Privacy Policy for Service Providers

1. Introduction

This Privacy Policy outlines how Monolith Systems (“we”, “our”, or “us”) collects, uses, discloses, and safeguards information when engaging with third-party service providers who assist in delivering IT systems and related services to our clients.

As a service provider to Monolith Systems, you may have access to sensitive information. This policy establishes the expectations and requirements for handling such data in compliance with relevant data protection regulations.

2. Information We Share with Service Providers

We may share the following types of information with our service providers:

• Client contact information
• System configurations and technical specifications
• Network infrastructure details
• User account information
• Operational logs and monitoring data
• Project requirements and specifications

This information is shared on a need-to-know basis and only to the extent necessary for the provision of contracted services.

3. Service Provider Obligations

As a service provider, you are required to:

• Process data only as instructed by Monolith Systems
• Implement appropriate technical and organizational security measures
• Ensure staff confidentiality through binding agreements
• Assist Monolith Systems in fulfilling data subject rights requests
• Delete or return all personal data upon termination of services
• Submit to audits and inspections as necessary
• Notify Monolith Systems immediately of any data breaches
• Maintain detailed records of processing activities

4. Security Requirements

Service providers must maintain the following security measures:

• Encryption of sensitive data at rest and in transit
• Regular security assessments and vulnerability scanning
• Secure authentication and access control mechanisms
• Timely application of security patches and updates
• Business continuity and disaster recovery procedures
• Regular security training for staff
• Physical security measures for facilities where data is processed

5. Compliance and Certification

Service providers are expected to comply with all applicable data protection laws and regulations, including but not limited to GDPR, CCPA, HIPAA, and industry-specific requirements as relevant to the services provided.

We may require service providers to demonstrate compliance through industry certifications (e.g., ISO 27001, SOC 2) or periodic compliance assessments.

6. Sub-processors

Service providers must obtain written authorization from Monolith Systems before engaging sub-processors who will have access to shared data. Sub-processors must be bound by the same data protection obligations outlined in this policy.

7. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or regulatory requirements. Service providers will be notified of significant changes and may be required to acknowledge updated terms.