Privacy Policy
Effective Date: September 2025
Who We Are: SEOG LLC (dba MediMarketing) (“MediMarketing,” “we,” “us,” “our”)
Contact: privacy@medimarketing.com
1) Scope
This Privacy Policy explains how we collect, use, disclose, and protect Personal Information when you visit medimarketing.com, interact with our forms/ads, or receive our emails, and when we process contact data in our CRM/automation platform on behalf of business customers.
2) Roles
- Controller: For our website, marketing, and our own customer accounts, SEOG LLC (dba MediMarketing) is the data controller.
- Processor/Service Provider: When business customers upload contact lists or collect leads via our forms and instruct us to send messages, we act as their processor/service provider (e.g., under GDPR/CCPA). We process data only on documented instructions and maintain Data Processing Agreements with key vendors (e.g., HighLevel, Mailgun).
3) What We Collect
- Identifiers & Contact Data: Name, email, phone, postal address, company, role.
- Commercial/Preference Data: Form responses, subscription settings, campaign interactions (opens, clicks, unsubscribes), and suppression status.
- Internet/Device Data: IP address, device/browser info, pages viewed, UTM parameters, cookies/pixels.
- Inferred Data: Segments or scores derived from the above.
We do not solicit or knowingly collect PHI via public web forms; do not submit PHI unless you have a BAA with us and are using designated, compliant channels.
4) Sources
Directly from you; from your employer or service provider when they use our platform; or automatically via our site and emails (e.g., standard analytics and deliverability events).
5) How We Use Personal Information
- Provide, secure, and improve the Services.
- Respond to inquiries; deliver requested content.
- Email marketing where permitted: We send messages only with consent or as allowed by law and always include an unsubscribe. We keep suppression lists to respect opt‑outs and complaints. For bulk sends to Gmail/Yahoo, we support one‑click unsubscribe and process requests within two (2) days; in any case, CAN‑SPAM opt‑outs are honored no later than 10 business days.
- Detect/prevent abuse; maintain health of sending domains and IPs (e.g., bounce/complaint controls).
- Comply with law; enforce our Terms.
6) Legal Bases (GDPR/UK GDPR)
Where applicable, we rely on consent, contract necessity, legitimate interests (e.g., B2B marketing to subscribed/expecting recipients, service security), legal obligation, or vital/public interest as defined by law. Individuals have rights to be informed, access, rectify, erase, restrict, port, and object (including an absolute right to object to direct marketing). To exercise rights, email [privacy@medimarketing.com].
7) Your Choices
- Unsubscribe: Click the link in any marketing email (or email [privacy@medimarketing.com]). One‑click unsubscribe is supported for Gmail bulk sends.
- Cookie Controls: Use your browser settings or our cookie banner (if present) to manage cookies.
- Do‑Not‑Sell/Share (California): We do not sell Personal Information as “sell” is defined by the CCPA/CPRA and do not “share” it for cross‑context behavioral advertising. If this changes, we will provide a “Do Not Sell or Share My Personal Information” link and honor Global Privacy Control (GPC) signals.
8) Disclosures to Third Parties
We share Personal Information with service providers/processors under contracts that limit their use to our business purposes (e.g., HighLevel for CRM/automations, Mailgun for email). We may disclose data to comply with law, protect rights and safety, or in a merger/sale.
9) International Transfers
Where data is transferred internationally, we use appropriate safeguards (e.g., Standard Contractual Clauses) consistent with GDPR.
10) Data Retention
We keep Personal Information only as long as necessary for the purposes above, to meet legal obligations, resolve disputes, and maintain required consent/suppression records.
11) Security
We maintain appropriate technical and organizational measures (access controls, encryption in transit via TLS, least‑privilege practices, and vendor due diligence). Mailbox providers require authentication (SPF/DKIM/DMARC) and responsible sending; we align with those requirements.
12) Children
Our Services are not directed to children under 16. Do not submit data for children.
13) Regional Rights
- California (CCPA/CPRA): Rights to know, delete, correct, limit use of sensitive data, and opt‑out of sale/share, plus non‑discrimination. Submit requests to [privacy@medimarketing.com] or via our web form (if provided). We verify and respond within statutory timelines.
- EU/UK: See Section 6 for GDPR/UK GDPR rights and contact [privacy@medimarketing.com].
- Canada (CASL/PIPEDA): We obtain express consent (or limited implied consent under CASL), identify ourselves in each message, and include an unsubscribe mechanism; unsubscribe requests are honored within 10 business days.
14) Changes
We will update this Privacy Policy from time to time and revise the Effective Date above.