GDPR Compliance - Websites Nationwide

1. Our Commitment to GDPR Compliance

At Websites Nationwide, we are committed to protecting the privacy and personal data of individuals within the European Union (EU) and European Economic Area (EEA). The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018, and we fully comply with its requirements.

This GDPR Compliance Statement outlines how we collect, process, store, and protect personal data in accordance with GDPR requirements, ensuring that individuals' rights are respected and their data is handled responsibly.

2. Data Controller Information

Websites Nationwide acts as the data controller for all personal data processed through our website and services. We are responsible for determining the purposes and means of processing personal data.

Company Name: Websites Nationwide

Email: [email protected]

Address: Green Bay, WI 54303, United States

Data Protection Officer: Available upon request

3. Legal Basis for Processing Personal Data

Under GDPR, we only process personal data when we have a valid legal basis to do so. We process personal data based on the following legal grounds:

Consent

When you provide explicit consent for us to process your personal data for specific purposes, such as receiving marketing communications or accepting cookies.

Contractual Necessity

When processing is necessary for the performance of a contract with you, such as delivering web design services or processing payments.

Legitimate Interests

When we have a legitimate business interest that is not overridden by your rights and freedoms, such as improving our services or preventing fraud.

Legal Obligation

When processing is required to comply with legal obligations, such as tax record-keeping or responding to lawful requests from authorities.

4. Types of Personal Data We Collect

We may collect and process the following categories of personal data:

📝 Identity Data

Name, username, company name, job title

📞 Contact Data

Email address, phone number, postal address

💳 Financial Data

Payment card details, billing address, transaction records

📊 Usage Data

IP address, browser type, pages visited, time spent on site

📋 Communication Data

Records of correspondence, emails, chat messages

📱 Marketing Data

Preferences for receiving marketing communications

5. Purposes for Processing Personal Data

We process personal data for the following purposes:

Providing and managing our web design services
Processing payments and managing billing
Responding to inquiries and providing customer support
Sending service-related communications and updates
Marketing our services (with explicit consent)
Analyzing website usage to improve user experience
Preventing fraud and ensuring website security
Complying with legal obligations and regulations
Managing client accounts and relationships
Delivering and personalizing website content

6. Your GDPR Rights

As an EU/EEA data subject, you have the following rights under GDPR:

Right of Access

You have the right to obtain confirmation of whether we process your personal data and to access that data, including copies of your personal data.

Right to Rectification

You have the right to have inaccurate personal data corrected and incomplete data completed.

Right to Erasure

Also known as the "right to be forgotten," you may request deletion of your personal data when it is no longer necessary for the purposes it was collected.

Right to Restrict Processing

You have the right to restrict our processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller.

Right to Object

You have the right to object to our processing of your personal data, particularly for direct marketing purposes or where processing is based on legitimate interests.

Right to Lodge a Complaint

You have the right to file a complaint with your local data protection authority if you believe we have violated your GDPR rights.

7. International Data Transfers

Our services are operated from the United States, which means your personal data may be transferred to and processed in the USA. When we transfer personal data outside the EU/EEA, we ensure adequate protection through:

Standard Contractual Clauses (SCCs): Approved contracts that ensure equivalent protection for your data
EU-U.S. Data Privacy Framework: A framework that provides adequate safeguards for data transfers to the U.S.
Explicit Consent: Obtaining your explicit consent before transferring data where other mechanisms are not available

Note: We only transfer personal data internationally when necessary and with appropriate safeguards in place to protect your data.

8. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. Our data retention practices include:

Customer Data: Retained for the duration of the service relationship plus 3 years for potential legal claims
Communication Records: Retained for 2 years after the last communication
Marketing Data: Retained until you withdraw consent or unsubscribe
Financial Records: Retained for 7 years as required by tax and accounting regulations
Cookie Data: As specified in our Cookie Policy (see our Cookie Policy)

9. Data Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk of processing personal data. Our security measures include:

Encryption

SSL/TLS encryption for data in transit

Secure Hosting

Enterprise-grade hosting infrastructure

Access Controls

Strict access controls and authentication

Regular Audits

Security assessments and audits

10. Data Breach Notification

In the unlikely event of a personal data breach, we are committed to complying with GDPR breach notification requirements:

We will notify the relevant supervisory authority within 72 hours of becoming aware of a breach
If the breach is likely to result in high risk to your rights and freedoms, we will notify affected individuals directly
Notifications will describe the nature of the breach, likely consequences, and measures taken or proposed
We maintain records of all personal data breaches regardless of whether notification is required

11. Third-Party Data Processors

We engage third-party service providers who process personal data on our behalf. We ensure that these processors provide appropriate guarantees to implement appropriate technical and organizational measures. Our third-party processors include:

Service Provider	Purpose	Location
Cloud Hosting Provider	Website hosting and storage	United States
Payment Processor	Payment processing	United States
Email Service Provider	Email communications	United States
Analytics Provider	Website analytics	United States

12. Cookies and GDPR

Our use of cookies is governed by both GDPR and ePrivacy regulations. For detailed information about the cookies we use, how to manage them, and your choices, please see our Cookie Policy.

We obtain explicit consent before placing non-essential cookies on your device, and you can withdraw this consent at any time through our cookie consent management platform.

13. Updates to This Statement

We may update this GDPR Compliance Statement from time to time to reflect changes in our practices, technologies, or legal requirements. When we make significant changes, we will:

Post the updated statement on this page with a revised "Last Updated" date
Notify you through a prominent notice on our website
Obtain fresh consent where required by applicable law

GDPR Compliance Statement