Last Update: August 31st, 2022
ENTRY INTO FORCE: 16TH AUGUST 2022
#1. GENERAL INFORMATION
- Hereinafter, any person who is registered to the Site shall be referred to as "Member". Any person who visits the Site without registration shall be referred to as "User". Altogic hereby acknowledges its Data Controller status in terms of Members and Users of the Platform.
- Altogic provides a backend application development and execution platform to its Members. Therefore, Members of the Site are developers or designers who intend to use the Altogic services to develop their backend applications which they open to use of third-party end-users ("End Users").
- Altogic concludes a valid Data Processing Agreement with all Members of the Platform as a condition of membership and does not control the processing of End-User personal data.
#2. WHAT IS PERSONAL DATA?
#3. ON WHAT BASIS DO WE COLLECT OR USE PERSONAL DATA?
- You have given us consent;
- Processing is necessary for our legitimate business interests or those of a third party: provided this does not override any interests or rights that you have as an individual.
- Processing is necessary in order to enter into or perform a contract with you
- Processing is necessary for compliance with our legal obligations
- Processing is necessary for legal claims
- Processing is necessary for substantial public interest.
- Below you will find detailed information on the basis that we collect and use your personal data. If we look to use your personal data for any other purpose not covered in this privacy notice, we will let you know about any proposed new purposes before using your personal data in this way.
- We do not collect personal data for the purpose of sale of such information in a way that specifically identifies the individual (i.e., we don't sell Member information).
- We may provide you with marketing information about our services or products where you have indicated your consent for us to do so (to the extent that we are required to collect consent under data protection laws). We may contact you by mail or email, phone and electronic notifications (where you have agreed to those methods of communication) to provide you with the information on your requested service or product. We may also provide you with information, special offers, research, promotions, and similar products and services. Where you have indicated your consent to us doing so, we may also pass your details to our group companies. You may change your marketing preferences at any time from your account settings.
- We will also provide you with access to, or transfer your personal data at your written request, provided that we aren't legally restricted from doing so or otherwise prevented from doing it due to circumstances beyond our reasonable control.
- If we are relying solely on your consent to process your personal data, you may withdraw your consent to our processing of your personal data at any time; however, withdrawing consent may result in your inability to continue using some or all of the services in the Site. Please note that the withdrawal of your previous consent this will not affect the lawfulness of the processing before its withdrawal, nor will it affect the processing of your personal data conducted in reliance on lawful processing grounds other than consent.
- Legitimate Interest
- Sometimes our collection and use of your personal data may not depend on your informed consent but our legitimate interests. It is in our legitimate interests to collect your personal data as it provides us with information that we need to provide our services to you and to make our Platform available.
- This requires us to carry out a balancing test of our interests in using your personal data (for example, in order to provide you with access to the Platform, against the interests you have as a citizen and the rights you have under Data Protection Law (for example, to not have your personal data sold to third party marketing companies without your knowledge).
- The outcome of this balancing test will determine whether we may use your personal data in the ways described in this privacy notice. We will always act reasonably and give full and proper consideration to your interests in carrying out this balancing test.
- Our legitimate interests are: managing our business and relationship with you or your company or organization; understanding and responding to inquiries and Member and User feedback; understanding how our Members and Users use the Platform; identifying what our Members and Users want and developing our relationship with you, your company or organization; improving our Platform and offerings; managing our supply chain; developing relationships with business partners; sharing data in connection with acquisitions and transfers of our business.
- Contractual Performance
- In short, we are permitted to hold and process some of your personal data because it is necessary to do so in order to provide you access to, and to enable you to make use of, the Platform. Without this personal data, we could not provide you with access to the Platform.
- Legal Obligations and Legal Claims
- We are permitted to process your personal data where it is necessary for compliance with our legal obligations. We are also permitted to process your personal data where it is necessary to establish, pursue or defend a legal claim.
- We may disclose your personal data to third parties without your consent if we have reason to believe that disclosing this information is necessary to identify, contact, or bring legal action against someone who may be causing injury to or interference with (either intentionally or unintentionally) our rights or property, other users of the Services, or anyone else (including the rights or property of anyone else) that could be harmed by such activities. We may disclose personal data when we believe in good faith that such disclosure is required by and in accordance with the law.
- Substantial Public Interest
- We are permitted to process your personal data where it is necessary for reasons of substantial public interest, on the basis of data protection laws.
#4. USE OF COLLECTED DATA
- We use your personal data to help us provide and support (the services on) our Platform. This section provides you with details of what personal data we use and why we use it.
- What Data Do We Use?
- We collect information directly from you and in some instances from third party service providers whom you authorize to share your information with Altogic.
- Naturally, we collect more personal data from you when you sign up to the Platform as a Member. As a Member you more personal data including:
- contact information such as your username, email address;
- user picture or "avatar" (in case it contains your personally identifiable information);
- details of your correspondence with us;
- technical information, such as your Internet Protocol (IP) address used to connect your computer to the internet, your login information, browser type and version, screen resolution, flash version, time zone setting, browser plug-in types and versions, operating system, platform and traffic data, cookies data, web logs and other communication data, and details of the resources that you access, as well as your sessions records, which we collect from you when you access the Platform; and
- any other information you provide to us.
- For registering as a Member on our platform, the provision of a username, email (which may contain your first and/or last name,) and password is mandatory: if relevant data is not provided, then you will not be able to create an account. Alternatively, you may login using third party service providers as explained above. For subscribing to any of our paid Services or participation in the Marketplace, the provision of payment and address information is mandatory: if relevant data is not provided, then we will not be able to receive your payment, send you an invoice and process the transaction. All other provisions of your identifier information (real name, alias or user name, postal address, telephone or mobile contact number, job title, company name, profile picture) are optional. For example, if you do not provide us with your phone number, we would not be able to call you to provide you with more information about the products you may be interested in.
- You are able to view and update much of the information collected about you through your account settings. Please note that if you sing in using a third-party service provider, we cannot allow you to change your email address information.
- As a Member, please remember that if you use the Site to develop and operate an application which collects personal data about other people, you represent that you have read and understood the Data Processing Agreement and agree to be bound by the conditions thereto. In these instances, as the Data Controller of such data you further represent that the individuals to whom this data relates have been informed of and understand the reason(s) for obtaining the data and the manner in which this information will be used and disclosed, and have consented to such use and disclosure.
- Why Do We Use Your Data?
- Service provision: we use the information to carry out and administer the platform which enables you as Members to develop and/or operate the backend software of applications. For the purpose of service provision, we use your personal information to manage your account, to provide the Services, to maintain our customer/visitor lists, to respond to your inquiries or provide feedback, for identification and authentication purposes, for service improvement, and to address issues such as malicious use of the Services.
- Communication: sending emails, newsletters, and other messages to keep you informed of the Platform. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link. We also use the personal data to deal with inquiries and complaints made by you relating to the Platform and to address your questions, issues, and concerns;
- Site monitoring: to check the Platform and our other technology services are being used appropriately and to optimize their functionality for the purpose of administering and improving our Services.
- Platform optimization: improve, test, and monitor the effectiveness of our Platform and diagnose or fix technology problems;
- Managing suppliers: we use information to manage suppliers who deliver services to us;
- Easy access: to help you efficiently access your information after you sign in and to remember information so you will not have to re-enter it during your visit or the next time you visit the Platform;
- Statistics: monitor metrics such as total number of visitors, traffic, demographic patterns, and patterns in our test results (on an anonymized and aggregated basis);
- Development: develop and test new products and features.
- A cookie is a commonly used automated data collection tool. Cookies are small text files that are placed on your computer or device by websites that you visit or HTML-formatted emails you open, in order to make websites work, or work more efficiently, as well as to provide information to the owners of the Site.
- We use persistent cookies to save your login information for future logins to the Site. We use session cookies to enable certain features of the Site, to better understand how you interact with the Site and to monitor aggregate usage by users and web traffic routing on the Site. Unlike persistent cookies, session cookies are deleted from your computer when you log off from the Site and then close your browser.
- You can set up your browser options, to stop your computer accepting cookies or to prompt you before accepting a cookie from the websites you visit. If you do not accept cookies, however, you may be unable to access certain parts of our Site or to receive certain Services.
- Your browser may feature a preference which alerts websites you visit that you do not want them to collect certain information about you. This is referred to as a Do-Not-Track ("DNT") signal. Please note that our Site may not recognize or take action in response to DNT signals from your browser.
#6. WHERE WE STORE YOUR DATA
- The personal data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area ("EEA") or the UK. It may also be processed by staff operating outside the EEA or the UK who work for us or for one of our suppliers or partners. Such staff or subcontractors maybe engaged in, among other things, the processing of your payment details or the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing outside of the USA, EEA or the UK.
- Our Site is accessible via the internet and may potentially be accessed by anyone around the world. Other users may access the Site from outside the EEA or the UK. This means that where you chose to post your data on our Site, it could be accessed from anywhere around the world and therefore a transfer of your data outside of the EEA or the UK may be deemed to have occurred. You consent to such transfer of your data for and by way of this purpose.
#7. DISCLOSURE OF YOUR PERSONAL DATA
- We do not sell, lease, rent or give away the information collected about you without your permission. We only disclose your information as described below. If we disclose your information, we require those we share it with to comply with adequate privacy and confidentiality requirements, and security standards.
- We may disclose your personal data to third parties without your consent if we have reason to believe that disclosing this information is necessary to identify, contact, or bring legal action against someone who may be causing injury to or interference with (either intentionally or unintentionally) our rights or property, other users of the Services, or anyone else (including the rights or property of anyone else) that could be harmed by such activities. We may disclose personal data when we believe in good faith that such disclosure is required by and in accordance with the law. In certain instances, it may be necessary for Altogic to disclose the information that we've collected about you to government officials or otherwise as required by applicable law. No personal data will be disclosed to any law enforcement agency or governmental agency except in response to:
- A subpoena, warrant or other process issued by a court of competent jurisdiction;
- A legal process having the same consequence as a court-issued request for information, in that if Altogic were to refuse to provide such information, it would be in breach of local law, and it or its officers, executives or employees would be subject to liability for failing to honor such legal process; or
- Where such disclosure is necessary for Altogic to enforce its legal rights pursuant to the laws of the jurisdiction from which such information was gathered.
- Service Providers Processing Data on Our Behalf
#8. RETENTION OF YOUR PERSONAL DATA
- We will retain your personal data for as long as needed to fulfill the purpose for which we collected it and for a reasonable period thereafter in order to comply with audit, contractual, or legal requirements, or where we have a legitimate interest in doing so. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
- When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
- We may retain aggregated or de-identified data indefinitely or to the extent allowed by applicable law. We may retain personal data preserved in automatically generated computer back up or archival copies generated in the ordinary course of our information technology systems procedures.
- No purpose in this notice will require us keeping your personal information for longer than twelve (12) months past the termination of the member's account, unless as necessary to comply with our legal obligations, resolve disputes, prevent and detect fraud, and enforce our agreements.
#9. SECURITY POLICY
- Please note that you are also responsible for helping to protect the security of your personal data. For instance, never give out the credentials you use in connection with accessing the Site, so that other people will not have access to your personal data. Furthermore, you are responsible for maintaining the security of any personal computing device on which you utilize the Services. To help you identify any unauthorized access to your account, your account settings provide you with an "Account Security" and "Security Log" tab. " Account Security" tab allows you to view a list of devices that have logged into your account. You can sign out any sessions that you do not recognize. If you lost your phone/device or left yourself logged in on a public computer, then you can also sign out everywhere except your current session. " Security Log" tab allows you to view a historical set of records that provide information on the sequence of activities that have affected your account and profile information. Using security logs, you can view all changes that have been made to your account and profile.
- We are not liable for disclosure of data due to errors in transmission, unauthorized access or acts by third parties, or omissions or acts beyond our reasonable control. Although we employ commercially reasonable measures of security, we also cannot guarantee that your personal data may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards by persons or systems with malicious intent.
- We have implemented the following security measures to protect its product or service:
- The (database) servers can be accessed only via Altogic's trusted network locations.
- Procedures are in place, which means only authorized personnel have access to the personal data. A non-disclosure and confidentiality agreement ensures this still applies when a member of staff leaves the company.
- All mobile carriers (such as laptops, USB sticks and portable HDs) of Altogic are encrypted.
- Our web servers and database servers are firewall-protected.
- All data within Altogic will be stored as securely as possible.
- Encryption will be used when possible.
- All data will be transmitted with the highest possible form of encryption that is supported.
#10. MANAGING YOUR ALTOGIC MEMBER STATUS AND ACCOUNT
- Username: Altogic Members are required to assign themselves a username that uniquely identifies you on Altogic. Your username may contain personal data such as your real name, surname or other identifier. You can change your Altogic username at any time. However, please beware that if you change your username, your old username becomes available for anyone else to claim. Most references to your Member profile under the old username automatically change to the new username.
- Deactivating Your Account: Deactivating your account will stop all services for applications that you own, meaning that all environments of owned applications will be moved to "deactivated" status and will not accept any incoming RESTful api requests. Your design and application data at your environments will not be impacted and your data will be kept intact. After deactivation, you will automatically signed out from all your sessions and you will not be able to sign in again to your account until you reactivate it again during sign in.
- Deleting Your Account: Deleting your account will stop all services for applications that you own, permanently delete all owned application and design data and profile information. For applications in which you are a team member (not owner) some information, like messages you sent to other team members, comments you have added to design entities and your action logs, may still be visible after you delete your account. Once you delete your account, there is no going back. Please be certain. We will be sorry to lose you.
#11. DATA LEAK PROTOCOL
- In the unfortunate event that something does go wrong, Altogic will follow the following data breach protocol to ensure that data subjects are notified of incidents.
- A relevant internal data breach procedure is in place. Altogic will set up a team in order to analyze the cause, the impact and the affected Members and Users. Depending on the outcome of this analysis, Members/Users will be notified as soon as possible.Members shall be notified within 24 hours of Altogic's learning of the data leak if possible. If required by any applicable law, Altogic shall also notify any applicable Data Protection Authority about the leak.
- Altogic will provide highly detailed information about:
- The nature of the breach, including a description of the incident, the nature of the personal data or categories of affected data subjects, an estimate of the number of affected data subjects and databases that may be affected, as well as an indication of when the incident occurred;
- Any measures already taken by Altogic in order to stop the breach;
- Any measures to be taken by the affected data subjects (what can the affected data subjects themselves do, such as "keep an eye on your e-mails, change your passwords", etc.);
- Any measures to be taken by Altogic in order to prevent a future breach.
#13. QUESTIONS AND REQUESTS ABOUT YOUR PERSONAL DATA
- As a Member or User of Altogic you may request the following from Altogic as Data Controller;
- Access to your personal data.
- Rectification or deletion of your personal data.
- A restriction on the processing of your personal data.
- Object to the processing of your personal data.
- A transfer of your personal data (data portability) in a structured, machine readable and commonly used format.
- Withdraw your consent to us processing your personal data, at any time
- Please not that withdrawing your consent is only effective provided that consent is the only basis for the processing of relevant personal data. Similarly, even if you request the deletion of any personal data, we will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
- Please note that if you are the end-user of any application developed and/or operated by a Member, as Altogic is only the data processor in such situations, you must direct any request relating to your personal data to the relevant data controller (Member).
#14. CONTACT US
You can contact us via post or email.
1401 Pennsylvania Ave, Unit 105,
Wilmington, New CastleCounty
[email protected] with "Privacy" in the subject line
If you are a Member, you can also contact us through the Feedback tab in your Accounts.
If your letter or email involves one of the requests listed above in the section titled "Questions and Requests About Your Personal Data", we may ask you to verify your identity before fulfilling your request depending on the method of your request.