Legal

Privacy Policy

This Privacy Policy describes how Braun Management collects, uses, stores, shares, and protects personal information obtained through this website and in connection with our consulting services.

Effective date: January 1, 2024

1. Data controller

The data controller responsible for processing personal data collected through this website is:

Braun Management
402 W Broadway, Suite 400
San Diego, CA 92101
United States

Email: hallo@management-braun.com
Phone: +1 (215) 653-9086

2. Information we collect

We collect personal information in the following categories:

2.1 Information you provide directly

• Contact information: Name, email address, telephone number, company name, job title, and business address when you submit an inquiry through our contact form or communicate with us directly.
• Inquiry content: The substance of messages you send to us, including descriptions of your organization, business challenges, and consulting requirements.
• Professional information: Information about your role, responsibilities, and organization that you share during discussions about potential or active engagements.

2.2 Information collected automatically

• Technical data: IP address, browser type and version, operating system, device information, screen resolution, and time zone settings.
• Usage data: Pages visited, time spent on pages, navigation paths, referring URLs, and exit pages.
• Cookie data: Information collected through cookies and similar tracking technologies as described in our Cookie Policy.

2.3 Information from third parties

We may receive information about you from third parties, such as referrals from professional contacts, publicly available business information, or information provided by your organization in connection with a consulting engagement.

3. How we use your information

We process personal information for the following purposes:

• Responding to inquiries and providing information about our services
• Evaluating potential engagements and assessing fit
• Entering into and performing consulting agreements
• Managing ongoing client relationships and communications
• Delivering consulting services and producing work product
• Administering billing and collecting payments
• Ensuring website security and preventing fraud
• Analyzing website usage to improve our online presence
• Complying with legal and regulatory requirements
• Protecting our legitimate business interests and legal rights

4. Legal basis for processing

We process personal data on the following legal bases:

• Consent: Where you have given explicit consent to processing for specific purposes, such as receiving communications or accepting non-essential cookies.
• Contract performance: Where processing is necessary to perform a contract with you or to take pre-contractual steps at your request.
• Legitimate interests: Where processing is necessary for purposes of legitimate business interests, such as responding to inquiries, maintaining security, and improving our services, provided those interests do not override your rights.
• Legal obligation: Where processing is necessary to comply with applicable legal or regulatory requirements.

5. Data retention

We retain personal data only as long as necessary for the purposes for which it was collected or as required by law. Specific retention periods include:

• Contact form submissions: 3 years after the last communication if no engagement results
• Client engagement records: 7 years after conclusion of the engagement (as required by applicable tax and commercial record-keeping requirements)
• Financial records: 7 years as required by tax law
• Server logs: 90 days
• Analytics data: 26 months in aggregated or anonymized form

When retention periods expire, we securely delete or anonymize personal data so that it can no longer be associated with you.

6. Data sharing and disclosure

We do not sell, rent, or trade personal information. We may share personal data with:

• Service providers: Third parties who provide services on our behalf, such as website hosting (Vercel), email services, cloud storage, and IT support. These providers are contractually obligated to process data only on our instructions and to maintain appropriate security.
• Professional advisors: Lawyers, accountants, insurers, and other professional advisors where necessary for the conduct of our business.
• Engagement associates: Where we engage associates or subcontractors to assist with client work, they receive only the information necessary to perform their role and are bound by confidentiality obligations.
• Legal authorities: Government agencies, courts, regulators, or law enforcement where required by law, legal process, or to protect our legal rights.
• Business transfers: In connection with any merger, acquisition, or sale of business assets, subject to standard confidentiality requirements.

7. International data transfers

Our website is hosted on servers that may be located in various jurisdictions. Where personal data is transferred outside your country of residence, we ensure appropriate safeguards are in place, such as standard contractual clauses or reliance on the recipient's participation in recognized data protection frameworks. For transfers from the European Economic Area, we rely on appropriate legal mechanisms as required by applicable data protection law.

8. Data security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• SSL/TLS encryption for all data transmitted through our website
• Secure storage systems with access controls
• Regular security assessments and updates
• Limited access to personal data on a need-to-know basis
• Confidentiality obligations for all personnel with data access

While we implement reasonable safeguards, no method of internet transmission or electronic storage is completely secure. We cannot guarantee absolute security of personal data.

9. Your rights

Depending on your location and applicable law, you may have the following rights regarding your personal data:

• Access: Request confirmation of whether we process your personal data and, if so, obtain a copy of that data along with related information.
• Rectification: Request correction of inaccurate personal data or completion of incomplete data.
• Erasure: Request deletion of your personal data in certain circumstances, such as when data is no longer necessary for its original purpose.
• Restriction: Request restriction of processing in certain circumstances, such as while we verify contested data accuracy.
• Data portability: Request to receive your personal data in a structured, commonly used, machine-readable format for transfer to another controller.
• Objection: Object to processing based on legitimate interests or for direct marketing purposes.
• Withdraw consent: Where processing is based on consent, withdraw that consent at any time without affecting the lawfulness of prior processing.

To exercise these rights, please contact us using the details provided below. We will respond to requests within the timeframe required by applicable law (generally within 30 days). We may need to verify your identity before processing your request.

10. California Privacy Rights

California residents have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to know: The right to know what personal information we collect, use, disclose, and sell.
• Right to delete: The right to request deletion of personal information we have collected.
• Right to opt-out: The right to opt-out of the sale or sharing of personal information. We do not sell personal information.
• Right to correct: The right to request correction of inaccurate personal information.
• Right to limit use of sensitive information: The right to limit use and disclosure of sensitive personal information.
• Non-discrimination: The right not to be discriminated against for exercising privacy rights.

To exercise your California privacy rights, please contact us using the details provided below.

11. Children's privacy

Our website and services are directed to business professionals and are not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16 without verification of parental consent, we will take steps to delete that information.

12. Changes to this Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. The "Effective date" at the top indicates when this policy was last revised. We encourage you to review this page periodically for any changes. Material changes will be communicated through appropriate means, such as a notice on our website.