Menu

ECG Privacy Policy

Effective Date: December 15, 2024
Last Updated: May 24, 2025

1. INTRODUCTION

 

Embarq Consulting Group LLC (“Embarq Consulting Group”, “ECG”, “We”, “Us”, or “Our”) is committed to safeguarding the privacy, confidentiality, and integrity of information entrusted to us. This Privacy Policy (“Policy”) outlines how we collect, access, use, disclose, store, and protect data in connection with the delivery of managed IT services, consulting, support, hosting, and related services (“Services”) provided under a Master Services Agreement (“MSA”).

 

This Policy applies to all data that ECG accesses or processes while performing Services for our clients (“You” or “Client”).

 

2. DATA WE COLLECT AND PROCESS

 

We collect and process data only as necessary to provide our Services or fulfill legal and contractual obligations. The types of data we may collect or access include:

  • Client-Provided Information: Business contact details, billing information, and limited employee contact information required to establish and manage your account.
  • System and Environment Data: Access to your production, development, or testing environments may be required, which can include data stored or processed in those systems.
  • Support & Monitoring Data: Logs, error messages, usage data, and configuration details for troubleshooting, maintenance, and performance monitoring.
  • Operational Metadata: Audit logs, ticketing system entries, or monitoring alerts generated during the provision of Services.

 

Purpose of Data Use
Data is accessed and used solely to:

  • Deliver contracted Services under the MSA
  • Support, troubleshoot, or upgrade client environments
  • Monitor and improve system performance
  • Ensure security and compliance
  • Satisfy legal or regulatory obligations

 

3. DATA OWNERSHIP & RESPONSIBILITY

 

You retain ownership of all data you provide to ECG in connection with the Services. ECG accesses and uses this data solely to deliver the contracted Services, fulfill legal obligations, or as otherwise authorized by you.

ECG acts as a service provider and custodian of your data. While we do not control the content or nature of the data you choose to provide, we take reasonable steps to safeguard it in accordance with this Policy and applicable law.

You are responsible for:

  • Determining the type and nature of data shared with ECG

  • Ensuring that data is lawfully collected and shared

  • Managing user access to your systems and environments

  • Complying with any industry- or jurisdiction-specific data handling obligations applicable to your business

 

    4. DATA SHARING & DISCLOSURE

     

    We do not sell or commercialize client data. Data may be shared only under the following limited circumstances:

    • Authorized Third-Party Providers: Vendors or partners (e.g., cloud infrastructure, email providers) who support our services and are contractually bound to safeguard the data and use it only as instructed.
    • Legal Obligations: Where required by law, court order, or lawful request from authorities.
    • Client Authorization: Where you have explicitly authorized disclosure.

     

    5. ACCESS CONTROLS & CONFIDENTIALITY

     

    Access to data is governed by both contractual and internal security controls:

    • Access is role-based and limited to only those ECG personnel or agents who require it for service delivery.
    • All ECG employees, subcontractors, and agents are bound by strict confidentiality agreements and are subject to annual security and privacy training.
    • Access controls include authentication, logging, monitoring, and account management policies.

     

    You are responsible for managing access controls for your own users and systems. End users should direct any data-related requests to you. ECG will facilitate such requests as needed, in accordance with our role and agreements.

     

    6. DATA SECURITY

     

    We implement industry-standard administrative, technical, and physical safeguards to protect the confidentiality, integrity, and availability of data. These measures include:

    • Firewalls and network segmentation
    • Secure remote access protocols
    • Data encryption in transit and at rest (where applicable)
    • Vulnerability scanning and patch management
    • Internal audits and access reviews

     

    All security practices are regularly reviewed and enforced under ECG’s internal governance program.

     

    7. INCIDENT RESPONSE & BREACH NOTIFICATION

     

    In the event of a suspected or actual security incident:

    • ECG investigates and assesses the scope and impact immediately.
    • Affected clients will be notified without undue delay if ECG determines that data has been subject to unauthorized access or disclosure.
    • ECG will coordinate with you on mitigation, resolution, and any applicable regulatory or legal notification requirements.

     

    8. ENFORCEMENT & CONTACT INFORMATION

     

    If you believe that your data has been handled in a manner inconsistent with this Policy, please notify us using the contact details below:

    C/O Embarq Consulting Group LLC
    300 International Drive STE 100
    Buffalo, NY 14221
    Attention: Head of Legal, DPO and Chief Compliance Officer
    Email: contact@embarqconsultinggroup.com

     

    9. POLICY UPDATES

     

    We may update this Policy from time to time. Material changes will be communicated via our website or directly to our clients. Continued use of our Services after changes are posted constitutes your acceptance of the revised Policy.

    Your Trusted Technology Partner

    Embarq Consulting Group is a managed IT service provider (MSP) helping businesses in Buffalo and across WNY optimize performance, enable growth & safeguard critical assets.

    Company

    Legal

    Follow us

    2025 © Embarq Consulting Group LLC. All rights reserved.