

PRIVACY POLICY
Thank you for your interest in my Privacy Policy. This Privacy Policy applies to my website located at www.authorveronicasanders.com, operated by me, Author Veronica Sanders, 31966B South Grade Road, P O Box 152, Palomar Mountain, CA 92060, USA, acting as the data controller, and the third parties I'm using to provide the website (“we”, “us”, “our”).
BACKGROUND
This Privacy Policy describes our privacy practices in plain language, keeping legal and technical jargon to a minimum, to make sure you understand the information provided. However, to achieve this objective, I would like to explain to you the following three concepts.
-
What is Personal Data?
Personal Data is any information that relates to an identified or identifiable living individual. Different pieces of information, which collected together can lead to the identification of a particular person, also constitute Personal Data.
-
What is Processing?
"Processing" means and covers virtually any handling of data.
-
What law applies?
I act as the data controller in accordance with the California Consumer Privacy Act (“CCPA”) and the subsequent amendments from the California Privacy Rights and Enforcement Act (“CPRA”) and the EU's General Data Protection Regulation (“GDPR”).
GENERAL PRINCIPLES
-
Purpose and legal basis of processing
In accordance with the DPC and GDPR, we need to have both a purpose and a legal basis to process Personal Data. The purposes are:
-
providing the website and its functions and contents,
-
responding to contact requests and communicating with my clients, followers and website users,
-
providing my services, and
-
security measures.
Of course, we can only do that if we have at least one of the following legal bases or in other words lawful reasons to do so. Unless specifically described below, we typically link the above purposes to one of the following:
-
consent,
-
to fulfil our services and carry out contractual obligations,
-
to fulfil our legal obligations, and
-
to protect our legitimate interests.
-
Security
My website uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content or contact requests that you send to us. We have also implemented numerous security measures (“technical and organizational measures”) for example, encryption or need-to-know access, to ensure the most complete protection of Personal Data processed through my website.
-
Retention and Storage
I retain your Personal Data as necessary in connection with the purposes described in this Privacy Policy.
-
Minors
I do not request Personal Data from minors and children and do not knowingly collect such data or pass it on to third parties.
-
Automated decision-making
Automated decision-making including profiling does not take place.
-
Do Not Sell
I do not sell your Personal Data.
-
Special Category Data
Unless specifically required and consent is obtained for a particular service, I do not process special category data.
-
International Transfer
In the course of my website operation, we process data. We usually do not transfer Personal Data to countries outside the USA. However, if we do, I will make sure that processing of your Personal Data is governed by processing agreements that include standard contractual clauses for a high level of data protection.
-
Sharing and Disclosure
We will not disclose or otherwise distribute your Personal Data to third parties unless this is a) necessary for the performance of my services, b) you have consented to the disclosure, c) or if we are legally obliged to do so, e.g., by court order, or if this is necessary to support criminal or legal investigations or other legal investigations or other legal proceedings at home or abroad or to fulfill our legitimate interests.
DATA COLLECTION AND PROCESSING
-
Data that is collected automatically
i) Log files
Each time you visit my website, our system automatically records the following data from the visiting device and stores it in a so-called log file: i) Name of the retrieved file, ii) date and time of the visit, iii) amount of data transferred, iv) message about successful retrieval, type of browser and version used, v) IP address (identification of the user's device), vi) Operating system of the visiting device, vii) Internet service provider of the visiting device, viii) website from which you access my website, and ix) which of my website pages you are accessing. The legal basis for processing is our legitimate interest.
ii) Hosting
The hosting service used by us for the purpose of operating my website is Wix.com Ltd. In doing so, Wix processes inventory data, contact data, content data, usage data, meta data, and communication data of customers, interested parties, and visitors of my website and services on the basis of our legitimate interests.
iii) Content Management System
We use the Content Management System (CMS) of Wix to publish and maintain the created and edited content and texts on my website. This means that all content and texts submitted to my website are transferred to Wix. The legal basis for this processing is our legitimate interest.
iv) Cookies
We use so-called necessary cookies on my website. Cookies are small text files that are stored on your respective device (PC, smartphone, tablet, etc.) and saved by your browser. For further information, please refer to my Cookie Policy. The legal basis for the use of necessary cookies is our legitimate interest.
v) Analytics
For business reasons, we analyze the data we have on web and server traffic patterns, website interactions, browsing behavior, etc. The analyses serve us alone and are not disclosed externally and processed using anonymous analyses with summarized and/or anonymized values. For this purpose, we use Google Analytics and Wix Analytics. The legal basis is our legitimate interest and your consent. For further information, please refer to my Cookie Policy.
vi) Aggregated Data
We also collect, use, and share aggregated data such as statistical or demographic data for any purpose, including improving our website. Aggregated data could be derived from your Personal Data but is not considered Personal Data in law as this data will not directly or indirectly reveal your identity. However, if we combine or connect aggregated data with your Personal Data so that it can directly or indirectly identify you, we treat the combined data as Personal Data which will be used in accordance with this Privacy Policy.
vii) Links to other websites
Please note that if you use a link from my website to a third-party website, that third-party may also set new cookies that are not covered by this policy. In such cases, we recommend that you read the cookie policy on the third-party website itself.
-
Data from third-party sources
We may obtain data about you from third-party sources, such as social networks and other third parties. We may use this data to better analyze your user behavior to improve our ability to provide you with relevant marketing information and services and to prevent and combat fraud.
-
Data that is collected directly
i) Contacting me
If you contact me, your transmitted Personal Data will be automatically stored for the purpose of processing the request or replying to you. Data processing for the purpose of contacting me is carried out on the basis of your voluntarily given consent or the initiation of a contractual service.
ii) Purchasing my books and publications
When you purchase my books or publications, we and Amazon process various data within the framework of the purchase and for the initiation and processing of the existing contractual relationship between you and me. Please note that purchases are subject to Amazon`s Privacy Practices and that I have no influence on Amazon`s Privacy Practices. For more information, please refer to Amazon`s Privacy Policy.
iii) When using my services
The protection of your data is particularly important to me in the performance of my services. We therefore only want to process as much Personal Data (for example, your name, address, e-mail address or telephone number) as is absolutely necessary. Nevertheless, we rely on the processing of certain personal data, in order to fulfil our contractual obligations to you or to carry out pre-contractual measures. This processing of personal data will always be carried out in accordance with DPA and the GDPR and in accordance with our separate privacy policy.
iv) Leave A Reply
When you leave comments in my blog, your IP address is stored on the basis of our legitimate interests. This is done for our security in case someone leaves unlawful content in comments and posts.
Within the blog, you may be able to display certain profile information, share certain details, engage with others, exchange knowledge and insights, and post and view relevant content. It’s your choice whether to include sensitive information in your comment and to make that sensitive information public. Please do not post or add Personal Data to your comment that you would not want to be available. The processing bases are your consent as well as our legitimate interest.
v) Administration, financial accounting and contact management
We process data in the context of administrative tasks and compliance with legal obligations, such as archiving. In this regard, we process the same data that we process in the course of providing our contractual services. The processing bases are our legal obligations and our legitimate interest.
vi) Marketing
If you have given us your separate consent to process your data for marketing and promotional purposes, we are entitled to contact you for these purposes through the communication channels for which you have given your consent.
You may give us your consent in a variety of ways, such as by checking a box on a form asking for permission to send you marketing information, or sometimes your consent is implied from your interactions or contractual relationship with us. In cases where your consent is implied, it is based on the assumption that you could reasonably expect to receive a marketing communication based on your interactions or contractual relationship with us.
Direct Marketing generally takes the form of email using the service provider MailerLite but may also include other less traditional or emerging channels. These forms of contact will be managed by us, or by our contracted service providers. Every directly addressed marketing sent or made by us or on our behalf will include a means by which you may unsubscribe or opt out.
vii) Social Media
I’m present on social media based on my legitimate interests. If you contact or connect with me via social media, the relevant social media platform and I are jointly responsible for the processing of your data and enter into a so-called joint responsibility agreement. The Personal Data collected when you contact me is used to process your request, and the basis for this is both your consent and our legitimate interest.
YOUR RIGHTS AND PRIVILEGES
Privacy rights
Under the CCPA and the CPRA amendment, you can exercise the following rights:
-
Right to Know/Access
-
Right to Delete
-
Right to Opt-out of Sale
-
Right to Non-Discrimination
-
Right to Rectification
-
Right to Limit Use and Disclosure of Sensitive Personal Data
Further, California’s “Shine the Light” law (Civil Code Section 1798.83) requires us to respond to requests from California asking about the business’s practices related to disclosing Personal Data to third parties for the third parties’ direct marketing purposes. You may make a request about our collection and disclosure of your Personal Data using vs@authorveronicasanders.com.
Under the GDPR, you can exercise the following rights:
-
The right to access;
-
The right to rectification;
-
The right to erasure;
-
The right to restrict processing;
-
The right to object to processing;
-
The right to data portability;
Update your information and withdraw your consent
If you believe that the information we hold about you is inaccurate or request its rectification, deletion, or object to legitimate interest processing, please email vs@authorveronicasanders.com.
Access Request
In the event you want to make a Data Subject Access Request, please email vs@authorveronicasanders.com. I will respond to requests regarding access and correction as soon as reasonably possible. Should I not be able to respond to your request within thirty (30) days, I will tell you why and when I will be able to respond to your request. If I'm unable to provide you with any Personal Data or to make a correction requested by you, I will tell you why.
What we do not do
-
We do not request Personal Data from minors and children;
-
We do not process special category data without obtaining prior specific consent;
-
We do not use automated decision-making, including profiling; and
-
We do not sell your Personal Data.
Who is the competent data protection authority?
You have the right to lodge a complaint about our processing of Personal Data with a supervisory authority responsible for data protection. In California, this is the California Privacy Protection Agency, www.cppa.ca.gov. However, I would appreciate the opportunity to address your concerns before you contact any supervisory authority.
Data Breaches and Notification
Databases or records containing Personal Data may be breached accidentally or through unlawful intrusion. As soon as we become aware of a data breach, we will notify all affected individuals whose Personal Data may have been compromised, and the notification will be accompanied by a description of the measures that will be taken to repair the damage caused by the data breach. Notifications will be sent as soon as possible after the violation is discovered.
USA SPECIFIC PROVISIONS
The following applies to users located elsewhere in the United States. While we understand and appreciate that privacy and consumer data protection laws in the USA are subject to each state's legislature and that no data protection framework similar to the CCPA/CPRA and EU’s GDPR exists on a federal level, we are committed to follow and apply the for your state relevant privacy rules and regulations.
As of the day of drafting, the following states had enacted privacy and consumer data protection laws: Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah, and Virginia. Under consideration of the similarities of the above provisions, no conflict should arise pursuing a uniform approach in granting all users in the USA the same rights and privileges as set out above. However, should ambiguity occur, the most stringent provision is chosen to ensure the most comprehensive approach when it comes to protecting your Personal Data.
Further, the following also apply
-
COPPA (Children Online Privacy Protection Act)
When it comes to the collection of Personal Data from children under the age of 13 years old, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, United States’ consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online. We do not specifically market to children under the age of 13 years old.
-
CAN SPAM Act
The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations. To be in accordance with CAN SPAM, we agree to the following: If at any time you would like to unsubscribe from receiving future emails, you can email us, and we will promptly remove you from ALL correspondence.
-
Telephone Consumer Protection Act (TCPA)
If we process your Personal Data for the purpose of sending you SMS marketing communications, you may manage your receipt of marketing and non-transactional communications from us by replying or texting ‘STOP’ if you receive our SMS communications. In this respect, the data processing is carried out solely on the basis of our consent in personalized direct advertising per SMS.
-
Controls For Do-Not-Track Features
Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track ('DNT') feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage, no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, our website does not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this policy.
-
Right to complain
Finally, and in regard to the right to complain to a supervisory authority. You have the right to lodge a complaint about our processing of Personal Data with a supervisory authority responsible for data protection. Users based in the above mentioned States may lodge a complaint with the relevant district attorney or attorney general office. However, we would appreciate the opportunity to address your concerns before you contact any supervisory authority.
CANADA AND MEXICO SPECIFIC PROVISIONS
Both Canada and Mexico have introduced data protection laws that are similar to the GDPR, namely Federal Law for the Protection of Personal Data in the Possession of Private Parties (“LFPDPPP”) supplemented by the Rules of the Federal Law for the Protection of Personal Data in the Possession of Private Parties in Mexico and the Personal Information Protection and Electronic Documents Act (“PIPEDA”) in Canada. Under consideration that the GDPR has played a pivotal role, no conflict should arise pursuing a uniform approach in granting all users in Mexico or Canada the same rights and privileges as set out above. However, should ambiguity occur, the most stringent provision is chosen to ensure the most comprehensive approach when it comes to protecting your personal data.
In terms of your right to complain, Canada’s national supervisory authority is the Office of the Privacy Commissioner (www.priv.gc.ca) and the National Institute of Transparency, Access to Information and Personal Data Protection (Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales) (“INAI”) is the national supervisory authority in Mexico (www.ifai.org.mx).
HELP AND COMPLAINTS
If you have any questions about this policy or about data protection at TravelTechGuy, you can contact us by email using vs@authorveronicasanders.com with “Data Protection” in the subject line.
CHANGES
The first version of this policy was issued on Friday, January 31st, 2025, and is the current version. Any prior versions are invalid, and if we make changes to this policy, we will revise the effective date.
