Privacy Policy

1. Introduction

On-Site Technology (“On-Site Technology,” “we,” “us,” or “our“) respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you visit on-sitetechnology.com and its subdomains, or when you interact with us through our contact forms, support channels, marketing communications, or other services described in this Policy (collectively, the “Services“).

This Policy applies to information we collect as a data controller — that is, information about website visitors, prospects, customers, newsletter subscribers, job applicants, and other individuals who interact with us directly.

Note regarding client data: Where On-Site Technology processes information on behalf of business clients as part of managed IT, cybersecurity, or related services, we act as a data processor (or service provider). That processing is governed by our Master Services Agreement, applicable statements of work, and any Data Processing Addendum in place with the client — not by this Policy. If you are an end user whose employer is our client and you have questions about how your information is handled, please contact your employer.

By using our Services, you confirm that you have read and understood this Policy.

2. Who We Are and How to Contact Us

3. Information We Collect

3.1 Information You Provide to Us

When you fill out a form, open a support ticket, subscribe to communications, request a quote, register for an event, or otherwise interact with us, we may collect:

• Name
• Business name and job title
• Email address
• Phone number
• Mailing address
• Information you include in free-text fields (e.g., the body of a support ticket or inquiry)
• Authentication information for client portals

We do not collect payment card numbers, bank account numbers, or Social Security numbers through this website. Payment processing, when applicable, is handled through separate invoicing systems governed by our client agreements.

3.2 Information Collected Automatically

When you visit our website, we (and our service providers) automatically collect:

• IP address and approximate geolocation derived from it
• Browser type, version, and language
• Operating system and device type
• Referring URL and exit pages
• Pages visited, time on page, and click activity
• Date and time of access
• Cookie identifiers and similar technology identifiers

3.3 Information from Third-Party Sources

We may receive information about you from third-party sources, including:

• Business intelligence and lead enrichment providers
• Publicly available business directories
• Referral partners and vendors
• Social media platforms when you engage with our content

3.4 Sensitive Information

We do not intentionally collect “sensitive” or “special category” personal information (such as racial or ethnic origin, religious beliefs, health information, precise geolocation, biometric data, or financial account credentials) through this website. If you voluntarily include such information in a free-text field, we will handle it with the same protections as other personal information and will not use it for profiling or targeted advertising.

4. How We Use Your Information

We use the information we collect for the following purposes:

• Responding to inquiries and providing support. Answering questions, fulfilling quote requests, and processing support tickets.
• Delivering our Services. Providing and maintaining access to client portals, tools, and services you request.
• Marketing and communications. Sending newsletters, product updates, event invitations, and promotional messages — always with the ability to unsubscribe.
• Site operations and improvement. Analyzing site traffic, diagnosing technical issues, and improving usability.
• Security and fraud prevention. Monitoring for abuse, protecting our systems, and preventing fraudulent activity.
• Legal compliance. Meeting our legal, regulatory, and contractual obligations.
• Business operations. Internal record-keeping, billing, auditing, and vendor management.

We do not use your personal information for automated decision-making that produces legal or similarly significant effects about you.

5. Legal Bases for Processing (EEA, UK, and Swiss Residents)

If you are located in the European Economic Area, United Kingdom, or Switzerland, our legal bases for processing your personal information are:

• Consent — where you have given us clear consent (e.g., newsletter subscription).
• Contract — where processing is necessary to perform a contract with you or to take steps at your request before entering into one.
• Legitimate interests — where processing is necessary for our legitimate interests (such as securing our systems, marketing our services to business contacts, and improving the Services) and those interests are not overridden by your rights.
• Legal obligation — where we are required to process information to comply with applicable law.

6. How We Share Your Information

We share personal information with the following categories of recipients:

6.1 Service Providers and Processors

We use third-party vendors who process personal information on our behalf under written contracts that restrict their use of the data to the services they provide us. These vendors fall into the following categories:

• Website hosting, content delivery, and security services
• Customer relationship management (CRM) and sales automation platforms
• Email, productivity, and collaboration platforms
• Marketing automation and email delivery services
• Lead generation and business intelligence providers
• Analytics and advertising measurement services
• Professional services automation (PSA) and ticketing systems
• Remote monitoring and management (RMM) platforms
• Cloud infrastructure, storage, and database services
• Voice, telephony, and unified communications providers
• Payment processors and billing platforms (where applicable)
• Backup, disaster recovery, and archival services
• Identity, authentication, and access management providers
• Document signing and contract management platforms

A current list of subprocessors handling personal information on our behalf is available on request by submitting a request through our Contact Us page.

6.2 Advertising and Analytics Partners

Where active, analytics and advertising services may set cookies and collect information about your interactions with our site and across other sites for measurement and advertising purposes. You can control this through the opt-out mechanisms described in Section 9.

6.3 Legal and Safety Disclosures

We may disclose information when we believe in good faith that disclosure is necessary to: (a) comply with applicable law, subpoena, court order, or other legal process; (b) enforce our agreements; (c) protect the rights, property, or safety of On-Site Technology, our clients, or others; or (d) investigate suspected fraud or security incidents.

6.4 Business Transfers

If we are involved in a merger, acquisition, financing, reorganization, or sale of assets, personal information may be transferred as part of that transaction, subject to customary confidentiality protections.

6.5 With Your Direction

When you ask us to share information with a third party (e.g., a referral partner), we will do so as directed.

6.6 No Sale of Personal Information

We do not sell personal information for monetary consideration. Depending on how various state privacy laws define “sale” or “sharing” (including “sharing” for cross-context behavioral advertising under California law), use of advertising cookies and pixels may be considered a “sale” or “sharing” in some jurisdictions. You can opt out as described in Section 9 and Section 11.

7. International Data Transfers

On-Site Technology is based in the United States and our systems and service providers are primarily located in the United States. If you access our Services from outside the United States, your information will be transferred to, stored in, and processed in the United States, where data protection laws may differ from those in your jurisdiction. Where required, we rely on appropriate safeguards such as Standard Contractual Clauses for transfers of personal information out of the EEA, UK, or Switzerland.

8. Data Retention

We retain personal information only for as long as needed to fulfill the purposes described in this Policy, unless a longer retention period is required or permitted by law. General retention guidelines:

• Contact form and inquiry data: up to 3 years from last contact
• Newsletter and marketing subscribers: until unsubscribed, then up to 12 months in suppression lists
• Customer records: duration of the relationship plus 7 years for tax and audit purposes
• Support tickets: up to 7 years from resolution
• Website analytics: up to 26 months
• Security and access logs: up to 24 months

Where you have exercised your right to delete, we will delete or de-identify your information except where retention is required by law, necessary to complete a transaction, or necessary for security or fraud prevention.

9. Cookies and Similar Technologies

9.1 What We Use

We use cookies, pixels, local storage, and similar technologies for:

• Strictly necessary functions — enabling core site features such as navigation and secure areas.
• Performance and analytics — understanding how visitors use our site.
• Functional — remembering your preferences.
• Advertising — measuring campaign performance and delivering relevant advertising on other sites you visit.

9.2 Managing Cookies

You can manage cookies through our cookie banner (where presented), your browser settings, or the following opt-outs:

• Google Ads / Analytics: https://adssettings.google.com and https://tools.google.com/dlpage/gaoptout
• Meta (Facebook): https://www.facebook.com/settings?tab=ads
• LinkedIn: https://www.linkedin.com/psettings/advertising
• Microsoft Advertising: https://account.microsoft.com/privacy/ad-settings
• Industry opt-outs: https://optout.aboutads.info and https://optout.networkadvertising.org

Turning off cookies may impair certain site features.

9.3 Global Privacy Control (GPC)

We recognize the Global Privacy Control (GPC) browser signal as a valid opt-out of “sale” and “sharing” of personal information for purposes of applicable state privacy laws, including the California CCPA/CPRA and the New Jersey Data Privacy Act.

9.4 Do Not Track

There is no industry-standard interpretation of “Do Not Track” (DNT) browser signals. We honor the GPC signal as described above. We do not currently modify our practices based on DNT signals alone.

10. Your Privacy Rights (General)

Depending on your jurisdiction, you may have rights to:

• Access the personal information we hold about you
• Correct inaccurate personal information
• Delete your personal information
• Obtain a portable copy of your personal information
• Opt out of “sale,” “sharing,” targeted advertising, or profiling
• Limit the use of sensitive personal information
• Withdraw consent where processing is based on consent
• Appeal a denial of a privacy request
• Not be discriminated against for exercising your rights

To exercise any of these rights, submit a request through our Contact Us page or call 973-777-7227. We will respond within the timeframe required by applicable law (generally 45 days, with a permitted extension where allowed). We will verify your identity before fulfilling requests involving personal information. If you are submitting a request through an authorized agent, we will also verify the agent’s authority.

If we deny your request, you may appeal by submitting an appeal through our Contact Us page with “Appeal” in the subject line or message. We will respond to appeals within 45 days.

11. California Residents (CCPA / CPRA)

This section supplements the rest of this Policy and applies to California residents. It reflects the California Consumer Privacy Act as amended by the California Privacy Rights Act, and implementing regulations in effect as of January 1, 2026.

11.1 Categories of Personal Information Collected (Last 12 Months)

• Identifiers (name, email, IP address, business contact information)
• Customer records (phone number, business address)
• Commercial information (services requested, transaction history)
• Internet/network activity (browsing, referral data, cookie identifiers)
• Geolocation (approximate, derived from IP)
• Professional or employment-related information (job title, company)
• Inferences drawn from the above for marketing purposes

We do not knowingly collect the additional “sensitive personal information” categories beyond those described in Section 3.4.

11.2 Sources, Purposes, and Disclosures

Sources, purposes, and categories of recipients are described in Sections 3, 4, and 6.

11.3 Sale or Sharing

We do not sell personal information for monetary consideration. We may “share” personal information (as defined under California law) for cross-context behavioral advertising through cookies and pixels described in Section 9. You may opt out at any time by:

• Enabling the Global Privacy Control (GPC) in your browser
• Submitting a request through our Contact Us page with “CCPA Opt-Out” in the subject line or message

We do not knowingly sell or share the personal information of consumers under 16 years of age.

11.4 Your Rights

California residents have the rights described in Section 10, including the right to limit the use of sensitive personal information, the right to correct, and the right to no retaliation for exercising these rights.

12. New Jersey Residents (NJDPA)

This section supplements the rest of this Policy and applies to New Jersey residents acting in an individual or household capacity. It reflects the New Jersey Data Privacy Act (NJDPA), effective January 15, 2025.

12.1 Your Rights

New Jersey consumers have the right to:

• Confirm whether we process your personal data and access that data
• Correct inaccuracies
• Delete your personal data
• Obtain a portable copy
• Opt out of processing for purposes of targeted advertising, sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects

12.2 Sensitive Data

Under the NJDPA, “sensitive data” includes financial information (account numbers and credentials), racial or ethnic origin, religious beliefs, health information, sex life and sexual orientation, citizenship or immigration status, transgender or non-binary status, genetic or biometric data, precise geolocation, and data from a known child. We do not knowingly process your sensitive data without opt-in consent.

12.3 How to Exercise Rights

Use the contact methods in Section 10 or the GPC signal. We will respond within 45 days and will honor opt-out requests within 15 days of receipt as required by the NJDPA.

12.4 Appeals

If we deny a request, you may appeal as described in Section 10. If you are not satisfied, you may contact the New Jersey Division of Consumer Affairs at https://www.njconsumeraffairs.gov.

13. New York Residents (SHIELD Act)

We comply with the New York Stop Hacks and Improve Electronic Data Security (SHIELD) Act. We maintain administrative, technical, and physical safeguards reasonably designed to protect the security, confidentiality, and integrity of New York residents’ private information, including:

• Designated personnel coordinating our information security program
• Regular risk assessments
• Employee security training
• Vendor security diligence and contractual safeguards
• Access controls, encryption in transit and at rest, and logging
• Secure disposal of information no longer needed for business purposes
• Incident response procedures and breach notification

If we experience a breach affecting New York residents’ private information, we will provide notice in the most expedient time possible and in accordance with New York law.

14. Residents of the EEA, UK, and Switzerland (GDPR / UK GDPR)

In addition to the rights in Section 10, if you are in the EEA, UK, or Switzerland you have the right to:

• Object to processing based on legitimate interests
• Restrict processing in certain circumstances
• Withdraw consent at any time (without affecting the lawfulness of prior processing)
• Lodge a complaint with your local data protection authority

Our legal bases are described in Section 5. Our international transfer safeguards are described in Section 7.

We have not appointed a formal EU or UK representative. If you are in these regions and have a privacy concern, please contact us through our Contact Us page.

15. Data Breach Notification

We will notify affected individuals and applicable regulators of a data breach involving personal information without undue delay and in accordance with the timelines and content requirements of applicable law. These include, among others:

• GDPR/UK GDPR: within 72 hours of becoming aware, where feasible
• New York SHIELD Act: in the most expedient time possible
• State breach notification laws (NJ, CA, FL, PA, and others): within the timeframes each law prescribes

16. Children’s Privacy (COPPA)

Our Services are directed to businesses and are not intended for children under the age of 13 (or 16 in certain jurisdictions). We do not knowingly collect personal information from children. If we learn we have collected information from a child without verifiable parental consent, we will delete it promptly. Parents or guardians who believe their child has provided information to us should contact us through our Contact Us page.

17. Email Communications (CAN-SPAM)

We comply with the federal CAN-SPAM Act. Our commercial emails:

• Do not use false or misleading headers or subjects
• Identify the message as an advertisement where required
• Include our physical mailing address
• Honor opt-out requests promptly (typically within 10 business days)

You may unsubscribe at any time using the link in any email or by submitting a request through our Contact Us page.

18. California Online Privacy Protection Act (CalOPPA)

In accordance with CalOPPA:

• Visitors may browse our site anonymously
• This Privacy Policy is linked from our website footer using the word “Privacy”
• Changes to this Policy will be posted on this page with an updated “Last Updated” date
• California residents may request changes to their personal information by contacting us

19. Third-Party Links and Embedded Content

Our site may include links to third-party websites, tools, or embedded content (such as videos, maps, or social media widgets). We are not responsible for the privacy practices of third parties. We encourage you to review their privacy policies before providing personal information to them.

20. Security

We implement reasonable administrative, technical, and physical safeguards designed to protect personal information, including TLS encryption for data in transit, encryption of data at rest, access controls, multi-factor authentication for privileged systems, routine vulnerability scanning, and employee security awareness training. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

21. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Last Updated” date at the top of this page. Material changes will be communicated through a prominent notice on our site or by email to registered users where appropriate. We encourage you to review this Policy periodically.

22. Contact Us

For any questions, concerns, or requests regarding this Privacy Policy or your personal information: