GDPR Notice

Last updated: December 31, 2025

GDPR Notice

Last Updated: December 31, 2025

Effective Date: December 31, 2025

Introduction

This GDPR Notice ("Notice") applies to Positive Business Blueprint ("Site," "Website," "we," "us," or "our"), a property owned and operated by Domus Solis LLC ("Company," "Data Controller"), located at https://positivebusinessblueprint.com.

This Notice is provided in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and the UK GDPR, and applies to individuals located in the European Economic Area (EEA), United Kingdom (UK), and Switzerland ("you," "your," or "Data Subject").

If you are located outside these regions, please refer to our Privacy Policy for information about how we handle your personal data.

Data Controller Information

Data Controller: Domus Solis LLC 7500 Golden Triangle Rd Suite F6 Eden Prairie, MN 55344 United States

Contact Information: For questions about this Notice or to exercise your GDPR rights, please contact us:

Data Protection Officer: [If applicable, provide DPO contact information. Otherwise, users should contact the Data Controller directly.]

Personal Data We Process

We process the following categories of personal data:

Personal Data You Provide Directly

  • Identity Data: Name, username, email address
  • Contact Data: Mailing address, phone number
  • Account Data: Account credentials, profile information, preferences
  • Financial Data: Payment card information (processed by third-party payment processors)
  • Transaction Data: Purchase history, order details, payment records
  • Content Data: Comments, forum posts, reviews, messages, feedback
  • Marketing Data: Marketing preferences, newsletter subscriptions

Personal Data Collected Automatically

  • Technical Data: IP address, browser type, device information, operating system
  • Usage Data: Pages visited, time spent, click patterns, navigation paths
  • Location Data: Approximate geographic location based on IP address
  • Analytics Data: Website usage statistics, performance metrics

Personal Data from Third Parties

  • Social Login Data: Information from social media providers when you use social login
  • Payment Processor Data: Transaction confirmations and fraud prevention data
  • Advertising Data: Aggregated demographic and interest-based information

We process your personal data under the following legal bases:

Contractual Necessity (Article 6(1)(b) GDPR)

We process personal data necessary to perform our contract with you, including:

  • Providing Services you have purchased or requested
  • Managing your account and user profile
  • Processing payments and fulfilling orders
  • Delivering courses, content, and products
  • Providing customer support

Legitimate Interests (Article 6(1)(f) GDPR)

We process personal data based on our legitimate business interests, including:

  • Improving and optimizing our Services
  • Preventing fraud and ensuring security
  • Analyzing usage patterns and trends
  • Marketing our Services (where you have not opted out)
  • Managing and operating our business

We balance these interests against your rights and freedoms, and will not process your data if your interests override ours.

Consent (Article 6(1)(a) GDPR)

We process personal data based on your explicit consent, including:

  • Marketing communications and newsletters
  • Non-essential cookies and tracking technologies
  • Optional features and services

You may withdraw your consent at any time by contacting us or using the opt-out mechanisms provided.

Legal Obligation (Article 6(1)(c) GDPR)

We process personal data to comply with legal obligations, including:

  • Tax reporting and accounting requirements
  • Responding to lawful government requests
  • Complying with court orders and legal process
  • Maintaining records as required by law

Vital Interests (Article 6(1)(d) GDPR)

In rare circumstances, we may process personal data to protect your vital interests or those of another person.

How We Use Your Personal Data

We use your personal data for the following purposes:

Service Delivery

  • Creating and managing your account
  • Processing transactions and fulfilling orders
  • Delivering courses, content, and products
  • Providing customer support
  • Communicating about your account and Services

Service Improvement

  • Analyzing usage patterns and trends
  • Monitoring Site performance
  • Conducting A/B testing
  • Developing new features and services

Marketing and Communications

  • Sending newsletters and marketing communications (with your consent)
  • Notifying you of new content, products, or features
  • Providing updates about changes to our Services
  • Protecting against fraud and unauthorized access
  • Enforcing our Terms of Service
  • Complying with legal obligations
  • Responding to lawful requests

Analytics and Performance

  • Understanding how visitors use our Services
  • Measuring the effectiveness of our marketing
  • Generating aggregated statistics

Data Sharing and Third-Party Processors

We share your personal data with the following categories of recipients:

Service Providers (Data Processors)

We engage third-party service providers who process personal data on our behalf:

Email and Marketing Services:

  • Orientis (email marketing platform)
  • Mailchimp (email marketing and automation)
  • SendGrid (transactional email delivery)

Payment Processors:

  • Stripe
  • PayPal
  • Payments AI

Hosting and Infrastructure:

  • Cloud hosting providers that store and process data on our behalf

Analytics Providers:

  • Google Analytics and other analytics services

Advertising Partners:

  • Google AdSense and other advertising networks

All service providers are contractually obligated to:

  • Process personal data only for specified purposes
  • Implement appropriate security measures
  • Comply with GDPR requirements
  • Not use personal data for their own purposes

We may disclose personal data if required by law or in response to valid legal requests, including:

  • Court orders and subpoenas
  • Government or law enforcement requests
  • To protect our rights, property, or safety
  • To protect the rights, property, or safety of our users

Business Transfers

In the event of a merger, acquisition, or sale of assets, personal data may be transferred as part of that transaction. We will notify you of any such change.

International Data Transfers

Your personal data may be transferred to and processed in countries outside the EEA, UK, and Switzerland, including the United States, where our servers and central database are located.

When we transfer personal data outside these regions, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses: We use European Commission-approved Standard Contractual Clauses with our service providers
  • Adequacy Decisions: Where applicable, we rely on adequacy decisions by the European Commission
  • Other Safeguards: We implement additional technical and organizational measures to protect your data

By using our Services, you consent to these international transfers. If you do not consent, please do not use our Services.

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes described in this Notice, unless a longer retention period is required or permitted by law.

Retention Periods

Active Accounts: We retain your personal data for as long as your account remains active and for a reasonable period thereafter.

Account Deletion: Upon your request to delete your account, we will delete or anonymize your personal data within thirty (30) days, except where we are required to retain certain information for:

  • Legal compliance and regulatory requirements
  • Resolving disputes or enforcing agreements
  • Preventing fraud and abuse
  • Completing pending transactions

Transaction Records: We retain financial transaction records as required by tax, accounting, and regulatory requirements, which may extend beyond account deletion.

Anonymized Data: We may retain and use anonymized, non-identifiable usage statistics indefinitely for analytics and service improvement purposes.

Backup Systems: Deleted information may persist in backup systems for a limited time as part of our standard backup procedures but will not be actively used or restored.

Your GDPR Rights

If you are located in the EEA, UK, or Switzerland, you have the following rights regarding your personal data:

Right of Access (Article 15 GDPR)

You have the right to:

  • Confirm whether we process your personal data
  • Obtain a copy of your personal data
  • Receive information about how we process your data

Right to Rectification (Article 16 GDPR)

You have the right to request correction of inaccurate or incomplete personal data.

Right to Erasure - "Right to be Forgotten" (Article 17 GDPR)

You have the right to request deletion of your personal data in certain circumstances, including when:

  • The data is no longer necessary for the original purpose
  • You withdraw consent and there is no other legal basis
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed
  • The data must be deleted to comply with a legal obligation

Right to Restriction of Processing (Article 18 GDPR)

You have the right to request that we restrict processing of your personal data in certain circumstances, including when:

  • You contest the accuracy of the data
  • Processing is unlawful and you oppose deletion
  • We no longer need the data but you need it for legal claims
  • You have objected to processing pending verification

Right to Data Portability (Article 20 GDPR)

You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit that data to another controller, where technically feasible.

Right to Object (Article 21 GDPR)

You have the right to object to processing of your personal data based on:

  • Legitimate interests (including profiling)
  • Direct marketing
  • Processing for scientific or historical research purposes

Rights Related to Automated Decision-Making (Article 22 GDPR)

You have the right not to be subject to decisions based solely on automated processing, including profiling, that produces legal effects or similarly significantly affects you.

[If applicable, describe any automated decision-making processes and provide information about human intervention, safeguards, and your right to contest decisions.]

Where processing is based on consent, you have the right to withdraw your consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

Exercising Your GDPR Rights

To exercise any of your GDPR rights, please contact us:

Support Portal: https://support.domussolis.biz

Mailing Address: Domus Solis LLC 7500 Golden Triangle Rd Suite F6 Eden Prairie, MN 55344

Response Time: We will respond to your request within one month (30 days) of receipt. If your request is complex or we receive multiple requests, we may extend this period by up to two additional months, and we will inform you of the extension and reasons.

Verification: We may need to verify your identity before processing your request to ensure the security of your personal data.

Fees: We do not charge a fee for exercising your rights, unless your request is manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse to act on the request.

Supervisory Authority

If you are located in the EEA, UK, or Switzerland, you have the right to lodge a complaint with your local data protection supervisory authority if you believe our processing of your personal data violates applicable data protection laws.

UK Supervisory Authority: Information Commissioner's Office (ICO) Website: https://ico.org.uk

EU Supervisory Authorities: A list of EU supervisory authorities can be found at: https://edpb.europa.eu/about-edpb/board/members_en

Switzerland Supervisory Authority: Federal Data Protection and Information Commissioner (FDPIC) Website: https://www.edoeb.admin.ch

We encourage you to contact us first to resolve any concerns before lodging a complaint with a supervisory authority.

Children's Data

Our Services are not directed to children under the age of sixteen (16). We do not knowingly collect personal data from children under 16.

If you are a parent or guardian and believe that your child under 16 has provided us with personal data without your consent, please contact us immediately. We will take steps to delete such information from our systems.

If we become aware that we have collected personal data from a child under 16 without verification of parental consent, we will delete that information promptly.

Security Measures

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction, including:

  • Encryption: Data transmitted between your browser and our Services is encrypted using TLS/SSL
  • Access Controls: Access to personal data is restricted to authorized personnel
  • Security Monitoring: We employ firewalls, intrusion detection, and monitoring systems
  • Regular Assessments: We conduct regular security assessments and vulnerability testing
  • Staff Training: Security awareness training for personnel

However, no method of transmission over the Internet or electronic storage is completely secure. While we strive to protect your personal data, we cannot guarantee absolute security.

Cookies and Tracking Technologies

We use cookies and similar technologies to collect and process personal data. For detailed information about our use of cookies, please refer to our Privacy Policy.

You can manage your cookie preferences through your browser settings or our cookie consent mechanism.

Changes to This Notice

We may update this GDPR Notice from time to time to reflect changes in our practices, legal requirements, or other factors.

When we make material changes, we will:

  • Update the "Last Updated" date at the top of this Notice
  • Post the revised Notice on this page
  • Where appropriate, notify you via email or through our Services

We encourage you to review this Notice periodically to stay informed about how we protect your personal data.

Contact Us

If you have any questions, concerns, or requests regarding this GDPR Notice or our processing of your personal data, please contact us:

Domus Solis LLC 7500 Golden Triangle Rd Suite F6 Eden Prairie, MN 55344 United States

Support Portal: https://support.domussolis.biz

For GDPR-related inquiries and requests, please allow 7-10 business days for processing.

By using Positive Business Blueprint, you acknowledge that you have read, understood, and agree to the terms of this GDPR Notice.

Comments

Leave a Comment

Maximum 5000 characters
Your comment will be reviewed before it appears.
No comments yet. Be the first to comment!