← Legal Pages

GDPR Policy

Last Updated: January 1, 2025

This GDPR Policy explains how Harbour Networking LLC ("we," "us," or "our") processes personal data in compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and the UK General Data Protection Regulation. This policy applies to all individuals in the European Economic Area (EEA) and the United Kingdom whose personal data we process in connection with our Services at harbournetworking.com.

1. Data Controller

The data controller responsible for your personal data is:

  • Entity: Harbour Networking LLC
  • Address: 123 Main Street, Suite 100, Charlotte, NC 28202
  • Email: legal@harbournetworking.com
  • Phone: +1 (704) 555-0100

As the data controller, we determine the purposes and means of processing your personal data and are responsible for ensuring compliance with applicable data protection legislation.

2. Lawful Basis for Processing

We process your personal data only when we have a valid legal basis to do so. The lawful bases we rely upon include:

  • Consent (Article 6(1)(a)): Where you have given clear consent for us to process your personal data for a specific purpose, such as subscribing to a newsletter or opting into marketing communications. You may withdraw consent at any time.
  • Contractual Necessity (Article 6(1)(b)): Where processing is necessary for the performance of a contract to which you are a party, or to take steps at your request prior to entering into a contract, such as providing our services, processing orders, or managing your account.
  • Legal Obligation (Article 6(1)(c)): Where processing is necessary for compliance with a legal obligation to which we are subject, such as tax reporting requirements or responding to lawful requests from authorities.
  • Legitimate Interests (Article 6(1)(f)): Where processing is necessary for purposes of our legitimate interests or those of a third party, provided that your interests and fundamental rights do not override those interests. Our legitimate interests include improving our Services, preventing fraud, ensuring network and information security, and marketing our products and services.

3. Categories of Personal Data

We process the following categories of personal data:

  • Identity Data: First name, last name, username, title, and professional designation.
  • Contact Data: Email address, telephone number, postal address, and company name.
  • Technical Data: IP address, browser type, operating system, device identifiers, timezone, and language settings.
  • Usage Data: Information about how you use our website and Services, including pages visited, features used, and navigation patterns.
  • Transaction Data: Details about payments and purchases including amounts, dates, and descriptions of services purchased.
  • Communications Data: Content of messages and communications you send to us, along with metadata such as timestamps.
  • Marketing Data: Your preferences in receiving marketing communications and your communication preferences.

4. Purposes of Processing

We process your personal data for the following specific purposes:

  • To register you as a new client and manage your account.
  • To deliver our Services, including managing projects, consultations, and support.
  • To process and collect payments owed to us.
  • To communicate with you about our Services, including changes and updates.
  • To administer and protect our business and website, including troubleshooting, data analysis, and system testing.
  • To deliver relevant marketing content and advertisements to you, and to measure and understand the effectiveness of our marketing.
  • To use data analytics to improve our website, products, services, marketing, and user experience.
  • To comply with our legal and regulatory obligations.

5. International Data Transfers

As we are based in the United States, your personal data will be transferred to and processed in the United States. We ensure that any such transfer is carried out in accordance with applicable data protection laws and that appropriate safeguards are in place. These safeguards include:

  • Standard Contractual Clauses (SCCs): We use the European Commission's Standard Contractual Clauses for transfers of personal data to countries outside the EEA that have not received an adequacy decision.
  • Supplementary Measures: Where necessary, we implement additional technical and organizational measures to ensure the protection of your personal data, including encryption, pseudonymization, and access controls.
  • Transfer Impact Assessments: We conduct transfer impact assessments to evaluate the risks of international transfers and implement appropriate safeguards.

You may request a copy of the safeguards we have in place by contacting us at legal@harbournetworking.com.

6. Data Retention Periods

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected. Our specific retention periods are:

  • Account Data: Duration of the business relationship plus 3 years.
  • Transaction Records: 7 years from the date of the transaction (legal requirement).
  • Marketing Consent Records: Duration of consent plus 2 years after withdrawal.
  • Website Analytics: 26 months from the date of collection.
  • Communication Records: 3 years from the last communication.
  • Server Logs: 90 days from the date of creation.

After the retention period expires, we securely delete or anonymize your personal data. In some cases, we may anonymize data for research or statistical purposes, in which case it is no longer considered personal data.

7. Data Subject Rights

Under the GDPR, you have the following rights with respect to your personal data:

  • Right of Access (Article 15): You have the right to obtain confirmation as to whether we are processing your personal data and, if so, to receive a copy of that data along with supplementary information about how it is being processed.
  • Right to Rectification (Article 16): You have the right to have inaccurate personal data corrected and incomplete personal data completed.
  • Right to Erasure (Article 17): You have the right to request the deletion of your personal data in certain circumstances, including where it is no longer necessary for the purposes for which it was collected, where you withdraw consent, or where you object to processing and there are no overriding legitimate grounds.
  • Right to Restriction (Article 18): You have the right to request restriction of processing in certain circumstances, such as when you contest the accuracy of the data or when processing is unlawful but you oppose erasure.
  • Right to Data Portability (Article 20): You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller without hindrance.
  • Right to Object (Article 21): You have the right to object to processing based on legitimate interests or public interest, including profiling. You also have the absolute right to object to processing for direct marketing purposes.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of processing carried out before withdrawal.

To exercise any of these rights, please contact us at legal@harbournetworking.com. We will respond to your request within one month. This period may be extended by two further months if necessary, taking into account the complexity and number of requests.

8. Automated Decision-Making

We do not currently make any decisions based solely on automated processing, including profiling, which produce legal effects concerning you or similarly significantly affect you. If this changes in the future, we will provide you with information about the logic involved, as well as the significance and envisaged consequences of such processing, and provide you with the opportunity to contest the decision, express your point of view, and obtain human intervention.

9. Data Protection Officer

For all inquiries related to data protection and the exercise of your rights under the GDPR, please contact our designated data protection point of contact:

10. Right to Lodge a Complaint

If you believe that our processing of your personal data infringes data protection laws, you have the right to lodge a complaint with a supervisory authority. You may do so in the EU/EEA member state of your habitual residence, your place of work, or the place of the alleged infringement. We would, however, appreciate the opportunity to address your concerns before you contact a supervisory authority, so please contact us first at legal@harbournetworking.com.