Effective Date: April 25, 2025

Overview: Supreme Consulting LLC ("we", "us", "our") is committed to protecting your privacy is committed to protecting your privacy and complying with U.S. federal law, the New Jersey Data Privacy Act (effective January 15, 2025)​, New Jersey Division of Consumer Affairs, the GDPR, and UK GDPR. By using our website or submitting data via our forms, you consent to this policy.

Data Controller: Supreme Scaling, LLC, is the “controller” of the personal data collected through www.supremescaling.com. Our contact information is: Email: privacy@supremescaling.com

Information We Collect: 

Personal and Volunteered Data: Name, email, phone, business name, role, revenue range, employee count, and other survey responses (e.g., Google Forms, Typespot, Jotform, Hubspot foms)

Sensitive Documents (with consent): P&L Statements, Cash Flow, and Sales, Marketing, and Customer Service Data.

Usage Data: Technical information from your device, such as IP address and cookies identifiers, collected via IONOS SiteAnalytics, Google Analytics, Hubspot and other tracking tools. IONOS notes that analytics tools like Google Analytics process personal identifiers (cookies, IP addresses) as personal data.

Communications Data: Any information you include in inquiries or messages (e.g. messages sent via forms or email).

How We Collect Data:

Web Forms: We use an embedded Jotform for inquiries and qualification surveys (via Google Sheets into Zapier, then into HubSpot, then into Brevo). You input contact and business information, which is sent securely to our HubSpot CRM.

Newsletter Sign-Up: If you subscribe to our free newsletter, we collect your email and name via a form. These are also stored in HubSpot and a Google Sheet.

Site Analytics: We use IONOS SiteAnalytics to collect aggregated, anonymous usage data about visitors. We use Google Analytics to track visitor activity (pages visited, time on site, etc.) using cookies. According to IONOS and GDPR guidelines, use of Google Analytics requires user consent​.

Third-Party Integrations: We may receive your data when you interact with our Calendly booking link, social media pages, or payment portals. Calendly, social platforms, and payment processors (e.g. Stripe, PayPal) collect and process data under their own policies.

Direct Outreach and Referrals: If you contact us via email or social media, or are referred by others, we collect the information you provide (e.g. name, contact, company).

Use of Personal Data: We use your information for legitimate business purposes, including:

Responding to Inquiries: Contacting you about your request, booking consultations, and scheduling meetings (via automated Calendly links or email).

Lead Qualification and Marketing: Evaluating survey responses to determine fit, and contacting qualified leads. We may send marketing emails and newsletters only if you have opted in.

Service Delivery: Performing consulting services for clients, which may involve invoicing and billing communications. Processing payments via third-party processors.

Website Improvement: Analyzing site usage and performance through analytics to improve our content and offerings (subject to your cookie consent).

Compliance: Fulfilling legal obligations (e.g. tax, accounting records) and protecting our interests (e.g. enforcing terms of service, preventing abuse).

Legal Basis for Processing: This website is intended for US. Residents. We provide GDPR-compliant protections for all users. Under GDPR/UK GDPR, we must have a lawful basis to process personal data. The bases we rely on include:

Consent (Art.6(1)(a) GDPR): When you opt in (e.g. subscribe to a newsletter or agree to marketing communications), you give consent to process your data for that purpose. You may withdraw consent at any time.

Performance of Contract (Art.6(1)(b) GDPR): When we provide consulting services to you, processing your contact and payment information is necessary to perform the contract (including sending invoices and communicating about service delivery).

Legitimate Interests (Art.6(1)(f) GDPR): For certain activities that benefit both us and our users (e.g. website analytics, fraud prevention, direct marketing to existing clients), we rely on our legitimate interests. We balance these interests against your rights. The UK Information Commissioner notes that legitimate interests is a flexible basis requiring such a balancing test​.

Legal Obligation (Art.6(1)(c) GDPR): We process data to comply with law (e.g. financial record-keeping, responding to regulatory requests).

Third-Party Processing and International Transfers: We use third-party service providers, which may process your data on our behalf or as joint controllers:

HubSpot (USA): Our CRM system stores contact and lead data. HubSpot provides EU standard contractual clauses and a Data Processing Agreement to ensure data protection.

Zapier (USA): Automates data transfer from forms to HubSpot. Uses encryption in transit.

Jotform (USA): Surveying tool. Used for qualification survey, gathering customer data, and customer feedback surveys. Jotform prioritizes data security through a multi-layered approach, including 256-bit SSL encryption, form encryption options, and compliance with industry standards like HIPAA, GDPR, and PCI DSS. If you use it, its privacy policy applies.

Google (USA): Google Forms and Google Analytics. Google (as a processor/controller) operates under its own privacy commitments. We will obtain your consent before activating Google Analytics​.

Calendly (USA): Scheduling tool; if you use it, its privacy policy applies.

Payment Processors (e.g. Stripe, PayPal): We share billing details (name, address, transaction amount) to process payments. Payment processors operate under their own compliant terms.

Other Third Parties: We may engage email marketing services (e.g. Mailchimp) or social media plugins. These providers act as separate controllers or processors under their own policies.

Personal data may be transferred from the EU/UK to the US. We ensure such transfers are covered by appropriate safeguards (standard contractual clauses or adequacy decisions) as required by GDPR/UK GDPR.

Cookies and Tracking: We use cookies for essential site functionality and optional analytics. We will only activate non-essential cookies (e.g. Google Analytics, Hubspot) after obtaining your explicit consent​. You can decline or withdraw consent in your browser settings or via our cookie banner. Please see our Cookie Notice for details.

Your Rights: If you are a resident of the EU or UK, you have certain rights under GDPR/UK GDPR (and now under New Jersey’s 2025 Data Protection Act for NJ residents) in relation to your personal data. These include:

Access: You can request a copy of the personal data we hold about you.

Rectification: You can request correction of inaccurate or incomplete data.

Erasure (“Right to be Forgotten”): You can request deletion of your data if it is no longer needed or was processed unlawfully.

Restriction of Processing: You can ask us to limit how we use your data in certain situations.

Data Portability: You can request a machine-readable copy of your data to transfer to another controller.

Objection: You can object to our processing of your data based on legitimate interests or for direct marketing.

Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time.

For UK visitors, the ICO explains that these rights include the right to access and copy your data, be informed, and have data erased or restricted​. New Jersey’s Data Protection Act similarly requires us to provide instructions on how you can exercise these rights, to publish our contact information, and to notify you of material changes to this policy​.

Exercising Your Rights: To exercise any of these rights or ask questions, please contact us at the above email. We will respond within one month (or two months if complex). We may require proof of identity to process your request. If you are not satisfied with our response, you have the right to lodge a complaint with a supervisory authority (e.g. the New Jersey Division of Consumer Affairs or an EU/UK data protection authority).

Data Retention: We retain your personal data only as long as necessary for the purposes above or as required by law. For example, lead/contact records may be kept for a few years in case of follow-up; client documents are retained as needed for tax or legal obligations (typically up to 7 years).

Security: We implement appropriate technical and organizational safeguards (encryption, access controls, etc.) to protect your data. No internet transmission is 100% secure, but we strive to protect your data.

Children: Our site is not intended for children. We do not knowingly collect data from anyone under 16. If you believe we have, please contact us and we will delete it.

Updates: This Privacy Policy may be updated to reflect changes in law or practice. We will post the revised date at the top. Material changes will be communicated on our site or via email.

Consent Statements:

Consent to Processing: By submitting your data through our forms or signing up for services, you consent to the processing of your personal data as described above.

Communications Consent: By providing contact details, you consent to receive communications from us (e.g. newsletters, marketing, scheduling links, invoices). You may opt out of marketing communications at any time.

Cookies, Analytics, and Marketing Consent: By using our website, you consent to the use of cookies, analytics, and marketing tracking as described. You can reject non-essential cookies via browser settings​.

Invoicing & Payment: By becoming a client, you agree that we may send you electronic invoices and payment reminders, and that you will provide necessary information (name, address, payment info) to process payments.