GDRP Policy

REUZEit Data Protection & Privacy Policy

Effective Date: January 1, 2024

  1. Purpose

    The REUZEit Group (“REUZEit,” “we,” “our,” or “us”) is committed to protecting the privacy and personal data entrusted to us. This policy sets out how we collect, use, store, and protect personal data in compliance with:

    • European Union GDPR
    • UK GDPR and Data Protection Act 2018
    • United States privacy laws, including CCPA/CPRA, VCDPA, CPA, CTDPA, UCPA, TDPSA, and OCPA

    This policy applies to all employees, contractors, and third parties working with REUZEit, and covers all personal data provided in connection with purchasing, service requests, or other business activities.

  2. Scope

    This policy applies to:

    • REUZEit, Inc. – 28381 Vincent Moraga Dr., Temecula, CA 92590, USA
    • REUZEit, BV – Coenecoop 630, 2741 PV Waddinxveen, Netherlands
    • REUZEit UK and Ireland, Ltd. – Ashley Farm, Bottle Lane, Bracknell RG42, United Kingdom

    It governs all personal data processed, stored, or transmitted by REUZEit Group entities.

  3. Data Controllers & Privacy Contact

    Privacy Contact:

    Yordi van den Bulk
    EMEA Operations Manager

    It governs all personal data processed, stored, or transmitted by REUZEit Group entities.

  4. Types of Personal Data Collected

    We may collect:

    • Contact information (name, email, phone)
    • Business details (company, billing/shipping address, job title)
    • Purchase or service request information
    • Financial/payment details (processed via secure providers)
    • Technical information (IP address, browser, system logs)

    Sensitive data (e.g., health, biometric, geolocation, racial or ethnic data) is collected only with explicit consent or as legally required.

    Children’s data: We do not knowingly collect data from children under 16 without parental/guardian consent.

  5. Purpose & Legal Basis for Processing

    We process personal data for the following lawful purposes:

    • Contract performance: To fulfill service or purchasing requests
    • Legal obligation: Compliance with accounting, tax, or regulatory requirements
    • Legitimate interests: Business operations, security, and service improvement
    • Consent: Where required, including marketing, profiling, or sensitive data

  6. Data Subject Rights

    Individuals have the following rights:

    Right Applicable Law How to Exercise
    Access personal data GDPR / UK GDPR / U.S. states Contact Privacy
    Contact
    Correct or update data GDPR / UK GDPR / U.S. states Contact Privacy
    Contact
    Delete data (“right to be forgotten”) GDPR / UK GDPR / U.S. states Contact Privacy
    Contact
    Restrict or object to processing GDPR / UK GDPR / U.S. states Contact Privacy
    Contact
    Data portability GDPR / UK GDPR Contact Privacy
    Contact
    Opt out of targeted advertising or profiling CCPA/CPRA, VCDPA, CPA, CTDPA, UCPA, TDPSA, OCPA Contact Privacy
    Contact
    Opt out of sale or sharing of personal data CCPA/CPRA, VCDPA, CPA, CTDPA, UCPA, TDPSA, OCPA Contact Privacy
    Contact
    Appeal denied requests U.S. state laws Contact Privacy
    Contact

    We will not discriminate against individuals for exercising their privacy rights.

  7. Data Retention

    REUZEit retains personal data according to its Document Retention Policy, which ensures records are preserved indefinitely to maintain compliance, accountability, and operational integrity.

  8. Data Sharing & Transfers

    • Data may be shared with trusted service providers strictly for business purposes.
    • Data transferred between U.S., EU, and UK entities is protected using Standard Contractual Clauses or other lawful mechanisms.
    • REUZEit does not sell or share personal data.

  9. Security Measures

    We implement technical and organizational measures to protect personal data, including:

    • Encryption of sensitive data
    • Access controls and authentication
    • Staff training on data protection
    • Periodic audits of security practices

  10. Data Breach Response

    In the event of a data breach:

    • REUZEit will investigate and contain the breach promptly
    • Notify supervisory authorities within 72 hours if required
    • Notify affected individuals without undue delay if there is a high risk to their rights or freedoms

  11. Accountability & Governance

    • All employees and contractors must comply with this policy
    • Regular internal audits, staff training, and DPIAs are conducted
    • Privacy compliance is reviewed periodically

  12. Children & Sensitive Data

    • Children under 16 (or 13 in EU member states, if applicable) require parental/guardian consent
    • Sensitive personal data requires explicit consent or legal basis for processing

  13. Appeals / Dispute Process

    Individuals may escalate privacy requests or complaints through the Privacy Contact if initial requests are denied. Supervisory authorities (EU/UK) or state attorney generals (U.S.) may also be contacted.

  14. Updates to this Policy

    Policy updates will be posted on our website. Significant changes will be communicated to affected parties as required by law.