Privacy Policy

Effective Date: January 27, 2026

JFC Global (“we,” “our,” or “us”) values your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, share, and protect your information when you interact with our website, services, or marketing campaigns. By using our site, you signify your agreement to the terms of this privacy policy.

1. Information We Collect

We collect personal information that you provide to us through various means, including:

• when you complete a contact form
• when you sign up for a newsletter
• through lead-generation ads on platforms including Facebook, Google, LinkedIn, and Microsoft

We may also collect device/usage data (such as IP address, browser type, device identifiers, pages visited, time on page, and clicks) via cookies, tags, and similar technologies for advertising and analytics purposes.

We do not intentionally collect sensitive personal information (such as government identifiers, health data, precise geolocation, or biometric information). If we ever need to process such information, we will obtain explicit consent or rely on another lawful basis as required by applicable law.

2. How We Use Your Information

The personal data we collect is used to:

• provide the services you have requested
• communicate with you about updates, or events related to JFC Global
• tailor marketing efforts, including retargeting ads on Facebook, Google, LinkedIn, and Microsoft, based on your interactions with our services and ads
• improve our services by analyzing customer preferences and engagement with our website and ads
• enhance the content, layout, and usability of our site

We collect and process only the personal information that is reasonably necessary and proportionate to provide our services or fulfill the specific purposes described in this policy.

If you are located in the European Economic Area (EEA) or the United Kingdom, we process your personal data under the following lawful bases, as required by the GDPR and UK GDPR:

• Consent, for the use of cookies, personalized advertising, and remarketing activities
• Legitimate interests, to analyze usage patterns, improve our services, and measure advertising performance
• Contract, when processing is necessary to provide you with requested services
• Legal obligations, when required to comply with applicable laws

3. Who We Share Your Data With

We never sell personal information.

We may share your personal information with trusted third-party service providers who support our operations and comply with privacy regulation requirements.

These include:

• Email marketing providers, such as MailChimp and Constant Contact, to send you promotional or transactional emails you’ve requested or consented to receive
• Ad platforms, including Facebook, Google, LinkedIn, and Microsoft, to deliver targeted advertisements

Any data shared with third parties is encrypted, hashed, or anonymized before being transmitted. We do not disclose personally identifiable information (PII) to any external partners for these uses. Some advertising and analytics activity may be considered a “share” under California law.

All third-party service providers are contractually required to process personal information only on our behalf, follow written data-processing agreements, and maintain equivalent security and confidentiality standards. Most of our processors are located in the United States; some analytics or advertising partners may process data in other regions such as the European Union.

4. Embedded content from other websites

Pages on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

5. Advertising, Analytics & Tracking Technologies

Google

• Remarketing: We use Google Ads Remarketing to show ads to visitors who have previously interacted with our website. Third-party vendors, including Google, use cookies to serve these ads.
• Customer Match: If you provide identifiers (such as an email address), we may use them in encrypted, hashed form with Google Customer Match. We do not share raw personal data with Google.
• Enhanced Conversions: Certain conversion data (like form submissions or purchases) may be encrypted and securely transmitted to Google for ad measurement.
• Analytics & Signals: We use Google Analytics to understand website usage. With Google Signals enabled, Google may link visitation information with signed-in Google accounts (if Ads Personalization is turned on) for cross-device reporting and remarketing. Data we receive is aggregated and anonymized.

These tools may place cookies or use device identifiers to track activity across websites. You can manage or opt out of personalized advertising via Google’s Ad Settings or Google Analytics Opt-out Browser Add-on. For more information on how Google processes your data, please see the Google Privacy Policy.

Microsoft

• UET & Remarketing: We use the Microsoft Ads Universal Event Tracking (UET) tag for measurement and remarketing. This means individual end-user tracking and data sharing with Microsoft Ads and third-party partners may occur.
• Opt-Out: You can opt out of interest-based advertising via:
  • Network Advertising Initiative (NAI) Consumer Opt-Out
  • Digital Advertising Alliance (DAA) Consumer Choice Page
  • Microsoft Privacy Statement
• Microsoft Clarity: We use Microsoft Clarity to better understand how users interact with our site. Clarity uses cookies and other technologies to capture anonymized usage data such as mouse movements, clicks, and scroll behavior. This information helps us to improve usability and is stored in Microsoft’s data centers. Read the Microsoft Clarity privacy policy here.

Meta & LinkedIn

We use these platforms’ ad technologies (including retargeting) to deliver relevant ads to visitors based on website activity. The platforms may track your activity across websites using cookies and tags. For details on how Meta (including Facebook and Instagram) processes your data, please see Meta’s privacy policy. For information on how LinkedIn uses your data, please refer to LinkedIn’s privacy policy.

6. How Long We Retain Your Data

We retain personal information only for as long as necessary to fulfill the purposes described in this Privacy Policy, comply with legal obligations, resolve disputes, and enforce our agreements. Retention periods vary depending on the nature of the data and the purpose of processing. When data is no longer needed, it is securely deleted or anonymized.

In some cases, we may retain limited personal information for legitimate business or legal purposes, such as maintaining business records related to recruiting activities, complying with applicable employment or record-keeping laws, or responding to or defending against legal claims.

7. Login and Session Data

Our website uses cookies and similar technologies to improve user experience and analyze site performance. Some cookies are essential for the operation of the site. These functional cookies do not store personal information for advertising purposes and are only used to enable the website to function properly.

8. How You Can Access or Delete Your Information

You have the right to access, update, or request deletion of any personal information held by JFC Global. To make a request, email mserafin@jfcglobal.com.

We aim to respond to all verified privacy-related requests within one month (30 days) of receipt, in accordance with the GDPR/UK GDPR and other applicable privacy laws.

For requests submitted under U.S. state privacy laws (such as the CCPA/CPRA and similar statutes), we may take up to 45 days to respond, with the possibility of an additional 45-day extension when reasonably necessary and permitted by law. If an extension is required, we will notify you within the initial response period and explain the reason for the delay.

We may verify your identity before fulfilling requests.

9. Your Privacy Rights (GDPR, CCPA/CPRA & State Laws)

We respect your privacy rights and provide several ways for you to manage your personal information and marketing preferences.

GDPR / UK GDPR (for users in the EEA or UK)

If you are located in the European Economic Area (EEA) or the United Kingdom, you have the right to:

• Access and request a copy of the personal data we hold about you.
• Request correction or deletion of inaccurate or outdated data.
• Withdraw consent at any time without affecting the lawfulness of prior processing.
• Object to the processing of your data for marketing or other legitimate interests.
• Request data portability where technically feasible.

You can manage your consent preferences for cookies, analytics, and advertising at any time by using the Consent Management Banner displayed on our website. The banner allows you to accept, reject, or customize which categories of cookies and tracking technologies are enabled (for example, essential, analytics, or marketing cookies). You may also revisit your preferences at any time by clicking the “Cookie Settings” or “Privacy Preferences” link available in the website footer.

Our Consent Management Banner requires explicit opt-in for non-essential cookies in regions such as the EEA and UK and offers granular choices for analytics and advertising cookies for U.S. users. You may reject non-essential cookies as easily as accepting them, and you can withdraw or update your consent at any time through the “Cookie Settings” link in the website footer.

CCPA / CPRA (for California residents)

If you are a California resident, you may exercise the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know/Access the categories and purposes of personal information collected.
• Right to Delete your personal information, subject to certain exceptions.
• Right to Correct inaccurate personal information.
• Right to Opt-Out of Sale or Sharing of personal information (Note: While we do not sell personal information, certain advertising and analytics activities may be considered “sharing” under California law).
• Right to Non-Discrimination for exercising your privacy rights.

You can exercise these rights by contacting us at mserafin@jfcglobal.com or by adjusting your settings through the Consent Management Banner as described above.

Residents of other U.S. states with privacy laws may have similar rights, which can also be exercised through the same contact email or the consent management tools provided on our site.

Certain privacy laws give individuals the right to opt out of profiling or automated decision-making that has legal or similarly significant effects. We do not engage in automated decision-making that produces such effects. If our practices change, we will update this policy and provide a method to exercise those rights.

We also honor browser-based Global Privacy Control (GPC) signals and similar universal opt-out mechanisms. When we detect a valid GPC signal, we treat it as a request to opt out of the “sale” or “sharing” of personal information as defined by applicable law.

We comply with applicable U.S. state privacy laws, including the California, Colorado, Connecticut, Utah, Virginia, New Jersey, and Maryland privacy statutes, and apply similar standards across all jurisdictions where we operate.

10. How to Contact Us

For questions about your personal data or to exercise your rights, contact:

Email: mserafin@jfcglobal.com

Mailing Address:
JFC Global
1520 Market Street
Camp Hill, PA 17011
United States of America

We aim to respond to all verified privacy-related requests within one month (30 days) of receipt, in accordance with the GDPR/UK GDPR and other applicable privacy laws. For requests submitted under U.S. state privacy laws (such as the CCPA/CPRA and similar statutes), we may take up to 45 days to respond, with the possibility of an additional 45-day extension when reasonably necessary and permitted by law. If an extension is required, we will notify you within the initial response period and explain the reason for the delay.

11. Security & International Transfers

We use administrative, technical, and physical safeguards to protect your personal information.

If you are located outside the United States, your data may be transferred to and processed in the U.S., where privacy protections may differ.

Where required by law, we perform periodic privacy and data protection impact assessments for high-risk activities such as targeted advertising or processing involving minors.

12. Children’s Privacy

Our website and services are intended for use by adults and are not directed toward children under the age of 13 (or the minimum age of digital consent in your country). We do not knowingly collect, use, or share personal information from children under 13.

If you are a parent or guardian and believe that your child has provided us with personal information, please contact us at mserafin@jfcglobal.com, and we will promptly delete the information from our records.

In accordance with applicable privacy laws such as the California Consumer Privacy Act (CCPA/CPRA) and similar U.S. state laws, we also do not knowingly sell or share personal information of minors under the age of 16 without the required consent.

We do not use our advertising or analytics services to target individuals under the applicable age of consent.

13. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. The effective date will always appear at the top of this page.