Privacy Policy for GPA Consulting LLC

Privacy Policy

Effective Date: September 25th, 2025

Last Updated: September 25, 2025

GPA Consulting LLC (“Company,” “we,” “our,” “us”) respects your privacy and is committed to protecting your personal data. This Privacy Policy describes how we collect, use, disclose, and safeguard personal information, and your rights under applicable privacy laws, including the Texas Data Privacy & Security Act, the California Consumer Privacy Act (CCPA / CPRA), and the European Union General Data Protection Regulation (GDPR).

This policy applies to personal information collected through our websites, products, services, communications, and other interactions when you engage with GPA Consulting LLC or any of its DBAs.

1. Key Definitions & Scope

Personal Information / Personal Data: Any information relating to an identified or identifiable natural person.
Sensitive Personal Data / Sensitive Data: A subset of personal information requiring stricter handling (e.g. health data, biometric data, racial or ethnic origin). Under Texas’s new law, sensitive data has special rules.
Controller / Data Controller: We are a controller of personal data we collect and determine purposes and means of processing.
Processor / Data Processor: A third party processing data on our behalf according to our instructions.
Consumer (Texas / CCPA context): A natural person acting only in an individual or household context, not in a commercial or employment capacity.
Sale / “Sell”: Under CCPA, broad definition including exchanging data with third parties for monetary or other valuable consideration.
Profiling / Automated Decision-Making: Any automated decision or processing of personal data to evaluate, analyze, or predict personal preferences or behavior.

2. Information We Collect & How

2.1 Categories of Personal Data We May Collect

Depending on how you interact with us, we may collect categories such as:

Category Examples Notes / Sensitive Data

Identifiers Name, postal address, email, phone number, IP address, device ID

Commercial Information Payment info, purchase records, invoices

Internet / Electronic Activity Browsing history, cookies, tracking data

Professional / Employment Job title, employer, business contact info

Sensitive Data Health info, racial or ethnic origin, biometric data, geolocation (precise), data of minors.

2.2 Sources of Personal Data

We may collect data from:

You directly (when you provide through forms, contact us, subscribe).
Automatically (via cookies, analytics, log data).
Third parties (e.g. service providers, partners, public sources).

2.3 Purpose & Legal Basis for Processing

We process personal data for purposes including:

To deliver and improve our services.
To respond to inquiries or communications.
To process payments, billing, refunds.
To send updates, newsletters, marketing (with consent where required).
To comply with law, litigation, regulatory obligations.
To perform analyses, improve user experience, security, fraud detection.
For business operations (e.g., hiring, internal administration).

Legal bases under GDPR may include: consent, performance of contract, legal obligations, legitimate interests (where balanced against your rights).

Under Texas law, controllers must provide a clear notice of the categories of personal data processed, purpose, data sharing, and how consumers can exercise their rights.

If we “sell” sensitive personal data or biometric data, Texas law requires a clear notice in the same location as the privacy notice.

3. Disclosure, Sharing & “Sales”

We do not rent or sell your personal information for advertising, except as permitted by law and subject to your choices.

3.1 When We May Share / Disclose

To our service providers and contractors (payment processors, hosting, analytics).
To comply with legal obligations, court orders, law enforcement.
In connection with business transfers (merger, acquisition).
To prevent fraud or security incidents.

3.2 “Sale” Treatment & Opt-Out

If we engage in “sales” (as defined by CCPA or Texas law) of personal data, including sensitive data, we will provide clear notice and opt-out choices.
Under Texas law, consumers have a right to opt out of sale of personal data, targeted advertising, and profiling.
We provide a method (e.g., “Do Not Sell / Share My Info” link) for you to opt out.
We will not discriminate against consumers for exercising opt-out rights.

4. Cookies, Tracking & Analytics

We use cookies, web beacons, and similar technologies to:

Provide and maintain our services.
Analyze use of our services and improve user experience.
Track sessions, visitor preferences, referral sources, performance metrics.
Support marketing (including targeted ads, subject to opt-outs).

You can set your browser to refuse cookies, though this may limit functionality. We may also provide cookie consent banners or controls to manage preferences for tracking and targeting.

Under Texas law, processing involving targeted advertising, profiling, or sale of personal data must provide opt-outs and disclosures.

5. Data Retention & Security

We retain personal information only as long as necessary for purposes described (e.g. service delivery, compliance, recordkeeping).
When no longer needed, we securely delete or anonymize data.
We employ administrative, physical, and technical safeguards to protect against unauthorized access, loss, or misuse.
In the event of a data breach, we will notify impacted individuals and authorities as required by applicable laws (GDPR, CCPA, Texas).

6. Consumer / User Rights & Choices

6.1 Rights Under GDPR (for EU / EEA Residents)

You may have, where applicable:

Right to access your data.
Right to correct / rectify inaccurate data.
Right to erase (right to be forgotten).
Right to restrict or object to processing.
Right to data portability.
Right to withdraw consent.
Right to lodge complaint with supervisory authority.

6.2 Rights Under CCPA / CPRA (California Residents)

You may have:

Right to know: What personal information we collect, sources, purpose, categories of recipients.
Right to request deletion of your personal information (with some exceptions).
Right to opt out of sale of your personal information.
Right to non-discrimination for exercising your privacy rights.
Right to limit use of “sensitive personal information.”

6.3 Rights Under Texas (Texas Residents)

Under Texas Data Privacy & Security Act:

Right to opt out of sale of personal data, targeted advertising, profiling.
Right to access and correct personal data.
Right to appeal decisions regarding your requests.
If we process sensitive data or biometric data and sell it, we will clearly disclose it.

6.4 How to Exercise Rights

You may submit requests to:

Access, correct, delete, or limit processing.
Opt-out of sale or targeted advertising.
Appeal denials.

Submit via email: hello@gpaconsultingservice.com

We will verify your identity before acting on requests. We will respond within timeframes required by applicable law.

7. Children’s Privacy

Our offerings are not intended for children under 13.
We do not knowingly collect personal data from children under this age.
If we learn that we collected such data, we will delete it promptly.
For children 13–16 (or applicable under CCPA), parental consent or opt-in procedures may apply.

8. International Transfers (GDPR Compliance)

If we transfer personal data from the EU / EEA to locations outside, we ensure appropriate safeguards (e.g. Standard Contractual Clauses, adequacy decisions).
We will comply with GDPR requirements regarding cross-border transfers.

9. Updates to This Policy

We may update this Privacy Policy from time to time.
When we do, we will post the new version with a “Last Updated” date.
Significant changes may be communicated to you via email if required.

10. Contact Us

If you have questions, requests, or complaints, reach out:

GPA Consulting LLC
Email: hello@gpaconsultingservice.com
Phone: 469-850-3380

If you are an EU resident, you also have the right to complain to your local data protection authority.