Privacy Notice – Echotechsales

Echo Tech Sales Privacy Notice

Last Updated: October 20, 2024

Introduction

Welcome to Echo Tech Sals (“we,” “our,” “us”). We are committed to protecting your privacy and ensuring that your personal data is handled in a safe and responsible manner. Please read this Privacy Notice (“Notice”) carefully as it contains important information related to your Personal Data under Data Protection Laws.

This Notice applies to all visitors, prospects, and data subjects who interact with our website. This Privacy Notice explains how we collect, use, store, and share your personal data. It also outlines your rights regarding your personal data and how you can contact us if you have any questions or concerns.

1. Key Data Protection Terms

Here are the key data protection terms used in the Privacy Notice, explained for clarity:

Consent: This refers to the permission you give us to process your personal data. Consent must be freely given, specific, informed, and unambiguous. You have the right to withdraw your consent at any time.

Data Controller: The entity that determines the purposes and means of processing personal data. Essentially, the Data Controller is responsible for ensuring that your data is processed in compliance with data protection laws.

Data Processor: A party that processes personal data on behalf of the Data Controller. Data Processors must act on the instructions of the Data Controller and are bound by data protection laws to ensure the security and confidentiality of the data. Echo Tech Sales acts as a Data Processor, meaning we process personal data on behalf of Data Controllers (as per directives and requirement of our clients) in accordance with instructions and applicable data protection laws

Personal Data: Any information that relates to an identified or identifiable individual. This can include names, addresses, email addresses, IP addresses, and more. Personal data is protected under data protection laws to ensure individuals’ privacy.

Special Category Data: This is a subset of personal data that is more sensitive and requires additional protection. It includes data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data (where used for identification purposes), health data, and data concerning a person’s sex life or sexual orientation. We do not collect any special category data from our website visitors.

Processing: Any operation performed on personal data on basis of Legitimate Interest, such as collection, storage, use, and sharing.

2. Our Categorization Under Data Protection Laws

As an Echo Tech Sales, we operate as a Data Processor. This means we process Personal Data on behalf of Data Controllers, adhering to the policies and procedures established under Data Protection Laws and our contractual obligations with Data Controllers. We are committed to maintaining the highest standards of data protection and privacy, ensuring that all Personal Data is processed lawfully, fairly, and transparently.

Our responsibilities include:

Processing Personal Data: We handle Personal Data strictly as instructed by the Data Controller, ensuring compliance with all relevant Data Protection Laws.

Data Controller: We process personal data under directives and instructions of Registered Data Controllers, our clients, our affiliates, our partners and our associates.

Data Security: Implementing robust security measures to protect Personal Data from unauthorized access, alteration, disclosure, or destruction.

Data Subject Rights: Assisting Data Controllers in responding to requests from Data Subjects regarding their Personal Data, including access, correction, deletion, and data portability requests.

Data Breach Notification: Promptly informing Data Controllers of any data breaches that may affect the Personal Data we process on their behalf.

Sub-Processors: Engaging sub-processors only with the Data Controller’s prior written consent and ensuring they comply with the same data protection obligations.

3. Our Approach to Data Protection Compliance

At Echo Tech Sales, we are dedicated to upholding the highest standards of data protection compliance. As a Data Processor, our approach is guided by the seven principles of data protection under the EU GDPR. Our commitment to these principles ensures that Personal Data is processed securely, lawfully, and transparently, maintaining the trust and confidence of our clients and their data subjects. Our approach is explained here:

Lawfulness, Fairness, and Transparency

Lawfulness: We process Personal Data based on one or more of the lawful bases provided under GDPR, such as consent, contract, legal obligation, vital interests, public task, or legitimate interests.

Fairness: We ensure that Personal Data is processed fairly and not used in ways that have unjustified adverse effects on the individuals concerned.

Transparency: We provide clear and concise information to Data Subjects about how their data is being used, including the purposes of processing, the legal basis for processing, and their rights under GDPR.

Purpose Limitation

Personal Data is collected for specified, explicit, and legitimate purposes and is not further processed in a manner that is incompatible with those purposes.

Data Minimisation

We ensure that the Personal Data we process is adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed.

Accuracy

We take all reasonable steps to ensure that Personal Data is accurate and, where necessary, kept up to date. Inaccurate data is rectified or erased without delay.

Storage Limitation

Personal Data is kept in a form that permits identification of Data Subjects for no longer than is necessary for the purposes for which the data is processed. We implement appropriate measures to ensure data is securely archived or deleted when no longer needed.

Integrity and Confidentiality (Security)

We process Personal Data in a manner that ensures its security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical and organizational measures.

Accountability

We are responsible for, and able to demonstrate, compliance with all these principles. This includes maintaining comprehensive records of our data processing activities and conducting regular audits and assessments.

Additional GDPR Compliance Measures

Consent Guidelines

Obtaining Consent: We obtain explicit consent from Data Subjects before processing their Personal Data, ensuring that consent is freely given, specific, informed, and unambiguous.

Withdrawing Consent: Data Subjects have the right to withdraw their consent at any time, and we make this process straightforward and accessible.

Recording Consent: We maintain records of consent obtained from Data Subjects, including the date, method, and content of the consent.

Lawful Basis for Processing

We identify and document the lawful basis for each processing activity, ensuring compliance with GDPR requirements. This includes processing based on:

Consent: When Data Subjects have given clear consent for us to process their Personal Data for a specific purpose.

Contract: When processing is necessary for the performance of a contract with the Data Subject or to take steps at their request before entering into a contract.

Legal Obligation: When processing is necessary for compliance with a legal obligation.

Vital Interests: When processing is necessary to protect someone’s life.

Public Task: When processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority.

Legitimate Interests: When processing is necessary for our legitimate interests or those of a third party, provided these interests are not overridden by the Data Subject’s rights and interests.

4. Personal Data We Collect

At Echo Tech Sales, we collect and process various types of Personal Data to provide our services effectively. The categories of Personal Data we collect include:

Contact Information: Such as your name, email address, phone number, and postal address.

Professional Information: Including your job title, company name, and industry.

Technical Information: Such as IP addresses, browser type, operating system, and device information.

Usage Data: Information about how you use our services, including log files, analytics data, and cookies.

Communication Data: Records of your communications with us, including emails, chat logs, and customer support interactions.

We collect this data to fulfil our contractual obligations, improve our services, and comply with legal requirements. Our data collection practices are guided by the principles of lawfulness, fairness, and transparency, ensuring that your data is processed securely and responsibly.

(a) Applicants for employment

Personal Data Categories	Examples of Personal Data Processed
Identification Data (including Special Category Data under some Data Protection Laws)	Name Address Telephone number Email address Social security number (if in the USA) Social insurance number (if in Canada) Government identification number (where applicable) Driver’s license number (where applicable) Passport number and information Date of birth
Special Category Data	Disability, biometric (such as photographs and video footage) and genetic information where you choose to provide it as part of the recruitment process (such as to inform of us of any reasonable adjustments that we need to put in place during the interview process)
Pre-Employment Data	Background screening information (including checks on criminal offences and convictions, credit, toxicology and past employment checks) Academic and professional qualifications and certificates (including dates) Current and past employers (including dates)
Technical and Usage Data	Internet protocol (“IP”) address (if you are submitting your application via our website) Google Advertiser ID or other identifiers for advertising Browsing history on our website, application or advertisement Search history on our website, application or advertisement

(b) Potential and existing customers

Personal Data Categories	Examples of Personal Data Processed
Identification Data (including Special Category Data under some Data Protection Laws)	Name Address Telephone number Email address Online account name
Financial Data	Bank account details Tax numbers Invoices
Invoices	IP address Google Advertiser ID or other identifiers for advertising Browsing history on our website, application or advertisement Search history on our website, application or advertisement

(c) Generated leads

We need to Process Personal Data to be able to provide our services to our clients. Following is a list of the Personal Data that we gather and is obliged for generated leads, in order for us to consequently provide qualified lead data (“Qualified Lead”) to our clients.

Personal Data Categories	Examples of Personal Data Processed
Identification Data (including Special Category Data under some Data Protection Laws)	Name Address Telephone number Business email address Employer information Job title Job function
Technical & Usage Data	IP address Google Advertiser ID or other identifiers for advertising Browsing history on our website, application or advertisement Search history on our website, application or advertisement Uniform Resource Locators (“URLs”) to and data from social media profiles

We collect, store, and provide Qualified Lead data to customers if you have Consented to us to do so only. In countries that require double opt-in consent (e.g., Austria, Germany, Greece, Switzerland, Luxembourg, and Norway), we collect, store, and provide Qualified Lead data to clients only if you have Consented to us to do so.

(d) Website visitors

Personal Data Categories	Examples of Personal Data Processed
Identification Data (including Special Category Data under some Data Protection Laws)	Name Address Telephone number Email address Online account name
Technical & Usage Data	IP address Google Advertiser ID or other identifiers for advertising Browsing history on our website, application or advertisement Search history on our website, application or advertisement

(e) Potential and existing third-party suppliers

Personal Data Categories	Examples of Personal Data Processed
Identification Data (including Special Category Data under some Data Protection Laws)	Name Address Telephone number Email address Online business account name
Financial Data	Bank account details Tax numbers Invoices
Technical & Usage Data	IP address Google Advertiser ID or other identifiers for advertising Browsing history on our website, application or advertisement Search history on our website, application or advertisement

5. Why do we Process your Personal Data?

Under Data Protection Laws, we can only use your Personal Data if we have a proper legal reason for doing so.

Data Subject type	Legal reasons
Applicants for employment	For the performance of our contract with you or to take steps before entering into a contract with you. For our Legitimate Interests or those of a third party. Where you have given Consent.
Potential and existing customers	For the performance of our contract with you or to take steps before entering into a contract with you. For our Legitimate Interests or those of a third party. Where you have given Consent. To comply with our legal and regulatory obligations.
Generated leads	For our Legitimate Interests or those of a third party. Where you have given Consent.
Website visitors	For our Legitimate Interests or those of a third party. On basis of given Consent.
Potential and existing third-party suppliers	For the performance of our contract with you or to take steps before entering into a contract with you. For our Legitimate Interests or those of a third party. Where you have given Consent. To comply with our legal and regulatory obligations.

6. Personal Data from Children

We recognize the importance of protecting children’s privacy and are committed to complying with applicable data protection laws, including the EU GDPR. Our approach to handling children’s data includes:

Age Verification: We do not knowingly collect Personal Data from children under the age of 16 without verifiable parental consent. If we become aware that we have inadvertently collected such data, we will take steps to delete it promptly.

Parental Consent: For children under the age of 16, we require parental consent before collecting or processing their Personal Data. We ensure that our communications and privacy notices are clear and understandable for both children and their parents.

Security Measures: We implement robust security measures to protect children’s data from unauthorized access, alteration, disclosure, or destruction.

Transparency: We provide clear and accessible information about our data processing practices, ensuring that children and their parents understand how their data is being used and their rights under data protection laws.

Data Subject Rights: We respect the rights of children and their parents to access, correct, delete, and restrict the processing of their Personal Data. We also facilitate the exercise of these rights in a straightforward and transparent manner.

By adhering to these principles, we ensure that all Personal Data, including data from children, is processed lawfully, fairly, and transparently, maintaining the trust and confidence of our clients and their data subjects.

7. Where Do We Collect Your Personal Data From

At Echo Tech Sales, we collect Personal Data from various sources to provide our services effectively and ensure compliance with data protection laws. Our data collection practices are guided by the principles of lawfulness, fairness, and transparency. The sources from which we collect your Personal Data include:

1. Direct Interactions

We collect Personal Data directly from you when you:

Register for our services: This includes creating an account, subscribing to our newsletters, or signing up for events.

Communicate with us: Through emails, phone calls, or customer support interactions.

Participate in surveys or feedback: Providing us with insights to improve our services.

2. Automated Technologies

We collect Personal Data automatically when you interact with our services through:

Cookies and Tracking Technologies: Collecting data about your browsing behaviour, preferences, and device information. From cookies on our website, read our Cookies Policy here! (hyper link to cookies policy)

Log Files: Recording details such as IP addresses, browser type, and access times.

3. Third Parties

We may receive Personal Data about you from third parties, including:

Business Partners: Who provide us with information necessary to deliver our services.

Service Providers: Such as analytics providers, advertising networks, and payment processors.

Publicly Available Sources: Including social media platforms and public databases.

4. Data Controllers

As a Data Processor, we process Personal Data on behalf of Data Controllers who could provide us with the data necessary to perform our contractual obligations. This includes:

Client Data: Provided by our clients for processing in accordance with their instructions and applicable data protection laws.

8. How We Store Your Personal Data

At Echo Tech Sales, we take the security and confidentiality of your Personal Data very seriously. Our approach to storing your Personal Data is guided by the principles of data protection under the EU GDPR, ensuring that your data is handled with the utmost care and responsibility.

1. Secure Storage Solutions

We use a combination of physical, technical, and administrative measures to store your Personal Data securely. These measures include:

Encryption: Personal Data is encrypted both in transit and at rest using industry-standard encryption protocols to protect it from unauthorized access.

Access Controls: We implement strict access controls to ensure that only authorized personnel can access your Personal Data. This includes multi-factor authentication and role-based access permissions.

Physical Security: Our data centers are equipped with advanced physical security measures, including surveillance, access controls, and environmental safeguards to protect against physical threats.

2. Data Minimisation and Retention

We adhere to the principle of data minimisation, ensuring that we only store Personal Data that is necessary for the purposes for which it was collected. Our data retention policies include:

Retention Periods: Personal Data is retained only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, or resolve disputes.

Data Deletion: When Personal Data is no longer needed, we securely delete or anonymize it to prevent unauthorized access or use.

3. Regular Audits and Assessments

We conduct regular audits and assessments to ensure that our data storage practices comply with data protection laws and industry standards. This includes:

Security Audits: Regular security audits to identify and address potential vulnerabilities in our data storage systems.

Compliance Assessments: Periodic assessments to ensure compliance with the GDPR and other relevant data protection regulations.

4. Incident Response and Data Breach Notification

We have a robust incident response plan in place to address any data breaches or security incidents promptly. This includes:

Incident Detection: Continuous monitoring of our systems to detect and respond to potential security incidents.

Breach Notification: In the event of a data breach, we will promptly notify the affected Data Controllers and, where required, the relevant regulatory authorities and Data Subjects.

5. Continuous Improvement

We are committed to continuously improving our data storage practices to enhance the security and confidentiality of your Personal Data. This includes:

Employee Training: Regular training sessions for our employees to ensure they understand and comply with our data protection policies and procedures.

Technology Upgrades: Investing in the latest security technologies and practices to protect your Personal Data from emerging threats.

9. Who Do We Share Your Personal Data With

At Echo Tech Sales, we take the privacy and security of your Personal Data very seriously. We only share your Personal Data with third parties when it is necessary to provide our services, comply with legal obligations, or with your explicit consent. Our data sharing practices are guided by the principles of lawfulness, fairness, and transparency.

We use personal data for the following purposes:

Service Delivery: To provide and manage our services as instructed by Data Controllers.

Communication: To respond to inquiries and provide customer support.

Improvement: To analyse and improve our services and website.

Compliance: To comply with legal obligations and protect regulatory rights.

Service Providers: We engage third-party service providers to perform various functions on our behalf. These providers are carefully selected and are required to process your Personal Data in accordance with our instructions and applicable data protection laws. Examples include:

IT and Cloud Services: Providers of hosting, data storage, and cloud computing services.

Payment Processors: Companies that process payments on our behalf.

Analytics and Marketing Services: Providers that help us analyse usage data and improve our services.

Business Partners: We may share your Personal Data with our business partners to facilitate the delivery of our services. This includes:

Joint Ventures: Partners with whom we collaborate on specific projects or initiatives.

Resellers and Distributors: Companies that help us distribute our products and services.

Legal and Regulatory Authorities: We may disclose your Personal Data to legal and regulatory authorities when required to do so by law. This includes:

Compliance with Legal Obligations: Sharing data to comply with legal processes, court orders, or regulatory requirements.

Law Enforcement: Providing data to law enforcement agencies for the prevention, detection, or investigation of criminal activities.

10. Compliance Framework: We adhere to a comprehensive data protection framework that aligns with all relevant Data Protection Laws and industry best practices listed here:

1. Data Processing Agreements: We enter into Data Processing Agreements with all Data Controllers, outlining our obligations and ensuring compliance with data protection requirements.

2. Legal Basis for Processing: Our legal basis for processing personal data includes:

Contractual Obligations: Processing necessary to fulfil our contractual obligations to Data Controllers.

Legitimate Interests: Processing based on our legitimate interests, provided these do not override your rights and freedoms.

Consent: Where you have given explicit consent for specific processing activities.

3. Data Protection Officer (DPO): We have appointed a Data Protection Officer responsible for overseeing our data protection strategy and ensuring compliance with regulatory requirements.

4. Training and Awareness: We conduct regular training sessions for our employees to ensure they understand and comply with data protection policies and procedures.

5. Data Protection Impact Assessments (DPIAs): We perform DPIAs for high-risk processing activities to identify and mitigate potential data protection risks.

6. Regular Audits and Assessments: We conduct regular internal and external audits to assess our compliance with data protection laws and identify areas for improvement.

7. Incident Response Plan: We have an incident response plan in place to promptly address any data breaches or security incidents, ensuring timely notification to Data Controllers and regulatory authorities as required.

11. Your Rights / Rights of the Data Subjects

At Echo Tech Sales, we respect and uphold the rights of data subjects as outlined under the EU GDPR. These rights ensure that individuals have control over their Personal Data and can exercise their rights in relation to the data we process. The rights of data subjects include:

1. Right to Be Informed

Data subjects have the right to be informed about the collection and use of their Personal Data. We provide clear and transparent information through our privacy notices, detailing how and why we process Personal Data.

2. Right of Access

Data subjects have the right to access their Personal Data. This includes the right to obtain confirmation that their data is being processed, access to the data itself, and other supplementary information. Requests for access can be made verbally or in writing, and we will respond within one month.

3. Right to Rectification

Data subjects have the right to have inaccurate Personal Data corrected or completed if it is incomplete. If you believe that any information, we hold about you is inaccurate, you can request rectification, and we will update our records accordingly. Reach out to us on Contact@echotechsales.com

4. Right to Erasure (Right to Be Forgotten)

Data subjects have the right to request the deletion of their Personal Data in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected, or if they withdraw their consent. We will comply with such requests unless we have a legitimate reason to retain the data. If you wish to stop receiving any communication from us or wish to erase your data from our records do drop us an email on Contact@echotechsales.com

5. Right to Restrict Processing

Data subjects have the right to request the restriction of processing of their Personal Data in specific situations, such as when they contest the accuracy of the data or object to its processing. We will limit the processing of the data while we review the request. To exercise Right to Restrict Processing send us the email on Contact@echotechsales.com

6. Right to Data Portability

Data subjects have the right to receive their Personal Data in a structured, commonly used, and machine-readable format. They also have the right to request that we transfer this data to another data controller, where technically feasible.

7. Right to Object

Data subjects have the right to object to the processing of their Personal Data in certain circumstances, such as for direct marketing purposes or when processing is based on legitimate interests. We will cease processing the data unless we can demonstrate compelling legitimate grounds for the processing.

8. Rights Related to Automated Decision-Making and Profiling

Data subjects have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects or significantly affects them. We ensure that any automated decision-making processes are fair and transparent, and we provide the option for human intervention where necessary.

9. Right to Withdraw Consent

Where we rely on consent as the legal basis for processing Personal Data, data subjects have the right to withdraw their consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.

10. Do Not Sell My Data:

We respect your right to privacy and will not sell your Personal Data to third parties if you desire. If you have any concerns about how your data is shared, please contact us on Contact@echotechsales.com, and we will address your concerns promptly.

11. Right to Complain

Data subjects have the right to lodge a complaint with a supervisory authority if they believe that their data protection rights have been violated. We encourage individuals to contact us at Contact@echotechsales.com first to resolve any concerns.

10. Contact Us

If you have any questions or concerns about this Privacy Notice or our data practices, please contact us at Contact@echotechsales.com

11. Changes to This Privacy Notice

We may update this Privacy Notice from time to time. Any changes will be posted on our website with an updated effective date. Last Updated on October 20, 2024