1. Information We Collect

We only collect the minimum data necessary to provide our services.

• Usage Data: Browsing history and interaction with our website.
• Identifiers: Name, email address, IP address, and cookie identifiers.
• Customer Records: Billing address and payment information (processed via secure third parties).

2. Legal Basis for Processing (GDPR)

If you are in the European Economic Area (EEA), we process your data only when:

• We have your explicit consent.
• It is necessary to perform a contract with you.
• We have a legitimate interest (e.g., website security) that doesn’t override your rights.

3. Data Minimization & Retention (Massachusetts Compliance)

Per Massachusetts 201 CMR 17.00, we limit the collection of personal information to what is reasonably necessary. We retain your data only as long as:

• You have an active account with us.
• It is required for legal, tax, or accounting obligations.
• Marketing Data: We regularly review our lists. If you have not interacted with us for [e.g., 24 months], your identifiable marketing data will be deleted or anonymized.

4. Your Rights

Under both MDPA and GDPR, you have the following rights:

• Right to Know/Access: Request a copy of the data we hold about you.
• Right to Correct: Request fixes to inaccurate information.
• Right to Delete: Request that we delete your personal data (“Right to be Forgotten”).
• Right to Opt-Out: You may opt-out of the “sale” of your data or its use for targeted advertising.
• Data Portability: Request your data in a machine-readable format.

5. Data Security

We maintain a Written Information Security Program (WISP) as required by Massachusetts law. This includes technical, administrative, and physical safeguards (such as encryption and access controls) to protect your “Personal Information” (PI) from unauthorized access.

6. International Data Transfers

For users in the EEA/UK, your data may be transferred to servers in the United States. We ensure these transfers are protected by Standard Contractual Clauses (SCCs) or other legal adequacy frameworks.

7. Data Breach Notification

In the event of a security breach involving Massachusetts residents or EEA citizens, we will notify the relevant state authorities (the MA Attorney General) and affected individuals within the timelines required by law.

8. Cookie & Tracking Disclosure

We use cookies and similar tracking technologies to enhance your experience, analyze traffic, and provide targeted advertising.

• Strictly Necessary Cookies: Essential for website functionality (e.g., security, accessibility). These do not require consent.
• Performance & Analytics: We use these to understand how visitors interact with our site. We currently use Google Analytics.
• Marketing & Targeting: These cookies track your activity across websites to deliver relevant advertisements. We use HubSpot and Zoho.
• Your Choice: You can manage your preferences at any time via our Cookie Settings. Our banner provides an equal choice to “Accept All” or “Reject All” non-essential cookies.

9. Third-Party Data Processors

We do not sell your personal data. However, we share information with service providers (processors) who perform functions on our behalf. In accordance with Massachusetts 201 CMR 17.00 and GDPR Article 28, we have signed Data Processing Agreements (DPAs) with these partners to ensure they maintain strict security standards.

CATEGORY	PARTNER NAME	PURPOSE	DATA TRANSFERRED
Cloud Hosting	WordPress	Website infrastructure	IP Address, Usage Data
Email Marketing	HubSpot and Zoho	Newsletters & Alerts	Name, Email, Interests
Payment Processing	PayPal	Transaction fulfillment	Billing Address, Payment Info
Analytics	Google	Traffic analysis	De-identified usage patterns

10. Contact Us

To exercise your rights or ask questions about this policy, contact our Data Privacy Officer at:
Email: info@seacma.org
Address: 50 Portland St, Suite 521, Worcester, MA 01608