Privacy policy.

Nista & Associates, LLC owns and operates Nistacpa.com (referred to as the "Site"). For data protection inquiries, contact our data controller at: web@nistacpa.com

Objective

This privacy policy ("Privacy Policy") serves to inform Site users about:

  1. Personal information we gather;

  2. How collected information is utilized;

  3. Parties granted access to gathered data; and

  4. User rights regarding their information.

This Privacy Policy supplements our Site's terms and conditions.

GDPR Compliance

European Union users are protected under Regulation (EU) 2016/679 of the European Parliament and Council dated 27 April 2016, commonly called the General Data Protection Regulation ("GDPR"). United Kingdom users receive protection through the GDPR as incorporated into the Data Protection Act 2018.

We have not designated a Data Protection Officer since our operations do not meet the criteria requiring such appointment under GDPR Article 37.

User Consent

Site usage indicates user agreement to:

  1. Terms outlined in this Privacy Policy.

When consent forms the legal foundation for processing your personal information, you retain the right to revoke that consent at any time. Consent withdrawal does not affect the lawfulness of processing completed prior to withdrawal.

To withdraw consent, contact: web@nistacpa.com.

Processing Legal Foundation

We gather and process EU user personal information only when possessing valid legal grounds under GDPR Article 6.

Our legal foundations for collecting and processing EU user personal information include:

  1. User consent provided for specific processing purposes; and

  2. Processing necessity for taking pre-contractual steps requested by users or fulfilling service agreements. Failure to provide necessary personal information results in: Service non-completion.

Personal Information Collection

We collect only information essential to fulfilling our stated Privacy Policy objectives. Additional data collection beyond what is listed below will prompt user notification.

Non-Automatic Data Collection

Certain Site functions may require collecting:

  1. Email addresses.

Collection methods include:

  1. Request form submissions.

Personal Information Usage

Site-collected information serves only purposes outlined in this Privacy Policy or specified on relevant Site pages. Data usage will not exceed Privacy Policy disclosures.

Information collected during specific user functions may serve these purposes:

  1. Communication facilitation.

Personal Information Sharing

Staff Access

Organization members requiring reasonable access to user information for Privacy Policy objectives may receive such access.

Additional Disclosures

We prohibit selling or sharing your information with third parties except when:

  1. Legally mandated;

  2. Required for legal proceedings;

  3. Necessary to establish or defend our legal rights; and

  4. Disclosed to company buyers or prospective buyers during potential sale transactions.

Hyperlinks directing users from our Site to external sites operate under separate privacy policies beyond our responsibility or control.

Information Storage Duration

User information remains stored until collection purposes are fulfilled.

Extended storage periods will prompt user notification.

Information Protection Measures

Security measures include industry-standard browser encryption and secure facility server storage. Employee-only data access is maintained through confidentiality obligations.

Despite reasonable security precautions ensuring user protection, inherent risks remain. Internet security limitations prevent absolute user data security guarantees beyond practical measures.

User Rights

GDPR grants you these rights:

  1. Information right;

  2. Access right;

  3. Correction right;

  4. Deletion right;

  5. Processing restriction right;

  6. Data portability right; and

  7. Objection right.

Minors

We do not knowingly gather or utilize personal information from individuals under 16 years of age. Discovered collection from minors under 16 prompts immediate data deletion. Parents or guardians of minors under 16 who provided personal information may contact our privacy officer.

Data Access, Modification, Deletion, or Challenge

For inquiries about personal data collection, usage, disclosure recipients, data modification, deletion, or other GDPR rights exercise, contact our privacy officer: web@nistacpa.com

Do Not Track Declaration

Do Not Track ("DNT") represents a browser privacy setting. Since we do not track users across time or third-party websites, we do not respond to browser DNT signals.

Policy Amendments

This Privacy Policy may undergo periodic amendments to maintain legal compliance and reflect data collection process changes. Amendments will update the "Effective Date" at this Privacy Policy's beginning. We encourage users to regularly review our Privacy Policy for updates. When necessary, email notifications will inform users of Privacy Policy changes.

Grievances

For personal data processing complaints, contact us using the Contact Information section methods to facilitate resolution when possible. Unsatisfactory resolution may warrant supervisory authority contact.

Contact Information

For questions, concerns, or complaints, reach our privacy officer at: web@nistacpa.com