another lawful transfer mechanism permitted under applicable law

The European Commission adopted the EU-U.S. Data Privacy Framework adequacy decision on July 10, 2023, for participating U.S. organizations, and the Commission continues to maintain adequacy-decision mechanisms more broadly under Article 45 GDPR.

10. Security

Helios uses technical and organizational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or unauthorized access. The GDPR requires appropriate security of processing, taking account of the risk and the nature of the data involved.

No method of internet transmission or electronic storage is completely secure, so Helios cannot guarantee absolute security.

Where the GDPR applies, you may have the following rights, subject to legal limits and applicable exceptions:

Right to be informed about how your personal data is processed
Right of access to your personal data
Right to rectification of inaccurate or incomplete data
Right to erasure in certain circumstances
Right to restriction of processing in certain circumstances
Right to object to certain processing, including certain processing based on legitimate interests
Right to data portability where applicable
Right not to be subject to certain decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects

The European Commission lists these core data subject rights in its GDPR guidance for individuals and organizations.

12. How to Exercise Your Rights

You may request to exercise your rights by contacting Helios at:

Helios Privacy Contact: Email:privacy@helios.supplies

Helios may request information necessary to verify your identity and authority before responding. The European Commission notes that organizations must handle data subject requests relating to rights such as access, rectification, erasure, restriction, objection, and automated decision-making.

13. Complaints

If you believe your personal data has been processed in violation of applicable law, you may have the right to lodge a complaint with a competent supervisory authority in the EU or EEA member state where you live, work, or where the alleged infringement occurred. The GDPR establishes supervision and enforcement through independent supervisory authorities.

14. Automated Decision-Making

Helios may use automated tools to support platform operations such as security monitoring, fraud detection, ranking, matching, moderation support, or workflow triage. Where the GDPR applies and a decision is based solely on automated processing and produces legal or similarly significant effects, individuals may have rights and safeguards under applicable law. The European Commission identifies a right not to be subject to certain automated decision-making.

15. Changes to This Notice

Helios may update this GDPR Privacy Notice from time to time to reflect changes in law, regulatory guidance, platform functionality, or Helios data practices. When we do, we will update the date at the top of this Notice.

16. Contact Helios

If you have questions about this Notice or Helios’s privacy practices, contact:

Helios Privacy Contact Email: privacy@helios.supplies