CARLOTTA PHAM LLC – PRIVACY & DATA PROTECTION POLICY

Effective as of January 31, 2023

1. General 

Carlotta Pham LLC (“CP LLC”) is committed to safeguarding the Personal Information of our customers, business partners, and employees. The following Privacy & Data Protection Policy (the “Policy”) outlines how CP LLC may collect, use, share, transmit, maintain, and store (collectively, “process”) information that relates to an identified or identifiable individual (“Personal Information”), including through designated third-party service providers, and the choices that may be available to you regarding your Personal Information. Under this Policy, “you” and “your” means any individual customer, business partner, or employee of CP LLC and any other individual whose Personal Information we process, and “we”, “us”, and “our” refer to CP LLC.

Personal Information does not include data where the identity of the individual has been removed (anonymous data). 

In addition to information kept in hardcopy or otherwise stored electronically, this Policy also applies to CP LLC-related websites, online applications that run on smart phones, tablets, mobile devices (“apps”), social media accounts, and other online services that we offer which link to this Policy. Please note also that our websites may contain links to other websites. If you follow a link to any of these websites, you should read their own privacy notices.  

Please read the following carefully to understand our views and practices regarding your Personal Information and how we may treat it.  For more information, or if you have any questions and/or are eligible to submit a subject access request, please reach out to us using the contact details found in the “How to contact us” section below, or visit our website.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

2. Privacy Principles

A. Collection, Notice, and Processing of Personal Information.  Generally, CP LLC will only collect Personal Information as appropriate for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If requested, and/or where is not clear from the CP LLC product or service that you utilize or from your relationship with us, we may inform you about how your Personal Information is processed and the rights and remedies you have under our Policy. In addition, where permitted under applicable law you may object to certain types of processing.  CP LLC will provide notifications regarding the collection and processing of personal data and such notices may be found on our website. Please note that we may process your Personal Information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

B. Data Security & Confidentiality.  We will keep your Personal Information confidential and limit access to your Personal Information to those employees, agents, contractors and other third parties who have a business need to know, except as otherwise permitted by applicable law. We have implemented industry standard security measures to secure your Personal Information from accidental loss and from unauthorized access, use, alteration and disclosure. We also require that those third parties who are authorized by us to process your Personal Information on our behalf also implement industry standard data security measures.

C. Misappropriation of Personal Information.  We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so. For the purposes of any applicable law regarding notification of persons whose Personal Information was, or is reasonably believed to have been, acquired by an unauthorized person, our information security policy provides that any required notification may, where permitted by law, be made by the use of e-mail, telephone, fax, mail (including a notice printed in an available area of a bill or statement) or posting a notice on the website.  The specific means used is up to us and we will use our judgment based on the circumstances.  Where any notice is to be sent to a specific address or number (such as e-mail address, physical address, telephone number, etc.), we will use the latest available address in our records.

D. Choices Regarding How We May Use and/or Disclose Personal Information.  We strive to provide you with choices regarding the Personal Information you provide to us, including giving you the option of having your Personal Information removed from lists used by CP LLC for marketing purposes, as may be required by applicable law.

E. Accessing and Maintaining Personal Information.  Depending on your country or residence and/or citizenship, under applicable laws such as the EU General Data Protection Regulation (“GDPR”), you may also have the right to demand access to, review and change, and request deletion of the Personal Information that you have provided to us.  You will not have to pay a fee to access your Personal Information (or to exercise any of your rights listed above). However, we may charge a reasonable fee or refuse to comply if your request is clearly unfounded, repetitive or excessive. In addition, we may not always be able to accommodate your request to change or delete information if we believe doing so would cause the information to be incorrect, if we have a legitimate business purpose to retain that information, and/or if doing so might violate other legal obligations. More details on how to make a subject access request are contained below in our “Potential Rights under the GDPR” and “How to contact us” sections.

F. Transferring Personal Information.  As a global group of companies, we may transfer the Personal Information we collect about you to countries other than the country in which the information was originally collected. When we transfer your information to other countries, we will take appropriate steps to protect that information. Where it is not clear from the CP LLC product or service or from your relationship with us, we will tell you if your Personal Information may be transferred outside of your country. We will ensure any transfers are conducted in accordance with applicable law. If you are located in a country subject to the GDPR, please note that we will comply with applicable legal requirements and have adequate measures in place to provide protection for the international transfer of Personal Information. These measures include, among others, contractual obligations for recipients to handle and protect the Personal Information in accordance with standard contractual clauses developed by the European Commission.

3. What Information Do We Collect About You?

A. Information You Give Us.  We collect information about you, some of which is Personal Information, when you voluntarily provide information to us, request information from us, contract for our services and/or remit payment for services. We also collect information about you using cookies, and if you interact with us via phone, social media, websites, or apps. 

The types of information, including, without limitation, Personal Information, that you may give us vary depending on the particular services requested.  The information you may give us could include categories such as, but not limited to, your name, work or personal address, e-mail address, phone number, date of birth, gender, financial and/or credit card information, passport or driving license information, Social Security Number, national ID number, personal description and/or photograph, as well as customer data, payment data, employee data and/or website user data.

B. Cookies, Web Beacons, Log Files, and Website Usage.  Our websites may use cookies, web beacons, and log files to distinguish you from other users of our websites, provide you with tailored content, assess trends, traffic, and user behavior, analyze and secure the website, identify preferred content, and measure site engagement. This helps us to improve the functionality and content of the websites, including keeping our websites and records safe and secure, and to facilitate usage by you. 

We do so through the use of various technologies, including one called cookies. A cookie is a piece of data that a website can send to your browser, which may then be stored on your computer as a tag that identifies your computer. While cookies are often only used to measure website usage and effectiveness and to allow for ease of navigation or use and as such, are not associated with any Personal Information, they are also used at times to personalize a known visitor’s experience to a website by being associated with profile information or user preferences. You can set your browser in most instances to notify you before you receive a cookie, giving you the chance to decide whether to accept it or not. You can also generally set your browser to turn off cookies. Since cookies allow you to take advantage of some of our websites’ features, we recommend that you leave them turned on. If you block or otherwise reject our cookies, you will not be able to use any website services that require you to sign in.

Some of our websites also use web beacon or other technologies to better tailor those websites to provide better customer service. These technologies may be in use on a number of pages across our websites. When a visitor accesses these pages, a non-identifiable notice of that visit is generated which may be processed by us or by our suppliers. These web beacons usually work in conjunction with cookies. If you don't want your cookie information to be associated with your visits to these pages, you can set your browser to turn off cookies. If you turn off cookies, web beacon and other technologies will still detect visits to these pages; however, they will not be associated with information otherwise stored in cookies.

We may also include web beacons in marketing e-mail messages or our newsletters in order to determine whether messages have been opened and links contained within clicked on.

Where we have given you (or where you have chosen) a password to access certain parts of our websites, you are responsible for keeping this password confidential. We ask you not to share a password with anyone. Unfortunately, the transmission of information, including, without limitation, Personal Information, via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to/from our websites – any transmission is at your own risk.   Please see the Cookies Policy at www.carlottapham.com/cookies-statement for more information.

C. Information From Other Sources.  We may work closely with third parties (including, for example, business partners, sub-contractors, payment and delivery services, advertising networks, analytics providers, search information providers, and credit reference agencies) and may receive information, including, without limitation, Personal Information, about you from them. 

D. Child Online Privacy Protection Act (“COPPA”) Compliance & Related Information.  We do not knowingly collect or maintain Personal Information relating to any person under the age of 18. If you are under the age of 18, please do not supply any Personal Information to CP LLC. If you are under the age of 18 and have already provided Personal Information to us, please have your parent or guardian contact us immediately using the information contained in the “How to contact us” section below so that we can remove such information from our files.

4. How Do We Use Your Information? 

We use your information, including, without limitation, Personal Information, to provide you with information, process orders for services that you request from us, and administer or otherwise carry out our obligations in relation to any agreement you have with us. CP LLC retains your information, including, without limitation, Personal Information, for the period necessary to fulfil the purpose for which it was collected or as authorized by you or as otherwise required by law. 

We may also use this information, including, without limitation, Personal Information, to provide you with information about goods or services we feel may interest you.

If at any time you wish us to stop using your Personal Information for any the above purposes, please contact us via the methods contained in our “How to contact us” section below. We will stop the use of your Personal Information for such purposes as soon as it is reasonably possible to do so. 

5. How Do We Share Your Information? 

We may share your Personal Information with selected third parties for the performance of any contract we enter into with them or you. These third parties will not use your Personal Information for any other purposes than what we have agreed to with them, and we request those third parties to implement adequate levels of protection in order to safeguard your Personal Information.

In the event we go through a business transition, such as a merger, acquisition of another company, or sale of part or all of our assets, we may disclose your Personal Information to third parties.

We may also automatically collect non-Personal Information about you such as the type of internet browsers you use or the website from which you linked to our website. We may also aggregate details which you have submitted to us. You cannot be identified from this information and it is only used to assist us in providing effective services, including in connection with this website. 

Finally, we may be under a duty to disclose or share your Personal Information for various other reasons, such as to comply with a legal obligation; to enforce or apply our terms of use and other agreements; or to protect the rights, property, or safety of CP LLC, our customers, or others. This could include, for example, exchanging information with a law enforcement agency or regulator; or with companies and organizations for the purposes of fraud protection and credit risk reduction. 

6. Links to Non-CP LLC Websites & Third-Party Applications

To allow you to interact with other websites on which you may have accounts (such as Facebook and other social media sites) or join communities on such sites, we may provide links or embed third-party applications that allow you to login, post content or join communities from our websites. We may also provide you with general links to non-CP LLC websites. Your use of these links and applications is subject to the third parties’ privacy policies, and you should become familiar with the third-party sites' privacy policies before using the links or applications.

CP LLC is not responsible for the privacy practices or the content of those other websites.

7. Potential Rights Under the GDPR

Under the EU General Data Protection Regulation (“GDPR”), if you are a citizen or resident of an EEA country or Switzerland, you may have certain rights regarding your Personal Information:

  • Right to access information maintained about you;

  • Right to ensure your data is accurate and complete and to request correction;

  • Right to erasure, or the right to be forgotten;

  • Right to restriction of processing of your personal data;

  • Right to data portability;  

  • Right to withdraw consent if consent was previously provided; and

  • Right to raise a complaint to the Information Commissioner’s Office.

If you are eligible to invoke one of the rights listed above and wish to do so, you may contact us as part of a subject access request using the details in our “How to contact us” section below.  Please note that we may not always be able to fulfill your request as there may be legitimate purposes, such as certain legal or statutory obligations, that require us to retain your information as stored or if we believe the change would cause the information to be incorrect.

Withdrawing your consent to the processing of your data will not affect the lawfulness of any processing carried out before you withdraw your consent. If you choose to withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

8. Potential Rights Under the CCPA and CPRA

Under the California Consumer Privacy Act (“CCPA”) and California Privacy Rights Act (“CPRA”) (together, the “California Privacy Acts”), if you are a citizen or resident of California, you may have certain rights regarding your Personal Information:

  • Right to know and access the information we have collected from you;

  • Right to have information collected about you deleted;

  • Right to opt-out of the sale of your information; and

  • Right to not be discriminated against for exercising your rights under the California Privacy Acts.

If you are eligible to invoke one of the rights listed above and wish to do so, you may contact us as part of a subject access request using the details in our “How to contact us” section below.  Please note that we may not always be able to fulfill your request as there may be legitimate purposes, such as certain legal or statutory obligations, that require us to retain your information as stored or if we believe the change would cause the information to be incorrect.

Withdrawing your consent to the processing of your data will not affect the lawfulness of any processing carried out before you withdraw your consent. If you choose to withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

9. Updates to Our Privacy Policy

As appropriate, we may make changes to this Policy that will be posted online and, where appropriate, be sent to you by e-mail. Please check back frequently to remain aware of any updates or changes to this Policy.

10. Contact Us

Thank you for taking the time to read this Policy. If you have specific questions, and/or are eligible to exercise certain rights as described above, please email carlotta@carlottapham.com.

Please be aware that when we receive a formal written complaint regarding the processing of personal data, we try to resolve it directly with the person who has made the complaint. However, as necessary, we will work with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding our processing of personal data that we cannot resolve with a complainant directly.