PLATAFORMA ERP Finanças, CRM, RH, inventário, projetos TALON Tickets, chat, base de conhecimento Webmail E-mail, calendário, contactos
SEGURANÇA & IDENTIDADE VIGILANTE EDR para endpoints Windows Auris IAM-as-a-Service UE Auris Comply Conformidade & trilha de auditoria NIS2/DORA
Destaque Auris IAM Gestão de identidade & acesso Um plano de controlo europeu para MFA adaptativo, SSO federado e trilhos de auditoria imutáveis. Explorar →
COMPUTAÇÃO Hospedagem Alojamento partilhado PHP/MySQL em infraestrutura UE VPS Servidores privados virtuais
REDE & SEGURANÇA Domínios Registo & transferência de domínios Balanceador de Carga Balanceamento de carga TLS Certificados TLS geridos
ARMAZENAMENTO & BASE DE DADOS Object Storage Armazenamento EU compatível com S3 Block Storage Volumes de armazenamento em bloco Bases de Dados Gerenciadas MySQL, PostgreSQL, MongoDB geridos
MENSAGENS & E-MAIL Caixas de correio Alojamento de e-mail para domínios empresariais Ir para a consola → cloud.altovar.net
DESENVOLVIMENTO Desenvolvimento Web Aplicações web, SaaS & portais personalizados — do UI ao deploy em produção. Desenvolvimento de Software Software personalizado, integrações API, automatizações & arquiteturas escaláveis. IT & Sistemas Infraestrutura física on-site, servidores Dell PowerEdge, manutenção & suporte de sistemas.
SEGURANÇA & CONSULTORIA Cibersegurança Testes de penetração, avaliação de vulnerabilidades, resposta a incidentes & conformidade NIS2/DORA/RGPD. Consultoria IT Roadmap tecnológica, auditoria de infraestrutura & consultoria estratégica para CTO e decisores.
CRESCIMENTO & INOVAÇÃO Marketing Estratégia digital, SEO, campanhas, identidade de marca & marketing de conteúdo focado na EU. Inteligência Artificial Integração de IA, agentes autónomos & sistemas inteligentes para processos empresariais. Aprendizagem Automática Modelos personalizados, pipelines de dados & soluções ML à medida para o seu setor.
01 NIS2 & DORA

Conformidade EU para infraestrutura crítica — trilha de auditoria, encriptação, reporte de incidentes.

Explorar →
02 MSP

Gestão multi-tenant, PULSE, Vigilante & Citadel numa única consola.

Explorar →
03 Enterprise

Segurança operacional, IAM, suite de escritório & infraestrutura EU para grandes organizações.

Explorar →
04 Investigação

Inteligência de ameaças, I&D & ferramentas avançadas para equipas de segurança europeias.

Explorar →
EMPRESA EmpresaCarreirasNotíciasContactos
CONFIANÇA Programa de parceirosConfiança & segurançaRoadmapImprensa / Media
Entrar Solicitar demo
PLATAFORMA ERPFinanças, CRM, RH, inventário, projetosTALONTickets, chat, base de conhecimentoWebmailE-mail, calendário, contactos
SEGURANÇA & IDENTIDADE VIGILANTEEDR para endpoints WindowsAurisIAM-as-a-Service UEAuris ComplyConformidade & trilha de auditoria NIS2/DORA
COMPUTAÇÃO HospedagemAlojamento partilhado PHP/MySQL em infraestrutura UEVPSServidores privados virtuais
REDE & SEGURANÇA DomíniosRegisto & transferência de domíniosBalanceador de CargaBalanceamento de cargaTLSCertificados TLS geridos
ARMAZENAMENTO & BASE DE DADOS Object StorageArmazenamento EU compatível com S3Block StorageVolumes de armazenamento em blocoBases de Dados GerenciadasMySQL, PostgreSQL, MongoDB geridos
MENSAGENS & E-MAIL Caixas de correioAlojamento de e-mail para domínios empresariais
DESENVOLVIMENTO Desenvolvimento WebAplicações web, SaaS & portais personalizados — do UI ao deploy em produção.Desenvolvimento de SoftwareSoftware personalizado, integrações API, automatizações & arquiteturas escaláveis.IT & SistemasInfraestrutura física on-site, servidores Dell PowerEdge, manutenção & suporte de sistemas.
SEGURANÇA & CONSULTORIA CibersegurançaTestes de penetração, avaliação de vulnerabilidades, resposta a incidentes & conformidade NIS2/DORA/RGPD.Consultoria ITRoadmap tecnológica, auditoria de infraestrutura & consultoria estratégica para CTO e decisores.
CRESCIMENTO & INOVAÇÃO MarketingEstratégia digital, SEO, campanhas, identidade de marca & marketing de conteúdo focado na EU.Inteligência ArtificialIntegração de IA, agentes autónomos & sistemas inteligentes para processos empresariais.Aprendizagem AutomáticaModelos personalizados, pipelines de dados & soluções ML à medida para o seu setor.
01NIS2 & DORAConformidade EU para infraestrutura crítica — trilha de auditoria, encriptação, reporte de incidentes.02MSPGestão multi-tenant, PULSE, Vigilante & Citadel numa única consola.03EnterpriseSegurança operacional, IAM, suite de escritório & infraestrutura EU para grandes organizações.04InvestigaçãoInteligência de ameaças, I&D & ferramentas avançadas para equipas de segurança europeias.
EMPRESA EmpresaCarreirasNotíciasContactos
CONFIANÇA Programa de parceirosConfiança & segurançaRoadmapImprensa / Media
Entrar → Solicitar demo
CONTEÚDO 01 Responsável pelo Tratamento 02 Encarregado de Proteção de Dados 03 Personal Data We Collect 04 Categorias Especiais de Dados 05 Base Jurídica para o Tratamento 06 Retenção de Dados 07 Sub-processors & Third Parties 08 Transferências Internacionais de Dados 09 Os Seus Direitos ao Abrigo do RGPD 10 Exercising Your Rights 11 Cookies e Tecnologias de Rastreamento 12 Security & Incident Response 13 Children's Privacy 14 Alterações a Esta Política
Cookie Policy → Terms of Service → Legal Notices → Data Processing & GDPR →
LEGAL · PRIVACIDADE

Privacidade Policy

Last updated: 2026-04-04 · Version 2.0

Jurisdição: União Europeia — GDPR Regulation (EU) 2016/679

TABLE OF CONTENTS
01 Responsável pelo Tratamento 02 Encarregado de Proteção de Dados 03 Personal Data We Collect 04 Categorias Especiais de Dados 05 Base Jurídica para o Tratamento 06 Retenção de Dados 07 Sub-processors & Third Parties 08 Transferências Internacionais de Dados 09 Os Seus Direitos ao Abrigo do RGPD 10 Exercising Your Rights 11 Cookies e Tecnologias de Rastreamento 12 Security & Incident Response 13 Children's Privacy 14 Alterações a Esta Política
Cookie Policy → Terms of Service → Legal Notices → Data Processing & GDPR →
EU Data Residency & GDPR Commitment

As an EU-incorporated company, Altovar processes all personal data exclusively in accordance with GDPR. Your data is stored on EU infrastructure. Our Data Protection Officer is reachable at [email protected] and responds personally to every enquiry.

01 Art. 13º RGPD

Responsável pelo Tratamento

Altovar S.r.l. (P.IVA IT03086750993) ("Altovar", "we", "us", or "our") is the data controller responsible for the processing of personal data collected through our websites, software products, APIs, and services (collectively, "Services").

Sede: Italy (European Union)
Consultas de Privacidade: [email protected]
Contacto Geral: [email protected]

As a company incorporated and operating within the EU, we are subject to Regulation (EU) 2016/679 (General Data Protection Regulation) in its entirety. Our supervisory authority is the Autoridade para a Proteção de Dados Pessoais (Italy).
02 Art. 37º–39º RGPD

Encarregado de Proteção de Dados

Altovar has appointed a Data Protection Officer (DPO) as required under Article 37 of the GDPR, given the nature and scale of our data processing activities.

Contacto do EPD: [email protected]

The DPO operates independently and is responsible for:
— Monitoring compliance with the GDPR and applicable national data protection law
— Advising on Data Protection Impact Assessments (DPIAs) under Article 35
— Acting as the contact point for the supervisory authority
— Handling data subject enquiries and rights requests

You may contact the DPO directly for any matter relating to the processing of your personal data. All communications are treated confidentially and responded to within 30 calendar days.
03 Art. 13(1)(d) GDPR

Personal Data We Collect

We collect only the personal data that is necessary for the purposes described in this Policy (the principle of data minimisation, Art. 5(1)(c) GDPR).

Dados da conta e identidade: Name, email address, username, organisation name, job title, VAT/fiscal number for invoicing, and any information you voluntarily add to your profile.

Usage and interaction data: Features used, pages visited, clicks, session duration, search queries within the product, and error events. This data is collected in aggregate where possible and pseudonymised at ingestion.

Dados técnicos e de dispositivos: IP address (truncated to /24 prefix and anonymised within 24 hours), browser type and version, operating system, device type, screen resolution, referring URL, and session identifiers assigned by our infrastructure.

Dados de comunicações: Content of messages you send us via email, contact forms, or support tickets; metadata about those communications (timestamps, subject lines).

Payment and billing data: Billing name, address, and VAT/fiscal number. Card numbers and payment credentials are processed exclusively by our PCI-DSS Level 1 certified payment processor (Stripe, EU-hosted) and are never stored or processed by Altovar's systems.

Contractual and service data: Subscription tier, service configuration, usage quotas, API keys (hashed), and any data you upload or create while using the Services.

We do not collect data from third-party data brokers, social media platforms, or ad networks. We do not build advertising profiles.
04 Art. 9 GDPR

Categorias Especiais de Dados

Our Services are not designed to collect or process special categories of personal data as defined under Article 9(1) of the GDPR — including data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for unique identification, health data, or data concerning a person's sex life or sexual orientation.

We strongly advise against uploading or processing special-category data using our Services unless you have implemented appropriate safeguards and have a valid legal basis under Article 9(2) GDPR.

If we inadvertently receive special-category data (for example, through a support ticket), we will delete it securely and notify the sender. If you need to process special-category data as part of a specific enterprise arrangement, please contact [email protected] to discuss appropriate contractual and technical safeguards.
05 Art. 6 GDPR

Base Jurídica para o Tratamento

We process personal data only when a valid legal basis exists under Article 6 of the GDPR. The applicable basis depends on the specific processing activity:

Execução de um contrato (Art. 6º(1)(b)): Provisioning the Services you have subscribed to, managing your account, processing payments, issuing invoices, and fulfilling all contractual obligations. This is the primary basis for most processing related to active accounts.

Legal obligation (Art. 6(1)(c)): Compliance with applicable law — including fiscal and accounting obligations under Italian law (D.P.R. 633/1972, D.P.R. 600/1973), anti-money-laundering requirements, and responses to lawful requests from competent public authorities (courts, regulators).

Interesses legítimos (Art. 6(1)(f)): Security monitoring, abuse prevention, fraud detection, product improvement analytics, and direct marketing to existing customers for substantially similar services. We have carried out a legitimate interests assessment (LIA) for each such purpose and determined that our interests do not override your fundamental rights and freedoms.

Consentimento (Art. 6(1)(a)): Optional analytics and performance cookies, marketing communications to non-customers, and any processing activity for which we have expressly sought your prior consent. You may withdraw consent at any time — withdrawal does not affect the lawfulness of processing carried out before withdrawal. See Section 9 on how to withdraw consent.
06 Art. 5(1)(e) GDPR

Retenção de Dados

We retain personal data only for as long as necessary for the stated purpose and in compliance with applicable legal obligations (storage limitation principle).

Data CategoryRetention PeriodLegal Basis
Account and profile dataDuration of contract + 5 years post-terminationContract / Legal obligation
Technical logs (identifiable)90 days, then anonymised or deletedLegitimate interests
Support communications3 years from last interaction (or longer if active dispute)Contract / Legitimate interests
Payment and invoicing records10 years (D.P.R. 633/1972, D.P.R. 600/1973)Legal obligation
Marketing consent recordsUntil withdrawal or 2 years from last interactionConsent
Security event logs12 months, then aggregatedLegitimate interests
Data subject rights request records3 years (compliance documentation)Legal obligation

Upon expiry of the applicable retention period, data is securely deleted or irreversibly anonymised using industry-standard methods so it can no longer be attributed to an identified or identifiable natural person.
07 Art. 28 GDPR

Sub-processors & Third Parties

We engage trusted third-party processors ("sub-processors") under binding data processing agreements that comply with Article 28 of the GDPR. We are responsible for the GDPR compliance of our sub-processors and carry out periodic due diligence.

Sub-processorPurposeLocationSafeguard
StripePayment processingEU (Dublin, Ireland)Article 28 DPA · PCI-DSS L1
GitHub / MicrosoftSource code hostingEU regionArticle 28 DPA · SCCs
Postmark / ActiveCampaignTransactional email deliveryEU regionArticle 28 DPA
Hetzner Online GmbHPrimary cloud infrastructureGermany / FinlandArticle 28 DPA · EU jurisdiction
CloudflareCDN · DDoS protectionEU network entryArticle 28 DPA · SCCs · EU DPA

We do not sell, rent, or trade your personal data to third parties. We do not share data with advertising networks or data brokers. We may share data with public authorities only when required by law or valid legal process, and we notify affected users where legally permissible.

An up-to-date sub-processor list is available on request at [email protected]. We provide 30 days' notice of new sub-processor additions.
08 Art. 44–49 GDPR

Transferências Internacionais de Dados

Compromisso de Residência de Dados na UE: All primary data storage and processing takes place on infrastructure located within the European Economic Area (EEA). Altovar does not transfer personal data to third countries as a standard operational practice.

In the limited cases where a sub-processor operates infrastructure or support functions outside the EEA (for example, global CDN edge nodes or support personnel), we ensure that appropriate safeguards under Chapter V of the GDPR are in place before any transfer occurs:

— Adequacy decisions (Art. 45): Where the European Commission has recognised the destination country as providing adequate protection (e.g., UK IDTA, Swiss adequacy decision).
— Cláusulas Contratuais Tipo (Art. 46º(2)(c)): The 2021 EU Standard Contractual Clauses approved by Commission Implementing Decision (EU) 2021/914 are incorporated into all relevant sub-processor agreements.
— Technical safeguards: End-to-end encryption is applied to data in transit, ensuring no meaningful access to personal data by sub-processor infrastructure personnel.

We monitor decisions of the European Data Protection Board (EDPB) and the Italian Garante, and update our transfer mechanisms when required. A Transfer Impact Assessment (TIA) has been completed for each third-country transfer.
09 Art. 15–22 GDPR

Os Seus Direitos ao Abrigo do RGPD

As a data subject, you have the following rights under the GDPR, exercisable free of charge and without undue restriction:

Right of access (Art. 15): Obtain confirmation of whether we process your personal data, and receive a copy of it together with supplementary information (purposes, categories, recipients, retention periods, safeguards for any third-country transfers).

Direito de retificação (Art. 16): Request correction of inaccurate personal data and completion of incomplete data, without undue delay.

Direito ao apagamento / "Direito a ser esquecido" (Art. 17): Request deletion of your personal data where it is no longer necessary for its original purpose, where consent is withdrawn, where you object to processing, where processing is unlawful, or where erasure is required by Union or Member State law — subject to legitimate overriding grounds (e.g., legal retention obligations).

Right to restriction of processing (Art. 18): Request that we limit processing to storage only while a dispute about accuracy, lawfulness, or a legitimate interests objection is resolved.

Direito à portabilidade dos dados (Art. 20): Where processing is based on consent or contract and carried out by automated means, receive your data in a structured, commonly used, machine-readable format (JSON or CSV) and transmit it to another controller.

Right to object (Art. 21): Object at any time to processing based on legitimate interests (Art. 6(1)(f)), including profiling, on grounds relating to your particular situation. Object unconditionally to processing for direct marketing purposes — we will cease such processing immediately.

Rights related to automated decision-making (Art. 22): We do not make decisions based solely on automated processing that produce legal effects or similarly significant impacts on you. Any automated risk scoring or filtering used in our Services is reviewed by human operators before consequential decisions are made.

Direito de retirar o consentimento (Art. 7(3)): Where processing is based on consent, withdraw it at any time. See Section 10 for withdrawal methods.
10 Art. 12 GDPR

Exercising Your Rights

Como submeter um pedido: Email [email protected] with the subject line "Data Subject Request — [Right Type]" (e.g., "Data Subject Request — Access"). You may also submit requests via our platform account settings where self-service options are available.

Verificação de identidade: To protect your data, we will ask you to verify your identity before processing the request. Verification is carried out via your registered email address or, where necessary, via additional documentary evidence.

Prazos de resposta: We respond to all requests within 30 dias corridos of receipt. For complex or multiple requests, this period may be extended by a further 2 months — we will notify you within the initial 30 days if an extension is required, together with the reasons for the extension.

Retirar o consentimento: To withdraw consent for analytics cookies, use the cookie preference manager accessible from the footer. To withdraw consent for marketing communications, click "Unsubscribe" in any marketing email or email [email protected].

Sem custos: All data subject requests are handled free of charge. If requests are manifestly unfounded, excessive, or repetitive, we may charge a reasonable administrative fee or refuse to act — we will explain our reasoning.

Right to lodge a complaint: If you believe Altovar has violated your GDPR rights, you have the right to lodge a complaint with the competent supervisory authority:

— Autoridade para a Proteção de Dados Pessoais (Itália) — garanteprivacy.it
— The supervisory authority of your EU member state of habitual residence or place of work
— The supervisory authority of the member state where the alleged infringement occurred
11 ePrivacy Directive

Cookies e Tecnologias de Rastreamento

We use cookies and similar technologies (web storage, pixel tags) to operate our websites and improve your experience. Our cookie usage is governed by the ePrivacy Directive (2002/58/EC, as amended) implemented in Italy by D.lgs. 69/2012 and the Garante's guidelines of July 2021.

Essential cookies are strictly necessary for security, authentication, and service operation. They are deployed without consent on the basis of Article 5(3) of the ePrivacy Directive as technically required for a service you have explicitly requested. You cannot opt out of these cookies without disrupting service functionality.

Cookies de análise are only set with your prior, freely given, specific, informed, and unambiguous consent. We use EU-hosted, privacy-preserving analytics tools. We do not use Google Analytics or any US-based analytics service without explicit consent covering international transfers.

Cookies de marketing are not currently set on our marketing site. If this changes, we will request separate, granular consent.

For the complete list of cookies in use, their names, purposes, durations, and providers, and for managing your cookie preferences, please read our Cookie Policy →
12 Art. 32–34 GDPR

Security & Incident Response

We implement appropriate technical and organisational measures (TOMs) to ensure a level of security appropriate to the risk, in accordance with Article 32 of the GDPR. Our security programme includes:

— Encriptação: All data in transit is encrypted using TLS 1.2 or higher. Data at rest is encrypted using AES-256. Database backups are encrypted end-to-end.
— Controlos de acesso: Role-based access control (RBAC), principle of least privilege, multi-factor authentication (MFA) for all internal systems, and privileged access management (PAM) for infrastructure access.
— Network security: Network segmentation, Web Application Firewall (WAF), DDoS mitigation, and intrusion detection/prevention systems (IDS/IPS).
— Gestão de vulnerabilidades: Regular penetration testing, automated SAST/DAST scanning, dependency vulnerability monitoring, and a responsible disclosure programme.
— Avaliações de Impacto sobre a Proteção de Dados (AIPD): We conduct DPIAs for new processing activities that are likely to result in a high risk to individuals, as required under Article 35 GDPR.
— Formação do pessoal: All staff with access to personal data complete mandatory GDPR and information security training on onboarding and annually thereafter.

Violações de dados pessoais: In the event of a breach likely to result in a risk to your rights and freedoms, we will notify the Garante within 72 horas of becoming aware (Art. 33). Where the breach is likely to result in a alto risk, we will notify you directly without undue delay (Art. 34), including the nature of the breach, likely consequences, and measures taken or proposed.
13 Art. 8º RGPD

Children's Privacy

Our Services are professional and business-oriented and are not directed at, nor intended for use by, individuals under the age of 16 (or the higher digital age of consent applicable in certain EU member states, such as 13 in Finland, or 16 in the Netherlands and Ireland).

We do not knowingly collect personal data from minors. Account registration requires users to confirm they are of the requisite age. If we discover that we have inadvertently collected personal data from a minor, we will delete that data immediately and close the associated account.

If you believe a minor has created an account or provided us with personal data, please contact [email protected] with the details. We will investigate and take remedial action within 5 business days.
14 Art. 13º(3) RGPD

Alterações a Esta Política

We may update this Privacy Policy periodically to reflect changes in our data processing activities, changes in applicable law, or the introduction of new products and services. All updates are reviewed by our DPO before publication.

Alterações substanciais — those that meaningfully affect your rights or how we use your data — will be communicated to you by:
— Email notification to your registered address (for account holders), with at least 30 days' notice before the change takes effect
— A prominent notice on our website for the same 30-day period
— In-product notification for changes affecting the platform

Alterações menores (corrections, formatting, clarifications that do not alter substance) may be made without notice. The "Last updated" date at the top of this Policy always reflects the date of the most recent revision.

Continued use of our Services after material changes take effect constitutes acceptance of the revised Policy. If you do not accept the revised Policy, you must discontinue use of the affected Services and may request deletion of your data under Section 09.
DATA PROTECTION

DÚVIDAS SOBRE PRIVACIDADE?SOMOS TRANSPARENTES.

O nosso DPO responde pessoalmente a cada consulta de proteção de dados — sem respostas automáticas, sem equipa jurídica externa. Normalmente no prazo de um dia útil.

CONTACT OUR DPO →
EMAIL DO DPO [email protected]
AUTORIDADE DE SUPERVISÃO Garante · Itália
REGULATION GDPR 2016/679
SLA DE RESPOSTA 30 dias corridos

Stack EU-soberano para MSPs e empresas. Segurança, cloud, produtividade e IA. Uma única plataforma europeia.

Todos os produtos →
Cloud ↳VPS ↳Hospedagem ↳Armazenamento de Objetos ↳Bases de dados geridas ↳Domínios
Serviços ↳Cibersegurança ↳Desenvolvimento web & software ↳IT & sistemas ↳Marketing ↳IA & ML
Empresa ↳Sobre nós ↳Carreiras ↳Notícias ↳Contactos
Confiança ↳Programa de parceiros ↳Confiança & segurança ↳Roadmap ↳Imprensa / Media
FORJADO NA EUROPA. PARA A EUROPA.
© 2026 Altovar · NIF IT03086750993 · TODOS OS DIREITOS RESERVADOS
Política de privacidade · Política de cookies · Termos de serviço · Avisos legais · Tratamento de Dados & GDPR ·
TRUST & TRANSPARENCY
This website runs on green hosting - verified by thegreenwebfoundation.org GDPR COMPLIANT WCAG 2.2 AA — W3C Web Content Accessibility Guidelines, level AA
ALTOVAR
Cookies e rastreio

Usamos cookies técnicos para que o site funcione. Com o teu consentimento, usamos também cookies de análise e marketing para melhorar o produto. Podes mudar de ideia a qualquer momento.

Ler a política de privacidade →
Cookies e rastreio

Usamos cookies técnicos para que o site funcione. Com o teu consentimento, usamos também cookies de análise e marketing para melhorar o produto. Podes mudar de ideia a qualquer momento.

01
Necessários Sempre ativo

Indispensáveis para o funcionamento do site (sessão, preferências, segurança). Sempre ativos.

02

Ajudam-nos a perceber como o site é usado, de forma agregada e anónima.

03

Permitem-nos medir o desempenho das nossas campanhas. Desativados por defeito.

Ler a política de privacidade →