Norvet MSP Privacy Policy

Effective Date: 7-13-2023
Last Updated: 5-24-2024

This Privacy Policy explains how Norvet MSP (“Norvet,” “we,” “us,” or “our”) collects, uses, discloses, and protects information that identifies, relates to, describes, or could reasonably be linked to an individual (“Personal Information”). It also describes your privacy rights and choices.

Address: Norvet MSP, 8170 Mall Parkway, STE 1161, Lithonia, GA 30038
Phone: 888 598-7677
Email: [email protected] (write “Attn: Privacy” in the subject line)

1. Scope and Who This Policy Covers

This Privacy Policy applies to:

Visitors to our websites and online properties (the “Site”);

Prospective clients requesting quotes, proposals, or information;

Business contacts, vendors, and partners who interact with us;

Individuals whose information we receive and process to provide managed IT and cybersecurity services (the “Services”), including Client employees, contractors, volunteers, and other authorized users (“End Users”).

Important: Client-Directed Data (Processor / Service Provider Role)

When we provide Services to an organization (a “Client”), the Client controls the Personal Information we process on its behalf (often called “Client Data”). In that context:

The Client is typically the “controller” (or “business”) and Norvet is typically a “processor” (or “service provider”/“contractor”).

We process Client Data only as authorized by the Client and as needed to provide Services, plus as required by law or to protect our rights and operations.

If you are an End User, requests about how your employer/organization uses your data should be directed to the Client.

This Privacy Policy does not create or expand any rights or remedies beyond those provided by applicable law and any written contract you have with Norvet. If you are a Client under a signed services agreement, that agreement governs security, confidentiality, breach response, and liability to the extent it differs from this Privacy Policy.

2. Definitions

For clarity in this Privacy Policy:

“Personal Information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked (directly or indirectly) with a particular individual.

“Sensitive Personal Information” may include account credentials, precise geolocation, government IDs, certain financial information, health information, or other information protected by law.

“Authorized Purposes” means the permitted purposes for which we collect and use Personal Information, defined in Section 4.

3. Personal Information We Collect

We collect Personal Information from several sources depending on how you interact with us.

A. Information you provide directly

Examples include:

Contact and business details: name, company, title, email, phone number, mailing address.

Inquiry and quote details: details you enter in webforms, proposals, RFQs, project descriptions, service needs, and budget ranges (if provided).

Account and support information: support tickets, troubleshooting details, device identifiers, and communications with our support team.

Payment and billing information: billing contacts, invoice metadata, payment status; payment details may be handled by payment processors depending on your payment method.

SMS consent and preferences: if you opt in to SMS notifications or marketing communications, we collect consent records and message preference data.

B. Information collected automatically (Site and tools)

When you visit our Site, we (and providers acting on our behalf) may collect:

IP address, browser type, device type, operating system, referral URLs, pages viewed, and timestamps;

Cookie identifiers and similar tracking technologies (see Section 8).

C. Information we receive from Clients and End Users in delivering Services

Depending on the Services, we may receive or access:

User identity information (names, emails, usernames, role/department);

Authentication and security telemetry (sign-in logs, access events, audit events, security alerts);

Device and endpoint telemetry (device names, asset IDs, patch status, EDR alerts, configurations);

Email metadata and security artifacts (headers, message trace details, quarantine events) as needed for support and security monitoring;

Support content submitted by users (screenshots, attachments, error messages).

D. Information from third parties

We may receive Personal Information from:

Referral partners, resellers, and channel partners;

Public sources (e.g., business directories);

Third-party platforms used in our operations (e.g., CRM, scheduling, billing, ticketing), subject to your settings and applicable law.

4. How We Use Personal Information (“Authorized Purposes”)

We collect and use Personal Information for the following Authorized Purposes:

Providing quotes, proposals, and responding to inquiries (including scheduling calls and follow-ups).

Onboarding and delivering Services, including account setup, administration, and provisioning.

Providing technical support and helpdesk services, including diagnosing and resolving issues.

Security operations, including security monitoring, detection, alerting, investigation, containment, remediation support, and incident response coordination.

Operational communications, including service notices, ticket updates, maintenance notifications, and required security communications.

Billing and collections, including invoicing, payment processing, account reconciliation, and enforcement of payment terms.

Improving our Site and Services, including analytics, troubleshooting, quality assurance, and internal reporting.

Compliance and legal obligations, including responding to lawful requests and protecting legal rights.

Preventing fraud, abuse, and misuse of our Site, systems, and Services.

Marketing and business development, where permitted by law and subject to your choices (opt-out rights in Section 9).

Vendor and subcontractor management, including due diligence, security review, and service transition coordination.

No “side purpose” promise. We may also use Personal Information for other purposes that are compatible with the context in which it was collected, reasonably necessary to operate our business, or otherwise permitted by law.

5. How and Why We Share Personal Information

A. Subcontractor and Vendor Data Sharing (Subprocessors / Service Providers)

To fulfill our Authorized Purposes, Norvet may disclose Personal Information to subcontractors, vendors, and third-party providers that help us operate and deliver Services (collectively, “Service Providers”). This may include providers of:

Ticketing/helpdesk platforms and communications tools

Remote monitoring and management (RMM) tools

Endpoint security / EDR / MDR / XDR / SOC services

Backup, disaster recovery, email security, and DNS/security tooling

Cloud infrastructure and productivity platforms

Billing, invoicing, accounting, and payment processing

Analytics, logging, alerting, and reporting tools

Identity management and authentication services

We may allow these Service Providers to access and process Personal Information as necessary to perform services for us, subject to contractual restrictions and appropriate safeguards as determined by Norvet.

B. Client-directed disclosures

When we provide Services, we may disclose Personal Information:

As instructed by the Client (e.g., creating accounts, granting permissions, generating reports);

To Client-authorized administrators or contacts;

To facilitate transitions between providers at the Client’s request.

C. Legal, safety, and enforcement disclosures

We may disclose Personal Information if we believe in good faith it is necessary to:

Comply with law, regulation, legal process, or lawful governmental request;

Protect the rights, property, or safety of Norvet, our Clients, End Users, or others;

Enforce our agreements, policies, and billing/collection rights;

Detect, prevent, or address fraud, security, or technical issues.

D. Business transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, Personal Information may be disclosed as part of that transaction, subject to reasonable confidentiality protections and applicable law.

6. Third-Party Links and Third-Party Services Disclaimer (Major Liability Shield)

Our Site and Services may reference, integrate with, or link to Third-Party Providers and external sites. Examples may include (without limitation) Microsoft 365, Salesforce, Coupa, payment processors, and other vendor platforms used by Clients or Norvet.

Third-Party Links. If you click a third-party link, you will be taken to a website or service we do not control.
Third-Party Services. If you use a third-party product or service (whether directly or through our Services), the third party’s privacy policy and security practices apply.

To the maximum extent permitted by law:

Norvet is not responsible for the privacy practices, security, availability, or content of Third-Party Providers or external links;

Norvet is not liable for any data breach, unauthorized access, or security incident originating in or caused by a Third-Party Provider, including outages, misconfigurations, vulnerabilities, or failures in third-party systems, except to the extent a signed written agreement with you explicitly states otherwise.

7. Client Responsibility for Accuracy (Reliance Clause)

When a Client or user provides information to Norvet (including user lists, access instructions, contact details, permissions, or configuration requirements), Norvet may rely on that information as accurate and authorized.

Client Responsibility. The Client is responsible for ensuring that:

The information it provides is accurate, complete, and current;

It has the legal authority to share Personal Information with Norvet;

It has provided any notices and obtained any consents required by law; and

Its instructions to Norvet are lawful and authorized.

No Liability for Client Errors. To the maximum extent permitted by law, Norvet is not liable for costs, delays, service failures, security failures, misdeliveries, or privacy impacts resulting from inaccurate, incomplete, outdated, or unauthorized information or instructions provided by the Client or its users.

8. Cookies, Analytics, and Tracking Technologies

We may use cookies and similar technologies (e.g., pixels, SDKs, local storage) to:

Operate our Site and enable core features;

Remember preferences;

Understand Site usage and performance;

Improve marketing and conversion measurement where permitted by law.

You can control cookies through browser settings and, where offered, cookie consent tools on our Site. Blocking cookies may impact functionality.

Do Not Track. Some browsers send “Do Not Track” signals. We do not guarantee that we respond to all such signals because there is no uniform industry standard.

9. Communications, Marketing Choices, and Authorized Contact Controls

A. Email and SMS communications

We may send:

Operational communications (support ticket updates, service notices, security alerts);

Marketing communications (service updates, offers, newsletters) where permitted.

You may opt out of marketing messages at any time by using the unsubscribe method in the message or contacting us. Operational/security communications are not optional when necessary to provide Services, protect systems, or comply with legal obligations.

For SMS programs, message frequency may vary. Standard carrier rates may apply. You can reply STOP to unsubscribe where supported.

B. “Authorized Contacts” and protection against unauthorized outreach

For business Clients, we may require the Client to designate specific Authorized Contacts for account changes, approvals, or sensitive communications.
We may refuse to act on requests from individuals who are not designated Authorized Contacts. This is a security measure and helps prevent social engineering and unauthorized disclosure.

C. No use of Client Data to solicit Client’s customers

Norvet does not use Client Data to market to or solicit a Client’s customers, donors, patients, or constituents. Subcontractors acting on our behalf are expected to follow the same restriction, unless a Client expressly authorizes otherwise in writing.

10. Data Security and Cybersecurity Risk Acknowledgment (No Guarantee)

Norvet uses administrative, technical, and physical safeguards designed to protect Personal Information and Client Data and to reduce risk of unauthorized access, disclosure, alteration, and destruction. These safeguards may include access controls, MFA, logging, monitoring, encryption where appropriate, and security policies.

However, no method of transmission over the internet and no method of electronic storage is 100% secure. Cyber threats evolve rapidly, and even well-protected systems can be compromised due to sophisticated attacks, human error, misconfiguration, credential theft, supply-chain compromise, or third-party failures.

Liability Standard for Unauthorized Access

To the maximum extent permitted by law, Norvet is not liable for unauthorized access to Personal Information or Client Data, or for a security incident, unless caused by Norvet’s own willful misconduct.
For clarity, incidents caused by Client actions/inactions, End User behavior, or Third-Party Provider failures are outside Norvet’s responsibility except as expressly stated in a signed written agreement.

11. Data Retention

We retain Personal Information only as long as reasonably necessary for Authorized Purposes, including:

Providing Services and support;

Meeting legal, accounting, and compliance obligations;

Enforcing agreements and resolving disputes; and

Maintaining security and audit records.

Retention periods vary based on data type, legal requirements, and contractual commitments. We may retain certain records even after deletion requests where permitted or required by law.

12. Your Rights: Access, Correction, and Deletion Requests

Depending on your location and applicable law, you may have the right to:

Access your Personal Information;

Correct inaccurate Personal Information;

Request deletion of Personal Information; and/or

Opt out of certain processing (such as certain marketing uses).

How to submit a request

Email [email protected] with the subject line “Privacy Request” and specify what you are requesting.

Verification and limits

To protect security and privacy, we may need to verify your identity and your authority to request data. We may deny or limit requests where:

We cannot verify identity/authority;

We must retain information for legal obligations, security, fraud prevention, or legitimate business purposes; or

The request relates to Client-controlled data and must be handled by the Client (for End Users).

13. Children’s Privacy

Our Site and Services are not directed to children under 13, and we do not knowingly collect Personal Information from children under 13 through our Site. If you believe a child provided Personal Information to us, contact us and we will take appropriate steps consistent with applicable law.

14. International Users and Cross-Border Transfers

Norvet is based in the United States. If you access our Site or Services from outside the United States, you understand that your information may be transferred to, processed, and stored in the United States and other jurisdictions where our Service Providers operate.

15. Changes to This Privacy Policy

We may update this Privacy Policy at any time by posting the updated version on our Site and updating the “Last Updated” date. Changes are effective upon posting unless otherwise stated. Your continued use of the Site or Services after an update constitutes acknowledgment of the updated policy, to the extent permitted by law.

16. Governing Law and Venue (Georgia / DeKalb County)

To the maximum extent permitted by law, this Privacy Policy and any dispute arising out of or relating to it will be governed by the laws of the State of Georgia, without regard to conflict-of-law principles, and the exclusive venue for such disputes will be state or federal courts located in DeKalb County, Georgia.

Note: Some jurisdictions’ consumer protection or privacy laws may grant you additional rights or may restrict certain venue provisions. In such cases, this section applies only to the extent permitted by law.

17. Contact Us (Privacy / DPO Function)

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, contact:

Norvet MSP
8170 Mall Parkway, STE 1161
Lithonia, GA 30038
Email: [email protected] (Attn: Privacy)
Phone: 888 598-7677