1. WHAT INFORMATION DO WE COLLECT?
Personal Information You Disclose to Us
During your visit and use of our Website and services, we collect certain data that you provide to us when you ﬁll out opt-in forms, contact forms, and surveys, when you purchase products and/or services, and when you enter your information for giveaways and/or competitions.
The personal information that you provide to us can be your name, email address, location, and occupation. Moreover, if you are purchasing products, then you are also providing us with payment and address information. (However, your payment information is not stored in our
system because purchases are processed through payment processors.) Therefore, should you have any questions about payment activities and/or information, contact the speciﬁc payment processor directly.
Outside of the European Union (“EU”)
If you are outside of the EU and enter your information to receive a freebie, make a purchase, respond to survey, register for a free training, or participate in a webinar, then we will automatically enroll you to receive our newsletter and updates.
If you do not wish to receive any communications from us, you can opt out by clicking on the unsubscribe link located at the bottom of the emails.
In the European Union
If you are in the EU and opt to receive a freebie or participate in a free training, register for a webinar or live event, or purchase a product, your email address will not be added to the email list to receive our newsletter and updates unless you aﬃrmatively consent to it.
If you change your mind at any point and do not want to receive electronic communication, simply unsubscribe.
If you have trouble unsubscribing by clicking the link at the bottom of the email, simply email us at Heather@heathergrayconsulting.com and request to be unsubscribed from future emails.
Visitors’ Rights Under GDPR
As someone who resides in the European Union, you are entitled to exercise certain rights that you are given under the General Data Protection Regulation (GDPR).
Any information or data that you chose to provide us will be kept with DaughtersNPD until one of these happens: (1) you ask DaughtersNPD to DELETE the information and/or data; (2) DaughtersNPD decides to STOP USING the existing data processors, or
- DaughtersNPD decides that the cost of retaining the data outweighs the value in retaining it.
As a consumer and/or visitor on our Site who is located in the European Union region, you have the right to request access to your data that DaughtersNPD collected on you and stores it.
You are within your rights to demand to know exactly what data and information DaughtersNPD has collected on you. Keep in mind that some parts of this data was provided by you personally, while others were gathered through cookies and pixels.
You have the right to withdraw consent on a data that you previously gave us consent to collect and process. The right to withdraw consent applies to any future processing of that data. However, any data that has been collected and processed previously based on valid consent is lawful and not subject to liability based on any legal grounds.
You also have the right to request erasure of your data and all your information from DaughtersNPD’s data storage. Once you request that your data be erased from DaughtersNPD’s databases, we have thirty (30) days to comply with your request. If it’s impossible to comply within 30 days, then DaughtersNPD will respond to the Visitor’s request and let them know about the issue and also give them a reasonable time as to when their request for deletion will be honored.
Aside from rights such as request to access, request to delete and rectify, an EU user also has the right to place restrictions on the data
processing itself. This means a user can limit certain things that DaughtersNPD can and cannot do with their data. You can choose to limit transfer of your data to third-party businesses (unless it’s essential for DaughtersNPD’s basic functions).
You further have the right to ﬁle a complaint with a supervisory authority who oversees and handles issues related to the GDPR.
Lastly, it’s DaughtersNPD’s duty to inform you that we only require information that is reasonably necessary to enter into a contract with you. We do not collect any unnecessary data, and any information we acquire is used for legitimate business purposes such as growing and scaling our business or being able to provide satisfactory customer service to you and other users.
- BRAZILIAN DATA PROTECTION LAW (LGPD)
The Brazilian Data Protection Law or the LGPD, which is derived from its Portuguese name. The LGPD is Brazil’s law on online privacy requirements and certain rights and privileges given to data subjects.
Under the LGPD, “processing” is deﬁned as collection, production, reproduction, transmission, receipt, use, classiﬁcation, ﬁling, storage, control or evaluation of data, deletion, dissemination, extraction, modiﬁcation, and communication. The LGPD applies to “personal data” that is deﬁned as any information related to an identiﬁed or identiﬁable natural person. Moreover, sensitive data such as political opinion, racial
or ethnic origin, religion, health, sex and more as they relate to a natural person.
Under the LGDP, the data subjects are given the following rights relating to their personal data:
- Awareness and conﬁrmation of the existence of data processing;
- Anonymization or pseudonymization or removal of pieces of data that have been collected or processed without compliance with the LGPD;
- Access to personal data;
- Correction of inaccurate data;
- Right to request deletion;
- Right to revocation of consent;
- Right to request disclosure of any third parties with whom personal data is shared;
- Access to the customer policy information and consent revocation terms and conditions.
The data subject has the right to exercise these rights with our business DaughtersNPD anytime free of charge.
As a business, we can only process personal data if there are any legal basis for processing that data. The LGPD provides approximately ten (10) legal basis for processing data. The ten grounds are:
- The data subject gives express consent to process the data.
- Data processing is necessary to comply with a legal obligation.
3.Processing is essential to protect the life or physical safety of the data subject or another third party.
- Necessary to execute a contract or contract related procedures
that the data subject is a party of at the request of the data subject.
- Necessary to process to fulﬁll the legitimate interests of the controller or of the third-party, except when data subject’s fundamental rights prevail.
- Necessary to process in order to protect credit (refers to a credit score).
- You need to process to protect the health in relation to activities of health professionals or health entities.
- Necessary to process to carry out studies by research entities that ensure, when possible, the anonymization of personal data.
- Necessary to process to exercise rights in judicial, arbitration and administrative procedures.
- 10.Necessarytoprocessto execute public policies provided in laws or regulations, or those that are based on contracts, policies, agreements or similar binding instruments.
DaughtersNPD mostly uses legal basis #1 and #5 above, which are that the data subject gives express consent to process the data, and that processing is necessary to to fulﬁll the legitimate interests of the controller or of the third-party, except when data subject’s fundamental rights prevail to process personal and sensitive data collected from you.
Information Collected Through Third-Party Sources
During the time you visit and use our Site, certain limited data are collected from public databases, marketing partners, social media platforms, and analytics sources.
The types of data collected about you from other sources are your location, your computer system, which pages you have visited on our Site, how long you spend on each page, your IP address, your country, and possibly even your social media proﬁles and referrals.
- CHILDREN’S PRIVACY AND DATA
This Website is not intended for children under the age of 13. We and this Website do not knowingly and intentionally collect any personally identiﬁable information from children under the age of 13. If you are under 13 years of age, please do not use or provide any information on this Website. Do not use any third parties that might have links present on this Website. Do not provide your name, address, phone number or any payment information.
If a parent or guardian believes that this Website unknowingly collected personally identiﬁable information from a child under the age of 13 in its database, please contact us at once at
Heather@heathergrayconsulting.com and we will do our best to immediately remove any and all such information from our database.
- HOW DO WE USE THE INFORMATION WE COLLECT FROM YOU?
Information Collected from You
We use the information we collect from you to send you targeted marketing and promotional communications. If at any time you indicated an interest in a particular ﬁeld related to our Site, then we and/or our third-party marketing partners may use this relevant information to send you additional communication regarding similar products/services.
If you do not want to receive any marketing and/or promotional communication, you can opt out at any time by UNSUBSCRIBING from either a particular list or topic or from all the emails coming from us by clicking on the unsubscribe button located at the bottom of every email you receive.
Information Collected from Third-Party Apps and Tools
Any information collected from third-party tools is used for statistical and analytical purposes and for evaluating and making improvements to our Site. This automatically collected information will not include personal information data.
4. WILL WE SHARE YOUR INFORMATION WITH ANYONE?
We respect your privacy and the value of your information. We do not share, disclose, sell, lease or rent your information to anyone or any third party without your express consent.
Only under limited circumstances will necessary information be shared with third parties. Here are the situations in which we will share your information:
- You gave us express consent to do so;
- You entered into a contract for recurring payments—for this reason, your information will be processed on an as-needed basis to uphold the agreement;
- Performance of a contract—if you are obligated to pay or perform an action, and you fail, we reserve the right to share necessary information with a third-party company, such as a collection agency or an attorney; and
- Mandated by law—if legal proceedings are initiated, and there is a subpoena (unlikely, but better to be prepared than surprised).
5. EMAIL COMMUNICATIONS & POLICIES
If you decide to contact us through email, we reserve the right to retain the content of your email messages, your email address, and our responses.
Your privacy is important to us. Therefore, your email address will never be shared, sold, or leased to any third-party members.
In compliance with the CAN-SPAM Act, any and all communications sent from our Company or Website will clearly state who the email is from, who the email is for, and how to contact the sender.
Furthermore, should you wish to not receive any more emails, you can click on the “Unsubscribe” link located at the bottom of the email.
Eﬀective as of 1/30/2023