Our website address is: https://altada.com/
This Policy applies to Altada Technology Solutions Ltd and all associated companies defacto within (“Altada Group“) structure and /or also as defined in section 2 subsection 6 of the Companies Act 2013.
The Altada Group is committed to protecting and respecting your privacy.
- The Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 also known as the General Data Protection Regulation (GDPR), which became enforceable across the EU and the EEA from May 25th, 2018 having replaced the previous Directive 95/46/EC; In Ireland, the national law, which amongst other things, gives further effect to the GDPR, is the Data Protection Act 2018 (‘the 2018 Act’).
- The Directive 2009/136/EC of the European Parliament and of the Council of 25 November 2009 also known as the ePrivacy Directive, amending the Directive 2002/22/EC on universal service and users’ rights relating to electronic communications networks and services, Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector and Regulation (EC) No 2006/2004 on cooperation between national authorities responsible for the enforcement of consumer protection laws;
- The California Consumer Privacy Act 2018, assembly Bill of the State of California United States of America No. 375, under CHAPTER 55, an act to add Title 1.81.5 (commencing with Section 1798.100) to Part 4 of Division 3 of the Civil Code, relating to privacy and approved by Governor June 28, 2018. Filed with Secretary of State June 28, 2018 and enforceable from January 1st, 2020 onwards.
While a Data Protection Officer is not mandatory, the Altada Group I is committed to protecting your personal data and have appointed a Privacy Co Ordinator
If you have any questions in relation to this statement, or wish to exercise your rights relating to it, please contact us at firstname.lastname@example.org
Our Contact Information is 4 Careys Lane, Cork City Ireland. Email us at email@example.com
Changes to this Policy
The type of information we have, why and how we collect and use your personal data/ information
On some pages and sites, we collect personal data/ information, such as name, e-mail address, job title, company name, address or telephone number, either based on your Explicit Consent or while observing by the GDPR Article 14 (in the sense that “purpose” and “scope” of processing will be conveyed, as well as WHAT, WHY and HOW Personal Data will undergo processing and sharing), which means that within 1 month of collection if no Lawful Basis for processing has been established, the Data will be erased.
Driven from Legitimate Interest (that does not represent a conflict towards the Legitimate Interest of the Data Subject to his/ her privacy since it derives from the need to ensure our office/ site security) and while observing inherent Legal Requirements (as per defined by local legislation) we register individuals visiting our sites and locations (name, identification and business contact information) as well as use CCTV camera supervision.
We process personal data/ information pertaining to you under the following lawful basis and to provide certain services, such as:
- Provide, maintain, and improve our services (Contract as the lawful basis for processing);
- Provide services you request, process transactions, and to send you related information (Contract as the lawful basis for processing);
- Send you technical notices, updates, security alerts, and support and administrative messages (Contract as the lawful basis for processing);
- Respond to your comments, questions, and requests, and provide customer service (Contract as the lawful basis for processing)
- Communicate with you about news and information related to our service (Contract or Legitimate Interest as the lawful basis for processing);
- Monitor and analyze trends, usage, and activities in connection with our services; and (Legitimate Interest as the lawful basis for processing);
- Personalize and improve our services (Contract or Legitimate Interest as the lawful basis for processing);
- When you contact us (online or offline) in connection with a request for information, a product or service, to provide you with support, or to participate in a forum or other social media tool, we collect information necessary to fulfil your request, to grant you access to the product or service, to provide you with support and to be able to contact you (Legitimate Interest as the lawful basis for processing);
- Issuing invoices (Legal Obligation as the lawful basis for processing);
- Launching a client satisfaction survey from time to time (Legitimate Interest as the lawful basis for processing).
Note : Some of the hereinabove mentioned services may configure “profiling” and/ or automated personal data processing. Where these derive from our corporate clients’ specific requests, our Lawful Basis for processing derives from the contract in place between both parties and, our corporate client is the entity that must explain in detail this “purpose” and “scope” while observing the GDPR Article 12 requirements.
In our relationship with clients or prospects, partners and suppliers, they also provide us with business contact information (such as name, business contact details, position or title of their employees, contractors, advisors and authorised users) for purposes such as contract management, fulfilment, delivery of products and services, provision of support, invoicing and management of the services or the relationship. Where this information is obtained strictly under a B2B perspective, Personal Data Protection Legislation does not apply. On the other hand, where this information is Personal Data and not to be used under the context of B2B, we will observe by the GDPR Article 14 ruling (as herein above mentioned).
In addition to sending information you request, we may also use your personal data/ information to communicate with you about other topics we believe may be of interest, however you have the right to opt-out from those communications.
Since it is not our intention to collect personal data/ information from children (meaning any natural person under 16 years of age), no child specific policy is described. The GDPR mandates that personal data/ information pertaining to any natural person deemed as minor/ child may only be processed (if not under a legal obligation) upon explicit consent from either the parents or legal tutors.
Notwithstanding this fact, and under the CCPA, Personal Data/ information may be processed if those natural persons (children between the ages of 13 and 16 years of age) provide their Consent. If the child is under 13 years of age then the same rule as per the GDPR applies, meaning Consent must be provided by the parents or legal tutor.
Lawful Basis for Processing
Has above mentioned, and under the General Data Protection Regulation (GDPR), the lawful bases basis we rely on for processing this information are:
(a) Your consent. You can withdraw your consent at any time. You can do this by contacting firstname.lastname@example.org
(b) We have a contractual obligation.
(c) We have a legal obligation.
(d) We have a legitimate interest.
What we do with the information we have
Altada Group our affiliates, subsidiaries and operational service partners collect and use your provided personal data/ information to operate and deliver the services you have requested.
We may share your Personal Data with any member of the Altada Group.
We may also share your information with selected third parties including: Business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you.
Please refer Schedule 1 at the end of this Notice which contains a list of entities with whom your personal data is shared.
Our trusted service providers can be considered joint-controllers, data processors, sub-processors or third parties. Written agreements are in place with our service providers (meaning we have a Data Processing Agreement in place with them) and due diligence is performed so that we are satisfied with the service provider’s data security and operational compliance towards applicable Personal Data Protection Legislation. We further require, and it is so written on the Data Processing Agreements that all third parties to have appropriate technical and operational security measures in place to protect Personal Data, in line with EU laws on data protection. Any such organisation or individual will have access to Personal Data limited only to perform necessary tasks assigned but may not use it for any other purpose.
The Altada Group may access and/or disclose your personal data/ information if required to do so by law or in the good faith belief that such action is necessary to: (a) conform to the edicts of the law or comply with legal process served on the Altada Group or the site(s); (b) protect and defend the rights or property of Altada Group including its subsidiary’s; or (c) act under exigent circumstances to protect the personal safety of users of the Altada Group services or members of the public.
How we store your information
The sharing, storage and processing of your personal data/ information will predominantly take place within the EEA. Some overseas countries do not have data protection legislation equivalent to that in force in the European Economic Area, however where your personal data is in scope for GDPR, it will be treated always in line with GDPR requirements and will only be transferred internationally on the accepted lawful basis of the EU Standard Contractual Clauses. For specific details about your specific data, please contact our privacy office on the email address below.
Do we transfer your information outside the European Union or European Economic Area?
We will, from time to time, make use of services provided by 3rd parties for the delivery of our services which may necessitate the transfer of personal data outside the EU/EEA. For example, we use a variety of cloud-based tools .Where data needs to be transferred or processed outside the EU/EEA, we chose providers who process data on the basis of
- Model Contract Clauses(SCC)
- An Adequacy Decision from the European Commission.
We will not hold your data for longer than is necessary to achieve the purpose for which it was obtained. We review all data made available to us on a regular basis and delete where no longer necessary.
We maintain specific data management and retention policies and procedures, so that personal data is deleted after a reasonable time according to the following retention principles:
(i) the Altada Group AI will retain your data if we have an ongoing relationship with you (if you are a current client or partner).
(ii) the Altada Group will keep the data while your account is active or for as long as needed to provide services or information to you.
We also use your personal data/ information to inform you of other products or services available from the Altada Group always taking in account the boundaries of applicable Marketing Legislation mainly towards the prevention of unsolicited Marketing or “spaming”. The Altada Group may contact you via surveys to conduct research about your opinion of current services or of potential new services that may be offered.
The Altada Group does not sell, rent or lease its customer lists to third parties.
The Altada Group may, from time to time, contact you on behalf of external business partners about an offering that may be of interest to you.
Certain of the Altada Group services may be co-branded and offered in conjunction with another company. If you register for or use such services, both the Altada Group and the other company may receive information collected in conjunction with the co-branded services. In such cases a link to the other company’s privacy statement will be provided to you with information about how the other company will use the information and how you can contact the other company with requests to access the information or other inquiries.
The Altada Group occasionally hires other companies to provide limited services on our behalf, such as handling the processing and delivery of mailings, providing customer support, processing transactions, or performing statistical analysis of our services. We will only provide those companies the personal data/ information they need to deliver the service. They are required to maintain confidentiality of your information and are prohibited from using that information for any other purpose.
Opt-in / Opt-out electronic e-mail
Our electronic mail programme operates on an opt-in basis. You will receive regular electronic mail from the Altada Group when you opt-in by providing your details via one of the registration forms on our website. Upon registration, the information you have requested will be sent by electronic mail and as frequently as it is produced or available. You will be able to opt-out of receiving further electronic mail by using the unsubscribe feature. We will provide you with a link to the unsubscribe feature in all our electronic mail.
Security of your personal data/ information
At the Altada Group we are committed to protecting the security of your personal data/ information. We use a variety of security technologies, contractual controls and operate by industry leading standards. Our procedures are verified to help protect your personal data/ information from unauthorized access, use, or disclosure.
Your data protection rights
Under data protection law, you have rights including:
[GDPR] Right of access – The right to obtain from the Controller confirmation as to whether his/ her personal data is being processed, and, where that is the case, access to such personal data as well as related information. We will share the Personal Data over a secure channel, and that (depending on the type of Data as well as volume) may imply the need to convey a “password” via an alternative communication channel to the Data Subject to ensure authorized secure access. Customers may exercise this right by reviewing information on our website user account area or by submitting a request as per herein defined ahead in this document which is the application process for those Data Subjects who are not our Customers.
[CCPA] Right to know and access your personal information – similar to the Right of Access under the GDPR, California resident natural persons have the right to:
- Know the categories of personal information we collect and the categories of sources from which we got the information;
- Know the business or commercial purposes for which we collect and share personal information;
- Know the categories of third parties and other entities with whom we share personal information; and
- Access the specific pieces of personal information we have collected about you.
[GDPR] Right to rectification – The right to obtain the rectification of inaccurate Personal Data pertaining to that Data Subject. Customers may directly amend existing information on our website user account area or by submitting a request as per herein defined ahead in this document which is the application process for those Data Subjects who are not our Customers.
[GDPR] Right to erasure – The right to have Personal Data pertaining to him/ her that is under Processing by us erased and therefore Processing stopped, unless a legal duty or have a legitimate ground to retain certain data prevents us from observing such right, in which case the Data Subject shall be duly informed. This right may be exercised by submitting a request as defined in the procedure stated below in this section.
[CCPA] Right to deletion – again in a similar manner to what the GDPR rules, natural persons who reside in the state of California may, in some circumstances, ask us to delete their personal data/ information.
We may refuse the exercise of such right if it prevents us from exercising legal defence, we cannot do it driven from a legal obligation or there is the risk of by doing so, not being able to fulfil any open contractual obligations.
[GDPR] The right to restrict processing – Under relevant conditions set out by the law, the right to request and have in place processing restrictions (in scope and purpose) towards Personal Data that pertains to him/ her. When exercising this right, the Data Subject must be specific about which processing activities are being requested to be restricted and the Controller shall provide feedback to the Data Subject on either the completion of the request or any potential collateral impact that may derive from implementing the requested objection to Processing, asking for additional confirmation prior to implementing the request. This right may be exercised by submitting a request as defined in the procedure stated below in this section.
[CCPA] Right to opt out of sales – We do not “sell “ your data
[CCPA] Right to be free from discrimination – You may exercise any of the above rights without fear of being discriminated against. We are, however, permitted to provide a different price or rate to you if the difference is directly related to the value provided to you by your data.
For any of the above-mentioned CCPA related rights, you may designate an authorized agent to make a request on your behalf. In the request, you or your authorized agent must provide including information sufficient for us to confirm the identity of an authorized agent. We are required to verify that your agent has been properly authorized to request information on your behalf and this may take additional time to fulfil your request.
We will use the information you provide to make your CCPA rights requests to verify your identity, identify the personal information we may hold about you and act upon your request.
We strongly recommend that you submit the email and postal address that you used when you created accounts, ordered subscriptions or signed up for a newsletter. After you submit a CCPA rights requests you will be required to verify access to the email address you submitted. You will receive an email with a follow-up link to complete your email verification process. You are required to verify your email in order for us to proceed with your CCPA rights requests. Please check your spam or junk folder in case you can’t see the verification email in your inbox.
[GDPR] Right to data portability – The right to receive the Personal Data pertaining to that Data Subject, in a structured, commonly used and machine-readable format as well as the right to transmit such Personal Data to another controller without hindrance. We will share the Personal Data over a secure channel, and that (depending on the type of Data as well as volume) may imply the need to convey a “password” via an alternative communication channel to the Data Subject to ensure authorized secure access. Customers may directly amend existing information on our website user account area or by submitting a request as per herein defined ahead in this document which is the application process for those Data Subjects who are not our Customers.
[GDPR] Right to be informed about a Personal Data Breach – The Data Subject has the right (and it is the Controller’s obligation by law to ensure it) to be informed of any unauthorized disclosure or potential disclosure of his/ her Personal Data to unauthorised 3rd parties within 72 hours of its occurrence.
[GDPR] Right to lodge a complaint with a supervisory authority – The right to lodge a complaint regarding our Processing activities over his/ her Personal Data towards any of the EU Member States data protection Supervisory Authorities. We are also available to provide any clarification towards those Data Subjects who may feel that it’s Processing of the Personal Data that pertains to them has negatively impacted them or somehow breached their rights under GDPR and/ or the right to Privacy, having such Personal Data processed in a secure manner and Confidentiality assurance. Data Subject may submit a complaint via the request process as per herein defined ahead.
You are not required to pay any charge for exercising your rights, unless the you repeat the same request in sequence within the same calendar year. If you make a request, we have one month to respond to you.
If you wish to make a request please contact us at email@example.com or by post to Altada Group, 4 Careys Lane, Cork City.
How to exercise your rights/ complain
You also have a right to make a data protection complaint to the Office of the Data Protection Commissioner in Ireland. You can contact them at httpss://www.dataprotection.ie/en/contact/how-contact-us should you believe that we have not met our obligations or think we are mishandling your personal data, however we would encourage you to contact us in the first instance so that we have an opportunity to resolve any issue.
Under the scope of Personal Data Protection, the Data Subjects may address us via:
- a written request, accompanied by all necessary information, to the following address: The Altada Group , 4 Careys Lane, Cork City Ireland
- an e-mail to firstname.lastname@example.org
The exercise of Data Subjects’ rights as some other “interactions” requires the univocal identification of the person submitting such request as being, in fact, the Data Subject to whom such Personal Data pertains to, hence we may have to set in place a process or mechanism that allows it to document having undergone such assertive identification.