01 Introduction
Technology Fever is an independent IT consulting practice providing remote technology services including Microsoft 365 consulting, licensing advisory, security configuration, compliance support, and related IT services to organisations and individuals.
Services may be delivered to businesses, teams, independent professionals, or individuals requiring technical consulting, implementation, troubleshooting, or related support.
This Privacy and Information Security Policy describes how Technology Fever collects, uses, protects, and handles information in the course of delivering professional services. It applies to all client engagements, part-time consulting arrangements, and remote support interactions.
This policy is intended to provide clear, practical guidance on how information is handled during professional engagements, whether services are provided to organisations or individuals.
Services are delivered directly, with full accountability for how information is handled within the agreed scope of work.
Client trust and data confidentiality are treated as a core priority in every engagement. This policy reflects that commitment. Information submitted through website contact forms is also processed in accordance with this policy.
02 Scope of Services & Applicability
This policy applies to all services delivered by Technology Fever, including but not limited to:
- Microsoft 365 licensing consultation and advisory
- Governance, Risk & Compliance (GRC) framework support
- Remote IT support, system configuration, and troubleshooting
- Security architecture review and recommendations
- Part-time or project-based engagements with organisations or individual clients
Services are primarily delivered remotely and may involve temporary access to client systems, cloud platforms, or data environments where required to fulfil agreed service obligations.
Technology Fever operates as an independent consultant and does not function as a managed service provider unless explicitly agreed as part of a separate engagement.
03 Information Collected
Information processed under this policy primarily relates to client contacts and individuals involved in service communication. Information is collected solely for clearly defined service-related purposes and is not collected for general or unrelated use.
Contact & Engagement Information
When engaging with Technology Fever, the following information may be collected:
- Organisation or individual name, contact name, email address, and phone number
- Project briefs, service requirements, and scope documentation
- Invoicing details and payment records
- Communication logs (email, messaging platforms)
Technical & System Information
Where remote access or technical support is provided, the following may be accessed:
- System configurations, network topology, or environment details
- Screenshots or screen recordings taken solely for troubleshooting purposes
- Logs, error reports, or diagnostic data
- Credentials or access tokens provided explicitly by the client for service delivery
Minimal Data Principle: Only information strictly necessary to perform the agreed service is requested or accessed. No personal consumer data of the client's end-users is intentionally collected.
Website & Cookie Usage
This website does not use tracking cookies or analytics systems that profile visitor behaviour beyond basic functionality and security purposes. Any contact form submissions made through this website are handled in accordance with this policy.
04 Information Use & Legal Basis
Information collected is used solely for the following purposes:
- Delivering the agreed technology consulting or support services
- Communicating with clients regarding engagement progress
- Preparing invoices, proposals, and service documentation
- Maintaining records necessary for ongoing support engagements
- Meeting any applicable legal or regulatory obligations
Client data is not used for marketing, sold to third parties, or repurposed for any activity outside the agreed scope of work. No automated decision-making, profiling, or tracking is performed on client data.
Legal Basis for Processing
Information is processed based on one or more of the following lawful grounds:
- Client consent — for contact form submissions and direct communications
- Contractual necessity — to deliver the agreed services as outlined in the engagement
- Legitimate interests — such as maintaining service records, invoicing, and professional communications, where such interests are balanced against and do not override the rights and freedoms of individuals
Processing is limited to what is strictly necessary for the intended purpose. Where consent is the basis, it may be withdrawn at any time; however, this may affect the ability to continue providing certain services.
Information is not processed beyond the defined scope of the engagement or for any secondary purpose.
Data Controller & Processor Roles
Depending on the nature of the engagement, Technology Fever may act as a data processor (handling data on behalf of the client) or as a data controller (for direct communications and service-related records). This distinction will be clarified at the start of any engagement where it is relevant.
05 Confidentiality
All information shared by clients in the course of an engagement is treated as strictly confidential. Confidential information is handled with a level of care consistent with professional consulting standards and reasonable industry expectations. Technology Fever commits to the following:
- No client information will be disclosed to any third party without explicit written consent
- No client data will be reused across engagements or for any purpose other than the services provided
- No sensitive client information, credentials, or system details will be shared, published, or referenced publicly
- Confidentiality obligations survive the termination of any engagement
- Confidential information is not disclosed even after the completion of the engagement unless legally required
Where a Non-Disclosure Agreement (NDA) is required by the client, Technology Fever is willing to execute one prior to commencement of services.
06 Information Security
Technology Fever applies the principles of Confidentiality, Integrity, and Availability (the CIA Triad) as the foundation of its information security approach. Information is treated according to its sensitivity, with higher care applied to sensitive system, credential, or client data. All services are delivered with a security-first and confidentiality-focused approach.
🔒 Confidentiality
Access to client information is restricted to activities directly required for service delivery. No unauthorised sharing or disclosure occurs.
✅ Integrity
Client data and configurations accessed during services are not modified beyond what is explicitly agreed. Accuracy is maintained throughout.
📶 Availability
Availability commitments are limited to the scope of agreed services and do not extend to continuous uptime or managed service guarantees unless explicitly contracted. Risks to client system availability introduced by service activities are communicated in advance.
07 Remote Access & Client System Access
Access Control Principles
- No access to systems or data is performed without client awareness and explicit consent
- Access is only requested when strictly necessary for the specific service task
- Access is limited to the minimum permissions required (least privilege)
- Where possible, temporary or session-based access is preferred over persistent credentials
- All access is carried out using secure remote connectivity tools and encrypted channels
- Clients are responsible for ensuring that any credentials provided are appropriate for the intended scope and do not expose unrelated systems or data
- Access rights are relinquished or no longer used upon completion of the relevant task
- No unnecessary duplication or local storage of client data is performed
Secure Remote Working Safeguards
- Access to client systems is performed from secure, controlled devices with appropriate security measures in place
- Encrypted communication channels for all remote sessions
- Use of reputable, industry-standard remote access tools only
- Multi-factor authentication (MFA) enabled on all service accounts where supported
- Screen-sharing and remote sessions are conducted only with client knowledge and consent
Clients retain full control and are encouraged to use time-limited or scoped credentials when providing access for service work.
Where applicable, access and actions performed during service delivery may be logged and are traceable to support accountability and auditability.
08 Data Handling & Storage
- Only information strictly necessary for service delivery is accessed, and unnecessary duplication is avoided at all times
- Client data is not processed outside the scope of an active service engagement or without a defined purpose
- No background processing, monitoring, or analysis of client data is performed outside an active service engagement
- No hidden monitoring or passive data collection is performed at any stage of service delivery
- Diagnostic data, logs, screenshots, or configuration records are used only as required during the engagement and are not retained unnecessarily
- Client data is not permanently stored unless required for ongoing support or explicitly agreed as part of the service scope
- Any retained work documentation is stored securely with access controls appropriate to its sensitivity
- Temporary files or downloads created during troubleshooting are deleted promptly after the task is completed
- Where data is deleted, reasonable measures are taken to ensure it cannot be recovered or reconstructed
Retention Principles
Where no ongoing support is agreed, all client-related working data is removed within a reasonable timeframe after completion of services.
| Data Type | Retention Period |
|---|---|
| Engagement-specific data | Duration of project only, unless ongoing support is contracted |
| Financial & invoicing records | Minimum period required by applicable law |
| Communication logs | Only as needed for service continuity |
| Credentials / access tokens | Deleted immediately upon task completion |
Data Deletion
Upon completion of an engagement or upon client request, any retained client data held by Technology Fever will be securely deleted. Clients may exercise this right at any time by contacting Technology Fever directly.
09 Third-Party Tools & Platforms
Certain services may involve the use of third-party platforms or cloud services. Third-party tools may act as sub-processors or independent service providers depending on the context in which they are used. Where this applies:
- Tools are selected based on reliability, security reputation, and common industry usage
- Client data is not input into third-party AI systems, analytics tools, or external platforms unless required and explicitly agreed
- Client data is not used for training, input into, or processing by AI systems unless explicitly agreed in writing
- Third-party platforms are used in accordance with their own terms of service and privacy policies
While reasonable safeguards are applied, the security of third-party platforms or client-managed environments depends on multiple external factors and remains subject to the security practices and controls of those providers. Clients are responsible for ensuring that their own platforms, systems, and environments meet appropriate security standards where applicable.
Examples of tools that may be used include Microsoft 365 tenants, remote desktop utilities, and project communication tools. Clients will be informed if a new tool is introduced that involves their data.
10 Client Responsibilities
Effective information security in a consulting engagement is a shared responsibility.
| Area | Client Responsibility |
|---|---|
| Access Authorisation | Ensure that any access, credentials, or data shared is authorised and appropriate for the service purpose. |
| Backup & Recovery | Maintain up-to-date backups before any configuration or troubleshooting work, unless backup services are explicitly contracted. |
| Accurate Information | Provide accurate and complete information relevant to the service to enable effective and safe delivery. |
| Security of Own Systems | Maintain appropriate security controls on client-owned systems and networks. |
| Consent to Engagement | By engaging Technology Fever, clients confirm acceptance of this policy. |
11 Security Incident Handling
- Any suspected security issue or potential data exposure identified during service delivery will be communicated to the client promptly
- Technology Fever will cooperate with the client in understanding and resolving any incident related to services provided
- In the unlikely event of a data breach involving client information held by Technology Fever, the client will be notified as soon as reasonably possible after becoming aware of the incident, along with relevant details where available
- Where applicable, recommended mitigation steps or corrective actions will be communicated to the client
The objective is not only to report incidents, but also to help the client understand and effectively address them.
Clients retain responsibility for managing incidents within their own systems and should have their own incident response procedures in place.
Responsibility is limited to data accessed or handled within the scope of services provided.
12 Risk Acknowledgement & Liability Limitations
- The security of third-party platforms, client-managed systems, or internet transmission channels is influenced by factors beyond direct control
- Technology Fever cannot be held responsible for security incidents resulting from vulnerabilities in client-managed infrastructure or actions taken by client personnel
- Services are delivered with reasonable professional care consistent with consulting standards and do not constitute managed security services or continuous monitoring unless explicitly contracted
⚠️ Clients are encouraged to ensure their own cyber insurance and incident response capabilities are in place, particularly for organisations handling sensitive or regulated data.
13 Ethical Use & Acceptable Engagement
Technology Fever provides services exclusively for legitimate and lawful purposes:
- Services will not be used to facilitate or support unauthorised access, surveillance, or unethical activities
- Technology Fever will not engage in any activity that violates applicable laws or professional ethics standards
- If a client request is identified as potentially unlawful or unethical, Technology Fever reserves the right to decline or terminate the engagement
- All services are conducted with respect for applicable data protection legislation including widely accepted data protection principles where relevant
14 Communication Security
Reasonable care is applied when exchanging sensitive information. Clients are encouraged to:
- Avoid transmitting sensitive credentials or personal data through unencrypted email
- Use secure file-sharing methods for sensitive documents where possible
- Confirm the identity of the service provider before sharing credentials or access details
Technology Fever will never request passwords or credentials via unsolicited communication. Clients are encouraged to verify communication sources before sharing any sensitive information. Any unexpected request for credentials should be treated with suspicion and verified directly before responding.
15 Your Rights
Clients and individuals whose data is processed in connection with a service engagement have the right to:
- Request confirmation of what information is held relating to their engagement
- Request correction of inaccurate information
- Request deletion of data held upon conclusion of the engagement
- Request restriction of processing where applicable
- Request transfer of data where technically feasible
- Withdraw consent for data processing where consent is the basis for processing
- Raise a concern or complaint regarding data handling practices
To exercise any of these rights, please contact Technology Fever directly. Requests will be acknowledged and responded to within a reasonable timeframe, typically within 3–5 business days.
Where applicable, individuals may also have the right to lodge a complaint with their local data protection authority.
16 Jurisdiction & Global Clients
Technology Fever operates as a remote consulting practice and may serve clients across multiple countries and legal jurisdictions:
- This policy reflects broadly applicable data protection and privacy principles
- Where a client is based in a jurisdiction with specific data protection laws, Technology Fever will endeavour to align its practices accordingly
- Where services involve cross-border data access or processing, reasonable care is taken to ensure that data is handled in accordance with generally accepted data protection principles
- This policy does not create jurisdiction-specific legal obligations beyond those arising from the agreed service contract
Clients subject to specific regional regulatory frameworks should communicate their compliance requirements at the start of an engagement so appropriate measures can be agreed.
17 Policy Updates & Review
This policy is reviewed annually or upon any significant change in services, technology, or applicable regulation. The current version is always published on the Technology Fever website.
Continued engagement with Technology Fever following notification of a policy update constitutes acceptance of the revised terms.
18 Contact
For any questions, rights requests, or concerns relating to this policy, please contact:
| Service Provider | Technology Fever |
| contact@tekifvr.com | |
| Website | https://tekifvr.com |
| Response Time | Within a reasonable timeframe, typically within 3–5 business days |
"Client trust and data confidentiality are treated as a core priority in every engagement."
— Technology Fever