Privacy Policy

1. Introduction

MonkeyIT ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our managed IT services, visit our website, or interact with us. We process personal data in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other relevant legislation.

2. Information We Collect

We may collect the following categories of information:

• Contact and identity data: name, email address, phone number, job title, and company name.
• Account and billing data: login credentials, payment information, and service history.
• Technical and usage data: IP address, device information, browser type, logs, and how you use our services and website.
• Support and communications: content of support tickets, emails, and other communications with us.
• Data we process on your behalf: as a managed service provider, we may process data that you or your organisation entrust to us for the provision of IT services (e.g. system and network data). We act as a data processor for such data in accordance with our agreements with you.

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our managed IT services.
• Respond to enquiries, support requests, and communications.
• Manage accounts, billing, and contractual relationships.
• Send service-related and, where permitted, marketing communications.
• Monitor and secure our systems, detect and prevent fraud, and comply with legal obligations.
• Analyse usage to improve our website and services.

4. Legal Basis for Processing (GDPR)

Where GDPR applies, we process personal data on the basis of: performance of a contract with you; your consent; our legitimate interests (e.g. service delivery, security, and business operations); or compliance with legal obligations. Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing based on consent before its withdrawal.

5. Data Sharing and Third Parties

We do not sell your personal information. We may share data with: trusted service providers and sub-processors who assist in delivering our services (under strict contractual and security requirements); professional advisers; and law enforcement or regulators when required by law. We require all such parties to protect your data in line with this policy and applicable law.

6. Sub-processors

In providing our services we may use sub-processors (e.g. for hosting, monitoring, or support tools). We select sub-processors that meet appropriate security and privacy standards and, where required, enter into data processing agreements. A list of key sub-processors is available on request.

7. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes set out in this policy, including to satisfy legal, accounting, or reporting requirements. Retention periods may vary by type of data and purpose. When data is no longer needed, we securely delete or anonymise it.

8. International Transfers

Your information may be transferred to and processed in countries other than your country of residence. Where we transfer data outside the UK or EEA, we ensure appropriate safeguards are in place (e.g. standard contractual clauses or adequacy decisions) in accordance with applicable data protection law.

9. Security

We implement technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include access controls, encryption where appropriate, staff training, and regular review of our security practices. Despite our efforts, no method of transmission or storage is completely secure; we encourage you to use strong credentials and report any suspected incidents.

10. Your Rights

Depending on your location, you may have the right to:

• Access your personal data and receive a copy.
• Rectification of inaccurate or incomplete data.
• Erasure ("right to be forgotten") in certain circumstances.
• Restriction of processing in certain circumstances.
• Data portability – receive your data in a structured, machine-readable format.
• Object to processing based on legitimate interests or for direct marketing.
• Withdraw consent where processing is based on consent.
• Lodge a complaint with a supervisory authority (e.g. the ICO in the UK or your local data protection authority).

To exercise any of these rights, please contact us using the details in Section 14. We will respond within the timeframes required by applicable law.

11. Cookies and Tracking

Our website may use cookies and similar technologies to improve functionality, analyse usage, and personalise content. You can manage cookie preferences through your browser settings. For more information, see our cookie banner or contact us.

12. Children's Privacy

Our services are not directed at individuals under 16. We do not knowingly collect personal data from children. If you believe we have collected such data, please contact us and we will take steps to delete it.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the revised policy on this page and update the "Last updated" date. For material changes, we may provide additional notice (e.g. by email or a notice on our website). We encourage you to review this policy periodically.

14. Contact Us

For privacy-related enquiries, to exercise your rights, or to report a concern, please contact us:

• MonkeyIT
• Email: info@monkeyit.com
• Phone: +1 (555) 123-4567
• Address: Vancouver, BC, Canada

If you are in the UK or EEA and have a complaint we have not resolved, you may have the right to lodge a complaint with your local data protection supervisory authority.