GDPR COMPLIANCE STATEMENT

Effective 03/03/2023

We welcome you to www.acubliss.app operated by DynaBliss, Inc. In the below GDPR Compliance Statement, we inform you about the scope of the processing of your personal data. This GDPR Compliance Statement sits in line with our Privacy Policy, is supplemental and applies to all European Union Citizens that are using our website and the AccuBliss platform (the “Services”). As such DynaBliss proceeds with all data processing procedures (e.g., collection, processing, and transmission) in accordance with the General Data Protection Regulation (“GDPR”). Nothing in this Statement is intended to contradict or limit the applicability of the information provided in our Privacy Policy.

The following provides you with an overview of the type of data collected and how it is used and passed on, the security measures we take to protect your data and how you can exercise your rights.

Personal data is information that makes it possible to identify a natural person. This includes in particular, your name, date of birth, address, telephone number, e-mail address, but also your IP address. Anonymous data as such only exists if no personal reference to the user can be made.

The Data Controller

In accordance with Art. 24 GDPR, the person responsible for processing of personal data when using our Services is:

DynaBliss, Inc.
2226 MacArthur Blvd, #27505,
Oakland, California 94602, USA

Web: www.acubliss.app
E-Mail: privacy@dynabliss.com

Categories of data subjects and types of data processed
1. During the course of using our services, we process the following types of data from visitors and users:
  1. inventory data (e.g., names, addresses),
  2. contact data (e.g., e-mail, telephone numbers),
  3. content data (e.g., text entries, messages, testimonials),
  4. usage data (e.g., web pages visited, interest in content, access times), and
  5. meta/communication data (e.g., device information, IP addresses).
Purpose of the processing
1. The Purpose of processing personal data are:
  1. provision of the services, its functions, and contents,
  2. responding to contact requests and communicating with users,
  3. security measures, and
  4. reach measurement/marketing.
Relevant legal basis
1. The following legal basis, unless specifically described below apply to the processing of your personal data:
  1. the legal basis for obtaining consent is art. 6(1)(a) and art. 7 GDPR,
  2. the legal basis for processing in order to fulfil our services and carry out contractual measures and respond to enquiries is art. 6(1)(b) GDPR,
  3. the legal basis for processing in order to fulfil our legal obligations is art. 6(1)(c) GDPR, and
  4. the legal basis for processing in order to protect our legitimate interests is art. 6(1)(f) GDPR.
Security of your personal data
1. We take appropriate technical and organizational measures in accordance with Art. 32 GDPR, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.
2. The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access to, input, disclosure, ensuring availability and segregation of the data. We also have procedures in place to ensure the exercise of data subjects' rights, deletion of data and response to data compromise. Furthermore, we already take the protection of personal data into account during the development and selection of hardware, software and procedures, in accordance with the principle of data protection through technology design and through data protection-friendly default settings (Art. 25 GDPR).
Cooperation with processors and third parties
1. If, in the course of our processing, we disclose data to other persons and companies (Amazon AWS), transmit it to them or otherwise grant them access to the data, this will only be done on the basis of a legal permission (e.g. if a transmission of the data to third parties is necessary for the performance of the contract, you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.). If we commission third parties to process data on the basis of a so-called "order processing agreement", this is done on the basis of Art. 28 GDPR.
Transfers to third countries
1. Our main operations are based in the USA and your personal data is generally processed, stored and used within in the USA. In some instances, your personal data may be processed outside the USA. If and when this is the case, we take steps to ensure there is an appropriate level of security, so your personal data is protected in the same way as if it was being used within the USA.
Your rights
1. These rights are standardized in the GDPR. This includes:
  1. the right to information (Art. 15 GDPR),
  2. the right to rectification (Article 16 GDPR),
  3. the right to erasure (Article 17 GDPR),
  4. the right to restriction of data processing (Article 18 GDPR),
  5. the right to data portability (Article 20 GDPR),
  6. the right to object to data processing (Article 21 GDPR),
  7. the right to revoke any consent you have given (Art. 7 (3) GDPR), and
  8. the right to lodge a complaint with the competent supervisory authority (Art. 77 GDPR).
2. Please contact us at any time with questions and suggestions regarding data protection and to enforce your rights as a data subject.
Cookies
1. "Cookies" are small files that are stored on your device. Different information can be stored within the cookies. We may use temporary and permanent cookies and will explain this in our Cookie Policy. The legal basis for the use of cookies is either your consent or our legitimate interest.
Deletion of data
1. The data processed by us will be deleted or its processing restricted in accordance with Articles 17 and 18 GDPR. Unless expressly stated in this data protection declaration, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. I.e., the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law.
Business-related processing
1. In addition, we process:
  1. Contract data (e.g., subject matter of the contract, term, category of customer), and
  2. Payment data (e.g., bank details, payment history).
2. of our customers, prospective customers for the purpose of providing contractual services, service and customer care, marketing, advertising, and market research.
Contractual services
1. We collect, process, and use the information you provide in the context of your order for the purpose of executing the contract this may include personal data and non- personal data, in particular your name, billing address and e-mail address, as well as information on the type of payment method you have chosen.
2. If you are a patient, then in addition to demographic information, we will collect information regarding your health conditions, medications, medical appointments, insurance provider, communications between you and your healthcare provider, and any other healthcare information you may self-report through the AcuBliss Platform.
3. We store the information you provide for the period of processing and handling the purchased services. Afterwards, your data will be deleted. Data that we are required to store due to legal, statutory, or contractual retention obligations will be blocked instead of being deleted to prevent it being used for other purposes. The processing of the data serves the fulfillment of the contract with you.
4. Please note when using our services, you become the data controller and we become the data processor in accordance with Art. 29 of the GDPR, for further information please refer to our Data Processing Addendum.
Administration, financial accounting, office organization, contact management
1. We process data within the scope of administrative tasks as well as organization of our business, financial accounting, and compliance with legal obligations, such as archiving.
2. In doing so, we process the same data that we process in the context of providing our contractual services. The purpose and our interest in the processing lies in the administration, financial accounting, office organization, archiving of data, i.e., tasks that serve the maintenance of our business activities, performance of our tasks and provision of our services.
3. The deletion of data with regard to contractual services and contractual communication corresponds to the information mentioned in these processing activities.
4. In this context, we disclose or transmit data to the tax authorities, consultants such as tax advisors or auditors as well as other fee offices and payment service providers.
5. Furthermore, we store information on suppliers and other business partners on the basis of our business interests, e.g., for the purpose of contacting them at a later date. This data, most of which is company-related, is stored permanently.
Contact
1. When contacting us (e.g., via e-mail or social media), the user's details are processed for the purpose of handling the request and its processing. The user's details may be stored in a customer relationship management system or comparable enquiry organization. We delete the enquiries if they are no longer necessary. We review the necessity every two years; furthermore, the legal archiving obligations apply.
Data Breaches/Notification
1. Databases or data sets that include Personal Data may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach, we will notify all affected individuals whose Personal Data may have been compromised, and the notice will be accompanied by a description of action being taken to reconcile any damage as a result of the data breach. Notices will be provided as expeditiously as possible after which the breach was discovered.
Children’s Privacy
1. Our services are restricted to users who are 18 years of age or older. We do not knowingly collect personal data from anyone under the age of 18. If you suspect that a user is under the age of 18, please contact us.
Does this Compliance Statement change?
1. We may from time to time update our GDPR Compliance Statement, to reflect a change in the law, in our business practices or the cookies we use.
Who should I contact for more information?
1. If you have any questions or comments about our GDPR Compliance Statement or wish to exercise your rights, please contact us using the following contact details:

DynaBliss, Inc.
2226 MacArthur Blvd, #27505,
Oakland, California 94602, USA

Web: www.acubliss.app
E-Mail: privacy@dynabliss.com

This GDPR Compliance Statement was last updated on Friday, March 03, 2023

Return to policies overview