Effective Date: November 15, 2025

Last Updated: April 11, 2026

At IHS Consulting, we prioritize the privacy and security of our clients’ and users’ personal data and personal information. As a provider of IT consulting, cybersecurity, compliance, help desk, and monitoring services, we may receive requests from public authorities, law enforcement agencies, or government bodies seeking access to such data.

This policy outlines our processes for handling these requests. We respond only in accordance with applicable U.S. federal, state, and local laws, including relevant privacy regulations and our contractual obligations to clients.

Policies and Processes for Requests from Public Authorities

We have the following policies and processes in place regarding requests for the personal data or personal information of our clients or users:

• Required review of the legality of these requests. All requests are reviewed by our legal and compliance team (or external legal counsel as needed) to verify that they are valid, properly authorized, and issued in accordance with applicable law. We require requests to be made in writing and supported by appropriate legal process (such as a subpoena, court order, warrant, or other lawful demand). We do not respond to informal or verbal requests.
• Provisions for challenging these requests if they are considered unlawful. Where we believe a request is overly broad, invalid, or unlawful, we will challenge it through appropriate legal channels. This may include seeking clarification, negotiating a narrower scope with the requesting authority, or pursuing judicial review or other remedies as permitted by law.
• Data minimization policy—the ability to disclose the minimum information necessary. We adhere to a strict data minimization principle. When disclosure is required and lawful, we provide only the specific information explicitly demanded and necessary to comply with the request. We do not disclose additional or unrelated data.
• Documentation of these requests, including your responses to the requests and the legal reasoning and actors involved. We maintain detailed records of all government or public authority requests received, including the requesting entity, the legal basis cited, our internal review process, any challenges made, the data (if any) disclosed, and the date and nature of our response. These records are retained in accordance with our data retention policies and applicable legal requirements.

Additional Commitments

• Client Notification: Unless prohibited by law or a court order (e.g., in cases involving national security or where notification could interfere with an ongoing investigation), we will notify affected clients promptly upon receiving a request for their data. This allows clients the opportunity to seek appropriate legal protections if desired.
• Transparency and Referral: Where possible and legally permissible, we may redirect the requesting authority to contact the client directly.
• No Voluntary Disclosures: We do not voluntarily disclose client or user personal data to public authorities except where required by law or as otherwise described in our Privacy Policy.
• Compliance with Client Agreements: Our handling of data requests is also governed by our agreements with clients. In cases of conflict, client contractual terms and applicable law will guide our response.

This policy is designed to balance our legal obligations with our strong commitment to client privacy and trust. It aligns with industry best practices in cybersecurity and data protection.

Questions or Contact

If you have questions about this policy or how we handle government requests, please contact us at: Email: privacy@ihs-consulting.com  Phone: 772-202-0303 Address: IHS Consulting, 2941 SE Belgius Court, Pt St Lucie, FL 34952

We may update this policy from time to time. Continued use of our services after changes constitutes acceptance of the updated policy.

Thank you for trusting IHS Consulting with your IT and cybersecurity needs.