Privacy Policy

At The Rē Method, operated by Johnred Kristian Demafeliz ("we," "us," or "our"), your privacy matters deeply. This Privacy Policy is meticulously crafted to explain in detail how we collect, use, protect, and handle your personal information when you visit our website, submit a form, engage with our services, or otherwise interact with us online.

We are unwavering in our commitment to complying with applicable global data protection laws, including the stringent requirements of the General Data Protection Regulation (GDPR) for individuals residing within the European Economic Area (EEA) and the United Kingdom (UK), and the robust provisions of the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), for consumers in the State of California. Our aim is to provide clear transparency about our data practices and empower you with control over your personal information.

1. Who We Are

The Rē Method is a dedicated, solo-operated email marketing studio. Johnred Kristian Demafeliz functions as the primary Data Controller, meaning he determines the purposes and means of processing your personal data. This clear designation ensures direct accountability for your information.

2. Information We Collect

When you interact with The Rē Method, we may collect various types of personal information, which identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. This collection is always conducted with your privacy in mind, aiming only for data that is relevant and necessary for the services we provide.

In the preceding twelve (12) months, we have collected the following categories of personal information from consumers:

• Identifiers: This includes fundamental details such as your name, email address, a unique personal identifier assigned to your interactions (e.g., a session ID or device ID), your online identifier, and your Internet Protocol (IP) address. These identifiers are crucial for establishing and maintaining your connection to our services, enabling communication, and ensuring the secure delivery of information.
• Commercial Information: This category encompasses brand-related information that you voluntarily provide, such as your website URL and your company's approximate revenue range. This data is directly relevant to assessing your eligibility for our specialized services and understanding your business context to provide the most effective strategies.
• Internet or Other Similar Network Activity: This includes information automatically collected regarding your interaction with our website, application, or online advertisements. Examples include your browsing history on our site, search queries you make within our platform, and general information regarding your engagement with various website features (collected via Google Analytics, if enabled). This data helps us understand user behavior patterns to optimize site performance and content relevance.
• Inferences Drawn from Other Personal Information: From the data points collected, we may create a profile reflecting your preferences, characteristics, or behavior related to your interest in our services. For instance, based on your interactions with our content, we might infer which service areas (e.g., audit vs. strategic consulting) are most relevant to your needs, allowing us to tailor our insights more effectively.
• Inquiry Data: This specifically refers to your detailed responses to intake forms related to audit applications or general service inquiries. This information is directly used to understand your specific requirements and to initiate the service delivery process.

Sources of Personal Information: We obtain the categories of personal information listed above from the following sources:

• Directly from you: This is the primary source, occurring when you actively fill out forms on our website (e.g., contact forms, audit application forms), directly apply for an audit, or engage in email communications with us. Your explicit input is central to our data collection.
• Indirectly from you: This occurs through your passive interactions with our website, primarily via website usage data collected through analytics tools. For example, when you navigate through pages, the system anonymously records your visit patterns, helping us to identify popular content or areas for improvement.

We want to emphasize that we uphold a strict policy against collecting sensitive personal data (e.g., health information, racial or ethnic origin, sexual orientation, genetic data) unless it is explicitly provided by you for a very specific, transparent purpose, and only with your unequivocal, explicit consent.

3. How We Use Your Personal Information and Legal Basis for Processing

We use the personal information we collect for one or more of the following clearly defined business purposes, always ensuring a valid legal basis for processing, particularly for individuals covered by GDPR:

• To fulfill or meet the reason you provided the information (e.g., to review your audit application, deliver the specific services you have engaged us for). This is fundamental to our service offering.
  • Legal Basis (GDPR): Performance of a Contract, as processing is necessary for the fulfillment of our agreement with you.
• To communicate with you via email regarding your inquiries, service delivery, project updates, or other essential service-related information. Timely and relevant communication is vital for effective collaboration.
  • Legal Basis (GDPR): Performance of a Contract (for service-related communications), Legitimate Interests (for broader updates where appropriate), Consent (if required for specific types of communication).
• To deliver insights, strategies, or updates as an integral part of the services you receive from us. This includes providing the core value proposition of The Rē Method.
  • Legal Basis (GDPR): Performance of a Contract, as this is a key component of the service provision.
• To improve our website functionality and user experience, and for internal purposes such as testing, research, and product development. This continuous improvement ensures a better and more efficient service for all users.
  • Legal Basis (GDPR): Legitimate Interests, as these activities are necessary for the growth and enhancement of our business and services.
• To send occasional content, industry insights, updates about The Rē Method, or other marketing communications. This is done exclusively if you have explicitly opted in for such communications, giving you full control over what promotional content you receive.
  • Legal Basis (GDPR): Consent (for direct marketing where required), Legitimate Interests (for non-intrusive service-related updates to existing clients).
• To detect security incidents and protect against malicious, deceptive, fraudulent, or illegal activity. Safeguarding our systems and your data is a top priority.
  • Legal Basis (GDPR): Legitimate Interests (protecting our business and users), Legal Obligation (where laws mandate security measures).
• To respond to law enforcement requests as required by applicable law, court order, or governmental regulations. This ensures our compliance with legal frameworks.
  • Legal Basis (GDPR): Legal Obligation.

We want to reiterate with absolute clarity that we do not sell, rent, or otherwise share your personal data with third parties for their independent marketing or commercial purposes. Our business model is built on providing value through our services, not through monetizing your personal information. In the preceding twelve (12) months, we have strictly adhered to this principle and have not sold any personal information. Furthermore, we do not engage in sharing your personal information for cross-context behavioral advertising.

4. Tools We Use

We rely on carefully selected, trusted third-party platforms to deliver our services and operate securely. These platforms act as data processors on our behalf, and we ensure they maintain robust privacy and security standards in alignment with our commitments:

• Tally.so: Utilized for secure intake form collection. Tally.so ensures that the information you provide through forms is transmitted and stored with strong encryption, safeguarding your initial interactions with us.
• Beehiiv: Employed for managing and sending email communications. Beehiiv helps us efficiently deliver newsletters, service updates, and direct responses, adhering to strict email deliverability and privacy protocols.
• Zapier: Used for automating various workflows between different applications. Zapier acts as a secure bridge, ensuring data flows smoothly and securely between our tools without manual intervention that could introduce errors or vulnerabilities.
• Google Analytics: Implemented for basic website performance tracking (if enabled). Google Analytics helps us gather anonymized insights into website traffic and user behavior patterns, allowing us to understand how our site is used and identify areas for improvement. Data collected is aggregated and does not directly identify individuals.

These providers are chosen for their industry-standard security practices and their commitment to complying with relevant data protection laws, complementing our own efforts to protect your data.

5. Cookies

This site may use cookies for basic analytical purposes and to enhance your user experience. Cookies are small text files placed on your device by websites that you visit. They allow a website to "remember" you or your preferences. We may use:

• Essential Cookies: Necessary for the website to function properly, enabling core functionalities like navigation.
• Analytics Cookies: Used to collect information about how visitors use our website, such as which pages are visited most often, helping us to improve content and overall user experience.

You retain full control over cookies. You can manage or disable cookies through your browser settings at any time. Please be aware that disabling certain cookies may affect the functionality or features available on our website.

6. Data Security, Minimization, and Retention

We are deeply committed to the security of your personal data. We implement appropriate technical and organizational measures designed to protect your information from unauthorized access, accidental loss, alteration, disclosure, or destruction. These measures include, but are not limited to, using secure servers, access controls, data encryption (both in transit and at rest), and regular security audits of our systems and third-party tools.

Our approach to data collection adheres to the principle of data minimization. We collect only the personal data that is strictly necessary for the specific purposes for which it is processed. We do not gather excessive information or data that is irrelevant to our service provision.

Furthermore, we employ a defined data retention policy. We retain your personal data only for as long as is necessary to fulfill the purposes for which it was collected, including for satisfying any legal, accounting, or reporting requirements. Once your data is no longer required for these purposes, it is securely deleted or anonymized.

7. International Data Transfers

As The Rē Method is operated by Johnred Kristian Demafeliz from the Philippines, your personal data may be transferred to, and processed in, the Philippines and other countries outside the European Economic Area (EEA) and the UK. These countries may not have the same level of data protection laws as your home country.

When we transfer your data outside the EEA/UK, we ensure a similar degree of protection is afforded to it by implementing appropriate safeguards. This may include reliance on adequacy decisions by the European Commission (where a country is deemed to provide an adequate level of data protection) or the implementation of Standard Contractual Clauses (SCCs) approved by the European Commission, which provide contractual obligations to protect your data.

8. Your Data Protection Rights

You have specific and fundamental rights regarding your personal information. We are committed to honoring these rights fully and transparently, depending on your location and the applicable data protection laws.

For Individuals in the EEA and UK (under GDPR):

• The Right to Be Informed: You have the fundamental right to be informed about the collection and use of your personal data. This comprehensive policy serves to fulfill that right by providing detailed transparency.
• The Right of Access: You have the right to request copies of the personal data we hold about you, allowing you to verify its accuracy and the lawfulness of our processing.
• The Right to Rectification: You have the right to request that we correct any information you believe is inaccurate or to complete information you believe is incomplete, ensuring your data is always up-to-date and correct.
• The Right to Erasure ("Right to Be Forgotten"): You have the right to request that we erase your personal data under certain conditions, such as when the data is no longer necessary for the purposes for which it was collected.
• The Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data under certain conditions, such as when you contest the accuracy of the data or object to its processing.
• The Right to Object to Processing: You have the right to object to our processing of your personal data, particularly when it's based on legitimate interests or for direct marketing purposes, providing you with a means to control how your data is used for certain activities.
• The Right to Data Portability: You have the right to request that we transfer the data that you have collected to another organization, or directly to you, in a structured, commonly used, and machine-readable format, under certain conditions.
• Rights in Relation to Automated Decision Making and Profiling: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. (Note: We explicitly state that we do not engage in such automated decision-making that falls under this specific category).

For California Consumers (under CCPA/CPRA):

• Right to Know: You have the right to request that we disclose to you the categories and specific pieces of personal information we have collected about you, the categories of sources from which the personal information is collected, the business or commercial purpose for collecting, selling, or sharing personal information, the categories of third parties to whom we disclose personal information, and the categories of personal information that we sold, shared, or disclosed for a business purpose. This empowers you with comprehensive insight into our data practices.
• Right to Delete: You have the right to request that we delete any of your personal information that we have collected from you, subject to certain exceptions as permitted by law (e.g., to complete a transaction, detect security incidents).
• Right to Correct Inaccurate Personal Information: You have the right to request that we correct inaccurate personal information that we maintain about you, ensuring the accuracy of your records.
• Right to Opt-Out of Sale/Sharing: You have the right to request to opt-out of the "sale" or "sharing" of your personal information. As we have clearly stated, we do not sell your personal information. Furthermore, we do not engage in "sharing" your personal information for cross-context behavioral advertising.
• Right to Limit Use and Disclosure of Sensitive Personal Information: As we do not intentionally collect sensitive personal information as defined by CPRA, this right is noted for completeness.
• Right to Non-Discrimination: You have the right not to receive discriminatory treatment for exercising your CCPA/CPRA rights. We will not deny you services, charge you different prices, or provide a different level or quality of services if you choose to exercise your privacy rights.

9. Exercising Your Rights

To exercise any of the rights described above, please submit a verifiable consumer request to us by emailing:

johnred.demafeliz@theremethod.com

Verifiable Consumer Request: To protect your privacy and security, only you, or a person registered with the California Secretary of State that you authorize to act on your behalf (an "authorized agent"), may make a verifiable consumer request related to your personal information. For us to process your request efficiently and accurately, the request must:

• Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized agent acting on their behalf. This may involve matching information provided in your request with personal information we already maintain.
• Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We may need to request additional information from you to verify your identity or authority to make the request, ensuring that personal data is only disclosed to the rightful individual or their authorized representative. We will only use personal information provided in a verifiable consumer request to verify the requestor's identity or authority. We are committed to a timely response: we will respond to your request within one month (for GDPR-related requests) or within 45 days (for CCPA/CPRA-related requests), with a possible extension for complex requests, in which case we will notify you of the extension and the reason for it.

10. Complaints

If you have concerns about our processing of your personal data, particularly regarding GDPR compliance, you have the right to lodge a complaint with a supervisory authority in your country of residence within the EEA/UK. We encourage you to contact us directly first so we can attempt to resolve any issues.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. Any changes will be posted on this page with a revised effective date prominently displayed at the top of the document. We encourage you to review this policy periodically to stay informed about how we are protecting your information. Your continued use of our website following the posting of changes constitutes your acceptance of such changes.

12. Contact

For any privacy-related questions, concerns, or to exercise your data protection rights, please do not hesitate to contact us. We are here to help and committed to addressing your inquiries promptly and thoroughly:

📧 johnred.demafeliz@theremethod.com