Privacy Policy
Company: Dot2shape
Jurisdictions: United States, European Union, and Global Clients
1. Introduction
Dot2shape (“we,” “us,” or “our”) is a global digital product design and UX/UI consulting company committed to protecting the privacy and security of our clients, partners, and website visitors. This Privacy Policy outlines how we collect, process, and safeguard personal data in compliance with applicable regulations, including:
- EU General Data Protection Regulation (GDPR)
- U.S. State Laws (e.g., CCPA/CPRA, Virginia CDPA, Colorado CPA)
- Other International Data Protection Frameworks
By engaging with our services or accessing our website, you acknowledge the practices described herein.
Definition of Major Terms:
CCPA/CPRA ( California Consumer Privacy Act/Colorado Privacy Act )
CDPA ( Virginia Consumer Data Protection Act )
GDPR (General Data Protection Regulation)
EU Countries (27 member states, e.g., Germany, France, Italy)
EEA Extensions (Norway, Iceland, Liechtenstein)
2. Scope of Data Collection
We collect and process the following categories of data:
2.A. Provided Directly by You
- Contact Information: Name, email, phone number, company affiliation.
- Business Documentation: Design briefs, brand guidelines, project specifications.
- Payment Details: Invoicing and transaction records (processed via secure third-party providers).
2.B. Automatically Collected Data
- Technical Data: IP address, device type, browser information, and usage patterns (via cookies and analytics tools).
- Operational Data: Service usage logs, support tickets, and communication histories.
2.C. Data from Third Parties
- Collaboration Tools: Figma, Slack, or Trello (for project management).
- Publicly Available Sources: Professional profiles (e.g., LinkedIn, Behance) for business development.
3. Legal Basis for Processing Personal Data
3.1 Contractual Necessity (Service Delivery)
We process personal data required to fulfill our contractual obligations, including UX/UI design services, product consultations, and project execution.
3.2 Legitimate Interest (Communications)
Contact details are processed for essential communications regarding projects, inquiries, and support. Non-essential communications include opt-out options.
3.3 Consent (Website Analytics)
Non-essential analytics and tracking technologies require prior consent, managed through our cookie banner, to improve website experience and performance.
3.4 Legal Compliance
We process and disclose data when legally obligated, including for tax filings, regulatory requirements, or valid legal requests.
3.5 Marketing Communications
Marketing materials are sent only with explicit opt-in consent. All communications contain unsubscribe mechanisms for consent withdrawal.
4. Data Sharing and International Transfers
4.A. Third-Party Disclosures
We share data exclusively with:
- Subprocessors: Cloud providers (AWS, Google Workspace), payment gateways (Stripe), and analytics tools (Google Analytics) bound by Data Processing Agreements (DPAs).
- Legal Authorities: When required under applicable law (e.g., subpoenas, regulatory audits).
4.B. Cross-Border Transfers
Data may be transferred outside the EU/EEA or your home jurisdiction. We ensure compliance via:
- GDPR: Standard Contractual Clauses (SCCs) or adequacy decisions.
- U.S. & Global: Privacy Shield-certified providers or equivalent safeguards.
5. Data Security Measures
We implement industry-standard protections, including:
- Technical Safeguards: Encryption (TLS 1.2+), multi-factor authentication, and regular penetration testing.
- Organizational Controls: Role-based access, employee training, and incident response protocols.
Note: While we strive to protect your data, no system is entirely immune to risks.
6. Data Retention
We retain data:
- For active clients: Duration of the contract + [X] years for legal/audit needs.
- Website users: Analytics data anonymized after [12] months.
- Marketing contacts: Until consent is withdrawn.
7. Your Rights and Choices
7.1 General Rights
Depending on your jurisdiction, you may exercise certain data protection rights. All requests will be processed within 30 days or as required by applicable law.
7.2 Right of Access and Portability
You may request access to or a copy of your personal data. This right applies under GDPR, CCPA, and other applicable regulations. Requests should be submitted to [privacy related email].
7.3 Right to Rectification
You may update or correct inaccurate personal data through your client portal or by submitting a request. This right is available under GDPR and CCPA.
7.4 Right to Erasure
You may request deletion of your personal data (“right to be forgotten”), subject to legal limitations under GDPR and CCPA. Verifiable requests must be submitted for processing.
7.5 Marketing and Sales Opt-Out
You may opt out of marketing communications and, where applicable, the “sale” of personal data as defined by CCPA, CPA, and CDPA. Note: We do not sell personal data as defined under CCPA.
7.6 Exercise of Rights
All rights requests must be verifiable. We may require additional information to confirm your identity before processing certain requests.
7.7 Response Timeline
We will acknowledge receipt of your request promptly and respond substantively within 30 days, unless local regulations specify a different timeframe.
8. Cookies and Tracking Technologies
We utilize:
- Essential Cookies: Necessary for website functionality (no consent required).
- Analytical/Performance Cookies: Deployed with consent (managed via cookie banner).
9. Third-Party Links and Services
Our website may link to external platforms (e.g., Dribbble, LinkedIn). We disclaim responsibility for their privacy practices.
10. Policy Updates and Notifications
Material changes will be:
- Posted on our website with a revised effective date.
- Communicated to clients via email (where required by law).
11. Contact Information
For privacy inquiries or to exercise your rights:
Data Protection Officer (DPO): [Name, if applicable]
Need creation of a privacy related Email:
Address: [Physical mailing address]
EU Representative (GDPR Article 27): [Details, if required]