CICOR Marketing, Inc.
Privacy Policy & Terms of Use

1. Introduction & Scope

CICOR Marketing believes strongly in protecting your privacy. That’s why we’re committed to the Direct Marketing Association’s “Privacy Promise to American Consumers.” We have agreed to:

• Provide customers with notice of their ability to opt out of information rental, sale, or exchange with other marketers;
• Honor customers’ requests not to share their information with other marketers; and
• Honor customers’ requests not to receive mail, telephone, or other solicitations from CICOR Marketing, Inc.

CICOR Marketing (“we,” “us,” “our”) is committed to protecting your privacy and giving you control over how your information is collected, used, and shared. This Privacy Policy and Terms of Use (the “Policy”) describes:

• The types of personal information we collect;
• How we use, share, store, and protect that information;
• Your rights and choices regarding your data;
• Additional considerations for automated systems (CRM, AI, etc.);
• Special rules for users outside the U.S.;
• Our legal terms regarding notices, jurisdiction, etc.

By accessing or using our website, services, or communications, you consent to the practices described herein.

2. Information We Collect & Sources

2.1 Voluntarily Provided Information

When you interact with us (register, place an order, submit a form), we may collect:

• Identity & contact data: Name, email, phone, address, company information
• Transaction & communication history: Purchase records, service requests, support interactions
• User-generated content: Reviews, comments, feedback, uploaded files
• Preference data: Communication preferences, service interests, customization settings

2.2 Automatically Collected Information

Through cookies and tracking tools, we may collect:

• Technical data: IP address, browser type, device information, operating system
• Usage data: Page views, clicks, session times, navigation patterns
• Geolocation data: Approximate location based on IP address
• Performance data: Load times, error reports, feature usage

2.3 Third-Party Sources

We may obtain information from:

• Advertising networks: Google Ads, Facebook Ads, LinkedIn Ads
• Data enrichment platforms: ZoomInfo, Clearbit, HubSpot integrations
• Business partners: Referral partners, integration partners
• Public records: Business directories, professional networks, social media profiles

2.4 Biometric Data

We do not intentionally collect biometric identifiers such as fingerprints, voiceprints, or facial recognition data. If any such data is inadvertently collected through third-party integrations, it will be immediately deleted upon discovery.

3. Use of CRMs, AI & Automation

3.1 CRM Systems

CICOR Marketing uses the following CRM platforms:

• HubSpot: Lead management, contact tracking, email automation, marketing campaigns

Purpose:

• Manage customer and lead data
• Track interactions and communication history
• Automate follow-ups and record preferences
• Generate analytics and reporting
• Send marketing communications and newsletters

Access to CRM data is limited to authorized staff and third-party providers under strict confidentiality obligations.

3.2 AI & Automated Systems

We may use AI and automation for:

• Personalization and lead scoring: Customizing content and prioritizing leads
• Predictive analytics: Forecasting customer behavior and preferences
• Chatbots or automated replies: Providing immediate customer support
• Content optimization: Improving website and marketing materials
• Fraud detection: Identifying suspicious activities and protecting accounts

Where automated decisions may significantly impact users (such as service eligibility or pricing), we include human review as legally required and provide mechanisms for appeal.

3.3 Data Flows Between Systems

We maintain safeguards for data transfers, including:

• Encryption: All data transfers use TLS 1.2+ encryption
• Role-based access: Staff access limited by job function
• Audit logging: All data access and modifications tracked
• Opt-out tagging: Marketing preferences synchronized across all systems

4. How We Use Your Information

We use your data to:

• Fulfill services and orders
• Respond to inquiries and provide customer support
• Process payments and manage accounts
• Send relevant communications and updates
• Personalize experiences and recommendations
• Conduct analysis and improve our services
• Ensure security and comply with legal obligations
• Prevent fraud and maintain system integrity

4.1 Inbound Lead & Quote Inquiry Assurance

When you contact us for a quote or consultation, your information is used solely to respond to that inquiry. We will not:

• Subscribe you to unrelated communications without your explicit consent
• Use your information for marketing purposes unless you opt in
• Share it with third parties for unrelated purposes
• Contact you outside of normal business hours unless specified

4.2 SMS & Text Messaging

By providing your phone number, you may receive:

• Transactional messages: Appointment confirmations, order updates, support follow-ups
• Promotional messages: Marketing offers, service announcements (with consent only)

Consent: We will only send promotional SMS with your explicit opt-in through our website forms or verbal confirmation.

Opt-out: Reply “STOP” to any message, use our preference center, or contact us directly.

Frequency: Promotional messages: up to 4 per month. Transactional messages: as needed.

Compliance: All messaging complies with TCPA, CTIA guidelines, and carrier requirements.

5. Sharing & Disclosure

5.1 Service Providers and Vendors

We share data with trusted third parties who assist in our operations:

Vendor	Purpose	Data Shared
HubSpot	CRM and email marketing	Contact info, interaction history
Google Analytics	Website analytics	Usage data, demographics
QuickBooks Online	Payment processing and billing	Transaction data, billing info
Kinsta / Google Cloud	Cloud hosting and infrastructure	All data (encrypted)
CloudFlare	Edge server and security	Website traffic data

5.2 Business Partners

We may share data with:

• Integration partners: With your explicit consent for service delivery
• Referral partners: Contact information for qualified leads (with consent)

5.3 Legal and Regulatory Disclosure

We may disclose information when:

• Required by law, regulation, or court order
• Necessary to protect our rights or property
• In response to valid government requests
• To prevent fraud or security threats

5.4 Business Transfers

In case of mergers, acquisitions, or asset sales, your information may be transferred to the acquiring entity, subject to the same privacy protections.

Important: We do not sell or rent personal data to third parties. We do not engage in the sale or sharing of personal information as defined by the California Consumer Privacy Act (CCPA). Data shared with service providers (such as our CRM systems) is solely for the purpose of delivering our services to you and is governed by strict confidentiality agreements. Aggregate, anonymized data may be shared for research or benchmarking purposes.

6. International Users & Data Transfers

6.1 General International Considerations

Users outside the U.S., including those in the European Union (EU), United Kingdom (UK), and other jurisdictions, should be aware that their personal information may be transferred to, stored, and processed in the United States, where data protection laws may differ.

CICOR Marketing takes appropriate steps to ensure that such transfers comply with applicable data protection laws, including:

• Implementing Standard Contractual Clauses (SCCs) approved by the European Commission
• Ensuring that service providers receiving international personal data commit to GDPR-compliant safeguards
• Conducting Transfer Impact Assessments where required
• Limiting transfers to the minimum data necessary for legitimate business purposes

6.2 European Union (GDPR) Rights

If you are located in the EU, you have specific rights under the General Data Protection Regulation (GDPR):

Enhanced Rights:

• Right of access: Obtain confirmation of processing and access to your data
• Right to rectification: Correct inaccurate or incomplete data
• Right to erasure (“right to be forgotten”): Delete data in certain circumstances
• Right to restrict processing: Limit how we use your data
• Right to data portability: Receive your data in a structured, commonly used format
• Right to object: Object to processing based on legitimate interests
• Right to withdraw consent: Withdraw consent for voluntary processing
• Right to lodge a complaint: File complaints with supervisory authorities

Legal Basis for Processing:

• Consent: For marketing communications and optional services
• Contract: To fulfill our services and customer agreements
• Legitimate interests: For business operations, fraud prevention, and analytics
• Legal obligation: To comply with applicable laws and regulations

EU Representative: For GDPR matters, contact our Privacy Officer who serves as our EU representative.

6.3 United Kingdom (UK GDPR)

UK residents have similar rights to EU residents under UK GDPR. Contact our Privacy Officer for UK-specific requests.

6.4 Other International Jurisdictions

We monitor privacy law developments globally and update our practices to ensure compliance with applicable regulations in jurisdictions where we operate.

7. Data Retention & Deletion

7.1 Retention Schedule

Data Type	Retention Period	Legal Basis
Customer account data	7 years after account closure	Tax and legal compliance
Marketing contacts	3 years after last interaction	Legitimate business interest
Website analytics	26 months	Google Analytics standard
Support tickets	5 years after resolution	Customer service records
Financial records	7 years	Tax compliance
Email marketing data	Until unsubscribe + 30 days	CAN-SPAM compliance
Inactive leads	2 years after last contact	Lead management

7.2 Deletion Process

Upon request or automatic expiration:

• Data is permanently deleted or anonymized within 30 days
• Backups are purged within 90 days
• Legal compliance exceptions may apply
• Confirmation provided to requestor when complete

8. Your Rights & Choices

8.1 Universal Rights

All users may:

• Access: Request copies of your personal data
• Correction: Update or correct inaccurate information
• Deletion: Request removal of your data (subject to legal exceptions)
• Objection: Object to certain types of processing
• Portability: Receive your data in a portable format
• Withdraw consent: Opt out of voluntary data processing

8.2 Data Subject Access Request Process

How to Submit:

1. Email: Send request to privacy@cicormarketing.com
2. Phone: Call 855-424-2676 and ask for the Privacy Officer
3. Mail: Write to Privacy Officer at our address below

Required Information:

• Full name and contact information
• Specific type of request (access, deletion, correction, etc.)
• Account information or order numbers (if applicable)
• Government-issued ID for identity verification

Response Timeline:

• Acknowledgment: Within 3 business days
• Initial response: Within 15 business days
• Complete response: Within 30 days (may extend to 60 days for complex requests)

Fees: No charge for reasonable requests. Excessive or repetitive requests may incur administrative fees.

9. California Privacy Rights (CCPA/CPRA)

9.1 California Residents’ Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Right to Know:

• Categories of personal information collected
• Specific pieces of personal information about you
• Sources of information collection
• Business or commercial purposes for collection
• Categories of third parties with whom we share information

Right to Delete: Request deletion of personal information we have collected about you

Right to Opt-Out: Opt out of the “sale” or “sharing” of your personal information

Right to Correct: Request correction of inaccurate personal information

Right to Limit: Limit the use and disclosure of sensitive personal information

Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

9.2 Categories of Personal Information We Collect

Category	Examples	Collected	Business Purpose
Identifiers	Name, email, phone, IP address	Yes	Customer service, marketing
Commercial information	Purchase history, service records	Yes	Order fulfillment, analytics
Internet activity	Website usage, clicks, pages viewed	Yes	Website optimization
Geolocation data	Approximate location from IP	Yes	Service delivery, analytics
Professional information	Job title, company, industry	Yes	Business communications
Inferences	Preferences, characteristics, behavior	Yes	Personalization, marketing

9.3 Sale and Sharing of Personal Information

We do not sell personal information. CICOR Marketing does not engage in the sale or sharing of personal information as defined under CCPA/CPRA. Our data sharing is limited to:

• Service providers: CRM systems, email platforms, and analytics tools that help us deliver services
• Legal compliance: When required by law or regulation
• Business operations: With strict confidentiality agreements for service delivery only

Since we do not sell or share personal information for commercial purposes, California residents do not need to opt-out of sales/sharing. However, you can still contact us to limit any data processing activities.

Contact for Data Requests: Email privacy@cicormarketing.com with your specific request.

9.4 Sensitive Personal Information

We may collect the following sensitive personal information:

• Precise geolocation (only with explicit consent)
• Account login credentials (encrypted)

We do not use or disclose sensitive personal information for purposes other than those specified in CPRA regulations.

10. Security Measures

We protect your information with comprehensive security measures:

10.1 Technical Safeguards

• Encryption: TLS 1.3 for data in transit, AES-256 for data at rest
• Access controls: Multi-factor authentication, role-based permissions
• Network security: Firewalls, intrusion detection, VPN access
• Data backup: Encrypted, geographically distributed backups
• Vulnerability management: Regular security scans and penetration testing

10.2 Administrative Safeguards

• Staff training: Annual privacy and security training for all employees
• Confidentiality agreements: All staff and contractors sign confidentiality agreements
• Background checks: Security clearances for staff with data access
• Incident response: Formal breach response and notification procedures
• Vendor management: Security assessments for all third-party providers
• Remote work security: Secure VPN access, encrypted devices, and secure home office protocols

10.3 Physical and Environment Safeguards

Physical Office:

• Secure business address: Professional office space for client meetings and business operations
• Limited access: Office used primarily for client meetings rather than daily operations
• Document security: Secure storage and disposal of any physical documents when needed

Remote Work Environment: As a primarily remote organization:

• Microsoft 365 environment: Enterprise-grade security controls, multi-factor authentication, data loss prevention
• Google Workspace: Advanced security features, encrypted storage, access controls
• Device management: Company-issued encrypted laptops and mobile devices with remote wipe capabilities
• Secure communications: All business communications through encrypted platforms
• Cloud security: All data stored in enterprise cloud environments with industry-standard security measures
• Remote work security: Secure VPN access, encrypted devices, and secure home office protocols

10.4 Breach Notification

In the event of a security breach affecting personal information:

• Detection: Immediate investigation and containment
• Assessment: Risk evaluation within 24 hours
• Notification timing: Affected individuals notified within 72 hours when legally required
• Information provided: Nature of breach, data affected, steps being taken, protective measures recommended
• Regulatory reporting: Compliance with applicable breach notification laws

No system is completely secure. We continuously monitor and improve our security measures to protect your information.

11. Children’s and Teen Privacy

11.1 Children Under 13

CICOR Marketing does not knowingly collect personal information from children under 13 years of age. Our services are not directed to children under 13.

If we discover that we have collected information from a child under 13:

• We will delete the information immediately
• We will not use the information for any purpose
• We will not disclose the information to third parties

11.2 Teens (13-17 Years Old)

For users between 13-17 years old:

• Parental consent: Required for certain data collection and marketing communications
• Limited data collection: Only information necessary for basic service provision
• Enhanced protection: Additional safeguards for teen user data
• Education: Clear explanations of privacy practices in age-appropriate language

11.3 Parent/Guardian Rights

If you are a parent or guardian and believe your child has provided us with personal information:

• Contact us immediately using the information in Section 15
• Request access to your child’s information
• Request deletion of your child’s data
• Opt out of any communications to your child

12. Cookies & Tracking Technologies

12.1 Types of Cookies We Use

Cookie Type	Purpose	Duration	Opt-Out Available
Essential	Website functionality	Session	No (required for operation)
Analytics	Website performance tracking	24 months	Yes
Marketing	Targeted advertising	12 months	Yes
Preference	User settings and preferences	12 months	Yes

12.2 Cookie Management

Preference Center: You can control cookies through your browser settings or by contacting us at privacy@cicormarketing.com:

• Chrome: Settings > Privacy and Security > Cookies
• Firefox: Settings > Privacy & Security > Cookies and Site Data
• Safari: Preferences > Privacy > Cookies and Website Data
• Edge: Settings > Cookies and Site Permissions

12.3 Third-Party Tracking

We use the following third-party tracking technologies:

Google Analytics:

• Purpose: Website analytics and user behavior tracking
• Opt-out: Google Analytics Opt-out Browser Add-on

Facebook Pixel:

• Purpose: Social media advertising and conversion tracking
• Opt-out: Facebook Ad Preferences

LinkedIn Insight Tag:

• Purpose: Professional network advertising
• Opt-out: LinkedIn Ad Settings

12.4 Do Not Track Signals

Currently, we do not respond to “Do Not Track” browser signals as there is no uniform standard for handling such signals.

13. Marketing Communications Preferences

13.1 Granular Communication Controls

You can customize your communication preferences for different types of messages:

Email Communications:

• Service updates and account notifications
• Educational content and industry insights
• Product announcements and new features
• Promotional offers and marketing
• Event invitations and webinars
• Newsletter and blog updates

SMS/Text Messages:

• Appointment reminders and confirmations
• Order status and delivery updates
• Important account notifications
• Promotional offers (requires separate opt-in)

Phone Communications:

• Customer service and support calls
• Appointment scheduling and confirmations
• Sales and consultation calls (with consent)

Frequency Options:

• Daily updates
• Weekly digest
• Monthly summary
• Special occasions only
• Immediate/urgent only

13.2 Preference Management

Update Preferences:

• Email: Send preferences to privacy@cicormarketing.com
• Phone: Call 855-424-2676
• Unsubscribe links: Use the unsubscribe option in any marketing email

Global Unsubscribe:

• Click “Unsubscribe” in any marketing email
• Reply “STOP” to SMS messages
• Email privacy@cicormarketing.com with “UNSUBSCRIBE ALL” in subject line
• Call our Privacy Officer at 855-424-2676

Changes to preferences take effect within 48 hours for email, immediately for SMS.

14. Policy Changes

CICOR Marketing may update this Privacy Policy at any time to reflect:

• Changes in our business practices
• Updates to applicable laws and regulations
• New features or services
• Enhanced security measures

Notification of Changes:

• All changes: Updated effective date posted on this page
• Your responsibility: We encourage you to review this policy periodically to stay informed about how we protect your personal information

Your Acceptance:

• Continued use of our services after changes indicates acceptance of the revised policy
• If you disagree with changes, you may discontinue use or request account deletion

Version History: Previous versions of this policy are available upon request.

15. Legal Terms

15.1 Electronic Communications

By using our services, you consent to receive communications electronically. We may communicate with you by email or by posting notices on our website. You agree that all agreements, notices, disclosures, and other communications we provide electronically satisfy any legal requirement that such communications be in writing.

15.2 Jurisdiction and Governing Law

This Privacy Policy is governed by the laws of the State of Florida, without regard to conflict of law principles. Any disputes arising from this Policy shall be subject to the exclusive jurisdiction of the state and federal courts located in Tampa, Florida.

15.3 Severability

If any provision of this Privacy Policy is found to be unenforceable or invalid, that provision will be limited or eliminated to the minimum extent necessary so that the remainder of this Policy will remain in full force and effect.

15.4 Assignment

You may not assign, transfer, or sublicense any of your rights or obligations under this Privacy Policy without our express written consent. CICOR Marketing may assign this Policy in connection with a merger, acquisition, reorganization, or sale of assets, or by operation of law.

15.5 Entire Agreement

This Privacy Policy, together with our Terms of Service, represents the complete agreement between you and CICOR Marketing regarding privacy and data protection matters and supersedes all prior or contemporaneous communications and proposals relating to such matters.

15.6 Waiver

Our failure to enforce any provision of this Privacy Policy will not constitute a waiver of that provision or any other provision.

16. Contact Information

Privacy Officer: Chris Vargas
Company: CICOR Marketing, Inc.
Email: privacy@cicormarketing.com
Phone: 855-424-2676
Address: 100 S Ashley Dr, Suite 600, Tampa, FL 33602, USA

Business Hours: Monday – Friday, 9:00 AM – 5:00 PM EST

For California Residents: Email privacy@cicormarketing.com for any privacy requests. Since we do not sell personal information, no “Do Not Sell” requests are necessary.

Emergency Privacy Matters: For urgent privacy-related security issues, call our main number and request immediate escalation to the Privacy Officer.

This Privacy Policy was last updated on September 28, 2025. We encourage you to review this policy periodically to stay informed about how we protect your personal information.