Login Register
Login Register

GDPR Compliance Statement

Last Updated: January 29, 2025

Introduction

This GDPR Compliance Statement (“Statement”) explains how Rehabit Ltd. (“Rehabit”, “we”, “us”, “our”), as a data controller established in Cyprus, processes personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”).

Data Controller Information

Rehabit Ltd.
Data Protection Officer Contact: support@rehabit.us

Legal Basis for Processing

We process personal data under the following legal bases:

Consent (Article 6(1)(a) GDPR)

  • Marketing communications.
  • Cookie usage (non-essential).
  • Collection of health and wellness data.
  • Personalization of services.

 

Contractual Necessity (Article 6(1)(b) GDPR)

  • Account creation and management.
  • Service provision.
  • Payment processing.
  • Customer support.

 

Legal Obligations (Article 6(1)(c) GDPR)

  • Tax compliance.
  • Data protection requirements.
  • Law enforcement requests.
  • Regulatory reporting.

 

 Legitimate Interests (Article 6(1)(f) GDPR)

  • Service improvement.
  • Security measures.
  • Fraud prevention.
  • Analytics and research.

Special Categories of Personal Data

When processing special category data (Article 9 GDPR), we:

  • Obtain explicit consent
  • Implement additional security measures
  • Conduct impact assessments
  • Maintain detailed processing records

Data Subject Rights

You have the right to:

Access (Article 15 GDPR)

  • Confirm if we process your data.
  • Receive a copy of your data.
  • Know processing purposes and categories.

 

 Rectification (Article 16 GDPR)

  • Correct inaccurate data.
  • Complete incomplete data.

 

Erasure (Article 17 GDPR)

  • Request deletion of personal data.
  • Remove data no longer necessary.
  • Withdraw consent-based processing.

 

Restriction (Article 18 GDPR)

  • Limit processing while verifying accuracy.
  • Restrict unlawful processing.
  • Preserve data for legal claims.

 

Portability (Article 20 GDPR)

  • Receive data in structured format.
  • Transmit data to another controller.
  • Direct controller-to-controller transfer.

 

Objection (Article 21 GDPR)

  • Object to processing based on legitimate interests.
  • Stop direct marketing.
  • Cease automated decision-making.

Data Protection Measures

Technical Measures

  • Encryption at rest and in transit.
  • Access controls and authentication.
  • Regular security testing.
  • Backup and recovery procedures.

 

Organizational Measures

  • Staff training and awareness.
  • Data protection policies.
  • Access restriction protocols.
  • Incident response procedures.

International Data Transfers

Transfer Mechanisms

  • EU Standard Contractual Clauses.
  • Adequacy decisions.
  • Binding Corporate Rules.
  • Explicit consent (where applicable).

 

Transfer Safeguards

  • Risk assessments.
  • Additional security measures.
  • Regular reviews of recipient safeguards.
  • Data minimization.

Data Retention

Retention Periods

  • Account data: Duration of account plus 2 years.
  • Transaction data: 7 years (legal requirement).
  • Marketing data: Until consent withdrawal.
  • Technical logs: 12 months.

 

Retention Criteria

  • Legal requirements.
  • Business purposes.
  • User preferences.
  • Technical necessity.

Data Protection Impact Assessments

We conduct DPIAs for:

  • New technologies.
  • Large-scale processing.
  • Systematic monitoring.
  • Special category data processing.

Personal Data Breaches

In case of a breach, we will:

  • Notify supervisory authorities within 72 hours.
  • Inform affected individuals if high risk.
  • Document all breaches.
  • Implement remedial measures.

Data Processor Agreements

We maintain agreements with processors that:

  • Define processing purposes.
  • Ensure confidentiality.
  • Require security measures.
  • Enable auditing.

Records of Processing Activities

We maintain records including:

  • Processing purposes.
  • Data categories.
  • Recipient categories.
  • Transfer mechanisms.
  • Security measures.
  • Retention periods.

Cookie Compliance

Cookie Control

  • Consent management platform.
  • Granular cookie choices.
  • Easy withdrawal options.
  • Regular cookie audits.

 

Cookie Categories

  • Strictly necessary.
  • Functional.
  • Analytics.
  • Marketing.

Automated Decision-Making

Where applicable, we:

  • Inform users of logic involved.
  • Explain significance and consequences.
  • Provide human intervention options.
  • Enable contestation of decisions.

Children's Data Protection

Additional measures for users under 16:

  • Parental consent verification.
  • Age-appropriate information.
  • Enhanced security measures.
  • Restricted data processing.

Updates to This Statement

We will:

  • Review this statement regularly.
  • Update for regulatory changes.
  • Notify of material changes.
  • Maintain version history.

Complaints

You have the right to:

  • Contact our DPO.
  • Lodge complaints with supervisory authorities.
  • Seek judicial remedies.
  • Claim compensation for damages.

 

Contact our Data Protection Officer for any GDPR-related inquiries at support@rehabit.us.

Register Now

Visualize your dream life.
It’s the key to unlocking everything you desire.
Please select a valid form

Get early access for a discount

Join our waitlist and get access to prompt master Al for a discounted early-bird prices

Join the waitlist now

Get early access for a discount

Join our waitlist and get access to prompt master Al for a discounted early-bird prices

Join the waitlist now

Only 100 Free Custom Meditations

Join our waitlist and get access to Rehabit and our Custom Meditation Platform so you will Meditate More Often!

10X Your Meditation Practice

Get early access for a discount

Join our waitlist and get access to prompt master Al for a discounted early-bird prices

Join the waitlist now