1. Data Controller
The Data Controller is:
DS TECHNOLOGY Ltd
Private Limited Company incorporated under the laws of England and Wales
Registered office: 71–75 Shelton Street, Covent Garden, London, WC2H 9JQ
Privacy email: privacy@helixum.net
References in this Policy to "Helixum", "we", "us", or "our" refer to the Data Controller operating through the Helixum platform.
2. Scope of this Policy
This Policy applies to all personal data that Helixum collects from users in connection with the creation and management of an account, the subscription to and use of paid plans (Standard and Founder), the use of the dashboard, the Expert Advisor library, the licensing system, risk management tools, the support area and the referral programme, as well as any communications exchanged between the user and Helixum and the technical and security operation of the platform.
3. Personal data processed
Helixum processes the personal data voluntarily provided by the user at the time of registration, subscription, and use of the platform, as well as data generated through use of the service. In particular:
- Account and identification data: first name, surname, username, email address, password (stored exclusively in encrypted form), and any other information provided during registration.
- Subscription and billing data: subscription plan, plan type (Standard or Founder), billing status, transaction identifiers, invoice references, and other information necessary for subscription management. Payment card details and bank details are not stored on Helixum's systems and are processed exclusively by the payment service provider.
- Service usage data: information relating to the use of licensed Expert Advisors, licence keys associated with the account, activation logs, technical bindings, and operational records strictly necessary to enforce the licensing model and ensure the proper functioning of the service.
- Support and communication data: the content of messages, requests, and any information voluntarily shared by the user when contacting Helixum support.
- Referral data: information relating to the referral programme, where the user chooses to participate.
- Technical and security data: IP address, technical logs, session data, browser type, device information, access timestamps, and other essential browsing information automatically collected by Helixum's systems for the security, integrity, and proper functioning of the platform.
Helixum does not carry out profiling for advertising purposes and does not use tracking tools for behavioural marketing, remarketing, or personalised advertising. Helixum does not knowingly collect data from minors, and the platform is intended exclusively for adult users.
4. Purposes of processing
Personal data is processed for the following purposes:
- Account creation and management: to register the user, create the account, and enable access to the platform.
- Provision of the contractual service: to provide access to the dashboard, Expert Advisors, the licensing system, risk management tools, the downloads area, the support area, and any other functionality included in the subscribed plan.
- Subscription and billing management: to manage subscriptions, renewals, cancellations, billing, transaction records, and any operations connected with the management of paid plans.
- Technical operation and licence enforcement: to enable the technical functioning of the Expert Advisors, verify the validity of licences, bind licences to the relevant accounts, and prevent unauthorised use of the software.
- Customer support: to manage requests, complaints, technical issues, and communications sent by the user.
- Service-related communications: to send transactional, contractual, and service-related communications, including notices concerning subscriptions, security notices, licence updates, and changes to the service. Such communications form an integral part of the service and are not promotional in nature.
- Platform security and abuse prevention: to protect the platform, prevent unauthorised access, detect fraudulent or unlawful use, preserve the integrity of the systems, and protect the rights of the Controller and other users.
- Compliance with legal obligations: to comply with obligations under applicable law, lawful requests from competent authorities, or the need to establish, exercise, or defend legal claims.
5. Lawful bases for processing
Helixum processes personal data on the basis of one or more of the following lawful bases under Article 6 of the UK GDPR:
Performance of a contract (Art. 6(1)(b)): for the creation and management of the account, the provision of the subscribed service, the management of subscriptions and billing, the enforcement of software licences, the provision of support, and the sending of service-related communications.
Compliance with a legal obligation (Art. 6(1)(c)): where processing is necessary to comply with legal, accounting, tax, or regulatory obligations, or requests from competent authorities.
Legitimate interests (Art. 6(1)(f)): for platform security, the prevention of fraud and abuse, the protection of system integrity, the enforcement of the Terms and Conditions, and the protection of the Controller's rights, subject to an appropriate balancing of the rights and freedoms of users.
Consent (Art. 6(1)(a)): where required by applicable law, for any optional processing not necessary for the performance of the contract. The user may withdraw consent at any time without affecting the lawfulness of processing carried out before such withdrawal.
6. Nature of the provision of data
The provision of personal data marked as mandatory during account registration, subscription, and use of the platform is necessary in order for Helixum to create the account, provide the service, manage the subscription, and enforce software licences. Failure to provide such data will prevent the user from registering, subscribing, or accessing the service.
7. Methods of processing
Personal data is processed by electronic means and, where necessary, with organisational measures suitable to ensure its security, confidentiality, integrity, and availability. Access to the data is restricted to authorised personnel and processors who need access for purposes strictly connected with the provision of the service or the technical and administrative management of the platform. Passwords are stored exclusively in encrypted form, and Helixum adopts appropriate technical and organisational security measures to protect personal data against unauthorised access, loss, alteration, or destruction.
8. Data retention
Helixum retains personal data only for as long as is strictly necessary to achieve the purposes for which it was collected. In particular:
- Account and service data: retained for the entire duration of the account and subscription, and for a reasonable period thereafter in order to allow account reactivation, manage disputes, and protect the Controller's rights.
- Subscription, billing, and accounting data: retained for the period required by applicable accounting, tax, and legal obligations.
- Support and communication data: retained for the time necessary to manage the request and for a reasonable period thereafter for evidential purposes and service quality purposes.
- Technical and security data: retained for the period strictly necessary to ensure security, prevent abuse, ensure technical continuity, and protect the Controller's rights.
At the end of the relevant retention periods, personal data will be deleted, anonymised, or retained only to the extent necessary to comply with legal obligations or to establish, exercise, or defend legal claims.
9. Recipients of the data
Personal data may be processed, within the limits of the purposes indicated, by:
- personnel and collaborators of DS TECHNOLOGY Ltd duly authorised to do so;
- providers of technical and organisational services (hosting providers, payment processors, transactional email tools, cloud infrastructure, security services), acting as data processors on behalf of Helixum under appropriate agreements, strictly to the extent necessary for the provision of the service and without any authorisation to use the data for their own purposes;
- legal, tax, technical, or administrative advisers, to the extent strictly necessary;
- public authorities or other entitled parties, where required by applicable law.
Personal data is not sold, transferred, or publicly disclosed.
10. International transfers
Personal data is processed primarily in the United Kingdom. Where Helixum uses service providers or infrastructure located outside the United Kingdom, any transfers will be carried out in accordance with UK data protection law and on the basis of appropriate safeguards under Chapter V of the UK GDPR, including UK adequacy regulations or the UK International Data Transfer Agreement (IDTA), where required.
11. Cookies and similar technologies
Helixum uses only strictly necessary cookies and technical technologies required for the operation of the platform, user authentication, session management, security, protection against unauthorised access, and the proper delivery of the essential functions of the service. Such tools are indispensable for the use of the platform and, by their technical nature, do not require the user's consent under applicable law.
Helixum does not use profiling cookies, marketing cookies, remarketing cookies, advertising pixels, personalised advertising tools, or cross-site tracking technologies for promotional or behavioural analysis purposes.
Users' personal data is processed exclusively for the service provision purposes set out in this Policy and is in no way transferred, sold, shared, or made available to third-party platforms for marketing, advertising, profiling, or behavioural analysis purposes, including in aggregated form for such purposes. Any use of third-party technical providers takes place exclusively for the technical, operational, and security needs of the platform, within the limits of section 9, and such providers act as data processors on behalf of Helixum, without any authorisation to use the data for their own purposes.
12. Automated decision-making
Helixum does not carry out automated decision-making, including profiling, that produces legal effects concerning the user or similarly significantly affects the user within the meaning of Article 22 of the UK GDPR.
13. User rights
Within the limits provided by applicable law, the user may exercise the following rights:
- the right to access their personal data;
- the right to rectify inaccurate or incomplete data;
- the right to erasure of data, where applicable;
- the right to restriction of processing, where applicable;
- the right to object to processing in the cases provided by law;
- the right to withdraw consent at any time, where processing is based on consent;
- the right to data portability, where applicable;
- the right to lodge a complaint with the competent supervisory authority.
The exercise of these rights is subject to the conditions and limits laid down by the UK GDPR and applicable law.
14. How to exercise your rights
To exercise your rights or submit any request relating to the processing of personal data, you may contact Helixum at:
Requests should state in the subject line: "Privacy request – Helixum". Helixum will respond to requests within the time limits provided by applicable law.
15. Right to lodge a complaint with the ICO
If the user believes that the processing of their personal data breaches applicable data protection law, they have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority competent in data protection matters, whose contact details are available at https://ico.org.uk, or with the competent supervisory authority in their country of residence, where applicable.
16. Changes to this Policy
Helixum may update this Privacy Policy from time to time for legal, regulatory, technical, operational, or organisational reasons. The most recent version will always be available on this page and will indicate the date of the latest update. Continued use of the platform following publication of an updated version constitutes acknowledgement of the updated Policy, without prejudice to any further consent that may be required by applicable law.