Privacy Policy

Last Updated: 2025-02-04
Privacy Policy

1. Introduction

This policy outlines our approach to collecting, processing, storing, and protecting personal data in compliance with the General Data Protection Regulation (GDPR). It applies to all personal data obtained in the course of delivering IT Service Management (ITSM), Enterprise Content Management (ECM), Strategic IT Consulting, IT Risk Management, and Information Security Management (ISM) services.

2. Data Collection

We collect only the data necessary for service delivery, including:

  • Contact Details: Name, email, phone number.
  • Business Information: Company name, job title.
  • Technical Data: IP addresses, browser type, device information.
  • Service Interaction Data: Support tickets, communication logs, preferences.

We process personal data based on the following legal grounds:

  • Contract Performance: Delivery of requested services.
  • Legitimate Interest: Improving security and operational efficiency.
  • Legal Compliance: Meeting legal and regulatory obligations.
  • User Consent: Where processing relies on explicit consent.

4. Data Usage

Personal data is processed for the following purposes:

  • Providing, optimizing, and personalizing our services.
  • Facilitating communication regarding engagements and support.
  • Ensuring compliance with applicable legal and regulatory requirements.
  • Maintaining security, detecting fraud, and managing operational risks.
  • Conducting service performance analysis and trend assessment.

5. Data Sharing

We do not sell or rent personal data. Data is shared only when necessary with:

  • Authorized Service Providers: Under contractual agreements ensuring GDPR compliance.
  • Regulatory Authorities: When required by law.
  • Third-Party Partners: Essential for service provision and infrastructure support.

6. Data Storage and Security

We implement robust security measures, including:

  • Encryption: Protocols for data at rest and in transit.
  • Access Controls: Restricting unauthorized data access.
  • Monitoring: Continuous system monitoring and vulnerability assessments.
  • Retention Policies: Secure deletion of data when no longer required.

7. International Data Transfers

Where data is transferred outside the EU, we ensure adequate protection by:

  • Utilizing standard contractual clauses approved by the European Commission.
  • Adhering to legally recognized data transfer mechanisms.
  • Implementing additional security safeguards as required.

8. User Rights Under GDPR

Individuals have the right to:

  • Access, modify, or delete their personal data.
  • Object to or restrict processing under certain conditions.
  • Request data portability in a structured, commonly used format.
  • Withdraw consent where processing is based on consent.
  • File a complaint with a relevant supervisory authority.

9. Automated Decision-Making

We do not engage in automated decision-making that has a significant legal or personal impact on individuals without human oversight.

10. Contact Information

For inquiries, data requests, or privacy concerns, please contact our Data Protection Officer at info@3ripple.com

Last Updated: 2025-02-04