Skip to Content
IntroductionScope & RolesInformation we collectManaged Service Data (MSP Services)How we use informationPrivileged Access & Support ControlsCookies and TrackingData Sharing & SubprocessorsData SecurityData RetentionPrivacy RightsSecurity Incidents & Breach NotificationThird-Party LinksChildren's PrivacyPolicy UpdatesContact Information

Introduction

R3 Consulting & Management (R3COMM)(“Company,” “we,” “our,” or “us”) is a Managed Service Provider (MSP) and Software‑as‑a‑Service (SaaS) provider based in Puerto Rico. We provide professional IT services including:

  • Remote Monitoring and Management (RMM)
  • Data Backup and Disaster Recovery
  • Microsoft 365 Administration and Support
  • Security Monitoring and Managed Security Services
  • Voice, VoIP, and PBX Services

We are committed to protecting the privacy, confidentiality, and security of personal data and customer information entrusted to us.

This Privacy Policy describes how we collect, use, store, and protect information through our website (www.r3comm.com) and services. 

Scope & Roles

 This Privacy Policy applies to:

  • Website visitors
  • Prospective and existing business customers
  • Authorized customer users
  • End users whose systems or accounts are managed by us

Depending on the service:

  • Customers are the Data Controllers
  • R3COMM acts as a Data Processor / Service Provider

We process customer data only under documented instructions and contractual agreements.

Information we collect

 This Privacy Policy applies to:

  • Website visitors
  • Prospective and existing business customers
  • Authorized customer users
  • End users whose systems or accounts are managed by us

Depending on the service:

  • Customers are the Data Controllers
  • R3COMM acts as a Data Processor / Service Provider

We process customer data only under documented instructions and contractual agreements.

Managed Service Data (MSP Services)

A. Business & Account Information

  • Name, job title
  • Company name
  • Email address and phone number
  • Billing and account records
  • Support communications

B. Managed Service Data (MSP Services)

When delivering RMM, backup, M365 management, security monitoring, or voice services, we may process:

RMM & Security Monitoring

  • Device identifiers and system names
  • OS and software inventory
  • Patch, antivirus, and security status
  • System logs, alerts, and performance metrics
  • Remote session metadata

Backup Services

  • Encrypted backup metadata
  • File and system snapshot information
  • Backup success/failure logs

Backup contents remain customer‑owned. We do not access backed‑up data unless explicitly authorized for recovery or troubleshooting.

Microsoft 365 Management

  • Tenant configuration details
  • User account identifiers
  • Licensing and usage metadata
  • Audit logs and security alerts
  • Email and SharePoint administration metadata

We do not read customer emails or documents except when explicitly authorized for support or compliance tasks.

Voice / PBX Services

  • Call metadata (date, time, duration, direction)
  • Extension and routing configuration
  • Voicemail metadata
  • Call quality and system logs

Call content or recordings are processed only if enabled by the customer and retained per customer policy or regulation.

C. SaaS Platform Data

If you use our SaaS products:

  • User authentication data
  • Application logs and usage metrics
  • Configuration and account settings
  • Files or records stored by customers (service‑dependent)

D. Website & Technical Data

  • IP address
  • Browser and OS type
  • Referrer URLs
  • Pages visited and timestamps

How we use information

We process data strictly for:

  • Service delivery and system administration
  • Monitoring availability, performance, and security
  • Troubleshooting, support, and incident response
  • Billing and account management
  • Compliance with legal obligations
  • Improving service reliability and security posture

We do not sell personal data or use customer data for advertising.

Privileged Access & Support Controls

As part of MSP service delivery, authorized staff may have privileged or administrative access to customer systems. Safeguards include:

  • Role‑based access control (RBAC)
  • MFA for administrative access
  • Access logging and auditing
  • Least‑privilege enforcement
  • Access limited to service delivery only

Cookies and Tracking

As part of MSP service delivery, authorized staff may have privileged or administrative access to customer systems. Safeguards include:

  • Role‑based access control (RBAC)
  • MFA for administrative access
  • Access logging and auditing
  • Least‑privilege enforcement
  • Access limited to service delivery only

Data Sharing & Subprocessors

We may use vetted third‑party subprocessors, including:

  • Cloud hosting and infrastructure providers
  • Backup and DR platforms
  • Security tooling and telemetry platforms
  • Payment processors
  • CRM and ticketing systems

All subprocessors are bound by confidentiality, data protection, and security obligations.

Data Security

We maintain administrative, technical, and physical safeguards, including:

  • Encrypted communications
  • Secure cloud infrastructures
  • Audit logging and monitoring
  • Incident response procedures
  • Regular access reviews

No system can be guaranteed 100% secure, but we follow industry best practices to mitigate risks.

Data Retention

Data retention depends on:

  • Service type
  • Customer instructions
  • Contractual obligations
  • Legal and regulatory requirements

Data is securely deleted or returned upon service termination, per agreement.

Privacy Rights

Puerto Rico & U.S. Residents

You may request:

  • Access to personal information
  • Correction of inaccurate data
  • Deletion where legally permissible

EU Residents (GDPR)

You may also request:

  • Data portability
  • Restriction or objection to processing
  • Withdrawal of consent
  • Lodging a complaint with a supervisory authority

Requests should be submitted via the contact details below.

Security Incidents & Breach Notification

In the event of a confirmed security incident involving personal data:

  • We follow applicable Puerto Rico and U.S. breach notification laws
  • MSP and SaaS customers are notified according to contractual and regulatory requirements

Third-Party Links

Our website may reference third‑party sites. We are not responsible for their privacy practices.

Children's Privacy

Our services are intended for business use only and not for children under 13.

Policy Updates

We may update this Privacy Policy periodically. Continued use of our services constitutes acceptance of updates.

Contact Information

If you have any questions about this privacy policy, please contact us using the following information:

Email: info@r3comm.com

Phone: 787-482-8500