Data Protection Policy

Introduction

This Data Protection Policy outlines the principles and practices of Dazzlez Ventures ("the Company") regarding the collection, processing, storage, and protection of personal data. The Company is committed to ensuring compliance with applicable data protection laws, including the Health Insurance Portability and Accountability Act (HIPAA) and the General Data Protection Regulation (GDPR), where applicable. This policy is designed to protect the personal information of our clients, particularly individuals with mental illnesses, who utilize our specialized housing options and related healthcare services.

1. Data Collection

1.1 Types of Data Collected
The Company may collect the following types of personal data:
Personal Identification Information: Name, address, contact details, date of birth.
Health Information: Medical history, treatment details, and any other relevant health-related data.
Financial Information: Payment details for rental and care services.
Demographic Information: Age, gender, and other characteristics relevant to service provision.

1.2 Purpose of Data Collection
Personal data is collected for the following purposes:
- To provide housing and healthcare services tailored to individual needs.
- To comply with legal obligations and regulatory requirements.
- To manage client relationships and improve service delivery.
- To conduct internal audits and quality assurance.

2. Data Processing

2.1 Legal Basis for Processing
The company processes personal data based on the following legal grounds:
Consent: Individuals have provided explicit consent for their data to be processed for specific purposes.
Contractual Necessity: Processing is necessary to perform a contract with the individual.
Legal Obligations: Processing is required to comply with legal obligations.

2.2 Data Minimization
The company is committed to data minimization and will collect and process only personal data necessary for the specified purposes.

3. Data Storage

3.1 Storage Locations
Personal data may be stored in secure electronic systems, physical records, or both. The Company will ensure that all storage methods comply with applicable data protection laws.

3.2 Retention Periods
Personal data will be retained only for as long as necessary to fulfill the purposes for which it was collected, including compliance with legal obligations. Specific retention periods will be established in accordance with regulatory requirements and best practices.

4. Data Security Measures

4.1 Technical Measures
The company employs appropriate technical measures to protect personal data against unauthorized access, loss, or destruction. These measures include:
- Encryption of sensitive data.
- Secure access controls.
- Regular security audits and assessments.

4.2 Organizational Measures
The company implements organizational measures, including
- Staff training on data protection and privacy.
- Implementation of policies and procedures to ensure compliance.
- Regular reviews of data protection practices.

5. Data Subject Rights

Individuals whose personal data is processed by the company have the following rights:
Right to Access: Individuals have the right to request access to their personal data held by the company.
Right to Rectification: Individuals may request correction of inaccurate or incomplete personal data.
Right to Erasure: Individuals may request the deletion of their personal data under certain circumstances.
Right to Data Portability: Individuals may request a copy of their personal data in a structured, commonly used format.
Right to Object: Individuals have the right to object to processing activities under certain conditions.

6. Third-Party Sharing

The company may share personal data with third parties, including healthcare providers and regulatory authorities, only when necessary and in compliance with applicable data protection laws. Any third parties with whom data is shared are contractually obligated to protect the data and use it solely for the purposes for which it was shared.

7. Breach Notification

In the event of a data breach, the company will inform affected individuals and relevant authorities of the applicable legal requirements. Notifications will be made without undue delay and will include details of the breach and measures taken to reduce its effects.

8. Training and Awareness

All employees and contractors of the company will receive training on data protection policies and procedures to ensure compliance and safeguard personal information.

9. Impact Assessments

The Company will conduct Data Protection Impact Assessments (DPIAs) for projects that process sensitive data, particularly for housing services for individuals with mental illnesses.

10. Regulatory Compliance Monitoring

The Company will regularly assess its compliance with this Data Protection Policy and applicable data protection laws. Any necessary improvements will be implemented as soon as possible.

11. Policy Review

This Data Protection Policy will be reviewed annually, or sooner if significant changes occur in data protection legislation or the company's operations.

Conclusion

Dazzlez Ventures is committed to protecting its clients' personal data and ensuring compliance with applicable data protection laws. This policy serves as a framework for our commitment to privacy and data protection in all our operations.

---

Dazzlez Ventures
Location: 101 North First Avenue STE 2325 1112, Phoenix, Arizona, United States
Date: 01/01/2026

---