General Data Protection Regulation (GDPR) Compliance Notice
Updated August 15, 2023
This document outlines the key provisions and principles of the General Data Protection Regulation (GDPR) and how they apply to our organization. The GDPR is a comprehensive data protection law that governs the processing and protection of personal data within the European Union (EU) and the European Economic Area (EEA). As a company operating within this region, we are committed to ensuring the privacy and security of personal data entrusted to us by our customers, employees, and partners.
- Data Controller Information:
Company Name: Delta Advisory Group LLC. also known as impactmania
Address: P.O. Box 2645, Santa Barbara, CA 93120-2645, USA
Contact: [email protected]
- Purposes and Legal Basis for Data Processing:
We collect and process personal data for specific and legitimate purposes, and we ensure that the processing activities are based on one or more of the legal grounds outlined in the GDPR. These purposes may include:
- Contractual obligations: Processing personal data to fulfill our contractual commitments with customers, employees, or partners.
- Consent: Obtaining explicit consent when processing personal data for specific purposes, where consent is required.
- Legitimate interests: Processing data to pursue our legitimate interests, ensuring they do not override individuals’ fundamental rights and freedoms.
- Types of Personal Data Processed:
We only process personal data that is necessary and relevant for the stated purposes. The types of personal data we may process include but are not limited to:
- Name, contact details, and identification information.
- Financial information for payment purposes.
- Reimbursement-related information for payment purposes.
- Data Subject Rights:
Under the GDPR, data subjects have certain rights regarding their personal data. These rights include:
- Right to access: The right to request access to the personal data we hold about them.
- Right to rectification: The right to request corrections to inaccurate or incomplete data.
- Right to erasure: The right to request the deletion of personal data under specific circumstances.
- Right to object: The right to object to certain processing activities.
- Right to data portability: The right to receive their data in a structured, commonly used, and machine-readable format.
- Right to withdraw consent: If processing is based on consent, individuals have the right to withdraw consent at any time.
- Data Retention and Security:
We retain personal data for only as long as necessary to fulfill the purposes for which it was collected, or as required by applicable laws and regulations. We implement appropriate technical and organizational measures to ensure the security and confidentiality of personal data, protecting it against unauthorized access, disclosure, or destruction.
- Data Transfers:
If we transfer personal data outside the EU/EEA, we ensure that adequate safeguards are in place to protect the data through third-party hosting company, systems, and procedures.
If you believe that your personal data has been processed in violation of the GDPR, you have the right to lodge a complaint with the relevant supervisory authority.