Privacy Policy

Who is RP Tech Services and how do you contact the privacy team?

RP Tech Services is a managed IT services provider headquartered at 15 W. 38th Street, New York, NY 10018, serving 300+ small and mid-sized businesses across New York City, New Jersey, Pennsylvania, and Florida since 2002. First, the privacy team handles all data access requests within 30 days. Second, the support team responds to inbound questions in under 15 minutes during business hours at 888-788-8292. Finally, written privacy requests route to [email protected] with a 72-hour acknowledgment target. According to the 2024 IAPP privacy benchmark report, 67% of SMBs lack a documented privacy contact, which delays breach response by an average of 4 days. RP Tech Services publishes this contact path directly on the Privacy Policy page to meet New York SHIELD Act and Florida FIPA notification standards for managed IT vendors.

• Office: 15 W. 38th Street, New York, NY 10018
• Privacy email: [email protected] (72-hour acknowledgment)
• Phone: 888-788-8292 (under 15-minute response window)

What personal information does RP Tech Services collect?

Personal information is any data that identifies a website visitor, contact-form submitter, or managed IT client. RP Tech Services collects two categories. First, voluntary form data: name, company, email, phone number, and IT requirements submitted through the contact page or quote request. Second, automatic browser data: IP address, browser type, pages visited, time on page, and referring URL, captured through Google Analytics 4 and standard server logs. According to a 2024 Pew Research survey, 79% of Americans want clarity on what websites collect. RP Tech Services limits automatic collection to 14 months of Google Analytics 4 retention, the platform default. Voluntary form data routes to a HubSpot CRM instance secured with Microsoft 365 single sign-on and SentinelOne endpoint protection. No payment card data is collected on redpaladin.com; billing flows through a separate PCI DSS-aligned processor.

• Voluntary: name, company, email, phone, IT needs
• Automatic: IP, browser, pages, referrer (Google Analytics 4)
• Retention: 14 months for analytics, 36 months for CRM records

How does RP Tech Services use the information collected?

RP Tech Services uses collected information for four defined purposes: responding to inbound inquiries, sending relevant managed IT resources, improving the redpaladin.com website, and meeting legal obligations under the New York SHIELD Act and HIPAA business associate agreements. First, contact-form data routes to a sales engineer for a sub-15-minute response. Second, automatic analytics inform page redesign decisions through quarterly reviews. Finally, account records support invoicing and contractual reporting for clients on managed plans averaging $2,500 per user per month. According to a 2025 Forrester report, 81% of B2B buyers expect a vendor response within 1 hour. RP Tech Services does not sell personal information, does not rent contact lists, and does not share data with external marketing brokers. Authorized vendors include Microsoft 365, HubSpot, Google Analytics 4, and Barracuda, each bound by written confidentiality terms.

• Respond to inquiries within 15 minutes during business hours
• Send opt-in resources about managed IT, security, and cloud
• No sale, rental, or broker sharing of personal data

Which third-party vendors process RP Tech Services data?

Third-party processors are vendors that handle data on behalf of RP Tech Services under written data processing agreements. First, Google Analytics 4 measures anonymized traffic patterns across redpaladin.com but does not identify visitors unless a form is submitted. Second, HubSpot CRM stores contact-form submissions for sales follow-up, retained for 36 months or until deletion is requested. Finally, Microsoft 365 hosts email and document workflows under a Microsoft Data Protection Addendum aligned to GDPR Article 28 and the NIST CSF framework. According to a 2024 Gartner vendor risk study, 60% of SMB data incidents originate with third-party processors. RP Tech Services reviews vendor SOC 2 Type II reports annually and limits processor access to the minimum data required. Disclosure to law enforcement occurs only with a valid court order, subpoena, or New York State Attorney General request, and the affected client receives notice unless legally prohibited.

• Google Analytics 4: anonymized traffic measurement
• HubSpot CRM: contact-form retention, 36 months default
• Microsoft 365: email, documents, NIST CSF aligned

What privacy rights do website visitors have?

Privacy rights are the legal entitlements a website visitor or client has to access, correct, delete, or restrict processing of personal data held by RP Tech Services. First, visitors may request a copy of stored records by emailing [email protected] with the subject line Privacy Request. Second, the privacy team verifies identity within 5 business days using a confirmation email or phone callback to 888-788-8292. Finally, the team fulfills access, deletion, or correction requests within 30 days, matching the New York SHIELD Act and California CCPA response window. According to a 2025 DataGrail report, the average enterprise takes 26 days to fulfill a data subject request. RP Tech Services targets 15 days for New York, New Jersey, Pennsylvania, and Florida residents. Email opt-out is immediate through the unsubscribe link in every marketing message sent through HubSpot.

• Access: receive a copy of stored personal information
• Delete: request removal within 30 days of verified request
• Opt-out: one-click unsubscribe from marketing emails

How are updates to this RP Tech Services privacy policy communicated?

Policy updates are revisions to the published RP Tech Services privacy practices, triggered by changes in law, vendor relationships, or internal processes. First, the privacy team reviews this policy on a quarterly cadence against the New York SHIELD Act, Florida FIPA, HIPAA, and NIST CSF guidance. Second, material changes update the Effective date and Last updated fields at the top of the Privacy Policy page. Finally, active managed IT clients receive an email notification at least 30 days before substantive changes take effect. According to a 2024 OneTrust compliance survey, 54% of organizations update privacy policies less than once per year, increasing regulatory risk. RP Tech Services maintains a 90-day maximum review interval. The current effective date is January 1, 2025, and continued use of redpaladin.com after a posted change constitutes acceptance of the revised policy under New York contract law.

• Quarterly review against SHIELD Act, FIPA, HIPAA, NIST CSF
• Effective date updated on every material change
• 30-day advance email notice to managed IT clients

Frequently asked