Privacy Policy

Last Updated: December 2025

Overview

Q C Grant Ltd. (“we,” “us,” or “our”) is committed to protecting the privacy and security of personal information. As a cybersecurity and IT consulting firm, we understand the critical importance of data protection and handle all information with the highest security standards. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you visit our website or engage our services.

This policy complies with applicable data protection regulations and industry best practices.

Information We Collect

Information You Provide:

Contact information (name, email, phone, company name, job title)
Service inquiry details and project requirements
Information provided during consultations, assessments, or service delivery
Business documentation shared for security assessments
Authentication credentials for authorized service delivery (stored encrypted)

Automatically Collected Information:

Website usage data (pages visited, session duration, referring sites)
Technical information (IP address, browser type, operating system, device information)
Cookies and similar tracking technologies (see Cookies section)
Security logs for threat detection and prevention

How We Use Your Information

We use collected information to:

Respond to inquiries and provide requested cybersecurity and IT services
Conduct security assessments, vulnerability testing, and compliance audits
Communicate about services, critical security updates, and threat advisories
Improve our website security and service delivery
Comply with legal obligations, regulatory requirements, and professional standards
Detect, prevent, and respond to security incidents and fraud
Maintain audit trails as required for cybersecurity engagements

Legal Basis for Processing: We process personal information based on contractual necessity, legitimate business interests, legal compliance, and your explicit consent where required.

We do not sell, trade, or rent personal information to third parties. We may share information only in the following circumstances:

With Your Consent: When you explicitly authorize information sharing
Service Providers: With trusted vendors under strict confidentiality and data processing agreements (e.g., cloud infrastructure providers, security tools)
Legal Requirements: When required by law, court order, or governmental authority
Security & Protection: To protect our rights, property, safety, or that of our clients and the public
Business Transfers: In the event of a merger, acquisition, or sale of assets (with continued privacy protections)
Professional Advisors: With legal, accounting, or consulting professionals bound by confidentiality obligations

All third-party service providers are required to maintain security standards equivalent to our own.

Data Security

As a cybersecurity firm, we implement enterprise-grade security measures to protect personal information:

Technical Safeguards:

End-to-end encryption for data in transit (TLS 1.3+)
AES-256 encryption for data at rest
Multi-factor authentication (MFA) for system access
Network segmentation and firewall protection
Intrusion detection and prevention systems (IDS/IPS)
Regular vulnerability scanning and penetration testing
Secure backup procedures with encrypted off-site storage

Organizational Safeguards:

Role-based access controls and principle of least privilege
Background checks for personnel with data access
Regular security awareness training for staff
Incident response procedures and breach notification protocols
Annual third-party security audits
Vendor security assessments and due diligence

Physical Safeguards:

Secure data center facilities with environmental controls
Physical access controls and monitoring
Secure disposal procedures for physical media

While we employ industry-leading security practices, no system is completely impenetrable. We maintain incident response capabilities and will notify affected parties promptly in accordance with applicable breach notification laws.

Your Rights

Under applicable data protection laws, you have the right to:

Access: Request copies of personal information we hold about you
Rectification: Request correction of inaccurate or incomplete information
Erasure: Request deletion of your personal information (subject to legal retention requirements)
Restriction: Request limitation of processing in certain circumstances
Portability: Receive your data in a structured, machine-readable format
Objection: Object to processing based on legitimate interests
Opt-Out: Unsubscribe from marketing communications at any time
Withdraw Consent: Revoke previously granted consent
Complaint: Lodge a complaint with relevant data protection authorities

To exercise these rights, contact us using the information provided below. We will respond within 30 days.

Data Retention

We retain personal information only as long as necessary to fulfill the purposes outlined in this policy or as required by law:

Client Data: For the duration of the service engagement plus 7 years (or as required by applicable regulations)
Marketing Data: Until you opt-out or 3 years of inactivity
Website Logs: 90 days unless required for security investigations
Security Incident Data: As required for legal and regulatory compliance

Data is securely deleted or anonymized when no longer required, using industry-standard data sanitization methods.

Cookies & Tracking Technologies

Our website uses cookies to enhance security, functionality, and user experience:

Essential Cookies: Required for website operation, security, and authentication Analytics Cookies: To understand website usage and improve performance (anonymized) Security Cookies: To detect and prevent malicious activity

You can control cookie settings through your browser preferences. Disabling essential cookies may impact website functionality.

We do not use third-party advertising cookies or trackers.

International Data Transfers

Our services operate primarily within the Caribbean region. If personal information is transferred internationally, we ensure appropriate safeguards are in place, including:

Standard contractual clauses
Data processing agreements
Adequacy decisions (where applicable)
Encryption during transit

Third-Party Links

Our website may contain links to third-party sites. We are not responsible for the privacy practices of external websites. We recommend reviewing the privacy policies of any third-party services you access.

Children’s Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from minors. If we become aware of such collection, we will promptly delete the information.

Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or business operations. Material changes will be communicated via:

Prominent notice on our website
Email notification to registered users
Updated “Last Updated” date

Continued use of our services after changes constitutes acceptance of the updated policy.

Data Protection Officer

For privacy-related questions, requests, or concerns, contact our Data Protection Officer:

Q C Grant Ltd.
32 Kennedy Avenue
Roseau, Dominica

Email: [email protected]
Phone: +1 767 275 3290
Response Time: Within 48 business hours

Compliance & Certifications

Q C Grant Ltd. maintains compliance with:

Industry-standard cybersecurity frameworks (NIST, ISO 27001 principles)
Caribbean data protection requirements
International best practices for information security

Security Incident Reporting

If you suspect a security incident or data breach involving your personal information, please contact us immediately at [email protected] or +1 767 275 3290.

This privacy policy provides general information about our data handling practices. For specific privacy and confidentiality provisions related to service engagements, please refer to your service agreement or non-disclosure agreement (NDA). In case of conflict, service-specific agreements take precedence.