Privacy & Cookie Policy

Last updated: December 1, 2025

1. Introduction

GAC Solutions (“GAC”, “we”, “us”, or “our”) respects your privacy and is committed to protecting personal information processed through our websites and internal/partner-facing applications (collectively, the “Services”).

This Privacy & Cookie Policy (“Policy”) explains how we collect, use, disclose, and protect personal information, and how we use cookies and similar technologies. It should be read together with our Data Privacy & Processing Disclosure and our Terms of Use.

2. Information We Collect

The information we collect depends on how you interact with the Services and your relationship with GAC. We may collect:

  • Account and profile information – name, business email, job title, organization, and user IDs;
  • Business relationship information – client/vendor affiliation, project assignments, approval roles;
  • Usage and log data – IP address, browser type, device identifiers, access times, pages viewed, and actions taken;
  • Operational data – timesheets, invoices, tickets, comments, and attachments you or your organization submit;
  • Communication data – content of messages you send through the Services (for example, comments, approvals, or support requests);
  • Cookie and tracking data – information collected via cookies and similar technologies (see Section 7).

We generally do not aim to collect sensitive personal information through the Services unless it is explicitly required for a defined business or legal purpose and permitted under applicable law. Where such data is processed, it will be subject to additional safeguards.

3. How We Use Personal Information

We use personal information for purposes including:

  • Creating and managing user accounts and access permissions;
  • Operating timesheet, onboarding, invoicing, and related workflows;
  • Issuing notifications, reminders, and transactional emails related to the Services (for example, approvals, updates, or password resets);
  • Responding to support requests, questions, and incident reports;
  • Monitoring system performance, security, and usage trends;
  • Improving the functionality, usability, and reliability of the Services;
  • Complying with contractual, legal, and regulatory obligations.

Where required by law, we rely on a lawful basis for processing, such as performance of a contract, legitimate interest, legal obligation, or consent obtained by your organization.

4. How We Share Personal Information

We may share personal information with:

  • Your organization – for example, your employer, client, or vendor, which may act as controller of your data;
  • Service providers – such as hosting providers, email delivery services, and security vendors who process data on our behalf;
  • Professional advisors – such as auditors or legal counsel, where necessary and subject to confidentiality obligations;
  • Authorities – when required by law, regulation, court order, or to protect rights, property, or safety;
  • Affiliates – within the GAC group, to support centralized operations and service delivery, where applicable.

We do not sell personal information in the sense commonly used by consumer privacy laws. If we engage in analytics or limited cross-system integrations, such processing is carried out for legitimate business purposes and subject to appropriate safeguards.

5. International Transfers

Because our infrastructure and some service providers may be located in different countries, your information may be transferred across borders. Where required, we implement appropriate safeguards (such as contractual protections or equivalent mechanisms) to help ensure an adequate level of protection for personal information during such transfers.

6. Data Retention

We retain personal information for as long as necessary to fulfill the purposes described in this Policy, including:

  • Providing the Services and managing our relationship with your organization;
  • Complying with legal, accounting, and tax obligations;
  • Handling disputes, enforcing agreements, and maintaining necessary records.

Specific retention periods may be defined in contracts or in your organization’s policies, particularly where we act as a data processor.

7. Cookies and Similar Technologies

Cookies are small text files stored on your device by your browser. We use cookies and similar technologies to:

  • Authenticate users and maintain secure sessions;
  • Remember preferences (for example, language or view settings);
  • Improve navigation and user experience;
  • Collect aggregated usage statistics for performance and capacity planning.

7.1 Types of Cookies We Use

  • Strictly Necessary Cookies
    Required for core functionality such as logging in, maintaining sessions, and enforcing security controls. The Services cannot function properly without these cookies.
  • Functional Cookies
    Help remember choices and improve usability (for example, recent filters, preferred views, or UI settings).
  • Analytics / Performance Cookies
    Used in some deployments to understand how features are used, so we can improve reliability and design. Where required, these will be configured in accordance with your organization’s privacy requirements.

7.2 Managing Cookies

You can usually manage or disable cookies through your browser settings. If you disable strictly necessary cookies, some or all features of the Services may not function correctly.

Where a cookie banner or preferences panel is deployed, you may use it to adjust non-essential cookie settings where applicable.

8. Your Privacy Choices and Rights

Depending on your location and the role of your organization, you may have rights such as:

  • Requesting access to personal information we hold about you;
  • Requesting correction of inaccurate or incomplete data;
  • Requesting deletion of certain data, subject to legal or contractual constraints;
  • Objecting to or requesting restriction of certain processing activities;
  • Receiving certain information in a portable format, where applicable.

Where GAC acts as a processor, requests should typically be sent to your employer or contracting organization, which controls the data. We will assist them in responding in accordance with our agreements and applicable law.

9. Security

We implement reasonable technical and organizational measures designed to protect personal information against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures are described in more detail in our Data Privacy & Processing Disclosure.

However, no system can be guaranteed fully secure. Users are expected to:

  • Keep passwords and authentication methods confidential;
  • Use unique, strong passwords and enable multi-factor authentication where available;
  • Promptly notify GAC or their internal administrator of any suspected unauthorized access or security issue.

10. Children’s Privacy

The Services are designed for adult business users and are not intended for children. We do not knowingly collect personal information directly from individuals under the minimum employment age in the relevant jurisdiction.

11. Third-Party Websites and Services

The Services may contain links to, or integrate with, third-party websites or services. These are governed by the privacy policies of those third parties, not this Policy. We encourage you to review their privacy information before providing any personal data.

12. Changes to This Policy

We may update this Policy from time to time. When we do, we will revise the “Last updated” date and, where appropriate, provide additional notice via the Services or through your organization. Your continued use of the Services after an update indicates your acknowledgment of the revised Policy.

13. Contact Us

If you have questions or concerns about this Policy, or about how your information is handled in connection with the Services, you may contact:

GAC Solutions
1900 E. Golf Road, Suite 925
Schaumburg, IL 60173
Email: contracts@gacsol.com