Definitions and interpretation
In this privacy statement, the following definitions are used:
"Consent" means agreement, which must be freely given, specific, informed and be an unambiguous indication of the Data Subject's wishes by which they, by a statement or by a clear positive action, signify agreement to the Processing of Personal Data relating to them.
"Data controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;
"Data processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
"Data Protection Legislation" means Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR), California Consumer Privacy Act, Brazilian Civil Rights Framework for the Internet (Law 12,965/2014), Decree 8,771 of 11 May 2016 (Decreto N 8.771 de 11 de Maio de 2016) and any other European Union or Brazilian legislation relating to personal data and all other legislation and regulatory requirements in force from time to time which apply to a party relating to the use of personal data (including, without limitation, the privacy of electronic communications).
"Data subject", "You", "your" means:
● Visitors to our websites;
● Prospective or existing customers and partners;
● Data Subjects receiving services from the Customer.
"Personal data" means any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
"Processing" means any activity that involves the use of Personal Data. It includes obtaining, recording or holding the data, or carrying out any operation or set of operations on the data including organizing, amending, retrieving, using, disclosing, erasing or destroying it.
Who we are
For the purpose of the Data Protection Legislation the data controller ("Albato", "we", "us" and "our" ) is Albato Ltd, a company incorporated in Cyprus having its registered office at Vasilissis Freideris, 34 Flat/Office 106, 1035, Nicosia, Cyprus.
Personal data we may collect from you
The information you may provide us is Personally Identifiable Information that identifies an individual or may with reasonable efforts cause the identification of an individual, and may include the following data:
Contact Data includes billing address, delivery address, email address and telephone numbers, Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us, Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website, Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses, Usage Data includes information about how you use our website, products and services, Marketing and Communications Data includes your preferences in receiving marketing from us.
Customer personal data
When we processes any personal data on your behalf, you are the controller and we are the Processor for the purposes of the Data Protection Legislation.We only will process that personal data only on your explicit instructions, notify you without undue delay on becoming aware of a personal data breach; at your direction, delete or return personal data and copies thereof, unless required by Applicable Law to store the personal data;
If you connect your apps or services provided by other parties such as Google via your Albato integration services, certain Customer Data may be collected from your device by Google and accessed by Albato. In order to provide authentication and authorization for these processes Google APIs use the OAuth protocol. Certain types of data may be collected automatically through the use of application programming interfaces such as the Google API Services or Gmail's API (OAuth), you can find further information here: https://developers.google.com/identity/protocols/oauth2 and may include:
● The contents, metadata and related information of emails, Google calendar events and stored files when you choose to sync your App with Gmail, calendar and cloud storage services (Google Drive);
● Email addresses of your Inbox and Sent folders, when you choose to sync your apps and Gmail with your device's address book using Albato services. Please note, Albato has no access to your Contacts; and
● Customer Data that you send to Google, or data that you request from any of the Google services, automatically or otherwise. Note that, as a security precaution, if you choose to connect your apps or services provided by Google via Albato API and you request data from any of the Google services, information that identifies you or your device may also be sent in order to authenticate the request. You can revoke access at any time.
The use of any Customer Data that you send to Google by Albato is limited to the practices disclosed above and Albato only accesses this data under your explicit instructions.
We do not sell any products or services for purchase by children. If you are under 16, you may use our websites only with the involvement of your holder of parental responsibility. We do not knowingly collect personal information from children below 16 without the consent of the child's holder of parental responsibility.
Information You Provide About Others
In providing personal data about other individuals (such as someone in whose name you are registering an account or subscribing to our marketing promotions), you represent that you have notified them of (i) the purposes for which information will be used (ii) the recipients of their personal data and (iii) how they can access and correct the information. You further represent that You have obtained all necessary consents from them.
How is your personal data collected?
We use different methods to collect data from and about you including through:
You may give us your data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
· integrate our services;
· create an account on our website;
· subscribe to our publications;
· give us feedback or contact us.
Automated technologies or interactions.
As you interact with our website, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. This includes technical data from analytics providers such as Google based outside the EU;
We will keep your personal data during the performance of an oral or written contract between you and us or during the communication process related to the steps prior to entering a prospective verbal or written contract.
We may continue to retain such Personal Information even after the contract between parties terminates, as reasonably necessary to comply with our legal obligations or to protect our legitimate interests if applicable. We will use reasonable endeavours to ensure your data is up-to-date. As a data subject you have rights related to maintenance, storage and processing of your personal data. Please see paragraph "Your rights".
Unless otherwise specified, where you have indicated to us that you are happy for us to send you the information about our products and services we offer and we feel may interest you or similar to those that you have already purchased or enquired about do so, we assume you are happy for us to keep your collected personal data. We may retain your Personal Information (contact details) for as long as your User Account is active or as otherwise needed to provide you with information about our services. As the data subject you have rights related to processing of your personal data and the option of withdrawing your consent to receive promotions at any time. Please see paragraph "Your rights".
How we will use your personal data (Lawful basis for processing)
- To take steps at the request of the data subject prior to entering into a business relationship (oral or written contract):
1.1 By contacting us by means specified in paragraph "Personal Data we may collect from you", we assume that processing is necessary for the performance of a business relationship (oral or written contract) or in order to take steps prior to entering into a business relationship (oral or written contract), and therefore the lawful basis is Contract.
1.2 We will use the provided information to do our best to respond to your enquiries.
1.3 Once you enter into a business relationship (oral or written contract) with us, we will invoice our services.
1.5 We will use your contact details to provide you training on our products and services.
- Based on our Legitimate interests:
2.1 To promote our products and services online.
2.2 To collect information about how visitors use our website
2.3 Website improvement
We might use your automatically collected data such as IP address and browser data for our Website improvement, such as:
2.3.1 To administer our site and for internal operations, including data security, troubleshooting, testing, statistical and survey purposes;
2.3.2 To ensure that content from our site is presented in the most effective manner for you and for your device.
- Based on your Consent:
3.1 To send you communications, including promotional communications and advertising with your explicit consent or allow you to participate in interactive features of our service, when you choose to do so.
3.2 If you wish not to receive such promotional e-mails, you may withdraw your consent at any time by contacting us as described in paragraph "Your rights" or follow the "unsubscribe" or instructions contained in the promotional communications you receive.
- Based on our Legal obligation:
We might hold your information for as long as is necessary to comply with our and legal obligations and in accordance with our legitimate interests as a data controller after the contractual relationship between you and us elapses. The lawful basis for such retention is Legitimate interests and Legal obligation. As the data subject you have rights related to maintenance, storage and processing of your personal data. Please see paragraph "Your rights".
Disclosure of information to third parties
We do not rent, sell, or share personal information about you with other people or non-affiliated companies without your consent except to provide products or services you've requested, when we have your permission, or under the following circumstances:
● We may disclose your information to third parties when we reasonably believe we are obligated to do so by law, and in order to investigate, prevent, or take action regarding suspected or actual prohibited activities, including but not limited to, fraud and situations involving potential threats to the physical safety of any person. We may disclose or otherwise allow others access to your Personal Information pursuant to a legal request, such as a subpoena, legal proceedings, search warrant or court order, or in compliance with applicable laws, if we have a good faith belief that the law requires us to do so, with or without notice to you. Your details may also be disclosed to the police and law enforcement agencies for the purpose of fraud detection, crime prevention and national security.
Choices available to you
You can always choose whether or not to disclose personally identifiable information and that choice will not prevent you from using the Website. Please note, however, if you should choose to withhold requested information, we may not be able to provide you with some of the services offered through this website.
California Privacy Rights: We will not share any Personal Data with third-parties for their direct marketing purposes to the extent prohibited by California law. If our practices change, we will do so in accordance with applicable laws and will notify you in advance.
In European Union and some other jurisdictions you may have the following rights concerning our processing of your personal data:
Request accessto your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correctionof the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasureof your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to processingof your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processingof your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
· If you want us to establish the data's accuracy.
· Where our use of the data is unlawful but you do not want us to erase it.
· Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
· You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Request the transferof your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent at any timewhere we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
Right to lodge a complaint with a supervisory authorityif you have a concern about our information rights practices.
You can exercise your rights by contacting us at firstname.lastname@example.org