EU/EEA Privacy Notice

1. Introduction

This EU/EEA Privacy Notice supplements our Privacy Policy and provides additional information to individuals located in the European Union (EU), European Economic Area (EEA), and United Kingdom (UK) about how VRLY Ventures LLC ("Company," "we," "us," or "our"), operating as Lyynx, processes their personal data in accordance with the General Data Protection Regulation (GDPR).

2. Data Controller

For the purposes of the GDPR, the data controller is:

3. Legal Bases for Processing

We process your personal data only when we have a valid legal basis to do so. The legal bases we rely on include:

3.1 Contract Performance

Processing necessary to perform our contract with you or take steps at your request prior to entering into a contract:

• Creating and managing your account
• Providing the Services you requested
• Processing payments and subscriptions
• Communicating about your account and transactions

3.2 Legitimate Interests

Processing necessary for our legitimate interests (where not overridden by your rights):

• Improving and optimizing our Services
• Analyzing usage patterns and trends
• Ensuring security and preventing fraud
• Marketing similar products/services to existing customers
• Managing business operations

3.3 Consent

Processing based on your explicit consent:

• Marketing communications (where consent is required)
• Certain uses of cookies and tracking technologies
• Processing special categories of data (if applicable)

3.4 Legal Obligations

Processing necessary to comply with legal obligations:

• Tax and accounting requirements
• Responding to lawful requests from authorities
• Complying with court orders

4. Categories of Personal Data

We process the following categories of personal data:

5. International Data Transfers

As we are based in the United States, your personal data will be transferred to and processed in the United States, which the European Commission has not determined provides an adequate level of data protection.

To ensure your personal data receives an adequate level of protection, we use the following safeguards:

• Standard Contractual Clauses (SCCs): We use EU Commission-approved Standard Contractual Clauses when transferring data to third parties outside the EEA.
• Supplementary Measures: We implement additional technical and organizational measures as recommended by European data protection authorities.

You may request a copy of the Standard Contractual Clauses by contacting us at compliance@lyynx.com.

6. Data Retention

We retain your personal data only for as long as necessary for the purposes for which it was collected:

• Account data: For the duration of your account and 30 days after account deletion
• Transaction data: 7 years (legal/tax requirements)
• Usage/analytics data: 24 months
• Marketing consent records: 3 years from last interaction
• Support communications: 3 years

7. Your Rights Under GDPR

Under the GDPR, you have the following rights:

7.1 Right of Access

You have the right to request access to your personal data and receive a copy of the data we hold about you.

7.2 Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data.

7.3 Right to Erasure ("Right to be Forgotten")

You have the right to request deletion of your personal data in certain circumstances, such as when the data is no longer necessary or you withdraw consent.

7.4 Right to Restriction of Processing

You have the right to request that we restrict processing of your personal data in certain circumstances, such as while we verify accuracy or assess an objection.

7.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller.

7.6 Right to Object

You have the right to object to processing based on legitimate interests or for direct marketing purposes.

7.7 Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw consent at any time without affecting the lawfulness of prior processing.

7.8 Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal data violates the GDPR. You can find your local supervisory authority at https://edpb.europa.eu/about-edpb/board/members_en.

8. Exercising Your Rights

To exercise any of your rights, please contact us at:

• Email: compliance@lyynx.com
• Subject line: "GDPR Rights Request"

We will respond to your request within one month. This period may be extended by two further months if necessary, taking into account the complexity and number of requests.

We may need to verify your identity before processing your request. If we cannot verify your identity, we may request additional information.

9. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you.

10. Data Processing Agreement

If you are a business customer and we process personal data on your behalf, you may be considered a data controller and we may be acting as a data processor. In such cases, our Data Processing Agreement applies.

11. Subprocessors

We use third-party service providers (subprocessors) to help us deliver our Services. For a list of our subprocessors and their locations, please see our Subprocessor List.

12. Updates to This Notice

We may update this EU/EEA Privacy Notice from time to time. We will notify you of material changes by posting the updated notice and updating the "Last Updated" date.

13. Contact Us

For any questions about this Notice or our data protection practices, please contact: