At FICAT TRANSIT INC ("FICAT," "we," "us," or "our"), we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services.

1. Introduction

FICAT is a computer systems design and IT services company headquartered at 3027 44TH ST, ASTORIA, NY 11103. This Privacy Policy applies to all information collected through our website, service engagements, and any related communications. By accessing our website or using our services, you acknowledge that you have read and understood this policy.

We take your privacy seriously and have implemented comprehensive measures to protect your personal data in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other relevant regulations.

2. Information We Collect

2.1 Personal Information

We may collect the following categories of personal information when you interact with us:

  • Contact Information: Full name, email address, phone number, company name, job title, and mailing address.
  • Account Information: Usernames, passwords, and account preferences for our client portals and platforms.
  • Financial Information: Billing addresses, payment details, and transaction history necessary for processing payments and invoicing.
  • Communication Data: Records of your correspondence with us, including emails, chat messages, and call recordings for quality assurance purposes.
  • Professional Information: Industry, company size, project requirements, technical specifications, and other business-related information shared during service engagements.

2.2 Automatically Collected Information

When you visit our website, we may automatically collect certain information through cookies and similar technologies:

  • Device Information: IP address, browser type and version, operating system, device type, and screen resolution.
  • Usage Data: Pages visited, time spent on pages, click patterns, referral sources, and navigation paths.
  • Performance Data: Page load times, error messages, and system interaction data used to optimize our website performance.

3. How We Use Your Information

We use the collected information for the following purposes:

  • Service Delivery: To provide, maintain, and improve our IT consulting, software development, and technology services, including project management, technical support, and client communication.
  • Communication: To respond to your inquiries, send service-related announcements, technical updates, and administrative messages.
  • Marketing: With your consent, to send you newsletters, case studies, industry insights, and information about our services that may interest you. You may opt out at any time.
  • Analytics: To analyze website usage patterns, improve user experience, and optimize our marketing efforts.
  • Legal Compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests.
  • Fraud Prevention: To detect, prevent, and address fraud, security incidents, and other harmful activities.
  • Business Improvement: To conduct research, analyze trends, measure the effectiveness of our services, and develop new offerings.

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), our legal basis for collecting and using your personal information depends on the specific context in which we collect it. We process your personal data under the following legal grounds:

  • Consent: Where you have given explicit consent for us to process your personal data for specific purposes, such as receiving marketing communications.
  • Contractual Necessity: Where processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract.
  • Legal Obligation: Where we need to comply with a legal or regulatory obligation to which we are subject.
  • Legitimate Interests: Where processing is necessary for our legitimate business interests, provided your rights and interests do not override those interests. This includes improving our services, maintaining security, and conducting business operations.

5. Information Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

  • Service Providers: We may share information with trusted third-party service providers who assist us in operating our website, conducting our business, or serving our clients, subject to confidentiality agreements.
  • Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction, with appropriate notice provided.
  • Legal Requirements: We may disclose information if required to do so by law or in the good faith belief that such action is necessary to comply with legal obligations, protect our rights or property, or protect the safety of our users or the public.
  • With Your Consent: We may share your information for any other purpose with your explicit consent.

6. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. The retention period is determined based on:

  • The nature and sensitivity of the information
  • The potential risk of harm from unauthorized use or disclosure
  • The purposes for which we process the information
  • Applicable legal and regulatory requirements

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it. If deletion is not possible (for example, due to backup retention requirements), we will securely isolate and restrict access to the information until deletion is feasible.

7. Data Security

We implement and maintain robust security measures to protect your personal information from unauthorized access, alteration, disclosure, or destruction:

  • Encryption: All data transmitted between your browser and our servers is encrypted using TLS/SSL protocols. Sensitive data at rest is encrypted using industry-standard encryption algorithms.
  • Access Controls: Strict access controls and authentication mechanisms ensure that only authorized personnel can access personal information on a need-to-know basis.
  • Regular Audits: We conduct regular security assessments, vulnerability scans, and penetration testing to identify and address potential security weaknesses.
  • Employee Training: All employees receive mandatory data protection and security awareness training to ensure they understand their responsibilities in safeguarding personal data.
  • Incident Response: We maintain a comprehensive incident response plan to quickly address any data security incidents and notify affected parties as required by law.
  • Physical Security: Our facilities and data centers employ physical security controls including access badges, surveillance systems, and visitor logs.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Right to Access: You have the right to request confirmation of whether we process your personal data and, if so, access to that data along with information about how it is processed.
  • Right to Rectification: You have the right to request correction of inaccurate or incomplete personal data we hold about you.
  • Right to Erasure ("Right to be Forgotten"): You have the right to request deletion of your personal data under certain circumstances, such as when the data is no longer necessary for the purposes it was collected.
  • Right to Restrict Processing: You have the right to request restriction of processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.
  • Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit that data to another controller.
  • Right to Object: You have the right to object to processing of your personal data for direct marketing purposes or where processing is based on legitimate interests.
  • Right to Withdraw Consent: Where processing is based on consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

To exercise any of these rights, please contact us using the information provided in Section 14. We will respond to your request within the timeframe required by applicable law.

9. Cookies Policy

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyze website traffic, and understand where our visitors come from. We use the following types of cookies:

  • Essential Cookies: These cookies are necessary for the website to function properly. They enable core functionality such as security, network management, and accessibility. Without these cookies, certain services cannot be provided.
  • Analytics Cookies: These cookies collect information about how visitors use our website, including which pages are visited most often and whether users receive error messages. This information helps us improve the performance and design of our website.
  • Preference Cookies: These cookies remember your preferences and settings to provide a more personalized experience on future visits.

You can control and manage cookies through your browser settings. However, please note that disabling certain cookies may affect the functionality and performance of our website.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own, including the United States, where our servers and service providers are located. These countries may have data protection laws that are different from those in your country of residence.

We ensure that appropriate safeguards are in place for international data transfers, including:

  • Adherence to standard contractual clauses approved by the European Commission for data transfers from the EEA
  • Implementation of binding corporate rules where applicable
  • Verification that our service providers maintain equivalent levels of data protection through contractual obligations and compliance certifications

11. Third-Party Links

Our website may contain links to third-party websites, plugins, and services that are not operated by us. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy practices. We encourage you to review the privacy policies of every website you visit.

12. Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If you are a parent or guardian and believe that your child has provided us with personal data without your consent, please contact us immediately. If we become aware that we have collected personal data from a child without verification of parental consent, we will take steps to delete that information promptly.

13. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other operational factors. When we make material changes, we will notify you by posting the updated policy on this page with a revised "Last updated" date. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: