1. Introduction

Onyxion (“we,” “us,” or “our”) is committed to protecting the privacy and security of personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard personal data when you visit our website at onyxion.io, engage with our services, or interact with us in a business capacity.

This policy applies to all individuals whose personal information we process, including prospective clients, current clients, business contacts, website visitors, and participants in our training programs.

By using our website or engaging our services, you acknowledge that you have read and understood this Privacy Policy.

2. About Onyxion

Onyxion is a Cloud GTM advisory firm specializing in cloud adoption, data analytics, artificial intelligence, and IT asset management services. We provide business-to-business (B2B) consulting services including:

• Cloud migration and Proof of Value (PoV) services across Microsoft Azure, AWS, and Google Cloud Platform
• Data analytics and AI/ML implementation
• Generative AI solutions and strategy
• IT Asset Management (ITAM) and Financial Operations consulting
• Professional training and upskilling programs in Data, Analytics, and AI

Contact Information:
For privacy-related inquiries, please contact us at:
Email: [privacy@onyxion.io]
Address: [Company Address]

3. Information We Collect

3.1 Information You Provide Directly

We collect personal information that you voluntarily provide when you:

• Submit inquiry forms or request consultations
• Register for our training programs or bootcamps
• Subscribe to our newsletters or communications
• Enter into service agreements with us
• Communicate with us via email, phone, or other channels
• Attend our events, webinars, or workshops
• Apply for career opportunities

This information may include:

• Full name
• Job title and company name
• Business email address and phone number
• Billing and payment information
• Company size and industry
• Project requirements and business challenges
• Communication preferences
• Resume and professional qualifications (for job applicants)

3.2 Information We Collect Automatically

When you visit our website, we automatically collect certain technical information:

• IP address and geographic location
• Browser type and version
• Device information and operating system
• Pages visited and time spent on pages
• Referring website or source
• Date and time of access
• Clickstream data and user behavior patterns

We collect this information using cookies, web beacons, and similar tracking technologies. For more details, see Section 10 (Cookies and Tracking Technologies).

3.3 Information from Third-Party Sources

We may receive information about you from:

• Business partners and referral sources
• Publicly available sources (LinkedIn, company websites)
• Data enrichment services to enhance business contact information
• Cloud platform providers when delivering services on your behalf

3.4 Information Collected During Service Delivery

When providing consulting and implementation services, we may collect:

• Cloud service usage and performance data
• System configurations and technical specifications
• Training attendance and completion records
• Project documentation and deliverables
• Feedback and service evaluation responses

4. How We Use Your Information

We process personal information for the following purposes:

4.1 Service Delivery and Contract Performance

• Delivering cloud consulting, implementation, and advisory services
• Conducting Proof of Value assessments and demonstrations
• Providing data analytics and AI/ML implementation services
• Delivering training programs and educational content
• Managing project timelines and deliverables
• Providing technical support and assistance

4.2 Business Relationship Management

• Communicating about our services and responding to inquiries
• Managing client accounts and relationships
• Processing payments and maintaining billing records
• Sending service updates and important notices
• Scheduling meetings and consultations

4.3 Marketing and Business Development

• Sending marketing communications about our services (with consent)
• Distributing newsletters and thought leadership content
• Promoting events, webinars, and training programs
• Conducting market research and analyzing industry trends
• Generating leads and identifying business opportunities

4.4 Website and Service Improvement

• Analyzing website usage patterns and user behavior
• Improving website functionality and user experience
• Developing new services and features
• Conducting quality assurance and testing
• Measuring effectiveness of our marketing campaigns

4.5 Legal and Compliance Obligations

• Complying with legal requirements and regulatory obligations
• Enforcing our terms of service and agreements
• Protecting against fraud, security threats, and legal liability
• Responding to legal processes and government requests
• Maintaining business records for tax and accounting purposes

5. Legal Basis for Processing (GDPR)

For individuals in the European Economic Area (EEA), United Kingdom, and Switzerland, we process personal data based on the following legal grounds:

Legitimate Interest: We process business contact information based on our legitimate interests in conducting business development, client relationship management, and service improvement. We have conducted balancing tests to ensure our interests do not override individual privacy rights.

Contractual Necessity: Processing is necessary to perform our consulting services, deliver training programs, and fulfill contractual obligations with clients.

Consent: We obtain explicit consent for marketing communications, newsletter subscriptions, and other optional processing activities. You may withdraw consent at any time.

Legal Obligation: We process data to comply with tax laws, accounting requirements, and other legal obligations.

6. How We Share Your Information

We do not sell, rent, or trade personal information. We share information only in the following circumstances:

6.1 Service Providers and Business Partners

We engage third-party service providers who process data on our behalf, including:

• Cloud Service Providers:Microsoft Azure, Amazon Web Services (AWS), Google Cloud Platform for hosting and infrastructure
• Customer Relationship Management:CRM platforms for managing client relationships
• Email and Communications:Email service providers and marketing automation platforms
• Payment Processing:Payment processors for billing and invoicing
• Analytics Services:Website analytics providers (e.g., Google Analytics)
• Professional Services:Legal, accounting, and consulting firms as needed

All service providers are bound by data processing agreements and contractual obligations to maintain confidentiality and security.

6.2 Business Transfers

If Onyxion is involved in a merger, acquisition, asset sale, or other business transaction, personal information may be transferred as part of that transaction. We will provide notice and ensure continued protection of your information.

6.3 Legal Requirements

We may disclose personal information when required by law or in response to:

• Valid legal processes (subpoenas, court orders, search warrants)
• Government or regulatory inquiries
• Requests from law enforcement or public authorities
• Protection of our legal rights and property
• Prevention of fraud or security threats

6.4 With Your Consent

We may share information with other parties when you provide explicit consent or direction to do so.

7. International Data Transfers

Onyxion operates internationally and may transfer personal data across borders. When we transfer data from the EEA, UK, or Switzerland to countries without adequacy decisions, we implement appropriate safeguards:

• Standard Contractual Clauses (SCCs):We use European Commission-approved SCCs with data recipients in third countries
• Adequacy Decisions:We rely on adequacy decisions for transfers to countries with equivalent privacy protections
• Supplementary Measures:We implement additional technical and organizational measures to ensure data protection

We conduct transfer impact assessments to evaluate the adequacy of protections for international data transfers.

8. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy and comply with legal obligations.

Client Data: We retain client information for the duration of the business relationship and for 7 years thereafter to meet legal, tax, and accounting requirements.

Marketing Data: We retain marketing contact information until consent is withdrawn or after 3 years of inactivity.

Technical Logs: Website logs and technical data are retained for 90 days unless needed for security investigations.

Training Records: Training completion records are retained for 5 years for certification and verification purposes.

Job Applications: Application materials are retained for 2 years unless you request earlier deletion.

When data is no longer needed, we securely delete or anonymize it in accordance with our data retention schedule.

9. Your Privacy Rights

Depending on your location, you have the following rights regarding your personal information:

9.1 Access and Portability

You have the right to request access to your personal data and receive a copy in a structured, commonly used, machine-readable format.

9.2 Rectification

You can request correction of inaccurate or incomplete personal information.

9.3 Erasure (Right to be Forgotten)

You may request deletion of your personal data when:

• It is no longer necessary for the purposes collected
• You withdraw consent (where processing is based on consent)
• You object to processing and there are no overriding legitimate grounds
• The data was unlawfully processed

Note: We may retain certain information where required by law or for legitimate business purposes.

9.4 Restriction of Processing

You can request that we limit processing of your data in certain circumstances, such as while we verify accuracy or assess objections.

9.5 Objection

You have the right to object to processing based on legitimate interests or for direct marketing purposes. We will cease processing unless we have compelling legitimate grounds.

9.6 Withdraw Consent

Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.

9.7 Data Portability

You can request transfer of your data to another service provider in certain circumstances.

9.8 Lodge a Complaint

You have the right to lodge a complaint with your local data protection authority if you believe your privacy rights have been violated.

For EEA/UK residents: You can contact your national Data Protection Authority.
For California residents: You can contact the California Attorney General.

How to Exercise Your Rights

To exercise any of these rights, please contact us at:
Email: [privacy@onyxion.io]
Subject: Privacy Rights Request

We will respond to your request within 30 days (or as required by applicable law). We may need to verify your identity before processing your request.

10. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to enhance user experience and analyze website performance.

Types of Cookies We Use:

Essential Cookies: Necessary for website functionality, navigation, and security. These cannot be disabled.

Analytics Cookies: Help us understand how visitors use our website, including page views, traffic sources, and user behavior. We use Google Analytics and similar tools.

Marketing Cookies: Used to track visitors across websites and display relevant advertisements. These support our marketing campaigns and retargeting efforts.

Preference Cookies: Remember your settings and preferences for future visits.

Managing Cookies

You can control cookies through your browser settings. Most browsers allow you to:

• View and delete cookies
• Block third-party cookies
• Block all cookies (may affect website functionality)
• Receive notifications when cookies are set

You can also opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on available at: https://tools.google.com/dlpage/gaoptout

For more information about cookies and how to manage them, visit: www.allaboutcookies.org

11. Data Security

We implement robust technical and organizational security measures to protect personal information from unauthorized access, disclosure, alteration, and destruction:

Technical Measures:

• Encryption of data in transit (TLS/SSL) and at rest
• Secure authentication and access controls
• Regular security assessments and vulnerability testing
• Firewalls and intrusion detection systems
• Secure backup and disaster recovery procedures

Organizational Measures:

• Employee training on data protection and security
• Background checks for personnel with access to personal data
• Confidentiality agreements with employees and contractors
• Incident response and breach notification procedures
• Regular security audits and compliance reviews

Cloud Security: We leverage enterprise-grade security features provided by Microsoft Azure, AWS, and Google Cloud Platform, including:

• ISO 27001 certified infrastructure
• SOC 2 Type II compliance
• Regular third-party security audits
• Advanced threat detection and monitoring

While we strive to protect personal information, no security system is impenetrable. We cannot guarantee absolute security of data transmitted over the internet or stored on our systems.

12. Third-Party Links

Our website may contain links to third-party websites, services, or resources that are not operated by Onyxion. We are not responsible for the privacy practices or content of these external sites.

We encourage you to review the privacy policies of any third-party services before providing personal information. This Privacy Policy applies solely to information collected by Onyxion.

13. Children’s Privacy

Our services are intended for business and professional use only. We do not knowingly collect personal information from individuals under the age of 18.

If we become aware that we have collected personal data from a child under 18 without parental consent, we will take steps to delete that information promptly. If you believe we may have collected information from a child, please contact us immediately.

14. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Your California Rights:

Right to Know: You can request information about the personal information we have collected, used, disclosed, or sold about you in the past 12 months.

Right to Delete: You can request deletion of your personal information, subject to certain exceptions.

Right to Correct: You can request correction of inaccurate personal information.

Right to Opt-Out: You have the right to opt out of the sale or sharing of your personal information. Note: Onyxion does not sell personal information.

Right to Limit Use of Sensitive Personal Information: You can limit our use of sensitive personal information to specific purposes.

Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

California Disclosures:

Categories of Personal Information Collected: Business contact information, identifiers, commercial information, internet activity, and professional information.

Business Purposes: As described in Section 4 of this Privacy Policy.

Third-Party Sharing: As described in Section 6 of this Privacy Policy.

Retention Period: As described in Section 8 of this Privacy Policy.

Do Not Sell My Personal Information: We do not sell personal information to third parties. We may share information with service providers for business purposes as described in this policy.

To exercise your California privacy rights, contact us at [privacy@onyxion.io] or call [phone number]. We will verify your identity before processing requests.

Authorized Agents: You may designate an authorized agent to submit requests on your behalf. We may require proof of authorization and verify your identity.

15. Updates to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, services, or legal requirements. When we make material changes, we will:

• Update the “Last Updated” date at the top of this policy
• Notify you via email if you have provided contact information
• Post a prominent notice on our website
• Obtain consent if required by applicable law

We encourage you to review this Privacy Policy regularly to stay informed about how we protect your information. Your continued use of our services after changes indicates acceptance of the updated policy.

16. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Onyxion Privacy Team
Email: [privacy@onyxion.io]
Address: 86-50 Burnhamthorpe Road West, Mississauga, ON, Canada.
We will respond to your inquiry within a reasonable timeframe, typically within 30 days.

17. Supervisory Authority

If you are located in the EEA, UK, or Switzerland and believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with your local supervisory authority:

For EEA residents: Contact your national Data Protection Authority
For UK residents: Information Commissioner’s Office (ICO) – https://ico.org.uk
For Swiss residents: Federal Data Protection and Information Commissioner (FDPIC)

Acknowledgment

By using Onyxion’s website and services, you acknowledge that you have read, understood, and agree to this Privacy Policy and the collection, use, and disclosure of your personal information as described herein.

This Privacy Policy is effective as of the date stated above and applies to all personal information collected by Onyxion.