legal

Privacy Policy (GDPR/CCPA)

Non-Disclosure Agreement Privacy Policy (GDPR/CCPA) Terms of Service Employee Handbook

Privacy Policy

Effective Date: [DATE]
Last Updated: [DATE]

YourData365 ("we," "our," or "us") respects your privacy and is committed to protecting it through compliance with this Privacy Policy. This policy explains how we collect, use, disclose, and safeguard your information when you visit our website ([WEBSITE_URL]) or use our services related to Microsoft 365 (M365) backup and compliance solutions. It also outlines your rights under the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

If you have any questions or concerns about this policy, please contact us at [EMAIL] or [PHONE].

1. Information We Collect

We collect the following categories of information to provide our M365 backup and compliance services:

1.1 Information You Provide Directly

  • Account Information: Name, email address, phone number, company name, job title, and billing details when you create an account or purchase our services.
  • Service Data: Information you upload or provide to us for backup and compliance purposes, such as M365 tenant data, user activity logs, and compliance reports.
  • Support Requests: Details you provide when contacting customer support, including your name, contact information, and the nature of your inquiry.

1.2 Information Collected Automatically

  • Usage Data: IP address, browser type, operating system, device information, and pages visited on our website.
  • Log Data: Metadata related to M365 backups, such as timestamps, file sizes, and error logs.
  • Cookies and Tracking Technologies: See Section 5 for details.

1.3 Information from Third Parties

  • Microsoft Integration: Data retrieved from your M365 account via API integrations, including user permissions, file structures, and compliance configurations.
  • Payment Processors: Limited payment details (e.g., transaction ID) from third-party payment providers.

2. How We Use Your Information

We use the information we collect for the following purposes:

  1. Service Delivery: To provide M365 backup, recovery, and compliance services, including data storage, encryption, and reporting.
  2. Account Management: To create and manage your account, process payments, and provide customer support.
  3. Compliance Monitoring: To generate compliance reports and ensure adherence to regulatory frameworks such as GDPR, HIPAA, and CCPA.
  4. Service Improvement: To analyze usage trends and improve our services, including optimizing backup speeds and enhancing compliance tools.
  5. Marketing: To send you updates, newsletters, and promotional materials (with your consent, where required).
  6. Legal Obligations: To comply with applicable laws, enforce our terms of service, and protect against fraud or misuse.

3. Legal Bases for Processing (GDPR)

Under GDPR, we process your personal data based on the following legal grounds:

  • Performance of a Contract: To deliver the services you have requested.
  • Legitimate Interests: To improve our services, ensure security, and prevent fraud.
  • Consent: For marketing communications and optional cookies (where required).
  • Legal Compliance: To meet regulatory requirements, such as data retention laws.

4. Sharing Your Information

We do not sell your personal information. However, we may share your data with the following third parties:

4.1 Service Providers

  • Cloud Storage Providers: For secure data storage and backup (e.g., Azure, AWS).
  • Payment Processors: To process transactions securely (e.g., Stripe, PayPal).
  • Compliance Tools: Third-party tools used for regulatory audits and reporting.

4.2 Legal and Regulatory Authorities

We may disclose your information to comply with legal obligations, such as responding to subpoenas or regulatory inquiries.

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity.

5. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience on our website.

5.1 Types of Cookies

  • Essential Cookies: Required for website functionality, such as user authentication.
  • Performance Cookies: Collect data on website usage to improve performance.
  • Marketing Cookies: Track user behavior for targeted advertising (with your consent).

5.2 Managing Cookies

You can manage your cookie preferences through your browser settings or our cookie consent banner.

6. Data Retention

We retain your personal data only as long as necessary to fulfill the purposes outlined in this policy:

  • Account Information: Retained for the duration of your account and up to [X years] after termination for legal and tax purposes.
  • Service Data: Retained for [X months/years] after the completion of the backup or compliance service.
  • Log Data: Retained for [X months/years] for troubleshooting and analytics.

7. Your Rights

Under GDPR and CCPA, you have the following rights regarding your personal data:

7.1 GDPR Rights

  • Access: Request a copy of your personal data.
  • Rectification: Correct inaccurate or incomplete data.
  • Erasure: Request deletion of your data ("right to be forgotten").
  • Restriction: Request limited processing of your data.
  • Portability: Receive your data in a structured, machine-readable format.
  • Objection: Object to data processing based on legitimate interests.

7.2 CCPA Rights

  • Access: Request disclosure of the categories and specific pieces of personal information collected.
  • Deletion: Request deletion of your personal information.
  • Opt-Out: Opt-out of the sale of personal information (we do not sell data).
  • Non-Discrimination: You will not be discriminated against for exercising your rights.

To exercise your rights, contact us at [EMAIL] or [PHONE].

8. Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will delete it promptly.

9. International Data Transfers

If you are accessing our services from outside the United States, please note that your data may be transferred to and processed in the United States or other countries. We ensure appropriate safeguards are in place to protect your data in compliance with GDPR and other applicable laws.

10. Security Measures

We implement industry-standard security measures to protect your data, including:
- End-to-end encryption for all M365 backups.
- Role-based access controls (RBAC) to limit data access.
- Regular security audits and penetration testing.
- Secure API integrations with M365.

However, no system is completely secure, and we cannot guarantee absolute security.

11. Policy Updates

We may update this Privacy Policy from time to time. Any changes will be posted on this page with a revised "Last Updated" date. We encourage you to review this policy periodically.

12. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us:

  • Email: [EMAIL]
  • Phone: [PHONE]
  • Mailing Address: [COMPANY_ADDRESS]

By using our services, you acknowledge that you have read and understood this Privacy Policy.

Generated by Aura — Domain to Business Generator