Legal Documents

Terms & Conditions of Use

Applicable to: databranding.net · Governing entity: Databranding LLC, Orlando, Florida, USA · Effective: April 2025

Please read these Terms and Conditions of Use ("Terms") carefully before using this website and any services offered through it. By accessing or using this site, you agree to be bound by these Terms. If you do not agree, do not use this site.

1. Parties

These Terms govern the relationship between you ("User") and Databranding LLC, a company registered in the State of Florida, USA, with principal offices at 121 S. Orange Ave, Suite 1500, Orlando, FL 32801 ("Databranding," "we," "us," or "our"). For users located in Mexico or engaging with services under the Mexican entity, references to "Databranding" shall also include Inbound Latam S.A. de C.V., Ciudad de México, as applicable.

2. Intellectual Property & Copyright

All content on this site — including text, graphics, videos, code, design elements, and methodologies (including "Authority Architecture") — is the exclusive property of Databranding LLC and/or its licensors and is protected under United States copyright law (17 U.S.C. § 101 et seq.), applicable international treaties, and, where applicable, Mexican Federal Copyright Law (Ley Federal del Derecho de Autor).

You may view, download, or print content solely for personal, non-commercial use. Any reproduction, distribution, public display, modification, or commercial exploitation of any content without prior written consent from Databranding is strictly prohibited.

The following are registered or common law trademarks of Databranding LLC: Databranding, Databranding.net, SIGNAL, STORY ENGINE, COMMAND CENTER, and Authority Architecture. Unauthorized use is prohibited.

3. Permitted Use & Restrictions

You agree to use this site only for lawful purposes and in a manner consistent with all applicable local, state, national, and international laws. You specifically agree not to:

• Upload, post, or transmit any content that is defamatory, obscene, threatening, or infringes the rights of any third party.
• Impersonate Databranding, its employees, partners, or any other person.
• Attempt to gain unauthorized access to any portion of this site or its related systems.
• Use automated tools (scrapers, bots, crawlers) to extract content without written permission.
• Use the site in any manner that could overload, damage, or impair its infrastructure.

4. AI-Powered Features & Tools

This site may integrate artificial intelligence tools, including but not limited to automated chatbots, AI-assisted diagnostics, and content personalization features. By interacting with any AI-powered feature, you acknowledge that:

• Outputs generated by AI tools are informational and do not constitute professional, legal, financial, or medical advice.
• Databranding does not guarantee the accuracy, completeness, or fitness for any particular purpose of AI-generated outputs.
• Conversations or inputs submitted to AI features may be processed and stored in accordance with our Privacy Notice.
• You will not attempt to manipulate, reverse-engineer, or extract proprietary model behavior from any AI feature on this site.

5. Marketing & Analytics Technologies

This site uses third-party marketing and analytics technologies including, but not limited to, HubSpot CRM, Google Analytics (GA4), Meta Pixel, Google Ads tags, and similar tracking technologies. These tools may collect data about your visit, device, and interaction with our content. Their use is governed by our Privacy Notice and, where applicable, applicable cookie consent mechanisms. You may opt out of non-essential tracking as described in the Privacy Notice.

6. Disclaimer of Warranties

This site and all content, materials, and services are provided on an "AS IS" and "AS AVAILABLE" basis, without warranties of any kind, either express or implied, including but not limited to implied warranties of merchantability, fitness for a particular purpose, non-infringement, or course of performance.

Databranding does not warrant that the site will operate without interruption or error, that defects will be corrected, or that the site or its servers are free of viruses or harmful components.

7. Limitation of Liability

To the maximum extent permitted by applicable law, Databranding LLC, its officers, directors, employees, partners, agents, and licensors shall not be liable for any indirect, incidental, special, consequential, punitive, or exemplary damages arising from or related to your use of, or inability to use, this site or its content — even if Databranding has been advised of the possibility of such damages.

Databranding's total aggregate liability to you for any claim arising out of or relating to these Terms or the site shall not exceed USD $100.

8. Indemnification

You agree to indemnify, defend, and hold harmless Databranding LLC, Inbound Latam S.A. de C.V., and their respective officers, directors, employees, agents, and licensors from and against any and all claims, damages, obligations, losses, liabilities, costs, and expenses (including reasonable attorneys' fees) arising from: (a) your use of the site; (b) your violation of these Terms; (c) your violation of any third-party rights, including intellectual property or privacy rights; or (d) any content you submit through the site.

9. Typographical Errors & Pricing

In the event that a service or product is listed at an incorrect price due to a typographical error, Databranding reserves the right to cancel or refuse any order placed at the incorrect price, whether or not the order has been confirmed or payment processed. If payment has been made, a full refund will be issued.

10. Third-Party Links

This site may contain links to third-party websites. These links are provided for convenience only. Databranding has no control over the content, privacy practices, or policies of any linked sites and accepts no responsibility for them. Access to linked sites is at your own risk.

11. Governing Law & Dispute Resolution

These Terms are governed by and construed in accordance with the laws of the State of Florida, United States, without regard to its conflict of law provisions. Any disputes arising from or relating to these Terms or your use of the site shall be submitted to the exclusive jurisdiction of the state and federal courts located in Orange County, Florida, USA. You waive any objection to jurisdiction or venue in such courts.

For users in Mexico who contract services through Inbound Latam S.A. de C.V., disputes shall be governed by the applicable laws of Mexico, with exclusive jurisdiction in the courts of Guadalajara, Jalisco.

12. Modifications to Terms

Databranding reserves the right to modify these Terms at any time. Changes will be posted on this page with an updated effective date. Continued use of the site after changes are posted constitutes acceptance of the revised Terms.

13. Termination

Databranding may terminate or suspend your access to the site at any time, without prior notice, for any reason, including breach of these Terms. All provisions that by their nature should survive termination — including intellectual property, disclaimer of warranties, limitation of liability, and indemnification — shall survive.

14. Entire Agreement

These Terms, together with the Privacy Notice, constitute the entire agreement between you and Databranding regarding the use of this site and supersede all prior agreements, representations, or understandings.

Privacy Notice

Applicable to: databranding.net · Responsible party: Databranding LLC, Orlando, Florida, USA · Effective: April 2025

This Privacy Notice explains how Databranding LLC ("Databranding," "we," "us," "our") collects, uses, stores, shares, and protects your personal information when you visit our website or use our services. Please read it carefully.

1. Who Is Responsible for Your Data

Databranding LLC
121 S. Orange Ave, Suite 1500, Orlando, FL 32801, USA
Email: info@databranding.net

For users in Mexico, the responsible party is Inbound Latam S.A. de C.V., Sierra Madre 115, Lomas de Chapultepec, CDMX C.P. 11000. Data protection contact: Miguel Ángel Tolsá — info@databranding.net.

2. What Information We Collect

We may collect the following categories of personal information:

• Identification data: Name, email address, phone number, company name, job title.
• Communication data: Messages, inquiries, and content you submit through forms, email, or chat features.
• Transaction data: Billing address, payment method details (processed by third-party payment processors — we do not store card numbers).
• Usage data: Pages visited, time on site, referring URLs, clicks, form interactions.
• Technical data: IP address, browser type and version, operating system, device identifiers.
• AI interaction data: Inputs submitted to any AI-powered chatbot or diagnostic tool on this site.
• Cookie & tracking data: As described in Section 6 below.

3. How We Use Your Information

We use the information we collect for the following purposes:

• To respond to inquiries and provide the services you request.
• To process transactions and manage commercial contracts.
• To send service updates, promotional communications, and newsletters (where you have opted in).
• To personalize your experience on the site.
• To operate, maintain, and improve our website and services.
• To comply with legal obligations.
• To conduct internal analytics and market research.
• To operate AI-powered features including chatbots and diagnostic tools.

4. Legal Basis for Processing (GDPR / applicable law)

Where applicable law requires a legal basis for processing, we rely on one or more of the following: (a) your consent; (b) performance of a contract with you; (c) compliance with a legal obligation; (d) our legitimate interests in operating and improving our business, provided those interests are not overridden by your rights.

5. How We Protect Your Information

We implement administrative, technical, and physical security measures appropriate to the sensitivity of the information we hold. These include access controls, encrypted data transmission via SSL/TLS, limited access to personal data on a need-to-know basis, and contractual obligations with third-party processors.

No method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to using industry-standard practices.

6. Cookies, Pixels & Tracking Technologies

We use the following types of tracking technologies on this site:

• Essential cookies: Required for the site to function. Cannot be disabled.
• Analytics cookies: Tools such as Google Analytics (GA4) to understand site usage and improve our content.
• Marketing cookies: Tools such as HubSpot tracking, Meta Pixel, and Google Ads tags to measure campaign performance and retarget audiences. These are activated only when required for active campaigns.
• Functionality cookies: Remember your preferences and settings.
• Web beacons / pixel tags: Small invisible images embedded in pages or emails to track behavior such as open rates and page interactions.

You may manage cookie preferences through our cookie consent banner or via your browser settings. Opting out of non-essential cookies will not affect your ability to use the site's core functions.

7. AI-Powered Tools & Data Processing

This site may include AI-powered chatbots, diagnostic tools, and content personalization features. When you interact with these features:

• Inputs you provide may be processed by third-party AI providers under data processing agreements.
• We do not use your inputs to train third-party AI models without your explicit consent.
• AI interaction logs may be retained for a limited period for quality assurance and service improvement purposes.

8. How We Share Your Information

We do not sell your personal information. We may share it with:

• Service providers: CRM platforms (HubSpot), email delivery services, payment processors, hosting providers, and AI tool providers — all operating under data processing agreements.
• Government authorities: When required by law, court order, or legal process.
• Business transfers: In connection with a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction.

All third-party processors are contractually required to protect your data and use it only for the purposes we specify.

9. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Rectification: Request correction of inaccurate data.
• Erasure: Request deletion of your personal data, subject to legal retention requirements.
• Restriction: Request that we limit how we use your data.
• Portability: Receive your data in a structured, machine-readable format.
• Objection: Object to processing based on legitimate interests or for direct marketing.
• Withdraw consent: Where processing is based on consent, withdraw it at any time without affecting prior processing.

California residents (CCPA/CPRA): You have the right to know what personal information we collect, the right to delete, the right to opt out of the sale of personal information (we do not sell personal information), and the right not to be discriminated against for exercising your rights. To submit a request, email us at info@databranding.net with the subject line "CCPA Request."

To exercise any of your rights, contact us at info@databranding.net. We will respond within 15 business days.

10. Data Retention

We retain personal data for as long as necessary to fulfill the purposes described in this notice, comply with legal obligations, resolve disputes, and enforce our agreements. When data is no longer needed, we delete or anonymize it using secure methods.

11. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence, including the United States and Mexico. Where required, we ensure appropriate safeguards are in place (such as standard contractual clauses) to protect your data during international transfers.

12. Links to Third-Party Sites

Our site may contain links to third-party websites with independent privacy policies. We are not responsible for their content or privacy practices. We encourage you to review the privacy policy of any site you visit.

13. Changes to This Privacy Notice

We reserve the right to update this Privacy Notice at any time to reflect changes in law, our practices, or our services. Updated versions will be posted on this page with a revised effective date. We encourage you to review this notice periodically.

Aviso de Privacidad

Aplicable a: databranding.net · Responsable: Inbound Latam S.A. de C.V., Ciudad de México · Vigente desde: abril 2025

El presente Aviso de Privacidad se emite en cumplimiento de la Ley Federal de Protección de Datos Personales en Posesión de los Particulares (LFPDPPP) y su Reglamento, de conformidad con lo establecido en los artículos 15 y 16 de dicha Ley.

1. Identidad y Domicilio del Responsable

Inbound Latam S.A. de C.V.
Sierra Madre 115, Lomas de Chapultepec, C.P. 11000
Ciudad de México, México
Correo electrónico: info@databranding.net

La persona responsable del tratamiento de datos personales es Miguel Ángel Tolsá. Para usuarios en Estados Unidos, el responsable es Databranding LLC, con domicilio en 121 S. Orange Ave, Suite 1500, Orlando, FL 32801, USA.

Inbound Latam S.A. de C.V. ha designado un comité técnico multidisciplinario para la protección de datos personales, al que podrá dirigir cualquier solicitud relacionada con sus derechos ARCO.

2. Datos Personales que Recopilamos

Recopilamos las siguientes categorías de datos personales:

• Datos de identificación: Nombre, correo electrónico, número telefónico, nombre de empresa y cargo.
• Datos de comunicación: Mensajes, consultas y contenido que usted envíe a través de formularios, correo electrónico o funciones de chat.
• Datos de transacción: Dirección de facturación y método de pago (procesado por procesadores de pago de terceros — no almacenamos números de tarjeta).
• Datos de uso: Páginas visitadas, tiempo en el sitio, URLs de referencia, clics e interacciones con formularios.
• Datos técnicos: Dirección IP, tipo y versión de navegador, sistema operativo, identificadores de dispositivo.
• Datos de interacción con IA: Entradas que usted proporcione a cualquier chatbot o herramienta de diagnóstico basada en inteligencia artificial disponible en el sitio.
• Datos de cookies y rastreo: Conforme a lo descrito en la Sección 6 del presente Aviso.

3. Finalidades del Tratamiento

Finalidades primarias (necesarias para la prestación del servicio):

• Responder a sus consultas y prestar los servicios solicitados.
• Procesar transacciones y gestionar contratos comerciales.
• Cumplir con obligaciones fiscales y legales aplicables.
• Evaluar la calidad del servicio y realizar estudios internos sobre hábitos de consumo.

Finalidades secundarias (sujetas a su consentimiento):

• Envío de comunicaciones promocionales, newsletters y actualizaciones de servicios.
• Personalización de su experiencia en el sitio.
• Elaboración de perfiles comerciales y análisis de mercado.
• Realización de encuestas de satisfacción.

Si usted no desea que sus datos sean tratados para las finalidades secundarias, puede manifestarlo enviando un correo a info@databranding.net con el asunto "Oposición a finalidades secundarias".

4. Cómo Protegemos su Información

Implementamos medidas de seguridad administrativas, técnicas y físicas apropiadas a la sensibilidad de los datos que resguardamos. Estas incluyen controles de acceso, transmisión encriptada de datos mediante SSL/TLS, acceso restringido a datos personales en función de la necesidad de conocimiento, y obligaciones contractuales con procesadores terceros.

5. Transferencias de Datos Personales

Sus datos personales podrán ser transferidos a las siguientes categorías de destinatarios, según se requiera para el cumplimiento de las finalidades descritas:

• Proveedores de servicios tecnológicos (plataformas CRM como HubSpot, servicios de correo electrónico, procesadores de pago, proveedores de hospedaje y proveedores de herramientas de IA).
• Bancos e instituciones financieras.
• Dependencias gubernamentales, cuando sea requerido por ley.
• Aseguradoras y burós de crédito.

Conforme al artículo 36 de la LFPDPPP, si usted no manifiesta oposición a la transferencia de sus datos dentro de los 5 días hábiles siguientes a la recepción del presente aviso, se entenderá otorgado su consentimiento. Para oponerse, envíe su solicitud a info@databranding.net.

6. Cookies, Web Beacons y Tecnologías de Rastreo

Le informamos que utilizamos las siguientes tecnologías de rastreo en este sitio:

• Cookies esenciales: Necesarias para el funcionamiento del sitio. No pueden desactivarse.
• Cookies analíticas: Herramientas como Google Analytics (GA4) para comprender el uso del sitio y mejorar nuestro contenido.
• Cookies de marketing: Herramientas como HubSpot Tracking, Meta Pixel y etiquetas de Google Ads para medir el rendimiento de campañas y retargeting de audiencias. Se activan únicamente cuando se requieren para campañas activas.
• Web beacons / píxeles: Imágenes invisibles insertadas en páginas o correos electrónicos para rastrear comportamiento como tasas de apertura e interacciones con páginas.

Puede gestionar sus preferencias de cookies a través del banner de consentimiento disponible en el sitio o mediante la configuración de su navegador. La desactivación de cookies no esenciales no afectará su capacidad de utilizar las funciones principales del sitio.

Los datos recabados a través de estas tecnologías incluyen: tipo de navegador y sistema operativo, páginas visitadas, promociones descargadas, vínculos seguidos y dirección IP.

7. Herramientas de Inteligencia Artificial

Este sitio puede incluir chatbots, herramientas de diagnóstico y funciones de personalización basadas en inteligencia artificial. Al interactuar con estas funciones:

• Las entradas que proporcione podrán ser procesadas por proveedores de IA de terceros bajo acuerdos de procesamiento de datos.
• No utilizamos sus entradas para entrenar modelos de IA de terceros sin su consentimiento explícito.
• Los registros de interacción con IA podrán conservarse por un período limitado para fines de control de calidad y mejora del servicio.

8. Derechos ARCO

Conforme a la LFPDPPP, usted tiene derecho a:

• Acceso: Solicitar una copia de los datos personales que poseemos sobre usted y los detalles de su tratamiento.
• Rectificación: Solicitar la corrección de datos inexactos o incompletos.
• Cancelación: Solicitar la eliminación de sus datos personales cuando resulten excesivos o innecesarios para las finalidades que justificaron su obtención.
• Oposición: Oponerse al tratamiento de sus datos para finalidades específicas.

Para ejercer sus derechos ARCO, usted o su representante legal deberán enviar una solicitud a info@databranding.net que contenga:

• Nombre completo y domicilio, así como cualquier dato de contacto complementario.
• Documentos que acrediten su identidad.
• Descripción concisa y clara de los derechos que desea ejercer y los datos personales involucrados.
• En caso de solicitar rectificación, la documentación que sustente la petición.

Daremos respuesta a su solicitud dentro de los plazos que marca la Ley, siempre que no se encuentre bajo los supuestos de excepción del artículo 26 de la LFPDPPP y el artículo 75 de su Reglamento.

También puede cancelar la suscripción a comunicaciones promocionales dando clic en el enlace de cancelación incluido en cada correo electrónico.

9. Revocación del Consentimiento

En todo momento usted podrá revocar el consentimiento que nos ha otorgado para el tratamiento de sus datos personales, a fin de que dejemos de hacer uso de los mismos. Para ello, presente su petición a través de los medios señalados en la Sección 8. Tenga en cuenta que la revocación del consentimiento puede limitar nuestra capacidad de prestarle los servicios solicitados.

10. Conservación de Datos

Conservamos los datos personales durante el tiempo necesario para cumplir con las finalidades descritas en el presente Aviso, dar cumplimiento a obligaciones legales, resolver controversias y hacer cumplir nuestros acuerdos. Cuando los datos ya no sean necesarios, los eliminamos o anonimizamos mediante métodos seguros.

11. Vínculos a Sitios de Terceros

Nuestro sitio puede contener enlaces a sitios web de terceros con políticas de privacidad independientes. No somos responsables de su contenido ni de sus prácticas de privacidad. Le recomendamos revisar el aviso de privacidad de cualquier sitio que visite.

12. Modificaciones al Aviso de Privacidad

Nos reservamos el derecho de modificar o actualizar este Aviso de Privacidad en cualquier momento, para dar atención a novedades legislativas o jurisprudenciales, políticas internas, nuevos requerimientos para la prestación u ofrecimiento de nuestros servicios o productos, y prácticas del mercado. Los cambios se publicarán en esta página con una fecha de vigencia actualizada.

Los titulares que deseen consultar el Aviso de Privacidad completo podrán acceder a él en el domicilio de nuestras oficinas generales en horario de oficina y en días hábiles.

GDPR Privacy Notice
for EEA, UK & Switzerland

Applicable to visitors and users located in the European Economic Area (EEA), United Kingdom, and Switzerland · Governing regulation: EU General Data Protection Regulation 2016/679 (GDPR) · Effective: April 2025

This notice supplements our general Privacy Notice and applies specifically to individuals located in the European Economic Area (EEA), the United Kingdom, and Switzerland ("European Users"). If there is any conflict between this notice and the general Privacy Notice, this notice prevails for European Users.

1. Data Controller

The data controller responsible for processing your personal data is:

Databranding LLC
121 S. Orange Ave, Suite 1500, Orlando, FL 32801, USA
Email: info@databranding.net

For matters related to Mexican operations: Inbound Latam S.A. de C.V., Sierra Madre 115, Lomas de Chapultepec, C.P. 11000, Ciudad de México, México. Data protection contact: Miguel Ángel Tolsá — info@databranding.net.

We have not appointed a formal Data Protection Officer (DPO) as our processing activities do not meet the thresholds requiring mandatory DPO designation under Article 37 GDPR. For all data protection inquiries, please contact us directly at info@databranding.net.

2. Personal Data We Collect

We collect and process the following categories of personal data about European Users:

• Identity data: First name, last name, company name, job title.
• Contact data: Email address, telephone number, postal address.
• Technical data: IP address, browser type and version, operating system, device identifiers, time zone setting, browser plug-in types and versions.
• Usage data: Information about how you use our website, products, and services — including pages visited, time spent on pages, links clicked, and content downloaded.
• Marketing and communications data: Your preferences in receiving marketing from us and your communication preferences.
• AI interaction data: Inputs submitted to AI-powered tools or chatbots on this site, where applicable.
• Cookie and tracking data: As described in Section 6 below.

We do not intentionally collect any Special Categories of Personal Data (as defined under Article 9 GDPR) — including data revealing racial or ethnic origin, political opinions, religious beliefs, health data, or biometric data — through this website. If you voluntarily submit such data (e.g., in a free-text form field), it will be treated with the highest level of protection.

3. Legal Basis for Processing (Article 6 GDPR)

We process your personal data only where we have a valid legal basis to do so. The legal bases we rely on are:

• Consent (Art. 6(1)(a)): Where you have given clear, freely given, specific, informed, and unambiguous consent. This applies to: marketing communications, non-essential cookies and tracking technologies, and AI chatbot interactions. You may withdraw consent at any time without affecting the lawfulness of prior processing.
• Contract performance (Art. 6(1)(b)): Where processing is necessary to perform a contract to which you are party or to take pre-contractual steps at your request. This applies to service inquiries, proposals, and service delivery.
• Legal obligation (Art. 6(1)(c)): Where processing is necessary to comply with a legal obligation to which we are subject, including applicable tax, accounting, and regulatory requirements.
• Legitimate interests (Art. 6(1)(f)): Where processing is necessary for our legitimate interests or those of a third party, provided those interests are not overridden by your interests, rights, or freedoms. Our legitimate interests include: operating and improving our website and services, preventing fraud and ensuring security, and conducting internal analytics. We conduct a Legitimate Interests Assessment (LIA) for each processing activity relying on this basis.

4. Cookies & Consent Management (ePrivacy / GDPR)

In compliance with GDPR and the ePrivacy Directive, we obtain your prior, granular consent before placing any non-essential cookies or activating tracking technologies. Our cookie consent management is implemented through HubSpot's native GDPR cookie consent tools.

Cookie categories and their legal basis:

• Strictly necessary cookies (no consent required): Essential for site functionality. Legal basis: legitimate interests / contract performance.
• Analytics cookies (consent required): Google Analytics GA4 and HubSpot analytics. Legal basis: consent (Art. 6(1)(a)). Activated only upon your affirmative consent via our cookie banner.
• Marketing cookies (consent required): HubSpot tracking, Meta Pixel, Google Ads tags — activated only during active campaigns and only upon your affirmative consent. Legal basis: consent (Art. 6(1)(a)).
• Functionality cookies (consent required): Remembering preferences and personalizing your experience. Legal basis: consent (Art. 6(1)(a)).

You may withdraw or modify your cookie consent at any time via the cookie preference center accessible through our cookie banner or footer link. Withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal.

We use web beacons (pixel tags) in conjunction with cookies to track email open rates and page interactions. These are activated only with your consent where required.

5. Your Rights Under GDPR (Articles 15–22)

As a data subject located in the EEA, UK, or Switzerland, you have the following rights under GDPR:

• Right of access (Art. 15): You have the right to obtain confirmation of whether we process your personal data, and if so, to receive a copy of that data along with supplementary information about how it is processed.
• Right to rectification (Art. 16): You have the right to request correction of inaccurate personal data and completion of incomplete data without undue delay.
• Right to erasure / "right to be forgotten" (Art. 17): You have the right to request deletion of your personal data where: it is no longer necessary for the purposes for which it was collected; you withdraw consent and there is no other legal basis; you object to processing and there are no overriding legitimate grounds; the data has been unlawfully processed; or erasure is required by law. This right is subject to exceptions where processing is necessary for legal claims or legal obligations.
• Right to restriction of processing (Art. 18): You have the right to request that we restrict processing of your personal data in certain circumstances, including where you contest the accuracy of the data or have objected to processing pending verification of legitimate grounds.
• Right to data portability (Art. 20): Where processing is based on consent or contract and is carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format, and to transmit that data to another controller.
• Right to object (Art. 21): You have the right to object at any time to processing based on legitimate interests (Art. 6(1)(f)), including profiling. You also have an absolute right to object to processing for direct marketing purposes, including profiling related to direct marketing. Upon such objection, we will cease processing immediately unless we demonstrate compelling legitimate grounds that override your interests.
• Rights related to automated decision-making and profiling (Art. 22): You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects concerning you. We do not currently engage in fully automated decision-making of this nature. Where AI-assisted features provide recommendations, a human review component is maintained.
• Right to withdraw consent (Art. 7(3)): Where processing is based on your consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

To exercise any of these rights, submit a written request to info@databranding.net with the subject line "GDPR Data Subject Request." We will acknowledge your request within 72 hours and respond substantively within 30 calendar days. In complex cases, this period may be extended by a further two months, in which case we will notify you of the extension and the reasons within the initial 30-day period (Art. 12(3) GDPR).

We will not charge a fee for processing your request unless it is manifestly unfounded or excessive (Art. 12(5) GDPR).

6. International Data Transfers (Articles 44–49 GDPR)

As Databranding LLC is based in the United States, processing your personal data involves a transfer of data to a third country (the USA) that does not benefit from an EU adequacy decision under Article 45 GDPR (noting that the EU-US Data Privacy Framework exists but may be subject to change).

We ensure appropriate safeguards for such transfers through one or more of the following mechanisms:

• Standard Contractual Clauses (SCCs): We rely on the European Commission's standard contractual clauses (Commission Implementing Decision (EU) 2021/914) with our third-party processors, including HubSpot, Inc., Google LLC, and Meta Platforms, Inc., to govern international data transfers.
• Adequacy decisions: Where transfers are made to countries covered by an EU adequacy decision, no additional safeguard is required.
• Derogations (Art. 49): In limited circumstances where SCCs are not applicable, we may rely on your explicit consent (Art. 49(1)(a)) or the necessity of the transfer for contract performance (Art. 49(1)(b)).

You may request a copy of the applicable transfer mechanism by contacting us at info@databranding.net.

7. Data Retention (Article 5(1)(e) GDPR)

We retain personal data for no longer than is necessary for the purposes for which it was collected, in accordance with the storage limitation principle. Our general retention periods are:

• Prospect / inquiry data: 24 months from last contact, unless a commercial relationship begins.
• Client / contract data: Duration of the contractual relationship plus 7 years, to comply with tax and accounting obligations.
• Marketing / newsletter data: Until you withdraw consent or unsubscribe, after which data is deleted within 30 days.
• Cookie / analytics data: As configured in each tool (GA4: 14 months; HubSpot: 13 months by default).
• AI interaction logs: Up to 90 days for quality assurance purposes, then anonymized or deleted.
• Legal claims / disputes: For the duration of the limitation period applicable to the relevant claim.

At the end of each retention period, data is securely deleted or anonymized so that it can no longer be associated with an identifiable individual.

8. Data Security (Article 32 GDPR)

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk of our processing activities. These measures include:

• Encryption of personal data in transit (SSL/TLS) and, where applicable, at rest.
• Ongoing confidentiality, integrity, availability, and resilience of processing systems.
• Regular assessment and evaluation of the effectiveness of security measures.
• Access controls and role-based permissions limiting access to personal data.
• Data processor agreements with all third parties handling personal data on our behalf.

9. Personal Data Breaches (Articles 33–34 GDPR)

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

• Notify the relevant supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware of the breach (Art. 33 GDPR), unless the breach is unlikely to result in a risk to individuals' rights and freedoms.
• Communicate the breach to you without undue delay if it is likely to result in a high risk to your rights and freedoms (Art. 34 GDPR), unless an exemption applies (e.g., data was encrypted and remains inaccessible to unauthorized parties).

10. Third-Party Processors (Article 28 GDPR)

We engage the following categories of third-party processors under written data processing agreements (DPAs) that comply with Article 28 GDPR:

• HubSpot, Inc. (CRM, marketing automation, forms, analytics, cookie consent) — USA, SCCs in place.
• Google LLC (Google Analytics GA4, Google Ads) — USA, SCCs in place.
• Meta Platforms, Inc. (Meta Pixel, advertising) — USA, SCCs in place. Activated only when campaigns targeting European users are active.
• Third-party AI providers (chatbot and diagnostic tool infrastructure) — DPAs in place; no training on your data without explicit consent.
• Hosting and infrastructure providers — processing under written DPA.

We do not authorize any processor to sub-process your data without our prior written consent and equivalent data protection obligations.

11. Right to Lodge a Complaint (Article 77 GDPR)

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority — in particular in the EU Member State of your habitual residence, place of work, or place of the alleged infringement — if you consider that our processing of your personal data violates GDPR.

A list of EU data protection supervisory authorities is available at: edpb.europa.eu.

For UK residents, the relevant authority is the Information Commissioner's Office (ICO): ico.org.uk.

For Swiss residents, the relevant authority is the Federal Data Protection and Information Commissioner (FDPIC): edoeb.admin.ch.

We would, however, appreciate the opportunity to address your concerns before you approach a supervisory authority. Please contact us first at info@databranding.net.

12. Changes to This GDPR Notice

We will update this notice to reflect changes in law, our processing activities, or our services. Material changes will be communicated through a prominent notice on our website. The effective date at the top of this document will be updated accordingly. We encourage you to review this notice periodically.