Data Protection & Compliance GDPR · CCPA · EU-Hosted
Privacy Policy
Effective Date: March 9, 2026
Last Updated: March 9, 2026
1. Who We Are
Elevating Brands (“we,” “us,” “our”) is a marketing consultancy operated by Lester Laine. This Privacy Policy explains how we collect, use, store, and protect personal data when you visit our website (elevatingbrands.net), use our services, or interact with us.
Data Controller: Elevating Brands
Contact: privacy@elevatingbrands.net
Infrastructure Location: European Union (Frankfurt, Germany)
2. What Data We Collect
We collect personal data in the following categories:
Information you provide directly:
- Name, email address, company name, and job title (when you contact us or fill out a form)
- Business information shared during consultations or engagements
- Communication records (emails, meeting notes, project files)
Information collected automatically:
- IP address and approximate geographic location
- Browser type, device type, and operating system
- Pages visited, time spent, and navigation patterns on our website
- Referral source (how you found us)
Information from third parties:
- Professional profile data from LinkedIn (only when publicly available)
- Analytics data from Google Analytics and HubSpot
3. How We Use Your Data
We process personal data for the following purposes:
- Service delivery: To provide consulting services you’ve engaged us for
- Communication: To respond to inquiries and maintain client relationships
- Website improvement: To analyze how visitors use our site and improve the experience
- Marketing: To send relevant content and updates (only with your consent)
- Legal compliance: To meet our obligations under applicable law
Legal Basis for Processing (GDPR):
- Consent — for marketing communications and non-essential cookies
- Contractual necessity — for delivering services you’ve engaged
- Legitimate interest — for website analytics, security, and business development
- Legal obligation — for tax, regulatory, and compliance requirements
4. Cookies and Tracking
Our website uses cookies and similar technologies. For detailed information about what cookies we use and how to manage your preferences, please see our Cookie Policy.
5. How We Share Your Data
We do not sell personal data. We share data only in these limited circumstances:
- Service providers: We use third-party tools to operate our business (hosting, analytics, CRM, email). These providers process data on our behalf under contractual data protection agreements.
- Legal requirements: We may disclose data if required by law, court order, or regulatory authority.
- Business transfers: In the event of a merger, acquisition, or sale of business assets, personal data may be transferred as part of that transaction.
Key third-party processors:
| Provider | Purpose | Location |
|---|---|---|
| Supabase | Infrastructure & data hosting | EU (Frankfurt) |
| HubSpot | CRM & marketing automation | US (DPF certified) |
| Google Analytics | Website analytics | US (DPF certified) |
| Cloudflare | Security & performance | Global |
6. International Data Transfers
Our primary infrastructure is located in the European Union. When data is transferred outside the EEA (for example, to US-based service providers), we ensure appropriate safeguards are in place, including:
- EU-U.S. Data Privacy Framework (DPF) certification of the receiving party
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions where applicable
7. Data Retention
We retain personal data only as long as necessary for the purposes described in this policy:
| Data Type | Retention Period |
|---|---|
| Client engagement data | 5 years after engagement ends |
| Website analytics | 26 months |
| Marketing contact data | Until consent is withdrawn |
| Inquiry/contact form data | 2 years |
| Financial/billing data | 7 years (legal requirement) |
After these periods, data is securely deleted or anonymized.
8. Your Rights
If you are in the EU/EEA (under GDPR), you have the right to:
- Access the personal data we hold about you
- Rectify inaccurate or incomplete data
- Erase your data (“right to be forgotten”)
- Restrict processing of your data
- Data portability (receive your data in a structured format)
- Object to processing based on legitimate interest
- Withdraw consent at any time
If you are in California (under CCPA/CPRA), you have the right to:
- Know what personal information we collect, use, and disclose
- Delete your personal information
- Opt out of the sale or sharing of personal information (we do not sell personal data)
- Non-discrimination for exercising your privacy rights
To exercise any of these rights, contact us at: privacy@elevatingbrands.net
We will respond to your request within 30 days (GDPR) or 45 days (CCPA).
9. Data Security
We implement appropriate technical and organizational measures to protect your personal data, including:
- Encryption in transit (TLS/SSL) and at rest
- Row-level security on all database tables
- Role-based access controls
- Regular security audits and monitoring
- Infrastructure hosted in EU data centers with enterprise-grade physical security
10. Children’s Privacy
Our services are directed at businesses and professionals. We do not knowingly collect personal data from individuals under the age of 16. If you believe we have collected data from a minor, please contact us immediately.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be posted on this page with an updated effective date. If changes significantly affect how we process your data, we will notify you directly.