Privacy Policy EEA

If you are an individual in the European Economic Area (EEA), we collect and process information about you only where we have legal bases for doing so under applicable EU laws.

We summarise below the types of information about you that we might process;

      • how and why we process it;
      • who we share it with;
      • how long we process it for;
      • your rights in relation to the information we hold about you; and
      • what to do if you have any questions or complaints.

You can ask us to stop processing your information at any time by emailing us at connect@altisglobal.co.uk. However, even if you do ask us to stop, we may have other lawful grounds for processing your information (for example, to comply with our statutory or regulatory duties or the orders of a court).

We encourage you to read the remainder of this policy to understand more about how your information is used.

1. How do we collect information about you?

We collect contact information about you when we interact with you, such as you register or attend one of our courses, we meet you at an event, we provide a quote for you or deliver a project where we work alongside you.

2. What information do we collect?

2.1 We may process the following types of information about you:

(a) information that may be used to contact you. This might include your title, name, organisation, office address and postcode, email address and mobile phone number.

3. What do we use your information for?

3.1 We use your information:

(a) to provide our consulting, training or managed services to you.

This might include doing things like:

(i) Processing and managing your application to attend a training course;

(ii) Communicating with you about your orders or purchases, our services, and to provide support where you contact us;

(iii) for business, regulatory and legal purposes, such as annual audits, payments and invoices.

(b) to communicate with you about our organisation or to send you our Altis Buzz, Training updates or similar newsletters (but only where you have told us you want to receive these communications and you have not told us to stop sending you messages).

This might include:

(i) sending you Altis Buzz or Training Newsletters via email;

(ii) calling you to let you know about our Consulting, training or Managed services offerings.

 

4. How do we protect your information?

4.1 We hold personal data about you at our own premises and with the assistance of third-party service providers. We use third party service providers to perform a number of functions on our behalf including to host our documents, to send messaging on our behalf, to provide invoicing and billing services to you and to process transactions for the purchase of goods and services.

4.2 Your personal data may also be processed outside the European Economic Area by our staff or the staff of our third party service providers. Such staff may be engaged in, among other things, the provision of your support services. However, we will transfer your personal data only to a country that the European Commission has decided is a country which ensures an adequate level of protection or if we have otherwise provided for other appropriate safeguards to legitimise such data transfers.

4.3 Whenever we share your personal data with third parties, we will take all reasonable steps to ensure that your privacy rights continue to be protected under the applicable data protection legislation. By sharing your personal data with us and interacting with the services, you consent to the storing, processing and/or transfer described in paragraphs 1 and 4.2 above.

4.4 If data is transferred to a country where appropriate safeguards need to be put in place, we would be happy to provide information pertaining to such safeguards on request. You can contact us for this information by emailing connect@altisglobal.co.uk.

4.5 We take reasonable measures, including administrative, technical and physical safeguards, to protect your personal data from loss, theft, misuse and unauthorised access, disclosure, alteration and destruction.

4.6 We do not store customer card details,

(a) Whenever you enter your card information for payment of training, those details are encrypted and passed directly to our payment service providers (“PSP”).

(b) Upon receiving your information, our PSP sends us a token (consisting of random letters and numbers) to notify us of a complete payment.

(c) The token (not your card details) is then used to effect payments for the products or services you purchase through our website.

(d) To ensure the required level of payment security, we will always use a PCIDSS compliant payment gateway to store, process and transmit your payment card data.

(e) We reserve the right to change our payments gateway at our sole discretion, provided any such payment gateway meets this security compliance level.

5. Who do we share your personal data with and why?

5.1 Transfers to other data controllers

(a) Where you have registered and paid for a training course on our website, we may share your contact information about with the relevant merchant, only for the purposes of effecting payment.

(b) We might also share your information with a merchant to investigate and resolve support issues you experience or where you notify us of a complaint about a merchant or the goods or services you purchase from them.

(c) Where we do share your information with the PSP, your bank or a merchant in this way, they will become a new data controller of your information and will contact you to let you know about this and how they use and protect your information.

(d) The information we share might include:

(i) information that can be used to identify you;

(ii) detailed transaction data;

(iii) where you have raised a support issue or notified us of a complaint about a merchant or the goods or services you purchase from them, the nature of the issue or complaint.

(e) Where you make payments using our services, we share your data with the PSP and they process your transactions. The PSP may share your information with third parties including regulators, your bank and the operators of the card schemes.  Where the PSP shares your information with MasterCard, it will process your information under the MasterCard Binding Corporate Rules (as amended from time to time).  You have the right to enforce these rules as a third party beneficiary.

5.2 Third party sourced data. We do not share personal data received from third party sources other than as stated in paragraph 5.1 above.

5.3 Financial account information. This information is only held by the payment service provider. We do not hold any sensitive financial information about our customers.

5.4 Network, hardware and web. We will not share any of this type of data with third parties other than when required to comply or assist with court, orders, applicable law or regulatory or criminal enquiries.

5.5 Other uses. We may share your information with third parties, including law enforcement agencies for any of the following:

(a) to recover debt or in relation to your insolvency;

(b) to develop products, services and our systems;

(c) to respond to requests from courts, law enforcement agencies and other governmental or regulatory authorities or agencies; and

(d) to protect our rights, privacy and property, and that of our customers.

5.9 We may also share your information with:

(a) our service providers. Service providers help us with things like website hosting and related infrastructure, customer services, email delivery and anti-fraud services. These third parties are authorised to use your information only as necessary to provide their services to us and we take appropriate steps to ensure that third parties protect your information; and

(b) third parties in the event of any reorganisation, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings). We shall endeavour to ensure such third parties are bound by confidentiality obligations in relation to such information.

6. How long do we process your information for?

6.1 In most cases we will process your information only for as long as we need to in order to provide the services or until you ask us to stop processing your information.

6.2 You can ask us to stop processing your information or change the way in which we use it by:

(a) Contacting the Regional manager of one of our offices (see www.altisglobal.co.uk for contact details)

(b) Emailing connect@altisglobal.co.uk

(c) writing to us at Customer Support (Data Protection), Altis Global Ltd, 10 Queen Street Place, London, EC4R 1AG

6.3 There are some exceptions to this, however. We may have other lawful grounds for processing your information (for example, to comply with our statutory or regulatory duties or the orders of a court).  For example, we might be required to retain your personal data for a longer period (usually up to six years after you stop carrying out business with us) or tell us to stop but this may vary depending on the territory in which you use the service) in order to comply with applicable law, tax obligations or regulatory requirements.  This might apply to information about the transactions you make, when and you make transactions and the information we hold about you for fraud and other crime prevention purposes.  If we do retain your information in this way, we will cease other forms of processing and we will continue to keep your information secure.

7. Your rights

7.1 You can request a copy of the personal data we hold about you, its origin and any recipients of it as well as the purpose of any data processing carried out. For further information, please contact us by emailing connect@altisglobal.co.uk with the subject “Data subject access request”.

7.2 You can correct, restrict our use of or ask us to delete your personal data at any time by emailing connect@altisglobal.co.uk with the subject “Data subject change request”.

7.3 If you have any questions about this document or in relation to how we use your personal data, please contact us by:

(a) emailing connect@altisglobal.co.uk or

(b) writing to us at Customer Support (Data Protection), Altis Global Ltd, 10 Queen Street Place, London, EC4R 1AG.

8. Complaints

8.1 If you wish to make a complaint about how we process your information, please contact us by

(a) emailing connect@altisglobal.co.uk; or

(b) writing to us at Customer Support (Data Protection), Altis Global Ltd, 10 Queen Street Place, London, EC4R 1AG.

8.2 The Information Commissioner’s Office regulates data protection and privacy matters in the UK and you have the right to make a complaint to the Information Commissioner’s Office at any time about the way that we use your information. You can find more details at ico.org.uk however we should appreciate the chance to deal with your concerns before you approach the Information Commissioner’s Office.

9. Updating our Privacy Notice

9.1 We may update this Privacy Notice from time to time. When we do so, we will post the new version on our website.