Privacy Policy

Howell Management Services, LLC (“HMS”) is committed to your privacy and complies with the EU General Data Protection Regulation (“GDPR”) with respect to EU personal data and has self-certified to the EU-U.S. Privacy Shield (“Privacy Shield”). This Privacy Policy explains the types of information that we may collect through our website, www.howellmgmt.com, how we use this information, under what circumstances we disclose the information to third parties, and your rights with regard to the information we collect. HMS reserves the right to change this policy from time to time without prior notice to you. Any changes will be effective immediately upon posting the revised Privacy Policy. However, we will not use your Personal Information in a manner materially different from the purposes(s) to which you initially consented. Our website is not intended for children. We do not knowingly collect Personal Information from children under the age of thirteen (13). If you are a parent or guardian of a child under the age of 13 and believe he or she has disclosed Personal Information to us, please contact us at (435) 881-2751 or chris.howell@howellmgmt.com.

BY CONTINUING TO ACCESS OUR WEBSITE, YOU AGREE TO THE TERMS OF THIS PRIVACY POLICY.

WHAT KIND OF INFORMATION DO WE COLLECT AND PROCESS?

1. Personal Information:

Personal Information is any information that identifies you or can be used to identify or contact you, such as your name, date of birth, mailing address, phone number, and other similar information. When you complete our Information Request Form, we will collect certain Personal Information about you. The information you provide through the Information Request Form is managed by Wix, which sends the contact form submissions to us. To view Wix’s privacy policy, please visit: https://www.wix.com/about/privacy. You may choose whether to provide personal information to us, but there may be times when that information is required to receive the benefit of our services. The legal basis for this processing is Art. 6 para 1 (b) of the GDPR (fulfillment of the contract).

2. Non-Personal Information:

Non-personal information is any information that does not personally identify you, including certain Personal Information that has been de-identified or rendered anonymous. We and/or our third party service providers may obtain non-personal information about you from information that you provide us, either separately or together with your Personal Information. We and/or our third party service providers also automatically collect certain non-personal information from you when you access our website. The legal basis for this processing is Art. 6 Para. 1 (f) of the GDPR (legitimate interest).

3. Website Usage Information:

Cookies - A cookie is a data file placed on a computer when it is used to visit the website. Cookies may be used for many purposes, including tracking user preferences and web pages visited while using the website. You may be able to remove, reject, and/or disable some types of cookies using your browser’s preferences or other programs. Some features of the website may not function properly if you disable, delete, or refuse to accept cookies. Some of the cookies we use may be “Flash” cookies. A Flash cookie is a data file placed on a computer. While they are harmless, depending on your browser, these cookies may not be deleted when your cookies are deleted or disabled and, in some instances, they may cause your cookies to reappear in your browser. You can disable the use of cookies for our website or in general in the settings of your internet browser. Information on how this works can be found on your internet browser’s website as explained at:

Internet Explorer: https://support.microsoft.com/en-gb/help/17442/windows-internet- explorer-delete-manage-cookies
Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
Apple Safari: http://www.apple.com/privacy/use-of-cookies/
Google Chrome: https://support.google.com/chrome/answer/95647

The legal basis for this processing is Art. 6 para. 1 (b) of the GDPR (fulfilment of your request) for session cookies and Art. 6 Para. 1 (f) of the GDPR (legitimate interest) for other cookies.

HOW DO WE USE YOUR INFORMATION?

1. Personal Information:

The Personal Information you submit to us is generally used to fulfill your requests, respond to your questions, or serve you in other ways naturally associated with the circumstances in which you provided the information. We may also use this information to contact you with marketing or promotional information for our services, for internal business purposes, for purposes disclosed at the time you provide your information, or as otherwise set forth in this Privacy Policy.

You will be asked to opt-in to receive promotional communication from us and may opt-out of receiving future promotional information from us and direct that we not share your information in the future with any affiliated companies or third parties for their direct marketing purposes.

We will share your information with the educational institutions from which you have indicated a desire to receive more information. These educational institutions to which you have asked us to transfer your information are the “Controllers” of your personal data. HMS is a “Processor” of your personal information. In certain instances, we may share your Personal Information with third party service providers who perform functions on our behalf, such as individuals that process requests for follow-up information. Our service providers agree to use the information we share with them only to carry out our requests. Except as provided in this Privacy Policy or as set forth when you submit the information, your Personal Information will not be shared with or sold to third parties without your consent.

2. Non-Personal Information:

We and our service providers may use technologies that automatically collect certain web site usage information whenever you visit or interact with the website. This information may include browser type, operating system, the page served, the time, the source of the request, the preceding page view, and other similar information. We may use this information for a variety of purposes, including to enhance or otherwise improve the website. In addition, we may also collect your IP address or some other unique identifier for the particular device you use to access the Internet, as applicable.

3. E-mail Communications:

We may send you e-mail: (a) if you request a particular service or sign up for a feature that involves e- mail communications; (b) if we are sending you information about our other products and services; (c) if you consented to being contacted by e-mail for a particular purpose; (d) if you send us an e-mail or otherwise submit information to us electronically, we may e-mail you to follow-up or otherwise communicate with you with respect thereto; (e) to provide you legal notices or notices with respect to your use of the website; or (f) to otherwise facilitate a transaction between us. You may “opt out” of receiving future commercial e-mail communications from us by clicking the “unsubscribe” link or following the other instructions included at the bottom of any promotional e-mails we send. We reserve the right to send you transactional e-mails such as customer service communications. The legal basis for this processing is Art. 6 para. 1 (a) and (b) of the GDPR (fulfillment of your request and order processing).

All email messages sent by us that are subject to archiving requirements are stored by us and every email that can be regarded as a business letter or is relevant for tax purposes will not be deleted during the period of the legal obligation to keep records in accordance with tax, commercial, and other applicable laws. For security reasons, we recommend that you refrain from sending non-public Personal Information, such as passwords, social security numbers or bank account information, to us by e-mail.

HOW WILL WE SHARE YOUR INFORMATION?

1. Your information will be transferred to the U.S.

The information you enter in the Information Request Form is collected by Wix and provided to HMS. This website is hosted in the U.S. By using the website or providing us with any information, you consent to this transfer and processing of your information in the U.S. as provided herein. The educational institutions with which you have requested HMS share your personal information are also located in the U.S. The transfer of your personal information to these educational institutions is necessary for the implementation of pre-contractual measures taken at your request. Therefore, the basis for these transfers is Article 49 para. 1 (b) of the GDPR.

HMS has self-certified to the EU-U.S. Privacy Shield framework established by the U.S. Department of Commerce, which relates to the collection, use, and retention of personal information from the European Union to the United States. Certifying adherence makes HMS subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission and makes it possible, under certain circumstances, for data subjects to invoke binding arbitration before the Privacy Shield Panel created by the U.S. Department of Commerce and the European Commission. HMS adheres to the sixteen supplemental privacy principles found in the EU-U.S. Privacy Shield. If there is any conflict between the terms in the Privacy Policy and the Privacy Shield Principles regarding information transferred pursuant to the Privacy Shield, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program and view HMS’s certification, please visit www.privacyshield.gov.

2. Your information may be shared with HMS employees and contractual partners.

Your data may be transferred to HMS employees and third parties who provide technical or organizational services for HMS and are bound by instructions. When transferring personal data to third- party controllers or processors, we comply with the Notice and Choice Principles as described herein. HMS will enter into a contract with the third-party that restricts the processing of data to the limited and specified purposes consented to by the individual and require that the third party provide the level of protection guaranteed by the GDPR and Privacy Shield Principles. The legal basis for this processing is Art. 6 para. 1 (b) of the GDPR (fulfilment of your request) and Art. 28 of the GDPR (order processing).

3. Your information may be shared with service providers.

We use the services of other companies such as shipping companies for transporting orders and credit card companies for billing. The legal basis for this processing is Art. 6 para. 1 (b) of the GDPR (fulfilment of your request) and Art. 28 of the GDPR (order processing).

4. Your information may be shared with educational institutions.

Per your request, we will share your personal information with the educational institutions in which you have expressed interest. Your data may be stored in an online database that is hosted by Knack. Application files are stored on Dropbox and shared with educational institutions via shared folders. The legal basis for this processing is Art. 6 para. 1 (a) and (b) of the GDPR (fulfillment of your request and order processing).

5. We may disclose your information if obligated by law.

HMS may be required to disclose personal data when necessary in response to lawful requests by public authorities, including disclosures to (a) fulfill a government request; or (b) conform with the requirements of the law or legal process. The legal basis for this processing is Art. 6 para. 1 (c) of the GDPR (legal obligation).

YOUR RIGHTS AS A RESIDENT OF CALIFORNIA OR THE EUROPEAN UNION

Your California Privacy Rights:

California’s "Shine the Light" law, Civil Code section 1798.83, provides residents of the State of California the right to request a list of all third parties to which we have disclosed certain Personal Information as defined under California law during the preceding year for third party direct marketing purposes. You are limited to one request per calendar year. In your request, please provide a current California address for our response. You may request the information by writing to us at the address provided below.

EU data subjects are granted various rights under GDPR as follows:

Right to revoke consent: You can revoke any consents you have given to us at any time. Data processing based on the revoked consent may then no longer be continued in the future.
Right of access: You can request information about your personal data processed by us. This particularly applies to the purposes of data processing, the categories of personal data, if applicable the categories of recipients, the duration of the storage period, if applicable the origin of your data, if applicable the existence of automated decision-making including profiling and if applicable meaningful information on the details thereof.
Right to rectification: You can demand the correction of incorrect personal data or the completion of your personal data stored by us.
Right to erasure: You may request the deletion of your personal data stored with us, insofar as the processing thereof is not necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.
Right to restrict processing: You may request that the processing of your personal data be restricted if you dispute the accuracy of the data, or if the processing is unlawful but you refuse the deletion of it. You also have this right if we no longer need the data, but you need it to assert, exercise, or defend legal claims. In addition, you have this right if you have objected to the processing of your personal data.
Right to data portability: You may request that we provide you with the personal data you have provided to us in a structured, common, and machine-readable format. Alternatively, you can request the direct transmission of the personal data you have provided to us to another responsible party, as far as this is possible. 
Right to lodge a complaint: You may complain to the supervisory authority responsible for us, for example, if you believe that we are processing your personal data illegally.

If we process your personal data based on a legitimate interest, you have the right to object to this processing. If you wish to exercise your right of objection, please notify us in writing by sending us a letter or email.

HOW DO WE SAFEGUARD YOUR INFORMATION?

1. Data Integrity:

HMS limits the personal data it collects to information that is relevant for the purposes of processing your requests for information, facilitating the transfer of and communication between you and any educational institution(s) in which you have expressed interest, and the other specific purposes set forth in this Privacy Policy. HMS does not process personal data in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by the individual. HMS takes reasonable and appropriate measures to retain personal data only for as long as HMS has a legitimate legal or business need to do so, such as customer service, compliance with legal or contractual obligations, retention for audit purposes, security and fraud prevention, preservation of legal rights, or other reasonable purposes consistent with the purpose of the collection of the information. HMS will adhere to the GDPR and Privacy Shield Principles with regard to the information collected.

2. Data Security:

We use security measures to protect against the loss, misuse, and alteration of the information under our control.

Any information stored on Knack’s online database is fully encrypted in transit and at rest. Information about Knack’s encryption can be found at https://www.knack.com/tour/security.
Information stored on Dropbox is encrypted in transit and at rest. Information about Dropbox’s encryption can be found at https://www.dropbox.com/security.
Email correspondence is hosted by Google (GSuite), which is encrypted by Google. Information about GSuite’s encryption can be found at https://gsuite.google.com/faq/security/.

In the event that your Personal Information is compromised, we may notify you by e-mail (in our sole discretion) to the last e-mail address you have provided us in the most expedient time reasonable under the circumstances; provided, however, delays in notification may occur while we take necessary measures to determine the scope of the breach and restore reasonable integrity to the system as well as for the legitimate needs of law enforcement if notification would impede a criminal investigation. From time to time we evaluate new technology for protecting information, and when appropriate, we upgrade our information security systems.

3. Access:

HMS will provide individuals with access to personal data about them that HMS holds and a means to request the correction, amendment, or deletion of that information where it is inaccurate, or—for information obtained in reliance on the Privacy Shield—has been processed in violation of the Privacy Shield Principles, except where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question, or where the rights of persons other than the individual would be violated.

4. Choice:

HMS will not sell or provide your information to any third party for any use other than that specified in this Privacy Policy. HMS will not use your personal information in any way that is inconsistent with the purposes outlined in this Privacy Policy or for which you have given consent. The website may include subscription and registration management tools, including opt-in or opt-out fields, that allow you to make changes regarding your preferences for receiving communications. Regardless of whether these tools are available through the website, you may contact us using the contact information provided below if: (a) you have questions, complaints, or problems with our Privacy Policy, including the way HMS collects or uses your information; (b) you wish to make corrections to any Personal Information you have provided to us; (c) you want to opt-out from receiving future commercial correspondence, including e-mails, from us (we may continue to send you transactional messages such as responding to your inquiries); or (d) you wish to withdraw your consent to our future sharing of your Personal Information with third parties for their direct marketing purposes.

HMS

Attn: Chris Howell, Chief Privacy Officer

173 N. 830 E.

Smithfield, UT 84335

U.S.A.

Phone: (435) 881-2751

Email: chris.howell@howellmgmt.com

We will respond to your request and, if applicable and appropriate, make the requested change in our databases as soon as reasonably practicable. Please note that we may not be able to fulfill certain requests while allowing you access to certain benefits and features of our website.

HMS has further committed to refer unresolved privacy complaints regarding EU Personal Data to an independent dispute resolution mechanism, JAMS. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed by HMS, please visit https://www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint.

5. Enforcement:

HMS internally monitors and assesses our compliance with GDPR and our commitment to abide by Privacy Shield obligations. HMS will respond promptly to inquiries and requests for information from the U.S. Department of Commerce. HMS’s Privacy Shield certification and its compliance with the Privacy Shield obligations are subject to investigation and enforcement by the U.S. Federal Trade Commission.