GDPR Compliance Policy
Last updated: October 09, 2024
At Breetion, we take the protection of your personal data seriously and comply with the General Data Protection Regulation (GDPR). This policy outlines how we manage the personal data we collect, the rights you have as a user, and how we handle any security breaches. By using our services, you agree to the terms outlined in this policy.
The app used for assuring the GDPR, LGPD, CCPA-CPRA, VCDPA, CPA, CTDPA, UCPA, APPI, PIPEDA compliance of this site, collects your IP and the email address in order to process the data.
1. Data Controller
The data controller responsible for your personal information is:
Dilan Esteban Simpampa Eribo
While Breetion does not have a designated Data Protection Officer (DPO), we are committed to ensuring compliance with the GDPR and other applicable data protection laws.
2. Your GDPR Rights
As a user, you have the following rights under the GDPR:
Right of Access: You have the right to request access to your personal data and to obtain information on how we process your data.
Right to Rectification: You can request corrections to any inaccurate or incomplete data we hold about you.
Right to Erasure ("Right to be Forgotten"): You can request the deletion of your data, subject to legal and contractual obligations.
Right to Restriction of Processing: You can request that we limit the processing of your data in certain situations.
Right to Data Portability: You can request that we transfer your data to another organization in a structured, commonly used, and machine-readable format.
Right to Object: You can object to the processing of your personal data, particularly for direct marketing purposes.
2.1 How to Exercise Your Rights
To exercise any of these rights, you must submit a formal request by email to support@breetion.com. We require you to provide proof of identity, such as a government-issued ID, to ensure that we are responding to the correct individual and protecting the privacy of others.
Once we receive and verify your request, we will process it within 30 days. If we are unable to fulfill your request within this timeframe due to the complexity of the request or the volume of requests, we will notify you and extend the response period as permitted under the GDPR.
In certain cases, where the request is manifestly unfounded or excessive, we reserve the right to charge a reasonable fee to cover administrative costs or to refuse the request.
3. International Data Transfers
As Breetion works with international third-party service providers such as Shopify, Alidrop, CJdropshipping, and Zendrop, some of your data may be transferred and processed outside of the European Economic Area (EEA).
We ensure that these transfers are conducted in accordance with the GDPR, using appropriate safeguards, such as:
Standard Contractual Clauses (SCCs): Shopify and other providers use SCCs, as required by the European Commission, to ensure that your personal data is protected when transferred outside the EEA.
Data Processing Agreements: We have agreements in place with all third-party providers to ensure compliance with data protection regulations, including provisions that address the security of your data.
3.1 Provider Compliance with GDPR
Shopify: Shopify is fully compliant with the GDPR and uses Standard Contractual Clauses for transfers of personal data outside the EEA. Shopify also offers a detailed Data Processing Addendum for merchants using its platform, which includes mechanisms for ensuring the security and protection of personal data.
Alidrop/Aliexpress: Aliexpress complies with applicable data protection regulations, but due to the nature of their operations in China, they may transfer data outside the EEA. They have implemented SCCs to ensure compliance with GDPR requirements.
CJdropshipping: CJdropshipping confirms that they comply with GDPR and use SCCs to ensure that personal data transferred outside the EEA is adequately protected.
Zendrop: Zendrop states that it is committed to complying with GDPR and follows similar measures, using SCCs and adhering to data privacy frameworks to ensure the protection of personal data when transferred internationally.
4. Security Breach Response
We take the security of your personal data seriously. While we implement reasonable technical and organizational measures to protect your data, in the event of a data breach, we follow the procedures outlined below to comply with the GDPR’s 72-hour notification requirement:
4.1 What Constitutes a Data Breach
A data breach refers to any event that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access to personal data.
4.2 Notification Procedure
In the event of a data breach that poses a risk to the rights and freedoms of individuals, we will:
Notify the relevant supervisory authority (such as the ICO in the UK) within 72 hours of becoming aware of the breach.
Notify affected individuals without undue delay if the breach is likely to result in a high risk to their rights and freedoms. We will provide clear information about the nature of the breach, the potential impact, and the steps being taken to mitigate it.
Investigate the cause of the breach and implement measures to prevent future breaches.
5. Data Retention
We retain your personal data only for as long as is necessary to fulfill the purposes for which it was collected or to comply with legal and regulatory requirements. Once the retention period has expired, we will securely delete or anonymize your data.
6. Modifications to this Compliance
We reserve the right to update and modify this GDPR Compliance as necessary. Any changes will be posted on this page and will take effect immediately upon posting.
7. Contact Information
If you have any questions or concerns about our use of cookies, please contact us at:
Email: support@breetion.com
Website: www.breetion.com