Privacy & Data Protection Policy

Your privacy matters. This policy explains how EIAAW Solutions collects, uses, protects, and handles your personal data in compliance with international and local privacy laws.

Effective Date: February 26, 2026  |  Last Updated: February 26, 2026

1. Introduction

EIAAW Solutions ("we," "our," or "us") is committed to protecting your personal data and respecting your privacy. As an organization that builds ethical AI-human partnerships, we hold ourselves to the highest standards of data protection and transparency.

This Privacy & Data Protection Policy describes how we collect, use, store, share, and protect personal information obtained through our website (eiaawwebsite.netlify.app), our services, and any other interactions you have with us. This policy applies to all individuals worldwide who interact with EIAAW Solutions.

We are committed to full compliance with the following laws and frameworks, among others:

  • GDPR – General Data Protection Regulation (European Union)
  • UK GDPR – United Kingdom General Data Protection Regulation & Data Protection Act 2018
  • CCPA / CPRA – California Consumer Privacy Act / California Privacy Rights Act (United States)
  • LGPD – Lei Geral de Proteção de Dados (Brazil)
  • POPIA – Protection of Personal Information Act (South Africa)
  • PIPEDA – Personal Information Protection and Electronic Documents Act (Canada)
  • Australian Privacy Act 1988 and Australian Privacy Principles (APPs)
  • PDPA – Personal Data Protection Act (Singapore)
  • APPI – Act on the Protection of Personal Information (Japan)
  • DPDP Act 2023 – Digital Personal Data Protection Act (India)

2. Data Controller Information

EIAAW Solutions acts as the data controller for personal data processed through this website and our services.

For any questions, concerns, or requests regarding your personal data, please contact us at the email address above.

3. Personal Data We Collect

We collect only the minimum personal data necessary to provide our services and operate our website. The categories of data we may collect include:

3.1 Information You Provide Directly

  • Contact Information: Name, email address, phone number, and organization name when you reach out to us via email or through any contact forms.
  • Professional Information: Job title, company details, and project requirements shared during consultations.
  • Communications: Content of emails, inquiries, and correspondence you send to us.

3.2 Information Collected Automatically

  • Technical Data: IP address, browser type and version, operating system, device type, and screen resolution.
  • Usage Data: Pages visited, time spent on pages, referring website, and navigation patterns.
  • Cookies and Similar Technologies: See Section 9 (Cookie Policy) for details.

3.3 Information from Third Parties

We may receive information about you from third-party platforms if you interact with us through social media, partner organizations, or referral networks. We process such data only in accordance with this policy.

4. Legal Bases for Processing (GDPR, UK GDPR, LGPD)

We process personal data only when we have a valid legal basis under applicable law. The legal bases we rely on include:

  • Consent (Article 6(1)(a) GDPR): Where you have given clear, informed, and freely given consent for specific processing activities, such as receiving communications from us.
  • Contractual Necessity (Article 6(1)(b) GDPR): Where processing is necessary to perform a contract with you or to take pre-contractual steps at your request.
  • Legitimate Interests (Article 6(1)(f) GDPR): Where processing is necessary for our legitimate business interests, provided these do not override your fundamental rights. This includes improving our services, website analytics, and fraud prevention.
  • Legal Obligation (Article 6(1)(c) GDPR): Where processing is required to comply with applicable laws and regulations.

Under the LGPD (Brazil), we additionally rely on Article 7 bases including consent, legitimate interest, and contractual performance. Under the DPDP Act (India), we rely on consent and legitimate uses as defined by the Act.

5. How We Use Your Personal Data

We use personal data for the following purposes:

  • Service Delivery: To respond to inquiries, provide consulting services, and manage client relationships.
  • Communication: To send relevant correspondence regarding our services, including updates and follow-ups.
  • Website Operations: To operate, maintain, and improve our website's functionality and user experience.
  • Analytics: To understand how visitors use our website and optimize content and performance.
  • Legal Compliance: To comply with applicable laws, regulations, and legal processes.
  • Security: To protect our systems, detect fraud, and ensure the safety of data and infrastructure.

We do not use personal data for automated decision-making or profiling that produces legal effects or similarly significant effects on individuals, in accordance with Article 22 of the GDPR.

6. Data Sharing and Disclosure

We do not sell, rent, or trade your personal data. We may share your information only in the following limited circumstances:

  • Service Providers: Trusted third-party vendors who assist in operating our website and services (e.g., hosting providers such as Netlify, email services). These providers are contractually bound to process data only on our behalf and in compliance with applicable privacy laws.
  • Legal Requirements: When required by law, court order, or governmental regulation, or to protect our rights, property, or safety.
  • Business Transfers: In the event of a merger, acquisition, or asset sale, personal data may be transferred. We will notify you of any such change and ensure continued protection.
  • With Your Consent: We may share data with additional parties when you have provided explicit consent.

7. International Data Transfers

As a global organization, your personal data may be transferred to and processed in countries outside your country of residence. When we transfer data internationally, we ensure appropriate safeguards are in place:

  • EU/EEA and UK: Transfers outside the EU/EEA or UK are conducted under Standard Contractual Clauses (SCCs) approved by the European Commission, adequacy decisions, or other lawful transfer mechanisms under Chapter V of the GDPR.
  • Brazil (LGPD): International transfers comply with Article 33 of the LGPD, including transfers to countries with adequate levels of protection or under specific contractual safeguards.
  • Canada (PIPEDA): We ensure that third-party processors outside Canada provide a comparable level of protection as required under PIPEDA Principle 4.1.3.
  • Australia: Cross-border disclosures comply with Australian Privacy Principle 8, ensuring overseas recipients are bound by substantially similar privacy obligations.
  • South Africa (POPIA): International transfers comply with Section 72 of POPIA, ensuring the recipient country has adequate data protection or binding agreements are in place.

8. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Our retention practices include:

  • Contact and Communication Data: Retained for the duration of our business relationship and up to 3 years after the last interaction, unless a longer period is required by law.
  • Website Analytics Data: Anonymized or deleted within 14 months of collection.
  • Contractual Records: Retained for 7 years after the end of the contractual relationship to comply with legal and regulatory obligations.

When data is no longer needed, it is securely deleted or irreversibly anonymized.

9. Cookie Policy

Our website may use cookies and similar tracking technologies to enhance your browsing experience. Cookies are small text files stored on your device that help us understand site usage and improve functionality.

9.1 Types of Cookies We Use

  • Strictly Necessary Cookies: Essential for the website to function properly. These cannot be disabled.
  • Analytics Cookies: Help us understand how visitors interact with our website. These are used only with your consent where required by law.
  • Functional Cookies: Enable enhanced functionality and personalization, such as remembering your preferences.

9.2 Managing Cookies

You can control cookies through your browser settings. Most browsers allow you to refuse or delete cookies. Please note that disabling cookies may affect website functionality. Under the EU ePrivacy Directive and UK PECR, non-essential cookies are only placed with your prior consent.

10. Your Rights Under Applicable Laws

Depending on your location and applicable laws, you may have the following rights regarding your personal data:

10.1 Rights Under GDPR and UK GDPR

  • Right of Access (Article 15): Request a copy of the personal data we hold about you.
  • Right to Rectification (Article 16): Request correction of inaccurate or incomplete data.
  • Right to Erasure (Article 17): Request deletion of your personal data ("right to be forgotten").
  • Right to Restrict Processing (Article 18): Request limitation of processing under certain circumstances.
  • Right to Data Portability (Article 20): Receive your data in a structured, commonly used, machine-readable format.
  • Right to Object (Article 21): Object to processing based on legitimate interests or direct marketing.
  • Right to Withdraw Consent (Article 7(3)): Withdraw consent at any time without affecting the lawfulness of prior processing.
  • Right to Lodge a Complaint: File a complaint with a supervisory authority (e.g., the ICO in the UK, CNIL in France, or your local Data Protection Authority).

10.2 Rights Under CCPA / CPRA (California, USA)

  • Right to Know: Request information about the categories and specific pieces of personal information collected, used, disclosed, or sold.
  • Right to Delete: Request deletion of personal information we have collected from you.
  • Right to Correct: Request correction of inaccurate personal information.
  • Right to Opt-Out of Sale/Sharing: We do not sell or share personal information. However, you may exercise this right at any time.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.
  • Right to Limit Use of Sensitive Personal Information: Request limitation of the use and disclosure of sensitive personal information.

10.3 Rights Under LGPD (Brazil)

  • Confirmation of the existence of processing.
  • Access to your personal data.
  • Correction of incomplete, inaccurate, or outdated data.
  • Anonymization, blocking, or deletion of unnecessary or excessive data.
  • Data portability to another service provider.
  • Deletion of data processed with your consent.
  • Information about public and private entities with which your data has been shared.
  • Information about the possibility of denying consent and the consequences thereof.
  • Revocation of consent.

10.4 Rights Under POPIA (South Africa)

  • Right to be notified when personal information is collected.
  • Right to request access to your personal information.
  • Right to request correction or deletion of personal information.
  • Right to object to the processing of your personal information.
  • Right to submit a complaint to the Information Regulator.

10.5 Rights Under PIPEDA (Canada)

  • Right to access your personal information held by us.
  • Right to challenge the accuracy and completeness of your data and have it amended.
  • Right to withdraw consent for certain processing activities.
  • Right to file a complaint with the Office of the Privacy Commissioner of Canada.

10.6 Rights Under Australian Privacy Act

  • Right to access your personal information (APP 12).
  • Right to request correction of personal information (APP 13).
  • Right to complain about a breach of the Australian Privacy Principles to the Office of the Australian Information Commissioner (OAIC).

10.7 Rights Under PDPA (Singapore) and APPI (Japan)

  • Right to access and correct your personal data.
  • Right to withdraw consent for the collection, use, or disclosure of personal data.
  • Right to request data portability (PDPA).
  • Right to request cessation of use or disclosure of personal data under certain conditions (APPI).

10.8 Rights Under DPDP Act (India)

  • Right to access information about personal data processing.
  • Right to correction and erasure of personal data.
  • Right to grievance redressal.
  • Right to nominate another person to exercise rights in the event of death or incapacity.

To exercise any of your rights, please contact us at eiaawsolutions@gmail.com. We will respond to your request within the timeframes required by applicable law (typically within 30 days for GDPR, 45 days for CCPA/CPRA).

11. Data Security

We implement robust technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. Our security practices include:

  • Encryption: Data transmitted to and from our website is protected using TLS/SSL encryption (HTTPS).
  • Access Controls: Strict role-based access controls ensure that only authorized personnel can access personal data.
  • Regular Audits: We conduct periodic security assessments and audits to identify and address vulnerabilities.
  • Incident Response: We maintain a documented data breach response plan. In the event of a breach, affected individuals and relevant supervisory authorities will be notified in accordance with applicable law (within 72 hours under GDPR Article 33).
  • Vendor Security: We require all third-party service providers to maintain appropriate security measures and sign data processing agreements.

12. Children's Privacy

Our services are not directed at individuals under the age of 16 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal data from children. If we become aware that a child has provided personal data without parental consent, we will take steps to delete that information promptly. If you believe a child has provided us with personal data, please contact us at eiaawsolutions@gmail.com.

13. Third-Party Links

Our website may contain links to third-party websites or services. We are not responsible for the privacy practices or content of these external sites. We encourage you to review the privacy policies of any third-party sites you visit.

14. AI and Automated Processing Commitment

As an organization specializing in ethical AI-human partnerships, we are committed to the following principles regarding AI and data processing:

  • We do not use your personal data to train AI models without your explicit, informed consent.
  • Any AI-assisted processing of personal data includes human oversight as mandated by our ethical framework.
  • We conduct AI Impact Assessments before implementing any AI-related data processing activity.
  • We adhere to the principles of transparency, fairness, and accountability as outlined in the EU AI Act and the OECD AI Principles.
  • We ensure algorithmic decisions are explainable and subject to human review.

15. Do Not Track Signals

Some browsers transmit "Do Not Track" (DNT) signals. We respect DNT signals and do not track users who have enabled this feature, in alignment with privacy-by-design principles.

16. Changes to This Policy

We may update this Privacy & Data Protection Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

  • Update the "Last Updated" date at the top of this page.
  • Provide prominent notice on our website of significant changes.
  • Where required by law, seek your renewed consent before processing data under the updated policy.

We encourage you to review this policy periodically to stay informed about how we protect your data.

17. Contact Us

If you have any questions, concerns, or requests regarding this Privacy & Data Protection Policy, or if you wish to exercise any of your data protection rights, please contact us:

We aim to resolve all inquiries and requests promptly. If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.

18. Supervisory Authorities

Depending on your location, you may contact the following authorities to lodge a complaint or seek guidance:

  • EU: Your local Data Protection Authority (DPA) — a full list is available at edpb.europa.eu.
  • UK: Information Commissioner's Office (ICO) — ico.org.uk
  • USA (California): California Attorney General — oag.ca.gov
  • Brazil: Autoridade Nacional de Proteção de Dados (ANPD) — gov.br/anpd
  • South Africa: Information Regulator — inforegulator.org.za
  • Canada: Office of the Privacy Commissioner — priv.gc.ca
  • Australia: Office of the Australian Information Commissioner (OAIC) — oaic.gov.au
  • Singapore: Personal Data Protection Commission (PDPC) — pdpc.gov.sg
  • India: Data Protection Board of India (once established under DPDP Act 2023)