Privacy Policy

1. Data Controller

T Graham Consulting is the data controller responsible for your personal data. If you have any questions about this privacy policy or our data practices, please contact us at:

• Email: hello@tgrahamconsulting.com
• Website: www.tgrahamconsulting.com

2. Information We Collect

2.1 Information You Provide Directly

When you contact us through our website contact form, we collect:

• Contact Information: Name and email address (required)
• Service Interest: Information about which services you're interested in (optional)
• Message Content: Any information you choose to include in your message to us

2.2 Information Collected Automatically

When you visit our website, we may automatically collect:

• Technical Information: IP address, browser type, operating system, and device information
• Usage Data: Pages visited, time spent on pages, and navigation paths
• Referral Information: The website that referred you to our site

2.3 Third-Party Services

Our website uses the following third-party services:

• Netlify: For website hosting and contact form processing
• Google Fonts: For typography (connects to fonts.googleapis.com and fonts.gstatic.com)

3. How We Use Your Information

We use your personal data for the following purposes:

• Respond to Inquiries: To answer your questions and respond to your contact form submissions
• Provide Services: To discuss potential consulting services and provide quotes or proposals
• Business Communication: To maintain business relationships and follow up on project discussions
• Legal Compliance: To comply with legal obligations and protect our legal rights
• Website Improvement: To analyze and improve our website performance and user experience

4. Legal Basis for Processing

For users in the European Economic Area (EEA) and UK, we process your personal data under GDPR based on:

• Legitimate Interests: To respond to inquiries and conduct business communications
• Contract Performance: To discuss and potentially enter into consulting service agreements
• Consent: Where you have explicitly consented to specific processing activities
• Legal Obligations: To comply with applicable laws and regulations

5. Data Sharing and Disclosure

We do not sell your personal data. We may share your information with:

• Service Providers: Netlify for form processing and website hosting
• Legal Authorities: When required by law or to protect our legal rights
• Business Transfers: In connection with any merger, sale, or acquisition of our business

6. International Data Transfers

Your data may be transferred to and processed in countries outside your jurisdiction. We ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions for countries with equivalent data protection standards
• Appropriate technical and organizational security measures

7. Data Retention

We retain your personal data only as long as necessary:

• Contact Form Data: Retained for up to 2 years after your last contact unless you become a client
• Client Data: Retained for the duration of the business relationship plus 7 years for tax and legal purposes
• Technical Data: Retained for up to 90 days for security and website improvement purposes

8. Your Rights

8.1 European Economic Area (EEA) and UK Rights

If you are in the EEA or UK, you have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data ("right to be forgotten")
• Restriction: Limit how we process your data
• Portability: Receive your data in a structured, machine-readable format
• Object: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent at any time where processing is based on consent
• Complain: Lodge a complaint with your local supervisory authority (UK: Information Commissioner's Office at ico.org.uk; EU: your national data protection authority)

We will acknowledge your complaint within 30 days and provide a full response without undue delay.

8.2 California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the right to:

• Know: Request information about the personal data we collect, use, and share
• Delete: Request deletion of your personal data
• Correct: Request correction of inaccurate personal data
• Opt-Out: Opt-out of the sale or sharing of your personal data (Note: We do not sell or share personal data)
• Limit: Limit the use of sensitive personal information
• Non-Discrimination: Not be discriminated against for exercising your privacy rights

To exercise these rights, contact us at hello@tgrahamconsulting.com. We will respond within 45 days as required by the CCPA/CPRA regulations effective January 1, 2026.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• HTTPS encryption for all website communications
• Secure hosting infrastructure with Netlify
• Regular security assessments and updates
• Access controls and authentication measures
• Employee training on data protection principles

10. Children's Privacy

Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal data from children. If we learn we have collected information from a child, we will delete it promptly.

11. Do Not Track Signals

Our website does not currently respond to Do Not Track (DNT) signals. However, we honor Global Privacy Control (GPC) signals as required by California law effective January 1, 2026.

12. Changes to This Privacy Policy

We may update this privacy policy periodically to reflect changes in our practices or legal requirements. We will notify you of material changes by:

• Posting the updated policy on this page with a new "Last Updated" date
• Providing notice on our website homepage
• Sending email notification if you are an existing client or have provided contact information

13. Contact Us

If you have questions about this privacy policy or wish to exercise your data protection rights, please contact us:

• Email: hello@tgrahamconsulting.com
• Response Time: We aim to respond within 24-48 hours for general inquiries and within the legally required timeframes for formal data protection requests (30 days for GDPR, 45 days for CCPA/CPRA)