The 4S Group - Data Privacy Policy

The 4S Group's data privacy policy outlines how we gather, use, store, distribute, safeguard, and get rid of personal data related to our business operations.

This policy covers the personal information of (i) business-to-business (B2B) clients and potential clients; (ii) consumers, including end users and website visitors; and (iii) workers, applicants, and contractors.

This Policy is designed to meet fundamental requirements shared by the main state consumer privacy statutes and to establish baseline protections across U.S. jurisdictions where our clients or their users reside, as the United States currently relies on a patchwork of state privacy laws rather than a single federal law.

• Personal information (PI): Information that identifies, relates to, or could reasonably be linked with you or your household. For example, it could include your name, social security number, email address, records of products purchased, internet browsing history, geolocation data, fingerprints, and inferences from other personal information that could create a profile about your preferences and characteristics.

• Sensitive Personal Information: A specific subset of personal information that includes certain government identifiers (such as social security numbers); an account log-in, financial account, debit card, or credit card number with any required security code, password, or credentials allowing access to an account; precise geolocation; contents of mail, email, and text messages; genetic data; biometric information processed to identify a consumer; information concerning a consumer’s health, sex life, or sexual orientation; or information about racial or ethnic origin, religious or philosophical beliefs, or union membership. Consumers have the right to also limit a business’s use and disclosure of their sensitive personal information.

• Sale/Share: Terms as defined or used by state laws (for example, "sharing" in some laws for cross-context targeted advertising and "sale" in California law).

We may collect categories of personal information as described below (in direct interactions or via our website):

1. Identifiers: Full Name, Company Name,Title, Email, Phone Number, How did you hear about us?.

2. Sensitive information : We do not gather, ask, nor store sensitive personal information.When required by law, precise geolocation, health-related data, biometric data or other sensitive categories we will ask for consent and the information will be handled with heightened safeguards.

3. Communications you send to us.

Note: The 4S Group does not gather cookies; however, our service provider for hosting might gather cookie information for analytics. You can read their privacy policy in the following link
https://www.hostinger.com/ng/legal/privacy-policy

We limit collection to what is reasonably necessary for the purposes described below. (See Section 5 – Purposes.)

We process personal information to operate our business, provide services to clients, comply with contractual and legal obligations, and for legitimate business interests when not overridden by consumer rights under applicable law. Typical uses include:

• Providing services and delivering resources.

• Marketing and business development (where permitted and subject to opt-out requirements).

• To facilitate communication with you.

• For recruitment purposes.

• Legal obligations: We may disclose data to comply with law, respond to legal process or protect legal rights.

• Sale: We do not sell personal information from our clients, website visitors, contractors, or employees.

• Sale / Sharing: We do not sell or share consumer personal information of minors.

You may exercise opt-out rights as described in Section 7.

International Transfers: Since the company has its headquarters in El Salvador and serves clients in the United States of America, the United Kingdom, and other countries, there may be international transfers of PI to and from El Salvador . To protect transfers in accordance with applicable law and industry standards, we will implement the proper organizational, contractual, and technical safeguards.

If you have any concerts about the use or transfer of your data, please refrain from sending information through our website or through direct contact.

Retention:
The 4S Group retains personal information only for as long as necessary to fulfill the purposes for which it was collected or to meet contractual, legal, accounting, or reporting obligations. Retention periods are determined based on the type of data, its sensitivity, the purpose of processing, and applicable regulatory requirements.

As a general practice, Marketing, Communication, and Website Interaction Data is retained for as long as needed after the last interaction or until the individual opts out.

Upon expiration of applicable retention periods, personal information is securely deleted, anonymized, or otherwise disposed of in accordance with client agreements, internal policies, and relevant data protection laws.

Security:
The 4S Group is dedicated to preserving all client and personal data availability, confidentiality, and integrity.

We implement organizational, technical, and physical safeguards to protect personal information against unauthorized access, disclosure, alteration, loss, or destruction. These safeguards include, but are not limited to:

Access Controls: Role-based permissions and the least privilege principle restrict access to data to authorized personnel only. Session timeout rules and multi-factor authentication (MFA) are implemented for administrative access.

Encryption: Industry-standard protocols are used to encrypt personal data both in transit and at rest.  (Ponemos politics de gmail por ejemplo ? confirmar con Luis sobe hostinger https://support.google.com/mail/answer/6330403?hl=en)

Network Security: Firewalls and continuous monitoring are used to detect and mitigate potential threats. (Revisar settings de hostinger y gmail)

Data Minimization and Retention Controls: We securely erase data after retention periods have passed and restrict data collection and storage to what is required for business and legal purposes.

Incident Response and Breach Notification: A formal incident response plan is in place. In the event of a personal data breach, we will investigate promptly and, where required, we will notify supervisory authorities.

Vendor and Third-Party Security: We evaluate and keep an eye on third-party service providers to make sure their security procedures adhere to our requirements and their contractual obligations regarding data protection.

Employee Training: To guarantee knowledge of best practices and legal responsibilities under related regulations, all staff members receive regular information security and data privacy training.

Continuous Improvement: To assess the efficacy of our controls and adjust to changing threats or legal requirements we conduct recurring risk assessments, vulnerability scans and audits.

Depending on your location, and subject to thresholds/exemptions under applicable law, you may have rights including:

• Right to Know What Personal Information is Being Collected. Right to Access Personal Information

• Right to Know What Personal Information is Sold or Shared and to Whom

• Right to Correct Inaccurate Personal Information.

• Right to Delete Personal InformationI (with certain statutory exceptions).

• Right to Opt Out of Sale or Sharing of Personal Information

• Right to Limit Use and Disclosure of Sensitive Personal Information

• Right of No Retaliation Following Opt Out or Exercise of Other Rights

Note: These rights listed above are meant to comply with the CCPA, GDPR, and ARCO-POL local legislation.

To  submit a request to execute any of these rights, you can contact us at: info@the4sgroup.com.

We will verify identity as required by law and respond within the statutory timeframe (commonly 30-45 days where required). If additional verification or information is required to fulfill your request, we will let you know. 

Our services are not designed for children under 13. We will not be collecting personal data from a child under the age required by COPPA, we will comply with the Children’s Online Privacy Protection Act and implementing Rule (COPPA).

If you believe we have collected personal information from a child in violation of COPPA, please contact: info@the4sgroup.com.

If you exercise a privacy right under applicable state law, we will not discriminate against you (e.g., by denying services or other types of retaliation)

We may update this Policy to reflect legal changes or business practice changes. The “Last updated” date is posted at the top. Material changes will be displayed in the Last updated section.

Privacy contact: info@the4sgroup.com
Website: www.the4sgroup.com/contact-us