Data Protection Policy - Van Dijk Consultants

Data Protection Policy

At Van Dijk Consultants, LLC, we take your privacy and data security seriously. This Data Protection Policy outlines how we collect, store, process, and protect your personal information in compliance with applicable data protection laws in both the United States and the European Union, including the General Data Protection Regulation (GDPR).

Purpose of This Policy

This policy ensures that Van Dijk Consultants, LLC.

Complies with data protection laws and follows good practice
Protects the rights of customers, employees, and partners
Is transparent about how personal data is stored and processed
Protects itself from the risks of data breaches

This policy applies to all staff, contractors, and third parties who have access to personal data processed by the company.

Key Definitions

Personal Data: Any information relating to an identified or identifiable individual, including names, emails, IP addresses, and identification numbers.
Data Subject: The individual whose personal data is being processed.
Data Controller: The entity that determines the purposes and means of processing personal data.
Data Processor: The entity that processes data on behalf of the controller.
Processing: Any operation performed on personal data, including collection, storage, use, and deletion.

Legal Framework

For European Union Citizens (GDPR)

The General Data Protection Regulation (EU) 2016/679 governs how personal data must be handled. Key principles include:

Lawfulness, fairness, and transparency: Data must be processed lawfully, fairly, and transparently.
Purpose limitation: Data must be collected for specified, explicit, and legitimate purposes.
Data minimization: Only data necessary for processing should be collected.
Accuracy: Data must be accurate and kept up to date.
Storage limitation: Personal data should only be stored for as long as necessary.
Integrity and confidentiality: Data must be processed securely.

Under GDPR, data subjects have the following rights:

Right to access their data
Right to rectification
Right to erasure (“right to be forgotten”)
Right to restrict processing
Right to data portability
Right to object
Right not to be subject to automated decision-making

For United States Residents

The U.S. does not have a single, comprehensive federal data protection law. However, various sector-specific laws apply:

California Consumer Privacy Act (CCPA) / CPRA: Grants California residents rights to know, delete, and opt out of the sale of personal data. CPRA enhances these rights and adds new requirements for businesses.
Children’s Online Privacy Protection Act (COPPA): Applies to data collected from children under 13.
Health Insurance Portability and Accountability Act (HIPAA): Governs healthcare data.
Gramm-Leach-Bliley Act (GLBA): Applies to financial institutions.

U.S. residents may have rights depending on the state, including:

Right to know what data is collected
Right to access data
Right to request deletion
Right to opt-out of data sales or sharing

We comply with all applicable U.S. laws, including state-specific legislation, when collecting and processing data.

What Data We Collect

We may collect the following types of personal data:

Contact information (name, address, email, phone number)
Account login credentials
IP address and device information
Payment and billing information
Usage data and browsing behavior

Sensitive personal data is only collected with explicit consent or where required by law.

How We Use Personal Data

We process your data for the following purposes:

To provide products or services you request
To process transactions and manage billing
To personalize content and improve user experience
To send marketing communications (with your consent)
To comply with legal obligations

Data Sharing and Third Parties

We may share data with third parties in the following scenarios:

Service providers and vendors who perform functions on our behalf
Legal and regulatory authorities, when required
Business partners, with your consent
Analytics and advertising platforms (with opt-out options)

All third parties are required to comply with data protection standards and sign data processing agreements where applicable.

International Data Transfers

If your data is transferred outside the European Economic Area (EEA), such transfers will be safeguarded through:

Standard Contractual Clauses (SCCs)
Adequacy decisions by the European Commission
Other lawful mechanisms under GDPR

We ensure that similar protections are in place for U.S. residents where required.

Data Retention

We retain personal data only as long as necessary for the purposes for which it was collected, or to comply with legal, accounting, or reporting obligations.

Retention periods may vary depending on the data type and regulatory requirements.

Data Security

We implement robust technical and organizational measures to protect data, including:

Encryption of data in transit and at rest
Access controls and authentication mechanisms
Secure data storage and cloud infrastructure
Staff training and internal data handling procedures

In the event of a data breach, affected individuals and regulatory bodies will be notified as required by law.

Your Rights

If you are located in the EEA, UK, or a U.S. state with privacy laws (like California), you may exercise your rights by contacting us at [Your Contact Email].

We will respond to all requests within the timeframe required by law.

Policy Updates

We may update this policy from time to time to reflect changes in legal requirements or our data processing practices. Any significant changes will be communicated on our website.

Contact Us

If you have questions or concerns about this Data Protection Policy or our practices, please contact:

Data Protection Officer (DPO)
Van Dijk Consultants, LLC
PO Box 325, Clear Lake, IA 50428
hello@vandijkconsultants.com
641.657.9234

By using our website or services, you acknowledge that you have read and understood this Data Protection Policy.