Last Updated: July 1, 2020
‘Personal data’ in this document and as described under the guidelines of GDPR means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
This Policy may be updated from time to time. Users are advised to consult this Policy regularly for any changes.
Unless otherwise defined in this Policy, terms used in this Policy have the same meanings as in the Terms of Service at altostra.com and subdomains. By using the Services, Users are consenting to the collection, transfer, processing, storage, disclosure and other uses described in this Policy, unless the Users are protected under GDPR, where those have to provide consent to the collection, transfer, processing, storage, disclosure and other uses as described in this Policy.
Our Policy applies to all Users.
What information do we collect from you?
When a User registers with us through the Website, we will request personally identifiable information from the User. This refers to information about the User that can be used to contact or identify the User (“Personal Information also known as Personal Data”). Personal Information includes, but is not limited to, the User’s email address. Additionally, we also collect the other non identifying information that you provide as part of registration and the administration and personalization of your account (“Non Identifying Information”).
Our Services also collect and maintain several types of information about User activity, including the following:
The name of the domain from which you access the Internet
The date and time you access our site
The Internet address of the website you used to link directly to our site.
Cookies are alphanumeric identifiers that we transfer to your computer’s hard drive through your Web browser to enable our systems to recognize your browser and to provide features based on who you are.
Why do we collect this information?
Altostra may use software programs to create summary statistics, which are used for such purposes as assessing the number of visitors to the different sections of our Website, what information is of most and least interest, determining technical design specifications, and identifying system performance or problem areas.
We use User’s Personal Information (in some cases, in conjunction with User’s Non Identifying Information) mainly to provide, improve and personalize the Services (including improving our algorithms), analytics purposes, and administer User account and use of the Services.
Certain Non Identifying Information would be considered a part of User Personal Information if it were combined with other identifiers in a way that enables the User to be identified. But the same pieces of information are considered Non Identifying Information when they are taken alone or combined only with other non identifying information (for example, your viewing preferences). We may combine User Personal Information with Non Identifying Information and aggregate it with information collected from other Users (defined below) to attempt to provide the Users with a better experience, to improve the quality and value of the Services and to analyze and understand how our Services are used. We may also use the combined information without aggregating it to serve you specifically, for instance, to provide the User with a specific service according to his preferences or restrictions.
Who might we share your information with?
Service Providers. We may employ third party companies and individuals to facilitate our Services, to provide the Services on our behalf, to perform Website services (e.g., without limitation, maintenance services, database management, web analytics and improvement of the Website’s features) or to assist us in analyzing how our Services are used. These third parties have access to the User’s Personal Information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose. Where possible and applicable we will also have signed DPAs with these providers in accordance with GDPR.
Compliance with Laws and Law Enforcement. Altostra cooperates with government and law enforcement officials and private parties to enforce and comply with the law. We will disclose any information about our Users to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate to respond to claims and legal process (including but not limited to subpoenas), to protect the safety of the public or any person, or to prevent or stop activity we may consider to be, or to pose a risk of being, any illegal, unethical or legally actionable activity.
What rights do you have as it pertains to your personal data?
The next rights, pertaining to your personal data, are for users who are in countries protected by GDPR:
- The right to access Personal Data relating to you
- The right to correct any mistakes in your Personal Data
- The right to unsubscribe or ask us to stop with any direct marketing
- The right for your Personal Data to be ported to another data controller (where applicable)
- The right to request your Personal Data be removed from our systems
- The right to prevent your Personal Data being processed
- The right to know if there has been a breach and your Personal Data is affected
- The right to complain to your local DPC (Data Protection Commissioner) if you believe we have not handled your Personal Data in accordance with GDPR guidelines
How do we deal with third parties?
Upon request, regarding third party providers whose services Altostra directly uses, we will supply DPAs where applicable. If you are using a third party website or service and you allow them to access your Personal Information you do so at your own risk. The Website may utilize third party services for registration procedure. We have no control over any share functionality or the content, privacy policies, or practices of any third party website. The User is subject to the policies of those third parties where applicable. Users should consult the other websites’ privacy notices, as we have no control over information that is submitted to, or collected by, these third parties.
How we handle changing, deleting your information or withdrawing consent?
Users may update, correct or delete the Personal Information in their account by contacting us. If the User completely deletes all such information, then his account may become deactivated. If you would like us to delete your record or withdraw consent in our system please contact us at firstname.lastname@example.org with a request that we delete your Personal Information from our database. We may retain an archived copy of your records as required by law or for legitimate business purposes, however, if you are under GDPR protection your information will be removed within 60 days. We can also provide a copy of this data upon request.
Should you have any further questions related to changing/deleting your personal data or withdrawing consent, please do not hesitate to contact us at email@example.com.
How do we protect your personal data?
Altostra will take all the necessary measures to prevent the loss, damage, misuse or alteration of Personal Information. The Services utilize industry-standard security technology to protect the security, integrity, and privacy of Personal Information from unauthorized third party access. Altostra will store all of User’s Personal Information on secured servers.
What we cannot guarantee and what we will do in case of a personal data breach?
In the unfortunate event that your Personal Information is compromised, we may notify our Users by email (at our sole and absolute discretion) to the last email address that have provided us by the User, in the most expedient time reasonable under the circumstances; provided, however, delays in notification may occur while we take necessary measures to determine the scope of the breach and restore reasonable integrity to the system as well as for the legitimate needs of law enforcement if notification would impede a criminal investigation.
Additionally for countries whose users are protected under GDPR and following GDPR guidelines; should there be a security breach we will notify all affected parties within 72 hours. We also have processes in place to document the breach as well as implement current and future preventive measures should there ever be a breach of any type. For any serious data breach, we will also be in contact with the DPC.
What is our policy regarding children’s personal information?
The Services are not directed to children under the age of 13. We do not knowingly collect Personal Information from children under 13. If you are under 13, please disable the provision of information to us as described in the section entitled “Changing or Deleting Your Information“. If you become aware that your child has provided us with personal information without your consent, please contact us at firstname.lastname@example.org.
How we process personal information internationally and for those protected under GDPR?
When we process Personal Information in Israel, we follow the State of Israel data protection and privacy regulations, which may not offer the same level of protection as in other parts of the world. If you are using our Services from a country other than Israel, various communications will necessarily result in a transfer of information across international boundaries. Accordingly, by using our Services, you consent to the transfer, storage and use of your data to and in the State of Israel.
For those in countries protected by GDPR, we process and handle personal information/personal data in accordance with GDPR guidelines.