At IThag.com, we are dedicated to protecting your personal data and ensuring operational transparency. This Privacy Policy explains how we collect, process, and safeguard your information in compliance with GDPR, ISO 27701, ISO 27001, ISO 22301, DORA, and SOC 1, SOC 2, and SOC 3 standards.

1. Information We Collect

Types of Data Collected:

• Personal Data: Name, contact information, company details, and other identifiers provided by you.
• Financial Data: Billing and transaction details for service agreements.
• Operational Data: System logs, audit trails, and evidence required for SOC compliance.
• Technical Data: Information about your system interactions, such as IP addresses and device details.

Methods of Collection:

• Directly from you through forms and service inquiries.
• Automatically via monitoring systems aligned with SOC and ISO standards.

2. Purpose of Data Processing

We process your data to:

• Deliver and enhance hosting, connectivity, and security services.
• Maintain compliance with SOC 1 (financial reporting), SOC 2 (trust and integrity), and SOC 3 (public reports) frameworks.
• Support regulatory compliance under GDPR, DORA, and ISO certifications.
• Facilitate secure and reliable service operations.

3. Compliance with SOC 1, SOC 2, and SOC 3

We adhere to SOC standards as follows:

• SOC 1: Ensuring secure and accurate financial data management for our clients’ internal controls.
• SOC 2: Maintaining trust services principles, including security, availability, processing integrity, confidentiality, and privacy.
• SOC 3: Providing public assurance of our controls through transparent reporting.

4. Data Protection Measures

Aligned with SOC, ISO 27001, and ISO 27701, we ensure:

• Access Controls: Role-based permissions to prevent unauthorized access.
• Encryption: End-to-end encryption for all sensitive data.
• Audit Trails: Comprehensive logging of system access and data changes.
• Incident Response: Documented procedures for immediate action in case of breaches.

5. Data Sharing

We may share data with:

• Service Providers: Third-party vendors under strict confidentiality agreements.
• Regulators: For SOC, DORA, and GDPR compliance reporting.
• Auditors: External auditors conducting SOC and ISO certifications.

6. Data Retention

We retain data:

• As required to fulfill operational needs and regulatory compliance.
• In accordance with SOC and ISO guidelines for auditability and transparency.
• Securely delete or anonymize data when no longer required.

7. Your Rights

Under GDPR and SOC frameworks, you have the right to:

• Access: Review the data we hold about you.
• Correction: Request updates to inaccurate data.
• Deletion: Remove personal data where legally applicable.

8. Monitoring and Continuity

To meet SOC and ISO standards:

• Proactive Monitoring: Real-time systems for detecting and responding to threats.
• Redundancy and Continuity: Failover systems for uninterrupted operations, compliant with ISO 22301 and SOC requirements.

9. International Data Transfers

When transferring data outside the EU, we:

• Comply with GDPR mechanisms like Standard Contractual Clauses (SCCs).
• Maintain SOC controls across jurisdictions to protect data integrity.

10. Updates to This Policy

We periodically revise this policy to reflect changes in our operations or legal obligations. Updated versions are always available on our website.

11. Contact Us

For inquiries or to exercise your rights, please contact dpo@ithag.com

This Privacy Policy demonstrates compliance with SOC 1, SOC 2, SOC 3, and all referenced standards, ensuring data security, operational transparency, and trustworthiness for clients and stakeholders.