Back to home

GDPR Compliance

Last updated: January 1, 2025

Berry Nova is committed to protecting your personal data and complying with the European Union General Data Protection Regulation (GDPR).

1. Legal Basis for Processing

We process your personal data under the following legal bases:

(a) Consent: When you have given us explicit permission

(b) Contract performance: To provide services you have requested

(c) Legitimate interest: To improve our services and communicate with you

(d) Legal compliance: When law requires us to process your data

2. Your Rights under GDPR

Under GDPR, you have the following rights:

• Right of access: Request a copy of your personal data

• Right of rectification: Correct inaccurate or incomplete data

• Right of erasure: Request deletion of your data

• Right of restriction: Restrict how we use your data

• Right of portability: Receive your data in structured format

• Right to object: Object to certain types of processing

• Rights related to automated decisions: Not be subject to decisions based solely on automated processing

3. How to Exercise Your Rights

To exercise any of these rights, you can:

• Send an email to: privacy@berrynova.com

• Use the data request form in your account dashboard

• Contact our Data Protection Officer

We will respond to your request within one month. In complex cases, we may extend this period by two additional months, notifying you of the extension.

4. Data Protection by Design

We implement the principle of "privacy by design and by default":

• Data minimization: We only collect necessary data

• Purpose limitation: We use data only for specified purposes

• Storage limitation: We retain data only as long as necessary

• Integrity and confidentiality: We protect data with appropriate security measures

• Transparency: We clearly inform about our data practices

5. International Transfers

When we transfer data outside the European Economic Area (EEA), we ensure adequate protection through:

• Standard contractual clauses approved by the European Commission

• Privacy Shield certifications (when applicable)

• Technical and organizational security measures

• Data transfer impact assessments

6. Data Breaches

In case of a data breach that poses a risk to your rights and freedoms:

• We will notify the supervisory authority within 72 hours

• We will notify you directly without undue delay

• We will provide information about the nature of the breach

• We will describe measures taken to mitigate impact

• We will offer advice on steps you can take

7. Data Protection Impact Assessments

We conduct Data Protection Impact Assessments (DPIA) for processing operations that may pose high risk to your rights and freedoms. These assessments help us identify and mitigate privacy risks.

8. Data Protection Officer

We have appointed a Data Protection Officer (DPO) who oversees our GDPR compliance. You can contact our DPO at:

Email: dpo@berrynova.com

Address: Berry Nova, Data Protection Department

9. Right to Lodge a Complaint

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with your local data protection authority. You can also contact us directly to resolve any issues.

10. Compliance Updates

We continuously review and update our data protection practices to maintain compliance with GDPR and other applicable privacy laws. Any significant changes will be communicated to our users.