Privacy Policy for pcidss-gsx.com
1. Introduction
PCIDSS-GSX (“we,” “us,” or “our”) is committed to safeguarding the privacy and personal data of all visitors, users, and customers (“you,” “your”) who access our website located at https://pcidss-gsx.com. We recognize the importance of privacy and data protection, and we adhere to the highest standards of compliance under applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). This Privacy Policy explains how we collect, use, disclose, safeguard, and manage your personal data.
2. Scope of this Policy and Our Role as Data Controller
This Privacy Policy applies to all information collected through our website pcidss-gsx.com and related services. For the purposes of the GDPR, PCIDSS-GSX is the “data controller” of your personal data, meaning we determine the purposes and means of processing your information. For California residents, PCIDSS-GSX is a “business” under the CCPA, and this policy outlines your rights and our responsibilities under that regime.
3. Categories of Personal Data We Process
We may process the following categories of personal data:
— Usage Data: Including but not limited to IP address, browser type and version, time zone setting, language preferences, referring/exit pages, device type, operating system, clickstream data, session duration, and interaction logs.
— Account Data: Information you provide when creating an account or contacting us, including your full name, billing and mailing address, email address, and telephone number.
— Profile Data: Preferences such as account settings, interests, previous purchases, service usage patterns, feedback, and survey responses.
— Communication Data: Records of communication with our support team, including email correspondence, live chat history, contact forms, and telephonic communications.
— Technical Data: Device details, browser plug-ins, configuration settings, internet connection data, and other technical identifiers used to interact with our system.
— Transaction Data: Payment information (processed securely through third parties), order history, delivery addresses, and billing records where applicable.
— Preference Data: Consent to receive marketing communications, advertisement interactions, product or service preferences, and opt-in/opt-out history.
4. Legal Bases for Processing Personal Data
We process your personal data lawfully and in accordance with the following legal bases:
— Legitimate Interests: For purposes such as website security, fraud prevention, improving user experience, and internal analytics, provided such interests are not overridden by your rights.
— Contract Performance: Processing required to fulfill a contract or take steps at your request prior to entering into a contract (such as account creation, service delivery, or customer support).
— Consent: For sending you marketing materials, cookies (where legally required), and capturing special categories of data (if necessary and applicable). Your consent is voluntary and may be withdrawn at any time.
— Legal Obligations: Where processing is necessary to comply with a legal requirement, including tax, regulatory, or audit obligations.
5. Your Rights Under GDPR and CCPA
You have the following rights regarding your personal data:
— Right of Access: You may request access to your personal data and obtain information about how we process it.
— Right to Rectification: You may ask us to correct inaccurate or incomplete data concerning you.
— Right to Erasure (“Right to be Forgotten”): You may request deletion of your personal data, subject to legal and contractual limitations.
— Right to Restriction of Processing: You can request that we limit how we use your data in certain circumstances.
— Right to Data Portability: Upon request, we can provide data you submitted to us in a structured, machine-readable format.
— Right to Object (GDPR) / Opt-Out (CCPA): You have the right to object to processing based on legitimate interests or withdraw consent for marketing communications.
— Right Not to Be Discriminated Against (CCPA): California residents will not be denied services, charged different prices, or provided a different quality of service for exercising their privacy rights.
To exercise any of these rights, please email us at [email protected]. We may require verification of identity before processing your request, as permitted by law.
6. Security Measures
We implement robust and industry-standard security procedures to protect your data from unauthorized access, disclosure, alteration, and destruction. Our safeguards include:
— End-to-end encryption for data in transit and at rest
— Multi-layered access controls and authentication protocols
— Role-based access restrictions for staff
— Regular vulnerability assessments and penetration testing
— Secure backups and disaster recovery processes
— Staff training on data protection and privacy awareness
While we endeavor to maintain the highest level of information security, no method of data transmission or storage is entirely immune to risk.
7. International Transfers
If your personal data is transferred outside of the European Economic Area (EEA), we ensure appropriate safeguards are in place, including:
— Use of approved Standard Contractual Clauses (SCCs)
— Transfers to countries deemed by the European Commission as providing adequate protection
— Binding Corporate Rules or equivalent mechanisms as applicable
We comply with regional data protection regulations when transferring data between jurisdictions, including GDPR, CCPA, and other applicable regimes.
8. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected or to comply with legal obligations. Retention periods vary depending on the data category:
— Usage and Technical Data: Up to 12 months for analytics and security
— Account and Transaction Data: Up to 7 years for legal and accounting compliance
— Profile, Communication, and Preference Data: As long as your account remains active or until you withdraw consent
— Marketing Communications: Retained until you opt out or withdraw consent
Data is securely erased or anonymized following expiration of the applicable retention period.
9. Cookies Policy
pcidss-gsx.com uses cookies and similar tracking technologies to enhance your experience. The types of cookies we deploy include:
— Essential Cookies: Required for basic site functionality such as navigation, security, and authentication.
— Functional Cookies: Enable personalization, language preferences, and session persistence.
— Analytics Cookies: Collect anonymized data to monitor user behavior and improve website performance.
— Performance Cookies: Help us monitor site loading times, feature usage, and service response.
You may learn more about our specific cookie usage by accessing our Cookie Notice available on pcidss-gsx.com.
10. Cookie Management and Compliance
By using our website, you consent to the use of cookies in accordance with this Privacy Policy. Our site provides you with the ability to manage cookies through a consent banner on your first visit and through your browser settings. You can decline non-essential cookies without affecting your access to the core functionality of our site.
Under GDPR, your explicit consent is obtained prior to the use of non-essential cookies. CCPA-compliant mechanisms are also provided for visitors from California, including the right to opt-out of the sale or sharing of personal information (note: we do not “sell” personal data as defined by the CCPA).
11. Children’s Data
Our website and services are not directed to children under the age of 13, and we do not knowingly collect personal data from children. If we become aware that a child under 13 has provided us with personal information, we will take immediate steps to delete it. Parents or guardians who believe we may have collected data from a minor should contact us at [email protected].
12. Policy Updates
We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our practices, legal requirements, or service features. Notice of material changes will be provided via prominent website notices or direct communications, where appropriate. We encourage users to periodically review this page to stay informed of how we protect your data.
13. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or the way your personal data is handled, please contact our Data Protection Officer at the following:
Email: [email protected]
Website: https://pcidss-gsx.com
We are dedicated to resolving privacy issues promptly and responsibly.
PCIDSS-GSX maintains a steadfast commitment to full compliance with all applicable data protection laws, including the GDPR and CCPA. Please reach out with any questions or privacy-related concerns—we are here to help.