Privacy Policy

‍IT Select Privacy Policy

This Privacy Policy explains how IT Select (“IT Select,” “we,” “us,” “our”) collects, uses, discloses, and protects personal information when you visit or interact with our websites, marketing, products, and services that link to this Privacy Policy (collectively, the “Services”).
Business Address (HQ): Rockville, Maryland, United StatesController (GDPR/UK GDPR): IT Select
1) Scope and definitions
This Privacy Policy applies to:Visitors to our websites and landing pagesProspects and customersPeople who register for events, webinars, or download contentPeople who communicate with us (email, phone, chat, forms)Business contacts and vendor contacts
“Personal Data” (GDPR) and “Personal Information” (many U.S. laws) generally mean information that identifies or can reasonably be linked to an individual.
If you are an employee, contractor, or job applicant, we may provide a separate notice for employment-related processing.
2) Information we collect
We collect information in three ways: (a) you provide it, (b) we collect it automatically, and (c) we obtain it from third parties.
A. Information you provide to usDepending on how you use the Services, we may collect:Identifiers and contact info: name, email, phone number, company, job title, business addressAccount and onboarding info: login credentials (hashed), profile details, preferencesCommunications: messages you send, meeting notes you share, support requests, recordings/transcripts if you consent and applicableMarketing and event info: registrations, attendance, dietary/accessibility info you choose to shareTransaction and billing info: invoicing contacts, payment status, and related business records (payment card data is typically processed by our payment processor, not stored by us, if applicable)Content you submit: form entries, uploads, feedback, survey responses
You may choose not to provide certain information, but some features may not work.
B. Information we collect automaticallyWhen you visit our websites or interact with emails, we may collect:Device and technical data: IP address, device type, browser, OS, language, approximate location (derived from IP), referral URLsUsage data: pages viewed, links clicked, time spent, session identifiers, conversion eventsCookie and tracking data: cookie IDs, analytics identifiers, advertising identifiers (where enabled)
C. Information from third partiesWe may obtain information from:Business data providers (e.g., professional contact databases)Marketing and analytics partnersSocial networks (if you interact with our pages or ads)Event partners and webinar platformsReferrers (someone who introduces you)Public sources (e.g., LinkedIn or company sites)
We use this to maintain accurate contact records and operate B2B marketing and sales responsibly.
3) How we use information
We use personal information for the following purposes:
A. Provide and operate the ServicesProvide requested content, proposals, demos, and servicesManage accounts, authentication, and customer supportProcess transactions and administer contractsMaintain internal records for service delivery
B. Business communicationsRespond to inquiries and schedule meetingsProvide service updates, operational messages, and administrative notices
C. Marketing and growth (with appropriate choices)Send newsletters and promotional communicationsRun webinars, events, and surveysMeasure campaign performance and conversionsTailor content based on inferred business interests
D. Security, integrity, and preventionDetect, prevent, and investigate fraud, abuse, and security incidentsDebug, maintain, and improve the ServicesProtect our rights, users, and business operations
E. Legal and complianceComply with legal obligations and lawful requestsEnforce our terms, resolve disputes, and maintain audit trails
F. Product and service improvementAnalyze usage trends and performanceDevelop and improve features, documentation, and user experience
4) Legal bases for processing (EEA/UK visitors)
If you are in the European Economic Area (EEA), Switzerland, or the United Kingdom, we rely on one or more of these legal bases:Consent (e.g., certain cookies, marketing where required)Contract (to provide requested Services or take steps you request)Legitimate interests (e.g., B2B marketing where permitted, security, improving services), balanced against your rightsLegal obligation (compliance, recordkeeping)
You can withdraw consent at any time (see “Your choices and rights”).
5) Cookies, tracking, and targeted advertising
We use cookies and similar technologies (pixels, SDKs, tags) for:Strictly necessary functionality (security, load balancing, consent preferences)Analytics (understand performance and improve)Functional preferences (remember settings)Advertising (where enabled) to measure and improve campaigns and, in some contexts, show interest-based ads
Cookie controls:Use our cookie banner and preference center: [link]Adjust browser controls and delete cookiesWhere available, you may use recognized opt-out preference signals (such as Global Privacy Control) to opt out of certain sharing/targeted advertising, subject to applicable law and technical feasibility.
Do Not Track: Some browsers offer “Do Not Track.” There is no universal standard, so we treat it as informational unless required by law. Where required, we honor recognized opt-out preference signals.
6) Marketing communications, email compliance, and SMS
Email marketingIf you opt in (or where permitted by law in a B2B context), we may send marketing emails. Our emails:Identify us as the senderInclude an unsubscribe mechanismInclude a valid business contact method/address
You can unsubscribe anytime using the link in the email. We may still send non-marketing operational messages (e.g., service notices).
This approach is designed to align with major email marketing requirements across jurisdictions (for example, CAN-SPAM in the U.S., GDPR/ePrivacy-style consent rules in the EU/UK, and similar opt-out/consent frameworks elsewhere). (High-level best practice alignment; your exact obligations depend on where your recipients are located and how you acquired the list.)
SMS/text marketing (if used)If we send SMS marketing, we will obtain consent where required, provide opt-out instructions, and comply with applicable carrier and legal requirements (including “STOP” style opt-outs where applicable). Message and data rates may apply.
7) How we share information
We may share personal information with:
A. Service providers (processors)Vendors who help us operate, such as:Hosting and content deliveryAnalytics and performance monitoringCRM and sales toolsEmail sending platforms and marketing automationCustomer support and ticketingEvent/webinar platformsSecurity and fraud preventionPayment processors (if applicable)
They are permitted to use personal information only to provide services to us and must protect it.
B. Business transfersIf we undergo a merger, acquisition, financing, or sale of assets, information may be transferred as part of that transaction, subject to standard confidentiality protections.
C. Legal, safety, and enforcementWe may disclose information to comply with law, respond to lawful requests, protect rights and safety, investigate fraud, or enforce agreements.
D. With your directionWe may share information when you request or authorize it (for example, if you ask us to connect you with a partner).
8) “Sale,” “sharing,” and targeted advertising (U.S. privacy concepts)
Some U.S. state laws define “sale” or “sharing” broadly to include certain disclosures (for example, to advertising/analytics partners using cookies for cross-context behavioral advertising). Where applicable, we provide opt-out mechanisms and honor legally required preference signals.
We do not sell personal information for money.However, depending on configuration, some cookie-based disclosures may be considered “sharing” or a “sale” under certain state definitions. If applicable, you may opt out via:“Do Not Sell or Share My Personal Information” link: [link]Cookie preference center: [link]
9) Sensitive data
We do not intend to collect sensitive data (such as government IDs, precise geolocation, biometric data, health information, or information about children) unless:You provide it voluntarily and it is necessary for a specific purpose you request, orWe are legally required/allowed to process it under applicable law
If you believe you provided sensitive data unintentionally, contact us to request deletion.
Maryland’s consumer privacy framework includes elevated expectations around data minimization and limitations on collecting and using sensitive data without meeting legal requirements.  
10) Children’s privacy
The Services are not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child provided personal information, contact us and we will take appropriate steps to delete it.
If your Services are used in contexts that could involve minors (even indirectly), you may need additional age-gating and state-specific youth provisions.
11) Data retention
We retain personal information only as long as reasonably necessary for:The purposes described in this policyLegitimate business needs (e.g., security logs, suppression lists, analytics)Legal, tax, and accounting requirementsContractual obligations and dispute resolution
Retention periods vary depending on data type and purpose. We may keep a minimal record of your opt-out request to ensure we respect it.
12) Security
We maintain administrative, technical, and physical safeguards designed to protect personal information, such as access controls, encryption in transit where appropriate, vendor risk management, and monitoring for suspicious activity. No method of transmission or storage is 100% secure, but we work to protect your information consistent with industry practices and risk.
13) International transfers
If you access our Services from outside the United States, your information may be transferred to and processed in the U.S. and other locations where we or our vendors operate.
For EEA/UK transfers, where required, we use appropriate safeguards such as:Standard Contractual Clauses (and UK addendum where applicable)Additional measures based on transfer risk assessments when appropriate
14) Your choices and rights
Your rights depend on where you live. We provide mechanisms to exercise applicable rights and will not discriminate against you for exercising them.
A. GDPR/UK GDPR rights (EEA/UK/Switzerland)Subject to applicable exceptions, you may have the right to:Access your dataCorrect inaccurate dataDelete your dataRestrict processingObject to processing (including certain direct marketing)Data portabilityWithdraw consent at any timeLodge a complaint with a supervisory authority
B. U.S. state privacy rights (including Maryland and other states)Depending on your state, you may have the right to:Confirm processing and access personal informationCorrect inaccuraciesDelete personal informationObtain a portable copyOpt out of targeted advertisingOpt out of certain “sales” or “sharing” as defined by lawOpt out of certain profiling decisions (in some states)Appeal a denial of a rights request
Maryland’s MODPA provides Maryland residents with data rights and imposes business obligations, and public guidance indicates the law is in effect with enforcement tied to processing activities beginning April 1, 2026.  
C. How to exercise rightsSubmit a request:Email: [privacy@itselect.com]Web form: [link]Mail: IT Select, Attn: Privacy, [full mailing address], Rockville, MD
We may verify your identity before completing certain requests. If you use an authorized agent (where allowed), we will require proof of authorization and may still verify you.
Appeals (where required): If we deny your request, you may appeal by contacting [appeals email] with “Privacy Appeal” in the subject line.
D. Marketing opt-outYou can opt out of marketing emails using the unsubscribe link in any message. You can also contact us to opt out.
15) Automated decision-making and profiling
We may use analytics and lead scoring to help prioritize B2B outreach and improve relevance. We do not use automated decision-making that produces legal or similarly significant effects on individuals without appropriate safeguards where required by law.
16) Third-party links and embedded content
Our Services may link to third-party sites or include embedded content (e.g., videos). We are not responsible for third-party privacy practices. Review their policies before providing information.
17) California notice (if applicable)
If you are a California resident, you may have additional rights under California law. We provide:A “Do Not Sell or Share” mechanism where required (see Cookies/Tracking and Sale/Sharing)Limits on use of sensitive personal information where applicableAdditional disclosures if we collect categories defined by California law
(If you actively market to California residents or meet thresholds, have counsel tailor this section and add the required category tables.)
18) Colorado/Connecticut/Virginia and opt-out preference signals (if applicable)
Where required, we honor legally recognized universal opt-out mechanisms for targeted advertising and sale/sharing as implemented (for example, Global Privacy Control), subject to technical feasibility and applicable scope.
19) Nevada (if applicable)
Nevada residents may have the right to opt out of certain sales of covered information. Contact us at [privacy@itselect.com].
20) Maryland-specific note
IT Select is headquartered in Maryland. We aim to apply data minimization and purpose limitation principles consistent with Maryland’s Online Data Privacy Act guidance and evolving enforcement expectations.  
21) Data breach notification
If we experience a security incident involving personal information, we will evaluate and provide notifications as required by applicable law and our contractual obligations. If we were to handle certain categories of consumer health data outside HIPAA contexts, FTC breach notification rules may impose specific notice requirements.  
‍