ABC-Amega GDPR Privacy Notice

Effective September 21, 2023

GDPR Privacy Notice: This GDPR privacy notice (the “Notice”) is included in our Privacy Policy and applies to the ‘personal data,’ as defined in the GDPR, of natural persons located in the European Economic Area (“EEA Individuals” or “you”) processed by ABC-Amega. Any capitalized terms or other terms not defined herein shall have the meaning ascribed to them in the Privacy Policy or, if not defined herein or in the Privacy Policy, the GDPR. To the extent of any conflict between this Notice and the Privacy Policy, this Notice shall control only with respect to EEA Individuals and their personal data. If you are located elsewhere, please view our Privacy Policy.

The term “European Economic Area” (or “EEA”) shall mean the then-current member states and member countries of the European Union and European Economic Area, respectively, Switzerland, and, upon its withdrawal from the European Union, the United Kingdom.

Processor Disclosure: We are a data processor when performing our Services to our clients (e.g., debt collection). When serving as a processor, we have certain obligations under GDPR including only processing personal data at our clients’ instructions reflected in the applicable Master Services Agreement, providing assistance with fulfillment of rights requests, and implementing appropriate security for personal data. We will forward any inquiries, complaints, or requests received from data subjects with respect to our Services to the appropriate client and await instructions before taking any action.

Debtor Information: We receive from our clients and/or collect from debtors (i.e., companies that owe our clients a financial debt), information regarding the debtor that is necessary in order to collect such debts on our client’s behalf including the source, date and amount of the debt, any liens and other documentation regarding the debt, physical address and Contact Information for the debtor and the debtor’s attorney, and banking, and other financial information regarding the debtor. We also collect and receive credit information regarding the debtor from our clients when they use our Services, and through other lawful means in accordance with applicable laws. We use the Debtor Information to provide the Services.

Controller Disclosure & Details: We are a data controller of personal data regarding the following EEA Individuals: Prospective/current clients and vendors (“Business Contacts”) and our Site visitors (“Site Visitors”) for the purposes and under the legal bases described in the table below. Please note that, in some cases, the categories of data subjects above may overlap (e.g., Business Contacts using the Site).

Data Subject Category Purpose & Legal Basis of Processing
General (applies to all data subjects below)


Information Security: Our web servers will log your IP address and other information (e.g., browser information, operating system, request date/time, user agent string, referral and exiting URL) in order to maintain an audit log of activities performed. We use this information pursuant to our legitimate interests in tracking Site usage, combating DDOS or other attacks, and removing or defending against malicious visitors on the Site.
Business Contacts


Direct Marketing: Our legitimate interest in sending current or prospective clients email marketing, such as when submitting Contact Information through the Contact Us page indicating interest in our Services;

Executing Contracts and other Legal Documentation: We will process all personal data as necessary for the performance of our contracts with Business Contacts or to take requested steps to enter into such contracts, such as through use of Billing Information;

General Business Development: Our legitimate interest in furthering business relationships (such as by storing Business Contact information within a CRM or other file), ensuring client satisfaction, and answering inquiries (such as through our Submit A Claim page).

Site Visitors
Web Audience Measurement: Our legitimate interest in use of Google Analytics to understand how Site Visitors interact with the Site and where such Site Visitors are located (up to city-level only) in order to optimize the Site experience. Note that the last octets of Site Visitors’ IP Addresses have been anonymized and ‘Sharing With Google’ and ‘Demographics/Advertising’ features have been disabled within Google Analytics.


Controller’s Representative:

European Data Protection Office (EDPO)


EDPO Switzerland SARL

ABC-Amega GDPR Compliance

General Data Protection Regulation (GDPR) – European Representative
Avenue Huart Hamoir, 71

1030 Brussels/Belgium

General Data Protection Regulation (GDPR) – UK Representative
8 Northumberland Avenue

London WC2N 5BY, United Kingdom

Pursuant to Article 14 of the FADP, ABC-Amega, Inc. has appointed EDPO Switzerland as its Representative in Switzerland. You can contact EDPO Switzerland regarding matters pertaining to the FADP:

Rue de Lausanne 37
1201 Geneva, Switzerland

Recipients: Our sales, marketing, and finance teams process Business Contacts and Site Visitor information internally and such information is also disclosed to the following recipients:
Google (Analytics, Ads)
Lead Forensics Inc.
Microsoft (Advertising, Azure, Exchange Online)
Zoho (Analytics, CRM, Campaigns, Marketing Automation, Survey)

Retention: View our data retention policy.

Your GDPR Rights: As a natural person, you have a right to: (i) request access to, correction and/or erasure of your personal data; (ii) object to processing of your personal data; (iii) restrict processing of your personal data; and (iv) request a copy of your personal data, or have a copy thereof sent to another controller, in a structured, commonly used and machine readable format under the right of data portability. You may exercise these rights and submit a GDPR complaint by contacting: [email protected] with the subject line “GDPR Notice”. You also have the right to lodge a complaint about the processing of your personal data with an appropriate data protection authority, and, as applicable, to exercise third-party beneficiary rights under ABC-Amega’s Standard Contractual Clauses.

Contact details for the EU data protection authorities can be found at:

Objecting to Legitimate Interest/Direct Marketing: You may object to personal data processed pursuant to our legitimate interest. In such case, we will no longer process your personal data unless we can demonstrate appropriate, overriding legitimate grounds for the processing or if needed for the establishment, exercise, or defense of legal claims. You may also object at any time to processing of your personal data for direct marketing purposes by clicking “Manage Email Preferences” within an automated marketing email or by submitting your request to [email protected] with the subject line “GDPR Notice” (the latter for instances where, for example, you would not like to receive follow-ups from our sales team). In such case, your personal data will no longer be used for that purpose.

Governmental Access Requests: ABC-Amega may be required to disclose personal data in response to lawful requests by public authorities, including for the purpose of meeting national security or law enforcement requirements. We may also disclose personal data to other third parties when compelled to do so by government authorities or required by law or regulation including, but not limited to, in response to court orders and subpoenas.

Corporate Restructuring: In the event of a merger, reorganization, dissolution or similar corporate event, or the sale of all or substantially all of our assets, we expect that the information that we have collected, including personal data, would be transferred to the surviving entity in a merger or the acquiring entity. All such transfers shall be subject to our commitments with respect to the privacy and confidentiality of such personal data as set forth in this Notice. This Notice shall be binding upon ABC-Amega and its legal successors in interest.

Updates to this Notice: If, in the future, we intend to process your personal data for a purpose other than that which it was collected, we will provide you with information on that purpose and any other relevant information at a reasonable time prior to such processing. After such time, the relevant information relating to such processing activity will be revised or added appropriately within this Notice, and the “Effective Date” at the top of this page will be updated accordingly.

How to Contact Us: ABC-Amega is located at 500 Seneca St. #503, Buffalo, NY 14204. Please use this address or, preferably, reach out to [email protected] for any questions, complaints, or requests regarding this Notice; please include the subject line “GDPR Notice”.