GDPR Compliance Policy

1. Introduction

This GDPR Policy outlines how EcomClarity ("we", "our", or "us") complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We are committed to protecting your personal data and ensuring your privacy rights are respected.

2. Data Controller Information

EcomClarity is the data controller for the personal data we process. Our contact details are:

• Email: privacy@ecomclarity.com
• Address: [Your Business Address]
• Phone: [Your Phone Number]

3. Types of Personal Data We Collect

3.1 Information You Provide

• Name and contact information (email, phone, address)
• Business information (company name, role, industry)
• Consultation preferences and requirements
• Communication preferences
• Payment information (processed securely through third-party providers)

3.2 Information We Automatically Collect

• IP address and browser type
• Device information
• Usage data and analytics
• Cookies and similar tracking technologies
• Log data and error reports

4. Legal Basis for Processing

We process your personal data on the following legal bases:

• Contract Performance: To fulfill our contractual obligations to you
• Legitimate Interests: To operate and improve our services
• Legal Obligations: To comply with UK laws and regulations
• Consent: Where you have given explicit consent

5. How We Use Your Data

• To provide our consultation services
• To communicate with you about our services
• To improve our website and services
• To comply with legal obligations
• To prevent fraud and ensure security
• To send marketing communications (with your consent)

6. Data Sharing and Third Parties

We may share your data with:

• Service providers (analytics, hosting, payment processing)
• Professional advisors (lawyers, accountants)
• Regulatory authorities when required by law
• Business partners with your consent

7. International Data Transfers

We ensure appropriate safeguards are in place when transferring data outside the UK, including:

• Standard Contractual Clauses (SCCs)
• Adequacy decisions by the UK Information Commissioner
• Binding Corporate Rules (BCRs)

8. Your Rights Under UK GDPR

You have the following rights:

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate data
• Right to Erasure: Request deletion of your data
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a structured format
• Right to Object: Object to certain types of processing
• Right to Withdraw Consent: Withdraw consent at any time

9. Data Retention

We retain your personal data only for as long as necessary:

• Customer data: 7 years after last interaction
• Marketing data: Until consent withdrawal
• Analytics data: 26 months
• Legal records: As required by law

10. Data Security

We implement appropriate security measures:

• Encryption of data in transit and at rest
• Regular security assessments
• Access controls and authentication
• Staff training on data protection
• Incident response procedures

11. Cookies Policy

We use cookies to:

• Essential cookies: Required for website functionality
• Analytics cookies: To understand website usage
• Marketing cookies: To deliver personalized content
• Preference cookies: To remember your settings

You can control cookie preferences through our cookie consent banner.

12. Changes to This Policy

We may update this policy periodically. We will notify you of any material changes through our website or email.

13. Contact Us

For any questions about this policy or your data rights, please contact us at:

• Email: privacy@ecomclarity.com
• Phone: [Your Phone Number]
• Address: [Your Business Address]

14. Supervisory Authority

You have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

• Website: ico.org.uk
• Phone: 0303 123 1113
• Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF