Privacy & Data Protection Notice

Last updated: November 2025

1. Introduction

Alphega Solutions, LLC (“Alphega Solutions”, “we”, “us”, “our”) is committed to protecting the privacy and security of personal information entrusted to us.

This Privacy & Data Protection Notice explains how we collect, use, disclose, and safeguard personal information when you:

• Visit our website
• Submit a contact or inquiry form
• Request a consultation, briefing, or capability overview
• Interact with us in the course of exploring or receiving our services

This notice is designed for public sector, healthcare, and regulated enterprise clients and their representatives.

2. Who We Are

Alphega Solutions, LLC is a consulting firm providing cloud, cybersecurity, software, workflow automation, and IT enablement services for public sector, healthcare, and regulated enterprises.

If you have questions about this notice or how we handle personal information, you can contact us using the details above.

3. Scope of This Notice

This notice covers:

• Personal information collected through our website and related online forms
• Personal information collected from you or your organization during pre-sales, contracting, and delivery of consulting services
• Communications with us by email, phone, video conference, or messaging platforms

This notice does not replace or override any specific contractual terms (including Business Associate Agreements, data processing agreements, or government contracts) that may govern our handling of client or agency data in particular engagements. Where there is a conflict, the contract prevails.

4. Information We Collect

4.1 Information you provide directly

We may collect the following categories of information when you interact with us:

• Contact details: name, job title, organization, business email, business phone, mailing address
• Inquiry details: information you submit via contact forms, RFP/RFQ requests, or consultation requests
• Account or access details: if we set up accounts for shared project tools (e.g., portals, collaboration platforms), we may store associated usernames and business contact information
• Engagement-related information: information about your projects, systems, requirements, or environments that you choose to share with us during discussions or delivery of services
• Feedback: survey responses, testimonials, or feedback on our services

We request that you do not submit unnecessary sensitive personal information via the website (for example, detailed medical information, social security numbers, or payment card data).

4.2 Information we collect automatically

When you use our website, we may automatically collect:

• Technical information: IP address, browser type and version, device identifiers, operating system
• Usage information: pages visited, time spent on pages, navigation paths, referring website, date and time of visits
• Cookie data: information stored in cookies or similar technologies, primarily for basic site functionality and analytics

We do not use our website for ad-tech profiling or targeted advertising.

5. Protected Health Information (PHI) and Client Data

Our public website is intended for informational and business contact purposes only. It is not intended for submitting detailed medical information or PHI.

When we handle PHI or other regulated data as part of healthcare or public sector engagements, that processing is governed by separate contracts (e.g., Business Associate Agreements, data protection agreements, or government contracts) which define scope, controls, and responsibilities.

Those contracts may include additional or different obligations from this notice. In case of conflict, the contract terms control.

If you are a patient or service user, use the channels specified by your provider or practice (such as patient portals or clinical systems), not this website, to share clinical information.

6. How We Use Personal Information

We use personal information for the following purposes:

To respond to inquiries and requests
Handling contact form submissions, emails, and consultation or briefing requests.

To manage client and partner relationships
Communicating about proposals, contracts, statements of work, project planning, and service delivery.

To provide and improve our services
Planning and delivering cloud, security, software, automation, and IT enablement services; understanding how our site and materials are used so we can improve content and usability.

To meet legal and contractual obligations
Complying with applicable laws and regulations, fulfilling obligations in contracts, and maintaining appropriate records.

To protect security and prevent misuse
Detecting, investigating, and preventing fraud, abuse, or security incidents involving our systems and website.

We do not sell personal information.

7. Legal Bases for Processing (EU/UK Visitors)

Where applicable (e.g., if you are in the EU/EEA or UK), we rely on the following legal bases:

• Legitimate interests: responding to your requests, managing client relationships, securing our systems, and improving our services.
• Contract performance: taking steps at your request prior to entering into a contract and fulfilling our obligations under a contract.
• Legal obligations: complying with applicable laws, regulations, and regulatory requirements.
• Consent: where required for certain cookies/analytics or specific communications; you can withdraw consent at any time.

8. How We Share Information

We may share personal information with:

Service providers and vendors
Third parties that provide services on our behalf, such as hosting providers, email and communications platforms, CRM systems, analytics tools, and IT/security services. These providers are required to handle personal information under appropriate contractual safeguards.

Clients and partners
When necessary to deliver a project, and where information relates to their personnel or systems, in line with contract terms and confidentiality obligations.

Professional advisors
Legal, accounting, or consulting advisors, where reasonably necessary to manage risk, obligations, or disputes.

Authorities or regulators
When required by law, regulation, subpoena, or court order, or to protect rights, safety, or security.

We do not share personal information with third parties for their independent marketing purposes.

9. International Transfers

Depending on your location and our service providers’ locations, personal information may be transferred across borders.

When required by law, we implement appropriate safeguards for such transfers, which may include:

• Standard contractual clauses or equivalent mechanisms
• Contractual requirements for service providers to implement appropriate security measures

10. Data Security

We apply technical and organizational measures appropriate to the nature of the personal information we process, including:

• Access controls and authentication for systems containing personal information
• Encryption and secure transport of data where appropriate
• Logging and monitoring for key systems
• Restricted access to personal information based on role and need-to-know
• Policies and procedures covering information security and acceptable use

No system can be guaranteed 100% secure, but we design and operate our environments with security as a priority and align them with industry standards and regulatory expectations for our sectors.

11. Data Retention

We retain personal information only as long as necessary to:

• Fulfill the purposes described in this notice
• Satisfy legal, regulatory, or contractual requirements
• Resolve disputes and enforce agreements

Retention periods vary depending on the type of information and context (e.g., inquiry vs. formal engagement vs. regulated records). Where contracts specify retention requirements (such as government or healthcare engagements), those requirements govern.

12. Your Rights

Depending on your jurisdiction, you may have some or all of the following rights:

• Access: to request confirmation whether we process your personal information and obtain a copy.
• Correction: to request correction of inaccurate or incomplete personal information.
• Deletion: to request deletion of personal information, subject to legal and contractual limitations.
• Restriction: to request restriction of processing in certain circumstances.
• Objection: to object to certain types of processing (e.g., based on legitimate interests).
• Portability: to request a copy of certain information in a structured, commonly used format.
• Withdrawal of consent: where processing is based on consent.

To exercise any of these rights, contact us at:

We may need to verify your identity before fulfilling a request and may be unable to comply where legal or contractual obligations require us to retain certain information.

If you believe we have not handled your information appropriately, you may also have the right to lodge a complaint with your local data protection authority or regulator.

13. Cookies and Similar Technologies

Our website may use cookies and similar technologies for:

• Essential site functionality
• Basic analytics (e.g., understanding page visits and navigation paths)

If required by law, we will provide a cookie banner or consent mechanism that allows you to manage certain cookie preferences.

You can adjust cookie settings in your browser; however, disabling certain cookies may affect site functionality.

14. Third-Party Links

Our website may contain links to third-party websites or services. We are not responsible for the privacy or security practices of those third parties. We recommend reviewing their privacy notices before providing any personal information.

15. Children’s Privacy

Our website and services are directed to organizations and professionals, not to children. We do not knowingly collect personal information from children. If you believe a child has provided personal information to us, contact us so we can take appropriate action.

16. Changes to This Notice

We may update this Privacy & Data Protection Notice from time to time to reflect changes in our practices, services, or legal requirements. The “Last updated” date at the top of the page will indicate when changes were made.

Material changes will be highlighted or communicated as appropriate.

17. Contact

For questions, requests, or concerns regarding this notice or our handling of personal information, please contact: