Granite Data Tech

Granite Data Tech – Privacy Policy

Last Updated: March 28, 2024

At Granite Data Tech, we are committed to protecting the privacy of our clients and their data. This Privacy Policy explains how we collect, use, disclose, and protect your information when you engage with us for managed IT services (the “Services”). This policy applies to all clients (“you” or “your”) of Granite Data Tech.

1. Information We Collect

We collect several types of information to provide our Services effectively and securely:

  • Contact Information: Your name, company name, address, phone number, email address, and other contact details provided during the onboarding process or through ongoing communication.
  • Account Information: Login credentials (usernames, passwords – stored securely as described below), billing information, service plans selected, and any related account settings.
  • System & Network Data: We collect data about your IT systems and networks to monitor performance, identify security threats, and provide support. This may include:
    • Log files (event logs, firewall logs, intrusion detection system logs)
    • Network traffic data (anonymized where possible – see section on Anonymization)
    • System configurations
    • Hardware and software inventory
    • Performance metrics (CPU usage, memory utilization, disk space)
    • Security alerts and vulnerabilities detected.
  • Data You Provide to Us: Any data you store or process using our Services, or that is otherwise provided to us for management or support purposes. This could include files, databases, emails, etc. We do not actively monitor the content of your data unless specifically authorized by you (e.g., during a security investigation).
  • Usage Data: Information about how you use our Services, such as features used, access times, and service requests.
  • Payment Information: Credit card details or other payment information are collected through secure third-party payment processors (see section on Third-Party Services). We do not directly store your full credit card numbers.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Providing and Maintaining Services: To deliver the managed IT services you have contracted with us, including monitoring, maintenance, support, and security.
  • Security Monitoring & Threat Detection: To proactively identify and respond to security threats and vulnerabilities affecting your systems and data.
  • Account Management: To manage your account, process payments, and communicate important service updates.
  • Technical Support: To provide timely and effective technical assistance.
  • Service Improvement: To analyze usage patterns and improve the quality and functionality of our Services.
  • Communication: To send you operational communications (e.g., alerts, reports), respond to your inquiries, and provide relevant information about our services.
  • Legal Compliance: To comply with applicable laws, regulations, and legal processes.

3. Data Disclosure & Sharing

We will not sell or rent your personal data to third parties. We may disclose your information in the following limited circumstances:

  • Service Providers: We share information with trusted service providers who assist us in delivering our Services (e.g., cloud hosting providers, software vendors, payment processors). These providers are contractually obligated to protect your data and only use it for the purposes we specify.
  • Legal Requirements: We may disclose your information if required by law or legal process (e.g., subpoena, court order).
  • Security Incidents: We may share information with law enforcement agencies or security partners in the event of a security incident to investigate and prevent further harm. We will notify you promptly of any data breach as required by applicable laws.
  • Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of the transaction. We will provide notice if such a transfer occurs.
  • With Your Consent: We will share information with third parties only when you explicitly consent to do so.

4. Data Security Measures

We take reasonable measures to protect your data from unauthorized access, use, disclosure, alteration, and destruction:

  • Encryption: We use encryption technologies (e.g., TLS/SSL) to protect data in transit and at rest.
  • Access Controls: We restrict access to your data to authorized personnel only.
  • Firewalls & Intrusion Detection Systems: We employ firewalls and intrusion detection systems to prevent unauthorized network access.
  • Regular Security Assessments: We conduct regular security assessments and vulnerability scans to identify and address potential weaknesses.
  • Multi-Factor Authentication (MFA): We strongly encourage the use of MFA for all user accounts.
  • Data Backups: We maintain regular data backups to ensure business continuity and disaster recovery.
  • Employee Training: Our employees receive training on data security best practices.
  • Password Management: Passwords are stored using industry-standard hashing algorithms with salting, ensuring they cannot be easily deciphered.

5. Data Retention

We will retain your information for as long as necessary to provide our Services and comply with applicable laws and regulations. Specifically:

  • Active Clients: We retain data related to active clients throughout the duration of their service agreement.
  • Inactive Clients: After termination of a service agreement, we may retain certain data (e.g., billing records, security logs) for a reasonable period as required by law or for legitimate business purposes (e.g., dispute resolution). We will securely delete your data upon request, subject to legal requirements.

6. Anonymization and Aggregation

We may anonymize and aggregate data collected from our clients for internal analysis, service improvement, and benchmarking purposes. This means we remove any personally identifiable information before using the data.

7. Third-Party Services

Our Services may integrate with third-party services (e.g., software platforms, cloud providers). These services have their own privacy policies, which you can review separately. Although we select third-party service providers with great care to align with our business ethos and practices, we must declare however, that since we have no control over third-party service providers, we are not responsible for their privacy practices or any changes they make.

8. Your Rights

You have certain rights regarding your personal data, including:

  • Access: You can request access to the information we hold about you.
  • Correction: You can request that we correct any inaccurate or incomplete information.
  • Deletion: You can request that we delete your information (subject to legal requirements).
  • Data Portability: You can request a copy of your data in a portable format.
  • Opt-Out: You may opt out of certain types of communications from us.

To exercise these rights, please contact us at here.

9. Children’s Privacy

Our Services are not intended for use by children under the age of 16. We do not knowingly collect personal information from children.

10. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on our website and/or sending you an email notification.

11. Contact Us

If you have any questions or concerns about this Privacy Policy, please contact us here.