Customer Data Privacy Policy

Form 10 Group (“we,” “our,” “us”) is committed to safeguarding customer data in accordance with industry best practices and regulatory frameworks, including ISO 27001:2022 and SOC 2. This Customer Data Privacy Policy explains how we collect, use, store, retain, and delete customer data—and how customers may exercise their right to request deletion of their personal information.

Scope

This policy applies to all customer data collected through any Form 10 Group system, platform, application, support channel, or contracted service.

Data We Collect

We may collect the following categories of customer data, depending on the services used:

• Identification Data: Name, email address, phone number, company name.
• Account & Authentication Data: Login identifiers, authentication tokens.
• Transactional Information: Service usage records, ticket history, approvals, uploaded content.
• Technical Information: IP address, device/browser information, session metadata.
• Communications: Support requests, service inquiries, emails, portal messages.

How We Use Customer Data

We process customer data to:

• Deliver and maintain contractual services
• Authenticate access and support security operations
• Provide customer support and resolve incidents
• Maintain audit logs and operational integrity
• Comply with legal, regulatory, and certification requirements
• Improve service performance, reliability, and security

Data Retention & Deletion

Customer data is retained only for as long as needed for:

• Contract fulfillment
• Security and operational requirements
• Legal or regulatory obligations
• Evidence requirements for ISO 27001 & SOC 2 audits

Where possible, retention periods align with internal retention guidance referenced in existing data management documentation.
Once data no longer serves a legitimate business or legal purpose, it is securely deleted following approved disposal procedures.

Customer Right to Request Data Deletion

Customers have the right to request deletion of their personal data (“Right to Erasure”). Upon receiving a valid request, Form 10 Group will:

1. Verify identity of the requester
2. Determine eligibility for deletion based on legal, security, or operational constraints
3. Delete data within our defined SLA (typically 30–45 days unless prohibited by law or audit requirements)
4. Provide confirmation of deletion completion

How to Submit a Customer Data Deletion Request

Customers may submit a data deletion request through any of the following:
A. Email Submission
Send a request to our Privacy Office at: privacy@form10.com
Include the following information:

• Full name
• Company name (if applicable)
• Email associated with the account
• Description of the data to be deleted
• Any relevant service or ticket numbers
• Proof of identity, if requested

B. Business Portal
Customers using our ServiceNow Business Portal may submit a deletion request as a service ticket.

Verification Process

Before processing a data deletion request, we will:

• Confirm the requester’s identity
• Validate that deletion is legally and operationally permissible
• Determine whether any data must be retained (e.g., audit logs required for SOC 2, legal obligations, security investigations)

If a request is denied, we will provide written justification.

Deletion Processing Procedure

Once verified:

1. Locate all relevant customer data across systems
2. Execute deletion in primary and backup systems (where feasible)
3. Document the deletion for SOC 2 & ISO 27001 evidence
4. Timestamp the completion
5. Provide written confirmation to the requester

Exceptions to Data Deletion

We may retain certain information if:

• Required for legal, regulatory, or certification purposes
• Needed to detect or prevent fraud or security incidents
• Required for audit logs or operational integrity
• Needed to fulfill ongoing contractual obligations

Data retained under these exceptions will remain properly protected and access?restricted.

Data Security Measures

Form 10 Group applies industry-standard controls aligned with ISO 27001:2022 Annex A and SOC 2 Trust Services Criteria, including:

• Access control & least privilege
• Encryption at rest and in transit
• Secure authentication
• Audit logging
• Incident response processes
• Vendor and supplier risk management
• Secure disposal procedures as referenced in internal documents.

Contact Information

For questions about this policy or exercising your privacy rights, contact:
Privacy Office – Form 10 Group
 Email: privacy@form10.com
 Phone: (408) 988?0110
 Address: 6204 Benjamin Rd, Suite 200, Tampa, FL 33634

Personnel Data Privacy Policy
Form 10 is committed to protecting the privacy and security of your personal information. This notice describes how we collect and use personal information about you during and after your working relationship with us, in accordance with ISO 27001, the Florida Information Protection Act (FIPA), the California Consumer Privacy Act (CCPA), and other applicable state laws.

Categories of Data Collected

We collect and process the following categories of "Personally Identifiable Information" (PII):

• Identifiers: Name, alias, home address, personal email, Social Security number, driver’s license, or passport number.

• Professional/Employment Info: Resume, salary, performance reviews, and training records.

• Financial Info: Bank account details for payroll and tax withholding.

• Sensitive Information: Health data (for benefits/leave), personal demographic information, if disclosed as part of the voluntary self-identification process.

• Digital Monitoring: Information from your use of company-issued devices, including IP addresses, login credentials, and internal communications (Teams/Email) as permitted by state law.

Purpose of Processing
We process your data for the following "Business Purposes":

• Contractual Necessity: To pay your salary and administer benefits.

• Legal Obligation: To comply with tax laws (IRS), employment eligibility (I-9), and Florida state reporting.

• Security & Safety: To protect our information security management system (ISMS), monitor system access, and prevent data breaches (ISO 27001 AND SOC 2 requirements).

• Legitimate Interest: To manage performance and ensure company resource security.

Disclosure and Third-Party Sharing
We do not "sell" employee personal data. We share your information with:

• Service Providers: Payroll processors, 401(k) administrators, and health insurance providers.

• Legal Authorities: When required by law or to protect our legal rights.

• IT Vendors: Cloud storage and security monitoring tools used for our information security management system (ISMS).

Your Rights (Multi-State Protections)

Regardless of your location, we afford all personnel the following rights (aligned with CCPA/CPRA and the Florida Digital Bill of Rights):

• Right to Know: You can request a list of the data we hold about you.

• Right to Correct: You may update inaccurate personal information.

• Right to Delete: You can request deletion of personal data, subject to legal retention requirements (e.g., tax records).
   

Data Security and Retention

In line with ISO 27001 Annex A 5.34, we implement technical and organizational controls (encryption, MFA, and access logs) to protect your PII. We retain your data only for as long as necessary to fulfill the purposes above or as required by law (typically 7 years post-employment for tax/legal records).

Contact Information

If you have questions about this notice or wish to exercise your rights, please contact the Security Delegate at Security.Delegate@form10.com.

Acceptance of Terms

By accessing and using this website, you agree to be bound by these Terms and Conditions and all applicable laws and regulations. If you do not agree, please refrain from using the site.

 

User Responsibilities

Users agree not to misuse the website or services, including unauthorized access, distribution of malware, or violation of any applicable laws. Users must maintain the confidentiality of their account credentials.

 

Intellectual Property

All content, trademarks, logos, and service marks displayed on the website are the property of Form 10 Group, Inc. or its licensors. Unauthorized use is strictly prohibited.

 

Services Provided

The company offers IT managed services including but not limited to enterprise IT solution deployments, national IT field service solutions, warehouse and depot repair services, technical help desk operations and staff augmentation support. All services are subject to availability and may be modified or discontinued at any time.

 

Views Expressed Disclaimer

The views and opinions expressed on this website, including blog posts, articles, employee testimonials and case studies, are those of the authors and do not necessarily reflect the official policy or position of Form 10 Group. Any content provided by our contributors or customers is of their own opinion and is not intended to malign any organization, company, individual, or entity. All information is provided in good faith; however, Form 10 Group makes no representation or warranty of any kind regarding the accuracy, adequacy, validity, reliability, availability, or completeness of any information on this site.

 

Confidentiality

Any confidential information shared between the company and customers, including trade secrets and proprietary data, will be protected under Florida and federal law.

 

Governing Law

These Terms are governed by the laws of the State of Florida. Disputes shall be resolved in Florida courts unless otherwise agreed.

 

Modifications

Form 10 Group, Inc. reserves the right to update these Terms at any time. Continued use of the website after changes implies acceptance of the revised Terms.