Introduction: Sangiovese Ltd is committed to protecting the personal data of its customers and ensuring compliance with GDPR. This policy outlines our data handling practices, ensuring transparency and privacy for all individuals.
1. Data Collection and Processing
Types of Data Collected or Processed: We may collect and process names, contact information (email address, telephone number, physical address, etc.), IP addresses, login credentials, computer specifications and login session information, installed software, email and other types of messages, camera feed and recordings, software license information, floor/building plans/measurements/images (used to plan, implement and maintain systems e.g., network and camera setups), network traffic and its analytic data, files on customer’s computers and other storages and any data included in backups. Backups are stored as needed to prevent data loss, based on customer requests.
Collection Methods: Data is gathered directly from employees or created by Sangiovese Ltd (e.g., access credentials for newly-registered services or accounts).
Purpose: Personal data is collected for client communication, administrative purposes, support, troubleshooting, and invoicing.
2. Legal Basis for Processing We process your personal data in accordance with the General Data Protection Regulation (GDPR) and only when we have a valid legal basis to do so. The primary legal bases we rely on include: a. Contractual Necessity We process personal data when it is necessary for the performance of a contract with you, or to take steps at your request before entering into such a contract. This includes, for example, processing required to provide you with our products or services and/or respond to your inquiries or customer support requests. b. Legitimate Interests We may process your personal data where it is necessary for our legitimate interests, provided that such interests are not overridden by your data protection rights and freedoms. These legitimate interests include:
improving and optimizing our services and user experience,
preventing fraud and ensuring the security of our systems, and
maintaining business operations.
3. Data Storage and Security
Storage Locations: Data may be stored on customer devices, cloud services they provide, or network storage.
Security Measures: We use encryption, access controls, and, if agreed with the customer, conduct regular audits.
Repair-Related Backups: Local backups may be stored temporarily for up to two weeks to ensure data integrity following repairs.
Sensitive Data Storage: Access credentials are stored on encrypted local drives and secured cloud storage with 2FA, with regular security audits.
4. Data Sharing and Transfers
International Transfers: While data is not intentionally stored outside the EU/EEA, we use Google services with GDPR-compliant safeguards. We can optionally use any customer-provided storage, as per the customer’s request.
Data Sharing: Sangiovese Ltd may share customer data in specific scenarios, such as with vendors for warranty repairs or for due diligence purposes. Such data sharing occurs only at the customer’s explicit request or with their prior authorization, ensuring alignment with GDPR compliance and the customer’s interests.
5. Data Retention
Repair-Related Backups: May be stored for up to two weeks post-repair or longer depending on the scenario and tasks we have to complete for the customer.
Configuration Backup Files: Sangiovese Ltd may create configuration backups for IT support or network configuration purposes. These backups are retained indefinitely as they might be critical to restore in case of hardware failure. In the case the deletion is requested, they will be securely deleted within a set period of 14 days, unless otherwise required by legal or compliance obligations . After this period, backups are securely deleted to ensure data protection.
Access Credentials: Credentials are retained indefinitely for active customers but will be deleted within 14 days upon account closure or explicit request.
Customer Communication Records: Emails, chat logs, or support tickets might be retained for troubleshooting, logging or legal purposes until the customer requests deletion. In this case, they will be deleted within a set period of 14 days, unless retention is required for: compliance with legal or regulatory obligations (e.g., tax, accounting, or audit requirements) or Defense or resolution of ongoing or potential legal claims. In such cases, customers will be informed of the reason for retaining their data and the expected retention period.
Network Logs or Analytics: Sangiovese Ltd does not store network analytics data. However, access to such data may be required for certain customers if it is stored on managed devices or within cloud services (e.g., Unifi). This access is strictly limited to the scope of the requested services and is not retained or copied by Sangiovese Ltd.
Sangiovese Ltd does not store camera feeds or recordings. Access to such data is limited to the duration of troubleshooting or maintenance tasks as requested by the customer. Once the task is completed, no data is retained or copied by Sangiovese Ltd.
Customer Billing Information: Billing information is stored within Sangiovese Ltd's invoices and is retained indefinitely for logging and legal compliance purposes. This data is handled securely and used solely for administrative and regulatory obligations.
6. Data Subject Rights Under the General Data Protection Regulation (GDPR), you have the following rights in relation to your personal data: a. Right of Access You have the right to request confirmation as to whether we process your personal data, and, where that is the case, to access the personal data we hold about you and receive information about how we use it. b. Right to Rectification If the personal data we hold about you is inaccurate or incomplete, you have the right to request that we correct or update it without undue delay. c. Right to Erasure ("Right to be Forgotten") You have the right to request the deletion of your personal data, for example when the data is no longer necessary for the purposes for which it was collected, unless we have a legal obligation or overriding legitimate interest to retain it. d. Right to Restriction of Processing You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to the processing and we are considering your request. e. Right to Object You have the right to object to the processing of your personal data where the processing is based on our legitimate interests, unless we can demonstrate compelling legitimate grounds to continue such processing. You also have the right to object to direct marketing at any time.
7. Privacy Notices and User Communications
Policy Display: The privacy policy is available on https://sgv-tech.cy/gdpr.
Consent Forms: Customers are informed of the policy, and service agreements (verbal or written) are provided based on the work scope.
8. Data Breach Notification
Notification Procedure: In the event of a data breach, affected customers will be contacted via established communication methods (phone, email, in-person, or text).
9. Third-Party Agreements and Due Diligence
Vendor Exposure: We minimize third-party exposure of customer data.
Due Diligence: Before sharing data (in cases like repair/RMA or during the due diligence/registration procedures(e.g., sharing credentials with vendors for warranty repairs)), vendors or partners must demonstrate GDPR compliance by providing their policies.
10. Employee Data
Employee Data Handling: Employee data may be processed only as part of customer-directed tasks (e.g., backups) and is not otherwise retained or processed by Sangiovese Ltd.
Employee data is accessible only to authorized personnel directly involved in the relevant task or service.
Only the data necessary for the completion of the task is processed or stored.
Employee data is stored in encrypted systems and protected with robust access controls, including multi-factor authentication (MFA) where applicable.
Employee data is not retained beyond the duration of the task, unless required for compliance with legal or regulatory obligations.
11. Data Minimization:
Sangiovese Ltd is committed to the principle of data minimization. We collect and process only the data that is strictly necessary to fulfill specific tasks and provide requested services. No additional data is collected or retained beyond what is required for these purposes, ensuring compliance with GDPR and protecting customer privacy.
12. Regular Updates:
This policy will be reviewed and updated regularly. Customers will be able to see all changes affecting their rights or our data handling practices by accessing the policy using the link: https://sgv-tech.cy/gdpr. Continued use of our services will constitute the customer's acceptance of the changes.
Contact Us: For any questions or requests regarding this policy, please contact us at info@sgv-tech.cy.
