Privacy Policy

Welcome to Smart Information Technologies (“Smart IT Digital”).

This Privacy Policy describes how Smart Information Technologies collects, processes, stores, and protects personal and enterprise data in connection with our cloud migration, modernization, and digital consulting services.

This Policy applies to all visitors, clients, partners, and users (“Data Subjects”) interacting with our website, platforms, or professional services.

This Privacy Policy forms an integral part of our Terms of Use, Cookie Policy, and any applicable Data Processing Agreement (DPA).

Privacy Principles & Data Inaccessibility Model

Smart IT Digital operates under a Privacy-by-Design and Privacy-by-Default framework.

Our core principle is Data Inaccessibility, which means:

• We do not claim ownership of client data.
• We do not access client content unless technically required for service execution.
• Cryptographic control remains with the Client wherever technically feasible.
• Cloud architectures are designed so that Smart IT Digital acts as a technical facilitator, not a data owner.

Privacy safeguards are embedded at the architectural level of every engagement.

Roles Under Data Protection Law

Depending on the context of processing, Smart IT Digital may act as:

1. Data Controller
   • When processing website interaction data, business contact details, and communications.
2. Data Processor
   • When handling enterprise infrastructure, application data, or cloud configurations strictly under Client instruction.

Role definitions align with GDPR Articles 4, 24, and 28 and other applicable data protection regulations.

Categories of Data We Process

Operational & Business Data (Controller Role)

• Names and professional email addresses
• Job titles and organizational identifiers
• Website interaction telemetry (anonymized or aggregated)

Project & Technical Data (Processor Role)

• Infrastructure metadata (configurations, logs, IP ranges)
• Temporary staging data used during migration cutovers
• AI-related datasets (where contractually defined)

AI Safeguards

• Data sanitization and anonymization enforced
• No personally identifiable information (PII) permitted in AI training pipelines
• No client data used to train public or third-party AI models

Purpose & Legal Basis of Processing

We process data exclusively to:

• Architect and execute cloud migration and modernization projects
• Secure infrastructure using Zero-Trust identity frameworks
• Optimize cost, scalability, and performance (FinOps practices)
• Comply with regulatory frameworks such as GDPR, DORA, and applicable AI laws

Legal Bases Include:

• GDPR Article 6(1)(b): Contractual necessity
• GDPR Article 6(1)(f): Legitimate interests
• GDPR Article 6(1)(a): Explicit consent (where legally required)

We do not process data beyond the scope defined by contractual or legal obligations.

Third-Party Cloud Providers & Sub-Processors

Smart IT Digital facilitates migration to hyperscale cloud providers including:

• Amazon Web Services (AWS)
• Microsoft Azure
• Google Cloud Platform (GCP)

Once infrastructure is deployed, data governance is subject to the Client’s contractual relationship with the respective cloud provider.

We:

• Configure sovereign and regional data controls
• Do not authorize cross-border access without client instruction
• Do not disclose project data to marketing or advertising entities

Data Sovereignty & Cross-Border Transfers

Data residency and sovereignty are treated as legal constraints, not preferences.

• EU data is retained within EU-designated regions by default
• Cross-border transfers occur only when operationally required
• Transfers are safeguarded using Standard Contractual Clauses (SCCs)
• Technical access restrictions
• Encryption and cryptographic key segregation