GDPR Compliance

Nebula Nutrition CRM - Last updated: January 17, 2025

Back to Home

Your Data Protection Rights

We are committed to protecting your personal data and respecting your privacy rights under the General Data Protection Regulation (GDPR). This page explains your rights regarding your personal data and how to exercise them.

Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

  • Right to Access:You can request a copy of your personal data we hold
  • Right to Rectification:You can request corrections to inaccurate data
  • Right to Erasure:You can request deletion of your personal data
  • Right to Data Portability:You can request your data in a portable format
  • Right to Object:You can object to certain processing of your data
  • Right to Restriction:You can request limitation of data processing

Data We Collect

For Nutrition Professionals:

  • Account information (name, email, professional credentials)
  • Business information (company name, contact details)
  • Client management data (client profiles, appointments, notes)
  • Payment and subscription information

For Website Visitors:

  • Contact form submissions
  • Booking request information
  • Technical data (IP address, browser type, usage analytics)

Security Measures

We understand the critical importance of protecting personal data. To safeguard your clients' data, we implement strict security measures and comply with privacy regulations:

Industry Standards & Compliance:

  • KVKK / GDPR:Full compliance with Turkish Personal Data Protection Law and EU General Data Protection Regulation
  • PCI-DSS:Payment Card Industry Data Security Standard compliance for secure payment processing
  • 3D Secure:All payments are protected with 3D Secure authentication
  • SSL/TLS:End-to-end encryption for all data transmission
  • AES-256:Military-grade encryption for data at rest

Additionally, your data is backed up on servers in multiple geographic locations to ensure redundancy and disaster recovery.

Data Deletion Process

We provide two levels of data deletion to comply with GDPR Article 17 (Right to Erasure):

For Individual Clients (Nutrition Professionals)
1
Request Deletion

Use the "GDPR Delete" option in your client management interface or contact us directly

2
Confirmation

Confirm your deletion request - this action is irreversible

3
Complete Deletion

All client data including appointments, notes, and attachments are permanently removed

For Complete Account Deletion (All Users)
1
Contact Request

Email us atinfo@hellonebula.netwith your deletion request

2
Identity Verification

We verify your identity to ensure account security

3
Complete Erasure

Your entire account, business data, and all associated records are permanently deleted

Deletion Verification

Proof of Erasure

When your data is deleted, we provide a unique Deletion ID as proof of erasure. This ID serves as legal confirmation that your data has been permanently removed from our systems.

Keep this Deletion ID safe - it may be required for legal or compliance purposes. If you lose your Deletion ID, we can still demonstrate compliance through our internal audit logs.

Verify Your Data Deletion

Already have a Deletion ID? Use our verification tool to confirm that your data has been permanently deleted from our systems in compliance with GDPR Article 17.

Verify Deletion Status

Processing Time

  • Individual Client Deletion:Immediate (real-time)
  • Account Deletion Requests:Within 30 days of verification
  • Data Access Requests:Within 30 days
  • Data Correction Requests:Within 30 days

Legal Basis for Data Processing

We process your personal data based on:

  • Contractual Necessity:To provide our nutrition management services
  • Legitimate Interest:To improve our services and customer support
  • Consent:For marketing communications (where applicable)
  • Legal Obligation:To comply with accounting and tax requirements

Data Retention

We retain your data only as long as necessary for the purposes outlined in our Privacy Policy:

  • Active Account Data:While your account is active
  • Financial Records:7 years (legal requirement)
  • Marketing Data:Until you opt out or request deletion
  • Technical Logs:12 months maximum

Exercise Your Rights

Data Protection Contact

To exercise any of your GDPR rights or for questions about data processing:

Email: info@hellonebula.net

Response Time:Within 30 days

Reference:Include "GDPR Request" in your subject line

Privacy PolicyTerms of ServiceContact Us