Privacy Policy

VM Digital Consulting LLC is a Limited Liability Company organized under the laws of the Wyoming, United States, with its principal place of business at 30 N Gould St, Ste N, Sheridan, Wyoming 82801, United States. We provide business-to-business ("B2B") digital marketing and lead generation services, including marketing strategy, paid advertising, search engine optimization, content production, branding, and web design.

This Privacy Policy applies to personal information we process in connection with: (a) our websites located at vmdigitalconsulting.com and any subdomains (collectively, the "Site"); (b) inquiries, proposals, and engagements with prospective and existing clients; (c) our marketing activities, including email outreach, paid social campaigns, and events; and (d) any other interaction in which we reference or link to this Policy (collectively, the "Services").

This Policy does not apply to personal information processed by our clients on their own platforms, even where we provide marketing services to those clients. In such cases, our client is the "controller" (or "business") of that personal information, and we act as a "processor" (or "service provider") under a separate Data Processing Agreement.

By using the Site or otherwise providing personal information to us, you acknowledge that you have read and understood this Policy. If you do not agree with our practices, please do not use the Site or provide personal information to us.

We collect personal information in three principal categories: (i) information you provide directly to us; (ii) information collected automatically through your interaction with the Site; and (iii) information we receive from third parties.

We collect information through the following channels and technologies:

• Contact form submissions. When you submit our contact form, the information you enter is transmitted to us by email and may be stored in our customer relationship management ("CRM") system.
• Direct correspondence. When you email or call us, we retain the contents of your message and any attachments for record-keeping and follow-up purposes.
• First-party analytics. We use first-party cookies and similar technologies to measure how visitors navigate the Site and to improve its content and performance.
• Marketing pixels and tags. Subject to applicable consent requirements, we use the following third-party technologies on the Site:
  • Meta Pixel (Meta Platforms, Inc.) — for conversion measurement, audience building, and retargeting on Facebook and Instagram.
  • LinkedIn Insight Tag (LinkedIn Corporation) — for conversion tracking, retargeting, and demographic reporting on LinkedIn.
  • HubSpot (HubSpot, Inc.) — for CRM, lead capture, email marketing, and behavioral tracking of identified contacts.
  • Mailchimp (Intuit Inc.) — for email marketing distribution and engagement analytics.
• Server logs. Our hosting infrastructure automatically records technical request logs for security, fraud prevention, and performance monitoring.

A complete list of cookies and similar technologies used on the Site, including their providers, purposes, and retention periods, is set out in our Cookie Policy.

If you are located in the European Economic Area ("EEA"), the United Kingdom, or Switzerland, we process your personal information only when one of the following legal bases under Article 6 of the General Data Protection Regulation ("GDPR") and the UK GDPR applies:

• Consent (Art. 6(1)(a)) — for non-essential cookies, marketing communications, and any optional processing that we ask you to opt into. You may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.
• Performance of a contract (Art. 6(1)(b)) — to negotiate, enter into, and perform a service engagement with you or the organization you represent, including to issue proposals, deliverables, and invoices.
• Compliance with a legal obligation (Art. 6(1)(c)) — to comply with applicable tax, accounting, anti-money-laundering, and other legal obligations to which we are subject.
• Legitimate interests (Art. 6(1)(f)) — for B2B prospecting, fraud prevention, network and information security, internal administration, and the establishment, exercise, or defense of legal claims. We carry out a balancing test before relying on this basis and only rely on it where our legitimate interests are not overridden by your interests or fundamental rights.

You have the right to object to processing based on legitimate interests at any time, as further described in Section 9 below.

We use personal information for the following purposes:

• to respond to inquiries, prepare proposals, and provide information you request;
• to negotiate, perform, and administer service engagements, including invoicing and collection;
• to communicate with you about ongoing engagements, account matters, and service updates;
• to send marketing communications about our services, where permitted by law and subject to your right to opt out at any time;
• to operate, secure, maintain, and improve the Site and our Services;
• to measure and improve the performance of our marketing campaigns and channels;
• to detect, investigate, and prevent fraud, abuse, security incidents, and other unlawful activity;
• to comply with applicable law, regulation, court order, or other legal process; and
• to establish, exercise, or defend legal claims and to enforce our agreements.

We do not sell personal information for monetary consideration. We may share certain online identifiers with advertising platforms for cross-context behavioral advertising; depending on your jurisdiction, this activity may be treated as a "sale" or "sharing" of personal information, and you may opt out as described in Section 9.

We may disclose personal information to the following categories of recipients:

• Service providers and processors that perform services on our behalf, including web hosting, email delivery, CRM, analytics, accounting, payment processing, and professional services (legal, audit, tax). These providers are contractually bound to process personal information only for the purposes we authorize.
• Advertising and analytics partners (e.g., Meta, LinkedIn, Google, HubSpot) that help us measure and optimize our marketing. Where required, we rely on your consent for these disclosures.
• Professional advisors such as our lawyers, auditors, insurers, and bankers, where reasonably necessary for the management of our business.
• Government authorities and other parties where we are required to do so by law, court order, subpoena, or other legal process; to protect our rights or property; to prevent or address fraud or security issues; or to protect the safety of any person.
• Corporate transaction counterparties in connection with any merger, acquisition, financing, reorganization, sale of assets, or bankruptcy involving VM Digital Consulting LLC, subject to customary confidentiality protections.
• With your consent or at your direction.

VM Digital Consulting LLC is established in the United States and processes personal information in the United States and in any other country where our service providers operate. If you access the Site or otherwise interact with us from outside the United States, your personal information will be transferred to, processed in, and stored in the United States, which may have data-protection laws that differ from those of your country.

Where we transfer personal information from the EEA, the United Kingdom, or Switzerland to a country that has not been deemed to provide an adequate level of protection by the European Commission, the UK government, or the Swiss Federal Data Protection and Information Commissioner (as applicable), we rely on appropriate safeguards under Article 46 GDPR, including:

• the European Commission's Standard Contractual Clauses (Decision 2021/914) for transfers from the EEA;
• the UK International Data Transfer Addendum or the UK International Data Transfer Agreement for transfers from the United Kingdom; and
• where applicable, supplementary technical, contractual, and organizational measures to ensure an essentially equivalent level of protection.

You may request a copy of the relevant safeguards by contacting us at privacy@vmdigitalconsulting.com, subject to reasonable redactions to protect commercially confidential information.

We retain personal information only for as long as is necessary for the purposes set out in this Policy, unless a longer retention period is required or permitted by law. Indicative retention periods are:

• Inquiry and prospect data: up to 24 months from the last meaningful interaction, after which the record is deleted or anonymized.
• Client engagement records (contracts, statements of work, deliverables, correspondence): for the duration of the engagement plus 7 years following its termination, to address potential legal claims and to comply with tax and accounting obligations.
• Invoices and accounting records: 7 years following the end of the applicable tax year (or longer where required by law).
• Marketing email subscribers: until you withdraw your consent or have been inactive for 24 consecutive months, after which we delete or anonymize the record.
• Server logs and security records: typically 12 months, unless required for an ongoing investigation.
• Cookies and similar identifiers: as specified in our Cookie Policy.

When personal information is no longer needed, we securely delete or anonymize it. Where deletion is not technically feasible (e.g., information stored in backup archives), we will continue to protect the information and isolate it from any further processing until deletion is possible.

Depending on your country or state of residence, you may have some or all of the rights described below in relation to your personal information. We will respond to verifiable requests within the timeframes required by applicable law and will not discriminate against you for exercising your rights.

To exercise any of the rights described above, please email privacy@vmdigitalconsulting.com or write to us at the postal address in Section 16. So that we can verify and respond to your request, please provide:

• your full name and the email address(es) or other identifiers you have used to interact with us;
• a clear description of the right you wish to exercise and, where relevant, the personal information your request concerns; and
• sufficient information to allow us to reasonably verify that you are the person about whom the personal information was collected (or an authorized agent acting on that person's behalf).

We will acknowledge receipt of your request promptly and will respond within the timeframes required by applicable law — generally within one (1) month for GDPR and UK GDPR requests (extendable by up to two further months for complex requests) and within 45 days for CCPA/CPRA requests (extendable by an additional 45 days where reasonably necessary, with notice to you). We do not charge a fee for handling requests unless they are manifestly unfounded or excessive.

The Site and our Services are directed to businesses and to adults acting in a professional capacity. They are not directed to children under the age of 16, and we do not knowingly collect personal information from children under 16. If we learn that we have inadvertently collected personal information from a child under 16, we will delete that information as soon as reasonably practicable. If you believe we may have collected information from a child under 16, please contact us at privacy@vmdigitalconsulting.com.

We maintain administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, accidental loss, alteration, disclosure, or destruction. These safeguards include encryption of data in transit using industry-standard TLS, access controls and multi-factor authentication for systems containing personal information, principle-of-least-privilege role assignments, vendor due-diligence procedures, and periodic review of our security posture.

No method of transmission over the internet or method of electronic storage is, however, completely secure. While we strive to use commercially reasonable means to protect personal information, we cannot guarantee absolute security. In the event of a personal-data breach that is likely to result in a risk to the rights and freedoms of affected individuals, we will notify the competent supervisory authority and, where required, affected individuals in accordance with applicable law.

Most web browsers offer a "Do Not Track" ("DNT") setting. Because there is no industry standard for how to respond to DNT signals, we do not currently respond to DNT signals. We do, however, recognize and honor Global Privacy Control ("GPC") signals as a valid opt-out request from California residents (and other residents whose laws require us to honor GPC) for purposes of opting out of the "sale" or "sharing" of personal information.

The Site may contain links to third-party websites, services, and resources. We are not responsible for the privacy practices or content of those third parties. We encourage you to review the privacy notices of any third-party services you access through the Site.

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other reasons. When we make material changes, we will update the "Last Updated" date at the top of this Policy and, where required by law, provide additional notice (for example, by email or by means of a prominent notice on the Site). We encourage you to review this Policy periodically to stay informed of how we are protecting your information.

If you have any questions, concerns, or complaints about this Privacy Policy or our processing of personal information, please contact us:

For requests under the GDPR or UK GDPR, please mark your correspondence "Data Subject Request." For requests under the CCPA/CPRA, please mark your correspondence "California Privacy Rights Request."