Privacy Policy

I. Introduction

This Privacy Policy (“Policy”) is designed to help you understand how Andesa Services, Inc. (“Andesa,” “we,” or “us”) collects, retains, processes, shares, and transfers your personal data when you visit our websites, use our products or services, or otherwise interact with us, whether online or in person. By using our site or engaging with our services, you agree to the terms of this Policy.

II. Our Commitment to Privacy

Our privacy commitments are integral to the way we conduct our business. These commitments apply to everyone who has a relationship with us, including our customers, partners, employees, prospective employees, and website visitors. We are committed to protecting your privacy by deploying security safeguards such as encryption, and by ensuring that we do not sell your personal data to anyone, for any reason. We strive to be transparent about the types of data we collect and how we use it.

III. California Consumer Privacy Act

California residents have specific rights regarding their personal data, and these rights are set out in a separate California Addendum which can be accessed at the following link: California Addendum. The Addendum explains how California residents can exercise the rights to know which categories of personal data we collect, how we use it, and with whom we share it. It also covers the right to request access to, or deletion of, that data, as well as the right to opt out of certain practices described under California law as “sales” or “sharing” of personal data. If there is any conflict between the main terms of this Policy and the California Addendum, the Addendum will govern for California residents.

IV. Scope

This Policy applies to all information we collect from or about you, including information collected directly (for instance, when you fill out a form or application), automatically (for example, when our systems record data such as IP addresses or cookie identifiers), or from third parties (such as background check firms or analytics providers). The Policy also applies to all uses of personal data by Andesa, including situations where you access our websites, use our software or other services, inquire about employment, or visit our offices. Whenever applicable local laws or regulations require greater data protection standards than those set out in this Policy, we will comply with those requirements.

V. Personal, Anonymous, and Aggregate Information

Personal data, sometimes called personally identifiable information (PII), is information that identifies you or could reasonably be used to identify you. Common examples include name, contact information, and payment card details. Anonymous data does not reveal your specific identity, and aggregate data is information compiled in a form that does not identify you specifically. While we collect and process personal data in various ways, we may also collect or generate anonymous and aggregate data, which we use primarily for statistical and analytical purposes without identifying any individual.

VI. The Personal Data We Collect

Depending on how you interact with us, we may collect information such as your name, mailing address, email address, phone number, and payment details (to facilitate transactions). If you create or use an online account, we may collect login or authentication credentials. We sometimes gather usage or device information, including IP addresses, browser and device characteristics, and information about how you navigate our websites or services. In addition, we may receive personal data that you voluntarily provide, whether through subscription preferences, job applications, or other forms of engagement. We do not knowingly collect sensitive personal data, such as government-issued identification numbers or detailed financial records, unless it is necessary for the services we are providing or permitted by law.

VII. How We Use Personal Data

We use your personal data when we have a valid reason to do so. In many cases, we process personal data to meet our contractual obligations to you or your organization, such as providing the products and services you have requested. We also rely on legitimate business interests; for example, to maintain the functionality of our websites, communicate with you regarding inquiries, enhance user experiences, and ensure the security of our systems. In some circumstances, we may be legally obligated to use personal data to meet regulatory requirements or to respond to lawful requests from public authorities. Where consent is required, for instance, for certain marketing communications, we will only use your personal data after obtaining your consent. You may withdraw your consent at any time in accordance with Section XVIII; this will not affect any processing that took place before the withdrawal.

VIII. Third-Party Processing

We may share your personal data with trusted third parties that process data on our behalf and under our instructions. These third parties may include providers of background checks, credit card processing services, or technology and analytics solutions. All such providers are subject to written agreements restricting their use of your personal data to the purposes we authorize and requiring that they maintain safeguards comparable to those described in this Policy. In the event we sell or transfer some or all of our business assets, personal data may be transferred to the acquiring party, subject to suitable confidentiality and data protection standards.

IX. Retention of Personal Data

We retain your personal data only as long as necessary to fulfill our business purposes or as required by law. When determining how long to retain data, we take into account the type and sensitivity of the data, the nature of our relationship with you, and any statutory or regulatory obligations. Once your personal data is no longer needed for the purposes we have described, we securely destroy or anonymize it in compliance with applicable legal and contractual requirements.

X. Right to Delete, Access, and Correct

You may request access to the personal data collected by us. You may also ask for the deletion or correction of this personal data. We will respect any request to access, delete, or correct any personal data, subject to certain exceptions provided by law, including but not limited to, the exercise by another individual of their right to free speech, our compliance requirements resulting from legal obligations, or any processing that may be required to protect against illegal activities. To request access to, or deletion or correction of your personal data, please refer to the “Getting in Touch with Us” section at the end of this Policy.

XI. Conflicts Between Law and this Policy

If this Policy conflicts with any applicable law or regulation that provides higher protection for personal data, the stricter standard will apply.

XII. Information Sharing with Authorities

We cooperate with law enforcement and regulatory authorities who possess legitimate jurisdiction over our activities. We may disclose personal data to public authorities in response to lawful requests and in compliance with national security or law enforcement requirements.

XIII. Cookies

We use cookies and similar technologies on our websites to collect usage data, enhance user navigation, and improve site functionality. Some cookies are session-based and expire when you close your browser, while others are persistent and remain stored on your device until deleted. You may disable cookies through your browser settings, although this may affect the availability or functionality of certain parts of our site or services.

XIV. Account Management

All account management, including activities such as password resets or subscription updates, takes place in accordance with the contractual terms governing our relationship with you and in compliance with this Policy.

XV. Automatic Collection During Website Sessions

When you browse our websites, we may automatically collect certain data about your session, including your IP address, the pages you visit, and your interactions with those pages. We analyze this data to gain insight into how users engage with our content and how we can improve our services. This collected information is kept for as long as necessary to fulfill our legitimate business needs or comply with applicable legal obligations.

XVI. Google reCAPTCHA

We may use Google reCAPTCHA or similar technologies to protect our site from spam and abuse. By interacting with our site, you acknowledge that Google’s Privacy Policy and Terms of Service apply in addition to this Policy.

XVII. Policy Changes

We may update this Policy from time to time to reflect changes in our practices or in applicable law. Whenever we make material changes, we will indicate a new effective date. By continuing to access our website and/or use our products or services after these changes take effect, you acknowledge and accept the updated Policy.

XVIII. Restriction on Children’s Information

We do not knowingly collect personal data online from children under the age of 18, except in the context of our role as a third-party administrator under a specific contract. If you become aware that a child’s information has been provided to us outside of these circumstances, please contact us via the information provided below.

XIX. Exercising Your Rights

Depending on local laws, you may have certain rights to access, correct, or delete your personal data, object to or restrict our processing, or request that we provide a copy of your personal data in a portable format. To make any such request, or if you have any questions about our data practices, please contact us via the information provided below. We may require you to provide additional information to verify your identity and help us process your request.

XX. Getting in Touch with Us

If you have questions or comments about this Policy, or if you wish to exercise your rights under applicable data protection laws, please contact us at:

Andesa Services, Inc.
Attn: Chief Legal Officer
1611 Pond Road, Suite 210
Allentown, PA 18104

Email: [email protected]

This Policy is effective March 28, 2025