Legal

1. Scope and Who This Policy Covers

This Privacy Policy applies to:

• Visitors to our websites and online properties (the "Site").
• Prospective clients requesting quotes, proposals, or information.
• Business contacts, vendors, and partners who interact with us.
• Individuals whose information we receive and process to provide managed IT and cybersecurity services (the "Services"), including Client employees, contractors, volunteers, and other authorized users ("End Users").

Important: Client-Directed Data (Processor / Service Provider Role)

When we provide Services to an organization (a "Client"), the Client controls the Personal Information we process on its behalf (often called "Client Data"). In that context:

• The Client is typically the "controller" (or "business") and Norvet is typically a "processor" (or "service provider"/"contractor").
• We process Client Data only as authorized by the Client and as needed to provide Services, plus as required by law or to protect our rights and operations.
• If you are an End User, requests about how your employer or organization uses your data should be directed to the Client.

This Privacy Policy does not create or expand any rights or remedies beyond those provided by applicable law and any written contract you have with Norvet. If you are a Client under a signed services agreement, that agreement governs security, confidentiality, breach response, and liability to the extent it differs from this Privacy Policy.

2. Definitions

For clarity in this Privacy Policy:

• Personal Information means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked (directly or indirectly) with a particular individual.
• Sensitive Personal Information may include account credentials, precise geolocation, government IDs, certain financial information, health information, or other information protected by law.
• Authorized Purposes means the permitted purposes for which we collect and use Personal Information, defined in Section 4.

3. Personal Information We Collect

We collect Personal Information from several sources depending on how you interact with us.

4. How We Use Personal Information ("Authorized Purposes")

• Providing quotes, proposals, and responding to inquiries, including scheduling calls and follow-ups.
• Onboarding and delivering Services, including account setup, administration, and provisioning.
• Providing technical support and helpdesk services, including diagnosing and resolving issues.
• Security operations, including security monitoring, detection, alerting, investigation, containment, remediation support, and incident response coordination.
• Operational communications, including service notices, ticket updates, maintenance notifications, and required security communications.
• Billing and collections, including invoicing, payment processing, account reconciliation, and enforcement of payment terms.
• Improving our Site and Services, including analytics, troubleshooting, quality assurance, and internal reporting.
• Compliance and legal obligations, including responding to lawful requests and protecting legal rights.
• Preventing fraud, abuse, and misuse of our Site, systems, and Services.
• Marketing and business development, where permitted by law and subject to your choices (opt-out rights in Section 9).
• Vendor and subcontractor management, including due diligence, security review, and service transition coordination.

No "side purpose" promise. We may also use Personal Information for other purposes that are compatible with the context in which it was collected, reasonably necessary to operate our business, or otherwise permitted by law.

5. How and Why We Share Personal Information

6. Third-Party Links and Third-Party Services Disclaimer (Major Liability Shield)

• Third-Party Links. If you click a third-party link, you will be taken to a website or service we do not control.
• Third-Party Services. If you use a third-party product or service (whether directly or through our Services), the third party's privacy policy and security practices apply.

To the maximum extent permitted by law:

• Norvet is not responsible for the privacy practices, security, availability, or content of Third-Party Providers or external links.
• Norvet is not liable for any data breach, unauthorized access, or security incident originating in or caused by a Third-Party Provider, including outages, misconfigurations, vulnerabilities, or failures in third-party systems, except to the extent a signed written agreement with you explicitly states otherwise.

7. Client Responsibility for Accuracy (Reliance Clause)

The Client is responsible for ensuring that:

• The information it provides is accurate, complete, and current.
• It has the legal authority to share Personal Information with Norvet.
• It has provided any notices and obtained any consents required by law.
• Its instructions to Norvet are lawful and authorized.

No Liability for Client Errors. To the maximum extent permitted by law, Norvet is not liable for costs, delays, service failures, security failures, misdeliveries, or privacy impacts resulting from inaccurate, incomplete, outdated, or unauthorized information or instructions provided by the Client or its users.

8. Cookies, Analytics, and Tracking Technologies

• Operate our Site and enable core features.
• Remember preferences.
• Understand Site usage and performance.
• Improve marketing and conversion measurement where permitted by law.

Do Not Track. Some browsers send "Do Not Track" signals. We do not guarantee that we respond to all such signals because there is no uniform industry standard.

9. Communications, Marketing Choices, and Authorized Contact Controls

10. Data Security and Cybersecurity Risk Acknowledgment (No Guarantee)

Norvet uses administrative, technical, and physical safeguards designed to protect Personal Information and Client Data. However, no method of transmission over the internet and no method of electronic storage is 100% secure.

To the maximum extent permitted by law, Norvet is not liable for unauthorized access to Personal Information or Client Data, or for a security incident, unless caused by Norvet's own willful misconduct.

11. Data Retention

We retain Personal Information only as long as reasonably necessary for Authorized Purposes, including providing Services, meeting legal obligations, enforcing agreements, and maintaining security and audit records.

12. Your Rights: Access, Correction, and Deletion Requests

Email support@norvetmsp.com with the subject line "Privacy Request" and specify what you are requesting.

13. Children's Privacy

Our Site and Services are not directed to children under 13, and we do not knowingly collect Personal Information from children under 13 through our Site.

14. International Users and Cross-Border Transfers

Norvet is based in the United States. If you access our Site or Services from outside the United States, you understand that your information may be transferred to, processed, and stored in the United States.

15. Changes to This Privacy Policy

We may update this Privacy Policy at any time by posting the updated version on our Site and updating the "Last Updated" date.

16. Governing Law and Venue (Georgia / DeKalb County)

To the maximum extent permitted by law, this Privacy Policy and any dispute arising out of or relating to it will be governed by the laws of the State of Georgia, without regard to conflict-of-law principles, and the exclusive venue for such disputes will be state or federal courts located in DeKalb County, Georgia.

17. Contact Us (Privacy / DPO Function)