PRIVACY POLICY

Paragus Strategic IT (“we,” “our,” or “us”) takes your privacy seriously and is committed to protecting personal data in compliance with applicable laws and regulations. This policy sets out how we collect, use, and disclose data related to our proprietary applications and services (the “Services”).

This policy is consistent with Privacy and Data Protection laws from the following governing bodies, including but not limited to:

  • FCC (Federal Communications Commission)

  • PIPEDA (Personal Information Protection and Electronic Documents Act)

  • CRTC (Canadian Radio-television and Telecommunications Commission)

  • CALEA (Communications Assistance for Law Enforcement Act)

  • HIPAA (Health Insurance Portability and Accountability Act)

  • GDPR (General Data Protection Regulation)

  • Provincial Privacy Laws

This policy applies to all employees, contractors, and relevant third-party vendors acting on behalf of Paragus Strategic IT. It governs their handling of personal data while working remotely (from home, public locations) or on-site (in data centers or offices).

Mobile information/ Personally Identifiable Information (PII) will not be shared with third parties for marketing purposes.

 

Disclosure Restrictions  

Marketing and Disclosure Restrictions: Mobile information will not be shared with third parties/affiliates for marketing/promotional purposes. All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties. All restrictions follow FCC and CPNI rules, preventing unnecessary sharing of customer text messaging data unless explicitly consented to by users. 

Text Messaging Opt-Out Process: Users may opt-out of text messages at any time by texting “STOP” to the originating number. For further support, contact help@paragusit.com 

What Information Do We Collect?

We collect a variety of personal data needed to ensure system and service compliance. This personal information includes, but is not limited to:

  • Identifiers: Such as name, address, email address, and phone number.

  • Service-Related Data: Including call usage logs, which are handled under Customer Proprietary Network Information (CPNI) regulations.

Additional information may be tracked for specific cases including the lawful interception of data under CALEA (U.S.) and Lawful Access and Interception (LAI) standards governing Canadian telecom privacy.

Why Do We Collect Information?

Paragus Strategic I.T. collects personal and service data to:

  • Comply with critical regulatory frameworks including PIPEDA, HIPAA, and GDPR.

  • Facilitate lawful fulfillment of Telecom Relay Service (TRS) and mandated communications services.

  • Manage data privacy rights as defined under GDPR, CCPA, CPRA, and Canadian provincial privacy laws.

Paragus’s Role as Data Processor under GDPR

Paragus acts as a data processor for services where third-party providers, such as Microsoft Teams, serve as the data controller.

  • Data Controller Role: For users within the EU or EEA (European Economic Area), Microsoft as the data controller assumes the majority of GDPR obligations, such as determining the purposes and means of processing.

  • Paragus’s Data Processor Role: Paragus supports GDPR compliance through implementing adequate processor-level safeguards to process personal data securely according to instructions provided by the data controller (e.g., Microsoft).

Processor obligations include but are not limited to:

  • Following controller instructions while processing personal data.

  • Ensuring that user data is properly encrypted for both data-at-rest and data-in-transit.

  • Reporting any breach of data security to the controller promptly, as required under GDPR.

These responsibilities are part of our contractual agreements with data controllers, ensuring that both Paragus and its partners adhere to transparent processing principles mandated by GDPR.

Tracking Technologies and Privacy Choices

Our services use cookies and other tracking technologies for both performance and security monitoring. Tracking practices are compliant with:

  • CASL (Canada) and CCPA/CPRA (California)

  • User Consents: Users are able to manage tracking preferences and opt-out as per applicable state or provincial privacy laws.

Data Encryption Standards

To ensure SOC 2 audit compliance and protect personal data:

  • Encryption at Rest and In-Transit: Sensitive information such as telecom service records and other data is encrypted using AES-256 encryption, both while being stored (at rest) and while being transmitted over telecommunications networks (in transit). This ensures that data processed by Paragus in support of services such as Microsoft Teams is safeguarded against unauthorized access and tampering.

Disclosure Restrictions and Legal Requests

  • Marketing and Disclosure Restrictions: Mobile information will not be shared with third parties/affiliates for marketing/promotional purposes. All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties. All restrictions follow FCC and CPNI rules, preventing unnecessary sharing of customer text messaging data unless explicitly consented to by users.

  • Text Messaging Opt-Out Process: Users may opt-out of text messages at any time by texting “STOP” to the originating number. For further support, contact help@paragusit.com

  • Law Enforcement Compliance: When legally mandated, Paragus cooperates with law enforcement to comply with lawful information requests. Requests for disclosure for surveillance or legal access are managed under CALEA (U.S.), CPNI, and regional requirements.

Incident Reporting

To ensure SOC 2 compliance and protect customer data:

  • Breach Notifications: If Paragus encounters a data breach affecting regulated data under CPNI or GDPR compliance, customers will be promptly notified within 72 hours. Breach notifications will explain the scope of the data affected and corrective actions undertaken.

  • Incident Response: Our internal Incident Response Plan outlines how breaches are handled, ensuring limited exposure and swift incident remediation. All breaches are fully logged, documented, and tracked in compliance with GDPR and related privacy laws.

Data Retention and Security Practices

Data is retained only as long as necessary under legal obligations set by FCC, CPNI, PIPEDA, and applicable Canadian telecom regulations. Data retention periods are managed via strict rules ensuring compliance with:

  • CRTC (Canada’s telecom retention laws)

  • FCC retention requirements for CPNI data

  • Standard encryption protocols under GDPR and PIPEDA.

Changes and Contacting Us

To ensure compliance and transparency, any modifications to this policy will be proactively shared with affected customers or data subjects.

If you have privacy concerns or wish to inquire about how Paragus manages your data, you can contact us at help@paragusit.com