What size of organisation do you work with?

We work with mid-market and enterprise organisations, typically 50 to 3,000 employees. Some have established Azure environments that need structural improvement. Others are deploying to Azure for the first time and need platform foundations built properly from day one. In both cases, our clients recognise that their cloud platform needs professional engineering, not ad-hoc management.

Do you work with organisations that are new to Azure?

Yes. A significant part of our work involves designing and building Azure platforms from scratch. We establish landing zone architecture, subscription structure, governance frameworks, and Infrastructure as Code pipelines before the first workload is deployed. The engagement model is the same structured monthly retainer, and the same engineering discipline applies whether we are building new or maturing existing.

How quickly can you start?

Discovery can begin within two weeks of agreement. Structured onboarding typically takes 6–10 weeks, covering assessment, baseline engineering, and transition into steady-state delivery. Structural improvements begin during the baseline phase.

Do you replace our internal team?

No. We provide dedicated Azure platform engineering capability that complements your internal teams. We take ownership of platform architecture, governance, and Infrastructure as Code discipline while your teams focus on application delivery.

What happens if we want to leave?

All infrastructure is defined in Terraform and stored in your repositories. Documentation, architectural decisions, and deployment pipelines remain yours. Structured handover is included to ensure continuity.

How do you handle out-of-hours incidents?

The core engagement focuses on platform engineering. We design monitoring architecture and respond to critical platform blockers within defined response targets. Continuous operational monitoring and incident response are available as an optional Platform Operations extension.

Can we start with a smaller engagement?

Yes. Many organisations begin with a fixed-scope Azure Platform Assessment. This engagement maps architectural maturity, governance gaps, and Infrastructure as Code readiness before committing to an ongoing engineering retainer.

Privacy Policy | NRIT Solutions

1. Who we are

NRIT Solutions B.V., Chamber of Commerce (KvK) number 96764279, registered in Hoek van Holland, The Netherlands, provides Azure platform engineering and operations services to business clients as a Registered Microsoft Cloud Partner.

Nigel Rooney is the data protection contact for all privacy matters. You can reach us at info@nrit-solutions.com.

NRIT Solutions is a small B2B firm and does not carry out large-scale monitoring of individuals or process special categories of data as a core activity. A formal Data Protection Officer is therefore not required under Article 37 of the GDPR.

2. What this policy covers

This policy explains how NRIT Solutions collects and uses personal data in its capacity as a controller: when you visit our website, contact us, or interact with us as a client or prospect.

When delivering services to clients, NRIT acts as a processor under the client's instructions. That processing is governed by a separate Data Processing Agreement between NRIT and the client. This policy does not cover processing we carry out as a processor.

3. What personal data we collect

Activity	Data categories
Website visitors	IP address, browser type, pages visited (via Vercel Analytics, cookieless). Contact form submissions: name, email address, message content
Client onboarding	Name, job title, business email address, phone number, company details
Service delivery	User identifiers in Azure (Microsoft Entra ID object IDs, user principal names), IP addresses, access and authentication logs, technical telemetry (accessed via Azure Lighthouse under the client's DPA)
Business development	Name, job title, business email address, LinkedIn profile URL, company name

4. Why we process your data and our legal basis

The table below sets out each processing purpose and the legal basis under Article 6(1) of the GDPR.

Purpose	Legal basis	Notes
Responding to contact form enquiries	(b) Pre-contractual steps	You contact us to discuss potential services
Client onboarding and contract administration	(b) Contract performance	Necessary to set up and manage the service relationship
Service delivery (as processor)	(b) Contract performance	Governed by the client's Data Processing Agreement
Invoicing and financial administration	(c) Legal obligation	Dutch tax law (Article 52 AWR) requires retention of financial records for seven years
Business development outreach	(f) Legitimate interest	We contact B2B professionals using publicly available business information. You can object at any time.
Website analytics	(f) Legitimate interest	Vercel Analytics is cookieless and does not collect personal data or track individuals across sites.
System and information security	(f) Legitimate interest	Protecting our systems, our clients, and personal data from threats.

We share personal data with the following recipients when necessary:

Microsoft Corporation (Azure, Microsoft 365). Microsoft processes data as a sub-processor. Transfer mechanism: EU-US Data Privacy Framework adequacy decision, with EU Standard Contractual Clauses as a fallback.
Client organisations. We share reports, logs, and incident notifications with clients as required under the relevant Data Processing Agreement.
Professional advisors. Accountants and legal advisors, bound by professional confidentiality obligations.
Regulatory authorities. The Autoriteit Persoonsgegevens (Dutch Data Protection Authority) and the Belastingdienst (Dutch Tax Authority), where required by law.

NRIT does not sell personal data. NRIT does not use data from client Azure environments for any purpose other than delivering the contracted services.

6. International data transfers

Most processing takes place within the European Economic Area (EEA).

Where personal data is transferred to the United States (through Microsoft Azure and Microsoft 365 services), the transfer relies on the European Commission's adequacy decision for the EU-US Data Privacy Framework. EU Standard Contractual Clauses are in place as a fallback mechanism.

You can request a copy of the transfer safeguards by contacting us at info@nrit-solutions.com.

7. Cookies and website analytics

Vercel Analytics. Our website uses Vercel Analytics, which is cookieless and privacy-friendly. It does not collect personal data, does not use cookies, and does not track individuals across websites. No cookie consent is required for Vercel Analytics.

Cookies. Our website does not use tracking cookies, advertising cookies, or third-party cookies. If essential session or security cookies are introduced in future, we will update this section.

No cookie consent banner is required under our current setup.

8. How long we keep your data

Category	Retention period	Basis
Contact form submissions	12 months after last correspondence	No longer necessary for the original purpose
Client contract and onboarding data	Duration of the contract plus 7 years	Dutch tax law (Article 52 AWR)
Service delivery data (as processor)	Duration of the contract plus 30 days; backups deleted within 90 days	Data Processing Agreement, clause 10
Financial records	7 years	Dutch tax law (Article 52 AWR)
Business development contacts	Until you object, reviewed annually	Legitimate interest

When a retention period expires, we delete or anonymise the data. If deletion is not immediately possible (for example, data in backup systems), we restrict processing until deletion is complete.

9. Your rights

Under the GDPR, you have the following rights regarding your personal data:

Access (Article 15). You can request a copy of the personal data we hold about you.
Rectification (Article 16). You can ask us to correct inaccurate or incomplete data.
Erasure (Article 17). You can ask us to delete your data where there is no compelling reason for us to continue processing it.
Restriction (Article 18). You can ask us to restrict processing in certain circumstances, for example while we verify the accuracy of your data.
Data portability (Article 20). You can request your data in a structured, commonly used, machine-readable format.
Objection (Article 21). You can object to processing based on legitimate interest. We will stop unless we can demonstrate compelling legitimate grounds.
Withdraw consent (Article 7(3)). Where processing is based on consent, you can withdraw it at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

To exercise any of these rights, contact Nigel Rooney at info@nrit-solutions.com. We will respond within one calendar month. If your request is complex or we receive a large number of requests, we may extend this by a further two months and will inform you within the first month.

There is no fee for exercising your rights, unless a request is manifestly unfounded or excessive.

10. Data security

We implement technical and organisational measures appropriate to the risk, including:

Multi-factor authentication (MFA) for all administrative access
Role-based access control (RBAC) with least-privilege principles
Encryption in transit (TLS 1.2 or higher) and at rest
Audit logging of administrative actions
Confidentiality obligations for all personnel

For full details of the technical and organisational measures we apply when processing client data, refer to Annex 2 of our Data Processing Agreement.

11. Breach notification

In the event of a personal data breach:

Autoriteit Persoonsgegevens: We will notify the Dutch Data Protection Authority within 72 hours of becoming aware of a breach, where required under Article 33 of the GDPR.
Affected individuals: We will notify you without undue delay where the breach is likely to result in a high risk to your rights and freedoms, as required under Article 34 of the GDPR.
Client data (processor role): Where a breach affects data we process on behalf of a client, we will notify the client within 48 hours in accordance with clause 7.1 of the Data Processing Agreement.

12. Automated decision-making

NRIT does not use automated decision-making or profiling as defined in Article 22 of the GDPR.

13. Changes to this policy

We may update this policy from time to time. Material changes will be published on our website. The "Last updated" date at the top of this page shows when the policy was last revised.

14. Complaints

If you have concerns about how we handle your personal data, please contact us first at info@nrit-solutions.com. We will do our best to resolve the matter.

You also have the right to lodge a complaint with the Dutch Data Protection Authority:

Autoriteit Persoonsgegevens
PO Box 93374
2509 AJ The Hague
The Netherlands
Tel: +31 (0)70 888 85 00

1. Who we are

Nigel Rooney is the data protection contact for all privacy matters. You can reach us at info@nrit-solutions.com.

2. What this policy covers

This policy explains how NRIT Solutions collects and uses personal data in its capacity as a controller: when you visit our website, contact us, or interact with us as a client or prospect.

3. What personal data we collect

Activity	Data categories
Website visitors	IP address, browser type, pages visited (via Vercel Analytics, cookieless). Contact form submissions: name, email address, message content
Client onboarding	Name, job title, business email address, phone number, company details
Service delivery	User identifiers in Azure (Microsoft Entra ID object IDs, user principal names), IP addresses, access and authentication logs, technical telemetry (accessed via Azure Lighthouse under the client's DPA)
Business development	Name, job title, business email address, LinkedIn profile URL, company name

4. Why we process your data and our legal basis

The table below sets out each processing purpose and the legal basis under Article 6(1) of the GDPR.

Purpose	Legal basis	Notes
Responding to contact form enquiries	(b) Pre-contractual steps	You contact us to discuss potential services
Client onboarding and contract administration	(b) Contract performance	Necessary to set up and manage the service relationship
Service delivery (as processor)	(b) Contract performance	Governed by the client's Data Processing Agreement
Invoicing and financial administration	(c) Legal obligation	Dutch tax law (Article 52 AWR) requires retention of financial records for seven years
Business development outreach	(f) Legitimate interest	We contact B2B professionals using publicly available business information. You can object at any time.
Website analytics	(f) Legitimate interest	Vercel Analytics is cookieless and does not collect personal data or track individuals across sites.
System and information security	(f) Legitimate interest	Protecting our systems, our clients, and personal data from threats.

We share personal data with the following recipients when necessary:

Microsoft Corporation (Azure, Microsoft 365). Microsoft processes data as a sub-processor. Transfer mechanism: EU-US Data Privacy Framework adequacy decision, with EU Standard Contractual Clauses as a fallback.
Client organisations. We share reports, logs, and incident notifications with clients as required under the relevant Data Processing Agreement.
Professional advisors. Accountants and legal advisors, bound by professional confidentiality obligations.
Regulatory authorities. The Autoriteit Persoonsgegevens (Dutch Data Protection Authority) and the Belastingdienst (Dutch Tax Authority), where required by law.

NRIT does not sell personal data. NRIT does not use data from client Azure environments for any purpose other than delivering the contracted services.

6. International data transfers

Most processing takes place within the European Economic Area (EEA).

You can request a copy of the transfer safeguards by contacting us at info@nrit-solutions.com.

7. Cookies and website analytics

Cookies. Our website does not use tracking cookies, advertising cookies, or third-party cookies. If essential session or security cookies are introduced in future, we will update this section.

No cookie consent banner is required under our current setup.

8. How long we keep your data

Category	Retention period	Basis
Contact form submissions	12 months after last correspondence	No longer necessary for the original purpose
Client contract and onboarding data	Duration of the contract plus 7 years	Dutch tax law (Article 52 AWR)
Service delivery data (as processor)	Duration of the contract plus 30 days; backups deleted within 90 days	Data Processing Agreement, clause 10
Financial records	7 years	Dutch tax law (Article 52 AWR)
Business development contacts	Until you object, reviewed annually	Legitimate interest

When a retention period expires, we delete or anonymise the data. If deletion is not immediately possible (for example, data in backup systems), we restrict processing until deletion is complete.

9. Your rights

Under the GDPR, you have the following rights regarding your personal data:

Access (Article 15). You can request a copy of the personal data we hold about you.
Rectification (Article 16). You can ask us to correct inaccurate or incomplete data.
Erasure (Article 17). You can ask us to delete your data where there is no compelling reason for us to continue processing it.
Restriction (Article 18). You can ask us to restrict processing in certain circumstances, for example while we verify the accuracy of your data.
Data portability (Article 20). You can request your data in a structured, commonly used, machine-readable format.
Objection (Article 21). You can object to processing based on legitimate interest. We will stop unless we can demonstrate compelling legitimate grounds.
Withdraw consent (Article 7(3)). Where processing is based on consent, you can withdraw it at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

There is no fee for exercising your rights, unless a request is manifestly unfounded or excessive.

10. Data security

We implement technical and organisational measures appropriate to the risk, including:

Multi-factor authentication (MFA) for all administrative access
Role-based access control (RBAC) with least-privilege principles
Encryption in transit (TLS 1.2 or higher) and at rest
Audit logging of administrative actions
Confidentiality obligations for all personnel

For full details of the technical and organisational measures we apply when processing client data, refer to Annex 2 of our Data Processing Agreement.

11. Breach notification

In the event of a personal data breach:

Autoriteit Persoonsgegevens: We will notify the Dutch Data Protection Authority within 72 hours of becoming aware of a breach, where required under Article 33 of the GDPR.
Affected individuals: We will notify you without undue delay where the breach is likely to result in a high risk to your rights and freedoms, as required under Article 34 of the GDPR.
Client data (processor role): Where a breach affects data we process on behalf of a client, we will notify the client within 48 hours in accordance with clause 7.1 of the Data Processing Agreement.

12. Automated decision-making

NRIT does not use automated decision-making or profiling as defined in Article 22 of the GDPR.

13. Changes to this policy

We may update this policy from time to time. Material changes will be published on our website. The "Last updated" date at the top of this page shows when the policy was last revised.

14. Complaints

If you have concerns about how we handle your personal data, please contact us first at info@nrit-solutions.com. We will do our best to resolve the matter.

You also have the right to lodge a complaint with the Dutch Data Protection Authority:

Autoriteit Persoonsgegevens
PO Box 93374
2509 AJ The Hague
The Netherlands
Tel: +31 (0)70 888 85 00

Privacy policy

1. Who we are

2. What this policy covers

3. What personal data we collect

4. Why we process your data and our legal basis

6. International data transfers

7. Cookies and website analytics

8. How long we keep your data

9. Your rights

10. Data security

11. Breach notification

12. Automated decision-making

13. Changes to this policy

14. Complaints

Privacy policy

1. Who we are

2. What this policy covers

3. What personal data we collect

4. Why we process your data and our legal basis

6. International data transfers

7. Cookies and website analytics

8. How long we keep your data

9. Your rights

10. Data security

11. Breach notification

12. Automated decision-making

13. Changes to this policy

14. Complaints

Privacy policy

1. Who we are

2. What this policy covers

3. What personal data we collect

4. Why we process your data and our legal basis

5. Who we share your data with

6. International data transfers

7. Cookies and website analytics

8. How long we keep your data

9. Your rights

10. Data security

11. Breach notification

12. Automated decision-making

13. Changes to this policy

14. Complaints

Privacy policy

1. Who we are

2. What this policy covers

3. What personal data we collect

4. Why we process your data and our legal basis

5. Who we share your data with

6. International data transfers

7. Cookies and website analytics

8. How long we keep your data

9. Your rights

10. Data security

11. Breach notification

12. Automated decision-making

13. Changes to this policy

14. Complaints