Privacy Policy

TMM Control is a professional business consulting firm providing advisory services in the areas of operational optimization, internal controls, compliance, management reporting, and financial control systems. We operate from our principal place of business at 4775 Walnut St, Boulder, CO 80301, United States.

For all matters relating to this Privacy Policy, including requests to exercise your data rights, questions about how we handle your personal information, or concerns about our privacy practices, you may contact us using the following details:

• Email: info@tmm-control.com
• Phone: +1 (785) 554-0998
• Mailing Address: 4775 Walnut St, Boulder, CO 80301

We aim to respond to all privacy-related inquiries within five business days of receipt. For formal data subject requests, our response time may extend to 30 days in accordance with applicable law.

This Privacy Policy applies to all personal information collected and processed by TMM Control through the following channels and activities:

• Your use of and interactions with our website located at tmm-control.com and any associated subdomains or digital properties
• Submission of inquiry forms, contact forms, or any other data submission mechanisms on our website
• Email, telephone, or written communications initiated by you in connection with our services
• The provision of consulting services to client organizations, including information about individual contacts at client companies
• Business development and marketing activities including networking events, referrals, and outreach

This policy does not apply to the personal information of TMM Control employees, which is governed by separate internal employment privacy notices. This policy also does not govern the privacy practices of third-party websites that may be linked from our website. We encourage you to review the privacy policies of any third-party services you access through links on our platform.

TMM Control collects personal information only to the extent necessary for the purposes described in this policy. The categories of personal information we may collect include the following:

Identity and Contact Information: This includes your full name, job title, company or organization name, business email address, business telephone number, and business mailing address. This information is collected when you submit an inquiry, enter into a consulting engagement, or otherwise communicate with us.

Professional and Organizational Information: In the course of consulting engagements, we may collect information about your professional role, responsibilities, areas of expertise, and your organization's structure, operations, financial data, and business processes. This information is provided voluntarily by you or your organization as part of the consulting relationship.

Communications Data: We retain records of communications between you and TMM Control, including emails, meeting notes, and written correspondence, to the extent necessary to manage our business relationship and fulfill our contractual obligations.

Technical and Usage Data: When you visit our website, we automatically collect certain technical information including your IP address, browser type and version, operating system, referring URLs, pages visited, time spent on pages, and other standard web analytics data. This information is collected through cookies and similar tracking technologies as described in our Cookie Policy.

Financial Information: In connection with billing and payment processing, we may collect information necessary to issue invoices and receive payment, including billing address and payment reference information. We do not store complete credit card or banking details on our systems; payment processing is handled through secure third-party payment processors.

TMM Control collects personal information through the following means:

• Direct Submission: Information you actively provide to us by completing forms on our website, sending us emails, calling us, or engaging with us in person at business events or meetings.
• Automated Technologies: Information collected automatically when you interact with our website through cookies, web beacons, server logs, and similar technologies. Please refer to our Cookie Policy for detailed information on our use of these technologies.
• Third Parties: We may receive information about you from third parties including business referral partners, professional networking platforms such as LinkedIn, publicly available business directories, and from the client organizations that engage our services and identify you as a point of contact.
• Engagement Documentation: Information generated during the course of a consulting engagement, including data you share with us during interviews, workshops, document reviews, and analysis sessions.

We do not purchase personal data lists from data brokers or engage in unsolicited mass communications to individuals who have not expressed interest in our services or who are not existing business contacts.

Where applicable data protection law requires a legal basis for processing personal data, TMM Control relies on the following legal bases depending on the context of the processing activity:

• Contractual Necessity: Processing is necessary for the performance of a contract with you or to take steps at your request prior to entering into a contract. This basis applies to all processing activities related to the delivery of consulting services under an engagement agreement.
• Legitimate Interests: Processing is necessary for the purposes of the legitimate interests pursued by TMM Control or a third party, provided these interests are not overridden by your fundamental rights and freedoms. This includes processing for business development, client relationship management, website analytics, and service improvement.
• Legal Obligation: Processing is necessary for compliance with a legal obligation to which TMM Control is subject, including tax record-keeping, regulatory reporting requirements, and responses to lawful requests from government authorities.
• Consent: Where we rely on your consent as the legal basis for processing, such as for optional marketing communications, you have the right to withdraw that consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

For California residents, the above legal bases correspond generally to the business purposes and commercial purposes defined under the California Consumer Privacy Act and its amendments.

TMM Control uses the personal information we collect for the following purposes:

• Service Delivery: To respond to your inquiries, conduct diagnostic conversations, prepare proposals, execute consulting engagements, deliver reports and recommendations, and provide all other services requested by you or your organization.
• Client Relationship Management: To manage our ongoing business relationship with you and your organization, including account management, communication, scheduling, and coordination of engagement activities.
• Billing and Financial Administration: To issue invoices, process payments, manage accounts receivable, and maintain accurate financial records as required by applicable law and sound business practice.
• Legal and Compliance Purposes: To comply with applicable laws and regulations, respond to legal requests and court orders, enforce our Terms of Service and engagement agreements, and protect the rights and interests of TMM Control and our clients.
• Website Improvement and Analytics: To understand how visitors use our website, identify technical issues, improve website functionality and user experience, and measure the effectiveness of our online presence.
• Business Development and Marketing: To communicate with existing and prospective clients about our services, insights, and industry developments, where we have a legitimate basis or your consent to do so. You may opt out of marketing communications at any time.
• Security and Fraud Prevention: To detect, investigate, and prevent fraudulent activity, unauthorized access, and other threats to the security of our systems and client information.

We do not use personal information for automated decision-making or profiling that produces legal or similarly significant effects without human review and, where required, explicit consent.

TMM Control does not sell, rent, or trade personal information to third parties. We may share personal information with third parties only in the following limited circumstances:

• Service Providers and Subcontractors: We may share information with carefully selected third-party service providers who assist us in operating our business, including cloud storage providers, email and communication platforms, project management tools, accounting software providers, and payment processors. All such service providers are contractually obligated to use the information only for the purposes for which it was shared and to maintain appropriate security standards.
• Specialist Consultants: Where an engagement requires expertise beyond our core team, we may engage specialist subcontractors or advisors. These individuals are bound by confidentiality agreements before receiving access to any client information.
• Legal Requirements: We may disclose personal information when required to do so by applicable law, regulation, court order, or other legal process, or when we believe disclosure is necessary to protect the rights, property, or safety of TMM Control, our clients, or the public.
• Business Transfers: In the event of a merger, acquisition, restructuring, or sale of all or a portion of TMM Control's business, personal information may be transferred to the acquiring entity, subject to equivalent privacy protections.
• With Your Consent: We may share information in other circumstances with your explicit prior consent.

When we share personal information with third-party service providers, we require them to implement appropriate technical and organizational security measures and to process the information only on our documented instructions.

TMM Control retains personal information only for as long as necessary to fulfill the purposes for which it was collected, to meet our legal and contractual obligations, and to resolve any disputes that may arise. The following general retention principles apply:

• Consulting Engagement Records: Personal information related to consulting engagements, including contact information, engagement documentation, and communications, is retained for a period of seven years following the conclusion of the engagement. This period is based on standard business record-keeping requirements and applicable statutes of limitations.
• Financial Records: Invoices, payment records, and related financial documentation are retained for a minimum of seven years from the date of the transaction in accordance with applicable tax and accounting regulations.
• Website Inquiry Data: Contact form submissions and inquiry records from individuals who do not proceed to a consulting engagement are retained for a period of two years from the date of the inquiry, after which they are securely deleted.
• Website Analytics Data: Aggregated and anonymized website usage data collected through analytics tools is retained in accordance with the retention settings of the relevant analytics platform, typically not exceeding 26 months for individual session data.
• Marketing Contact Records: Contact information maintained for the purpose of marketing communications is retained until you opt out or request deletion, at which point it is removed from our marketing systems promptly.

At the end of the applicable retention period, personal information is securely deleted or anonymized so that it can no longer be attributed to an individual. Where deletion is not immediately technically feasible, the information is isolated from further processing until deletion can be completed.

Depending on your location and applicable data protection law, you may have the following rights with respect to your personal information held by TMM Control:

• Right of Access: You have the right to request a copy of the personal information we hold about you, along with information about how we use it.
• Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal information we hold about you.
• Right to Erasure: You have the right to request deletion of your personal information in certain circumstances, such as when the information is no longer necessary for the purposes for which it was collected, or when you withdraw consent and no other legal basis applies.
• Right to Restriction of Processing: You have the right to request that we restrict the processing of your personal information in certain circumstances, such as while a dispute about accuracy is being resolved.
• Right to Data Portability: Where processing is based on consent or contractual necessity and is carried out by automated means, you have the right to receive your personal information in a structured, commonly used, and machine-readable format.
• Right to Object: You have the right to object to processing based on legitimate interests, including processing for direct marketing purposes, in which case we will cease that processing unless we can demonstrate compelling legitimate grounds that override your interests.
• California Residents: Under the CCPA, California residents have the right to know what personal information is collected, the right to delete personal information, the right to opt out of sale of personal information (TMM Control does not sell personal information), and the right to non-discrimination for exercising your privacy rights.

To exercise any of the rights described above, please submit a written request to info@tmm-control.com. We will respond to verified requests within 30 days. We may need to verify your identity before processing your request. We will not discriminate against you for exercising any of your privacy rights.

TMM Control is based in the United States and processes personal information primarily within the United States. If you are located outside the United States and provide personal information to us, please be aware that your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country of residence.

Where we transfer personal information from the European Economic Area, the United Kingdom, or other jurisdictions with data transfer restrictions to countries that have not been recognized as providing an adequate level of data protection, we implement appropriate safeguards to ensure that your personal information receives an equivalent level of protection. Such safeguards may include the execution of standard contractual clauses approved by relevant data protection authorities, or reliance on other lawful transfer mechanisms.

By using our website or engaging our services from outside the United States, you acknowledge that your personal information may be processed in the United States as described in this policy. If you have questions about international data transfers, please contact us at info@tmm-control.com.

TMM Control's website and consulting services are directed exclusively toward business professionals and organizations. We do not knowingly collect personal information from individuals under the age of 18. Our website is not designed for or targeted at children, and we do not have actual knowledge of collecting personal information from children under 13 years of age.

If we become aware that we have inadvertently collected personal information from a child under the age of 13, we will take immediate steps to delete that information from our systems. If you believe that we may have collected information from a child, please contact us immediately at info@tmm-control.com.

TMM Control takes the security of personal information seriously and implements a range of technical and organizational measures designed to protect your information from unauthorized access, alteration, disclosure, or destruction. Our security practices include:

• Encryption of data in transit using industry-standard TLS protocols for all web communications and email transmissions involving sensitive information
• Encryption of sensitive data at rest within our storage systems
• Access controls and authentication requirements that limit access to personal information to authorized TMM Control personnel who have a specific need to access that information in connection with their work
• Regular review of our information security practices and systems to identify and address potential vulnerabilities
• Confidentiality agreements with all staff and contractors who may access personal information in the course of their work
• Secure disposal protocols for physical and digital records containing personal information at the end of the applicable retention period

While we implement these measures and take reasonable steps to protect your personal information, no method of transmission over the internet or method of electronic storage is completely secure. We cannot guarantee the absolute security of your information. In the event of a security breach affecting your personal information, we will notify you as required by applicable law.

Our website may contain links to third-party websites, services, or resources that are not owned or controlled by TMM Control. This Privacy Policy applies solely to information collected by TMM Control and does not govern the privacy practices of any third-party platforms or services.

We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party websites or services. We encourage you to review the privacy policy of every website you visit and every third-party service you use. The inclusion of a link on our website does not imply our endorsement of the linked site or service.

Our website may use third-party analytics, advertising, and functionality tools that collect information about your use of our website. These third-party services operate under their own privacy policies and terms of service. For more information about third-party technologies used on our website, please refer to our Cookie Policy.

TMM Control may update this Privacy Policy from time to time to reflect changes in our data processing practices, applicable law, or business operations. When we make material changes to this policy, we will update the effective date at the top of the document. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal information.

If we make changes that materially affect your rights or the way we use your personal information in ways that require your consent, we will take appropriate steps to notify you and, where required, to obtain your consent before the changes take effect. Continued use of our website or services following the publication of an updated Privacy Policy constitutes your acknowledgment of the changes.

If any provision of this Privacy Policy is found to be invalid or unenforceable under applicable law, the remaining provisions shall continue in full force and effect. This Privacy Policy is governed by and shall be construed in accordance with the laws of the State of Colorado.

If you have any questions, concerns, or complaints about this Privacy Policy or our data processing practices, we encourage you to contact us directly. We take all privacy concerns seriously and will investigate and respond to your inquiry promptly.

If you are located in the European Economic Area or the United Kingdom and are not satisfied with our response to your complaint, you have the right to lodge a complaint with the relevant supervisory authority in your country of residence. A list of EU data protection authorities is available at the website of the European Data Protection Board. The UK supervisory authority is the Information Commissioner's Office.

For California residents who wish to exercise their rights under the CCPA or who have concerns about our compliance with California privacy law, please submit your request in writing to the contact information below. We will respond within the timeframes required by applicable law.