Privacy Policy

1. Overview.

This IT Lift Privacy Policy (“Policy”) explains how IT Lift, Inc. (“IT Lift”, “Company”, “we”, “us” and “our”) may use information collected through the use of the IT Lift website or IT Lift Services (collectively “Sites). In this Policy “user”, “you” and “your” refers to any third party users – whether an individual or an organization – of IT Lift products and IT Lift’s SaaS based software solution provided through IT Lift Services for use with IT Lift products (“Services”). This Policy also explains your choices about how we use information about you. Your choices include how you can object to certain uses of information about you and how you can access and update certain information about you. If you do not agree with this Policy, you should not access or use the IT Lift website or IT Lift Services.

2. Definitions.

a. "Personal Information". Any information relating to an identified individual, or to an individual who can be identified, directly or indirectly, by reference to such information, which may include, an identification number, an email address, physical address, phone number, or one or more factors specific to his or her physical, physiological, mental, economic, cultural or social identity. Without limiting the foregoing, Personal Information does not include information that is de-identified or corporate information that relates to an organization but not to an individual, such as a corporate name, corporate address or general corporate phone number.

b. “Analytics Data”. Output data from 3^rd party applications and service providers, collected or analyzed by IT Lift or IT Lift Services in accordance with this privacy policy will be kept confidential.

3. Information We May Collect or Use.

a. Account and profile information. When You create an initial account with the IT Lift Services, we store the email addresses of administrators and users of the account. We do not collect any other Personal Information from IT Lift Services users during the IT Lift Services account set-up. This Personal Information is kept confidential.

b. Location information. We record the IP addresses of computers from which Personal Information and Analytics Data are uploaded.

c. Content you provide through use of IT Lift Services. When a user uploads Analytics Data to IT Lift Services, we may store metadata about the device (e.g., make/model/serial number) or other general demographics data. IT Lift may extract and use de-identified data for general analysis. This de-identified data is combined with de-identified data from other customers analyzed by IT Lift. This data is not shared outside IT Lift, except to show general trends and provide broad definitions of groups, however at no time is personal or individual records available.

d. Usage information. We may collect anonymous web navigational information to improve our understanding of the usability of the IT Lift Services and IT Lift website. Frequency of page hits and time spent on different pages are not associated with individual users or organizations.

4. How We Collect Your Information.

a. Analytics. We use analytics applications, including “Google Analytics”, to collect information about use of the IT Lift website. Google Analytics collects information such as how often users visit a website, what pages they visit when they do so, and what other websites they visited prior to coming to a website. We use the information obtained from these applications only to improve our Sites and our product and service offerings. The information generated about your use of our Sites will be transferred and saved to the vendor’s server in the United States. For Google Analytics, within Member States of the European Union or other signatories of the Agreement on the European Economic Area, Google will first shorten your IP address. In exceptional cases, the full IP address will be transferred to a Google server in the United States to be shortened there. Google’s ability to use and share information collected by Google Analytics about your visits to the Sites is restricted by the Google Analytics Terms of Use and the Google Privacy Policy. You can opt-out of Google Analytics tracking by visiting https://tools.google.com/dlpage/gaoptout/.

5. How We Use Your Information.

a. To monitor performance of our products. We may use studies of the processed Analytics Data in the IT Lift Services to assess the performance of our various service. For example, we may use aggregated Analytics Data to assure marketing or cybersecurity solutions are effective. We may also use aggregated Analytics Data to identify optimizations of our remediations and updates across different 3^rd party platforms.

b. For research and development. We may use the aggregated Analytics Data in IT Lift Services to improve our methods. For example, we may compare processed data with published industry standards to evaluate the performance of our algorithms on different platforms.

c. To communicate with you about our products and services. If your organization has opted in to receive information about our marketing programs, we may use information about the products or services we provide you with information about new IT Lift products or services that may be of interest.

d. To support customers. We may use your information (with your consent) to resolve technical problems.

6. How We Share Your Information.

IT Lift does not share your Personal Information or Analytics Data with any third parties other than authorized third party service provides that work on IT Lift’s behalf and who in all cases, are subject to confidentiality obligations.

7. Customer Access and Control of Information.

You have the right to delete some or all of your Personal Information and Analytics Data in IT Lift Services at any time, understanding that this data will be immediately and permanently deleted and cannot be restored.

8. Changes of Privacy Policy.

We reserve the right to change this Policy without notice. When we make changes, we will make them available within thirty (30) days. The changed Policy supersedes and replaces the prior version. Your continued access to IT Lift Services represents your acceptance of the changed Policy. All users of IT Lift Services will be notified of changes by email.

9. Users from Outside the United States.

IT Lift is based in the United States (“U.S.”), and the Company’s offices are headquartered in the U.S. Information you provide to IT Lift or information that it obtained as a result of your use of IT Lift Services may be processed and transferred to the U.S. and be subject to U.S. law. Information may be processed by staff working for the Company in the US.

10. Information Security.

We will take reasonable precautions to protect your Personal Information in our possession from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. We will make reasonable efforts to keep your Personal Information reliable for its intended use, accurate, current, and complete. As necessary, we will take additional precautions regarding the security of particularly sensitive information, such as credit card information. While we strive to secure your Personal Information, we cannot warrant or guarantee that this information will be protected under all circumstances, including those beyond our reasonable control.

11. Children.

The Sites are intended for business use. We do not knowingly collect or solicit Personal Information from anyone under the age of sixteen (16). If you are under the age of sixteen (16), please do not attempt to register for the Site(s) or send any Personal Information about yourself to us. If we learn that we have collected Personal Information from a child under the age of sixteen (16), we will delete that information as quickly as practicable. If you believe that a child under sixteen (16) may have provided us Personal Information, please contact us.

12. Contacting Us.

Questions regarding this Policy should be directed to [email protected] or by mailing IT Lift Privacy.

13. European Data Subjects:

EU General Data Project Regulation (“GDPR”).

a. GDPR. For this GDPR section, we use the terms “Personal Data” and “processing” as they are defined in the GDPR, but “Personal Data” means information that can be used to individually identify a person, and “processing” generally covers actions that can be performed in connection with data such as collection, use, storage and disclosure. IT Lift is the controller of your Personal Data processed in connection with the Sites. Note that we may also process Personal Data of our customers’ end users or employees in connection with our provision of Services to customers, in which case we are the processor of Personal Data. If we are the processor of your Personal Data (i.e., not the controller), please contact the controller party in the first instance to address your rights with respect to such data. If there are any conflicts between this section 13 and any other provision of this Policy, the Section or portion of the Section that is more protective of Personal Data shall control to the extent of such conflict. If you have any questions about this section or whether any of the following applies to you, please contact us at [email protected].

b. How Do We Use Your Personal Data? Please refer to the section 5 above for details of how we use and process your Personal Data.

c. Lawful Bases for Processing. We will only process your Personal Data if we have a lawful basis for doing so. Lawful bases for processing may include consent, contractual necessity, and our “legitimate interests,” as further described below.

i. Contractual Necessity: When you purchase our products and Services, we process your contact information (e.g., name, phone number, address, email address) as a matter of “contractual necessity”, meaning that we need to process the data to perform under our Terms and Conditions or other agreement with you, which enables us to provide you with the products and Services you request. When we process data due to contractual necessity, failure to provide such Personal Data will result in your inability to use some or all portions of the Sites or our products and Services that require such data.

ii. Legitimate Interest: We may also process your contact information and other categories of Personal Data described in the Section 3 above for our legitimate interest purposes.

a. Examples of these legitimate interests include:

1. Operation and improvement of our business, products, and services

2. Provision of customer support

3. Protection from fraud or security threats

4. Protecting the security of your account with us

5. Providing you with a sign-in method

6. Determining your geographic location and preferences so that we can serve you better

7. Compliance with legal obligations

8. Completion of corporate transactions

iii. Consent: In some cases, we process Personal Data based on the consent you expressly grant to us at the time we collect such data. When we process Personal Data based on your consent, it will be expressly indicated to you at the point and time of collection. If you provide us with opt-in consent to receive marketing information from IT Lift, we will process your email address for the purpose of sending you marketing information about our products and Services. The legal ground for processing your email address for this purpose is your consent. You may withdraw your consent any time by selecting “unsubscribe” in the marketing email or email us at [email protected].

iv. Other Processing Grounds: From time to time we may also need to process Personal Data to comply with a legal obligation, if it is necessary to protect the vital interests of you or other data subjects, or if it is necessary for a task carried out in the public interest.

d. How and With Whom Do We Share Your Data? We share Personal Data with vendors, third party service providers, and agents who work on our behalf and provide us with services related to the purposes described in this Policy or our Terms and Conditions.

For more information on such third parties, please refer to the Section 4 titled How We Share Your Information above.

e. How Long Do We Retain Your Personal Data? We retain Personal Data about you as set forth on our Company’s data retention policy. In some cases, we retain Personal Data for longer, if doing so is necessary to comply with our legal obligations, resolve disputes, or collect fees owed, or is otherwise permitted or required by applicable law, rule, or regulation. Afterwards, we retain some information in a depersonalized or aggregated form but not in a way that would identify you personally.

f. What Security Measures Do We Use? We seek to protect Personal Data using reasonable technical and organizational measures based on the type of Personal Data and applicable processing activity. For example, we protect the security of your information during transmission by using Secure Sockets Layer (SSL) software, which encrypts information you input. We also require our supplier and vendors to protect such information from unauthorized access, use, and disclosure.

g. What Rights Do You Have Regarding Your Personal Data? You have certain rights with respect to your Personal Data, including those set forth below. For more information about these rights, or to submit a request, please email [email protected]. Please note that in some circumstances, we may not be able to fully comply with your request, such as if it is frivolous or extremely impractical, if it jeopardizes the rights of others, or if it is not required by law, but in those circumstances, we will still respond to notify you of such a decision. In some cases, we may also need to you to provide us with additional information, which may include Personal Data, if necessary to verify your identity and the nature of your request.

i. Access: You can request more information about the Personal Data we hold about you and request a copy of such Personal Data. You can also access certain of your Personal Data by contacting us at [email protected] to make such corrections.

ii. Rectification: If you believe that any Personal Data we are holding about you is incorrect or incomplete, you can request that we correct or supplement such data. In certain circumstances, you can correct some of this information directly by contacting us at [email protected] to make such corrections.

iii. Erasure: You can request that we erase some or all of your Personal Data from our systems.

iv. Withdrawal of Consent: If we are processing your Personal Data based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any time. Please note, however, that if you exercise this right, you may have to then provide express consent on a case-by-case basis for the use or disclosure of certain of your Personal Data, if such use or disclosure is necessary to enable you to utilize some or all of our Sites.

v. Portability: You can ask for a copy of your Personal Data in a machine-readable format. You can also request that we transmit the data to another controller where technically feasible.

vi. Objection: You can contact us to let us know that you object to the further use or disclosure of your Personal Data for certain purposes.

vii. Restriction of Processing: You can ask us to restrict further processing of your Personal Data.

viii. Right to File Complaint: You have the right to lodge a complaint about IT Lift’s practices with respect to your Personal Data with the supervisory authority of your country or EU Member State.

14. California Residents Privacy Rights:

California Consumer Privacy Act (“CCPA”).

a. CCPA and CPRA. The California Consumer Privacy Act (CCPA) is a state-wide data privacy bill that creates an array of consumer privacy rights and business obligations with regard to the collection and sale of Personal Information. The California Privacy Rights Act (CPRA), also known as Proposition 24, further expands the CCPA.

b. These additional disclosures are required by the CCPA & CPRA:

i. Categories of personal information collected. The personal information that IT Lift collects, or has collected from consumers as part of the account login process detailed in Section 3 above in the twelve (12) months prior to the effective date of this Policy, includes the following:

a. Location information.

b. We record the IP addresses of computers from which Personal Information and Analytics Data are uploaded.

c. Content you provide through use of IT Lift Services. When a user uploads Analytics Data to IT Lift Services, we store metadata about the device (e.g., make/model/serial number) or other general demographics data. IT Lift may extract and use de-identified data for general analysis. This de-identified data is combined with de-identified data from other customers analyzed by IT Lift. This data is not shared outside IT Lift, except to show general trends and provide broad definitions of groups, however at no time is personal or individual records available.

d. Usage information. We may collect anonymous web navigational information to improve our understanding of the usability of IT Lift Services and the IT Lift website. Frequency of page hits and time spent on different pages are not associated with individual users or organizations.

ii. Categories of personal information disclosed for a business purpose. The personal information that IT Lift disclosed to the third parties identified in Section 6 above about consumers for a business purpose in the twelve months prior to the effective date of this Policy, and specifically to service providers that help provide the Services, includes the following:

a. Location information.

b. We record the IP addresses of computers from which Personal Information and Analytics Data are uploaded.

d. Usage information. We may collect anonymous web navigational information to improve our understanding of the usability of IT Lift Services and IT Lift website. Frequency of page hits and time spent on different pages are not associated with individual users or organizations.

c. You have the right to request and obtain from IT Lift, information about our collection and use of your Personal Information. Once we receive and confirm your verifiable consumer request, you have the right to make the following:

a. The right to request specific pieces of Personal Information IT Lift has collected about you.

b. The right to request that IT Lift disclose what Personal Information we collect, use, disclose or sell.

c. The right to request that IT Lift to delete any Personal Information that we have collected about you (subject to certain exceptions).

d. The right to opt out of sale of your Personal Information.

e. The right of nondiscrimination

d. We do not your sell Personal Information, as defined under CCPA.

e. We will not discriminate against you for exercising any of your privacy rights. You may exercise your rights to access, restrict or remove data by one of the following:

a. By Email: [email protected]

b. Access our online webform Contact us.

c. Contact the IT Lift Data Privacy Officer (“DPO”) by Email: [email protected]

For requests for access or deletion, we will first acknowledge receipt of your request within ten (10) business days of receipt of your request. We provide a substantive response to your request as soon as we can, generally within forty-five (45) days from when we receive your request, although we may be allowed to take longer to process your request under certain circumstances. If we expect your request is going to take us longer than normal to fulfill, we will let you know. We may not accommodate a request if we believe actioning the request would violate any law or legal requirement. Information that has been de-identified, may not be retrievable or traced back for correction or removed from any database.

2/1/2025, 3:52:16 PM