Privacy Policy

Last updated: January 10, 2025 | Effective Date: January 10, 2025

1. Data Controller and Contact Information

Data Controller: Karen Samonte

Email: contact@karensamonte.com
Website: karensamonte.com
Data Protection Officer: Karen Samonte (for inquiries regarding this policy)

2. Scope and Application

This Privacy Policy applies to all personal data processing activities conducted by Karen Samonte Development Services ("we," "us," "our") through:

• Our website at karensamonte.com and all subdomains
• All digital services, consultations, and project deliverables
• Email communications and client portals
• Third-party integrations used in service delivery
• Marketing and business development activities

3. Legal Basis for Processing

We process personal data under the following legal bases as defined by applicable privacy laws:

• Consent: When you explicitly agree to processing for specific purposes
• Contract Performance: To fulfill our contractual obligations to clients
• Legal Obligation: To comply with tax, accounting, and regulatory requirements
• Legitimate Interests: For business operations, security, and service improvement
• Vital Interests: In rare cases to protect health and safety

4. Categories of Personal Data Collected

4.1 Information You Provide Directly

• Identity Data: Full name, business name, job title, professional credentials
• Contact Data: Email addresses, phone numbers, business addresses, social media handles
• Project Data: Project requirements, specifications, content, files, feedback, and communications
• Financial Data: Billing information, payment preferences, invoice history (card details processed by Stripe/PayPal)
• Communication Data: Email correspondence, chat messages, meeting notes, recorded calls (with consent)
• Marketing Data: Newsletter preferences, event attendance, marketing consent records

4.2 Information Collected Automatically

• Technical Data: IP addresses, browser type and version, device identifiers, operating system
• Usage Data: Pages visited, time spent, click patterns, referral sources, search terms
• Location Data: General geographic location based on IP address (not precise location)
• Cookie Data: Session identifiers, preference settings, authentication tokens

4.3 Information from Third Parties

• Professional Networks: LinkedIn, industry directories, referral partners
• Analytics Providers: Google Analytics, website performance tools
• Payment Processors: Transaction confirmations from Stripe, PayPal
• Email Services: Delivery confirmations, engagement metrics

5. Purposes of Data Processing

5.1 Service Delivery

• Project planning, execution, and delivery
• Client communication and support
• Quality assurance and testing
• Post-project maintenance and updates

5.2 Business Operations

• Contract management and legal compliance
• Invoicing, payment processing, and accounting
• Customer relationship management
• Business analytics and performance measurement

5.3 Marketing and Communications

• Newsletter distribution (with consent)
• Service announcements and updates
• Case study development (with explicit consent)
• Industry networking and referral programs

5.4 Security and Legal

• Fraud prevention and security monitoring
• Legal dispute resolution
• Regulatory compliance and auditing
• Data backup and disaster recovery

6. Cookies and Tracking Technologies

6.1 Types of Cookies Used

• Essential Cookies: Required for website functionality, security, and user authentication
• Performance Cookies: Google Analytics for anonymized usage statistics and performance monitoring
• Functional Cookies: User preferences, language settings, and personalization features
• Marketing Cookies: Only with explicit consent for targeted advertising and campaign tracking

6.2 Cookie Management

You can control cookies through our cookie banner, browser settings, or by contacting us directly. Disabling essential cookies may affect website functionality. We respect Do Not Track signals where technically feasible.

7. Data Sharing and Third-Party Processors

7.1 Service Providers (Data Processors)

We share data only with trusted third-party processors under GDPR-compliant Data Processing Agreements:

• Hosting Services: Vercel, AWS (secure cloud infrastructure)
• Email Services: Google Workspace, Mailchimp (communication and marketing)
• Payment Processing: Stripe, PayPal (secure payment handling)
• Analytics: Google Analytics (anonymized website statistics)
• Project Management: Notion, Slack (client collaboration tools)

7.2 Legal Disclosures

We may disclose personal data when required by law, including:

• Court orders, subpoenas, or legal proceedings
• Tax authorities and regulatory compliance
• Law enforcement investigations
• Protection of rights, property, or safety

7.3 Business Transfers

In the event of a merger, acquisition, or sale of business assets, personal data may be transferred to the acquiring entity under equivalent privacy protections.

8. International Data Transfers

We work with international service providers and ensure data protection through appropriate safeguards including standard contractual clauses and security certifications.

9. Data Retention Periods

10. Your Privacy Rights

10.1 Rights Under International Privacy Standards (Where Applicable)

• Right of Access (Article 15): Request copies of your personal data
• Right to Rectification (Article 16): Correct inaccurate or incomplete data
• Right to Erasure (Article 17): Request deletion of your personal data
• Right to Restrict Processing (Article 18): Limit how we use your data
• Right to Data Portability (Article 20): Receive your data in a structured format
• Right to Object (Article 21): Object to processing based on legitimate interests
• Rights Related to Automated Decision-Making (Article 22): Protection from automated profiling

10.2 Rights Under CCPA (California Residents)

• Right to Know: What personal information we collect and how it's used
• Right to Delete: Request deletion of personal information
• Right to Opt-Out: Opt-out of the sale of personal information (we don't sell data)
• Right to Non-Discrimination: Equal service regardless of privacy choices

10.3 Exercising Your Rights

To exercise any of these rights, contact us through our contact page or email contact@karensamonte.com. We will respond within 30 days (GDPR) or 45 days (CCPA) and may request identity verification.

11. Data Security Measures

11.1 Technical Safeguards

• End-to-end encryption for data transmission (TLS 1.3)
• AES-256 encryption for data at rest
• Multi-factor authentication for all admin accounts
• Regular security audits and penetration testing
• Automated backup systems with encryption

11.2 Organizational Measures

• Privacy by design principles in all systems
• Regular staff training on data protection
• Incident response and breach notification procedures
• Access controls and principle of least privilege
• Regular review and update of security policies

11.3 Data Breach Notification

In the event of a data breach, we will notify relevant supervisory authorities within 72 hours and affected individuals without undue delay, as required by applicable laws.

12. Children's Privacy

Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete such information promptly.

Parents or guardians who believe their child has provided personal information should contact us immediately for removal.

13. Privacy Policy Updates

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or business operations. Material changes will be communicated through:

• Prominent notice on our website
• Email notification to registered users
• Updated "Last Modified" date at the top of this policy

Continued use of our services after policy updates constitutes acceptance of the revised terms.

14. Supervisory Authority and Complaints

If you believe we have not handled your personal data in accordance with this policy or applicable privacy laws, you have the right to lodge a complaint with the relevant supervisory authority:

• EU/EEA: Your local Data Protection Authority
• UK: Information Commissioner's Office (ICO)
• Canada: Office of the Privacy Commissioner
• California: California Attorney General's Office

15. Contact Information for Privacy Matters

For all privacy-related inquiries, requests, or complaints, please contact us:

16. Definitions

• Personal Data: Any information relating to an identified or identifiable natural person
• Processing: Any operation performed on personal data, including collection, storage, use, or deletion
• Data Controller: The entity that determines the purposes and means of processing personal data
• Data Processor: An entity that processes personal data on behalf of the data controller
• Consent: Freely given, specific, informed, and unambiguous indication of agreement
• Data Subject: The individual to whom personal data relates