Registered Name: Kashtan Agency Inc.

Principal Office: 1401 21st St STE R Sacramento, CA, 95 811

 

Contact Details: legal@holymotels.com

 

Last updated: January 1, 2025

Effective date: January 1, 2025

Introduction

 

This Privacy Policy is designed to describe online and offline information practices of Kashtan Agency Inc., doing business as Holy Motels ("we," "our," or "us"), and the rights of Data Subjects regarding their Personal Information, including the categories of Personal Information we may collect, process, share, disclose, sell and the purposes for which the categories of personal information may be collected, processed, disclosed, shared or sold.

 

Our aim is to keep our data practices simple, universally transparent and effective.

 

We are dedicated to limiting the amount of personal information which we do collect and use to the minimum amounts required.

We never stop thinking about the means of improving our data practices.

 

This Privacy Policy includes our Notice at Collection as required under the California Consumer Privacy Act (CCPA). It explains what personal information we collect, the purposes for which we use it, and your rights regarding your data under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA).

 

While this Privacy Policy is primarily designed to comply with the California Consumer Privacy Act (CCPA), we recognize that visitors from jurisdictions with different privacy protections, such as the European Union (GDPR) or the United Kingdom (UK GDPR), may access our Website. We are committed to respecting your privacy rights under applicable laws, including but not limited to:

• The General Data Protection Regulation (GDPR) of the European Union.
• The UK General Data Protection Regulation (UK GDPR).

Residents of these jurisdictions have the same rights outlined in this Privacy Policy, along with additional protections granted by their respective laws.

Definitions

The terms below, when they are used in this Privacy Policy, shall have the meaning defined in this section.

“California Law” means California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA).

“Collects,” “collected,” or “collection” means buying, renting, gathering, obtaining, receiving, or accessing any Personal Information pertaining to an individual by any means.

 

“Consumer” means a natural person who is a California resident, as defined in Section 17014 of Title 18 of the California Code of Regulations.

 

"Customer" means any individual or representative of an organization or of an entity that purchases, uses, or otherwise obtains our Services, and with whom we have entered into a contractual relationship or to whom we sell our Services.

“Data Controller” means the natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any Personal Information shall be processed. For the purpose of this Privacy Policy, we are a Data Controller of your Personal Information.

“Data Processor (or Service Provider)” means any natural or legal person who processes the Personal Information on behalf of the Data Controller. We may use the services of various service providers in order to process your data more effectively.

“Data Subjects” means all persons whose Personal Information we process, regardless of their location. In particular, these are website users, customers, suppliers, vendors, contractors, job applicants, regardless of whether they are Consumers under California law or not.

 

“Lawful Basis for Processing”: in application to users from the European Union, we process Personal Information under the following lawful bases:

• Consent (Article 6(1)(a) GDPR).
• Performance of a Contract (Article 6(1)(b) GDPR).
• Compliance with a Legal Obligation (Article 6(1)(c) GDPR).
• Legitimate Interests (Article 6(1)(f) GDPR).

“Personal Information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Personal information could include your name, social security number, email address, records of products purchased, internet browsing history, geolocation data, fingerprints, and inferences from other personal information that could create a profile about your preferences and characteristics.

 

Under GDPR, “Personal data” refers to any information relating to an identified or identifiable natural person (‘data subject,’ as specified above). Types of personal data include, but are not limited to, a name, location data, or an online identifier (e.g., a nickname).

We protect the Personal Information of EU and UK residents visiting our website or our EU customers, suppliers, vendors, contractors with the same level of care as that of US residents, while also providing the additional rights granted by GDPR to EU residents and UK GDPR to UK residents, if applicable. We adhere to the most stringent protections required under GDPR and UK GDPR for EU and UK residents' Personal Information, even when such protections are not mandated by US laws.

 

Personal Information does not include publicly available information or lawfully obtained, truthful information that is a matter of public concern.

 

“Publicly available information” means any of the following:

• Information that is lawfully made available from federal, state, or local government records.
• Information that a business has a reasonable basis to believe is lawfully made available to the general public by the consumer or from widely distributed media.
• Information made available by a person to whom the consumer has disclosed the information if the consumer has not restricted the information to a specific audience.

 

Personal Information does not include consumer information that is deidentified or aggregate consumer information.

 

“Deidentified” means information that cannot reasonably be used to infer information about, or otherwise be linked to, a particular consumer.

“Aggregate consumer information” means information that relates to a group or category of consumers, from which individual consumer identities have been removed, that is not linked or reasonably linkable to any consumer or household, including via a device. 

“Processing” means any operation with the Personal Information, such as collection, recording, storage, use, disclosure by transmission, dissemination or otherwise making available, erasure or destruction etc.

“Sensitive Personal Information” is a specific subset of personal information defined by applicable laws, including California law and the General Data Protection Regulation (GDPR). It includes:

• Government identifiers, such as Social Security numbers, driver’s license numbers, or similar identifiers.
• Account log-in credentials, financial account numbers, debit card or credit card numbers, including any required security code, password, or access credentials.
• Precise geolocation data.
• Contents of personal communications, such as mail, email, and text messages, unless the business is the intended recipient.
• Genetic data.
• Biometric information used to uniquely identify an individual.
• Data revealing a person’s racial or ethnic origin, citizenship or immigration status, religious or philosophical beliefs, or union membership.
• Information concerning an individual’s health, sex life, or sexual orientation.
• Neural data, which is information generated by measuring the activity of an individual’s central or peripheral nervous system and not inferred from nonneural information.
• Data concerning political opinions (as defined by GDPR).
• Trade union membership (as defined by GDPR).

 

We do not collect or process your Sensitive Personal Information.

 

“Service” or “Services” mean interior design services, provided by us and access to Websites operated by us.

 

“User” means individuals who access our Website and use it by browsing. Our Website is designed in such a way that Users do not have to register in order to use our Website by browsing.

 

“Website” means https://www.holymotels.com/ .

Scope

This Privacy Policy applies to the following individuals, regardless of whether they are classified as "consumers" under the California Consumer Privacy Act (CCPA):

• Users;
• Customers;
• Potential customers (prospects);
• Vendors, suppliers, and contractors;
• Job applicants;
• Participants in our online or offline events or surveys.

This Privacy Policy applies to all data subjects, including residents of jurisdictions with extraterritorial privacy laws, such as the GDPR and UK GDPR. Data subjects from these jurisdictions are entitled to privacy rights that align with their respective laws.

By accessing or using our Services, including this Website, you agree to comply with our Terms of Use (“Terms”).

Sources of Personal Information We Collect

We may collect Personal Information from the following categories of sources:

Information You Provide Directly

• When you use our Services, complete a contact form, request marketing communications, participate in surveys, or contact us by other means.

Information Collected Automatically

• Through your access to and use of our Website.

Information Obtained from Third Parties

• Companies, business partners, or individuals that introduce you to us.
• Business partners, service providers, and sub-contractors.
• Advertising networks, analytics providers, and search information providers.
• Social networks and other technology providers (e.g., when you click on one of our Facebook or Google advertisements).

Information Obtained from Public Sources

We may obtain information from publicly available sources, including (but not limited to):

• National company registries.
• Market researchers.
• Government entities, law enforcement agencies, authorities, and regulatory bodies.

Under California Law publicly available information is excluded from the definition of Personal Information if it:

• Is lawfully made available from federal, state, or local government records.
• Is lawfully obtained and truthful information that is a matter of public concern.
• Has been lawfully made available to the general public by the individual or through widely distributed media.

Such information is not subject to the rights and obligations associated with Personal Information under California privacy laws.

Under GDPR publicly available information is still considered Personal Information if it can directly or indirectly identify a living individual. We process such information in compliance with GDPR, ensuring a lawful basis for its use (e.g., consent, legitimate interests, or legal obligations).

Exceptions (Applicable to Both Laws): Publicly available information that cannot identify an individual (e.g., aggregate or anonymized data) is not considered Personal Information and is outside the scope of this Privacy Policy.

Categories of Personal Information We Collect

We may collect the following categories of your Personal Information.

 

• Contact information of users, customers, and their representatives, potential customers (prospects), vendors, suppliers, and contractors, job applicants., participants in our online or offline events or surveys.

When you request Holy Motels to contact you, sign up for our materials, fill out online forms on our Website, send communications, participate in events or surveys, or call us, we may ask you to provide the following:

• Name.
• Title.
• Company name.
• Email address.
• Phone number.

Additional Contact and Identification Information.

We may also collect additional information, including:

• for customers and their representatives, vendors, suppliers, and contractors:
  • (i) real names and titles;
  • (ii) business addresses or residence addresses;
  • (iii) reference letters, bios, portfolios, and recommendation letters;
  • (iv) extracts from registers, certificates of good standing or other confirmation of good standing.
• for job applicants:
  • (i) name, email address, phone number, education, work experience;
  • (ii) CVs, resumes, portfolios
  • (iii) cover letters;
  • (iv) reference letters;
  • (v) other information (e.g., information and documents for background check, proof of address).
• Usage Data.

We may automatically collect personal information regarding how the Website is accessed and used ("Usage Data"). This Usage Data may include:

• Device and Location Information:
  •    (i) IP address, browser type, and browser version, browser language, settings and behavior, mobile network information;
  •    (ii) Derived approximate location information, including country, city, state, and postal code.
  •    (iii) Your Device characteristics (such as device type (computer vs. mobile) and ID, operating system, hardware)
• Website Interaction Data:
  • (i) Referring and exit web pages and URLs, date and time of visit.
  • (ii) The areas within the Website that you visit and your activities there, including remembering you and your preferences and the time spent on those pages.
Tracking & Cookies Data.

We use cookies and similar tracking technologies to enhance your experience, such as:

• Storing your settings.
• Recognizing you when you use our Services.
• Delivering tailored advertising based on your online activity.

Cookies are small text files stored on your device to track, save, and store information about your interactions with our Services.

We will request your consent before placing any non-essential cookies on your device. You can manage your cookie preferences or withdraw consent at any time through our Cookie Management Tool.

You can manage cookies through your browser settings, including disabling them if desired.

Please note that disabling cookies may affect your experience on our Website.

Other Tracking Technologies

We use the following tracking tools: Meta Pixel, Google Analytics.

For more details about our practices and available controls, please review our Cookies Policy.

Sensitive Personal Information

We do not collect or process Sensitive Personal Information.

If we ever need to collect or process Sensitive Personal Information in the future, it will be done only:

1. When necessary for providing our Services or complying with legal obligations.
2. After obtaining your explicit consent for its collection and processing.

Should we collect Sensitive Personal Information, you will have the right to limit its use to essential business purposes. To exercise this right, or to inquire about our data practices, please contact us at legal@holymotels.com.

Children’s Privacy

We do not knowingly collect Personal Information from children under the age of 16. Our Website and Services are not addressed to minors.  If you are a parent or guardian and you learn that your children have provided us with Personal Information, please contact us. If we become aware that we have collected Personal Information from a child under the age of 16 without verifiable parental consent, we will take steps to remove that information from our servers.

Categories of Personal Information We May Share, Disclose, or Sell

Under California law, the terms share, disclose, and sell have distinct meanings:

• Share: Providing personal information to third parties for cross-context behavioral advertising (targeted advertising).
• Disclose: Providing personal information to service providers or contractors for business purposes without monetary or valuable consideration.
• Sell: Transferring personal information to third parties in exchange for monetary or other valuable consideration, such as data sharing for targeted advertising.

We collect, share, disclose, and may sell Personal Information as described below. These practices apply from the effective date of this Privacy Policy.

Categories of Personal Information Shared, Disclosed, or Sold

We may share, disclose, or sell the following categories of Personal Information for business or commercial purposes:

1. Identifiers: e.g., cookie identifiers, IP addresses.
2. Internet or Other Electronic Network Activity Information: e.g., browsing behavior, interactions with our website or advertisements.

How We Use and Share Personal Information

Sharing for Behavioral Advertising:

We share some Personal Information with advertising networks and social media platforms for cross-context behavioral advertising.

Example: Your interactions with our website may be shared with advertising partners to display personalized ads on other websites or platforms.

Disclosure for Business Purposes:

We disclose Personal Information to service providers and contractors to support our operations, as described in this Policy.

Sale of Personal Information:

In certain instances, the transmission of cookie identifiers or other data to third parties for advertising purposes may be classified as a sale under applicable laws.

Example: We may share cookie data to advertising partners in exchange for analytics or enhanced advertising capabilities.

Entities Receiving Personal Information

We may share, disclose, or sell Personal Information with the following types of entities:

• Affiliated Companies: For shared operations or business functions.
• Payment Processors and Financial Institutions: To process payments and prevent fraud.
• Analytics and Research Vendors: To analyze user behavior and improve our Services.
• Marketing and Advertising Vendors: To deliver targeted ads and marketing communications.
• Fraud Prevention and Security Vendors: To identify and mitigate security risks.
• Vendors Supporting Legal, Compliance, and Auditing Functions: To ensure regulatory compliance and internal operations.
• Other Third Parties: For purposes explicitly permitted or directed by you, or as otherwise required by law.

Other Circumstances Where Personal Information May Be Shared or Disclosed

We may share or disclose Personal Information in the following circumstances:

Business Transfers: In connection with any reorganization, merger, sale, joint venture, or other disposition of our business, assets, or stock (including bankruptcy or similar proceedings).

Legal Obligations:

• To comply with applicable law, legal processes, or government requests.
• To enforce our contracts and protect our rights, privacy, and safety, or that of others.
• To pursue remedies or limit damages.

Opt-Out and Consumer Rights

• Opt-Out of Sharing or Selling:
  Residents of certain jurisdictions, such as California, may opt out of the sale or sharing of their Personal Information. To exercise this right, use the "Do Not Sell or Share My Personal Information" link in the footer of our website.
• Manage Preferences:
  You can manage your cookie preferences, including disabling cookies used for targeted advertising, through the cookie management tool, located in the left section of the footer on our website.

Use of Third Party Services

Integration with Calendly

We use Calendly, a third-party scheduling platform, to facilitate the booking of appointments and manage scheduling interactions. By using Calendly, we aim to provide a seamless and user-friendly way for our users to book meetings or consultations.

What Information is Collected?

When you use Calendly to schedule an appointment with us, Calendly may collect personal information that you provide, such as your name, email address, phone number, time zone, device type, cookies, and any additional details you choose to share during the scheduling process.

Purpose of Collection

The information collected via Calendly is used exclusively for scheduling purposes, such as sending automated reminders and follow-ups related to appointments, ensuring effective communication and coordination. This information is not used for any other purpose unless expressly stated or required by law. Appointment data is retained for one year unless otherwise required by legal or business obligations.

How Calendly Handles Your Data

Calendly operates as an independent data processor, and its handling of your information is governed by its own privacy policy. Calendly may use subprocessors, such as cloud storage providers, to store or process data. For more information on how Calendly manages user data, we recommend reviewing their Privacy Policy.

Sharing of Data

We do not share the information collected through Calendly with any third parties, except as necessary to provide our services or comply with legal obligations.

Your Choices

You may choose not to use Calendly for scheduling by contacting us directly through alternative means provided on our website.

If you wish to delete or modify your personal information submitted through Calendly, please reach out to us or Calendly’s support team.

Integration with Meta Services

We also utilize services provided by Meta, such as Meta Pixel and Facebook Ads, to enhance the functionality and effectiveness of our platform. These services may involve data collection and processing as described below:

What Information is Collected?

Meta services may collect certain information, including but not limited to:

• Usage data and interactions with our platform.
• Device and technical data (e.g., IP address, browser type, hashed data).
• Any personal information you choose to share during interactions facilitated by Meta services.

Purpose of Collection

The data collected via Meta services is used to improve user experience, provide targeted communication, enable cross-platform remarketing, and analyze platform usage. These services help us enhance our offerings and better understand user preferences.

How Meta Handles Your Data

Meta operates as an independent data controller, and its handling of your information is subject to its own privacy policies and terms of service. Meta employs safeguards, such as pseudonymization, for transmitted data. For more information, please review Meta’s Privacy Policy.

Sharing of Data

We do not share the information collected through Meta services with third parties, except as necessary for providing services, improving platform functionality, or complying with legal obligations. Data collected via Meta services is retained according to Meta’s policies, which users can review for specific retention details.

Your Choices

You may manage your preferences for Meta’s targeted advertising by visiting Meta’s Ad Preferences.

Browser extensions or tools may also allow you to block Meta tracking.

Users may contact Meta directly to request the deletion or modification of data.

Integration with Google Analytics

We use Google Analytics, a web analytics service provided by Google, to help us understand how users interact with our platform and to improve our services. Google Analytics collects information as described below:

What Information is Collected?

Google Analytics may collect data such as:

• Your IP address.
• Information about your device (e.g., browser type, operating system, cookies).
• Pages visited, time spent on pages, demographic data, and other interaction data.

Purpose of Collection

The information collected via Google Analytics helps us analyze trends, understand user behavior, and improve our platform’s performance and usability. This information is used in aggregate form and is not linked to individual users.

How Google Handles Your Data

Google acts as an independent data processor, and its handling of your information is subject to its own privacy policies. Google employs pseudonymization techniques, such as anonymizing IP addresses. For more information, please review Google’s Privacy Policy and learn about their Data Safeguards. Demographic and interest data collection may be enabled, and you can manage these preferences through Google’s settings.

Sharing of Data

We do not share information collected via Google Analytics with third parties beyond those necessary for providing aggregated analytics.

Your Choices

You may opt out of Google Analytics data collection by using tools such as the Google Analytics Opt-out Browser Add-on.

For additional options to manage data collection, refer to your browser’s privacy settings or contact us for assistance.

Lawful Basis to Process the Personal Information and the Business Purposes of Processing

 

Automatic Collection

Certain types of Personal Information (e.g., necessary browsing data, cookies, IP addresses) may be collected automatically when you access our Website. This information is processed for the following purposes:

• Ensuring Website functionality and performance.
• Securing the Website (e.g., fraud prevention and error tracking).
• Improving user experience (e.g., analytics and customization).

Legal Basis for Processing:

• Legitimate Interests: To enhance the Website’s functionality, security, and user experience.

If the collection involves non-essential cookies or similar technologies (e.g., analytics or advertising cookies), we will obtain your prior consent where required by law.

If you do not wish for this information to be collected, you may:

• Manage your preferences through the provided cookie management tool located in the left section of the footer on our website.
• Adjust your browser settings to limit or block cookies.
• Discontinue using our Website.

Consent and Opt-Outs

If processing is based on your consent (e.g., marketing communications, non-essential cookies), you have the right to withdraw your consent at any time. Withdrawal does not affect the lawfulness of processing carried out before consent was withdrawn.

Opt-Out Options:

• You can opt out of certain types of processing, such as marketing communications, cookies, or targeted advertising, by:
• Adjusting your preferences in our cookie management tool.
• Following the unsubscribe link in marketing emails.
• Contacting us directly at legal@holymotels.com.

Personal Information of Customers, Vendors, Suppliers, and Contractors

Business Purposes:

• Managing contractual relationships and providing services.
• Improving services and operations.
• Meeting legal, regulatory, and tax reporting obligations.
• Managing business operations.

Lawful Bases:

• Performance of Contracts: To fulfill obligations under agreements.
• Legal Obligations: To comply with applicable laws and regulations (e.g., tax reporting).
• Legitimate Interests:
• Improving service quality.
• Optimizing operational efficiency.
• Maintaining a competitive market position.

Personal Information of Users, Prospects, and Event Participants

Business Purposes:

• Communicating with you regarding newsletters, marketing materials, and other relevant updates.
• Marketing and event-related communications, including:
• Invitations to events.
• Participation in surveys.
• Delivery of personalized content and advertising campaigns.
• Promoting our services through tailored marketing efforts.

Lawful Bases:

• Consent: For sending marketing communications, collecting information via surveys, and using non-essential cookies for personalized content.
• Legitimate Interests:
• Tailoring marketing communications to your preferences.
• Providing personalized and engaging customer experiences.

Your Rights:

• You may opt out of receiving marketing communications at any time by:
• Following the unsubscribe link in our emails.
• Contacting us directly at legal@holymotels.com

Personal Information of Job Applicants

Business Purposes:

• Recruitment and candidate evaluation.
• Maintaining a talent pool for future opportunities.

Lawful Bases:

• Legitimate Interests:
• Assessing qualifications and suitability for available positions.
• Managing the recruitment process efficiently.

Your Privacy Rights

Depending on your location, you may have rights under privacy and data protection laws regarding the Personal Information we collect and process. Below are the rights provided under the California Consumer Privacy Act (CCPA), which may serve as a reference for similar rights in other jurisdictions.

Right to Access:

You have the right to request that we disclose the following information:

• The categories and/or specific pieces of Personal Information we have collected about you.
• The categories of sources from which the Personal Information was collected.
• The purposes for which we use the Personal Information.
• The categories of third parties with whom we share the Personal Information.
• The categories of Personal Information we sell or disclose to third parties.

Frequency of Requests:
You may make a request to know up to twice a year, free of charge.

Exceptions:
We may refuse to disclose personal information under the following circumstances:

• We cannot verify your request.
• The request is manifestly unfounded, excessive, or redundant (e.g., already provided twice within a 12-month period).
• Certain sensitive information, such as social security numbers or account passwords, cannot be disclosed, but we will inform you if we collect such information.
• Disclosure would hinder compliance with legal obligations, interfere with legal claims, or compromise legal defenses.
• The information falls under exemptions (e.g., certain medical or credit reporting data).

Right to Delete

You may request the deletion of personal information we collected from you and direct our service providers to do the same, subject to specific exceptions (e.g., if retention is legally required).

Right to Opt-out of Sale or Sharing

You have the right to opt out of the sale or sharing of your Personal Information, including for cross-context behavioral advertising. This includes:

• Using a user-enabled global privacy control.
• Opting out of interest-based advertising by clicking the "Do Not Sell or Share My Personal Information" link in the footer of our website.

Right to Correct

You may request that we correct inaccurate personal information we hold about you.

Right to Limit Use of Sensitive Personal Information

You may direct us to use your Sensitive Personal Information (e.g., social security number, financial account information, precise geolocation data, or genetic data) only for limited purposes, such as providing requested services.

Right to non-discrimination of service or price if you exercise your privacy rights

We will not deny you access to our Services, limit your use of our Services, or charge you different prices for exercising your privacy rights.

Right to receive notice of our privacy practices at or before the point where your Personal Information is collected

You have the right to be informed, at or before the time of collection, about:

• The types of personal information we are collecting.
• How we intend to use the collected information.

This Privacy Policy serves as our Notice of Collection.

Right to Opt-Out of Automated Decision-Making

If applicable, you may request to opt out of any automated decision-making technologies.

 

Your Privacy Rights Under GDPR/UK GDPR

If you are located in the EU, UK, or other jurisdictions with similar privacy laws, you have the following rights in addition to those outlined in this Privacy Policy:

• Right to Access: Request a copy of the personal data we hold about you.
• Right to Rectification: Correct inaccurate or incomplete personal data.
• Right to Erasure: Request the deletion of your personal data under specific circumstances ("Right to be Forgotten").
• Right to Restrict Processing: Request that we limit the processing of your data.
• Right to Data Portability: Request your personal data in a structured, commonly used, and machine-readable format.
• Right to Object: Object to the processing of your data, including for direct marketing purposes.
• Right to Lodge a Complaint: File a complaint with your local data protection authority if you believe your rights have been violated.

You may exercise your privacy rights through the following methods:

• Online Tools:
• Use our Do Not Sell or Share My Personal Information link available in the footer of our website.
• Manage your cookie preferences via our cookie management tool, located in the left section of the footer.
• Send a Global Privacy Control (GPC) signal through your browser or device, which we will process in accordance with applicable law.
• By email: legal@holymotels.com
• By calling our toll-free number: +17192989856

When you submit a request through these tools or contact us directly, you consent to our use of the information provided to process and respond to your request.

When you submit a request to exercise your individual rights, you consent to our use of the information provided to process and respond to your request. We will generally communicate with you via email. If you wish to withdraw your consent for us to respond, you may do so by contacting us through the same email address.

Please note that processing your request may involve transferring your information to the United States, where our operations are based. If you do not consent to this transfer, we may be unable to fulfill your request.

If you are a California resident, you may designate an authorized agent to submit requests on your behalf under California law. To do so, you must provide written authorization or a valid power of attorney. Before processing a request submitted by an authorized agent, we will require proof of the agent’s authorization and may request direct identity verification from you. For certain requests, such as accessing or deleting specific pieces of Personal Information, we may require additional steps to verify your identity in accordance with legal requirements.

If you authorize an agent to submit a request on your behalf, we require:

• Proof of your written authorization or a valid power of attorney.
• Verification of your identity directly with us.

We will respond to your request within 30 days or within the timeframe required by applicable law.

Do Not Track

Do Not Track (“DNT”) is a web browser setting that requests a web application to disable tracking of an individual user’s online activities. At this time, there is no universally accepted standard for how organizations should respond to these requests (which are also called “signals”). Consequently, we currently do not monitor or take action with respect to DNT signals or other similar browser mechanisms. For more information about Do Not Track, visit https://allaboutdnt.com/.

Opt-Out Preference Signals

Some browsers and browser extensions support opt-out preference signals, such as the Global Privacy Control (“GPC”), which allow users to indicate their choice to opt-out of certain types of data processing, including the sale or sharing of personal information.

In jurisdictions where such signals are legally recognized (e.g., California under the CPRA), we will make reasonable efforts to respect your preferences as communicated through these signals. If you enable a GPC signal in your browser, we will treat it as a valid request to opt out of the sale or sharing of your personal information where applicable.

Automated Decision-Making

We do not use automated decision-making or profiling technologies that significantly impact your rights. If this changes, we will notify you and provide a mechanism to opt out.

International Transfer

The information we collect through your use of our Website and Services, including Personal Information, may be transferred to, stored, and processed on computers located outside your state, province, country, or other governmental jurisdiction. These locations may have data protection laws that differ from those in your jurisdiction.

If you are located outside the United States and choose to provide information to us, please be aware that your information, including Personal Information, may be transferred to and processed in the United States. 

For individuals located in the European Economic Area (EEA), the United Kingdom we ensure that your Personal Information is processed in compliance with GDPR and UK GDPR. This includes:

• Lawful Basis for Processing: Processing your Personal Information only under a valid legal basis, such as your consent, the performance of a contract, compliance with legal obligations, or legitimate interests.
• Data Protection Safeguards: Ensuring that appropriate technical and organizational measures are in place to protect your data against unauthorized access, use, or disclosure.
• Your Rights: Respecting your rights under GDPR and UK GDPR, including the right to access, rectify, erase, restrict, or object to the processing of your data, as well as the right to data portability.
• Transparency: Clearly informing you about how your Personal Information is used, shared, and protected through our Privacy Policy.

By using our Website and/or Services, you acknowledge and consent to the transfer of your information to the United States, where our operations are based, and to other locations where we and/or our service providers operate. These transfers will be conducted in compliance with applicable data protection laws, including GDPR and UK GDPR where applicable.

Retention of Personal Information

We retain your Personal Information only as long as necessary to fulfill the purposes for which it was collected, in accordance with applicable laws. This allows us to comply with our legal obligations, resolve disputes, and enforce our agreements. Personal Information will not be retained longer than necessary for its intended purposes, unless required by law.

To determine the appropriate retention period, we consider:

• The amount, nature, and sensitivity of the Personal Information.
• The purposes for processing the data and whether those purposes can be achieved through other means.
• Legal, regulatory, and contractual obligations.

If you withdraw your consent for processing or exercise your right to erasure, we will delete your Personal Information promptly, unless retention is required to comply with legal obligations, security purposes, fraud prevention, or other legitimate interests.

Retention Periods by Category of Personal Information

• Identifiers: Retained for up to 7 years following your last interaction with us, primarily to fulfill legal and compliance requirements.
• Commercial Information: Retained for up to 5 years to comply with tax and accounting obligations.
• Internet Activity: Retained for up to 2 years to support analytics, improve services, and enhance user experience.
• Professional Information: Retained for 1 year for recruitment and evaluation purposes, or until you request deletion.

Cookies and Tracking Technologies

• Session Cookies: These are temporary cookies that are automatically deleted when you close your browser.
• Persistent Cookies: These remain on your device for a specified duration or until you manually delete them.
  • Analytics Cookies: Typically retained for 3 to 6 months to provide insights into user behavior and trends over time.
  • Marketing Cookies: May persist for up to 12 months or longer, depending on the specific tool or service.
  • For more information about our use of third-party services like Meta, Calendly, and Google Analytics, please see the section titled ‘Privacy Policy Provision: Use of Third-Party Services.

Additional Notes on Retention:
Specific retention periods may vary based on legal, regulatory, or contractual obligations. You have the right to request more details about our retention practices, including the criteria we use to determine retention periods.

Security

We implement commercially reasonable technical, administrative, and organizational safeguards to protect your Personal Information from unauthorized access, use, or disclosure. These measures are designed to ensure a level of security appropriate to the nature of the information we process.

However, please note that no data transmission over the Internet, mobile networks, wireless transmission, or electronic storage of information can be guaranteed to be 100% secure. While we strive to protect your Personal Information, we cannot guarantee or warrant the absolute security of any information you transmit to or from our Site. You provide your information at your own risk.

Updates to This Policy

As part of our commitment to continuous improvement in our data practices, we may update this Privacy Policy from time to time to reflect these enhancements.

We assure you that any updates will not reduce or restrict your rights in any way.

If this Privacy Policy is updated, we will notify you and request your consent to process your personal data in accordance with the latest version. Your continued use of our services after such updates will signify your agreement to the revised terms, where applicable.

Data Controller and Contact information

 

Kashtan Agency Inc., located at 1401 21st St STE R, Sacramento, CA 95811, serves as the data controller for the personal data we process.

If you have any questions or requests regarding your personal data, you may contact us via email at legal@holymotels.com .

Please note that the data practices of Kashtan Agency Inc. are subject to oversight by the California Privacy Protection Agency (CPPA) and the California Attorney General.

If you believe your rights as a data subject have been violated, you have the right to take the following actions:

• Submit a complaint to the California Privacy Protection Agency (CPPA):
  For more information, visit their website at https://cppa.ca.gov/.
• File a complaint with the California Attorney General:
  For more information, visit their website at https://oag.ca.gov/contact/consumer-complaint-against-business-or-company.
• File a complaint with the Federal Trade Commission (FTC):
  For more information, visit their website at https://www.ftc.gov/media/71268.

Accessibility

This Privacy Policy is designed to be accessible to individuals with disabilities. If you need this policy in an alternative format, please contact us at legal@holymotels.com .