Privacy Policy

1. Introduction

Welcome to GivBest Consulting ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our services, or engage with us in any capacity.

By accessing or using our services, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our services.

2. Information We Collect

We collect several types of information from and about users of our services, including:

2.1 Personal Information You Provide

When you interact with our services, we may collect:

• Contact Information: Name, email address, phone number, mailing address, job title, and company name
• Account Information: Username, password, security questions, and preferences
• Business Information: Company details, industry, project requirements, and technical specifications
• Payment Information: Billing address, payment method details (processed securely through third-party providers)
• Communication Data: Content of your messages, support tickets, emails, and feedback
• Professional Information: Resume, work history, and qualifications (for job applications)

2.2 Information Collected Automatically

When you access our website or use our services, we automatically collect:

• Technical Data: IP address, browser type, operating system, device identifiers, and system configurations
• Usage Data: Pages visited, time spent, clickstream data, referring URLs, and navigation patterns
• Performance Metrics: Application performance data, error logs, and diagnostic information
• Location Data: General geographic location based on IP address (not precise GPS coordinates)

2.3 Information from Third Parties

We may receive information about you from:

• Business partners and service providers (e.g., cloud infrastructure providers, payment processors)
• Publicly available sources (e.g., LinkedIn, company websites for B2B services)
• Social media platforms (if you choose to connect your account)
• Analytics and data enrichment services

2.4 Sensitive Information

3. How We Use Your Information

We use the information we collect for the following purposes:

Purpose	Legal Basis (GDPR)
Provide and maintain our services	Contract Performance
Process transactions and send notifications	Contract Performance
Customer support and technical assistance	Contract Performance
Improve and optimize our services	Legitimate Interest
Security monitoring and fraud prevention	Legitimate Interest / Legal Obligation
Marketing and promotional communications	Consent / Legitimate Interest
Compliance with legal obligations	Legal Obligation
AI model training (anonymized data only)	Legitimate Interest

3.1 Service Delivery

• Provision of Managed IT Services, 24/7 monitoring, and incident response
• Custom software development, deployment, and maintenance
• SaaS platform access, updates, and technical support
• Cloud infrastructure management and optimization

3.2 Communication and Marketing

• Sending service updates, security alerts, and important notices
• Responding to inquiries, support requests, and feedback
• Delivering newsletters, product announcements, and promotional content (with consent)
• Conducting surveys and gathering customer insights

3.3 Analytics and Improvement

• Analyzing usage patterns to enhance user experience
• Conducting A/B testing and feature optimization
• Monitoring system performance and reliability
• Training AI models for intelligent automation (using anonymized data)

4. Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following limited circumstances:

4.1 Service Providers and Partners

We share data with trusted third-party vendors who assist in:

• Cloud Infrastructure: AWS, Azure, Google Cloud (for hosting and storage)
• Payment Processing: Stripe, PayPal (for secure transactions)
• Communication Tools: Email service providers, CRM platforms
• Analytics: Google Analytics, Datadog, New Relic
• Security Services: SOC 2 auditors, penetration testing firms

All service providers are contractually bound to protect your data and use it only for specified purposes.

4.2 Legal Requirements

We may disclose your information if required to do so by law or in response to:

• Court orders, subpoenas, or legal processes
• Government or regulatory requests
• Enforcement of our terms of service or policies
• Protection of our rights, property, or safety, or that of others
• Investigation of fraud, security issues, or technical problems

4.3 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred to the successor entity. We will notify you via email and/or prominent notice on our website before your information becomes subject to a different privacy policy.

4.4 With Your Consent

We may share your information with third parties when you explicitly consent to such sharing, such as when integrating third-party tools with our platform.

5. Data Security

We implement industry-leading security measures to protect your information:

While we strive to use commercially acceptable means to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but commit to promptly notifying affected parties in the event of a data breach, as required by applicable law.

6. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

6.1 GDPR Rights (EU/EEA Residents)

• Right to Access: Request a copy of your personal data we hold
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure ("Right to be Forgotten"): Request deletion of your data
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a machine-readable format
• Right to Object: Object to processing based on legitimate interests or direct marketing
• Right to Withdraw Consent: Withdraw consent at any time (where processing is based on consent)
• Right to Lodge a Complaint: File a complaint with your local data protection authority

6.2 CCPA Rights (California Residents)

• Right to Know: Know what personal information is collected, used, and shared
• Right to Delete: Request deletion of personal information (with exceptions)
• Right to Opt-Out: Opt-out of the "sale" of personal information (note: we do not sell data)
• Right to Non-Discrimination: Not be discriminated against for exercising privacy rights

6.3 How to Exercise Your Rights

To exercise any of these rights, please contact us at privacy@givbest.com or use our online Privacy Request Form. We will respond to your request within 30 days (or as required by applicable law). We may need to verify your identity before processing your request.

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience:

7.1 Types of Cookies We Use

• Essential Cookies: Required for site functionality (e.g., authentication, security)
• Performance Cookies: Analytics to understand site usage (Google Analytics)
• Functional Cookies: Remember your preferences and settings
• Marketing Cookies: Track ad campaign effectiveness (with consent)

7.2 Cookie Management

You can control cookies through your browser settings. Note that disabling certain cookies may limit site functionality. For more information, visit www.allaboutcookies.org.

7.3 Do Not Track Signals

We currently do not respond to Do Not Track (DNT) signals, as there is no industry consensus on compliance standards.

8. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Data Type	Retention Period
Account information (active customers)	Duration of service + 3 years
Transaction records	7 years (tax/legal compliance)
Support tickets and communications	2 years after resolution
Marketing consent records	Until consent is withdrawn + 1 year
Security logs and audit trails	1 year (compliance requirement)
Anonymized analytics data	Indefinitely (no personal identifiers)

After the retention period expires, we securely delete or anonymize your data in accordance with industry best practices.

9. International Data Transfers

GivBest Consulting operates globally, with offices in the United States and Sri Lanka. Your information may be transferred to, stored, and processed in countries other than your own, where data protection laws may differ.

9.1 Transfer Safeguards

When transferring data internationally, we implement appropriate safeguards:

• Standard Contractual Clauses (SCCs): EU-approved data transfer agreements
• Data Processing Agreements: Contracts with third-party processors ensuring GDPR compliance
• Privacy Shield Framework: Adherence to applicable frameworks (where valid)
• Encryption: All data transfers use encrypted channels (TLS 1.3)

9.2 Data Residency Options

For enterprise clients with strict data residency requirements, we offer single-tenant deployments in specific geographic regions (US, EU, or customer-specified locations).

10. Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected information from a child under 16, we will take steps to delete such information promptly.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@givbest.com.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the "Last Updated" date at the top of this policy
• Notify you via email (if you have an account with us)
• Post a prominent notice on our website
• Request renewed consent where required by law

We encourage you to review this Privacy Policy periodically. Your continued use of our services after changes are posted constitutes acceptance of the updated policy.

12. Contact Us