Privacy policy.
Effective Date: February 20, 2026
1. Introduction
Néstor Zumaya and Zumaya LLC (“we,” “us,” or “our”) operate the website nestorzumaya.com (the “Site”). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our Site, subscribe to our newsletter, use our contact form, or engage with our services. We are committed to protecting your privacy in accordance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection laws.
By using our Site, you agree to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not use our Site.
2. Data Controller
For the purposes of the GDPR, the data controller is:
Néstor Zumaya
nestorzumaya.com
Chicago, Illinois, United States
Contact: nestor@zumaya.com
3. Information We Collect
3.1 Information You Provide Directly
Contact Form: When you submit our contact form, we collect your name, email address, and the content of your message.
Newsletter Subscription: When you subscribe to our email newsletter, we collect your email address and any other information you voluntarily provide. Our newsletter is managed through Flodesk, a third-party email marketing platform.
Client Document Uploads: Our Site may allow clients to upload documents for review or collaboration purposes. These documents may contain personal or confidential information provided at your discretion.
3.2 Information Collected Automatically
Analytics Data: We use Google Analytics (or similar analytics tools) to collect information about how visitors use our Site. This may include your IP address, browser type, operating system, referring URLs, pages viewed, and time spent on the Site. Google Analytics uses cookies to collect this information.
Cookies and Tracking Technologies: Our Site may use cookies, web beacons, and similar tracking technologies to enhance your experience and collect usage information. See Section 8 for more details.
4. Legal Basis for Processing (GDPR)
Under the GDPR, we process your personal data based on the following legal grounds:
Consent: When you subscribe to our newsletter or submit a contact form, you provide consent for us to process your data for those specific purposes. You may withdraw consent at any time.
Legitimate Interest: We may process data to improve our Site, analyze usage patterns, and ensure security, provided these interests do not override your fundamental rights.
Contractual Necessity: When you engage our services, processing your personal data may be necessary to fulfill our contractual obligations.
5. How We Use Your Information
We use the information we collect for the following purposes:
To respond to your inquiries submitted through our contact form
To send you our newsletter and marketing communications (with your consent)
To process and manage client document uploads
To analyze Site usage and improve our services
To comply with legal obligations
To protect the security and integrity of our Site
6. Data Sharing and Third Parties
We do not sell your personal information. We may share your data with the following categories of third parties:
Flodesk: Our email marketing platform, which processes your email address and engagement data for newsletter delivery. Flodesk’s privacy policy governs their handling of your data.
Google Analytics: Which collects anonymized usage data to help us understand how visitors interact with our Site.
Website Hosting Provider: Our hosting provider may process data as necessary to deliver and maintain the Site.
Legal Requirements: We may disclose your information if required by law, regulation, or legal process.
7. International Data Transfers
Your personal data may be transferred to and processed in countries outside of your country of residence, including the United States. If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, please be aware that the United States may not provide the same level of data protection as your home country. We take appropriate safeguards to ensure your data is protected in accordance with the GDPR, including the use of Standard Contractual Clauses (SCCs) or other approved transfer mechanisms where applicable.
8. Cookies and Tracking Technologies
Our Site uses cookies and similar technologies to enhance your browsing experience and analyze Site traffic. Cookies are small text files stored on your device. The types of cookies we use include:
Essential Cookies: Necessary for the basic functioning of the Site.
Analytics Cookies: Used by Google Analytics to collect information about how visitors use the Site.
You can control cookies through your browser settings. Disabling cookies may limit certain features of the Site. Under the GDPR, we will request your consent before placing non-essential cookies on your device.
9. Your Rights
9.1 Rights Under the GDPR
If you are located in the EEA, United Kingdom, or Switzerland, you have the following rights regarding your personal data:
Right of Access: Request a copy of the personal data we hold about you.
Right to Rectification: Request correction of inaccurate or incomplete data.
Right to Erasure: Request deletion of your personal data, subject to legal retention requirements.
Right to Restrict Processing: Request that we limit the processing of your data.
Right to Data Portability: Request your data in a structured, machine-readable format.
Right to Object: Object to processing based on legitimate interest or direct marketing.
Right to Withdraw Consent: Withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
To exercise these rights, please contact us using the information in Section 2. We will respond within 30 days. You also have the right to lodge a complaint with your local supervisory authority.
9.2 Rights Under the CCPA
If you are a California resident, you have the right to:
Know what personal information we collect, use, and disclose about you
Request deletion of your personal information
Opt out of the sale of your personal information (we do not sell personal information)
Non-discrimination for exercising your privacy rights
10. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Specifically:
Contact form submissions: Retained for up to 2 years, unless you request earlier deletion.
Newsletter subscriptions: Retained until you unsubscribe or request deletion.
Analytics data: Retained in accordance with Google Analytics’ data retention settings (default 26 months).
Client documents: Retained for the duration of the client engagement and a reasonable period thereafter of 6 months, unless otherwise agreed upon.
11. Data Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.
12. Children’s Privacy
Our Site and services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately and we will take steps to delete that information.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Any changes will be posted on this page with an updated effective date. We encourage you to review this policy periodically. Material changes will be communicated via email to newsletter subscribers where possible.
14. Contact Us
If you have any questions or concerns about this Privacy Policy or our data practices, or if you wish to exercise your rights under the GDPR or CCPA, please contact us at:
Néstor Zumaya
Email: nestor@zumaya.com
Website: nestorzumaya.com