top of page

M2VA Services Privacy Policy

This Privacy Policy is effective as of 12 January, 2024.  

Any changes made to this policy will be updated and marked accordingly. I’ll only show the most up-to-date policy, but if you’d like to see any past policies or a summary of changes, just let me know at   

I know your personally identifiable information (Personal Data) (PII) is important to you, such as your IP address, browser settings, email address, and location; and I believe in transparency. This policy explains my privacy practices for my website,, as well as for any personalized training, consulting, or client work, to be known as “M2VA” collectively.  


This Privacy Policy applies to information I, Megan Miller, collect when you use and any other websites, mobile applications, or services that post a link to this Privacy Policy (collectively, “M2VA”). This Privacy Policy describes how Megan Miller, DBA M2VA Services, located at 819 Reece Road P.O. Box 212, Severn, MD 21144, United States (“M2VA”, “Company”, “I” or “me”) collects, uses, and shares M2VA-related information about you. This Privacy Policy does not apply to information or data about you collected as received outside of M2VA Services, except to the extent it is combined with information or data collected by me via M2VA Services.  


You can request any amendments to Personal Data by writing me at  


What I collect: 

  • I collect contact information. For example, if you sign up for a mailing list or purchase a service from me, you’ll be asked to provide your name, email, general location, and/or cell phone number.  

  • I collect demographic information. I may collect information like your gender and age, and may also collect your general country of origin and zip code. I collect your time zone when you schedule any appointment via my online calendar.  

  • I may collect usage information. I may collect information on what site you came from when you enter M2VA Services or if you opt-in to any of my products or services. If you are using a mobile app or laptop with location services enabled in your device, I may collect location information, including your precise location. I may also collect device identifiers, such as IP addresses or browser information. I also collect email open rates and click-through rates.  

I may save this data for up to five (5) years for specific business development purposes. I do not track any sensitive data, including personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, or biometric data for the purpose of uniquely identifying a natural person, data concerning health or a person’s sexual orientation, or data relating to criminal convictions and offences.  

Where I track your data from: 

  • Online services: this includes this website and/or any tertiary M2VA Services websites (, surveys, social media profiles, and any profile information listed on other networking sites.  

  • Any inbound outreach: this includes email address and social media messages and/or profile information.  


What I use your data for: 

  • Services: I use your Personal Data for consumer service purposes, like responding to your enquiries via email. This helps me be more efficient, answer any questions, and improve or develop new products or services.  

  • Contests, marketing, and other promotions: With your consent where required, I use your Personal Data to provide you with information about goods or services.  

  • Analytics: I use your data to operate, protect, improve, and optimize the overall M2VA Services experience. 

Please note that your browser settings may allow you to automatically transmit a “Do Not Track” signal to websites and online services you visit. Like many other websites and online services, M2VA Services does not alter its practices when it receives a “Do Not Track” signal from a visitor’s browser. To find out more about “Do Not Track”, please visit  

Direct Marketing and opting out: 

Direct marketing may include regular newsletters, direct messages sent over social media platforms, such as LinkedIn, or direct emails.  

You may opt out of any of these at any time by any of the following: 

  • via the “Unsubscribe” button at the bottom of newsletters.  

  • via email at  


I have no plans to transfer any data to a country other than the United States (see more about Third-Party Partners below).  

Third-Party Partners: 

M2VA Services may work with third-party partners who help me provide and improve my products and services. I don’t sell any of your information to outside parties, and never will. I’ve also imposed strict restrictions on how my partners can use and disclose the data we provide. At the time of this writing, M2VA Services does not utilize Google Analytics to track cookies.  

  • Any data is completely anonymized and is used strictly for business development purposes.  

  • I don’t use any Google Analytics Advertising Tools or show you any ads.  


For more information, including specific requests around Google Analytics, please write me at   


Both M2VA Services and each social media platform process personal information (for example, name, email address, and assessment results) and are therefore considered separate and independent data controllers of participants’ personal information under EU law. That means that each party is responsible for the personal information it processes in providing any services. 

Data Protection: 

Obviously, the protection of your data is important to you and to me. I protect your PII through the following: 

  • I anonymize your data as much as possible. Some data through Wix is already anonymized, and any other data as far as general location is anonymized to the country of source.  

  • Any data, mailing lists, or the like are stored on a cloud-based password-protected account. I have different passwords for each and change these passwords every 90 days.  

  • Any,, or other profile information is provided by you. I will message you through these platforms and will not request your email address without your verbal and/or written consent.  

  • I ask for verbal confirmation before recording any video sessions. If I receive that verbal confirmation, the recording is saved to a local folder on a PIN-protected device. That recording may be saved for business development purposes up to two (2) years.  

  • Any recordings or notes are on a PIN-protected device, and notes that may contain PII (such as location, age, or marital status) are on a password-protected Office 365 account. This information may be saved for business development purposes up to five (5) years.  


If you feel uncomfortable about any of the above protections or have any requests for improvement, please write me at  


About Your Consumer Rights: 

As a consumer, you have the right to know exactly how I collect your data, what data I collect, how long I store this data for, and how to opt out of it. You also have the following rights under the CCPA, GDPR, and PIPEDA laws: 

  • The right to know about the personal information a business collects about them and how it is used and shared; 

  • The right to delete personal information collected from them (with some exceptions); 

  • The right to opt-out of the sale of their personal information; and 

  • The right to non-discrimination for exercising their CCPA rights. 

I respect your consumer rights, and have shared the type of data I collect, how I use this data, and how I share with my third parties. You may request a deletion of all personal information by writing to me at Since I do not sell any personal information, the right to opt-out of this sale is not applicable. And I will never discriminate against someone for exercising your privacy rights.  

GDPR-Specific Rights that M2VA Services Grants Everyone 

  • The right to be informed. 

    • ​Individuals have the right to be informed about the collection and use of their personal data. This is a key transparency requirement under GDPR. ​

  • The right of access. 

    • Individuals have the right to access their personal data and supplementary information. The right of access allows individuals to be aware of and verify the lawfulness of the processing.  ​

  • The right to rectification. 

    • Individuals have the right to have inaccurate personal data rectified, or completed if it is incomplete.  ​

  • The right to erasure. 

    • Individuals have the right to have personal data erased. This right is also known as “the right to be forgotten”.  ​

  • The right to restrict processing. 

    • Individuals have the right to request the restriction or suppression of their personal data. When processing is restricted, organizations are permitting to store the personal data, but not use it. This right is not absolute and only applies in certain circumstances. ​

  • The right to data portability. 

    • Individuals can obtain and reuse their personal data for their own purposes across different services. This right allows individuals to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability. This right enables consumers to take advantage of applications and services which can use this data to find them a better deal, or help them understand their spending habits. ​

  • The right to object. 

    • Individuals have the right to object to: 

      • Data processing based on legitimate interested or the performance of a task in the public interest/exercise of official authority (including profiling); 

      • Direct marketing (including profiling); 

      • Data processing for purpose of scientific/historical research and statistics. ​

  • Rights in relation to automated decision and profiling. 

    • This right protects individuals if organizations are carrying out solely automated decision-making that has legal or similarly significant effects on them. 


To request any data erasure, restrictions, edits, or anything else, please write me at  

Legal Basis for processing PII: 

Under GDPR, there are six legal bases for processing PII:  

  • Consent 

  • Performance of a contract 

  • A legitimate interest 

  • A vital interest 

  • A legal requirement 

  • A public interest 

The consent to process data is given by the cookie banner on the M2VA website, as well as written or verbal consent to receive marketing materials or any communication from M2VA. To withdraw consent at any point, write to me at   

Legitimate interest can include something like a marketing activity, where an email address is needed to communicate an upcoming webinar or infographic. It is also necessary to have at least a first name, last name, and email address for full performance of a contract for any of M2VA’s services.  

At the time of this writing, I do not process nor save data that is a vital interest (required to save someone’s life) or a public interest (a government entity or organization acting on behalf of a government entity).  

Reporting Privacy Violations: 

For those living in the US, you may report privacy violations by the following: 

  • File a complaint with the Office of Civil Rights (OCR). 

  • Listen to recorded information about filing complaints at 1-866-627-7748 (TDD: 1-800-537-7697). 

  • Find out from your state or local consumer agency if your state has laws to protect your privacy. 


For those living in countries within the EU, you may  

  • Lodge a complaint with your national Data Protection Authority (DPA) The authority investigates and informs you of the progress or outcome of your complaint within 3 months. 

  • View the full European Commission page here.  


While M2VA Services is dedicated to making my services the best they can be, I’m not perfect, and sometimes things can go wrong. I ensure the services I provide are in accordance with generally accepted professional practices and standards, and are within the stated objective between any contract I may have with a partner, client and/or partner companies.  

Liability Limits

In no event shall M2VA’s aggregate liability for any damages exceed the amount paid to M2VA Services for the specific project or contract. Some jurisdictions do not allow limitations on incidental or consequential damages, so the above limitation may not apply to you.  

Additional codes of conduct, standards, terms, and conditions: 

I have additional terms and conditions for each service. You may receive a copy of either by writing me at These can cover things such as: basic age limitations, payment, rescheduling or tardiness of appointments, expectations and requirements, and/or software and hardware used, among others.  

As I am the sole employee of M2VA Services, I do not currently have any position open of a Data Protection Officer. I hold myself to the highest standards possible when it comes to doing business, and am always looking for ways to improve how I do business, including but not limited to meeting facilitation, data collection or privacy, and how to excel at providing exceptional technical virtual assistance to clients. If you have any feedback, please write me at   

Eligibility to Use M2VA Services 

You must be 18 or older to use any services within M2VA Services. Minors under 18 and at least 13 years of age are only permitted to use M2VA Services with direct consent of a parent or legal guardian. Children under 13 are not permitted to use any services within M2VA Services.​ 

bottom of page