Privacy Policy

Thiago McLaren IT Solutions ("we," "our," or "us") is committed to protecting the privacy and security of personal information entrusted to us by clients, prospective clients, website visitors, and other individuals ("you"). This Privacy Policy explains how we collect, use, disclose, and safeguard personal information in connection with our website at thiagomclaren.com (the "Site") and our enterprise IT services.

We operate as a managed IT services provider delivering software services, hardware installation, maintenance, and strategic IT consulting to enterprise organizations. In the course of providing these services, we may process personal information on behalf of our clients as a data processor, and we may also collect personal information directly as a data controller.

Please read this Privacy Policy carefully. If you do not agree with its terms, please discontinue use of our Site and services.

We collect personal information in the following categories:

Contact and Identity Information.. When you complete a consultation request, send us an enquiry, or enter into a service agreement, we collect your name, job title, company name, business email address, and telephone number.

Technical and Usage Information.. When you visit our Site, we automatically collect your IP address, browser type and version, operating system, referring URLs, pages viewed, and time spent on pages. This information is collected through cookies and similar tracking technologies.

Service Delivery Information.. In the course of providing managed IT services, our engineers may access systems, networks, and infrastructure under your control. Any personal data encountered in those environments is processed strictly in accordance with your instructions and our Data Processing Agreement.

Communications.. We retain records of communications between you and us, including emails, support tickets, meeting notes, and consultation records, for the purpose of delivering services and maintaining our client relationship.

Financial and Contractual Information.. For billing and contract management purposes, we collect company registration details, billing addresses, and payment method information (processed via our PCI-DSS compliant payment processors — we do not store raw card data).

We use the personal information we collect for the following purposes:

Service Delivery.. To provide, manage, and improve our managed IT services, respond to support requests, and fulfil our contractual obligations to you.

Business Communications.. To send service notices, contract updates, maintenance schedules, invoices, and other operational communications necessary to our engagement.

Sales and Marketing.. With your consent or where we have a legitimate interest, to contact you about relevant services, send industry insights, and follow up on consultation enquiries. You may opt out of marketing communications at any time.

Security and Compliance.. To monitor for fraudulent activity, protect the security of our systems and client environments, and comply with legal and regulatory obligations including SOC 2, HIPAA, and ISO 27001 requirements applicable to our practice.

Analytics and Improvement.. To understand how our Site is used, identify areas for improvement, and measure the effectiveness of our service delivery.

Legal Obligations.. To comply with applicable laws, respond to lawful requests from authorities, enforce our Terms of Service, and protect the rights and safety of our clients, staff, and third parties.

Where applicable data protection law requires us to identify a legal basis for processing personal information, we rely on the following:

Contract Performance.. Processing necessary to perform our service contracts with you, including onboarding, service delivery, billing, and account management.

Legitimate Interests.. Processing for our legitimate business interests, including improving our services, maintaining the security of our systems, and communicating with prospects — provided those interests are not overridden by your rights.

Legal Obligation.. Processing required to comply with applicable laws and regulations.

Consent.. Where we send marketing communications or deploy non-essential cookies, we do so on the basis of your consent, which you may withdraw at any time.

We do not sell personal information. We may share your information with:

Service Providers.. Trusted third-party vendors who assist us in operating our business, including cloud infrastructure providers (AWS, Microsoft Azure, Google Cloud), CRM and ticketing platforms, accounting software, and email service providers. All vendors are contractually bound to process data only on our instructions and to maintain appropriate security standards.

Professional Advisers.. Lawyers, auditors, and accountants where necessary to obtain professional advice or in connection with legal proceedings.

Regulatory Authorities.. Government bodies, law enforcement agencies, or courts where we are required to disclose information by law or to protect the rights, property, or safety of our clients or the public.

Business Transfers.. In the event of a merger, acquisition, or sale of all or substantially all of our assets, personal information may be transferred as part of that transaction, subject to the same privacy protections described in this Policy.

We require all third parties to respect the security of personal information and to treat it in accordance with applicable law.

We retain personal information for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, accounting, and reporting obligations.

Client records and service delivery data are retained for a minimum of seven (7) years following the end of the client relationship, in accordance with financial and contractual record-keeping requirements.

Website enquiry and consultation records are retained for two (2) years from the date of last contact if no service engagement arises.

Where we process personal data on behalf of clients as a data processor, we retain that data in accordance with the applicable Data Processing Agreement and delete or return it upon termination of the engagement.

We implement appropriate technical and organisational measures to protect personal information against unauthorised access, accidental loss, destruction, or alteration. These measures include encryption in transit and at rest, role-based access controls, multi-factor authentication, regular penetration testing, and staff training on data handling.

As a managed security services provider, information security is central to our operations. Our internal security practices are aligned to the same enterprise standards we deliver to clients, including SOC 2 Type II controls.

No method of transmission over the internet or electronic storage is completely secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security. In the event of a data breach that poses a risk to your rights and freedoms, we will notify you as required by applicable law.

Our Site uses cookies and similar technologies to improve your browsing experience, analyse Site traffic, and support our marketing activities.

Strictly Necessary Cookies.. Required for the Site to function. These cannot be disabled.

Analytics Cookies.. Help us understand how visitors interact with our Site (e.g., Google Analytics). These are only set with your consent.

Marketing Cookies.. Used to track visits across websites and present relevant advertising. These are only set with your consent.

You can manage your cookie preferences through our cookie consent banner or by adjusting your browser settings. Note that disabling certain cookies may affect Site functionality.

Depending on your location, you may have the following rights in relation to your personal information:

Access.. The right to request a copy of the personal information we hold about you.

Correction.. The right to request that we correct inaccurate or incomplete information.

Erasure.. The right to request deletion of your personal information, subject to our legal obligations to retain certain records.

Restriction.. The right to request that we restrict processing of your information in certain circumstances.

Portability.. The right to receive your personal information in a structured, machine-readable format.

Objection.. The right to object to processing based on legitimate interests or for direct marketing purposes.

Withdraw Consent.. Where processing is based on consent, the right to withdraw consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at privacy@thiagomclaren.com. We will respond within 30 days. We may need to verify your identity before processing your request.

Our operations and service providers are primarily based in the United States. If you are located outside the United States, your personal information may be transferred to and processed in the United States or other countries that may not provide the same level of data protection as your home jurisdiction.

Where we transfer personal information originating from the European Economic Area, United Kingdom, or Switzerland to third countries, we do so using appropriate safeguards such as Standard Contractual Clauses approved by the relevant supervisory authority.

Our Site and services are directed exclusively at enterprise organizations and business professionals. We do not knowingly collect personal information from individuals under the age of 18. If we become aware that we have inadvertently collected such information, we will delete it promptly.

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or business operations. We will post the updated Policy on this page with a revised "Last Updated" date. For material changes, we will notify active clients by email.

Your continued use of our Site or services following the posting of changes constitutes your acceptance of the updated Policy.

If you have questions, concerns, or requests relating to this Privacy Policy or our data practices, please contact us:

Thiago McLaren IT Solutions 275 Bath St Glasgow G2 4JR, Scotland, United Kingdom Email: privacy@thiagomclaren.com Phone: +44 7386 043345

If you are located in the European Economic Area and believe we have not addressed your concern adequately, you have the right to lodge a complaint with your local data protection supervisory authority.