Privacy Policy

Last updated: March 1, 2024

Your Privacy Matters to Us

At Ethical Crystals, we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, platform, and services.

๐Ÿ”’

Secure Data Protection

Your data is encrypted and stored securely using industry-standard security measures.

๐ŸŽฏ

Purpose-Driven Collection

We only collect information necessary to provide and improve our certification services.

๐Ÿค

No Data Sales

We never sell your personal information to third parties for marketing purposes.

โš–๏ธ

Your Rights

You have full control over your data with options to access, update, or delete it.

Table of Contents

  1. Information We Collect
  2. How We Use Your Information
  3. Information Sharing and Disclosure
  4. Data Security
  5. Data Retention
  6. Your Privacy Rights
  7. Cookies and Tracking
  8. International Data Transfers
  9. Children's Privacy
  10. Changes to This Policy
  11. Contact Us

1. Information We Collect

1.1 Personal Information You Provide

We collect information you voluntarily provide to us, including:

  • Account Information: Name, email address, phone number, company name, and password
  • Business Information: Business registration details, tax identification, addresses, and contact information
  • Certification Documents: Supplier contracts, permits, certifications, and compliance documentation
  • Payment Information: Billing address and payment method details (processed securely by third-party providers)
  • Communication Data: Messages, feedback, and support requests

1.2 Information We Collect Automatically

When you use our services, we automatically collect:

  • Usage Data: Pages visited, time spent, clicks, and user interactions
  • Device Information: IP address, browser type, operating system, and device identifiers
  • Log Data: Server logs, error reports, and performance metrics
  • Location Data: General geographic location based on IP address

1.3 Information from Third Parties

We may receive information about you from:

  • Third-party authentication services (if you choose to sign in with them)
  • Business partners and certification authorities
  • Public databases and government registries
  • Social media platforms (when you interact with our content)

2. How We Use Your Information

We use your information for the following purposes:

2.1 Service Provision

  • Processing certification applications and assessments
  • Managing user accounts and subscriptions
  • Facilitating communication between users
  • Providing customer support and technical assistance

2.2 Business Operations

  • Processing payments and managing billing
  • Conducting audits and compliance checks
  • Maintaining our directory and blacklist
  • Generating analytics and reports

2.3 Communication

  • Sending service-related notifications
  • Providing certification updates and alerts
  • Delivering newsletters and educational content (with consent)
  • Responding to inquiries and support requests

2.4 Security and Legal Compliance

  • Detecting and preventing fraud or abuse
  • Enforcing our terms and policies
  • Complying with legal obligations
  • Protecting the rights and safety of users

3. Information Sharing and Disclosure

We may share your information in the following circumstances:

3.1 Public Directory Information

For certified businesses, we display the following information publicly:

  • Business name and location
  • Certification status and trust score
  • Badge level and certification date
  • General business description

3.2 Service Providers

We share information with trusted third-party service providers who assist us with:

  • Payment processing
  • Cloud hosting and data storage
  • Email delivery and communication
  • Analytics and performance monitoring

3.3 Legal Requirements

We may disclose information when required by law or to:

  • Comply with legal processes or court orders
  • Respond to government requests
  • Protect our rights and property
  • Ensure user safety and prevent illegal activities

3.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

4. Data Security

We implement comprehensive security measures to protect your information:

๐Ÿ” Encryption

All data is encrypted in transit and at rest using industry-standard encryption protocols.

๐Ÿ›ก๏ธ Access Controls

Strict access controls ensure only authorized personnel can access your data.

๐Ÿ” Regular Audits

We conduct regular security audits and vulnerability assessments.

๐Ÿ’พ Secure Backups

Data backups are encrypted and stored in secure, geographically distributed locations.

Note: While we implement robust security measures, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security of your information.

5. Data Retention

We retain your information for as long as necessary to:

  • Provide our services and maintain your account
  • Comply with legal obligations and regulatory requirements
  • Resolve disputes and enforce our agreements
  • Maintain certification records and audit trails

Retention Periods:

  • Account Data: Until account deletion plus 7 years for compliance
  • Certification Records: 10 years after certification expiry
  • Payment Data: 7 years for tax and accounting purposes
  • Communication Data: 3 years for support purposes

6. Your Privacy Rights

You have the following rights regarding your personal information:

๐Ÿ“‹ Right to Access

Request a copy of the personal information we hold about you.

โœ๏ธ Right to Rectification

Correct any inaccurate or incomplete personal information.

๐Ÿ—‘๏ธ Right to Erasure

Request deletion of your personal information in certain circumstances.

โ›” Right to Restrict Processing

Limit how we process your personal information.

๐Ÿ“ค Right to Data Portability

Receive your data in a structured, machine-readable format.

โŒ Right to Object

Object to certain types of processing, including marketing.

To exercise these rights, please contact us at privacy@ethicalcrystals.com. We will respond to your request within 30 days.

7. Cookies and Tracking

We use cookies and similar tracking technologies to:

  • Remember your preferences and settings
  • Analyze website traffic and user behavior
  • Provide personalized content and advertising
  • Ensure website security and prevent fraud

You can control cookies through your browser settings. For detailed information, see our Cookie Policy.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for such transfers, including:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions for certain countries
  • Certification schemes and codes of conduct

9. Children's Privacy

Our services are not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete such information.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the updated policy on our website
  • Sending an email notification to registered users
  • Displaying a prominent notice on our platform

Your continued use of our services after the changes become effective constitutes acceptance of the updated policy.

11. Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us:

Privacy Officer
Ethical Crystals, Inc.
123 Ethical Way, Suite 400
San Francisco, CA 94105
Email: privacy@ethicalcrystals.com
Phone: +1 (555) 012-3456

EU Representative:
For users in the European Union, our EU representative can be contacted at:
Email: eu-privacy@ethicalcrystals.com