We take your data very seriously, even before you are a client.
You provide information to us directly, such as filling out an online form or sending us a message via our website.
Your computer or mobile device automatically sends us information through your Internet browser, such as your computer’s IP address or other technical information such as which web browser you are using and so on.
Our website keeps track of how you use our website or our services, such as which pages you visit, how frequently you visit, and so forth.
Directive may change this policy at any time by updating this page. This policy’s last update was May 25, 2018.
In terms of your use of this website, Directive (that’s us), act in the capacity of Data Controller. If you have any questions or concerns about the data we hold about you, you may contact us in the following ways:
Mailing Address: 330 Pony Farm Road
Oneonta, New York 13820
United States of America
Our Commitment to Data Privacy
As an IT solutions provider, maintaining and protecting private data is paramount, and a large part of our everyday focus. We are fully committed to protecting any data that is provided to us, including, but not limited to, personally identifiable information.
In order to operate efficiently for our prospects and clients, we need to gather data. This is a factor that allows us to serve our clients effectively. However, we only gather information that we feel is necessary to provide our services effectively or, to improve the experience of our prospects and clients.
We operate under the principles of ‘data minimization’ wherever possible, and only ask for the minimum amount of information required for us to provide our services effectively. We only retain and maintain data that we feel is necessary.
We aspire to be compliant with applicable data protection regulations, and whenever possible, to go above and beyond these standards to ensure the safest possible experience for those we engage with.
What We Mean by ‘Personal Data’
Other information we collect, such as your computer’s IP address or the general geographical location you are surfing from do not allow us to identify you directly, but we still consider this data under the umbrella of personal data when it comes to protecting your privacy and is treated as such.
Who We Share Data With
We only share data with those we absolutely need to, operating on a strict ‘need to know’ basis for all personal data that we work with. We only disclose personally-identifying information to people and organizations who have agreed, in writing, not to disclose it with others. Some of these people/organizations may be located outside of your home country. By using our website and services, you consent to the transfer of such information to them. The only people/organizations (data processors) that have been granted access to personal data are:
Employees of Directive including but not limited to staff that provide sales, marketing, or support services, as well as internal administration.
Our web hosting technology suppliers who provide the physical server infrastructure that our website(s) operate on. We ensure that our server resides physically in the USA and that no customer data is transferred to data centers outside of the USA by the host.
Third-party contractors assisting Directive with website development and marketing.
We hold additional Data Privacy Agreements with these companies as an additional layer of accountability in order to help ensure your data is secure.
We will not rent, trade, or sell your personally-identifying information to anyone.
In the case that we ever were to engage in any onward transfers of your data with a third-party data processor for a purpose other than which it was originally collected or authorized, we would provide you with an opt-out choice to limit the use and disclosure of your personal data.
Directive may be required to disclose the personal data of an individual in the event of a lawful request by public authorities, including but not limited to meeting national security or law enforcement requirements.
How Your Data Is Protected
We protect your data in a number of ways:
- Access control: We strictly limit access to personal data. Access is controlled by individual user accounts.
- Data encryption: The website is secured with Secure Socket Layer (SSL) encryption, which means that all traffic to and from the website is encrypted. Our administrative access is also encrypted and password protected.
- Dedicated security software: We have multiple layers of security software at both the server level and the website level in order to protect our website from malicious attacks. This software is responsible for limiting login attempts to our site and blocking potentially malicious attempts to access personal data.
- Internal IT security: We provide multiple layers of security for our internal IT to prevent the theft, corruption, and misuse of personal data, including but not limited to firewalls, encryption, and strict user access. Our staff is trained to handle all data as expected and any leniency is not tolerated.
- Content Delivery Network: We utilize a Content Delivery Network (CDN) in order to increase the performance of our website and to prevent malicious threats and attacks. Cloudflare may only collect technical data such as IP addresses and is not given access to personally identifiable information. This data is used to prevent malicious attacks from known abusive IP addresses.
- Transaction Gateway: In the event that we process monetary transactions, we process them through a gateway provider and do not store or process the data through the web server.
- PCI Compliance: In the event that we process monetary transactions, we ensure that we follow strict PCI compliances to ensure that your information is processed, stored, and transmitted through a secure environment.
We retain your personally identifiable information for as long as you maintain an account with us as a client or as otherwise necessary to provide you our services. We will also retain your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
When we determine we no longer need to hold and maintain your personal data for the purposes described, we will delete it from our systems.
Users Under 18 Years of Age
We do not knowingly collect personal data online from individuals who are under the age of 18 without parental consent. If you become aware that an individual under 18 years of age has provided us with personal information without parental consent, please contact us. If we become aware that an individual under the age of 18 has provided us with personal data without parental consent, we will take steps to remove the data as permitted by law.
Access to Your Personal Data
If you have directly provided personal information to us (such as completing an online form, or by contacting us directly over the phone or email), you have a number of rights over the personally identifiable information that we hold:
- You have the right to obtain from us confirmation about whether any such data is being held.
- You have the right to require that we provide you with whatever data we are holding/processing about you, including the right for that data to be transferred to another data controller.
- Even if you have consented to us processing your personal data, you have the right to withdraw that permission at any time.
- You have the right to require us to rectify any incomplete or incorrect information held about you.
- You have the right to require us to erase the data held about you (the ‘right to be forgotten’).
In the situation where we collect personal data automatically (such as from your internet browser or via internet cookies or other similar technologies):
You have the right to object to the legal basis upon which we are collecting this data, and we have an obligation to consider and respond to that objection.
You have the right to request the prevention of further processing of your data while your objection is considered.
You have the right to make a complaint to the relevant data protection authority.
Links to Other Websites
Occasionally, at our discretion, we may include or offer third-party products or services on our site. We may also mention third-party websites and entities in our content (such as our blog). These third-party websites will have separate and independent privacy policies. We have no responsibility or liability for the content or activities of these sites.
Types of Personal Data We May Collect, and How We Collect It
Website Forms (Contact, Support Requests, Registrations, Blog Comments, Etc.)
We have various forms on the website that enable you to contact us, request support, inquire about products/services, or register for events and offerings. We ask for a number of pieces of personal information, such as your name, email address, and other contact details. For obvious reasons, this information is required for us to respond to your request.
Depending on the nature of the form, we may ask for other information that will further help us serve you (such as asking what services you are interested in, the size of your business, etc.)
Some features of our website require login access, and thus require a user account to be created. This user account allows you to log in to the website. Individual users are granted different permissions through our access control, and different functionality is available depending on the user. For example, if you register to get access to a free document, it creates a login account so you can log in and access that document again later. Some functionality also includes administrating or contributing towards the website content (such as a blog author).
Our clients also have the ability to log in to our website to access our customer portal, which allows the viewing and creation of support tickets, view invoices, and communicate with our team concerning the products and services we provide, and the service agreements they have purchased.
All form submissions create a basic user account. Once a form is submitted, users can access the portal to view their inquiry or message and make further requests.
The purpose of these user account logins is to keep your personal data behind a login that requires a password, and to protect the integrity of our website and its visitors.
Data collected for these logins consists of your email address (which in most cases, doubles as your username), and your name at minimal. Passwords are reset through a temporary link that is emailed to the user on request.
If you do not register for an account, submit any forms, or engage us to become a client, no such data will be collected in this regard.
Our system will log a record of your visit in our server logs when you visit our website. Typically, this record will include the IP address associated with your device and the internet browser and version of that browser you are using.
Keeping server logs is a very common practice. These logs are used to monitor the technical resources and activity on the server that hosts the website, as well as to detect and attempt to prevent fraudulent activity such as Distributed Denial of Service attacks. This data is sometimes used to diagnose technical issues and identify patterns of behavior, for instance, identifying repeated malicious attempts to log into the website or access a file.
We also note IP addresses when forms are submitted to detect malicious and fraudulent activity and attempt to prevent spam submissions.
We utilize a Content Delivery Network (CDN) in order to increase the performance of our website and to prevent malicious threats and attacks. The CDN may only collect technical data such as IP addresses and is not given access to personally identifiable information. This data is used to prevent malicious attacks from known abusive IP addresses.
IP addresses do not allow us to identify you personally, and in many cases, your IP address will routinely change as it is dynamically allocated by your internet service provider. We do not use our server access logs to determine an identifiable individual. We do not consider the IP address data we collect in our server logs within the scope of personally identifiable information, and do not seek your consent to collect it.
Third Party or Publicly-Available Data
We may obtain certain data about you from third-party sources in order to improve our services and customize our website and marketing experiences for you. We may combine this data with the data you provide us in order to enhance your experience and improve our services.
Online and Offline Communication
When you communicate with us to inquire about our products and services, or otherwise utilize our products and services, we may collect personally identifiable information in order to communicate with you about our products and services. This information includes, but is not limited to, your name, email address, and phone number.
Storage of Personal Data
Directive and our associated services and systems are stored in the United States. If you are located outside of the United States, please be aware that the personally identifiable information we gather and process will be stored in the United States, a jurisdiction in which the data protection and privacy laws may not offer the same level of protection as those in the country where you reside or are a citizen.
By using our services and/or submitting your personal data to us, you agree to the transfer, storage, and/or processing of this data in the United States.
Cookies & Similar Web Tracking Technologies
Our website utilizes cookies and other technologies to better understand how users are using our website and services. This technology can be an essential part of providing certain online functionality. Cookies are small files placed on your device that allow us to tell when you have visited a particular page or performed a particular action (such as submitting a form or clicking something).
Most websites utilize cookies and other tracking technologies to provide useful insight on how the website is being used. They allow us to improve the personalization of your experience over time. There are several types of cookies:
Session cookies: These cookies expire at the end of your browsing session and allow us to link your actions during a particular browsing session.
- Persistent cookies: Persistent cookies are stored on your device between browsing sessions and allow us to remember your preferences or actions across multiple sites.
- First-party cookies: These cookies are set by the specific site you are visiting.
- Third-party cookies: Third-party cookies are set by a site other than the one you are visiting.
Cookies used for analytics may use non-personal data that is not directly linked to you. We use analytics technologies to improve our site and services.
We may use small graphic images (also known as “pixel tags” or “clear GIFs”) that we use in conjunction with cookies to identify the behavior of users on our site.
We utilize Google Analytics to provide useful insights on our website traffic and to understand what people do when on our website. When anyone visits our website, information such as which pages they look at, how long they spend on the site, and what drove them to our website, etc.) is sent to Google Analytics (which is controlled by Google). This information is anonymous and does not contain any personally identifiable information.
There is no way for to identify an individual from the data. The data consists of data from any and all traffic on the website.
This analytics data is not personal data, and we do not specifically ask for your prior content.
We also use several other Google services on our website. These services include:
- Google Recaptcha: Certain web forms, registrations, and logins may utilize Google’s Recaptcha service. Recaptcha is a solution that makes users type in randomly scrambled characters or click an ‘I Am Not A Robot’ checkbox when submitting information to the website. This security measure prevents the abuse of our forms by spammers and automated programs.
- Google Fonts: Google Fonts is a service that allows websites to utilize a library of web fonts beyond the standard set of fonts included within most web browsers and devices. This enables us to convey our content to you in a consistent fashion across the many devices and web browsers out there.
- Google Maps: We may display dynamic geographic maps on our website to show our location(s).
These Google services cause our website to make a connection between one or more Google servers, and may result in Google placing cookies on your device.
Facebook and Social Media
Like many businesses, we use social media as a form of marketing and communication to our clients and prospects. Our site may use social media cookies from Facebook, Twitter, and LinkedIn.
Facebook places cookies in your browser, and we may use these cookies to understand the effectiveness of social media campaigns that we operate.
If you are logged into Facebook when you view our site, Facebook will know when you visit us. Facebook does not provide us with access to your personal data that, as you have consented to share it with Facebook, and not us. We do, however, get to see anonymous data about the number of people who interact with our Facebook advertising and other social media activity.
Because these cookies depend on you being logged into Facebook when you view our website, we do not specifically ask for your prior consent. If you are not logged into Facebook when you view our site, it is not possible for us to gather any personal information about you based on Facebook’s cookies.
Facebook may utilize cookies, web beacons, and other technologies to collect or receive information from websites you visit.
How to opt-out of Facebook interest-based advertising on your browser or mobile device: https://www.facebook.com/help/568137493302217
About Ads: http://www.aboutads.info/choices
Your Online Choices: http://www.youronlinechoices.eu/
You can always use your browser’s ‘private’ or ‘incognito’ mode to browse websites anonymously.
If you disable marketing cookies on this site, it does not mean that you will not see our ads, it just means that they will not be personalized based on your Facebook activity.
Your California Privacy Rights (U.S. Only)
Under Section 1798.83 of the California Code, residents of California have the right to request from a business, with whom the California resident has an established business relationship, certain information with respect to the types of Personal Data the business shares with third parties for those third parties’ direct marketing purposes, and the identities of the third parties with whom the business has shared such data during the immediately preceding calendar year. To exercise your rights, you may make one request each year by emailing us firstname.lastname@example.org with “Request for California Privacy information” on the subject line and in the body of your message. Be sure to provide in the request sufficient information to properly identify you and/or the members of your family.
What We Do With The Data We Gather
As mentioned, we use the data we collect to improve our services and user experience. We also collect and maintain personally identifiable information from our customers (and prospective customers) to deliver a personalized level of service. We also utilize this data for sales, marketing, and advertising purposes. The processing of this data is necessary to achieve the legitimate interests of the organization, and relates to the legitimate interests of our business, provided that the interests and/or fundamental rights of the subject of the data do not override our own.
We may ask for your consent to contact you by telephone, SMS, postal mail, and/or email about offers, products, promotions, developments, or other services which we think may be of interest to you and for other marketing purposes.
We are adamant about never sending spam, and our marketing emails, which may include our newsletter, service highlights, and other bulk correspondence includes an opt-out or unsubscribe option. Correspondence directly addressing our clients and prospects and those we do business with (such as support, sales, and other direct forms of correspondence) won’t include this.
You may withdraw your consent at any time by contacting us at email@example.com, provided that we are not required by applicable law or professional standards to retain such information.
Mailing Address: 330 Pony Farm Road
Oneonta, New York 13820
United States of America