Privacy Notice
This Privacy Notice was last updated on November 11, 2024.
This Privacy Notice applies to all Veronica K. Contreras, P.C., (“VKC-PC,” “we,” “us,” or “our”) online activities, and the Personal Information (defined below) that we obtain from individuals (“you” or “your”) through our website, www.vkc-pc.com (the “Website”). By accessing this Website you agree and accept the term of this Privacy Notice.
VKC-PC is committed to protecting the privacy, integrity, and security of those who provide us with their Personal Information. Please read this Privacy Notice to understand how We process your Personal Information, including:
VKC-PC is a dedicated data privacy, and security, legal consulting firm that works directly with businesses (referred to as our “Clients”) to help them meet compliance with relevant Data Protection Legislation (as outlined below), Cyber Legislation (as detailed in Section 11), and other relevant legal and industry standards (the “Services”). Through our tailored consulting Services, we aim to empower companies to achieve their compliance goals, maintain regulatory integrity, and strengthen their compliance frameworks.
Generally, as part of our Services and relevant operations, we will collect, use, or store (collectively “Process”) your Personal Information (defined below) when you interact with us through our Website, request information from us, or when you engage with us to facilitate commercial engagements.
The term “Personal Information” refers to many types of information that can identify, relate to, or describe a person and can link directly, or indirectly, to a person or household, and includes:
- “Personal Data,” as defined under the European Union (“EU”) General Data Protection Regulation 2016/679 and the United Kingdom (“UK”) Data Protection Act 2018 (for purposes of this Privacy Notice, all references to the GDPR will mean both the EU GDPR and UK GDPR); and
- “Personal Information,” as defined under numerous U.S. State privacy laws, such as the California Consumer Privacy Act, Cal. Civ. Code §§ 1798.100 et. seq., as amended (“CCPA”) and Massachusetts 201 CMR 17.00, Standards for the Protection of Personal Information of Residents of the Commonwealth.
These laws, and regulations, are examples that govern aspects of our business operations, and Services, though some may not apply due to our limited Processing activities or specific regulatory thresholds. However, we remain committed to complying with relevant data protection standards in regions where we deliver our Services, or Process Personal Information, whenever possible and technically feasible. In this Privacy Notice, we collectively refer to these laws as “Data Protection Legislation.”
Additionally, we may also Process other data about you, including “Usage Data” or “Cookies” when you visit our Website or interact with our Information Technology (“IT”) service providers (e.g., Microsoft or Box.com). “Usage Data” are information about an individual’s activity on the Internet, but, by themself, do not identify an individual, such as a web-browser type, operating system, and web pages visited. For more information about Cookies, please visit Section 12 of this Privacy Notice.
Cookies, and Usage Data, are not considered Personal Information, unless they can (with other information) identify an individual, as outlined under certain Data Protection Legislation. In those limited scenarios, these data may be considered Personal Information
We only collect Personal Information that is necessary to fulfill our contracted Services, respond to your inquiries, support our legitimate business interests, other legal bases outlined below, or comply with legal requirements. This includes, generally, the following data categories, data subjects, and Personal Information data types:
Website Visitor/Prospect
When you visit our Website, make an inquiry, or request, we may collect the following Personal Information data types:
- Contact Details:First and last name, telephone number, email address, physical address, and online contact information (such as an online user ID) that you provide us.
- Communication Data: Information you provide when communicating with us, such as inquiry details, requests, or feedback. This includes data collected when using email (e.g., Microsoft Outlook) and messaging applications (e.g., Microsoft Teams), where relevant.
- Marketing Preferences: Your preferences regarding marketing communications, including opt-in/opt-out status for emails, newsletters, or other notifications, where relevant;
- (Possibly) Identity Confirmation: Handwritten or digital signature, and where necessary, other required information to verify identity; and
- (Possibly) Usage Data: IP address, Cookies, log data, and other Internet activity.
You may opt-out of providing us certain requested Personal Information, but if you choose not to provide all relevant contact information, we may not be able to sufficiently contact you about your inquiry and support any related Services.
Legal Basis
We collect, and use, information based on your consent, when you agree to provide us with your Personal Information, voluntarily, and opt-in to certain communications. Additionally, we may collect other Personal Information (and Usage Data) for our legitimate business interests to support Website functionality, improvements, and necessary operations.
You may unsubscribe from receiving communications, and use of your Personal Information, by following the opt-out instructions under Section 7 below.
Client Personnel (and related Parties)
While providing our Services to our Clients, we may interact with their personnel, the personnel of their service providers, Health Care Professionals (“HCPs”), and, occasionally, their customers. For example, we may correspond with, or attend meetings with, Clients’ customers to facilitate Service delivery or interact with an HCP during an investigation of an unauthorized disclosure. During these interactions, we may Process the following Personal Information data types:
- Contact Details: First and last name, telephone number, email address, physical address, and online contact information (such as an online user ID);
- Employment Details: Information relating to the employment of an individual, including job title; function; and work-related responsibilities;
- Communication Data: Information you provide when communicating with us, such as inquiry details, requests, or feedback. This includes data collected when using email (e.g., Microsoft Outlook) and messaging applications (e.g., Microsoft Teams), where relevant;
- (Possibly) Identity Confirmation: Handwritten or digital signature, and where necessary, other required information to verify identity; and
- (Possibly) Usage Data: IP address, Cookies, log data, and other Internet activity will be captured when you join meetings or use our document management system to send and retrieve information.
Legal Basis
We use this Personal Information to facilitate the Services, as specified under a Client contract, consents provided from the relevant employer, and for our legitimate business interests in providing our Services. Additionally, when we communicate with you, or when you use any of our IT service providers (e.g., Microsoft and Box.com), our use of your Personal Information is based on your consent, separate from Usage Data that are Processed to maintain Website functionality, security, and confidentiality.
Client Data Subjects
As part of our Services, we may have access to, or collect, Personal Information about data subjects (e.g., patients) where it is necessary to perform our Services. For example, during a data breach investigation, it may be necessary for us to know the identity of impacted individuals. Where we require access to this information, we may Process the following Personal Information data types:
- Pseudonymized Data: Subject ID, and relevant gender, date of birth or age, and other demographic information;
- (Possibly) Contact Details:First and last name, telephone number, email address, physical address, and online contact information (such as an online user ID);
- Sensitive Personal Data:* We may Process limited sensitive personal data, such as health data, consumer health data, or protected health information (“PHI”), where necessary for our Services;
- Communication Data: Information you provide when communicating with us, such as inquiry details, requests, or feedback. This includes data collected when using email (e.g., Microsoft Outlook) and messaging applications (e.g., Microsoft Teams), where relevant;
- Identity Confirmation: Handwritten or digital signature, and where necessary, other required information to verify identity; and
- (Possibly) Usage Data: IP address, Cookies, log data, and other Internet activity will be captured when you join meetings or use our document management system to send and retrieve information.
Legal Basis
We use this Personal Information strictly as authorized by our Clients, as agreed to under the relevant Client contract, and for our legitimate business purposes in fulfilling our Services and supporting our Client’s legal and regulatory needs.
*As standard, we will only Process the minimum amount of Personal Information, and will refrain from Processing sensitive Personal Information, PHI, non-pseudonymized Personal Information, unless strictly required and necessary for the relevant Client contracted Service. For more information about how we process PHI, visit Section 10 below. For more information about consumer health data, visit Section 11 below.
Vendor Personnel
For third-party vendors personnel who support Services, or business activities and operations, on our behalf, and interact with us, we may Process the following Personal Information data types:
- Contact Details:First and last name, telephone number, email address, physical address, and online contact information (such as an online user ID);
- Employment Details:Information relating to the employment of an individual working at (or as a representative of) a vendor’s business, including, job title; function; and work-related responsibilities;
- Communication Data: Information you provide when communicating with us, such as inquiry details, requests, or feedback. This includes data collected when using email (e.g., Microsoft Outlook) and messaging applications (e.g., Microsoft Teams), where relevant;
- (Possibly) Identity Confirmation: Handwritten or digital signature, and where necessary, other required information to verify identity; and
- (Possibly) Usage Data: IP address, Cookies, log data, and other Internet activity will be captured when you join meetings or use our document management system to send and retrieve information.
Legal Basis
We use this Personal Information to facilitate our vendor services, as specified under the relevant vendor contract and for our legitimate business interests in facilitating our Services. Additionally, when we communicate with you, or when you use any of our document management systems (e.g., Box), your use is based on your consent, separate from Usage Data that are Processed to maintain Website functionality, security, and confidentiality.
We may share your Personal Information with VKC-PC contractors, or other third parties, as necessary to manage our Website, our Services, answer your inquiries, fulfill your requests, or any other necessary, or legitimate business purposes, set out in this Privacy Notice and relevant service agreements. This includes sharing Personal Information with (but not limited to) the following parties:
With Our Clients
We may share your Personal Information with our Clients, who act in their capacity as a data controller, or data processor, depending on the relevant business engagement and the relevance of your specific request.
With Vendors
We may share your Personal Information with our vendors, who may perform business activities, operations, or Services on our behalf. This includes, but is not limited to:
- VKC-PC consultants or contractors, as approved under a service agreement or statement of work;
- IT service providers (e.g., Microsoft or Box). For example, we use Microsoft 365 (Outlook and SharePoint) and Box.com to ensure our files, documents, and information are secure. These providers may require collection of Usage Data, Cookies, or credentials to facilitate the relevant services and maintain security;
- Managed Service Providers (“MSPs”) (e.g., FireLogic.net); and
- Website hosting providers. Our Website is hosted by GoDaddy.com, which may collect, and share, data analytics with us to analyze our Website traffic, to help us detect issues, and to improve user experience.
For Legal Reasons or Requirements
In certain cases, we may be legally obligated to share your Personal Information with government authorities, or law enforcement officials, if mandated by law (for example, in response to a court order, subpoena, search warrant, law, or regulation), or if required for the legal protection of our legitimate business interests to comply with relevant laws. If we do receive a request, we will follow relevant Data Protection Legislation and will share only the minimum amount of Personal Information, as required by the relevant request.
As part of our Services and operations, it may be necessary to transfer your Personal Information outside your country of residence. For example, our Microsoft 365 environment will utilize data centers located in the United States. Therefore, your Personal Information may be stored outside your country of residence if you are located outside the United States.
Where any international data transfers occur, we will only permit Personal Information data transfers that ensure an adequate level of protection for individuals’ Personal Information Processing rights and freedoms, in alignment with relevant Data Protection Legislation.
For regions that have international data transfer requirements, such as the European Economic Area (“EEA”), the UK, or Switzerland, we will ensure those transfers, which may include your Personal Information, are based on: (i) an adequacy decision by the European Union Commission (“EU Commission”) or other relevant regulatory bodies; (ii) subject to approved standard contractual clauses; or (iii) any other legally, allowable data transfer method (e.g., consent).
We will also ensure international data transfers conform with current regulatory standards and meet essential guarantees under relevant Data Protection Legislation. This includes performing transfer impact assessments (“TIAs”), and where necessary, ensuring additional security measures are implemented to preserve the confidentiality of your Personal Information. In the unlikely instance we receive requests from government agencies to disclose Personal Information, we will comply with Data Protection Legislation and standards.
If you would like to receive additional information about the relevant transfer method used, you may send a request to: [email protected].
We will store your Personal Information, in alignment with relevant legal, regulatory, contractual, and our legitimate business interests, but no longer than what is necessary to perform our business activities, operations, or Services, as further detailed under this section.
We use data collection, storage, data minimization practices, and security measures to protect your Personal Information against unauthorized access, alteration, disclosure, or destruction. For details on how we protect your Personal Information, please see Section 11 below.
Our Services
Except where restricted by law and subject to this Privacy Notice, we will retain, and use, your Personal Information for as long as it is needed to perform, or provide you with, our Services. We will also keep your Personal Information to document our business relationship with you, as necessary to comply with our legal obligations, resolve disputes, and enforce our service agreements where relevant.
Upon completion of our Services, or Client engagement, we will store your Personal Information for a period of two (2) years, unless the relevant information are subject to a tax obligation, or legal obligation, as discussed below.
Marketing
When we use Personal Information for marketing purposes, and with your consent (where required), we use this information until you make us aware by un-subscribing to future contact. We also keep a record of the fact that you have asked us not to send you direct marketing, or to use your Personal Information, so that we can respect your request in the future. As specified above under Section 7, you may opt-out of marketing at any time.
Tax or Legal Obligations
When we use Personal Information to meet relevant tax, or legal, requirements, we hold your Personal Information for as long as the law requires (for example, we may hold records to help prevent fraud, and other restricted or illegal activities, for a minimum of seven (7) years).
We do not knowingly collect, and Process, Personal Information from children under the age of thirteen (13) through our Website. If you believe we may have any information from (or about) a child under the age of thirteen (13), please contact us at: [email protected].
We offer you choices about your Personal Information we Process. Based on the region, or country, you reside in, you may have different rights under relevant Data Protection Legislation. We aim to meet all legitimate requests, which man include following:
The Right to be Informed
You have the right to be informed about the collection, and use, of your Personal Information. Your information will be used as outlined in this Privacy Notice. If you have additional questions not answered in this notice, you can contact us at: [email protected].
The Right of Access
You have the right to access, and receive, a copy of your Personal Information, and other supplementary information. You may request access to your information, as specified under “Submitting your Request” section below.
The Right to Rectification
You have the right to have inaccurate Personal Information rectified (i.e., corrected), or completed, if it is incomplete. You may request corrections to your information, as specified under “Submitting your Request” section below.
The Right to Erasure
You have the right to have your Personal Information erased or have your information “forgotten,” subject to certain legal and retention requirements. To request that your Personal Information are deleted, please refer to the “Submitting your Request” section below.
The Right to Restrict Processing
In certain instances, you may have the right to request a limit on the way we Process your Personal Information (e.g., temporarily stopping use of your Personal Information). To request a restriction, please refer to the “Submitting your Request” section below.
The Right to Data Portability
You have the right to receive your Personal Information we have collected, and stored, in a commonly used and machine-readable format so that you may use it for your own purposes.
The Right to Object
Like the right to restrict, you also have the right to request that we stop further use, or Processing, of your Personal Information in certain circumstances, e.g., direct marketing.
Rights in Relation to Automated Decision-making and Profiling
You have certain rights to request information about automated decision-making (i.e., certain decisions about your Personal Information are made solely by automated means, without any human involvement (e.g., artificial intelligence); and profiling (i.e., automated processing of certain Personal Information to evaluate certain things about an individual).
VKC-PC does not use automated decision-making or any automated profiling. If you have any questions, please reach out to [email protected].
Artificial Intelligence (“AI”)
You may contact us about our AI use. For more information about how we use AI, please review Section 12 below.
Opt-in and Opt-out
When you contact us, or request information, you will be asked to choose to opt-in to provide requested Personal Information for a particular use. If you choose to not opt-in, you may not be able to use our Website (as intended) or receive relevant Services. If you wish to change your preferences about what information you receive, or what information are retained by VKC-PC, you may contact us, anytime, at [email protected].
Receive Marketing Information
When you agree to use our Website, or receive Services, you may ask to receive emails containing information about VKC-PC that we think may be useful to you, such as newsletters about privacy-related matters, announcements about new Service offerings, and promotions. Where relevant, you may, at any point, unsubscribe from our email list by clicking the unsubscribe button in the relevant email or sending an opt-out request to: [email protected].
Set Cookie Preferences
You may set your Cookie preferences, at any time, by updating your Cookie preferences on our Website. Additionally, your web browser can be set to reject all Cookies, but if you reject our Cookies, certain Website functions, and conveniences, may not work properly. To learn more about Cookies, please check your web browser’s help section, or similar feature, and review our “Cookie Policy” under Section 13 below.
Submitting Your Request
You, or your authorized agent (where relevant), may exercise the following rights by:
• Filling out our Data Subject Rights Request Form, at any time;
• Contacting us at [email protected] with the details of your request; or
• Submitting a request on social media (e.g., LinkedIn or Facebook), from a complaint email, or as one of a few issues raised in a single communication. VKC-PC will treat these requests as if they were submitted properly or provide you with additional instructions.
Requests will be fulfilled within thirty (30) to forty-five (45) days (subject to applicable Data Protection Legislation) of receipt of all required information (including verification of your identity), or additional time may be requested based on the complexity of the relevant request.
If you live in the EEA, UK, or Switzerland, you may have additional rights afforded to you under the GDPR, Switzerland’s Federal Act on Data Protection (“FADP”), or other relevant Data Protection Legislation. In such cases, the following applies:
Data Transfers
As described under Section 4, above, if you live in the EEA, the UK, or Switzerland, we may transfer your Personal Information outside your country of residence to countries that do not offer the same level of protection defined under the GDPR and the FADP, (e.g., to the United States), to protect your Personal Information, we will only perform data transfers based on: (i) an adequacy decision by the EU Commission (or appropriate data protection authority); (ii) subject to the EU Commission (or ICO) approved standard contractual clauses; or (iii) any other legally, allowable data transfer method.
Registration
VKC-PC has registered in the EU, UK, and Switzerland, with a third-party legal representative (specified below) to ensure our company has a representative that is available in those regions to handle complaints, support individuals exercising their rights (as outlined under Section 7 above), and other matters, as required under applicable Data Protection Legislation.
Our legal representative:
Data Priva Limited T/A GDPREP.ORG
Website: https://www.gdprep.org/
Email: [email protected]
Phone Number: +44 (0 7810883333)
For the EU | For the UK | For Switzerland |
GDPR Rep, Suite 10357, 5 Fitzwilliam Square, Dublin 2, Ireland, D02 R744 | GDPR Rep, 3rd Floor, 86-90 Paul Street, London, EC2A 4NE, United Kingdom | GDPR Rep, Andreaspark, Hagenholzstrasse 56, 7th Floor, Zurich, 8050 |
Government Requests
If we receive a request from a government authority outside the EEA, UK, or Switzerland to access your Personal Information, we will use reasonable, and lawful efforts, to ensure your Personal Information are protected and that disclosures meet relevant Data Protection Legislation standards.
Complaints
If you are in the EEA, or another country that allows the rights mentioned under this Privacy Notice, and you have unresolved concerns, or at any time you do not believe that we have complied with this Privacy Notice, you have the right to file a complaint with your local data protection authority.
For the EEA | A list of relevant data protection authorities can be found at: https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm |
For the UK | |
For Switzerland | https://www.edoeb.admin.ch/edoeb/en/home/deredoeb/kontakt.html |
*DISCLAIMER*
While we may not be subject to all requirements under relevant U.S. Data Protection Legislation, such as the CCPA, the California Privacy Rights Act (“CPRA”), the Colorado Privacy Act (“CPA”), and the Virginia Consumer Data Protection Act (“VCDPA”), we strive to meet the highest standards under relevant Data Protection Legislation and will support the following requests, in good faith, subject to certain exceptions:
The Right to Know
You have the right to know how your Personal Information are used, disclosed, or managed, including:
- The categories of Personal Information we collect about you;
- The categories, or sources, of the Personal Information we collect about you;
- VKC-PC’s business, or commercial purpose(s), for collecting your Personal Information;
- The categories of third parties with whom we share your Personal Information;
- The categories of Personal Information that each recipient received; and
- The specific pieces of Personal Information we collect about you.
Right to Opt-Out of Sale
We DO NOT sell your Personal Information.
California (and other U.S.) residents have the right to opt-out of the sale of their Personal Information by businesses that sell their Personal Information. The CCPA defines a “sale” as the disclosure of Personal Information for monetary or other valuable consideration. For any questions you have about this section, please contact [email protected].
No Sharing of Personal Information for Direct Marketing Purposes
We do not share Personal Information with other people, or non-affiliated businesses, for their direct marketing purposes.
Non-Discrimination
We do not discriminate against any relevant treatment for exercising any of your rights.
Right to Notice of Financial Incentives
California residents have the right to information on how businesses may offer financial incentives, including payments to consumers as compensation, for the collection of Personal Information, the sale of Personal Information, or the deletion of Personal Information. Where relevant, any incentives to collect, or share, your Personal Information will be outlined in this Privacy Notice.
“Do-Not-Track” disclosures
VKC-PC does not respond to Do-Not-Track web browser requests. See our Cookie Policy (Section 14) for additional information.
Nevada Residents
Although VKC-PC does not sell Personal Information, Nevada residents have the right to submit a verified request directing VKC-PC not to sell their Personal Information. If you are a Nevada resident and would like to submit this request type, please send your request through any of the methods noted above at “How To Exercise Your Rights,” under Section 7 above. Nevada residents may also have additional rights under Nevada Senate Bill 370 regarding their Consumer Health Data. For more information, please visit Section 11 (below).
Exercising Your Rights
If you wish to exercise any of your rights under relevant Data Protection Legislation (including those specific to California or other U.S. State law), including the “Right to Know,” “Right to Delete,” or others not specified here, please send your request through any of the methods noted above, under Section 7 above, “How to Exercise Your Rights.”
The United States Health Insurance Portability and Accountability Act of 1996, and the regulations issued thereunder, as amended (collectively, “HIPAA”), defines how “covered entities” and “business associates” may Process PHI and electronic PHI (collectively “PHI”).
VKC-PC‘s business activities, operations, and Services are not subject to HIPAA compliance because we do not operate as a covered entity or business associate, nor do our Services require us to Process PHI. For any Client-related Services that may require incidental PHI Processing activities (e.g., investigating an incident that warrants PHI access to perform relevant investigation activities), we will ensure we comply with relevant requirements under the HIPAA Security Rule to safeguard PHI by ensuring the relevant data are protected with administrative, technical, and physical controls as outlined under Section 12 below.
The Washington My Health My Data Act (“MHMDA”), and other relevant legislation (including Nevada’s Senate Bill 370) provides specific rights in addition to other rights mentioned under Section 9 above, that apply to “Consumer Health Data.”
Consumer Health Data includes information that are linked, or reasonably linkable, to a consumer and that identifies a consumer’s past, present, or future physical or mental health status. This includes information about medical conditions, as well as non-medical information, such as biometric data, information about use of non-prescription medication, or use of health-related products.
However, this does not include public, or peer-reviewed scientific, historical, or statistical research in the public interest that is overseen by an institutional review board (“IRB”), human-subjects research ethics review board, other similar independent oversight agency, or PHI covered under HIPAA (as outlined above under Section 10).
Applicability to VKC-PC
We do not Process Consumer Health Data unless it is specifically required to support our Services or other business activities and operations. Many of our Client Service engagements are subject to oversight under peer-reviewed clinical or scientific research, or covered under HIPAA compliance; and therefore, not subject to the MHMDA.
However, if we do have incidental access to, or Process, any Consumer Health Data, we will ensure we meet relevant requirements under Data Protection Legislation (including the MHMDA).
Health Data We Collect and Use
As outlined under Section 2 above, we may Process Data Subjects’, our Clients,’ and their customers’ Personal Information. This may (possibly) include the following Consumer Health Data types:
- Information about your health conditions, symptoms, status, diseases, diagnoses, testing, or treatments (including surgeries, procedures, use or purchase of medications, or other social, psychological, behavioral, and medical interventions);
- Measurements of bodily functions, vital signs, symptoms, or other health characteristics;
- Information regarding gender-affirming care or reproductive or sexual health;
- Data that could identify you as an individual seeking healthcare service; and
- Any inferences of the above categories of health data that we may infer, or derive, from non-health related information.
How We Process (and Share) Consumer Health Data
This information will only be Processed if relevant to our Client Services and will be for the limited purpose in supporting compliance and security-related activities. For example, if we are investigating a potential unauthorized disclosure, or security incident, it may be necessary for us to understand the specific information that was impacted, or we may be authorized to contact you on a Client’s behalf. As standard, we will ensure we only receive the minimum amount of information necessary to support the relevant activity.
We will only share this information with the relevant Client, and their authorized third parties, in alignment with their informed consent requirements, and as otherwise outlined under Section 3 above.
Complaints
If you have any issues, or questions, we encourage you to reach out to us at as specified under Section 17 below. However, if you have any unresolved questions, or concerns, you are entitled to file a complaint with the Washington State Attorney General, at: www.atg.wa.gov/file-complaint, or other relevant state authorities.
At VKC-PC, we practice what we preach and hold ourselves to high standards in protecting your Personal Information. To meet this commitment, we implement industry-standard technical, and organizational, measures to ensure alignment with relevant laws, regulations, including Data Protection Legislation.
As a business headquartered in Massachusetts, we comply with 201 CMR 17.00: Standards for the Protection of Personal Information of Residents of the Commonwealth, ensuring we have robust administrative, technical, and physical controls. This includes an emphasis on security practices like multi-factor authentication, data encryption, security monitoring, regular patching, and other essential security measures. Additionally, we have invested in trusted, industry-leading technologies and providers, such as Microsoft 365 (for email and word processing) and Box.com for document management.
While our company may not subject to Cyber Legislation, such as the EU Network and Information Security Directive 2 2022/2555 (“NIS2”); the EU Cyber Resilience Act (“CRA”); and the EU Critical Entities Resilience Act 2022/2557 (“CER”), we align with relevant practices and guidance across these regulations.
Please keep in mind that it is not possible to achieve a perfect state of data security. Although we use reasonable security measures to protect your Personal Information from unauthorized access, we can’t absolutely guarantee the security of your Personal Information or that your Personal Information will not be accessed, disclosed, altered, or destroyed. Where relevant, we will notify you of any disclosure of a breach of your unencrypted, electronically stored Personal Information, as required by relevant Data Protection Legislation. If the country in which you reside allows us to notify you of a breach, either by email or a clear posting on our Website, you agree to accept the notice in that format.
AI is becoming a widely adopted tool among businesses of all sizes, enhancing productivity and automating administrative processes. However, it also introduces privacy, legal, and security considerations. At VKC-PC, we are committed to ensuring that any of our AI use is aligned with ethical standards and regulatory obligations. We will only use AI in ways that are transparent and mindful of any potential impact on you, our Services, or your Personal Information. For more information, please review our Business Code of Ethics, accessible here: https://vkc-pc.com/code-of-ethics-2/.
We use Cookies, and similar tracking technologies, to track activity, ensure performance, personalization, and where relevant, ensure appropriate authentication and security (for session management) on our Website and relevant technologies (e.g., Box.com).
What are Cookies?
Cookies are a small text file that a website saves on your browser, computer, or mobile device when you visit it. It helps the website remember your actions and preferences (like login details, language, and other settings) over a period of time, so you don’t have to keep re-entering them whenever you come back to the site or browse from page-to-page. Cookies can also be used to understand how you interact with our Website, allowing for a more personalized experience and to support marketing activities.
What are Other Tracking Technologies?
In addition to Cookies, we may also use other tracking technologies, such as beacons, tags, or scripts to collect, and track, information and to improve, and analyze, our Website (or technologies), as further outlined below.
- “Web Beacons (or Pixels)” are tiny, transparent images (often 1×1 pixels) embedded in web pages or emails. They allow website owners, or email senders, to track actions like page visits, ad impressions, or whether an email was opened.
- “Tags” are pieces of code embedded in a webpage, often used to trigger specific actions or send data to third parties. These are typically used for analytics, marketing, or to integrate third-party services (like Google Analytics or Facebook tracking).
- “Scripts” include code snippets (usually JavaScript) embedded in a website’s code dynamic features, such as data collection, user interactivity, or loading external resources. They also help track user interactions and send that data to analytics tools.
How are Cookies and Other Tracking Technologies Used?
We use Cookies, and other tracking technologies, to ensure our Website functionality, and third-party technologies (such as Box.com or Microsoft applications) functionality are functioning properly. This includes the following:
- Information about how you view online information (such as the pages you view, the links you click);
- Information about your browser and usage patterns (e.g., your IP address, browser type, and language);
- Information about the mobile device you use to access online information; and
- Your access via a social media site (e.g., Facebook and LinkedIn).
Additionally, we may also use Cookies, and other tracking technologies, to engage our Website visitors for marketing and analytic purposes. For example, we may use Google Analytics, which is a web-analysis tool from Google, Inc. (“Google”) that enables us to optimize our Services and ensure that our Website content remains up-to-date, user-oriented, and comprehensive. For more information, see the “Analytics” subsection below.
Are Cookies Considered Personal Information?
Cookies may be Personal Information under relevant Data Protection Legislation, when in combination with other information, may be able to directly or indirectly identify you, or where it is used for tracking or profiling.
When we collect, or use, Cookies that qualify as Personal Information, it is for our legitimate business interests to support our Website functionality, improvements, and our Services, as consented to when you make your choices about what Cookies you are opting into (as specified below).
What Types of Cookies Do We Use?
Cookies can be “persistent” or “session” Cookies. Persistent Cookies remain on your personal computer, or mobile device, when you go offline, while session Cookies are deleted as soon as you close your web browser. Session Cookies are used to personalize your user experience, to determine ways to improve our Website, or used by our technology providers (e.g., Box.com). These Cookies are deleted when you close your web browser session. Persistent cookies are used to collect information, such as IP addresses, browser type, Internet Service Provider (“ISP”), referring/exit pages, platform type, date/time stamp, and the number of clicks.
We use the following Cookies’ categories:
- Category 1: Strictly Necessary Cookies
These Cookies are essential to enable you to move around our Website and use its features. Without these Cookies, relevant Website functionality, and security, cannot be provided; - Category 2: Performance Cookies
These Cookies collect anonymous information on how people use our Website. For example, we use Google Analytics Cookies to help us understand how individuals arrive at our Website, browse or use our Website, and highlight areas where we can improve our Website, such as navigation and marketing campaigns. The data stored by these Cookies never shows personal details from which your individual identity can be established; - Category 3: Functionality Cookies
These Cookies remember choices you make, such as the country from which you visit our Website, language, and search parameters. These can be used to provide you with an experience more appropriate to your selections and to make your site visits more tailored and pleasant. The information these Cookies collect may be anonymized, and they cannot track your web-browsing activity on other sites; - Category 4: Targeting Cookies or Advertising Cookies
These Cookies collect information about your browsing habits to make advertising more relevant to you and your interests. They are also used to limit the number of times you see an ad, as well as help measure the effectiveness of an advertising campaign. These Cookies are usually placed by third-party advertising networks. They remember the sites you visit, and information is shared with other parties, such as advertisers; and - Category 5: Social Media Cookies
These Cookies allow you to share what you’ve been doing on our Website, on social media, such as LinkedIn and Facebook. These Cookies are not within our control; and are therefore, subject to a third-party’s rules and policies. Social media companies may have their own privacy policies, which we strongly suggest you review if you use those sites or relevant apps. For additional information about these social media sites and the data they may collect, please review their privacy policies on their respective websites. Examples are listed below:
LinkedIn: https://linkedin.com/legal/privacy-policy; and
Facebook: https://www.facebook.com/privacy/policy/?entry_point=comet_dropdown
Additional Information About Strictly Necessary Cookies
Some of the Cookies, and tracking technologies, that we use on our Website are strictly necessary and they are there to technically enable our Website and its components, as well as to enable relevant security measures. Strictly necessary Cookies are activated without a user’s consent because these are necessary for our Website to work properly and in a secure way. All other Cookies, and tracking technologies, not classified as strictly necessary, are subject to your consent when visiting our Website.
Be aware that even if you accept only “necessary cookies,” you still may see third-party trackers that are enabled by the relevant Services we use in our Website. Third-party trackers are enabled because these third-party services may also have Cookies, or trackers, that they have classified as strictly necessary to perform the relevant services that we requested.
Another reason for seeing third-party trackers on your web browser is that you have already used, or accessed a third-party service, before visiting our Website. For example, if you landed on our Website using a search engine, such as “Google Search,” it is likely that Google’s search engine may have enabled trackers on your web browser (e.g., related to your preferences regarding Google’s own tracking technologies). You can read more details about how Google may use your Personal Information in this context by visiting Google’s Privacy and Terms.
Adjusting Your Preferences
When you first visit our Website, you can set preferences for which Cookies you would like to enable. If you would like to modify these settings, you may do so at any time by clicking the “Cookie Icon” in the bottom left corner of your screen, which is provided by CookieBot.
Additionally, most web browsers (e.g., Safari, Firefox, Microsoft Edge, or Google Chrome) enable users to control how Cookies are used. For example, you can instruct your web browser to refuse all Cookies or to indicate when a Cookie is being sent. However, if you do not accept at least some “necessary” Cookies, you may not be able to use some portions of our Website or technologies. Here are some examples:
- Mozilla Firefox Cookie opt-out;
- Safari Cookie desktop browser opt-out;iOS;
- Chrome Cookie desktop browser opt-out;Android; iOS; and
- Microsoft Edge Cookie opt-out.
You may also opt-out of interest-based advertising by using country specific self-regulatory tools, including:
- United States;
- European Union;
- Canada; and
- Australia.
To find out more about how to manage Cookies, including how to see what Cookies have been set, visit www.aboutcookies.org or www.allaboutcookies.org.
Some Internet web browsers may be designed to send “Do-Not-Track” signals to the online web pages that you visit. We currently do not respond to Do-Not-Track signals. To find out more about “Do-Not-Track,” please visit: http://www.allaboutdnt.com.
Analytics
In addition to the above Cookies, we use certain third-party services on our Website to organize, monitor, and analyze log data. Third-party services include the following:
Google Analytics: To ensure that our Website content remains up-to-date, user-oriented, and comprehensive, we use Google Analytics, a web-analysis tool from Google, Inc. (“Google”) that enables us to optimize our products and services for you. Google Analytics uses Cookies that track your preferences during your visit to our Website. This allows us to simplify navigation, for example, helping us to make our Website more user-friendly. The information that is generated in this process (including your IP address) is unknown/anonymized, i.e., your log data is not identifiable. An evaluation, for our reporting purposes, is carried out after the anonymization process. You can prevent Google’s possession, and use, of this information that is generated by the Cookie and concerns your activity on our Website (including your IP address), by visiting Google’s Privacy Controls and update your settings.
Further information about Google’s terms of use, and privacy options, are available here:
English: https://policies.google.com/privacy?hl=en
To opt-out of being tracked by Google Analytics across all websites, you may download the Google Analytics opt-out browser, here: http://tools.google.com/dlpage/gaoptout.
More Information: If you have additional questions about Cookies or how they work, we suggest consulting the “Help” section of your web browser or review the following website: https://www.aboutcookies.org, which offers guidance for all modern web browsers.
Our Website may contain links to other websites, services, and applications that are not owned or controlled by us (“Linked Sites”). We provide these Linked Sites’ hyperlinks to allow you to conveniently access information that may be of interest to you. This Privacy Notice does not apply to Linked Sites. If you decide to visit any Linked Sites, you will be subject to the privacy notice, terms of use, or other policies (if any) of the relevant Linked Site(s). We strongly recommend that you review the privacy policy, statements, or any other legal notices posted on any Linked Site(s).
We use Personal Information, as outlined and described in this Privacy Notice. However, from time-to-time, we may, at our discretion, modify this Privacy Notice, indicated by a new revision date at the top of this notice. It is important that you check this Privacy Notice when you visit our Website. Your use of our Website, and your continued use of our Website after this Privacy Notice has been updated, indicates your agreement, and acceptance, of this Privacy Notice, including the modifications made as of the date of your use.
Personal Information use, or would like to access this Privacy Notice in an alternative format, you can contact our Data Privacy Team at: [email protected]. Additionally, you may contact our legal representative in the EU, UK, and Switzerland, as further outlined under Section 8 above.