Updated: January 6, 2025

Data Privacy Policy

Introduction

This Data Privacy Policy (“Policy”) outlines the principles and practices adopted by Virgo Development, a software engineering, custom application programming, and web development company based in Utah (“we,” “us,” or “our”), regarding the collection, use, storage, and protection of personal and non-personal information (“Data”) of our clients, employees, and website visitors. This Policy applies to all individuals who interact with our services, including both office-based and remote Software Engineers.

Scope

This policy applies to all personal data collected, processed, stored, or transmitted by Virgo Development in the course of our business activities. It is applicable to all employees, contractors, and third parties who have access to personal data on behalf of Virgo Development.

Privacy by Design and Default

We will incorporate privacy by design and default principles into our products, systems, and processes to ensure that data protection is considered from the outset and that only necessary personal data is processed.

Data Collection and Usage

2.1 Types of Data Collected

We may collect the following types of Data:

• Personal information: Names, email addresses, contact details, job titles, and other personally identifiable information voluntarily provided by our clients, employees, or website visitors.
• Non-personal information: Anonymous data, such as website usage statistics, IP addresses, browser type, device information, and other technical information collected through cookies or similar technologies.

2.2 Purposes of Data Collection

We collect and use Data for the following purposes:

• To provide software engineering, custom application programming, and web development services to our clients.
• To communicate with clients, employees, and website visitors regarding our services, updates, and inquiries.
• To improve our services, enhance website functionality, and tailor content to user preferences.
• To ensure the security and integrity of our systems, networks, and data.

2.3 Lawful Basis for Processing

We will only process Data when we have a lawful basis to do so, including:

• The processing is necessary to perform a contract or take steps at the request of the data subject prior to entering into a contract.
• The processing is necessary for compliance with a legal obligation to which we are subject.
• The processing is necessary for the legitimate interests pursued by us or a third party, provided such interests are not overridden by the data subject’s rights and interests.
• The data subject has provided explicit consent to the processing of their personal information.

Data Sharing and Third Parties

3.1 Data Sharing

We may share Data with third parties under the following circumstances:

• With client consent: We may share Data with our clients or their authorized representatives for the purpose of delivering our software engineering, custom application programming, and web development services.
• With service providers: We may engage trusted third-party service providers to assist us in delivering our services, subject to contractual agreements that protect Data confidentiality and usage.
• With legal requirements: We may disclose Data if required to do so by law or in response to valid legal requests, including to protect our rights, safety, or property.

3.2 International Data Transfers

We may transfer and store Data outside the jurisdiction where the data subject resides. In such cases, we will ensure appropriate safeguards are in place to protect the data, in compliance with applicable data protection laws.

3.3 Third-Party Processors

When engaging third-party processors to process personal data on our behalf, we will ensure that they provide sufficient guarantees regarding the implementation of appropriate technical and organizational measures to protect the data. We will have appropriate data processing agreements in place with these processors.

Data Subject Rights

Individuals whose Data we process have certain rights, which include:

• Right to access: The right to request access to their personal information held by us.
• Right to rectification: The right to request correction or update of inaccurate or incomplete personal information.
• Right to erasure: The right to request the deletion of personal information, subject to legal obligations or  legitimate interests.
• Right to object: The right to object to the processing of personal information, based on specific grounds.

Data Storage and Security

5.1 Data Storage

We will retain Data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Data may be stored on our secure servers or with third-party service providers who adhere to strict data protection standards.

5.2 Technical and Organizational Measures

We implement technical and organizational measures to protect Data against unauthorized access, disclosure, alteration, or destruction. These measures include, but are not limited to, encryption, firewalls, access controls, and regular security assessments.

Our data will be:

• Accurate and kept up-to-date
• Collected fairly and for lawful purposes only
• Processed by the company within its legal and moral boundaries
• Protected against any unauthorized or illegal access by internal or external parties

Our data will not be:

• Communicated informally
• Stored for more than a specified amount of time
• Transferred to organizations, states, or countries that do not have adequate data protection policies
• Distributed to any party other than the ones agreed upon by the data’s owner (exempting legitimate requests from law enforcement authorities)

5.3 Data Breach Response

In the event of a data breach that poses a risk to the rights and freedoms of individuals, we will promptly assess the breach, take necessary actions to mitigate its impact, and notify the appropriate supervisory authorities and affected individuals.

Employee Training and Awareness

We will provide training and ongoing awareness programs to our employees and contractors to ensure they understand their responsibilities under this policy and are aware of data protection laws and regulations.

Policy Review

This policy will be reviewed and updated periodically to ensure its continued relevance and compliance with applicable data protection laws and regulations.

Contact Information

For any questions please contact

Email: support@virgodev.com

Phone: 435 767 1602

Address: 87 E 2580 S, St George, UT 84790

Further reading:

• Data Protection Act of 1998 (UK)
• The General Data Protection Regulation (GDPR)
• Data protection in United States
• California Consumer Privacy Act (CCPA)