Skyline IT Solutions

1. Introduction and Scope of Policy

Skyline IT Solutions ("we," "us," or "our") operates as a trusted Managed Service Provider (MSP) and technology consultant. We recognize the criticality of data protection and are deeply committed to maintaining the privacy and security of the personal and business information entrusted to us by our clients, partners, and website visitors (collectively, "Users").

This Comprehensive Privacy Policy governs our data handling practices across all our services, cloud platforms, communications, and web properties. By engaging our services, you confirm that you have read, understood, and consented to the data practices described herein, in compliance with applicable international data regulations.

2. Categories of Information We Collect

Our data collection is meticulously limited to what is necessary for the provision of high-quality, professional IT services, billing, and system management. The types of data collected fall into the following professional categories:

A. Professional and Identity Information

• Contact Identifiers: Full legal names, professional email addresses, office and mobile telephone numbers, and corporate mailing addresses.
• Employment Data: Company name, job title, department, and professional designation necessary for account management and security protocols.

B. Financial and Transactional Data

• Billing Records: Records related to the services purchased, pricing, invoice details, and contractual agreements.
• Payment Facilitation Data: Information required to process payments securely, including banking details or credit card information (though sensitive payment details are typically processed by PCI-compliant third-party gateways, not stored directly by us).

C. Technical and System Data

This category is central to our MSP function, ensuring system health and support:

• Log Data: Server log files, network traffic data, system error reports, security event logs, and IP addresses.
• Device & Configuration Data: Operating system information, hardware specifications, software inventory, and configuration settings necessary for remote monitoring and management (RMM) services.
• Support Data: Detailed documentation, communications, and diagnostic files generated during technical support and helpdesk engagements.

D. Usage and Analytics Data

• Web Metrics: Data on how our corporate website is accessed and used, including browser type, referral URLs, time spent on pages, and clickstream data, often collected through cookies and web analytics tools.

3. Justification and Purpose for Data Use (Legal Basis)

We process your Personal Information only when we have a legitimate and lawful reason to do so. Our primary justifications include:

A. Contractual Necessity

The processing required to fulfill our obligations under a service agreement with you or your organization, including service delivery, account management, and invoicing.

B. Legitimate Business Interests

Using data to operate and improve our business (e.g., internal auditing, security testing, system maintenance, and service enhancement) provided that these interests do not override your fundamental rights and freedoms.

C. Security and Compliance Obligations

Processing data as mandated by legal or regulatory requirements, such as fraud prevention, adherence to data protection laws, or response to lawful requests from public authorities.

D. Consent (Where Applicable)

Processing based on your explicit consent, especially for non-essential communications like marketing newsletters or third-party cookies, which you have the right to withdraw at any time.

4. Data Sharing, Transfers, and Disclosure

We maintain strict controls over data sharing. Your Personal Information is never sold or rented for profit. Disclosure is limited to the following essential categories, all of whom are bound by confidentiality agreements:

• External Service Providers: Sharing data with third-party vendors (e.g., cloud platforms, specialized security tool providers, data centers) strictly for them to perform contracted services on our behalf.
• Legal and Regulatory Bodies: Disclosing information when required by law, subpoena, or valid legal process, or when necessary to protect our rights, property, or safety, or that of our clients.
• Business Transitions: Information may be transferred to a successor entity in the event of a merger, acquisition, or sale of assets, subject to the successor adhering to this Privacy Policy.
• International Transfers: Where we utilize offshore processing or storage, we ensure adequate safeguards (e.g., Standard Contractual Clauses) are in place to maintain the protection of your data regardless of jurisdiction.

5. Data Security and Retention

As a professional IT Solutions provider, security is paramount. We employ a layered approach to data protection:

• Technical Measures: Implementing robust measures including end-to-end encryption (TLS/SSL), Multi-Factor Authentication (MFA), regular vulnerability scanning, and isolated network segments.
• Organizational Controls: Training staff on data handling protocols, restricting access to data on a 'need-to-know' basis, and conducting routine security audits.
• Data Retention: We retain Personal Information only for as long as necessary to fulfill the purposes outlined in this policy, satisfy legal, accounting, or reporting requirements, and as per the terms defined in our client service agreements.

6. Your Data Subject Rights

Depending on the jurisdiction, you may have specific rights concerning your data. We facilitate the exercise of these rights, which may include:

• The **Right to Access:** Requesting copies of the Personal Information we hold about you.
• The **Right to Rectification:** Requesting correction of inaccurate or incomplete data.
• The **Right to Erasure ('Right to be Forgotten'):** Requesting the deletion of your data, subject to legal retention obligations.
• The **Right to Restrict Processing:** Asking us to limit the way we use your data.
• The **Right to Data Portability:** Requesting a copy of your data in a structured, commonly used, and machine-readable format.

To exercise any of these rights, please submit a formal written request to our Compliance Team via the contact details provided below.

7. Policy Amendments

We may periodically update this policy to reflect changes in our services, technology, or evolving legal frameworks. We will notify our clients of any material changes through prominent notice on our website or via direct communication (email) before the changes become effective. We encourage you to review this policy regularly.

8. Contact and Compliance Authority

For any inquiries, requests concerning your data rights, or formal complaints regarding our data handling, please contact our dedicated Compliance Team: