Privacy Policy

This Privacy Policy describes how Etech Global Services ("Etech," "we," "us") collects, uses, and discloses personal data when you visit etechgs.com, engage with our services, attend our events, apply for employment, or otherwise interact with us. It applies to our operations in the United States, Jamaica, and India.

Etech is headquartered at 1903 Berry Drive, Nacogdoches, Texas 75964, United States. For personal data covered by the EU and UK GDPR, Etech acts as the data controller for data processed for our own purposes (marketing, recruitment, site analytics) and as a data processor when we provide contact center services under written agreement with our clients. When Etech acts as a processor, the client is the controller and their privacy notice governs the end consumer relationship.

We collect categories of personal data that are standard for a business-to-business service provider operating a website, a hiring funnel, and a client engagement program.

We do not knowingly collect biometric identifiers, genetic data, or health data through our public website. When our clients provide us with personal data for processing in a contact center program, we handle that data under their instructions and our Data Processing Addendum, not under this policy.

• Deliver and improve the website, its features, and its performance.
• Respond to inquiries, proposals, and support requests.
• Assess and contact candidates for open roles and retain candidate profiles for future openings where you consent.
• Market our services by email and phone where permitted, subject to opt-out.
• Detect, prevent, and investigate fraud, abuse, and unauthorized access.
• Comply with legal obligations including tax, audit, and sanctions screening.
• Defend and establish legal claims.

We do not sell personal data. We do not share personal data for cross-context behavioral advertising as those terms are defined under the CCPA and CPRA, except where required by applicable law.

Where GDPR applies, we rely on the following legal bases:

• Contract to respond to proposals and deliver services.
• Legitimate interest to market to business contacts at target accounts, secure our network, and measure site performance.
• Consent for non-essential cookies, marketing to individuals in jurisdictions that require opt-in, and for voluntary diversity disclosures.
• Legal obligation for tax records, background checks where permitted, and responses to lawful requests from public authorities.

We share personal data with a limited set of recipients:

• Corporate affiliates of Etech Global Services in the United States, Jamaica, and India for unified operations.
• Service providers under written contract, including hosting, email marketing, CRM, analytics, background check, payroll, and audit providers. Each is bound by confidentiality and data protection terms.
• Clients when you identify yourself as representing a client account in a support interaction.
• Professional advisors such as counsel, auditors, and insurers.
• Government or regulators when required by law, including in response to subpoenas, court orders, or regulator investigations.
• Acquirers in the context of a merger, financing, reorganization, or asset sale.

A current subprocessor list is available on request from Privacy@etechgs.com and through our Trust Center at trust.etechgs.com for client-facing engagements.

Etech operates from the United States, Jamaica, and India. Personal data you provide may be transferred to, stored in, or processed in any of those jurisdictions. For transfers of personal data out of the European Economic Area, the United Kingdom, or Switzerland to a country without an adequacy decision, Etech relies on the European Commission Standard Contractual Clauses and the UK International Data Transfer Addendum, supplemented by documented technical and organizational measures including encryption in transit and at rest, and access control by role. A Data Processing Addendum incorporating the applicable SCCs and IDTA is available on request from Privacy@etechgs.com.

We retain personal data only as long as necessary for the purpose collected and to satisfy legal, regulatory, accounting, and reporting obligations. Representative retention periods:

Etech maintains a documented information security program designed to align with ISO 27001:2022 and attested to SOC 2 Type II for our core contact center operations. Controls include role-based access, multi-factor authentication, segregated production environments, encryption in transit and at rest, documented incident response, annual penetration testing by an independent firm, and a security awareness training program for every employee. PCI DSS Level 1 certification covers call center environments where payment card data is processed; certification scope and our Attestation of Compliance are available on request. Copies of relevant audit reports are available to clients under NDA at trust.etechgs.com.

In the event of a personal data breach, Etech will notify the relevant supervisory authority within 72 hours of becoming aware where required by GDPR or UK GDPR, and will notify affected individuals as required by applicable law. If you believe an account or data has been compromised, contact security@etechgs.com.

Subject to verification and applicable exceptions, you have the right to:

• Access personal data we hold about you.
• Correct inaccurate or incomplete data.
• Request erasure in defined circumstances.
• Restrict or object to our processing.
• Receive a portable copy of data you provided to us.
• Withdraw consent where processing is based on consent.
• Lodge a complaint with your supervisory authority.

To exercise any of these rights, write to Privacy@etechgs.com or call +1 (936) 559-2200. We will respond within 30 days. For complex or numerous requests we may extend this period by up to 60 additional days, in which case we will notify you of the extension and the reason within the initial 30-day period. We may ask for information to verify your identity.

Residents of California, Colorado, Connecticut, Virginia, Utah, Texas, Oregon, Montana, Iowa, Tennessee, Indiana, Delaware, New Jersey, and other states that have enacted comprehensive consumer privacy legislation have the right to:

• Know what personal data we have collected, used, disclosed, and for what purpose.
• Request deletion of personal data we hold, subject to statutory exceptions.
• Correct inaccurate personal data.
• Opt out of the sale or sharing of personal data. Etech does not sell personal data and does not share personal data for cross-context behavioral advertising, except where required by applicable law.
• Limit the use of sensitive personal information. We do not use sensitive personal information for purposes beyond those described in this policy.
• Non-discrimination for exercising a right.
• Appeal a denied rights request.

To exercise these rights, submit a verifiable consumer request to Privacy@etechgs.com or call +1 (936) 559-2200. You may designate an authorized agent in writing.

Where Etech processes personal data of data principals located in India, Etech acts as a Data Fiduciary under the Digital Personal Data Protection Act 2023. We obtain free, specific, informed, and unambiguous consent before processing personal data for purposes beyond those necessary to provide the requested service, and we provide a clear notice at the time of collection. As an India data principal you have the right to:

• Access a summary of personal data processed and the processing activities undertaken.
• Correct inaccurate, incomplete, or outdated personal data.
• Erase personal data where it is no longer necessary for the purpose for which it was collected, subject to statutory retention obligations.
• Nominate another individual to exercise your rights in the event of your death or incapacity.
• Withdraw consent at any time. Withdrawal does not affect the lawfulness of processing prior to withdrawal.
• File a complaint with the Data Protection Board of India.

To exercise these rights, contact our Grievance Officer at Privacy@etechgs.com or +1 (936) 559-2200, Attn: DPDP Grievance Officer, Etech Global Services, 1903 Berry Drive, Nacogdoches, Texas 75964. We will acknowledge your request within 48 hours and respond within 30 days.

Etech's Jamaican operations comply with the Data Protection Act 2020 (Jamaica). Personal data processed at our Montego Bay site is handled consistent with the Act. Data subjects in Jamaica have the right to access, correct, and in certain circumstances request erasure of their personal data. Requests may be submitted to Privacy@etechgs.com.

Etech's website and services are directed to businesses and are not intended for children under sixteen. We do not knowingly collect personal data from children. If you believe a child has provided us personal data, contact Privacy@etechgs.com and we will delete it within 15 business days of a confirmed report, subject to any retention obligations required by law.

When you call or are called by an Etech contact center program, the call may be recorded for quality assurance, training, dispute resolution, and compliance purposes. Where we operate as a processor, the client controls recording policy and disclosure; our processing of personal data as a processor is governed by the client's privacy notice and the applicable Data Processing Addendum. Where we operate as a controller for our own inbound or outbound activity, we provide an audible recording disclosure at the start of the call and honor opt-out requests. Speech analytics and AI scoring are applied to recordings under our QEval platform to support human reviewer decisions, not to make legally significant decisions about individuals automatically. Etech applies automated redaction tools to mask sensitive data including payment card numbers and certain categories of health information in call recordings prior to storage; sample-based human review is applied to validate redaction accuracy. Recordings are retained only for the period needed and in accordance with the retention schedule in this Policy.

We use first-party and third-party cookies for security, site functionality, performance measurement, and limited marketing. For a list of cookies, their purposes, and controls, see our Cookie Policy. You can manage cookie preferences through the banner on first visit or through your browser settings. Etech honors the Global Privacy Control signal for opt-out of sale or sharing where applicable.

Every marketing email we send has an unsubscribe link and honors the request promptly. For outbound phone marketing, we screen against the National Do Not Call Registry, applicable state DNC lists, and our internal suppression list at least every thirty-one days, consistent with our DNC Policy. You can ask us to add your number to our internal suppression list at any time by emailing Privacy@etechgs.com or by telling an agent during a call.

If you apply for a role at Etech, we collect data through our careers portal, interview process, and third-party providers for background checks and skills assessments. We use candidate data to evaluate fit for current and future roles, extend offers, comply with equal employment obligations, and defend legal claims. Hired candidates become subject to our internal employee privacy notice.

We may update this policy to reflect changes in our practices, technology, legal requirements, or other factors. We will post the revised policy and update the effective date at the top of this page. Where changes are material, we will provide additional notice through a banner on the site or direct email to affected individuals.

Send privacy questions, rights requests, or complaints to Privacy@etechgs.com, call our dedicated privacy line at 1-844-965-0276, or write to either address below. Corporate headquarters handles general inquiries. The Compliance Office in Lufkin handles formal privacy, data-subject, and regulator correspondence.

For a list of our data protection contacts in the United Kingdom, European Economic Area, Jamaica, and India, or to request our subprocessor list, write to Privacy@etechgs.com.