Compliance

GDPR Compliance

KCraft Studio LTD, as the data controller for NexusHealth, is committed to protecting the privacy and data rights of individuals in the European Union.

Our GDPR Commitment

The General Data Protection Regulation (GDPR) sets strict requirements for how organizations handle personal data of EU residents. NexusHealth has implemented comprehensive measures to ensure GDPR compliance.

Data Processing

We process personal data based on lawful bases including:

  • Contract: Processing necessary to provide our services
  • Consent: Where explicit consent has been provided
  • Legal Obligation: Where required by law
  • Legitimate Interest: For product improvement and security

Data Transfers

For data transfers outside the EEA, we rely on:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions where applicable
  • EU data residency options for Enterprise customers

Your Data Rights

Right to Access

You can request a copy of your personal data at any time.

Right to Rectification

You can request correction of inaccurate personal data.

Right to Erasure

You can request deletion of your personal data under certain conditions.

Right to Portability

You can request your data in a machine-readable format.

Right to Object

You can object to processing based on legitimate interests.

Right to Restrict Processing

You can request limitation of processing under certain conditions.

Data Protection Officer

KCraft Studio LTD has appointed a Data Protection Officer to oversee our GDPR compliance efforts and respond to data subject requests.

Contact: dpo@kcraft.io

KCraft Studio LTD
Neofytou Nikolaidi & Theod. Kolokotroni
ONISIFOROU CENTER, 2nd floor
Agios Theodoros, 8011 Paphos, Cyprus

To exercise your data rights or submit a request, please contact our DPO at the email above. We will respond within 30 days as required by GDPR.

Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data infringes the GDPR. Our competent supervisory authority is:

Commissioner for the Protection of Personal Data

Republic of Cyprus

Website: www.dataprotection.gov.cy