Privacy Policy
Last updated: May 18, 2025
1. Who We Are
Vitamin Digital Media LLC (“we,” “us,” “our”) operates the website at https://www.digitalmedia.nyc/ (the “Service”). Questions about this Policy or your personal data? Email us at kevin@digitalmedia.nyc.
2. Scope
This Policy explains how we collect, use, disclose, and safeguard information obtained when you:
- Submit the contact form; or
- Browse the Service, where Google Analytics 4 (“GA4”) collects usage data.
3. Information We Collect
| Category | Data elements | How collected | Primary purpose | Legal bases* |
|---|---|---|---|---|
| Contact information | Name, email | Directly from form | Respond to your inquiry | Consent / Legitimate interest |
| Message details | Subject, free‑text message | Directly from form | Understand context of inquiry | Consent / Legitimate interest |
| Technical identifiers | IP address | Form back‑end & server logs | Spam prevention, security, analytics | Legitimate interest; IP is “personal data” under GDPR |
| Usage & device data | Browser type, referrer, page views, events | GA4 cookies / tags | Improve site & measure traffic | Consent (EU/EEA), Legitimate interest (elsewhere) |
* See Section 6 for explanations of legal bases.
Children
Our Service is not directed to children under 13. We do not knowingly collect their data. If you believe a child provided personal data, please contact us for deletion.
4. How We Use Your Information
- Respond to inquiries submitted via the contact form.
- Operate, maintain, and secure the Service, including IP‑based fraud or abuse prevention.
- Analyze traffic & improve UX using GA4; GA4 drops EU IP addresses before logging
- Comply with legal obligations (e.g., record‑keeping, law‑enforcement requests).
5. Cookies & Analytics
We set analytics cookies immediately on visit. You can refuse them by changing your browser settings or installing the Google Analytics Opt‑out Browser Add‑on.
6. Legal Bases for Processing
| Category | Data elements | How collected | Primary purpose | Legal basis |
|---|---|---|---|---|
| Contact information | Name, email | Directly from form | Respond to your inquiry | Legitimate interest (Art 6(1)(f)) and/or Steps prior to contract (Art 6(1)(b)) |
| Message details | Subject, message | Directly from form | Understand context of inquiry | Same as above |
| Technical identifiers | IP address | Server logs | Spam prevention, security | Legitimate interest |
7. Your Rights
EU/EEA/UK residents
You may request access (Art 15), rectification, erasure (Art 17 “right to be forgotten”), restriction, data portability, or objection to processing Lodge complaints with your Supervisory Authority.
California residents
Under the CCPA, you have the right to know, delete, and opt‑out of “sale”/“sharing” of personal information We do not sell your data.
To exercise any right, email kevin@digitalmedia.nyc. We will verify your identity and respond within applicable timeframes.
8. Data Retention
- Contact-form data: kept no longer than necessary to resolve your inquiry plus 24 months, unless we must keep it for legal reasons.
- GA4 event data: retention is set to 14 months by default; Google‑signals data never exceeds 26 months.
- Back‑ups are purged on a rolling 24-month cycle.
9. International Data Transfers
We host data in the United States. If you access the Service from the EU/EEA/UK, transfers rely on the EU‑U.S. Data Privacy Framework adequacy decision of 10 July 2023, or on Standard Contractual Clauses where appropriate.
10. Sharing & Disclosure
We share personal data only with:
- Service providers: (e.g., Supabase for database hosting; Google for analytics) bound by contracts to process data solely under our instructions. Supabase encrypts all customer data at rest with AES‑256 and in transit via TLS.
- Legal authorities: when required to comply with applicable law or to protect rights, property, or safety.
We do not sell or rent your personal data.
11. Security
We employ administrative, technical, and physical safeguards, including:
- TLS encryption in transit; AES‑256 encryption at rest (Supabase)
- Role‑based access controls and Row‑Level Security on database tables
- Regular patching and monitoring
No method of transmission is 100% secure; we cannot guarantee absolute security.
12. Changes to This Policy
We may update this Policy from time to time. Material changes will be posted here, with a new “Last updated” date. Continued use of the Service after changes means you accept the revised Policy.
13. Contact
For any privacy‑related questions, requests, or complaints, email kevin@digitalmedia.nyc.