GDPR Compliance for NCTSA – Negotiation & Crisis Tactical Solutions Agency

Introduction
NCTSA (Negotiation & Crisis Tactical Solutions Agency) is committed to protecting your privacy and ensuring that your personal data is processed in accordance with the General Data Protection Regulation (GDPR) of the European Union (EU). This policy outlines how we handle, store, and protect your personal data in compliance with GDPR requirements. By using our website and services, you agree to the terms of this policy.

Principles of Data Processing
We adhere to the following principles when processing personal data:

1. Lawfulness, Fairness, and Transparency: We will process your personal data lawfully, fairly, and in a transparent manner.
2. Purpose Limitation: Your personal data will only be collected for specified, legitimate purposes and will not be further processed in a manner incompatible with those purposes.
3. Data Minimization: We will collect only the data necessary for the purposes outlined in this policy.
4. Accuracy: We will take reasonable steps to ensure that your personal data is accurate and up to date.
5. Storage Limitation: Your personal data will not be kept for longer than necessary for the purposes for which it was collected.
6. Integrity and Confidentiality: We will process your personal data securely and ensure it is protected against unauthorized or unlawful processing, as well as accidental loss, destruction, or damage.

User Rights Under GDPR
Under GDPR, you have the following rights concerning your personal data:

1. Right to Access: You have the right to request access to the personal data we hold about you.
2. Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.
3. Right to Erasure: You have the right to request that we delete your personal data, subject to certain conditions.
4. Right to Restriction of Processing: You have the right to request that we restrict the processing of your personal data under certain circumstances.
5. Right to Data Portability: You have the right to request that we transfer your personal data to another data controller, in a structured, commonly used, and machine-readable format.
6. Right to Object: You have the right to object to the processing of your personal data, including processing for direct marketing purposes.
7. Right to Withdraw Consent: If we process your personal data based on your consent, you have the right to withdraw that consent at any time.

To exercise any of these rights, please contact us using the information below.

How We Collect & Process Data
We collect personal data when you engage with our website or services. This may include:

• Personal Identification Information: Such as your name, email address, phone number, and other relevant contact details.
• Service-Specific Data: Any data relevant to the services you request or engage with, including details of crisis situations, agreements, or payments.
• Cookies: We use cookies to improve user experience on our website. You can control cookie settings via your browser.

We process your personal data solely for the purposes of providing our services, fulfilling contractual obligations, and communicating with you.

Legal Basis for Processing
We process your personal data based on the following legal grounds under GDPR:

1. Consent: Where you have provided explicit consent for us to process your personal data.
2. Contractual Necessity: When processing is necessary for the performance of a contract between us.
3. Legitimate Interests: Where we have a legitimate interest in processing your data, provided this interest is not overridden by your rights and freedoms.
4. Legal Obligation: Where we are required to process your personal data to comply with legal obligations.

Data Transfers Outside the EU
In some cases, we may transfer your personal data to third-party service providers located outside the EU. We ensure that any transfers comply with GDPR requirements by implementing appropriate safeguards, such as standard contractual clauses or other legally acceptable mechanisms, to ensure your data is protected.

Data Governance and Hosting
NCTSA takes data governance seriously, ensuring that your personal data is protected at every stage of processing and storage:

1. Storage in the EU: All personal data collected and processed through our website and services is stored within the European Union (EU). This ensures that the data is governed by the strong data protection laws of the EU.

2. Domain Registration with Namecheap: The domain for our website is registered with Namecheap, a US-based company. While the domain registrar is based in the United States, it is important to note that the data collected via our website is stored within the EU, and any processing follows EU data protection standards. However, in the case of domain-related administrative actions or other related matters, data may be transferred to the US. In this instance, we ensure that proper safeguards, including mechanisms like the EU-U.S. Privacy Shield Framework or standard contractual clauses, are in place to protect your data in compliance with GDPR. 

3. Note on Data Storage
   Please note that we do not store any sensitive information, such as financial data, passwords, or personal identification numbers, case assessments and contract-related information directly on our website. All data we collect is solely for the purpose of providing our services and is handled in accordance with our privacy and security policies. We prioritize your privacy and security, ensuring that only necessary data is stored and processed.

Data Security & Breach Policies
We take appropriate technical and organizational measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction. In the event of a data breach that could impact your personal data, we will notify you without undue delay, as required under GDPR.

Changes to the GDPR Compliance Policy
NCTSA reserves the right to modify or update this GDPR Compliance policy at any time. Any changes will be posted on this page, and the updated date will be reflected at the bottom. By continuing to use our website and services after such changes, you agree to be bound by the updated policy.

Contact Information
If you have any questions or concerns about how your personal data is handled, or to exercise your rights under GDPR, please contact us at:

NCTSA – Negotiation & Crisis Tactical Solutions Agency
Email: [contact@nctsa.com]

By using our services, you acknowledge that you have read and understood this GDPR Compliance policy and consent to the processing of your personal data in accordance with its terms.