Data Protection and Privacy Compliance Statement

Effective Date: Nov 07 2024

At BuyEmailList, we are committed to respecting and protecting the privacy rights of our customers and all users of our website. This commitment includes compliance with the European Union's General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). This statement outlines our practices regarding the collection, use, and sharing of personal data and provides information about your privacy rights under both GDPR and CCPA.

1. Data Controller Information

Data Controller: BuyEmailList
Contact Information for Data Requests: 789 Bluegrass Parkway, Suite 250 Lexington, KY 40509

2. Data Collection and Purpose of Processing

We collect and process personal data to provide our services effectively, comply with legal obligations, enhance user experience, and conduct marketing activities. All data collection and processing practices are conducted transparently and strictly according to legal requirements.

Data Collected:

• Account Information: Name, email address, and password for user account access and management.
• Transaction Information: Payment details, billing address, and order history, securely handled through third-party processors.
• Marketing Preferences: Subscription status and communication choices, allowing us to honor user preferences.

Purpose of Processing: Personal data is processed to manage accounts, fulfill contracts, communicate with users, enhance website functionality, and conduct legitimate marketing activities, all while ensuring data security and regulatory compliance.

3. Legal Basis for Data Processing (GDPR)

For individuals under GDPR jurisdiction, data processing is conducted based on one of the following legal grounds as required by Article 6:

• Contractual Obligation: To fulfill orders, provide services, and manage customer relationships.
• Legal Compliance: To comply with applicable laws, regulations, and legal processes.
• Legitimate Interests: To analyze and improve our services, personalize content, and prevent fraud, while respecting individual rights.
• Consent: For certain marketing communications or data sharing not covered by other grounds, we seek explicit consent.

4. Data Subject Rights (GDPR)

Under GDPR, individuals have specific rights concerning their personal data. To exercise any of these rights, please contact us via the information provided in Section 1.

• Right to Access: Request a copy of your personal data and information about how we process it.
• Right to Rectification: Request corrections if your data is inaccurate or incomplete.
• Right to Erasure: Request deletion of personal data under certain circumstances.
• Right to Restrict Processing: Limit the processing of your data under specific conditions.
• Right to Data Portability: Request transfer of your data to another controller.
• Right to Object: Object to data processing based on legitimate interests or for direct marketing purposes.
• Right to Withdraw Consent: Withdraw previously given consent without affecting the lawfulness of prior processing.
• Right to Lodge a Complaint: File a complaint with a supervisory authority if you believe your rights have been infringed.

5. Consumer Rights (CCPA)

Under CCPA, California residents have specific rights regarding their personal information. To exercise any of these rights, please contact us via the information provided in Section 1.

• Right to Know: Request information about the categories and specific pieces of personal information we have collected, used, or shared about you over the past 12 months.
• Right to Delete: Request deletion of personal information we hold about you, subject to certain exceptions.
• Right to Opt-Out: Opt-out of the sale of personal information. While we do not directly sell personal data, certain data sharing may be considered a "sale" under CCPA, and you have the right to opt-out.
• Right to Non-Discrimination: Receive equal service and pricing, regardless of exercising your privacy rights.

6. Data Retention

We retain personal data only as long as necessary for the purposes outlined here or as required by law. When data is no longer needed, it is securely deleted or anonymized in compliance with both GDPR and CCPA requirements.

7. Data Security

We implement robust technical and organizational measures to protect your personal data against unauthorized access, loss, alteration, or disclosure. These measures include secure servers, encryption, and access controls, in accordance with GDPR Article 32 and CCPA Section 1798.150.

8. Third-Party Data Processors

We may share personal data with trusted third-party service providers who assist us in delivering our services, such as payment processors, hosting providers, and marketing platforms. All third parties are vetted to ensure they comply with GDPR, CCPA, and other relevant regulations.

Examples of Third-Party Providers:

• Payment Processors: Visa, PayPal, etc.
• Hosting Providers: Cloud services for data storage and backup.
• Analytics and Marketing: Tools that allow us to analyze site usage and optimize marketing.

We do not sell personal information as defined by CCPA. However, some data sharing may qualify as a "sale" under CCPA, and we honor opt-out requests.

9. International Data Transfers (GDPR)

For data transfers outside the European Economic Area (EEA), we ensure that adequate safeguards are in place, such as Standard Contractual Clauses (SCCs) or equivalent measures, to protect personal data in accordance with GDPR Chapter V.

10. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance the user experience, analyze website traffic, and support our marketing initiatives. For more information, please review our Cookie Policy.

11. Changes to This Privacy Compliance Statement

We may update this Privacy Compliance Statement periodically to reflect changes in our practices, legal obligations, or regulatory guidance. All updates will be posted on this page with a new effective date.

12. Contact Us

If you have any questions, concerns, or requests regarding this compliance statement, or if you wish to exercise your GDPR or CCPA rights, please contact us at:

Mailing Address: 789 Bluegrass Parkway, Suite 250 Lexington, KY 40509