Earthherb

Privacy Policy

Last updated:

This Privacy Policy explains how Earthherb (the "Company", "we", "us" or "our") collects, uses, stores and shares personal information when you visit our website, contact us, or engage us for consulting services. We are committed to handling personal data carefully, transparently and in line with applicable United States privacy laws and recognized international standards.

1. Information we collect

We collect only the information needed to respond to your request, deliver our services and run our website. The categories of data we may collect include:

  • Contact details: your name, email address and the content of any message you send through our contact form or by direct email.
  • Engagement information: the organization you represent, project context and any documents you share with us during a consulting engagement.
  • Technical data: standard server log information such as IP address, browser type, operating system, referring page and time of visit, collected automatically when you load our pages.
  • Cookies: small files stored in your browser to support core site functionality, as further described in our Cookies Policy.

2. How we use your information

We use personal data for clearly defined purposes:

  • To respond to inquiries and provide information you have asked for.
  • To deliver, manage and improve the consulting services you have engaged us for.
  • To send transactional communications about active projects, proposals and invoices.
  • To maintain the security, integrity and performance of our website.
  • To meet legal, accounting and tax obligations applicable to our business.

We do not use the information you submit for unrelated profiling, automated decision-making with legal effects, or for the sale of personal data to third parties.

3. Legal bases for processing

Where applicable law requires a legal basis, we rely on one or more of the following: your consent (for example, when you submit a contact form and tick the consent checkbox); the performance of a contract with you or your organization; compliance with a legal obligation; and our legitimate interests in operating a sustainable consulting practice, provided those interests do not override your rights and freedoms.

4. Sharing of information

We share personal data only with parties that help us deliver our services or run our website, and only to the extent necessary. These may include:

  • Hosting, email and analytics providers operating under appropriate contractual safeguards.
  • Professional advisors such as accountants and legal counsel.
  • Public authorities where disclosure is required by law or court order.

We do not sell or rent personal data, and we do not share it with advertising networks for behavioral advertising purposes.

5. International transfers

Our team is based in the United States and we primarily process personal data within the United States. If we transfer information internationally, for example to a cloud provider in another jurisdiction, we take reasonable steps to ensure that the transfer is protected by appropriate safeguards.

6. Data retention

We keep personal data only as long as needed for the purposes described in this policy. Inquiry messages are typically retained for up to twenty-four months, while data tied to active engagements is retained for the duration of the project and a reasonable period afterwards for legal and accounting purposes. After this period, data is securely deleted or anonymized.

7. Your rights

Subject to applicable law, you may have the right to: access the personal information we hold about you; request correction of inaccurate data; ask for deletion of data we no longer need; restrict or object to certain processing activities; and request a copy of your data in a portable format. To exercise these rights, please contact us using the details on the Contacts page.

8. Security

We use organizational and technical measures to protect personal data from unauthorized access, disclosure, alteration or destruction. These include controlled access to systems, encrypted connections for our website, and staff training on confidentiality. No internet transmission can be guaranteed completely secure, but we work continuously to maintain a high standard of protection.

9. Children's privacy

Our services are intended for organizations and adult professionals. We do not knowingly collect personal data from children under the age of sixteen. If you believe a child has provided us with personal data, please contact us so we can remove it.

10. Updates to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology or legal requirements. The "Last updated" date at the top of this page indicates when the latest revision took effect. We encourage you to review this page periodically.

11. Contact

If you have questions about this Privacy Policy or how we handle personal data, please reach out through our Contacts page. We aim to respond to all privacy-related requests within a reasonable timeframe.