Privacy Policy
1. Overview.
This IT Lift Privacy Policy (“Policy”) explains how IT Lift, Inc. (“IT Lift”, “Company”, “we”, “us” and “our”) may use information collected through the use of the IT Lift website or IT Lift Services (collectively “Sites). In this Policy “user”, “you” and “your” refers to any third party users – whether an individual or an organization – of IT Lift products and IT Lift’s SaaS based software solution provided through IT Lift Services for use with IT Lift products (“Services”). This Policy also explains your choices about how we use information about you. Your choices include how you can object to certain uses of information about you and how you can access and update certain information about you. If you do not agree with this Policy, you should not access or use the IT Lift website or IT Lift Services.
2. Definitions.
a. "Personal Information". Any information relating to an identified individual, or to an individual who can be identified, directly or indirectly, by reference to such information, which may include, an identification number, an email address, physical address, phone number, or one or more factors specific to his or her physical, physiological, mental, economic, cultural or social identity. Without limiting the foregoing, Personal Information does not include information that is de-identified or corporate information that relates to an organization but not to an individual, such as a corporate name, corporate address or general corporate phone number.
b. “Analytics Data”. Output data from 3rd party applications and service providers, collected or analyzed by IT Lift or IT Lift Services in accordance with this privacy policy will be kept confidential.
3. Information We May Collect or Use.
a. Account and profile information. When You create an initial account with the IT Lift Services, we store the email addresses of administrators and users of the account. We do not collect any other Personal Information from IT Lift Services users during the IT Lift Services account set-up. This Personal Information is kept confidential.
b. Location information. We record the IP addresses of computers from which Personal Information and Analytics Data are uploaded.
c. Content you provide through use of IT Lift Services. When a user uploads Analytics Data to IT Lift Services, we may store metadata about the device (e.g., make/model/serial number) or other general demographics data. IT Lift may extract and use de-identified data for general analysis. This de-identified data is combined with de-identified data from other customers analyzed by IT Lift. This data is not shared outside IT Lift, except to show general trends and provide broad definitions of groups, however at no time is personal or individual records available.
d. Usage information. We may collect anonymous web navigational information to improve our understanding of the usability of the IT Lift Services and IT Lift website. Frequency of page hits and time spent on different pages are not associated with individual users or organizations.
4. How We Collect Your Information.
a. Analytics. We use analytics applications, including “Google Analytics”, to collect information about use of the IT Lift website. Google Analytics collects information such as how often users visit a website, what pages they visit when they do so, and what other websites they visited prior to coming to a website. We use the information obtained from these applications only to improve our Sites and our product and service offerings. The information generated about your use of our Sites will be transferred and saved to the vendor’s server in the United States. For Google Analytics, within Member States of the European Union or other signatories of the Agreement on the European Economic Area, Google will first shorten your IP address. In exceptional cases, the full IP address will be transferred to a Google server in the United States to be shortened there. Google’s ability to use and share information collected by Google Analytics about your visits to the Sites is restricted by the Google Analytics Terms of Use and the Google Privacy Policy. You can opt-out of Google Analytics tracking by visiting https://tools.google.com/dlpage/gaoptout/.
5. How We Use Your Information.
a. To monitor performance of our products. We may use studies of the processed Analytics Data in the IT Lift Services to assess the performance of our various service. For example, we may use aggregated Analytics Data to assure marketing or cybersecurity solutions are effective. We may also use aggregated Analytics Data to identify optimizations of our remediations and updates across different 3rd party platforms.
b. For research and development. We may use the aggregated Analytics Data in IT Lift Services to improve our methods. For example, we may compare processed data with published industry standards to evaluate the performance of our algorithms on different platforms.
c. To communicate with you about our products and services. If your organization has opted in to receive information about our marketing programs, we may use information about the products or services we provide you with information about new IT Lift products or services that may be of interest.
d. To support customers. We may use your information (with your consent) to resolve technical problems.
6. How We Share Your Information.
IT Lift does not share your Personal Information or Analytics Data with any third parties other than authorized third party service provides that work on IT Lift’s behalf and who in all cases, are subject to confidentiality obligations.
7. Customer Access and Control of Information.
You have the right to delete some or all of your Personal Information and Analytics Data in IT Lift Services at any time, understanding that this data will be immediately and permanently deleted and cannot be restored.
8. Changes of Privacy Policy.
We reserve the right to change this Policy without notice. When we make changes, we will make them available within thirty (30) days. The changed Policy supersedes and replaces the prior version. Your continued access to IT Lift Services represents your acceptance of the changed Policy. All users of IT Lift Services will be notified of changes by email.
9. Users from Outside the United States.
IT Lift is based in the United States (“U.S.”), and the Company’s offices are headquartered in the U.S. Information you provide to IT Lift or information that it obtained as a result of your use of IT Lift Services may be processed and transferred to the U.S. and be subject to U.S. law. Information may be processed by staff working for the Company in the US.
10. Information Security.
We will take reasonable precautions to protect your Personal Information in our possession from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. We will make reasonable efforts to keep your Personal Information reliable for its intended use, accurate, current, and complete. As necessary, we will take additional precautions regarding the security of particularly sensitive information, such as credit card information. While we strive to secure your Personal Information, we cannot warrant or guarantee that this information will be protected under all circumstances, including those beyond our reasonable control.
11. Children.
The Sites are intended for business use. We do not knowingly collect or solicit Personal Information from anyone under the age of sixteen (16). If you are under the age of sixteen (16), please do not attempt to register for the Site(s) or send any Personal Information about yourself to us. If we learn that we have collected Personal Information from a child under the age of sixteen (16), we will delete that information as quickly as practicable. If you believe that a child under sixteen (16) may have provided us Personal Information, please contact us.
12. Contacting Us.
Questions regarding this Policy should be directed to [email protected] or by mailing IT Lift Privacy.
13. European Data Subjects:
EU General Data Project Regulation (“GDPR”).
a. GDPR. For this GDPR section, we use the terms “Personal Data” and “processing” as they are defined in the GDPR, but “Personal Data” means information that can be used to individually identify a person, and “processing” generally covers actions that can be performed in connection with data such as collection, use, storage and disclosure. IT Lift is the controller of your Personal Data processed in connection with the Sites. Note that we may also process Personal Data of our customers’ end users or employees in connection with our provision of Services to customers, in which case we are the processor of Personal Data. If we are the processor of your Personal Data (i.e., not the controller), please contact the controller party in the first instance to address your rights with respect to such data. If there are any conflicts between this section 13 and any other provision of this Policy, the Section or portion of the Section that is more protective of Personal Data shall control to the extent of such conflict. If you have any questions about this section or whether any of the following applies to you, please contact us at [email protected].
c. Lawful Bases for Processing. We will only process your Personal Data if we have a lawful basis for doing so. Lawful bases for processing may include consent, contractual necessity, and our “legitimate interests,” as further described below.
a. Examples of these legitimate interests include:
g. What Rights Do You Have Regarding Your Personal Data? You have certain rights with respect to your Personal Data, including those set forth below. For more information about these rights, or to submit a request, please email [email protected]. Please note that in some circumstances, we may not be able to fully comply with your request, such as if it is frivolous or extremely impractical, if it jeopardizes the rights of others, or if it is not required by law, but in those circumstances, we will still respond to notify you of such a decision. In some cases, we may also need to you to provide us with additional information, which may include Personal Data, if necessary to verify your identity and the nature of your request.
14. California Residents Privacy Rights:
California Consumer Privacy Act (“CCPA”).
a. CCPA and CPRA. The California Consumer Privacy Act (CCPA) is a state-wide data privacy bill that creates an array of consumer privacy rights and business obligations with regard to the collection and sale of Personal Information. The California Privacy Rights Act (CPRA), also known as Proposition 24, further expands the CCPA.
b. These additional disclosures are required by the CCPA & CPRA:
i. Categories of personal information collected. The personal information that IT Lift collects, or has collected from consumers as part of the account login process detailed in Section 3 above in the twelve (12) months prior to the effective date of this Policy, includes the following:
ii. Categories of personal information disclosed for a business purpose. The personal information that IT Lift disclosed to the third parties identified in Section 6 above about consumers for a business purpose in the twelve months prior to the effective date of this Policy, and specifically to service providers that help provide the Services, includes the following:
c. You have the right to request and obtain from IT Lift, information about our collection and use of your Personal Information. Once we receive and confirm your verifiable consumer request, you have the right to make the following:
d. We do not your sell Personal Information, as defined under CCPA.
e. We will not discriminate against you for exercising any of your privacy rights. You may exercise your rights to access, restrict or remove data by one of the following:
For requests for access or deletion, we will first acknowledge receipt of your request within ten (10) business days of receipt of your request. We provide a substantive response to your request as soon as we can, generally within forty-five (45) days from when we receive your request, although we may be allowed to take longer to process your request under certain circumstances. If we expect your request is going to take us longer than normal to fulfill, we will let you know. We may not accommodate a request if we believe actioning the request would violate any law or legal requirement. Information that has been de-identified, may not be retrievable or traced back for correction or removed from any database.
2/1/2025, 3:52:16 PM