Legal & Compliance
We are committed to protecting your rights, ensuring transparency, and maintaining compliance with all applicable laws and regulations. This page explains how we adhere to major data protection, privacy, accessibility, and communications laws that may apply to our users.
General Data Protection Regulation (GDPR)
Region: European Union
The GDPR (effective May 25, 2018) establishes strict rules for how organizations collect, process, store, and transfer personal data of individuals in the EU.
Key Principles:
Lawfulness, Fairness, and Transparency – Data must be processed legally, fairly, and openly.
Purpose Limitation – Data collected must only be used for the specific purpose stated at the time of collection.
Data Minimization – Only the minimum data necessary should be collected.
Accuracy – Data must be kept accurate and up to date.
Storage Limitation – Data should not be stored longer than necessary.
Integrity and Confidentiality – Data must be secured against unauthorized or unlawful processing.
Accountability – Organizations are responsible for demonstrating compliance.
Your Rights under GDPR:
Right to Access (obtain a copy of your data).
Right to Rectification (correct inaccurate data).
Right to Erasure (“Right to be Forgotten”).
Right to Restrict Processing.
Right to Data Portability (transfer data to another provider).
Right to Object (opt out of certain processing).
Rights related to automated decision-making and profiling.
Our Compliance:
We collect and process only the data necessary to provide our services. We never sell personal data. EU users may contact us at [Insert Contact Email] to access, correct, or request deletion of their data.
California Consumer Privacy Act (CCPA) & CPRA Updates
Region: California, USA
The CCPA (effective January 1, 2020, with CPRA amendments in 2023) gives California residents significant control over their personal information.
Your Rights under CCPA/CPRA:
Right to Know – You can request details about the categories and specific pieces of personal information collected.
Right to Delete – You can request that we delete personal information we hold about you.
Right to Opt Out – You can opt out of the “sale” or “sharing” of your personal information.
Right to Correct – You can request correction of inaccurate data.
Right to Limit Use of Sensitive Information – You can restrict how certain categories of sensitive personal data are used.
Right to Non-Discrimination – You will not be penalized or treated unfairly for exercising your rights.
Our Compliance:
We provide California residents with access to request, delete, or opt out of data practices. To exercise your rights, email us at [Insert Contact Email].
Americans with Disabilities Act (ADA)
Region: United States
The ADA is a U.S. civil rights law that prohibits discrimination against people with disabilities. It applies to both physical and digital spaces, including websites and mobile applications.
Web Accessibility Standards:
The Department of Justice recommends the Web Content Accessibility Guidelines (WCAG) 2.1 as the standard for compliance.
Requirements include providing:
Text alternatives for non-text content (alt text).
Captions for multimedia.
Keyboard accessibility.
Proper color contrast.
Consistent navigation.
Our Compliance:
We strive to maintain an accessible website and continuously improve usability for all users. If you encounter barriers, contact us at [Insert Contact Email].
CAN-SPAM Act
Region: United States
The CAN-SPAM Act (effective 2003) sets national standards for commercial email.
Requirements for Businesses:
No false or misleading headers.
No deceptive subject lines.
Identification of messages as advertisements.
Include a valid physical mailing address.
Provide a clear and conspicuous unsubscribe mechanism.
Honor opt-out requests within 10 business days.
Our Compliance:
Every marketing email we send includes an unsubscribe option and accurate sender information.
Telephone Consumer Protection Act (TCPA)
Region: United States
The TCPA (1991, amended multiple times) restricts telemarketing and automated communications.
Key Requirements:
Consent Required – Businesses must have express written consent to send autodialed calls, prerecorded messages, or texts to mobile phones.
Do Not Call Registry – Telemarketers must respect the National Do Not Call list.
Calling Time Restrictions – Telemarketing calls may only be made between 8 a.m. and 9 p.m. local time.
Identification – Calls must clearly identify the business, provide a callback number, and disclose the purpose of the call.
Our Compliance:
We do not use automated calls or texts without clear consent. Users may opt out of any communication channel at any time.
State-Specific Privacy Laws
Region: Various U.S. States (Virginia, Colorado, Connecticut, Utah, etc.)
Several states have introduced laws similar to the CCPA, expanding consumer rights.
Examples:
Virginia Consumer Data Protection Act (VCDPA) – Effective Jan 1, 2023
Colorado Privacy Act (CPA) – Effective July 1, 2023
Connecticut Data Privacy Act (CTDPA) – Effective July 1, 2023
Utah Consumer Privacy Act (UCPA) – Effective Dec 31, 2023
Common Rights Across State Laws:
Right to Know what personal data is collected.
Right to Delete personal data.
Right to Correct inaccuracies.
Right to Data Portability.
Right to Opt Out of targeted advertising or data sales.
Our Compliance:
We apply these principles broadly to ensure consistency. If you are a resident of one of these states, you may request data access, deletion, or correction at [Insert Contact Email].
Contact Us
For any questions, requests, or concerns regarding compliance with these laws, please contact us:
📧 legal@nycshsat.com
📍 [Insert Business Address]
We are committed to safeguarding your data, respecting your rights, and ensuring accessibility for all users.