← Back to Home

GDPR Compliance Policy

Last updated: December 26, 2024

🇪🇺 For European Union Residents

This policy outlines how HealthSphere USA complies with the General Data Protection Regulation (GDPR) for residents of the European Union and European Economic Area.

1. Introduction

HealthSphere USA is committed to protecting your privacy and ensuring compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"). This policy explains how we collect, use, and protect your personal data in accordance with GDPR requirements.

2. Data Controller Information

Data Controller: HealthSphere USA

Contact Email: info@healthsphereusa.shop

Subject Line for GDPR Inquiries: GDPR Data Request

3. Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Consent: When you provide explicit consent for specific processing activities
  • Legitimate Interest: For website analytics and security purposes
  • Legal Obligation: When required by law to process your data
  • Contract Performance: When necessary to respond to your inquiries

4. Personal Data We Collect

Data You Provide Directly

  • Email address when contacting us
  • Name (if provided in communications)
  • Message content and inquiries
  • Any other information you choose to share

Data Collected Automatically

  • IP address (anonymized when possible)
  • Browser type and version
  • Operating system
  • Pages visited and time spent
  • Referring website information
  • Date and time of access

5. How We Use Your Personal Data

We use your personal data for the following purposes:

  • Responding to your inquiries and providing information
  • Improving our website and user experience
  • Ensuring website security and preventing fraud
  • Analyzing website usage (with anonymized data)
  • Complying with legal obligations

6. Your GDPR Rights

Under the GDPR, you have the following rights regarding your personal data:

Right Description
Right of Access Request copies of your personal data
Right to Rectification Request correction of inaccurate data
Right to Erasure Request deletion of your personal data
Right to Restrict Processing Limit how we use your data
Right to Data Portability Receive your data in a portable format
Right to Object Object to certain types of processing
Right to Withdraw Consent Remove consent for data processing

7. How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us at:

Email: info@healthsphereusa.shop

Subject: GDPR Data Request

Request Process

When submitting a request, please include:

  • Your full name and email address
  • Specific right you wish to exercise
  • Detailed description of your request
  • Verification of your identity (if required)

We will respond to your request within 30 days, as required by GDPR.

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy:

  • Contact Information: Until you request deletion or 3 years of inactivity
  • Website Analytics: Maximum of 26 months (anonymized)
  • Security Logs: Maximum of 12 months
  • Legal Requirements: As required by applicable law

9. Data Transfers

As a US-based organization, your data may be transferred to and processed in the United States. We ensure appropriate safeguards are in place for international transfers:

  • Standard Contractual Clauses (SCCs) when applicable
  • Adequacy decisions by the European Commission
  • Other legally recognized transfer mechanisms

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

  • Encryption of data in transit and at rest
  • Regular security assessments and updates
  • Access controls and authentication measures
  • Staff training on data protection
  • Incident response procedures

11. Data Breach Notification

In the event of a personal data breach that poses a high risk to your rights and freedoms, we will:

  • Notify the relevant supervisory authority within 72 hours
  • Inform affected individuals without undue delay
  • Provide clear information about the breach and steps taken
  • Offer guidance on protective measures you can take

12. Cookies and Tracking

Our website may use cookies and similar technologies. Under GDPR:

  • We obtain consent for non-essential cookies
  • You can withdraw consent at any time
  • We provide clear information about cookie purposes
  • You can manage cookie preferences through your browser

13. Children's Data

We do not knowingly collect personal data from children under 16 years of age. If we become aware that we have collected such data, we will delete it promptly.

14. Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe your data protection rights have been violated. You can contact:

  • Your local EU data protection authority
  • The supervisory authority in your country of residence
  • The authority where the alleged violation occurred

15. Updates to This Policy

We may update this GDPR policy to reflect changes in our practices or legal requirements. We will notify you of material changes through:

  • Website notification
  • Email notification (if we have your email)
  • Updated effective date on this page

16. Contact Information

For any GDPR-related questions or requests, please contact us at:

Email: info@healthsphereusa.shop

Subject: GDPR Inquiry

Response Time: Within 30 days as required by GDPR

17. Effective Date

This GDPR policy is effective as of December 26, 2024, and applies to all personal data processing activities covered by the GDPR.