Here is your updated Data Processing Agreement (DPA) for MyProfile, operated by Brilydal Ltd, based in the State of Ohio, USA. This version reflects your updated entity and jurisdiction.

1. Parties:
   
   

   This Data Processing Agreement is entered into between:

   “Controller”: Any individual or organization using the MyProfile platform to create, manage, or interact with profiles.

   “Processor”: Brilydal Ltd, the owner and operator of MyProfile, a company registered in the State of Ohio, United States.

   Together referred to as the “Parties.”

2. Subject Matter and Duration:
   
   

   This DPA governs the processing of personal data on behalf of the Controller for the purpose of delivering MyProfile services. This Agreement is effective for the duration of the Controller’s use of the Services.

3. Nature and Purpose of Processing:
   
   

   Brilydal Ltd processes data to:

   • Enable profile creation, sharing, and networking
   • Deliver digital services, subscriptions, and transactions
   • Personalize user experiences and communication
   • Ensure platform security, compliance, and fraud prevention
   • Power analytics and feature optimization
4. Types of Personal Data Processed:
   
   

   Depending on usage, this includes:

   • Name, email, phone number, profile content
   • Profile images, QR/NFC interactions, and connections
   • IP address, device ID, browser/device metadata
   • Payment information (processed by third-party PCI-compliant providers)
   • Other user-submitted content including contacts, files, or badges
   Sensitive data may be processed if voluntarily added to Emergency, Medical, or similar specialized profiles.
5. Data Subject Categories:
   
   

   Platform users (individuals, teams, businesses, or organizations)

   Profile contacts or invited connections

   Employees or representatives of business accounts

6. Obligations of the Processor (Brilydal Ltd):
   
   

   Brilydal Ltd agrees to:

   • Only process personal data on documented instructions of the Controller
   • Maintain robust technical and organizational measures
   • Ensure confidentiality, training, and access control for all authorized personnel
   • Provide support for data subject requests (e.g., access, correction, deletion)
   • Notify the Controller of data breaches without undue delay
   • Maintain records of processing as required under applicable law
7. Subprocessing:
   
   

   Controller grants Brilydal Ltd the right to use subprocessors to fulfill parts of the service (e.g., hosting, analytics, communication). Brilydal Ltd will:

   • Ensure subprocessors provide the same level of data protection
   • Maintain responsibility for their actions
   • Provide a list of subprocessors upon request
8. International Data Transfers
   
   

   When data is transferred internationally, Brilydal Ltd ensures:

   • Use of Standard Contractual Clauses (SCCs) where required
   • Compliance with applicable transfer mechanisms under GDPR or U.S. laws
   • Transfers only to countries with adequate protection or with additional safeguards
9. Data Retention and Deletion:
   
   

   Personal data is retained only for the period necessary to fulfill its purpose or as required by law. Upon termination or request.

   Brilydal Ltd will delete or anonymize the data unless legally obligated to retain it

   Data backups will be purged within a secure retention window

10. Security Measures:
    
    

    Brilydal Ltd uses industry-standard security protocols including:

    • End-to-end encryption (TLS 1.2+ and AES-256 at rest)
    • Role-based access control (RBAC)
    • Daily backups, vulnerability management, and 24/7 monitoring
    • Audit trails and security incident response plans
    Details available in our Security Policy.
11. Data Breach Notification:
    
    

    In the event of a breach affecting personal data, Brilydal Ltd will:

    • Notify the Controller within 72 hours
    • Provide all necessary details (scope, impact, mitigation steps)
    • Cooperate with regulatory reporting and affected data subjects if required
12. Audit Rights:
    
    

    Brilydal Ltd will make available audit documentation upon request and may permit on-site or third-party audits under mutual agreement, subject to confidentiality and notice terms.

13. Termination:
    
    

    Upon expiration or termination of services:

    All data will be securely deleted or returned to the Controller

    Written confirmation of deletion may be requested

14. Governing Law:
    
    

    This DPA shall be governed by and construed in accordance with the laws of the State of Ohio, United States, without regard to conflict of law provisions.

15. Contact for DPA Matters:
    
    

    Legal Department – Brilydal Ltd

    Email: legal@getmyprofile.online

    Phone: +1 (

    Website: https://getmyprofile.online