PRIVACY POLICY

• "Personal Information" means any information relating to an identified or identifiable natural person.
• "Processing" means any operation performed on Personal Information, whether or not by automated means.
• "Services" means all products, services, content, features, technologies, or functions offered by the Company.
• "Service Provider"has the meaning set forth in Section 1798.140(v) of the CCPA.
• "Third Party" means a natural or legal person, public authority, agency, or body other than the User, Company, and persons authorized to process Personal Information under the Company's direct authority.
• "Platform" means the Company's website, mobile applications, and related services.
• "CCPA" means the California Consumer Privacy Act of 2018, Cal. Civ. Code §1798.100 et. seq., and its implementing regulations.
• "U.S. Data Protection Laws"means all laws and regulations of the United States of America, including the CCPA, applicable to the processing of personal information (or an analogous variation of such term).

2.1. Scope of Application

This Policy applies to all Personal Information collected, used, or disclosed in connection with the Services.

2.2. Consent

By accessing or using the Services, you expressly consent to:

• The collection, use, and disclosure of your Personal Information as described in this Policy;
• The transfer of your Personal Information to, and storage of your Personal Information in, jurisdictions that may have different levels of data protection than your jurisdiction;
• The use of cookies and similar technologies as described in this Policy.

4.1. Legal Basis for Processing

We process Personal Information on the following legal grounds:

• Performance of Contract
  • To provide the Services
  • To process transactions
  • To maintain user accounts
• Legitimate Interests
  • To improve our Services
  • To prevent fraud
  • To ensure network security
• Legal Obligations
  • To comply with applicable laws
  • To respond to legal requests
  • To protect legal rights

5.1. Security Measures

The Company implements and maintains reasonable security measures, including:

• Technical Safeguards
  • Industry-standard encryption protocols
  • Secure socket layer technology
  • Firewalls and intrusion detection systems
• Administrative Controls
  • Access control policies
  • Employee training programs
  • Security incident response procedures

Information we collect may be stored and processed in the United States in accordance with this Privacy Policy but we understand that users from other countries may have different expectations and rights with regard to their privacy. For all Website visitors and customers, no matter their country of location, we will:

• Provide clear methods of unambiguous, informed consent when we do collect your personal information and where required by applicable law;
• Only collect the minimum amount of personal information necessary for the purpose it is collected for, unless you choose to provide us more;
• Offer you simple methods of accessing, correcting, or deleting your information that we have collected, with the exception of information you voluntarily provide that is necessary to retain as is for the integrity of our project code as described further below; and
• Provide Website customers notice, choice, accountability, security, and access, and we limit the purpose for processing. We also provide our customers a method of recourse and enforcement.

6.1. Statutory Rights

Subject to applicable law, you may have the right to:

• Access your Personal Information
• Rectify inaccurate Personal Information
• Request erasure of Personal Information
• Restrict or object to Processing
• Data portability
• Withdraw consent

7.1. Cross-border Transfers

Personal Information may be transferred to, stored, and processed in countries other than your country of residence. Such transfers shall be made in accordance with:

• Standard contractual clauses
• Adequacy decisions
• Other valid transfer mechanisms

8.1. This Policy shall be governed by and construed in accordance with the laws of [Jurisdiction], without regard to its conflict of law provisions.

9.1. GDPR Applicability

This Policy has been drafted to ensure compliance with the requirements set forth by Regulation (EU) 2016/679, the General Data Protection Regulation ("GDPR"). It applies to the collection, use, and processing of Personal Data (as defined under GDPR) of individuals located in the European Economic Area ("EEA").

9.2. Legal Bases for Processing

In accordance with Article 6 of the GDPR, the Company processes Personal Data based on the following legal grounds:

• Performance of a Contract: To fulfill contractual obligations, including providing the Services and responding to your inquiries.
• Consent: Where you have explicitly provided your consent for specific processing activities, such consent may be withdrawn at any time without affecting the lawfulness of processing based on consent prior to withdrawal.
• Legitimate Interests: For purposes such as improving Services, ensuring security, and fraud prevention, provided such interests are not overridden by your rights and freedoms.
• Legal Obligations: To comply with applicable laws, court orders, or regulatory requirements.

9.3. Data Subject Rights

As a data subject under the GDPR, you have the following rights:

• Right of Access (Article 15): To obtain confirmation regarding the processing of your Personal Data and access to such data.
• Right to Rectification (Article 16): To request correction of inaccurate or incomplete Personal Data.
• Right to Erasure ("Right to Be Forgotten") (Article 17): To request the deletion of your Personal Data under certain conditions.
• Right to Restrict Processing (Article 18): To request limitation of the processing of your Personal Data in specific circumstances.
• Right to Data Portability (Article 20): To receive your Personal Data in a structured, commonly used, and machine-readable format and transmit it to another data controller.
• Right to Object (Article 21): To object to the processing of your Personal Data on grounds relating to your particular situation or to direct marketing purposes.
• Right to Lodge a Complaint: To file a complaint with a supervisory authority in your Member State if you believe that the processing of your Personal Data violates the GDPR.

9.4. Data Transfers Outside the EEA

When transferring Personal Data to jurisdictions outside the EEA, the Company ensures that such transfers comply with Chapter V of the GDPR, including the implementation of appropriate safeguards such as:

• Standard Contractual Clauses approved by the European Commission;
• Adequacy decisions by the European Commission;
• Other lawful transfer mechanisms in accordance with the GDPR.

9.5. Data Protection Officer (DPO)

The Company has appointed a Data Protection Officer to oversee GDPR compliance. For inquiries or requests regarding your rights under the GDPR, please contact:

• Data Protection Officer
• Echo Software LLC
• Email: [email protected]
• Address: 30 N GOULD ST STE R SHERIDAN, WY 82801