We do not use your information for automated decision-making, profiling, or unsolicited marketing without your consent.

How We Store and Protect Your Information

Contact form submissions are received and stored within VRDD LLC’s business communication systems. We implement reasonable technical and organizational measures to protect your information against unauthorized access, loss, or disclosure.

No method of transmission over the internet or electronic storage is completely secure. While we take data protection seriously, we cannot guarantee absolute security.

4.1 Retention Periods

We retain personal information only for as long as necessary to fulfill the purpose for which it was collected or as required by applicable law. Our standard retention periods are:

• Contact form submissions that result in a client engagement: retained for the duration of the engagement and for five (5) years thereafter, in accordance with standard business record-keeping practices.

• Contact form submissions that do not result in an engagement: retained for up to twenty-four (24) months from the date of submission for re-engagement purposes, then securely deleted.

• Automatically collected technical data (server logs, analytics): retained for up to thirteen (13) months, as determined by the Squarespace platform.

• Cookie consent records: retained for up to twelve (12) months or until consent is withdrawn, whichever occurs first. 

Upon expiration of the applicable retention period, personal information is securely deleted or anonymized.

Information Sharing and Disclosure

VRDD LLC does not sell, rent, trade, or otherwise transfer your personal information to third parties for commercial purposes.

We may share your information only in the following limited circumstances:

Service Providers. Third-party platforms necessary to operate the Site process data on our behalf as data processors. Current processors include:

• Squarespace, Inc. — Site hosting, form processing, and analytics. Squarespace processes data under a Data Processing Agreement that includes Standard Contractual Clauses for transfers to the United States. See Section 6 for details.

• Microsoft Corporation (Microsoft 365) — Business communication and storage of contact form submissions. Microsoft processes data under Microsoft’s Data Processing Agreement and applicable standard contractual clauses.

Legal Compliance. If required by law, court order, or governmental authority.

Business Protection. To protect the rights, property, or safety of VRDD LLC, its principals, or others where permitted by law.

6. International Data Transfers

VRDD LLC is based in the United States. If you access this Site from the European Economic Area (EEA), the United Kingdom, or other regions with data protection laws that may differ from those of the United States, please be aware that your information may be transferred to and processed in the United States.

We ensure appropriate safeguards are in place for any such transfers:

·       Squarespace: Transfers of personal data from the EEA/UK to the United States are covered by Squarespace’s Standard Contractual Clauses (EU SCCs, 2021 version) incorporated into their Data Processing Agreement.

·       Microsoft 365: Transfers of personal data from the EEA/UK to the United States are covered by Microsoft’s Standard Contractual Clauses incorporated into their Data Processing Agreement.

For more information about the safeguards in place, or to obtain a copy of the relevant transfer documentation, contact us at gvongfak@vrddllc.onmicrosoft.com.

7. Third-Party Platforms

This Site is hosted on Squarespace. Squarespace’s privacy policy governs data processed through their platform infrastructure. We encourage you to review Squarespace’s privacy policy at squarespace.com.

Links to third-party sites on this Site are governed by those sites’ own privacy policies. VRDD LLC is not responsible for the privacy practices of third-party sites.

8. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information under applicable law.

8.1 California Residents (CCPA / CPRA)

·       The right to know what categories of personal information we collect, use, disclose, and share, and to request a copy of the specific personal information collected about you.

·       The right to delete your personal information, subject to certain exceptions.

·       The right to correct inaccurate personal information we hold about you.

·       The right to opt out of the sale or sharing of your personal information. (Note: We do not sell personal information and do not share it for cross-context behavioral advertising purposes.)

·       The right to limit our use and disclosure of sensitive personal information to purposes authorized by law. (Note: We do not collect sensitive personal information beyond what is strictly necessary to respond to your inquiry.)

·       The right to non-discrimination for exercising any of your privacy rights.

Global Privacy Control (GPC). We honor the Global Privacy Control browser signal as a valid opt-out of the sale or sharing of personal information for California residents. Because we do not sell or share personal information for cross-context behavioral advertising, receipt of a GPC signal will be acknowledged but will result in no change to our processing practices.

8.2 European Economic Area and United Kingdom Residents (GDPR / UK GDPR)

• The right to access your personal data and receive a copy of the personal data we hold about you.

• The right to rectification of inaccurate or incomplete personal data.

• The right to erasure (“right to be forgotten”), subject to applicable legal retention obligations.

• The right to restriction of processing in certain circumstances.

• The right to object to processing based on legitimate interest.

• The right to data portability where processing is based on consent or contract and is carried out by automated means.

• The right to withdraw consent at any time where processing is based on consent, without affecting the lawfulness of processing prior to withdrawal.

• The right to lodge a complaint with a supervisory authority. If you are in the EEA, you may contact the data protection authority in your country of residence. If you are in the United Kingdom, you may contact the Information Commissioner’s Office (ICO) at ico.org.uk.

8.3 How to Exercise Your Rights

To exercise any of the rights described above, contact us at gvongfak@vrddllc.onmicrosoft.com. Please include sufficient information to identify yourself and describe your request. We will respond within the timeframe required by applicable law — within 45 calendar days for California residents (extendable by an additional 45 days with notice) and within 30 days for EEA/UK residents (extendable by 60 days for complex requests).

We may need to verify your identity before fulfilling your request. We will not discriminate against you for exercising your rights.

Children’s Privacy

This Site is not directed at children. We do not knowingly collect personal information from children under the age of 13 (or under the age of 16 for users in the European Economic Area or United Kingdom, where GDPR Article 8 applies). If you are a parent or guardian and believe your child has submitted personal information through this Site, contact us immediately at gvongfak@vrddllc.onmicrosoft.com and we will take steps to remove it.

Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or applicable law. The “Last updated” date at the top of this page reflects the most recent revision.

For minor, non-material changes (such as corrections or clarifications), we will update the policy on this page. For material changes — particularly changes that affect how we collect, use, or share your personal information, or that affect your rights — we will provide reasonable advance notice where practicable. If you have previously submitted contact information through this Site and we have a current means of reaching you, we will endeavor to notify you of material changes directly.

For EEA/UK residents whose data is processed on the basis of consent: material changes affecting consent-based processing will require renewed consent before the revised practices take effect.

We encourage you to review this Policy periodically. Continued use of the Site following any update constitutes acceptance of the revised Policy for non-consent-based processing activities.

Contact

For privacy-related questions, requests, or concerns:

VRDD LLC / The KAWI Agency
Email: gvongfak@vrddllc.onmicrosoft.com
Web: vongfak.com

We aim to respond to all privacy-related inquiries within ten (10) business days of receipt.