HEX Logo
HEX

Privacy Policy

Your privacy and data protection are fundamental to our service delivery

Last updated: January 21, 2025

1. Introduction

HEX (operated by Hex One) ("we," "our," or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our managed IT services, including Microsoft 365 and Azure services.

This policy complies with the EU General Data Protection Regulation (GDPR), UK Data Protection Act 2018, and other applicable data protection laws. As a provider of managed IT services to European SMBs, we are committed to maintaining the highest standards of data protection.

2. Information We Collect

2.1 Personal Information

  • Name, email address, phone number, and job title
  • Company information and business contact details
  • Authentication credentials and access logs
  • Communication records with our support team

2.2 Technical Information

  • System configuration and performance data
  • Network traffic and security event logs
  • Device information and software inventory
  • Service usage patterns and performance metrics

2.3 Service Data

  • Microsoft 365 and Azure configuration data
  • Security assessment results and recommendations
  • Backup and recovery information
  • Incident reports and resolution records

3. How We Use Your Information

3.1 Service Delivery

  • Providing managed IT services and technical support
  • Managing and maintaining your Microsoft 365 and Azure environments
  • Monitoring system health and security status
  • Performing security assessments and incident response

3.2 Communication and Support

  • Responding to service requests and technical queries
  • Providing service notifications and security alerts
  • Delivering training and consultation services
  • Sending service updates and maintenance notifications

3.3 Legal Compliance

  • Meeting regulatory and compliance requirements
  • Maintaining audit trails and service records
  • Responding to lawful requests from authorities
  • Protecting against fraud and security threats

4. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information. We may share your data only in the following circumstances:

4.1 Service Providers

  • Microsoft and other technology partners for service delivery
  • Authorized subcontractors under strict confidentiality agreements
  • Cloud infrastructure providers with appropriate security measures

4.2 Legal Requirements

  • When required by law, regulation, or court order
  • To protect our rights, property, or safety
  • In connection with legal proceedings or investigations

5. Data Security

We implement comprehensive security measures to protect your data:

  • End-to-end encryption for data in transit and at rest
  • Multi-factor authentication and role-based access controls
  • Regular security audits and penetration testing
  • ISO 27001 aligned security management practices
  • Incident response procedures and breach notification protocols
  • Secure data centers with physical access controls

6. Data Retention

We retain your data for as long as necessary to provide services and comply with legal obligations:

  • Service data: Duration of service agreement plus 7 years
  • Security logs: 3 years for compliance and audit purposes
  • Communication records: 7 years for business continuity
  • Financial records: As required by applicable accounting standards

Data is securely deleted when retention periods expire, unless legal obligations require longer retention.

7. Your Rights Under GDPR

You have the following rights regarding your personal data:

  • Right to Access: Request copies of your data
  • Right to Rectification: Correct inaccurate data
  • Right to Erasure: Request data deletion
  • Right to Restrict Processing: Limit data usage
  • Right to Data Portability: Transfer your data
  • Right to Object: Oppose certain processing
  • Right to Withdraw Consent: For consent-based processing
  • Right to Lodge a Complaint: With supervisory authorities

To exercise your rights, contact us at [email protected]. We will respond within 30 days as required by GDPR.

8. International Data Transfers

As a global service provider, we may transfer data internationally:

  • Transfers are protected by appropriate safeguards (Standard Contractual Clauses)
  • Microsoft 365 and Azure data residency options are respected
  • EU-US Data Privacy Framework compliance where applicable
  • Regular adequacy assessments for international transfers

9. Contact Information

For privacy-related questions or to exercise your rights, contact us:

Data Protection Officer: Christian Egger

Email: [email protected]

Address: 68 CIRCULAR ROAD, #02-01, SINGAPORE 049422

Phone: +91 9212432445

10. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or applicable laws. We will notify you of significant changes via email or through our service platform. The "Last updated" date at the top of this policy indicates when it was last revised.

Your continued use of our services after policy changes constitutes acceptance of the updated terms.