Privacy policy of Et al. and it’s brands

This policy is applicable to Et al., Inc. and DBAs: Carpool, Gladys Grey, Devonport, and Humanitis.

Last Updated: July 16, 2025

Et al., Inc. ("we", "us", or "our") respects your privacy and is committed to protecting personal information in accordance with global privacy laws and any data protection requirements required as a supplier to our clients.

This privacy policy outlines how we collect, use, disclose, and safeguard personal data in connection with our services, website, and enterprise partnerships.

Our role

- Data Controller – when we determine the purposes of data processing (e.g., our own marketing).
- Data Processor – when we process personal data on behalf of clients under written agreements and strict instructions.

What we collect

- Identity and Contact Data: Name, company, email, job title.
- Business Data: Project notes, feedback, survey results.
- Technical Data: IP address, browser type, device identifiers, website usage.
- Communications: Email and chat records, meeting notes.
- End-user data: When authorized, we may process limited client-supplied user data in line with contract obligations.

How we use data

- Provide services to clients under contract.
- Respond to inquiries and manage accounts.
- Improve performance and quality.
- Comply with legal and regulatory obligations.
- Fulfill client procurement and security standards.

Legal bases for processing

- Contractual necessity
- Legitimate interests
- Consent (where required)
- Legal obligations

Disclosures and third parties

We do not sell personal information.

We may share data with:
- Subprocessors and contractors for service provision.
- Client teams when required by contract.
- Regulators, law enforcement, or other legal entities if required.

All subprocessors are bound by confidentiality and data protection agreements and reviewed regularly.

Security

We maintain a secure environment through:
- Data encryption in transit and at rest
- Role-based access control (RBAC)
- Secure development and storage practices
- Incident detection and audit logging

Security incident notification: If a data breach or incident occurs, we will notify affected clients without undue delay, as required by applicable law and contract.

Data retention

We retain personal data only:
- As required to fulfill service agreements
- For the duration of client engagements
- To meet legal, tax, or regulatory obligations

Retention timelines are reviewed regularly, and data is securely deleted when no longer needed.

International transfers

Where data is transferred internationally, including outside the U.S. or EU/UK, we implement Standard Contractual Clauses (SCCs) or equivalent frameworks to ensure lawful transfer.

Your rights

You may have the right to:
- Access, correct, delete, or restrict your data
- Object to processing or withdraw consent
- Request data portability
- File a complaint with a supervisory authority

To exercise your rights, email privacy@carpoolagency.com.

Cookies and tracking

Our website uses cookies for functionality, analytics, and performance. You may control cookies through your browser or our consent banner.

Supplier data protection alignment

We comply with:
- Supplier data protection requirements provided by clients
- Data Protection Addendums (DPAs)
- Any applicable enterprise supplier agreement standards

Contact Us

Email: privacy@carpoolagency.com
Websites covered by this policy: