DataBridge Sites

Privacy Policy

NuView IT Privacy & Data Protection Policy

Effective Date: December 1, 2025

NuView IT (“NuView,” “we,” “us,” or “our”) is committed to protecting the privacy, confidentiality, and security of information entrusted to us. This policy describes how NuView collects, uses, stores, protects, and discloses Personal Data and Client Data in connection with our websites, managed services, cybersecurity offerings, consulting engagements, and related business operations.

This policy applies to all individuals and organizations that use our services, visit our websites, or interact with NuView in any capacity.

1. Definitions

1.1 Personal Data

Any information relating to an identified or identifiable individual, including but not limited to:
Name, address, email, phone number, IP address, cookies, device identifiers, account credentials, and other information collected through NuView websites or marketing channels.

1.2 Client Data

Any data, records, files, logs, configurations, system information, or other information provided to NuView or accessed by NuView to deliver Managed IT Services, Managed Security Services, consulting, incident response, backup/DR, or any other contracted services.

Client Data remains the sole property of the Client.

1.3 Sensitive Data

Includes - but is not limited to- data regulated under HIPAA, PCI, GLBA, FERPA, ITAR, CMMC/NIST 800-171, state privacy laws, or other regulatory frameworks applicable to the Client.

2. Categories of Data We Collect

NuView may collect the following categories of information:

2.1 Information You Provide Directly

  • Requests for support or service
  • Account creation or login information
  • Contract execution (SOWs, MSAs, vendor onboarding)
  • Ticketing information submitted via HaloPSA
  • Billing, payment, and invoicing information

2.2 Information Collected Automatically

  • IP address and device information
  • Website analytics and cookies (see Section 11)
  • System logs, audit logs, and telemetry from monitoring agents
  • Endpoint, network, and security-event data (EDR/XDR)

2.3 Information Provided Through Managed Services

  • File systems, servers, user accounts
  • Security logs and SIEM data
  • Network diagrams and configurations
  • Vulnerability, patching, and risk data
  • Backups and disaster recovery data

3. How We Use Data

We use Personal Data and Client Data only for legitimate business purposes, including:

  • Delivering contracted services under MSAs and SOWs
  • Monitoring, managing, and supporting client IT environments
  • Providing cybersecurity protection, threat detection, and remediation
  • Billing, invoicing, and account administration
  • Enhancing system performance, reliability, and security
  • Meeting compliance obligations for regulated industries
  • Improving our products, services, and client experience

4. Legal Bases for Processing

NuView processes Personal Data under the following legal bases:

  • Contract Performance - to deliver the services the Client has contracted.
  • Legitimate Interest - to maintain security, improve systems, and operate our business.
  • Consent - for optional communications or where required by law.
  • Legal Compliance - where required to meet regulatory or law-enforcement obligations.

5. Data Ownership & Client Rights

5.1 Data Ownership

All Client Data remains the exclusive property of the Client. NuView asserts no ownership interest in Client Data.

5.2 Client Access Rights

Upon request, clients may obtain:

  • An export of Client Data
  • A description of how Client Data is processed
  • Records of security logs or system activity relevant to their environment

5.3 Rights Under Privacy Laws

Depending on jurisdiction, individuals may have rights to:

  • Access their Personal Data
  • Correct inaccurate information
  • Request deletion (where legally allowed)
  • Restrict or object to processing
  • Data portability

NuView will comply with applicable privacy laws (GDPR, CCPA/CPRA, Virginia CDPA, etc.).

6. Data Security & Protection Measures

NuView maintains administrative, technical, and physical safeguards to protect all forms of data, including but not limited to:

  • Encryption in transit and at rest
  • MFA and Identity Access Controls
  • Role-Based Access and least privilege permissions
  • Network segmentation and zero-trust architecture
  • Endpoint detection and response (EDR/XDR)
  • Immutable backups and disaster recovery plans
  • Regular threat hunting and security monitoring
  • Employee background checks and security training
  • Vendor risk management and security reviews

These controls meet or exceed industry standards for MSPs/MSSPs supporting regulated industries.

7. Data Retention & Secure Disposal

Retention is determined by:

  • Contractual requirements
  • Legal and regulatory requirements
  • Business needs

Examples:

Data Type

Retention Period

Security Logs

30-90 days (unless otherwise contracted)

Backups

As specified in SOW/backup policy

Ticketing Information

Duration of contract + 3 years

Billing Records

7 years

Website Analytics

12-24 months

Upon contract termination, NuView will return or securely delete Client Data within agreed timelines.

8. Third-Party Vendors & Sub processors

NuView engages third-party service providers (e.g., cloud hosting, backup providers, software vendors, support partners) who may process Personal Data or Client Data.

NuView requires all vendors to:

  • Meet our security and privacy requirements
  • Sign appropriate confidentiality and data-processing agreements
  • Maintain equivalent levels of protection

A list of subprocesses is available upon request.

9. Incident Response & Breach Notification

NuView maintains a formal Incident Response Plan. If NuView becomes aware of unauthorized access, disclosure, or loss of Client Data or Personal Data:

  • We will investigate immediately
  • Contain and remediate the incident
  • Notify affected clients within the timeframe required by law or contract
  • Cooperate with forensic teams, insurers, and regulators as applicable

Clients agree to maintain required cybersecurity controls; NuView is not liable for incidents caused by:

  • Client misconfiguration
  • Negligence
  • Unsupported systems
  • Failure to follow NuView recommendations

10. International Transfers

NuView may transfer data across borders if necessary to deliver services (e.g., cloud hosting). Where legally required, we will use Standard Contractual Clauses or other approved safeguards.

11. Cookies & Tracking Technologies

NuView websites use cookies to:

  • Improve functionality
  • Analyze usage
  • Support marketing communications

Visitors may decline non-essential cookies at any time. A Cookie Notice is provided separately.

12. Children’s Data

NuView does not knowingly collect Personal Data from individuals under age 16.

13. Updates to This Policy

NuView may update this Privacy Policy periodically.
Material changes will be communicated to clients with reasonable advance notice.

Effective date and version of history will be maintained.

14. Contact Information

For privacy questions, data requests, or security concerns:

NuView IT - Privacy Office
Email: privacy@nuviewit.com
Address: Att: COO - 1500 Lafayette Road, Portsmouth NH 03801