At Fluincy, we are committed to safeguarding the privacy and security of personal data in compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679. Our GDPR commitment is centered on transparency, accountability, and the protection of the rights of individuals.
‍
1. Lawful Basis for Processing
We only process personal data where we have a lawful basis to do so. This may include the necessity to process data for the performance of a contract, compliance with a legal obligation, consent, or legitimate interests pursued by Fluincy or a third party.
‍
2. Data Minimization
We adhere to the principle of data minimization, ensuring that we collect and process only the data necessary for the purposes specified. We continuously review our data collection processes to ensure they are in line with GDPR requirements.
‍
3. User Rights
Under GDPR, users have the following rights:

Right to Access: Users can request access to their personal data that we process.
Right to Rectification: Users can request correction of any inaccurate or incomplete personal data.
Right to Erasure (Right to be Forgotten): Users can request the deletion of their personal data where there is no compelling reason for its continued processing.
Right to Restrict Processing: Users can request the restriction of processing of their personal data under certain conditions.
Right to Data Portability: Users can request the transfer of their personal data to another service provider in a structured, commonly used, and machine-readable format.
Right to Object: Users can object to the processing of their personal data in certain circumstances.

We are committed to facilitating the exercise of these rights in compliance with GDPR and will respond to such requests within the timeframes required by law.

4. Data Security
We have implemented robust security measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. These measures include encryption, access controls, and regular security audits to ensure the ongoing integrity and confidentiality of personal data.

5. Data Transfers
When transferring personal data outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place to protect the data. This may include the use of Standard Contractual Clauses (SCCs) or ensuring that the transfer is covered by an adequacy decision from the European Commission.

6. Data Breach Notification
In the event of a personal data breach, we are committed to notifying the relevant supervisory authority without undue delay and, where feasible, within 72 hours. If the breach is likely to result in a high risk to the rights and freedoms of individuals, we will also inform the affected individuals promptly.

7. Data Protection Impact Assessments (DPIAs)
Where applicable, we conduct Data Protection Impact Assessments (DPIAs) to identify and mitigate risks associated with the processing of personal data. This ensures that our data processing activities comply with GDPR and protect the privacy of individuals.

8. Third-Party Processors
We ensure that all third-party processors handling personal data on our behalf comply with GDPR requirements. We have data processing agreements in place with these third parties to ensure they provide adequate safeguards for the protection of personal data.

9. Contact Information
If you have any questions or concerns about our GDPR practices or wish to exercise your rights under GDPR, please contact our Data Protection Officer (DPO) at:

Email: jessie@getfluincy.com Address: 651 N Broad St, Suite 201, Middletown DE 19709 Phone: (303) 946-6272
‍
We are committed to ensuring that your personal data is handled in compliance with GDPR and will continue to review and update our practices to meet evolving legal requirements.