HydraBlack Elite Ecosystem — https://hydrablack.com
Effective Date: March 06, 2026 | Last Updated: March 06, 2026
⚠ Scope: This GDPR Policy applies to all users located in the European Economic Area (EEA), the United Kingdom (UK), and Switzerland. It supplements our Privacy Policy and provides additional information about your rights under the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the UK GDPR.
For the purposes of the GDPR, the Data Controller responsible for your personal data is:
HydraBlack Elite Ecosystem
🌐 Website: https://hydrablack.com
✉ Data Protection Email: [email protected]
Subject Line: “GDPR Request”
As a Data Controller, we determine the purposes and means of processing your personal data. We are committed to protecting your personal data in compliance with the GDPR and related data protection legislation.
Under the GDPR, “personal data” means any information relating to an identified or identifiable natural person (“data subject”). We process the following categories of personal data:
| Data Category | Examples | Source |
|---|---|---|
| Identity Data | First name, last name, username | Provided by you |
| Contact Data | Email address, billing address, country | Provided by you |
| Account Data | Password (hashed), account preferences, API keys (hashed) | Provided by you |
| Transaction Data | Purchase history, order amounts, license keys, download records | Generated through use / Paddle |
| Technical Data | IP address, browser type, operating system, device type, screen resolution | Automatically collected |
| Usage Data | Pages visited, time on site, click patterns, search queries, referral URLs | Automatically collected |
| Profile Data | Avatar, biography, social links, portfolio items (sellers) | Provided by you |
| Communication Data | Messages, support tickets, comments, reviews | Provided by you |
| KYC / Verification Data | Government-issued ID (if required for seller verification) | Provided by you |
| Location Data | Approximate geographic location (derived from IP address) | Automatically collected |
⚠ Sensitive Data: We do not intentionally collect any special categories of personal data (as defined in Article 9 of the GDPR), such as racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, biometric data, health data, or data concerning a person’s sex life or sexual orientation.
Under the GDPR, we must have a valid legal basis for processing your personal data. Below we detail each legal basis and the specific processing activities it covers:
Processing that is necessary to perform our contract with you or to take steps at your request before entering into a contract:
Processing that is necessary for our legitimate interests, provided those interests are not overridden by your fundamental rights and freedoms:
Legitimate Interest Assessment (LIA): For each processing activity based on legitimate interests, we have conducted a balancing test to ensure our interests do not override your rights. You have the right to object to processing based on legitimate interests (see Section 8).
