Privacy Policy

Updated 29 September 2023

1 Introduction

1.1 This privacy policy (“Privacy Policy”) comprise all Services from:

Hylman SAS, 15 rue Dupont de l’Eure, 75020 Paris (the ”Company”, “we”, “our”, “us”, etc.) to the Customers.

1.2 This Privacy Policy describes the types of Personal Data we collect, how we process such Personal Data, and who you can contact, if you have any questions or comments about this Privacy Policy. The Privacy Policy describes our processing of Personal Data as Data Controller of Personal Data connected to the Customer’s subscription to our Services or a free trial period. Our processing of Personal Data on behalf of Customers, as Data Processor, is regulated by the Data Processing Agreement entered into upon the Customer’s subscription to the Services or a free trial period. See also section 3 of this Privacy Policy.

1.3 Protecting your Personal Data is our highest priority regardless of whether such Personal Data relates your use of our Services, website or other correspondence between you and the Company. You are welcome to contact us if you have any questions to this Privacy Policy or our processing of Personal Data in general. See section 13 for contact information.

1.4 Privacy Policy supplements our Terms of Service. We encourage all our Customers to read this Privacy Policy and our Terms of Service thoroughly before using our Services.


2.1 Terms and expressions with capital first letters used in this Privacy Policy shall have the meanings set out in this section 2.

2.2 “Customer”, “you”, “yours” etc. shall mean a free trial user or subscriber of Services provided by the Company.

2.3 “Data Controller” and “Data Processor” shall mean “controller” and “processor” respectively as defined in the GDPR.

2.4 “GDPR” shall mean the General Data Protection Regulation (EU Regulation 2016/679 of 27 April 2016 on the protection of natural persons regarding the processing of personal data and on the free movement of such data. In Denmark, GDPR is supplemented by the Act on supplementary provisions to the regulation on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (Act No. 502 of 23 May 2018) (the “Data Protection Act”).

2.5 “Personal Data” shall mean any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

2.6 “Services” shall mean all services rendered by the Company to the Customer, including, but not limited to services located at and our mobile/VR application “Hylman HQ | Global Virtual Office” and other apps, IT tools or software programs developed by the Company, hosting of data, support and helpdesk services etc.

2.7 “Termsof Service” shall mean the Terms of Service made available from time to time on


3.1 This Privacy Policy describes our processing of Personal Data as Data Controller of Personal Data connected to the Customer’s subscription to our Services or a free trial period. With respect to all Personal Data entered, transferred or stored on behalf of the Customers in the databases of the Company or a third-party supplier appointed by the Company, the Customer is the Data Controller and the Company is the Data Processor.

3.2 Our processing of Personal Data on behalf of the Customer is regulated by the Data Processing Agreement, which is entered into upon the Customer’s subscription to the Services or a free trial period.


4.1 Personal Data includes information that can be used to identify you as an individual. If you sign up to our Services or a free trial, we will ask you to provide us with certain personal identifiable information that can be used to identify you, including:

a) Contact information, such as email address, telephone number first and last name

b) Username(s) of authorised users and IP address

c) Company information (for personally owned companies, including CVR-no.)

d) If you subscribe to our Services, we will ask you for your payment information, including bank account number

e) Information collected via, including cookies and usage data (see section 10).

f) Additionally, when using the VR app some information is required to be processed for the basic functionality of the app and in some cases be stored. This information includes, but is not limited to, voice data and VR/AR tracking data.

4.2 Voice data. When using the VR App, your voice data is transferred and processed through our secure servers with a secure connection for the purposes of voice communication with other users. Voice communication may be disabled in the app. In some cases, voice data may be recorded if requested by the user and will be explicitly indicated by the app. Voice recording are only stored securely in our databases and is only available to the user.

4.3 VR/AR tracking data. To use the VR app positional data is required to position and pose your avatar in the virtual space. Tracking data is only transferred and processed through our secure servers with a secure connection. The data may be recorded when requested by you similarly to your voice data. Positional and voice data may be stored and processed together in some cases.

4.4 As the clear main rule, we do not collect or process any sensitive Personal Data.


5.1 We process the Personal Data we collect to:

g) Fulfil our agreement with you, including provide our Services to you or take steps on your request;

h) Notify you about changes in our Services, Terms and Conditions or this Privacy Policy;

i) Provide analysis or valuable information so that we can improve our Website and IT tool.

j) Monitor the use of our website and Services;

k) To contact you for feedback about our services;

l) To contact you for our own marketing and promotional purposes, e.g. to provide you with our newsletter (provided that you have provided your consent);

m) Detect, prevent and mitigate technical issues;

n) Comply with legal obligations;

o) Establish, exercise or defend against legal claims and to protect and defend the rights or property of The Company;

p) Prevent or investigate possible wrongdoing in connection with our website or Services and protect the personal safety of users of our website or IT tool or the public.

5.2 Our legal basis for processing of Personal Data is primarily based on the necessity of such processing to fulfil the subscription agreements we enter into with Customers to provide our Services. In some cases, our processing will be based on our legitimate interest of such processing or based on consent from the Customers. Processing of Personal Data may also be necessary for processing for compliance with a legal obligation to which we are subject, e.g. bookkeeping requirements. In some cases, processing may be necessary for the establishment, exercise or defence of legal claims.

5.3 Our legal basis for Processing of Personal Data is especially article 6(1), litra a-c and f as well as article 9(2), litra a and f, in the GDPR, and article 6 (1) of the Danish Data Protection Act.


6.1 Personal Data is processed in the EU in Hylman’s dedicated datacentre. Personal Data is stored in UK & EU. A witness replica database which does not maintain a full set of data but participates in replication is located in Finland.

6.2 Before transferring Personal Data to a third country or an international organization outside the EU/EEA, we will assess whether such transfer of Personal Data ensures an adequate level of protection of the Personal Data. We will ensure that the transfer is in accordance with rules on transfers of personal data to third countries or international organizations in the GDPR and the Danish Data Protection Act, including, where necessary, entering into data processing agreements with our Data Processors (see section 7 below) on the basis of the European Commission’s standard contractual sections for data transfers between EU and non-EU countries or according to the EU-US Privacy Shield Framework.

6.3 We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your Personal Data and other information.


7.1 We may employ third-party suppliers located in the EU or the US to facilitate, service or analyse the use of our website or Services or for data hosting and storage, including backup.

7.2 These third-party suppliers will only have access to your Personal Data if necessary to perform the agreed tasks. We will ensure that third parties with access to Personal Data are obligated not to disclose or use the Personal Data for any other purposes than to perform the agreed tasks.

7.3 If the third-party suppliers act as Data Processors and process Personal Data on our behalf, we will make sure to enter into data processing agreements with the Data Processors before the Data Processors carry out any processing of Personal Data on our behalf.


8.1 In accordance with the general principles of storage limitation set out in the GDPR, we will only keep your Personal Data for as long as necessary. The storage (or retention) period depends on the nature of the information and the background for storage. It is therefore not possible to specify a specific time frame for deletion of Personal Data in each case in this Privacy Policy. However, we have described our general retention rules in section 9.2 below.

8.2 Generally, we process Personal Data about Customers for a period of up to three (3) years from effective termination of the Customer’s use of our Services. However, Personal Data related to payments must be kept for five (5) years + the current calendar year after the end of the accounting year according to Danish rules on bookkeeping. Personal Data may be stored for a longer period if the Personal Data is needed to establish, exercise or defend a legal claim


9.1 We have taken technical and organizational measures to prevent your information from being accidentally or illegally deleted, disclosed, lost, impaired, misused or otherwise violated by law.

9.2 We use encryption of data which means that all data transmitted between your device and our servers is unreadable to outsiders. To access your account, you need your personal username and password and must go through our authentication process. All data is transmitted using secure protocols, such as HTTPS and WSS. We do not knowingly allow any unencrypted data to be exposed. All data is encrypted at rest at an underlying level. Extra sensitive information, such as login credentials have additional encryption at the application level. Very little data is stored on the user’s physical device, and only include low-risk information such as parameters used to display the user’s avatar.

9.3 We host all data on up-to-date Google cluster servers that are protected against unauthorized access by a firewall. Somme data and backups are stored with Google Cloud Storage

9.4 We have internal rules on information security and annual training session for all employees about best practices to secure themselves and the Company’s Personal Data. Our internal rules on information security contain instructions and measures to protect Personal Data from being destroyed, lost or modified, from unauthorized disclosure, and against unauthorized access or knowledge of them. We will ensure that collected Personal Data are treated with care and protected according to applicable safety standards. We have strict security procedures for collecting, storing and transferring Personal Data to prevent unauthorized access.

9.5 The security of your Personal Data is very important to us, but remember that no online transmissions, or method of electronic storage is 100% secure. While we strive to use commercially validated means to protect your Personal Data, we cannot guarantee its absolute security.

9.6 We assess the risk of our processing of Personal Data on an ongoing basis.You can see the most commonly asked questions and answers to ourInformation Security measures in our FAQ available on


10.1 We use cookies and similar tracking technologies to track the activity on our website and IT tool. Cookies are files with small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from our website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information.

10.2 You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our website.

10.3 Consent to use of cookies

10.3.1 When visiting our, you will be asked for your consent to the cookies used on the website (technically necessary cookies are applied automatically). If you have consented to the website’s use of cookies, but no longer wish to consent to the use of cookies, you can deselect and delete the cookies by modifying the settings in your browser (see section 10.8 on “Deletion of cookies”).

10.4 Types of cookies

10.4.1 Session cookies and persistent cookies.There are two types of cookies – session cookies and persistent cookies. Session cookies are bits of information that are erased when you close your web browser. Persistent cookies are bits of information that are stored on your computer until they are erased. Persistent cookies erase themselves after a certain period of time but are renewed each time you visit Our website uses both session cookies and persistent cookies.

10.4.2 “Own” cookies and third-party cookies. Cookies can be placed on by the Company itself or by third parties such as Google or Facebook (see below for information about the use of Google Analytics).

10.5 Purposes

10.5.1 Session cookies. We use session cookies to operate this website and our IT tool.

10.5.2 Persistent cookies. We use persistent cookies to remember your preferences and various settings and security cookies for security purposes. We also use persistent cookies for marketing purposes, such as Google Ads Remarketing (only with your consent).

10.6 Google Analytics

10.6.1 We use Google Analytics. Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our website. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.

10.7 Social media. We use social media buttons to allow you to connect with your social network. For these to work the following social media sites Facebook, LinkedIn, Instagram and Twitter, will set cookies through our site which may be used to enhance your profile on their site or contribute to the data they hold for various purposes outlined in their respective privacy policies.

10.8 Deletion of cookies

10.8.1 Most browsers allow you to erase cookies from your hard drive via the browser settings, block all cookies or receive a warning before a cookie is stored. You must be aware that in such case services and features cannot be used by you because they require cookies to remember choices you make.

10.8.2 You can opt-out of having made your activity on the service available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sharing information with Google Analytics about visits activity. For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page.

10.9 Links to other websites

10.9.1 Our website may contain links to other sites that are not operated by the Company. If you click on a third-party link, you will be directed to that third party’s site. We strongly advise you to review the privacy policy of every site you visit.

10.9.2 We have no control over and assume no responsibility for the contents, privacy policies or practices of any third-party sites or services.


11.1 You have certain rights related to our processing of your Personal Data according to the GDPR.

11.2 In short, your rights include (see also Articles 15-22 in the GDPR):

11.2.1 Right of access. You are entitled to be informed whether any Personal Data about the subject is being processed and if so, obtain access to the Personal Data.

11.2.2 Right of data portability. You are entitled to receive Personal Data that you have provided to The Company (this data must be provided in a structured, commonly used and machine-readable format).

11.2.3 Right to rectification. You are entitled to obtain rectification of incorrect Personal Data.

11.2.4 Right of deletion. You are (with certain limitations), entitled to request erasure of Personal Data by us without undue delay.

11.2.5 Right to object. You are entitled to object to the processing of your personal data, namely if the processing of your personal data includes profiling or if the processing is based on the assessment of our interest in processing your personal data)

11.2.6 Right to restriction of processing. You are entitled to obtain a restriction of the processing of your personal data, namely if you contest the accuracy of the personal data, or where a request to be deleted cannot be accommodated, e.g. due to The Company’ need to keep the personal data for the establishment, exercise or defence of legal claims.

11.3 Please note that the above-mentioned rights will only be individually fulfilled by The Company in relation to the cases where The Company is considered as the Data Controller. In situations where The Company is regarded as the data processor, the above-mentioned rights must be fulfilled by the data controller.

11.4 Inquiries related to your rights according to GDPR can be made to:


12.1 We may update this Privacy Policy. If you have signed up for a free trial or subscribed to our Services, we will notify you of any significant changes.

12.2 You are advised to review this Privacy Policy periodically for any changes. The Privacy Policy available on our website (as updated from time to time) applies to our Services and use of our website.


13.1 If you have any questions about this Privacy Policy, want to invoke your rights granted by GDPR, or if you feel that we are not abiding by Privacy Policy, please contact us by email: