Privacy Policy

Data Privacy Statement of  HY2GO Limited

Thank you for your interest in HY2GO. To enable us to provide our services, we require some data about you. We take the protection of your personal data very seriously and will al-ways process it in accordance with the applicable data protection regulations, in particular with the EU General Data Protection Regulation. The purpose of this Data Privacy Statement is to inform you in detail about the nature, scope and purpose of the personal data processed by us and your rights as a data subject.

1. Data Controller and General Information
Your data will be processed by HY2GO Limited, ℅ Kepstorn, 7 St James Terrace,, Lochwinnoch Road, Kilmacolm, PA13 4HB, Scotland, telephone: +44 000 000 0000; email: (service provider and data controller within the meaning of the General Data Protection Regulation (GDPR). Please note that whenever we use formulations such as “we” or “us”, we are referring to HY2GO Limited. Within this document, “Website” refers to, including all sub-pages, content and functions provided therein.

Our services are provided for the general public and are not intended to be used by children. We do not knowingly collect any personal data from users classified as children under national legislation.

2. Collection and Processing of Personal Data
In general, insofar as any of the services provided by us do not require payment or registration, you can use them without providing personal information. In certain cases we will process the personal data listed in Section 3. This will generally only occur insofar as the processing of this personal data is necessary to ensure the functioning of the website or app, or to provide you with out content and services. Furthermore, we process personal data in connection with your use of the Website in circumstances where this data is provided voluntarily by you, e.g. in the context of registration, an inquiry to us, an application, the conclusion of a subscription or another legal basis (see Section 4). If you do not wish this to happen, you may be unable to use our services, or at least be restricted from accessing their full range of functions.

3. Categories of Data Processed By Us
As soon as you begin using the Website, our system automatically collects information from the system of the requesting machine. Data collected can include the following:

– Information about the browser type and version
– The operating system of the user
– Mobile Device ID
– Date and time of request
– Web analysis data / pseudonymized user profiles (cookie ID, ad ID, etc.)
– Websites from which users are referred to our website
– Websites accessed by users via our website

In addition, we process the following personal data insofar as there is a contractual relationship between you and us, or if you have transmitted the data to us in other ways:

– Personal master data (name, address, date of birth)
– Communication data (telephone number, email address)
– Contractual master data (contractual relationship, contractual or product interest, order history)
– Login data with password
– Comments, posts, etc.
– Employee data (name, address and communication data, contractual master data and accounting data, date of birth, marital status, nationality, denomination, field of activity, social insurance status, wage tax data, social data, bank details, HR administration and management data, access and access control data).

4. Legal Basis and Purpose of Processing
We process your data exclusively on the basis of one or more of the possible legal bases for data processing.

According to the GDPR, personal data may, in particular, be processed on the basis of a con-tract or for the implementation of pre-contractual measures, on the basis of your consent, on the basis of a legitimate interest or law and/or for the protection of vital or public interests.

Registration is required for the provision of certain content or services on the Website. All users can register with the Website free of charge, stating their given name, last name, email ad-dress and a password, whereby this registration data is transmitted to us. The collection and processing of this data takes place for the purpose of fulfilling the user agreement between us and the user pursuant to Art. 6.1.b GDPR.

Where you have provided an email address in the course of registration or in connection with the performance of a contract, we also use this email address to send you information about similar goods or services as well as about existing subscriptions or about HY2GO Limited in general. In this case, the processing of the email address is based on our legitimate interest in the advertising our goods and services (Article 6.1.f GDPR).

In addition, if you have issued your prior express consent for receiving a newsletter or advertising materials, we will use your email address to send you our newsletter. In this case, we will process your email address in order to be able to deliver the newsletter as per your request (Art. 6.1.b GDPR). You can object to the use of your email address by sending an email to with effect for the future and without incurring any costs other than transmission costs according to the basic tariffs. Naturally, you can unsubscribe from the newsletter at any time in your user profile or by clicking on the unsubscribe link in the newsletter itself.

On the internet, each device capable of transmitting data requires its own unique address, commonly known as an “IP address”. The (at least temporary) storage of the IP address is technically necessary to allow the website to be delivered to the user’s computer. We truncate IP addresses prior to processing them and carry out any further processing anonymously.

We offer a comment function (forum) for registered users on our website, in connection with which additional personal data is stored. The same applies to any surveys in which the user chooses to participate. If you wish to post a comment, you will need to register in order to do so. You may use a pseudonym as your “username”. We collect and process the data provided by you to enable us to publish your comment as per your request (Article 6.1.b GDPR). In particular, we require your email address to be able to contact you in case of complaints regarding your comment and to give you the opportunity to respond (Article 6.1.c GDPR).

In the case of processing activities not covered by one or more of the aforementioned legal bases, processing will take place only if it is necessary to safeguard a legitimate interest and if your interests, fundamental rights and fundamental freedoms do not override this legitimate interest in the context of a comprehensive balancing of interests (Article 6.1.f GDPR). A legitimate interest can be assumed if the data subject is a customer of the data controller. In relation to the processing of personal data, our legitimate interest consists, in particular, in conducting our business for the benefit of all of our employees and our shareholders.

Our legitimate interest in offering you tailored products, notifying you about our products, innovations and quality features and continually improving our products and services forms the legal basis for any and all processing that takes place for the purpose of big data, direct marketing (own advertising and third-party advertising), usage-based online advertising, web/app analysis and lead scoring (combining different selection criteria to determine which adverts to show). For more information on web analysis services, see our Cookie Policy.

Our legitimate interest in fraud prevention, network and information security and the reliability of our services and/or products also constitute a legal basis for the processing of certain data.

Another of our legitimate interests lies in the functionality of the business processes on the basis of which processing occurs for internal administrative purposes (e.g. address management/accounting).

When processing the personal data of data subjects covered by our reporting, we also invoke our legitimate interest in exercising freedom of expression and information.

You can object at any time to data processing that occurs on the basis of a legitimate interest (see Section 13).

In the event that the data is processed for a purpose other than that specified in connection with the original data collection, a compatibility check will be carried out in accordance with Art. 6.4 GDPR. Further processing will only be permitted if the original purpose is compatible with the new purpose or is permitted on a separate legal basis. Recognized compatible purposes include the assertion, exercise or defense of civil law claims, insofar as the interest of the data subject does not override these purposes. In such cases, we will inform you of the new purpose. If the new purpose is incompatible with the purpose cited in connection with the original data collection, collection will be re-established on a new legal basis. In this case, too, we will inform you about the change of purpose.

5. Location of Processing
We do not transfer your personal data to countries outside the United Kingdom and European Economic Area, except in cases where this is permitted under the GDPR. We have no knowledge of or influence over whether third parties with whom you have a separate contractual relationship (e.g. Facebook, if you have a Facebook account) transfer data to countries outside the United Kingdom or the European Economic Area (“EEA”).

We sometimes process data in countries outside the United Kingdom and EEA. In order to ensure the protection of your personal rights in connection with these data transfers, we use the standard contractual clauses of the EU Commission to structure our contractual relationships with recipients in third countries in accordance with Art. 46.2.c GDPR. These are available at at any time. Alternatively, you can download these documents from us using one of the con-tact methods below.

In regards to the US, the European Commission decided, by means of a decision adopted on 12 July 2016, that an appropriate level of data protection is provided under the regulations of the EU-U.S. Privacy Shield (adequacy decision, Art. 45 GDPR). For more information – including the certification of the service providers we use – please visit . We only use US service providers who are certified under the EU-US Privacy Shield scheme.

6. Origin of the Data
In certain cases, we also receive data because you have consented for it to be transmitted to us. Apps are regularly made available for download from third party sites (e.g. iTunes, Google, etc.). If, in accordance with the applicable terms of use of such a provider, HY2GO Limited becomes your contractual partner for the purchase of the app, we will process the data provided to us by the third party to the extent necessary for the fulfillment of the contract, such that you are able to download the app on a mobile device.

7. Transfer of Your Data to Third Parties
We transmit your personal data to third parties only if this transmission is necessary in order to fulfill our contractual obligations towards you and it occurs in cooperation with another provider (e.g. a partnership), if we are legally entitled or obliged to make the transfer on any other grounds, or you have issued a corresponding consent.

To enable us to provide our services, selected personal information may be shared with certain departments within our company. This includes employees in the accounting, product management, marketing and IT departments.

In certain cases, we also use external service providers or affiliates who have been contracted by us to process data on our behalf. Such service providers are contractually obligated by us to adhere to the strict requirements of the GDPR in their role as a processor and may not re-use your data for any other purpose. Our contractors provide us with the following services: subscription management, content recommendations, hosting, survey and comment service(s), maintenance and support, and web and app analytics.

The transfer of data to contract data processors takes place on the basis of Art. 28.1 GDPR or, alternatively, based on our legitimate interest in the economic and technical advantages associated with the use of specialist contract data processors pursuant to Art. 6.1.f GDPR.

Insofar as we are legally obliged to do so, or if it is permitted under data protection law, we transfer personal data to authorities, e.g. the police or the public prosecution services (Art. 6.1.c GDPR). The disclosure of this data is based on our legitimate interest in the fight against abuse, the prosecution of crimes and the securing, assertion and enforcement of claims, It may only occur if your rights and interests in the protection of your personal data do not over-ride these interests pursuant to Art. 6.1.f GDPR.

8. External Links
Our website contains links referring to third party sites. HY2GO Limited has no influence over whether or not these website operators comply with data protection regulations.

9. Duration of Storage
We store personal data for only as long as we are entitled to do so and the purpose of processing remains in place. The respective statutory retention period applies in respect of the duration of storage of personal data. Once the period has expired, and insofar as is the corresponding data is no longer required to fulfill or initiate a contract, the data will be routinely deleted.

10. Contact Data and Your Rights as a Data Subject
If you have any questions or suggestions about privacy and the exercise of your rights as a data subject, you are welcome to contact our Data Protection Officer at any time:

HY2GO Limited
℅ Kepstorn ,7 St James Terrace, Lochwinnoch Road, Kilmacolm, PA13 4HB Scotland


11. Access and Rectification

At any time, and free of charge (a maximum of once per year), you can obtain information from us about whether or not personal data about you is being processed by us. You can also request specific details about the data being stored and obtain a copy of this stored data. You have the right to correct incorrect data and to have incomplete personal data completed.

12. Deletion, Restriction and the Right to be Forgotten

You have the right to request the deletion of your personal data or the restriction of its processing. Please keep in mind that legal storage obligations exist in respect of (e.g.) paid contracts, such as the purchase of a subscription from HY2GO Limited, and that we may not be able to delete your data fully anyway. In this case, your data will be marked with the aim of restricting its future processing.

13. Data Portability

Where applicable, you also have the right to have personal information concerning you transmitted to you or another person in a structured, common and machine-readable format, provided the processing is based on your consent or on a contract and occurs in an automated fashion. Please note that this does not apply insofar as processing is not necessary for the performance of a task in the public interest or for the exercise of the official authority afforded to the controller.
You also have the right to obtain the personal data that is transmitted directly from one data controller to another, insofar as this is technically feasible and it does not affect the rights and freedoms of other persons.

14. Revocation / Objection

The consent you provide can be revoked at any time with effect for the future by contact-ing the address given earlier in this Privacy Statement. In particular, you may object to the use of your email address for the purpose of sending the newsletter at any time by sending an email to You may do this with effect for the future and without incurring any costs other than transmission costs in accordance with the basic tariffs. You also have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you that is based on a legitimate or public interest. This also applies to profiling activities based on the same provisions. We will cease the processing of personal data in the event of such an objection, unless we can establish compelling and worthwhile grounds for processing that outweigh the interests, rights and freedoms of the data subject, or unless the processing is for the purpose of asserting, exercising or defending legal claims.

Insofar we process personal data for the purpose of carrying out direct advertising, you have the right, at any time, to object to the processing of personal data for the purpose of such advertising by contacting the address given earlier in this Privacy Statement. This also applies to profiling activities, insofar as they occur in connection with direct advertising. You also have the right, for reasons arising from your particular situation, to object to the processing of personal data concerning you for scientific or historical research purposes or for statistical purposes, unless such processing is necessary to fulfill a task in the pub-lic interest.

15. Right to Complain

Further to the aforementioned right of objection, you have a right to complain to the responsible supervisory authority and to appeal a decision. The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of judicial remedy.

16.Automated Decision-Making

We do not carry out automated decision-making or profiling.