DE

4:34:41 PM

Get in touch

DE

4:34:41 PM

Get in touch

Get in touch

General Data Protection Regulation

Compliance, Trust, and Accountability.

1. Legal Basis for Processing

We process personal data only when we have a lawful basis to do so, primarily:

  • Contractual Necessity: Processing data necessary for the performance of a contract with the Client (e.g., project management, service delivery, billing).

  • Legitimate Interests: Processing necessary for our legitimate business interests, provided such interests do not override the fundamental rights and freedoms of the data subject (e.g., fraud prevention, service improvement, internal analytics).

  • Consent: When the data subject has explicitly given consent for specific purposes (e.g., marketing communications).

  • Legal Obligation: Processing necessary for compliance with a legal obligation (e.g., tax and accounting requirements).

2. Data Subject Rights

  • Right of Access (Article 15): The right to obtain confirmation as to whether or not personal data concerning them is being processed, and access to that data.

  • Right to Rectification (Article 16): The right to have inaccurate or incomplete personal data corrected.

  • Right to Erasure ('Right to be Forgotten') (Article 17): The right to request the deletion of personal data under certain conditions.

  • Right to Restriction of Processing (Article 18): The right to limit the way we use their personal data.

  • Right to Data Portability (Article 20): The right to receive their personal data in a structured, commonly used, and machine-readable format.

  • Right to Object (Article 21): The right to object to the processing of personal data for direct marketing purposes or based on legitimate interests.

  • Right to Withdraw Consent: Where processing is based on consent, the right to withdraw that consent at any time.

3. Data Protection Measures

Blesyum implements robust data protection measures to ensure data confidentiality, integrity, and availability:

  • Security: Utilizing encryption, secure access controls, and regular system audits.

  • Data Minimisation: Collecting only the data strictly necessary for the purpose of the service.

  • Data Processing Agreements (DPAs): Establishing formal Data Processing Agreements with Clients where Blesyum acts as a Data Processor.

  • Third-Party Transfer: Any transfer of personal data outside the EU/EEA is conducted using appropriate safeguards, such as Standard Contractual Clauses (SCCs).

4. Data Processor Obligations

When Blesyum acts as a Data Processor on behalf of a Client (Data Controller), we commit to:

  • Process personal data only on the documented instructions of the Client.

  • Assist the Client in meeting their obligations regarding data subject rights (Section 3).

  • Ensure that all personnel authorized to process personal data are committed to confidentiality.

  • Notify the Client promptly upon becoming aware of a personal data breach.

5. Contact

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us:


✉️ info@blesyum.com
📞
📍 8 The Green, Suite 18920 Dover, DE, 19901, USA.

Last Update: 11/12/2025