Privacy Policy
SegueIT is a managed IT services company that supports businesses with proactive operations and security, and this Privacy Policy describes how personal data is handled on SegueIT’s web properties and related services. References to “we,” “us,” and “our” mean SegueIT as the data controller for website interactions and as a data fiduciary where the India DPDP Act applies. This policy is designed to meet transparency requirements for privacy notices under GDPR, CPRA/CCPA, and the DPDP Act.
Effective date and scope
State a clear “Effective date” at the top of the policy and make the notice conspicuous and written in plain language for all users. The policy applies to the website, communications, analytics, cookies, forms, and any service interactions described here, including where the business targets users in the EU, California, or India. If additional processing not described here is introduced, update this policy and provide notice before such processing begins.
What we collect
We collect information that users provide directly (for example, contact details and messages submitted via forms) and technical data generated by visits (for example, IP address, device identifiers, and usage data) as part of providing and improving services. Categories may include identifiers, commercial information, internet/network activity, geolocation data, professional information, and inferences, consistent with CPRA disclosure categories for the prior 12 months. Where applicable, sensitive personal information categories are disclosed separately and handled with heightened controls as required by CPRA/CPRA amendments.
-
Contact and inquiry data (name, email, phone, company, message content) provided via forms or communications.
-
Device and usage data (IP address, user agent, pages viewed, timestamps) collected for security, analytics, and site performance.
-
Cookie and similar technologies data for necessary operations, preferences, analytics, and marketing subject to consent where required.
-
How we use data
Data is used to operate the website, respond to inquiries, provide and improve services, secure systems, comply with law, and communicate with users consistent with stated purposes at the time of collection. Use must be specific and explained in clear language; new purposes require additional notice and, where required, renewed consent before further processing. Processing is limited to what is necessary for specified purposes and aligned with data minimization principles.
Legal bases and notices
For EU/UK users, processing is based on one or more lawful bases such as consent, performance of a contract, legal obligation, and legitimate interests, as outlined by GDPR. Privacy notices should be provided at or before collection, and when data is obtained from other sources, within a reasonable time, with clear disclosures of purposes, recipients, and rights. For India, consent must be free, specific, informed, and unambiguous, with notices that include purposes, rights, complaint mechanisms, and contact details for the responsible person or DPO.
Cookies and tracking
Non‑essential cookies (analytics/marketing) require prior opt‑in consent in the EU/EEA, and scripts must be blocked until consent is granted, with granular category choices and easy withdrawal. A cookie banner and preference center should provide clear options and retain proof of consent in line with current enforcement trends. The privacy notice should describe cookie purposes and link to a cookie details page or section for transparency and ongoing control.
Sharing and disclosures
We disclose personal data to service providers/“processors” that perform services on our behalf under contractual safeguards, to comply with law, protect rights, or in connection with a business transaction, as allowed by applicable laws. CPRA/CCPA requires describing categories of recipients (for example, advertising networks, analytics providers, payment processors) and stating whether there is “selling” or “sharing” for cross‑context behavioral advertising. Disclosures must be specific and comprehensible rather than vague references to “partners,” enabling informed consumer choice.
International transfers
If data is transferred internationally, we implement appropriate safeguards recognized by law (for example, standard contractual clauses) and disclose transfer mechanisms and associated protections in the notice. Users should be informed about transfer countries and how to obtain a copy of the relevant safeguards where applicable. Transfers must maintain an adequate level of protection and align with the principle of lawfulness, fairness, and transparency.
Retention
Personal data is retained only as long as necessary for the purposes described, including legal, accounting, or reporting requirements, after which it is securely deleted or anonymized. Retention periods or the criteria used to determine them should be communicated to users for transparency. Storage limitation and data minimization principles under GDPR guide retention practices.
Your privacy rights
Under GDPR, individuals have rights to access, rectification, erasure, restriction, portability, and to object, plus the right to withdraw consent without affecting prior lawful processing. Under CPRA/CCPA, California residents have rights to know, access, delete, correct, opt‑out of “sale” or “sharing,” and limit use/disclosure of sensitive personal information, subject to verification. Under India’s DPDP Act, Data Principals have rights to access, correction, erasure, and grievance redressal, and must be informed how to exercise these rights and contact the DPO or responsible person.
Exercising your rights
Requests can be submitted through designated methods that allow identity verification, and we will respond within the timelines required by applicable law. Provide at least one contact channel and clear steps for withdrawing consent, exercising rights, or lodging complaints, including links or references to grievance mechanisms under the DPDP Act. Where a representative, DPO, or toll‑free number is required or offered, list the details below to meet jurisdictional requirements.
Security
We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction, consistent with GDPR principles and industry practices. Security controls are regularly reviewed and updated to address evolving risks and legal expectations. No method of transmission or storage is entirely secure, and residual risk is disclosed transparently in accordance with notice best practices.
Children’s privacy
We do not knowingly collect personal data from children where consent requirements apply without appropriate authorization, and services are not directed to individuals below the relevant age of digital consent under applicable laws. If such data is discovered, reasonable steps will be taken to delete it and address the incident per legal obligations. Parents or guardians may contact us using the details below to request deletion of a child’s information.
Changes to this policy
We may update this Privacy Policy to reflect changes in practices, technologies, or legal requirements and will indicate the date of the latest revision at the top of the notice. Where changes are material, we will provide additional notice consistent with applicable law and obtain consent where required before new processing. Continued use of the services after updates constitutes acknowledgment of the revised policy to the extent permitted by law.
Contact
Provide a dedicated privacy contact for rights requests and questions, including the Data Protection Officer (if appointed) and any required local representative details. Include a grievance redressal contact for India and clear instructions for submitting requests or complaints to relevant authorities when applicable. Insert the official company contact information below to complete this notice and ensure it is conspicuously available across the site.