Abyss GDPR Policy


This document outlines Abyss' ("we," "us," or "our") approach to data processing in accordance with the General Data Protection Regulation (GDPR). We are committed to protecting your privacy and ensuring transparency in how we handle your personal data.

This policy applies to the processing of personal data collected through our services ("Services"). Personal data is any information relating to an identified or identifiable natural person.


1. Data Controller and Data Protection Officer

Abyss acts as the data controller for the personal data collected through our services. Our Data Protection Officer (DPO) can be contacted at support@abysshub.com.


2. Legal Basis for Processing

We process personal data in compliance with the General Data Protection Regulation (GDPR) based on one or more legal grounds as outlined in Article 6 of the GDPR, including:

  • Consent: When users provide explicit consent for specific processing activities.
  • Contractual Necessity: Processing necessary for the performance of a contract.
  • Legal Obligation: Processing required to comply with legal obligations.
  • Legitimate Interests: Processing necessary for legitimate interests pursued by Abyss or a third party.

3. Data Subject Rights

Under the GDPR, individuals have the following rights regarding their personal data:

  • Right to Access: Individuals can request access to their personal data and related information regarding the processing.
  • Right to Rectification: Individuals can request the correction of inaccurate or incomplete personal data.
  • Right to Erasure: Individuals can request the deletion of their personal data under certain circumstances, including withdrawal of consent or when the data is no longer necessary for the purposes for which it was collected.
  • Right to Restriction of Processing: Individuals can request the restriction of processing under certain circumstances, such as contesting the accuracy of the personal data.
  • Right to Data Portability: Individuals can request a copy of their personal data in a structured, commonly used, machine-readable format and have the right to transmit that data to another controller.
  • Right to Object: Individuals can object to the processing of their personal data under certain circumstances, including processing for direct marketing purposes or processing based on legitimate interests.

4. International Data Transfers

Abyss may transfer personal data outside the European Union (EU) or the European Economic Area (EEA) to third countries or international organizations. Such transfers will be carried out in compliance with the requirements of the GDPR, including the implementation of appropriate safeguards such as standard contractual clauses or adherence to approved certification mechanisms.


5. Data Security Measures

Abyss implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including measures to protect against unauthorized or unlawful processing and accidental loss, destruction, or damage of personal data. These measures include but are not limited to:

  • Encryption of personal data in transit and at rest.
  • Access controls and authentication mechanisms to limit access to personal data.
  • Regular security assessments and audits to identify and address vulnerabilities.

6. Data Breach Notification

In the event of a personal data breach, Abyss will notify the relevant supervisory authority and affected individuals without undue delay, where feasible, within 72 hours of becoming aware of the breach, unless the breach is unlikely to result in a risk to the rights and freedoms of individuals.


7. Data Protection Impact Assessment (DPIA)

Abyss conducts Data Protection Impact Assessments (DPIAs) where processing is likely to result in a high risk to the rights and freedoms of individuals, particularly in the case of new technologies or processing operations.


8. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was

collected, including compliance with legal, accounting, or reporting requirements, and as

permitted by applicable law. The retention periods for different categories of personal data are documented in our internal data retention policy.


9. Changes to this GDPR Policy

We may update this GDPR Policy to reflect changes in our data processing practices or legal

requirements. We will notify individuals of any significant changes and seek their consent if

required by law.


10. Contact Information

If you have any questions or concerns about our GDPR compliance or wish to exercise your

rights under the GDPR, please contact our Data Protection Officer at support@abysshub.com.