24/7 Emergency Response: 1-800-868-8189
Legal

Privacy Policy

This policy explains how Global Digital Forensics collects, uses, and protects personal data on evestigate.com. It applies to all visitors and clients, wherever located, and is written to meet the requirements of the GDPR and CCPA/CPRA.

Effective Date

May 1, 2025

Last Updated

May 1, 2025

Controller

Global Digital Forensics

1. Who We Are

Global Digital Forensics ("GDF," "we," "our," or "us") operates the website evestigate.com. GDF provides digital forensic analysis, eDiscovery, and cybersecurity services to attorneys, businesses, and individuals in the United States and internationally.

For the purposes of the General Data Protection Regulation (GDPR), GDF is the data controller for personal data collected through this website. For the purposes of the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), GDF is the business responsible for the personal information we collect and process.

Data Protection Contact:
Global Digital Forensics
Privacy Office
Email: info@evestigate.com
Phone: 1-800-868-8189 | International: +1.727.287.6000

2. Data We Collect

We collect personal data in the following categories:

2.1 Contact and Inquiry Data

When you submit a contact form, request a consultation, or send us an email, we collect:

  • Your name
  • Your email address
  • Your phone number (if provided)
  • Your company or organization name (if provided)
  • The content of your message or inquiry

2.2 Usage and Technical Data

When you visit evestigate.com, our web hosting and analytics infrastructure may collect:

  • Your Internet Protocol (IP) address
  • Browser type and version
  • Operating system
  • Pages visited and time spent on each page
  • Referring URLs (the page you came from)
  • Date and time of your visit
  • Device type (desktop, mobile, tablet)

2.3 Cookie Data

We use cookies and similar tracking technologies. Please see our Cookie Policy for a full description of the cookies we use, their purposes, and how to control them.

2.4 Data You Provide in the Course of an Engagement

If you retain GDF for forensic analysis, eDiscovery, or cybersecurity services, we will collect additional information as necessary to fulfill the engagement. That data is governed by a separate engagement agreement and, where applicable, a data processing agreement.

2.5 Data We Do Not Collect

We do not intentionally collect sensitive personal data (special categories under GDPR) through this website. We do not sell personal information. We do not collect financial payment information directly; payments are processed by third-party payment processors subject to their own privacy policies.

For visitors and clients located in the European Economic Area (EEA) or the United Kingdom, we rely on the following legal bases under Article 6 of the GDPR:

Processing Activity Legal Basis GDPR Article
Responding to contact form submissions and inquiries Legitimate interests (responding to your request) Art. 6(1)(f)
Performing services under a client engagement Contract performance Art. 6(1)(b)
Strictly necessary website cookies (security, session management) Legitimate interests Art. 6(1)(f)
Analytics cookies (measuring site usage) Consent Art. 6(1)(a)
Marketing and advertising cookies Consent Art. 6(1)(a)
Compliance with legal obligations (subpoenas, court orders) Legal obligation Art. 6(1)(c)
Protecting vital interests in emergency situations Vital interests Art. 6(1)(d)

Where we rely on legitimate interests, you have the right to object to that processing. See Section 8 for how to exercise your rights.

4. How We Use Your Data

We use the personal data we collect for the following purposes:

  • To respond to your inquiries and provide the information or services you request
  • To deliver forensic analysis, eDiscovery, and cybersecurity services to clients
  • To send engagement-related communications (quotes, status updates, reports)
  • To maintain the security and functionality of our website
  • To analyze website usage and improve our site's content and performance
  • To comply with applicable laws, regulations, and court orders
  • To establish, exercise, or defend legal claims

We do not use personal data for automated decision-making or profiling that produces legal or similarly significant effects.

5. How We Share Your Data

We do not sell personal information. We do not share personal information with third parties for their own marketing purposes. We share data only in the following limited circumstances:

5.1 Service Providers

We engage trusted service providers who process data on our behalf, including:

  • Web hosting providers (servers and infrastructure that host evestigate.com)
  • Analytics providers (website usage measurement, subject to your consent)
  • Email and communication platforms (used to receive and respond to inquiries)
  • Payment processors (for billing, if applicable to your engagement)

All service providers are bound by data processing agreements that restrict their use of data to providing services to us.

5.2 Legal and Safety Disclosures

We may disclose personal data when required by law, court order, subpoena, or other governmental authority. We may also disclose data to protect the safety, rights, or property of GDF, our clients, or the public.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of all or a portion of our assets, personal data may be transferred as part of that transaction. We will notify affected individuals if such a transfer results in a material change in how their data is used.

5.4 With Your Consent

We may share data with third parties for other purposes with your explicit prior consent.

6. Data Retention

We retain personal data only as long as necessary for the purposes described in this policy, or as required by applicable law.

Data Category Retention Period Basis
Contact form submissions (no engagement results) 24 months from submission Legitimate interests
Client engagement records and deliverables 7 years from engagement close Legal obligation, legitimate interests
Website server logs (IP addresses, access logs) 90 days Security and fraud prevention
Analytics data (aggregated) 26 months from collection Consent
Cookie consent records 13 months from consent Legal obligation (GDPR accountability)

When the retention period expires, data is securely deleted or anonymized so that it can no longer be linked to you.

7. International Data Transfers

Global Digital Forensics is headquartered in the United States. If you are located in the EEA, UK, or another jurisdiction with data transfer restrictions, please note that your personal data may be transferred to, stored in, and processed in the United States, which may not provide the same level of data protection as your home country.

Where we transfer EEA or UK personal data to the United States, we rely on the following safeguards as applicable:

  • Standard Contractual Clauses (SCCs) approved by the European Commission, incorporated into our agreements with service providers
  • The UK International Data Transfer Agreement (IDTA) for transfers from the United Kingdom
  • Your explicit consent for transfers where required

You may request a copy of the relevant safeguards by contacting us at info@evestigate.com.

8. Your Rights Under GDPR

If you are located in the EEA or the United Kingdom, you have the following rights under the GDPR (or UK GDPR) with respect to your personal data:

Right of Access (Article 15)

You have the right to obtain a copy of the personal data we hold about you, along with information about how we process it.

Right to Rectification (Article 16)

You have the right to request correction of inaccurate or incomplete personal data we hold about you.

Right to Erasure (Article 17)

You have the right to request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected, or when you withdraw consent on which processing was based.

Right to Data Portability (Article 20)

Where processing is based on consent or contract and carried out by automated means, you have the right to receive your personal data in a structured, machine-readable format and to transmit it to another controller.

Right to Restriction of Processing (Article 18)

You have the right to request that we restrict processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or have objected to processing.

Right to Object (Article 21)

You have the right to object at any time to processing based on our legitimate interests. We will stop processing unless we can demonstrate compelling legitimate grounds that override your interests, or the processing is necessary for the establishment, exercise, or defense of legal claims.

Right to Withdraw Consent

Where processing is based on consent, you may withdraw your consent at any time. Withdrawal does not affect the lawfulness of processing that occurred before the withdrawal.

Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority in your country. In the EU, contact your national data protection authority. In the UK, contact the Information Commissioner's Office (ICO) at ico.org.uk.

To exercise any of these rights, visit our Privacy Rights Portal or contact us at info@evestigate.com. We will respond within 30 days of receiving a verifiable request.

9. Your Rights Under CCPA/CPRA (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

9.1 Right to Know

You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which it was collected, the business or commercial purpose for collecting it, and the categories of third parties with whom we share it.

9.2 Right to Delete

You have the right to request deletion of personal information we have collected about you, subject to certain exceptions (such as retaining data needed to complete a transaction you requested, for security purposes, or to comply with a legal obligation).

9.3 Right to Correct

You have the right to request correction of inaccurate personal information we maintain about you.

9.4 Right to Opt Out of Sale or Sharing

You have the right to opt out of the sale or sharing of your personal information for cross-context behavioral advertising. GDF does not sell personal information and does not share personal information for cross-context behavioral advertising purposes. You may still submit a request via our Privacy Rights Portal.

9.5 Right to Limit Use of Sensitive Personal Information

You have the right to direct us to limit our use of any sensitive personal information we collect to purposes necessary to provide the services you request. GDF does not collect sensitive personal information through this website beyond what is necessary to respond to your inquiry.

9.6 Right to Non-Discrimination

GDF will not discriminate against you for exercising any of your CCPA/CPRA rights. We will not deny you services, charge you different prices, or provide a lower quality of service because you exercised a privacy right.

9.7 Submitting a CCPA Request

To submit a CCPA/CPRA request, use our Privacy Rights Portal, email us at info@evestigate.com with the subject line "CCPA Rights Request," or call us at 1-800-868-8189. We will respond within 45 calendar days of receiving a verifiable consumer request. We may extend this period by an additional 45 days where necessary, with written notice.

9.8 Authorized Agents

You may designate an authorized agent to submit a CCPA/CPRA request on your behalf. Authorized agents must provide written proof of authorization, and we may require you to verify your identity directly with us before processing the request.

10. Do Not Sell or Share My Personal Information

GDF does not sell personal information as defined under the CCPA/CPRA, and we do not share personal information with third parties for cross-context behavioral advertising.

If you wish to submit a formal opt-out request, you may do so through our Privacy Rights Portal or by contacting us at info@evestigate.com.

California residents may also use the opt-out preference signal (Global Privacy Control) to communicate their opt-out preference. We honor GPC signals received from your browser.

11. Cookies and Similar Technologies

We use cookies and similar technologies to operate and improve our website. Cookie categories include:

  • Strictly Necessary: Required for core website functionality and security. These cannot be disabled.
  • Analytics and Performance: Help us understand how visitors use our site. Set only with your consent.
  • Marketing and Advertising: Used to deliver relevant advertising. Set only with your explicit consent.

For a full list of cookies, their purposes, and instructions on how to control them, please see our Cookie Policy. You can update your cookie preferences at any time using the cookie preferences link in the footer.

12. Data Security

GDF takes data security seriously. We implement administrative, technical, and physical safeguards appropriate to the sensitivity of the data we hold, including:

  • Encryption of data in transit (HTTPS/TLS)
  • Access controls limiting data access to personnel with a need to know
  • Regular security assessments of our systems and vendors
  • Incident response procedures

No method of transmission over the internet or method of electronic storage is 100% secure. While we take commercially reasonable measures to protect your data, we cannot guarantee absolute security.

13. Children's Privacy

The evestigate.com website is directed to business and legal professionals and is not intended for individuals under the age of 16. We do not knowingly collect personal data from anyone under 16. If you believe we have inadvertently collected data from a minor, please contact us at info@evestigate.com and we will promptly delete it.

14. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies before providing any personal data.

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Last Updated" date at the top of this page. Where required by applicable law, we will notify you by email or by a prominent notice on our website. We encourage you to review this policy periodically.

16. Contact Us

If you have questions or concerns about this Privacy Policy, or wish to exercise your data rights, please contact us:

For EEA residents: If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.

For UK residents: You may contact the Information Commissioner's Office (ICO) at ico.org.uk.

Related Privacy Documents

Questions About Your Data?

Our team is available to answer privacy questions, process data rights requests, or discuss how we handle your information. Contact us or visit the Privacy Rights Portal.

Privacy Rights Portal 1-800-868-8189