European Privacy Notice
This European Privacy Notice supplements the Bearish Privacy Policy and applies to individuals located in the European Economic Area (EEA), the United Kingdom, and Switzerland (collectively, "Europe").
It explains how Bearish FH INC ("Bearish," "we," "us," or "our") processes personal data in accordance with the General Data Protection Regulation (GDPR) and related European data protection laws.
01Data Controller
For purposes of the GDPR, the data controller is:
02Legal Bases for Processing
Bearish processes personal data only when a lawful basis exists. Depending on the context, processing may be based on:
Contractual necessity
To provide and operate Bearish services
Legal obligation
To comply with applicable laws and regulations
Legitimate interests
To secure, improve, and maintain our services
Consent
Where required, such as for certain cookies or communications
You may withdraw consent at any time where processing is based on consent.
03Categories of Personal Data
We may process the following categories of personal data:
- Identifiers (name, email address, account ID)
- Account and authentication data
- Billing and transaction data
- User-generated content
- Technical and usage data (IP address, device, logs)
Bearish does not intentionally collect special categories of personal data unless explicitly required by a product feature and lawfully processed.
04Purposes of Processing
Personal data is processed to:
- Provide, maintain, and secure Bearish services
- Authenticate users and manage accounts
- Process subscriptions and payments
- Deliver customer support
- Improve system performance and reliability
- Prevent fraud, abuse, and security incidents
- Comply with legal obligations
05Data Sharing
Personal data may be shared with:
Processors
Acting on Bearish's behalf (hosting, payments, infrastructure)
Professional advisors
Legal, accounting when necessary
Authorities
Where legally required
All processors are subject to contractual data protection obligations consistent with GDPR requirements.
06International Data Transfers
Bearish is headquartered in the United States and may transfer personal data outside Europe.
Where required, Bearish relies on appropriate safeguards, including:
- ✓European Commission Standard Contractual Clauses (SCCs)
- ✓Additional technical and organizational safeguards
07Data Retention
Personal data is retained only as long as necessary for the purposes described in this Notice, unless a longer retention period is required by law.
When data is no longer required, it is deleted or irreversibly anonymized.
08Your GDPR Rights
European users have the following rights, subject to legal limitations:
Right of access
Obtain confirmation and a copy of personal data
Right to rectification
Correct inaccurate or incomplete data
Right to erasure
Request deletion of personal data
Right to restriction
Limit processing in certain circumstances
Right to data portability
Receive data in a structured, machine-readable format
Right to object
Object to processing based on legitimate interests
Right to withdraw consent
Where processing is based on consent
Requests can be submitted by emailing privacy@bearishos.com.
09Automated Decision-Making and AI
Bearish may use automated systems, including AI, to provide services.
- ✓Bearish does not engage in solely automated decision-making that produces legal or similarly significant effects on individuals without appropriate safeguards
- ○AI outputs are designed to assist users, not replace human judgment
10Supervisory Authority
If you believe Bearish has infringed your data protection rights, you have the right to lodge a complaint with your local supervisory authority in the EEA, UK, or Switzerland.
11Updates to This Notice
We may update this European Privacy Notice from time to time. Continued use of Bearish services after updates constitutes acceptance of the revised Notice.
12Contact
For GDPR-related questions or requests:
Bearish treats European data protection as a baseline, not a burden. Privacy is part of the architecture.