Privacy

Introduction

AltoStack Ltd. Jubilee House, East Beach, Lytham St.Annes, Lancashire, England, FY8 5FT (“AltoStack”, “we”, “us”, “our/s”) is, as a rule, the controller of your personal data submitted through this website or directly or indirectly collected in other ways described in this privacy notice (“Privacy Notice”).

Our website is not designed or directed at children. We do not intentionally collect, maintain, or distribute information about anyone under the age of 13. If we become aware that we have inadvertently received personal data from a user under the age of 13, we will delete the information from our records.

This Privacy Notice describes our policies and practices regarding collection and use, as well as sharing of your personal data, and sets forth your privacy rights. We recognize that information privacy is an ongoing responsibility, and so we will from time to time update this Privacy Notice as we undertake new personal data practices or adopt new privacy policies.

Data Protection Officer

AltoStack has appointed internal data protection officer(s) for you to contact if you have any questions or concerns about our personal data policies or practices. The email of the AltoStack Data Protection Office is DPO@altostack.io.

How we collect and use (process) your personal data

1. Personal data we process:

We process the following categories of personal data:

• information about your computer and about your visits to and use of this website (including your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths and information collected via cookies and other technologies (see below));
• information you provide to us

• when applying for a job at AltoStack (including your CV, contact information, address etc.);
• for the purpose of subscribing to our email notifications and/or newsletters (including your name and email address);
• when using the services or ordering trainings, or information which is generated in the course of the use of those services (including the timing, frequency and pattern of service use);
• to participate in AltoStack events, live or web conferences; and
• through this website (including correspondence with us, communication content and metadata associated with the communication);

• your publications, blogs, interviews, opinions, etc.;
• any other personal data you provide to us in addition to the data listed above (i.e. the personal data of a referral).

You can find more details on which data is collected for which purposes in part 4 of this Notice.

2. Personal data we get from third parties

We receive personal data from third parties, e.g. if you publish your CV in the internet on career portals or professional networks, if someone recommends you for potential employment with AltoStack or if your employer signs you up for training or certification with an entity of the AltoStack.

3. What happens if you don’t give us your personal data

It is required for AltoStack to process some personal data in order for us to communicate with you, supply you with our services, and to authenticate you. You can provide only the minimal amount of information (name and contact information) to your profile if you wish, and you can edit your profile at any time.

Please note, that if you do not give us your personal data, we most likely will not be able to communicate with you and provide you with our services described below.

4. Purposes of personal data use, legal bases

Depending on the relationships we have or want to establish with you, we use your personal data for the following purposes based on the legal grounds set forth hereunder.

4.1. Communications, based on AltoStack legitimate interest (art. 6 para. 1 f GDPR) or based on your consent (art. 6 para. 1 a GDPR):

• if you have contacted us via this website or otherwise, we process your name, contact details, location and other information you provided to us to be able to answer your questions, to organize the (virtual) meeting, call or other communication, to enable you to publish your materials, interviews, opinions, comments, blogs, podcasts, photos and videos, to organize your participation in interactive features of our service when you choose to do so;
• If you have given your consent, the aforementioned communication via (virtual) meetings may be recorded and stored by AltoStack representative in AltoStack corporate system (if and to the extent permitted under applicable laws).

4.2. Your website visits, marketing and public relations, based on your consent (art. 6 para. 1 a GDPR):

• if you are a visitor of our website, we process as applicable your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, log files, interactions with our website and with our online campaigns, information you provided via website forms, services purchased (value, date, type, payment details), publicly available professional information about you, data sources, notes and remarks to carry out marketing research and to analyze the characteristics of this website visitors, to assess the impact of our marketing communication and to adjust it to the detected tendencies, to plan our future marketing activities, to prepare analytics and profiling for business intelligence, to personalize service and communications for you, to target our advertising, to provide direct marketing of the same, or similar, or related products and services; including also sharing and marketing within AltoStack
• if you are our subscriber of our marketing materials, we process your personal data to provide you with promotional materials; make announcements about additions and changes concerning our services; personalize this website and our marketing communication for you; send you e-mail notifications (e.g. about the job vacancies or organized events); send you our email newsletters and magazines (you can withdraw your consent at any time with effect for the future if you no longer interested in these materials); send you marketing communications relating to our business which we think may be of interest to you.

4.3. Trainings and events,

based on our contract with you (art. 6 para. 1 b GDPR):

• when you purchase courses or trainings via this website, we conclude a contract with you and in order to fulfil such contract, we process your personal data such as full name, contact details, address, passport data, payment details (if you pay yourself), your employer, position (if employer pays) your attendance records, result of an exam. We will process such data for the following purposes: to enter into agreement with you or your employer, organizing a visit and passing the training, passing the exam, issuing a certificate of passing the training, inviting you to our future trainings or courses. You can manage your personal data in your personal account here.

or based on AltoStack legitimate interest (art. 6 para. 1 f GDPR):

• if you have visited or intend to visit our event or participate in our conference, we process your full name, contact details, position, employer, communication and topic preferences, specialization, professional experience, gender, t-shirt size, tests results, photos and videos (to the extent permitted by law) with you from AltoStack events, to invite you and to organize your participation in our existing and future events/conferences.

4.4. Recruitment, internship, referral, relocation,

based on your consent (art. 6 para. 1 a GDPR):

• if you are a potential candidate, we process your full name, contact details, your CV and specializations, social media profiles, date of birth, education history, references, employment history, notice period at current employer, degrees, professional skills, personal/professional interests, language skills, salary expectations, relocation interests, family status, citizenship, certifications, testing results, publicly available professional information about you to assist you with future employment or internship in AltoStack or its client, to enable you to submit your resume, apply for jobs online or to use the website otherwise.

or based on AltoStack legitimate interest (art. 6 para. 1 f GDPR):

• in specific cases, and only upon the client’s request, we show your CV to a potential client for business engagement or to current client to confirm the high level of skills of our members of staff providing the services. Also, to fulfill its compliance obligations our clients need to check your biography more closely before providing with the access to its protected data and facilities, so we may – subject to compliance with applicable laws – ask you, to provide more specific information such as tax number, work permission, citizenship, criminal background and, other additional and specific background checks required by particular clients to provide you with an access to clients’ systems and premises.
• if you are a candidate for relocation, we process your full name, position, contact details, passport details, date of birth, place of birth, registered address, photo, visas, citizenship, your salary expectations and your offer, CV, data on your relocated family members, other data per the request of a competent migration authority, to organize your relocation and employment in one of the countries of our global presence.

or based on our contract with you (art. 6 para. 1 b GDPR):

• if you would like to refer another person to us for recruitment, you must obtain that person's consent. We will seek a confirmation of this fact from the referred person.

4.5. Business relations, based on AltoStack legitimate interest (art. 6 para. 1 f GDPR):

• if you are a representative of our current/potential client, vendor, business partner or investor, we process your full name, contact details, current and previous positions, current and previous companies you represent, activities in relation to sales process, data on our communications with you, content and results of such communications, our internal notes about you, data on your position and publicly available professional information about you to develop and/or maintain business relations and communications with AltoStack, to engage a new business with the company you represent, to provide you with the status/details/other information about our works and services, to organize the approval, processing and signing of contracts, acts, invoices and other contractual documentation, to invite you to meetings, events and organize them, to comply with Sarbanes-Oxley Act (SOX), economic sanctions and export control list screening, industry watch-lists, industry standards, regulators’ requirements and other requirements related to anti-corruption, fraud prevention and anti-money laundering.

4.6. Corporate and investor relations, based on AltoStack compliance obligations (art. 6 para. 1 c GDPR):

• if you are a current/potential director or top manager of AltoStack legal entity, we process your full name, contact details, position, professional background, education, affiliation, shareholding, conflict of interest, ID/passport data, citizenship, bank details, remuneration, travel details and representative expenses with respect to organize your participation in corporate meetings, events or SOP programs, business travel, to pay your remuneration, to cover related expenses, to maintain our corporate records, to make obligatory public disclosures and reports, to execute auditor’s requests, to present the company and its management during the sale process and to perform other legal obligations. We also share this information within the AltoStack, provide some of this data to banks, share registrar, notary, payroll agencies and legal advisors with the purpose of opening of corporate bank account or other accounts.
• if you are a current/potential shareholder or affiliate of AltoStack legal entity, we process your name, contact details, ID, shareholding account, type and number of shares, number of votes and personal data of your representative to organize your participation in corporate meetings and events, to provide you with the meetings’ materials and our reports, to support you in execution of your shareholder’s rights, to make obligatory public disclosures and reports, to execute auditor’s requests and to perform other legal obligations, including anti-money laundering requirements (disclosure of beneficiaries).

4.7. Security, based on AltoStack legitimate interest (art. 6 para. 1 f GDPR):

• if you are a visitor of this website, we process the personal data you uploaded, data automatically collected about you or your device in accordance with this Privacy Notice, to keep this website secure, prevent fraud, protect rights and interests of AltoStack and third parties, protect IP rights.
• if you are a visitor of our office, we process your full name, ID, time of entrance-exit, time spent at the office, CCTV records and the name of person which invited you, to monitor physical access and to ensure security in our office, to prevent, detect and investigate any crime, misconduct, incident or accident.

4.8. Merger & acquisition, integration process, based on AltoStack legitimate interest (art. 6 para. 1 f GDPR):

• if you are an employee, candidate, manager, shareholder, investor, business partner of a company we intend to buy or already bought, we process your personal data for the same purposes and on the same legal basis as this target company did. We will provide you with the specific privacy notice or will request a consent if necessary.
• other purposes for which we will provide you with an individual Privacy Notice.

5. Recipients of personal data

To the extent permitted by applicable data protection laws, your personal data be transferred between various locations of AltoStack insofar as reasonably necessary for the purposes set out in this Privacy Notice and within the scope of legitimate interest of AltoStack. Within the AltoStack only employees and departments with a “need to know” have access to your personal data and only to the extent necessary to fulfil the processing purpose.

We transfer your personal data to the following categories of recipients, who are usually processors, outside the AltoStack:

• our clients to perform our contractual obligations towards you
• service providers for the operation of our website and the processing of personal data stored or transmitted by our systems (e.g. hosting or service providers for data centre services, payment processing or IT security);
• consultants and service providers as independent controllers or joint controllers (e.g. insurance companies or accounting service providers);
• persons who are subject to professional secrecy or are obliged to maintain confidentiality, for example lawyers, tax consultants and auditors (e.g. in connection with any ongoing or prospective legal proceeding or to establish, exercise or defend our legal rights);
• government agencies/authorities and other public institutions, insofar as this is necessary to comply with legal obligations or in connection with any ongoing or prospective legal proceeding;
• persons involved in carrying out our business operations (e.g. auditors, banks, insurance companies, legal advisors, regulatory authorities, parties involved in company acquisitions or the establishment of joint ventures); and
• recipients in the course of any reorganisations, mergers, disposals or other transfers of assets in which case we ensure that the disclosure complies with applicable data protection law.

Where we use third party service providers who are data processors, these third parties are subject to contractual obligations (e.g. a data processing agreement). They will only process your personal data in accordance with our prior written instructions and must take measures to protect the confidentiality and security of your personal data.

6. International transfer of personal data

Due to the international nature of our business, we will – insofar as reasonably necessary for the purposes set out in this Privacy Notice and within the scope of applicable laws – transfer your personal data to other entities within the AltoStack and to the group of third party recipients listed above who can be located outside the European Union (EU) and/or the European Economic Area (EEA) (“Third Countries”). The Third Countries concerned, e.g. the USA, may not have the level of data protection that you enjoy under the GDPR. This can result in disadvantages such as an impeded enforcement of data subjects’ rights, a lack of control over further processing and access by state authorities. You may only have limited legal remedies against this.

Insofar our transfer of your personal data to recipients in Third Countries is not covered by an adequacy decision of the EU Commission, we achieve an adequate level of data protection by concluding (i) standard contractual clauses of the European Commission or by means of (ii) binding corporate rules of AltoStack (which all entities of the AltoStack have adopted) or those of our business partners and we supplement these transfer mechanisms with further contractual, technical and organisational measures as necessary. Copies of the relevant transfer mechanisms are available through our data protection officer.

7. Your rights

You have the following rights in relation to your personal data:

• right to obtain confirmation whether we process your personal data;
• right of access to and the right to receive a copy of your personal data;
• right of rectification;
• right to erasure (“right to be forgotten”);
• right to restriction of processing; and
• right to data portability.

Right to object: You have a general right to object, on grounds relating to your particular situation, if we process your personal data on the basis of our legitimate interest. This means that the reasons you give for your objection must not result from the processing situation as such, but must be justified in your person individually. We will no longer process your personal data, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

Withdrawal of consent: You can withdraw consent at any time by contacting us at DPO@altostack.io. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

Right of appeal: In the event of a (alleged) breach of applicable data protection laws, you can lodge a complaint with a supervisory authority in particular in the EU Member State of your habitual residence, place of work or place of the alleged infringement.

Automated individual decision-making: We do not make decisions based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you.

If you wish to execute any of these rights, please contact our data protection officer at DPO@altostack.io at any time. Under the GDPR, we are bound to comply with your request without undue delay and in any event within one month of receipt of the request. This period can be extended by a further two months if necessary, considering the complexity and number of requests. We will inform you of any such extension, together with the reasons for the delay, within one month of receipt of the request.

8. Special note to employment applicants

If you intend to provide us with personal data for a prior supervisor, reference, or other third party and notwithstanding our own responsibility under applicable data protection laws, it is your responsibility to obtain such third party’s consent to provide this information to us. You are responsible for the information that you provide or make available and you must ensure that it is legal, truthful, accurate, and in no way misleading. You must ensure that the information you provide does not contain any material that is infringing on any rights of any third party, or otherwise legally actionable by such third party.

9. Storage period

As a rule, we will only store your personal data on our servers, and on the servers of the cloud-based database management services the AltoStack engages for as long as is necessary to achieve the purposes set out in this Privacy Notice. Personal data that we are processing based on your consent will be kept until the consent is revoked, unless otherwise prescribed by applicable legal requirements and presuming that it is necessary for the purpose of processing. We delete or anonymise your personal data after the processing purpose is fulfilled or if your revoke your consent, unless applicable legal requirements require or enable us to further store your personal data.

Further retainment of information and documents (including electronic documents) containing personal data can be required:

• to the extent that we are required to do so by law to fulfil statutory retention and documentation obligations (e.g. for accounting, book-keeping and tax purposes); and
• if the information/documents are relevant to establish, exercise or defend our legal rights any ongoing or prospective legal proceedings (for the duration of the longest applicable statute of limitation periods)

With regard to the use and retention period of cookies, please see the cookie section below.

10. Security of personal data

To help protect the privacy of data and personally identifiable information you transmit through use of this website, we maintain physical, technical and administrative safeguards.

We update and test our security technology on an ongoing basis. We restrict access to your personal data to those employees who need to know that information to provide benefits or services to you. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your information.

If any personal data leak occurs we will do everything to eliminate it and to assess a level of risk connected with the leak according to our Personal data breach policy. If it turns out the leak may lead to physical, material or non-material damage for you (e.g. discrimination, identity theft, fraud or financial loss) we will contact you without undue delay unless the law provides otherwise.

11. Amendments

As privacy laws, interpretations of state bodies, recommendations of privacy authorities may change from time to time, this Privacy Notice is therefore subject to regular revision. Any changes to our Privacy Notice will be posted on this page so that you are always aware of our policies. Additionally, we will update the “last updated” date below.

12. About cookies and other technologies

Our website contains cookies and other technologies (e.g. pixels, scripts) (together “Cookies”). Cookies are used to make our website user-friendly, effective and secure. Cookies are, for example, small text files that are stored on your terminal device and contain personal data such as personal settings and login information.

We use the following categories of Cookies on our website:

• Targeting Cookies: These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
• Functional Cookies: These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.
• Performance Cookies: These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.
• Strictly Necessary Cookies: These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

We use first and third party Cookies. First party Cookies come from our platform and send information only to us; third party Cookies are placed on our website by third parties and send information about your device to other companies that recognise that Cookie. We use session Cookies or persistent Cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed. To the extent the Cookie providers are located in Third Countries, e.g. the USA, such Third Country may not have the level of data protection that you enjoy under the GDPR. This can result in disadvantages such as an impeded enforcement of data subjects’ rights, a lack of control over further processing and access by state authorities. You may only have limited legal remedies against this.

This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files stored on your computer to enable analysis of website usage by you. The information about your website usage generated by the cookie (including your IP address) will be transferred to a Google server in the U.S. and stored there. Google uses this information to evaluate your use of the website, to prepare reports on website activity and to provide other services associated with website activity and internet usage to website operators. Google may also share this information with third parties, if required by law, or if such third parties process the data on Google’s behalf. The IP-address that your browser conveys within the scope of Google Analytics will not be associated with any other data held by Google. You can alter the configuration of your browser to refuse cookies, however please note that you may not be able to take full advantage of our website if you disable them. By using this website, you agree to the processing of data about you by Google in the previously described manner and for the above mentioned purpose.

Legal bases

The placement and subsequent processing of Necessary Cookies is based on our legitimate interest (to provide you strictly necessary technical functions of our website or to provide you with an expressly requested tele media service). The placement and subsequent processing of other Cookies is based on your consent as required under applicable laws. You can withdraw your consent at any time with effect for the future, e.g. by managing your Cookie Settings on our website.

Blocking cookies

Most browsers allow you to refuse to accept cookies; for example:

• in Internet Explorer you can block cookies using the cookie handling override settings available by clicking "Tools", "Internet Options", "Privacy" and then "Advanced";
• in Firefox you can block all cookies by clicking "Tools", "Options", "Privacy", selecting "Use custom settings for history" from the drop-down menu, and unticking "Accept cookies from sites"; and
• in Chrome, you can block all cookies by accessing the "Customize and control" menu, and clicking "Settings", "Show advanced settings" and "Content settings", and then selecting "Block sites from setting any data" under the "Cookies" heading.
• in Safari you can block cookies by clicking “Preferences” and then “Privacy”, selecting option “Always block”

Depending on the version of a browser that you use the way of blocking may vary. If it turns out that the description placed above does not match to your browser, please try to check the relevant instructions online.

Blocking all Cookies will have a negative impact upon the usability of many websites. If you block Cookies, you will not be able to use all the features on this website.

Deleting cookies

You can delete Cookies already stored on your computer; for example:

• in Internet Explorer, you must manually delete cookie files (you can find instructions for doing so at https://windows.microsoft.com/en-gb/internet-explorer/delete-manage-cookies;
• in Firefox, you can delete cookies by clicking "Open application menu" and "Privacy & Security", then go to “Cookies and Site Data”, clicking button "Clear data", select “Cookies and Site Data”, and then clicking "Clear"; and
• in Chrome, you can delete all cookies by accessing "Customize and control" menu, and clicking "Settings", "Privacy and security” and "Clear browsing data", and then selecting "Cookies and other site data" before clicking "Clear data".

Deleting Cookies will have a negative impact on the usability of this website.

13. Website Security

No data transmissions over the Internet can be guaranteed to be 100 percent secure. Consequently, we cannot ensure or warrant the security of any information you transmit to us and you understand that any information that you transfer to AltoStack is done at your own risk. However, AltoStack uses website security measures consistent with current best practices to protect its website, email and mailing lists. These measures include technical, procedural, monitoring and tracking steps intended to safeguard data from misuse, unauthorized access or disclosure, loss, alteration or destruction.

We realize there can be incidents of misuse or unauthorized program incursions, as almost every website, service and user encounters. In those instances, our goals are to move quickly to isolate the problem, ensure or restore proper functionality and minimize any inconvenience to our users. As appropriate and necessary, AltoStack will notify the relevant authorities of these incidents of misuse or unauthorized program incursions of the AltoStack website.

14. Questions, concerns, complaints

If you have any questions regarding your personal data, want to execute your rights or you have concerns or complaints, please contact us by sending an email to our Global Data Protection Officer at DPO@altostack.io. We encourage you to always contact us if you believe that your data protection rights have been impaired by an actual or assumed act of data processing. We will carefully examine your concern and advise on and honour your respective rights.