GDPR
This document outlines BRILU’s compliance with relevant European regulations, including GDPR, AI Act, Digital Services Act (DSA), and other key legal frameworks governing AI-powered services.
1. GDPR Compliance Statement
1.1 Overview
BRILU is committed to full compliance with the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679), ensuring user data protection, transparency, and legal processing of personal information.
1.2 Key GDPR Principles Followed by BRILU
- Lawfulness, Fairness, and Transparency – Users are informed of data collection and processing activities.
- Purpose Limitation – Data is collected only for specific, legitimate purposes.
- Data Minimization – Only necessary data is processed.
- Accuracy – Data is kept accurate and up to date.
- Storage Limitation – Personal data is retained only as long as necessary.
- Integrity and Confidentiality – Security measures are applied to protect data.
1.3 Data Subject Rights
BRILU ensures that individuals can exercise their rights under GDPR, including:
- Right to Access – Users can request access to their personal data.
- Right to Rectification – Users can correct inaccurate data.
- Right to Erasure (Right to be Forgotten) – Users can request deletion of their data.
- Right to Data Portability – Users can request data transfer in a structured format.
- Right to Object – Users can object to data processing.
- Right to Restriction of Processing – Users can request limitations on how their data is used.
1.4 Data Protection Impact Assessments (DPIA)
BRILU conducts DPIAs for high-risk processing activities to assess and mitigate risks.
1.5 Data Retention Policy
BRILU only retains personal data for as long as necessary for its intended purpose, after which it is securely deleted or anonymized.
2. Data Processing Agreement (DPA)
2.1 Overview
BRILU acts as a data processor when processing data on behalf of clients. To ensure compliance, BRILU signs a Data Processing Agreement (DPA) with clients acting as data controllers.
2.2 Responsibilities of Data Controller vs. Data Processor
- Data Controller (Client): Determines the purposes and means of personal data processing.
- Data Processor (BRILU): Processes data only on behalf of and as instructed by the controller.
2.3 Standard Contractual Clauses (SCCs) for International Data Transfers
For data transfers outside the EU/EEA, BRILU implements SCCs to ensure compliance with GDPR standards.
3. Contact & Data Protection Officer (DPO) Information
For Data Protection Inquiries:
Email: [email protected]
BRILU is committed to ensuring compliance with all relevant EU regulations, providing secure, transparent, and ethically responsible AI-powered services.
For more details or legal inquiries, please contact our Legal & Compliance Team.