Effective Date: 27/11/2025
Last Updated: 27/11/2025
This Privacy Policy explains how MILHOUS ASSOCIATES (“Company”, “we”, “us”, “our”) collects, uses, discloses, and protects the personal data of individuals who access or use the website https://www.milhousassociates.com (“Website”).
We are committed to safeguarding your personal data in accordance with:
- European Union General Data Protection Regulation (GDPR)
- UK GDPR (if applicable)
- California Consumer Privacy Act (CCPA/CPRA)
- Other U.S. State Privacy Laws (Virginia VCDPA, Colorado CPA, Connecticut CTDPA)
If you do not agree with this Policy, please discontinue using the Website.
1. Data Controller
The Data Controller responsible for your personal data under GDPR is:
Company Name: MILHOUSE ASSOCIATES
Legal Form: […]
Registered Address: […]
Email: info@milhousassociates.com
Phone: […]
Data Protection Officer (if applicable): […]
2. Personal Data We Collect
We may collect the following categories of data:
2.1 Data Provided Directly by You
- Name […]
- Email address […]
- Phone number […]
- Company name […]
- Messages sent via contact forms
- Newsletter sign-up information
2.2 Automatically Collected Data
Through cookies, analytics tools, and server logs:
- IP address
- Browser type/version
- Device information
- Pages viewed on the Website
- Referring URLs
- Time spent on pages
- Error logs
2.3 Cookies and Tracking Technologies
We use:
- Essential cookies (functional)
- Analytics cookies (with consent in EU)
- Advertising/behavioral cookies (with consent in EU)
See Section 12 for full Cookie Policy.
2.4 Data from Third Parties
We may receive information from:
- Email marketing platforms
- Analytics providers
- Advertising partners
3. Legal Basis for Processing (GDPR)
We process your data under one or more of the following bases:
| Purpose | Legal Basis |
|---|---|
| Contacting you | Legitimate interest (Art. 6(1)(f)) or Contract (Art. 6(1)(b)) |
| Newsletter | Consent (Art. 6(1)(a)) |
| Analytics | Consent (Art. 6(1)(a)) |
| Website functionality | Legitimate interest (Art. 6(1)(f)) |
| Security, fraud prevention | Legal obligation (Art. 6(1)(c)) |
4. Purposes of Processing
We use your personal data to:
- Provide, operate, and maintain the Website
- Respond to your inquiries
- Send newsletters or marketing communications (only if opted in)
- Improve Website performance and user experience
- Run analytics and statistical analysis
- Detect security threats or fraud
- Comply with legal obligations
5. Data Sharing and Disclosure
We may share your data with:
Service Providers / Processors (GDPR)
Such as:
- Hosting provider TOPHOST
- Email platforms TOPHOST
- Analytics tools Google Analytics
All third parties are contractually bound to meet GDPR requirements.
Legal & Regulatory Authorities
Where required by law.
Business Transfers
In the event of a merger, acquisition, or restructuring.
We never sell personal data, but under some U.S. laws sharing for targeted advertising may be considered a “sale/share.”
6. International Data Transfers (GDPR Chapter V)
If data is transferred outside the EU/EEA, we rely on:
- Adequacy decisions, or
- Standard Contractual Clauses (SCCs), or
- EU–US Data Privacy Framework (if using certified U.S. vendors like Google)
Destination countries where data may be transferred: USA, IRELAND.
7. Retention Periods
We retain personal data only as long as necessary:
- Contact form submissions: 12 months
- Newsletter data: until consent is withdrawn
- Analytics data: 12 months
- Contractual data: 1 year for legal compliance
After the retention period expires, data is securely deleted or anonymized.
8. Security Measures
We implement Technical and Organizational Measures (TOMs), including:
- Encryption (in transit & at rest where applicable)
- Secure servers and firewalls
- Access controls and authentication
- Data minimization
- Staff confidentiality obligations
9. Your GDPR Rights (EU & UK Users)
You may exercise:
- Right to access
- Right to rectification
- Right to erasure (right to be forgotten)
- Right to restriction
- Right to data portability
- Right to object
- Right to withdraw consent
- Right to lodge a complaint with a Supervisory Authority
Contact: info@milhousassociates.com
Supervisory Authority Example: Hellenic DPA (www.dpa.gr).
10. Your Rights Under U.S. Privacy Laws (CCPA/CPRA & others)
California residents have the right to:
- Know what categories of data are collected
- Know sources of data
- Know business purposes for collection
- Access your personal data
- Request deletion
- Correct inaccurate data
- Opt out of “sale” or “sharing” of personal data
- Limit the use of sensitive personal information
- Receive equal service and price even if exercising privacy rights
How to Exercise:
Email: info@milhousassociates.com
Response time: 45 days (extendable once by 45 days)
“Do Not Sell or Share My Personal Information”
We do not sell personal information.
11. Children’s Privacy (COPPA)
This Website is not intended for children under 13.
We do not knowingly collect data from children.
If you believe we have collected such data, contact us at: info@milhousassociates.com
12. Cookie Policy
We use cookies for functionality, performance, analytics, and personalization.
12.1 Cookie Consent (EU Only)
Non-essential cookies require explicit opt-in consent.
12.2 Cookie Table
| Cookie | Type | Provider | Purpose | Duration |
|---|---|---|---|---|
| _ga | Analytics | Analyze user behavior | 2 years | |
| […] | […] | […] | […] | […] |
12.3 Managing Cookies
You can adjust settings in your browser: Chrome, Safari, Firefox, Edge, Opera, Android, iOS, etc.
13. Third-Party Links
External sites linked on the Website have their own privacy policies, and we are not responsible for their content or practices.
14. Changes to This Policy
We may update this Policy periodically. Updated versions will be posted on this page.
15. Contact
For any privacy-related questions:
Company Name: MILHOUS ASSOCIATES
Email: info@milhousassociates.com
Address: […]
Phone: […]