GDPR Compliance | 4J Holdings LLC

Our Commitment: 4J Holdings LLC is fully committed to complying with the General Data Protection Regulation (GDPR) for all individuals in the European Economic Area (EEA) and United Kingdom.

1. Applicability and Scope

The General Data Protection Regulation (EU) 2016/679 ("GDPR") is a comprehensive data protection law that applies to organizations processing personal data of individuals located in the European Economic Area (EEA), which includes the European Union member states plus Iceland, Liechtenstein, and Norway. The UK GDPR applies similar standards in the United Kingdom following Brexit.

This GDPR Compliance Statement applies to all personal data we collect from individuals in the EEA and UK through:

Our website (holdings4j.com) when accessed from the EEA or UK
Direct business communications and correspondence
Sales training programs and consulting services delivered to EEA/UK clients
Marketing activities targeted at EEA/UK audiences
Employment and partnership inquiries from EEA/UK residents

2. Data Protection Principles

We process personal data in accordance with the seven principles set forth in Article 5 of the GDPR:

2.1 Lawfulness, Fairness, and Transparency

We process personal data lawfully, fairly, and in a transparent manner. We clearly communicate what data we collect, why we collect it, and how we use it through our Privacy Policy and this GDPR Compliance Statement.

2.2 Purpose Limitation

We collect personal data for specified, explicit, and legitimate purposes. We do not process data in ways incompatible with those purposes unless we obtain additional consent or have another lawful basis.

2.3 Data Minimization

We limit data collection to what is adequate, relevant, and necessary for the purposes for which it is processed. We avoid collecting excessive or irrelevant personal information.

2.4 Accuracy

We take reasonable steps to ensure personal data is accurate and, where necessary, kept up to date. We provide mechanisms for individuals to correct inaccurate data.

2.5 Storage Limitation

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, or reporting requirements.

2.6 Integrity and Confidentiality

We process personal data in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing, accidental loss, destruction, or damage.

2.7 Accountability

We are responsible for demonstrating compliance with GDPR principles. We maintain records of processing activities and implement privacy by design and default.

3. Lawful Basis for Processing

Under Article 6 of the GDPR, we rely on the following legal bases for processing personal data:

3.1 Consent (Article 6(1)(a))

We obtain explicit, informed consent before processing personal data for marketing communications, non-essential cookies, and sharing data with third parties for their own marketing purposes. Consent must be freely given, specific, informed, and unambiguous.

3.2 Contract Performance (Article 6(1)(b))

We process personal data necessary to enter into service agreements, deliver sales training and consulting services, fulfill contractual obligations, and take steps prior to entering contracts.

3.3 Legal Obligation (Article 6(1)(c))

We process personal data necessary to comply with tax and accounting record-keeping requirements, employment law compliance, regulatory reporting obligations, and responding to lawful requests from public authorities.

3.4 Legitimate Interests (Article 6(1)(f))

We process personal data based on our legitimate interests, provided these are not overridden by individuals' fundamental rights and freedoms. Our legitimate interests include improving service quality, network and information security, fraud prevention, and business analytics.

4. Your GDPR Rights

Under the GDPR, individuals in the EEA and UK have the following rights regarding their personal data:

4.1 Right to Access (Article 15)

You have the right to obtain confirmation of whether we process your personal data, and if so, access to that data plus information about how it is processed.

4.2 Right to Rectification (Article 16)

You have the right to have inaccurate personal data corrected and incomplete data completed without undue delay.

4.3 Right to Erasure / "Right to be Forgotten" (Article 17)

You have the right to request deletion of your personal data when the data is no longer necessary, you withdraw consent, you object to processing, or the data was unlawfully processed.

4.4 Right to Restrict Processing (Article 18)

You have the right to request restriction of processing when you contest the accuracy of the data, processing is unlawful, we no longer need the data but you require it for legal claims, or you have objected to processing.

4.5 Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller without hindrance.

4.6 Right to Object (Article 21)

You have the right to object to processing based on legitimate interests or direct marketing. We will cease processing unless we demonstrate compelling legitimate grounds.

4.7 Rights Related to Automated Decision-Making (Article 22)

You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. We do not currently use such automated decision-making.

5. How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us using the information in Section 14. We will:

Acknowledge receipt of your request within 7 days
Verify your identity to protect your privacy
Respond to your request within 30 days of verification
Provide information free of charge (unless requests are manifestly unfounded or excessive)
Explain any refusal and your right to complain to supervisory authorities

If your request is complex or numerous, we may extend the response period by two months with notification.

6. Data Controller Information

Data Controller: 4J Holdings LLC
Address: 1209 Mountain Road Pl NE Ste R, Albuquerque, NM 87110, USA
Email: info@holdings4j.com

As we do not have an establishment in the EEA, we have designated a representative in the EU for GDPR compliance purposes where required by Article 27.

7. Data Protection Contact

We have designated a data protection contact responsible for overseeing GDPR compliance and handling data subject inquiries.

You can reach our data protection contact at:
Email: info@holdings4j.com
Subject Line: "GDPR/Data Protection Inquiry"

We aim to respond to all data protection inquiries within 72 hours.

8. Data Processors and Subprocessors

We engage carefully vetted data processors to assist in delivering our services. All processors are contractually bound by Data Processing Agreements (DPAs) that comply with Article 28 of the GDPR. These agreements specify:

Subject matter, duration, nature, and purpose of processing
Type of personal data and categories of data subjects
Our obligations and rights as controller
Processors' obligations regarding security measures
Conditions for engaging subprocessors
Assistance obligations for handling data subject requests
Requirements for returning or deleting data after service termination
Audit and inspection rights

Current processors include cloud hosting providers, email delivery services, CRM platforms, analytics providers, and payment processors. A current list of subprocessors is available upon request.

9. International Data Transfers

As a US-based company, we transfer personal data from the EEA/UK to the United States. We implement appropriate safeguards for such transfers:

9.1 Standard Contractual Clauses (SCCs)

For most transfers, we rely on the European Commission's Standard Contractual Clauses (2021/914) with appropriate supplemental measures including encryption and access controls.

9.2 UK Addendum

For UK transfers, we use the UK Addendum to the EU SCCs or UK International Data Transfer Agreement as appropriate.

9.3 Adequacy Decisions

Where the European Commission has issued adequacy decisions, we may rely on such decisions for transfers to those jurisdictions.

9.4 Data Localization

Where possible, we configure services to store and process EEA/UK data within the European Economic Area.

10. Data Breach Notification

In accordance with Articles 33 and 34 of the GDPR, we have established data breach response procedures:

We maintain breach detection, investigation, and internal reporting procedures
We will notify relevant supervisory authorities within 72 hours of becoming aware of a personal data breach
When a breach is likely to result in high risk to individuals' rights, we will communicate directly to affected individuals
Breach notifications include: nature of breach, categories affected, likely consequences, and measures taken

11. Data Protection Impact Assessments

We conduct Data Protection Impact Assessments (DPIAs) for processing operations that are likely to result in high risk to individuals' rights and freedoms, as required by Article 35 of the GDPR.

12. Supervisory Authority

If you believe our processing of your personal data infringes the GDPR, you have the right to lodge a complaint with a supervisory authority, particularly in the Member State of your habitual residence, place of work, or place of the alleged infringement.

A list of EU data protection authorities is available at: European Data Protection Board

For UK residents, contact the Information Commissioner's Office (ICO).

13. Updates to This Statement

We may update this GDPR Compliance Statement to reflect changes in our practices, legal requirements, or regulatory guidance. We will notify you of material changes through our website or direct communication.

14. Contact Information

For GDPR-related questions, data subject access requests, or privacy concerns:

4J Holdings LLC
1209 Mountain Road Pl NE Ste R
Albuquerque, NM 87110
United States

Email: info@holdings4j.com