GDPR Compliance
Last updated: January 1, 2025
Berry Nova is committed to protecting your personal data and complying with the European Union General Data Protection Regulation (GDPR).
1. Legal Basis for Processing
We process your personal data under the following legal bases:
(a) Consent: When you have given us explicit permission
(b) Contract performance: To provide services you have requested
(c) Legitimate interest: To improve our services and communicate with you
(d) Legal compliance: When law requires us to process your data
2. Your Rights under GDPR
Under GDPR, you have the following rights:
• Right of access: Request a copy of your personal data
• Right of rectification: Correct inaccurate or incomplete data
• Right of erasure: Request deletion of your data
• Right of restriction: Restrict how we use your data
• Right of portability: Receive your data in structured format
• Right to object: Object to certain types of processing
• Rights related to automated decisions: Not be subject to decisions based solely on automated processing
3. How to Exercise Your Rights
To exercise any of these rights, you can:
• Send an email to: privacy@berrynova.com
• Use the data request form in your account dashboard
• Contact our Data Protection Officer
We will respond to your request within one month. In complex cases, we may extend this period by two additional months, notifying you of the extension.
4. Data Protection by Design
We implement the principle of "privacy by design and by default":
• Data minimization: We only collect necessary data
• Purpose limitation: We use data only for specified purposes
• Storage limitation: We retain data only as long as necessary
• Integrity and confidentiality: We protect data with appropriate security measures
• Transparency: We clearly inform about our data practices
5. International Transfers
When we transfer data outside the European Economic Area (EEA), we ensure adequate protection through:
• Standard contractual clauses approved by the European Commission
• Privacy Shield certifications (when applicable)
• Technical and organizational security measures
• Data transfer impact assessments
6. Data Breaches
In case of a data breach that poses a risk to your rights and freedoms:
• We will notify the supervisory authority within 72 hours
• We will notify you directly without undue delay
• We will provide information about the nature of the breach
• We will describe measures taken to mitigate impact
• We will offer advice on steps you can take
7. Data Protection Impact Assessments
We conduct Data Protection Impact Assessments (DPIA) for processing operations that may pose high risk to your rights and freedoms. These assessments help us identify and mitigate privacy risks.
8. Data Protection Officer
We have appointed a Data Protection Officer (DPO) who oversees our GDPR compliance. You can contact our DPO at:
Email: dpo@berrynova.com
Address: Berry Nova, Data Protection Department
9. Right to Lodge a Complaint
If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with your local data protection authority. You can also contact us directly to resolve any issues.
10. Compliance Updates
We continuously review and update our data protection practices to maintain compliance with GDPR and other applicable privacy laws. Any significant changes will be communicated to our users.
