Privacy & Cookies

This Privacy & Cookies Policy (the "Policy") explains how Tonystam LLC ("Tonystam," "we," "us") collects, uses, shares and protects personal data in connection with the website at www.tonystam.com and any sub-site (the "Site") and our business relationships. In this Policy, "personal data" (or "personal information") means any information relating to an identified or identifiable individual.

Who this Policy is for. Tonystam provides services primarily to businesses, organisations and professionals (B2B). This Policy applies to website visitors, prospective and existing client contacts, and newsletter subscribers. Where you deal with us as a consumer (an individual acting outside a trade or profession), the consumer-specific points highlighted below also apply to you.

Scope — EU and United States. Because we operate from the United States and serve clients worldwide, this Policy addresses both the EU/UK General Data Protection Regulation (GDPR) and United States privacy laws, including the California Consumer Privacy Act as amended by the California Privacy Rights Act (together, "CCPA/CPRA") and comparable state laws. Where a specific framework grants you particular rights, those are set out in the "Your privacy rights" section.

1. Who we are and how to contact us

The controller responsible for personal data processed under this Policy is:

• Tonystam LLC
• 8 The Green, Suite A, Dover, DE 19901, United States
• Privacy contact: info@tonystam.us

Tonystam is established in the United States. Where Article 27 GDPR requires us to designate a representative in the European Union or the United Kingdom for individuals located there, the representative's details will be published here and made available on request.

2. Our two roles, in more detail

When we act as controller

We are the controller for personal data we collect and decide the purposes of — for example, when you browse the Site, submit the contact form, subscribe to our newsletter, request a quote, or when we manage our relationship with a client, prospect or supplier. The rest of this Policy describes that processing.

When we act as processor

When you are our client, the personal data contained in the services we host or operate for you (for example, the contents of your hosting account, mailboxes or cloud workspace) is processed on your behalf and on your documented instructions. For that data, you are the controller and Tonystam is the processor; the applicable terms — including security, sub-processors and international transfers — are set out in our General Terms. If you need a separate signed data-processing agreement, contact info@tonystam.us.

3. Personal data we collect

Information you give us

When you contact us, request a quote, subscribe to the newsletter, or become a client, you may provide: your name, business name and role, e-mail address, telephone number, postal address, the content of your message or enquiry, account and billing details, and any other information you choose to share. For client accounts and the client area, this may also include usernames and credentials.

Information we collect automatically

When you use the Site, we (and our service providers) may collect: your IP address, approximate location derived from it, device and browser type, operating system, language, access times, the page or source you arrived from, the pages you view, and how you interact with the Site. Most of this information is collected through cookies and similar technologies and, where it is not strictly necessary, only with your consent (see "Cookies and similar technologies").

Information from other sources

We may receive personal data from our subcontractors and service providers in connection with the Site, and from publicly available sources (for example, a company website or a public business directory).

Special categories. We do not intentionally collect special-category data (such as data revealing health, ethnicity, religion or political opinions). Please do not submit such data through our forms.

For US state-law purposes, the categories of personal information we may collect are: identifiers (such as name, e-mail, postal address, IP address); commercial information (such as services enquired about or purchased); internet or network activity (such as browsing and interaction with the Site); geolocation (approximate, from IP); and professional information (such as company and job role). We do not knowingly collect sensitive personal information through the Site.

4. Why we use your data and our legal bases

We use personal data to: respond to your enquiries and provide quotes; provide, maintain and support our products and services; manage our client, prospect and supplier relationships and billing; operate, secure and improve the Site; send our newsletter and service communications where permitted; comply with legal, tax and accounting obligations; and establish, exercise or defend legal claims.

EU / UK legal bases

Where the GDPR applies, we rely on one or more of the following legal bases:

• Performance of a contract (Art. 6(1)(b)) — to respond to enquiries, prepare quotes and provide our services to you;
• Legitimate interests (Art. 6(1)(f)) — to run and secure the Site, prevent misuse, understand and improve our services, and carry out limited business-to-business marketing, balanced against your rights;
• Consent (Art. 6(1)(a)) — for non-essential cookies and analytics, and for newsletter sign-ups where consent is required; you may withdraw consent at any time;
• Legal obligation (Art. 6(1)(c)) — to meet accounting, tax and other legal requirements.

United States

Where US state privacy laws apply, we process personal information for the business and commercial purposes described above. We do not sell your personal information for money, and we do not "sell" or "share" it for cross-context behavioural advertising as those terms are defined under the CCPA/CPRA. If this ever changes, we will update this Policy and provide a clear opt-out mechanism before doing so.

5. Cookies and similar technologies

A cookie is a small file placed on your device when you visit a website; similar technologies include pixels and local storage. They let a site remember your actions and preferences and help us understand how the Site is used.

Categories of cookies

• Strictly necessary — required to run the Site and keep it secure. These are always active and do not require consent.
• Analytics / performance — help us understand how visitors use the Site so we can improve it. These run only with your consent.
• Functionality — remember choices such as language or region. These run only with your consent.
• Advertising — we do not currently use advertising cookies; if we introduce them, they will run only with your consent.

Managing your consent

On your first visit we show a consent banner. Until you accept, non-essential cookies are blocked: we use Google Consent Mode, which keeps analytics and advertising storage set to "denied" by default and only updates it if you give consent. You can change or withdraw your choice at any time using the "Cookie Settings" link in the footer, or through your browser settings, which let you refuse or delete cookies (this may affect how the Site works).

Where enabled and subject to your consent, the Site may use Google services such as Google Analytics and Google Tag Manager to measure usage, and may use Google Fonts and Google reCAPTCHA to display content correctly and protect forms from abuse. These services are provided by Google LLC and are subject to Google's own privacy terms. Session cookies expire when you close your browser; persistent cookies last for a defined period, typically from a few months up to about two years.

6. How we share personal data

We do not sell your personal data. We share it only as needed and under appropriate safeguards, with:

• Service providers and processors that work on our behalf — for example, hosting and infrastructure, e-mail, analytics (where enabled), payment processing, and customer support / ticketing — under contracts that require them to protect the data and use it only for the services they provide to us;
• Google LLC, in connection with Google Workspace, Google Cloud and Google website services;
• Professional advisers (such as accountants, auditors and lawyers) where necessary;
• Authorities and other parties where required by law, or to establish, exercise or defend legal claims;
• Successors in the event of a merger, acquisition, financing or reorganisation, subject to this Policy.

7. International data transfers

We are based in the United States and operate internationally. Depending on the service, personal data may be stored and processed in both the European Union and the United States, and may be accessed by sub-processors located in those regions.

Where personal data is transferred out of the EEA or the United Kingdom, we rely on an appropriate transfer mechanism — typically the European Commission's Standard Contractual Clauses (and the UK International Data Transfer Addendum where applicable), together with any supplementary measures required. Where a recipient (such as Google) is certified under the EU–US Data Privacy Framework and its UK extension, we may also rely on that framework. You can request information about the safeguards we use by emailing info@tonystam.us.

8. How long we keep your data

We keep personal data only for as long as necessary for the purposes described in this Policy, and then delete or anonymise it. In practice: enquiry and contact data is kept for the time needed to deal with your request and a reasonable period afterwards; client and billing records are kept for as long as the relationship lasts and for the periods required by tax and accounting law (generally up to six years for invoicing and accounting records in both the United States and the European Union); and newsletter data is kept until you unsubscribe. We may keep certain data longer where a law requires it or to defend legal claims.

9. How we protect your data

We apply appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse or alteration. These include encryption of data in transit, access controls on a need-to-know basis, authentication, and storage on secured systems with restricted access. No method of transmission or storage is completely secure, but we work to protect your data and to review our measures over time.

10. Your privacy rights

EU / EEA and the United Kingdom (GDPR)

Subject to the conditions in the law, you have the right to: access your personal data and receive a copy; request rectification of inaccurate or incomplete data; request erasure; request restriction of processing; object to processing based on legitimate interests and, at any time, to direct marketing; receive your data in a portable format (data portability); and withdraw consent at any time without affecting prior processing. You also have the right to lodge a complaint with your local data-protection supervisory authority.

United States — California and other states

Depending on your state of residence (for example, California under the CCPA/CPRA, and Virginia, Colorado, Connecticut, Utah, Texas and other states with comparable laws), you may have the right to: know / access the personal information we hold about you and how we use it; request deletion; request correction; opt out of the sale or sharing of personal information and of targeted advertising; limit the use of sensitive personal information; and not be discriminated against for exercising your rights. As noted above, we do not sell or share personal information, so no opt-out is currently needed; if that changes we will provide one. California residents may also request information about disclosures for a business purpose.

How to exercise your rights

To exercise any right, email info@tonystam.us with enough detail for us to identify you and your request. We will respond within the time required by the applicable law and free of charge, subject to legal limits. We may need to verify your identity before acting, and you may use an authorised agent where the law allows. If we decline a request, you may, where the law provides, appeal by replying to our response. You also have the right to complain to your supervisory authority (EU/UK) or to your state Attorney General (US).

11. Newsletter and marketing communications

If you subscribe to our newsletter, we use your e-mail address to send occasional updates about IT, cloud and Google Workspace, and about our services. Subscribing is designed to be quick: you are added as soon as you submit your e-mail address. We keep a record of each subscription so we can demonstrate consent and honour your choices; this record may include your e-mail address and the date, time and source of the sign-up.

You can unsubscribe at any time using the link in every e-mail or by emailing info@tonystam.us; we will stop promptly. Our legal basis is your consent (EU/UK), or our legitimate interest in contacting existing business customers about similar services where the law allows. For recipients in the United States, our e-mails identify us, include a valid postal address and a working opt-out, and we honour opt-outs as required by the CAN-SPAM Act.

12. Children's privacy

The Site is intended for businesses and adults and is not directed to children. We do not knowingly collect personal data from children under 16 (or under 13 in the United States). If you believe a child has provided us with personal data, contact us and we will delete it.

13. Automated decision-making

We do not make decisions producing legal or similarly significant effects about you based solely on automated processing.

14. Third-party links and services

The Site may link to third-party websites and services that have their own privacy policies. We are not responsible for their content or privacy practices, and we encourage you to read their policies before providing personal data.

15. Changes to this Policy

We may update this Policy from time to time. If we make material changes, we will post a notice on this page and on the Site, and update the Effective Date above. We encourage you to review this Policy periodically.

16. How to contact us

For any question about this Policy or about how we handle your personal data, or to exercise your rights, contact us at info@tonystam.us or by post at Tonystam LLC, 8 The Green, Suite A, Dover, DE 19901, United States — Attention: Privacy.

---

See also our General Terms.