Privacy Policy

1. Scope & Applicability

This Privacy Policy applies to:

• Our Website: https://nolimitsystems.com and all associated subdomains, landing pages, and web applications we operate.
• Our Services: Managed IT services, co-managed IT, cybersecurity services, Microsoft 365 and Google Workspace administration, business phone systems (VoIP/UCaaS), internet connectivity services, network infrastructure, IT consulting, and related professional services.
• Business Interactions: Sales inquiries, support requests, vendor coordination, on-site visits, and any other communications with prospects, customers, and partners.

This Policy does not apply to:

• Third-party websites, applications, or services linked from our Website (see Section 12).
• Information collected by our clients through systems we manage on their behalf (in those cases, the client's privacy policy governs).
• Employment-related information collected from job applicants and employees, which is governed by separate notices.

2. Information We Collect

We collect information in several ways, depending on how you interact with us:

2.1 Information You Provide Directly

• Contact Information: Name, email address, phone number, company name, job title, and mailing address when you fill out forms, request quotes, or contact us.
• Account Information: Credentials and profile information for client portals, ticketing systems, or other authenticated services.
• Communications: Content of emails, chat messages, phone calls (which may be recorded for quality and training purposes), and support tickets.
• Billing Information: Company name, billing address, purchase order numbers, and payment-related information. Note: Full payment card numbers are processed by PCI-DSS compliant third-party processors; we do not store complete card numbers.
• Service-Related Information: Technical details about your IT environment, network configurations, user lists, and other information necessary to deliver our Services.

2.2 Information Collected Automatically

• Device Information: IP address, browser type and version, operating system, device type, and unique device identifiers.
• Usage Information: Pages visited, time spent on pages, links clicked, referring/exit pages, and navigation patterns.
• Location Information: General geographic location inferred from IP address (city/region level; we do not collect precise GPS location).
• Log Data: Server logs recording requests, errors, timestamps, and related technical information.

2.3 Information from Third Parties

• Service Providers: Information from vendors we use for analytics, marketing, payment processing, and service delivery.
• Public Sources: Publicly available business information (e.g., company websites, LinkedIn, business directories) for sales and marketing purposes.
• Client Systems: When providing managed IT services, we may access system logs, alerts, asset inventories, and configuration data necessary to monitor, maintain, and secure client environments.

3. How We Use Your Information

We use collected information for the following purposes:

3.1 Service Delivery

• Providing, operating, maintaining, and improving our Website and Services.
• Processing quotes, orders, and service requests.
• Delivering technical support, troubleshooting, and incident response.
• Managing client accounts, access credentials, and service configurations.
• Coordinating on-site visits, installations, and vendor interactions.

3.2 Communications

• Responding to inquiries, support requests, and feedback.
• Sending service-related notices, including security alerts, maintenance notifications, and billing communications.
• Providing newsletters, marketing communications, and promotional offers (with opt-out options as required by law).

3.3 Security & Compliance

• Protecting our systems, networks, and users from fraud, abuse, and security threats.
• Detecting, investigating, and preventing violations of our policies and applicable laws.
• Complying with legal obligations, including responding to lawful requests from law enforcement or government agencies.
• Enforcing our Terms of Service and other agreements.

3.4 Analytics & Improvement

• Analyzing usage patterns to improve Website functionality and user experience.
• Conducting research and analysis to enhance our Services.
• Developing new features, products, and services.

3.5 Legal Basis for Processing

Where applicable, our legal bases for processing include:

• Contract Performance: Processing necessary to fulfill our contractual obligations to you.
• Legitimate Interests: Processing for our legitimate business interests (e.g., fraud prevention, network security, direct marketing) where not overridden by your rights.
• Legal Compliance: Processing required to comply with applicable laws and regulations.
• Consent: Where you have provided explicit consent for specific processing activities.

4. How We Share Information

We may share your information in the following circumstances:

4.1 Service Providers & Subprocessors

We engage third-party vendors to perform services on our behalf, including:

• Cloud hosting and infrastructure providers
• Remote monitoring and management (RMM) platforms
• Professional services automation (PSA) and ticketing systems
• Email and communication platforms
• Payment processors and billing systems
• Analytics and marketing tools
• Security tools (EDR/XDR, SIEM, backup platforms)

These providers are contractually bound to use information only for the purposes of providing services to us and must maintain appropriate security measures.

4.2 Business Transfers

In connection with any merger, acquisition, financing, reorganization, bankruptcy, or sale of company assets, your information may be transferred to the successor entity. We will notify you of any such change in ownership or control.

4.3 Legal Requirements

We may disclose information when required by law or in response to:

• Subpoenas, court orders, or other legal process
• Requests from law enforcement or government agencies
• To protect our rights, property, or safety, or that of our users or others
• To investigate suspected fraud, security issues, or policy violations

4.4 With Your Consent

We may share information with third parties when you have given us explicit consent to do so.

5. Cookies & Tracking Technologies

We use cookies and similar technologies to enhance your experience on our Website:

5.1 Types of Cookies We Use

Essential Cookies

Required for basic Website functionality, security, and authentication. Cannot be disabled.

Analytics Cookies

Help us understand how visitors interact with our Website (e.g., Google Analytics). Used to improve site performance and content.

Functional Cookies

Remember your preferences and settings to provide enhanced functionality.

Marketing Cookies

Used to deliver relevant advertisements and track campaign effectiveness. Only deployed with consent where required.

5.2 Managing Cookies

You can control cookies through:

• Browser Settings: Most browsers allow you to block or delete cookies. Note that disabling certain cookies may affect Website functionality.
• Opt-Out Tools: For Google Analytics, visit tools.google.com/dlpage/gaoptout.
• Global Privacy Control (GPC): We honor GPC signals where technically feasible.

5.3 Do Not Track

Some browsers offer a "Do Not Track" (DNT) feature. There is no uniform standard for responding to DNT signals; however, we honor GPC signals as described above.

6. Data Security

We implement administrative, technical, and physical safeguards designed to protect your information, including:

• Encryption: Data encrypted in transit (TLS 1.2+) and at rest where applicable.
• Access Controls: Role-based access, multi-factor authentication (MFA), and least-privilege principles.
• Monitoring: Continuous monitoring, logging, and alerting for suspicious activity.
• Vendor Management: Security assessments and contractual requirements for third-party providers.
• Employee Training: Regular security awareness training for all staff.
• Incident Response: Documented procedures for detecting, responding to, and reporting security incidents.

7. Data Retention

We retain personal information only as long as necessary for the purposes described in this Policy, or as required by law. Retention periods vary based on data type:

• Contact & Lead Information: Retained while you remain a prospect or customer, plus a reasonable period afterward for potential re-engagement (typically 3 years from last interaction).
• Contract & Billing Records: Retained for the duration of the business relationship plus 7 years (or longer if required by tax, accounting, or legal obligations).
• Support Tickets & Communications: Retained for 3 years after resolution for quality assurance and dispute resolution.
• System Logs & Security Data: Retained for 1–2 years for security monitoring and incident investigation.
• Cookie Data: Varies by cookie type, typically 13–24 months.

When information is no longer needed, we securely delete or anonymize it in accordance with our data retention procedures.

8. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you.
• Correction: Request correction of inaccurate or incomplete information.
• Deletion: Request deletion of your personal information, subject to legal retention requirements.
• Portability: Request your information in a structured, commonly used format.
• Opt-Out: Opt out of marketing communications at any time by clicking "unsubscribe" in emails or contacting us.
• Withdraw Consent: Where processing is based on consent, withdraw that consent at any time.

Exercising Your Rights

To exercise any of these rights, contact us at:

• Email: privacy@nolimitsystems.com
• Phone: (608) 285-2252
• Mail: No Limit Systems, LLC, Attn: Privacy, 1220 Femrite Dr. Ste 204, Monona, WI 53716

We will verify your identity before processing requests and respond within applicable legal timeframes (typically 45 days, with possible extensions). You will not be discriminated against for exercising your privacy rights.

9. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

9.1 Categories of Information Collected

In the past 12 months, we have collected the following categories of personal information:

• Identifiers: Name, email, phone, IP address, account credentials.
• Commercial Information: Service records, purchase history, billing information.
• Internet/Network Activity: Browsing history, interactions with our Website.
• Geolocation Data: General location inferred from IP address.
• Professional Information: Job title, company name, business contact information.
• Inferences: Preferences and characteristics derived from the above.

9.2 Your California Rights

• Right to Know: Request disclosure of what personal information we collect, use, disclose, and sell.
• Right to Delete: Request deletion of your personal information.
• Right to Correct: Request correction of inaccurate personal information.
• Right to Opt-Out of Sale/Sharing: We do not sell or share personal information for cross-context behavioral advertising.
• Right to Limit Use of Sensitive Personal Information: We do not use sensitive personal information for purposes beyond those permitted under CCPA/CPRA.
• Right to Non-Discrimination: We will not discriminate against you for exercising your rights.

9.3 Authorized Agents

You may designate an authorized agent to make requests on your behalf. We will require written authorization and verify your identity before processing agent requests.

9.4 Shine the Light

California Civil Code § 1798.83 permits California residents to request information about disclosure of personal information to third parties for direct marketing. We do not disclose personal information to third parties for their direct marketing purposes.

10. Wisconsin-Specific Disclosures

No Limit Systems is headquartered in Wisconsin and complies with applicable Wisconsin state laws:

10.1 Data Breach Notification (Wis. Stat. § 134.98)

In the event of a security breach involving your personal information, we will notify affected individuals and the Wisconsin Department of Agriculture, Trade and Consumer Protection as required by law. Notification will occur within a reasonable time after discovery, consistent with law enforcement needs and measures to determine scope.

10.2 Social Security Number Protection

We do not routinely collect Social Security numbers. If collected for specific business purposes (e.g., certain vendor/contractor relationships), we protect SSNs with enhanced safeguards and restrict access to authorized personnel only.

10.3 Consumer Protection

We comply with the Wisconsin Consumer Act and unfair trade practices laws. If you have concerns about our practices, you may contact the Wisconsin Department of Agriculture, Trade and Consumer Protection.

11. Children's Privacy

Our Website and Services are designed for businesses and are not directed to children under 16 years of age. We do not knowingly collect personal information from children under 13.

If you believe a child under 13 has provided personal information to us, please contact us immediately at privacy@nolimitsystems.com. We will promptly investigate and delete such information.

12. Third-Party Links & Services

Our Website may contain links to third-party websites, applications, or services not operated by us. This Privacy Policy does not apply to those third-party services.

We are not responsible for the privacy practices of third parties. We encourage you to review the privacy policies of any third-party services you access.

Examples of third-party services we may link to or integrate with include:

• Microsoft 365 and Google Workspace
• Payment processors
• Social media platforms
• Cloud service providers
• Business software vendors

13. International Data Transfers

No Limit Systems is based in the United States. If you access our Website or Services from outside the United States, your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your jurisdiction.

By using our Website or Services, you consent to the transfer of your information to the United States. We implement appropriate safeguards for any international transfers as required by applicable law.

14. Business Customers & Agreements

For business customers engaging our managed IT services, additional data protection terms may apply:

14.1 Data Processing Agreements (DPA)

We offer Data Processing Agreements to customers who require them for compliance with their own obligations. DPAs define the scope, nature, and purpose of data processing, as well as security requirements and subprocessor terms.

14.2 Business Associate Agreements (BAA)

For customers subject to HIPAA who require us to access protected health information (PHI), we will execute a Business Associate Agreement outlining our obligations as a Business Associate.

14.3 Other Compliance Frameworks

We support customers with various compliance requirements, including:

• PCI-DSS (for payment card environments)
• CJIS (for criminal justice information)
• SOC 2 / NIST CSF / ISO 27001 alignment

Contact info@nolimitsystems.com to request DPAs, BAAs, or discuss compliance requirements.

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors.

When we make material changes:

• We will update the "Last Updated" date at the top of this Policy.
• We may provide additional notice (e.g., email notification, Website banner) for significant changes.
• Your continued use of our Website or Services after changes become effective constitutes acceptance of the updated Policy.

We encourage you to review this Policy periodically.

16. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us: