Scope & Applicability
This Agreement applies to all data processing activities performed by Elena Gelios services, including personal data collected through APIs, mobile applications, and digital platforms under GDPR Regulation (EU) 2016/679, HIPAA Standards, and California Consumer Privacy Act.
1. Data Subjects' Rights
- • Right to access personal data stored in our services
- • Right to correct inaccuracies in processed information
- • Right to delete or restrict data processing
- • Right to data portability and object to automated decisions
- • Right to be informed about data usage via our Privacy Policy
2. Data Security Requirements
We implement technical and organizational measures to protect data including:
- ✅ Industry-standard encryption for data in transit
- ✅ Multi-factor authentication for system access
- ✅ Regular security audits and penetration testing
- ✅ Data minimization and purpose limitation principles
3. Cross-Border Transfers
Where required by law, we ensure adequate safeguards for international data transfers through:
- Appropriate data protection agreements between EU/EEA and non-EU parties
- Use of EU Standard Contractual Clauses (SCCs) and equivalent mechanisms
- Binding corporate rules for affiliated entities transfers
4. Data Processing Restrictions
- We will not process personal data for purposes other than those specified
- We will retain data only for the duration necessary to fulfill processing purposes
- We will not subcontract data processing tasks without your prior written authorization
5. Termination & Data Return
- Upon termination request, all personally identifiable information will be securely deleted
- Processed datasets will be returned or destroyed within 30 business days
- All copies and backups will be permanently erased through our certified procedures