Indispensabile pentru funcționarea site-ului (autentificare, preferințe, securitate). Mereu active.
Confidențialitate Politica
TABLE OF CONTENTS
As an EU-incorporated company, Altovar processes all personal data exclusively in accordance with GDPR. Your data is stored on EU infrastructure. Our Data Protection Officer is reachable at [email protected] and responds personally to every enquiry.
Operator de date
Sediul înregistrat: Italy (European Union)
Solicitări privind confidențialitatea: [email protected]
Contact general: [email protected]
As a company incorporated and operating within the EU, we are subject to Regulation (EU) 2016/679 (General Data Protection Regulation) in its entirety. Our supervisory authority is the Garante pentru protecția datelor cu caracter personal (Italy).
Ofițerul pentru protecția datelor
Contact DPO: [email protected]
The DPO operates independently and is responsible for:
— Monitoring compliance with the GDPR and applicable national data protection law
— Advising on Data Protection Impact Assessments (DPIAs) under Article 35
— Acting as the contact point for the supervisory authority
— Handling data subject enquiries and rights requests
You may contact the DPO directly for any matter relating to the processing of your personal data. All communications are treated confidentially and responded to within 30 calendar days.
Date personale pe care le colectăm
Date despre cont și identitate: Name, email address, username, organisation name, job title, VAT/fiscal number for invoicing, and any information you voluntarily add to your profile.
Date de utilizare și interacțiune: Features used, pages visited, clicks, session duration, search queries within the product, and error events. This data is collected in aggregate where possible and pseudonymised at ingestion.
Date tehnice și de dispozitiv: IP address (truncated to /24 prefix and anonymised within 24 hours), browser type and version, operating system, device type, screen resolution, referring URL, and session identifiers assigned by our infrastructure.
Date de comunicare: Content of messages you send us via email, contact forms, or support tickets; metadata about those communications (timestamps, subject lines).
Date de plată și facturare: Billing name, address, and VAT/fiscal number. Card numbers and payment credentials are processed exclusively by our PCI-DSS Level 1 certified payment processor (Stripe, EU-hosted) and are never stored or processed by Altovar's systems.
Date contractuale și de servicii: Subscription tier, service configuration, usage quotas, API keys (hashed), and any data you upload or create while using the Services.
We do not collect data from third-party data brokers, social media platforms, or ad networks. We do not build advertising profiles.
Categorii speciale de date
We strongly advise against uploading or processing special-category data using our Services unless you have implemented appropriate safeguards and have a valid legal basis under Article 9(2) GDPR.
If we inadvertently receive special-category data (for example, through a support ticket), we will delete it securely and notify the sender. If you need to process special-category data as part of a specific enterprise arrangement, please contact [email protected] to discuss appropriate contractual and technical safeguards.
Temeiul juridic pentru prelucrare
Executarea unui contract (Art. 6(1)(b)): Provisioning the Services you have subscribed to, managing your account, processing payments, issuing invoices, and fulfilling all contractual obligations. This is the primary basis for most processing related to active accounts.
Obligație legală (Art. 6(1)(c)): Compliance with applicable law — including fiscal and accounting obligations under Italian law (D.P.R. 633/1972, D.P.R. 600/1973), anti-money-laundering requirements, and responses to lawful requests from competent public authorities (courts, regulators).
Interese legitime (Art. 6(1)(f)): Security monitoring, abuse prevention, fraud detection, product improvement analytics, and direct marketing to existing customers for substantially similar services. We have carried out a legitimate interests assessment (LIA) for each such purpose and determined that our interests do not override your fundamental rights and freedoms.
Consimțământ (Art. 6(1)(a)): Optional analytics and performance cookies, marketing communications to non-customers, and any processing activity for which we have expressly sought your prior consent. You may withdraw consent at any time — withdrawal does not affect the lawfulness of processing carried out before withdrawal. See Section 9 on how to withdraw consent.
Păstrarea datelor
| Data Category | Retention Period | Legal Basis |
|---|---|---|
| Account and profile data | Duration of contract + 5 years post-termination | Contract / Legal obligation |
| Technical logs (identifiable) | 90 days, then anonymised or deleted | Legitimate interests |
| Support communications | 3 years from last interaction (or longer if active dispute) | Contract / Legitimate interests |
| Payment and invoicing records | 10 years (D.P.R. 633/1972, D.P.R. 600/1973) | Legal obligation |
| Marketing consent records | Until withdrawal or 2 years from last interaction | Consent |
| Security event logs | 12 months, then aggregated | Legitimate interests |
| Data subject rights request records | 3 years (compliance documentation) | Legal obligation |
Upon expiry of the applicable retention period, data is securely deleted or irreversibly anonymised using industry-standard methods so it can no longer be attributed to an identified or identifiable natural person.
Sub-procesatori și terțe părți
We do not sell, rent, or trade your personal data to third parties. We do not share data with advertising networks or data brokers. We may share data with public authorities only when required by law or valid legal process, and we notify affected users where legally permissible.
An up-to-date sub-processor list is available on request at [email protected]. We provide 30 days' notice of new sub-processor additions.
Transferuri internaționale de date
In the limited cases where a sub-processor operates infrastructure or support functions outside the EEA (for example, global CDN edge nodes or support personnel), we ensure that appropriate safeguards under Chapter V of the GDPR are in place before any transfer occurs:
— Decizii de adecvare (Art. 45): Where the European Commission has recognised the destination country as providing adequate protection (e.g., UK IDTA, Swiss adequacy decision).
— Clauze contractuale standard (Art. 46(2)(c)): The 2021 EU Standard Contractual Clauses approved by Commission Implementing Decision (EU) 2021/914 are incorporated into all relevant sub-processor agreements.
— Măsuri de securitate tehnică: End-to-end encryption is applied to data in transit, ensuring no meaningful access to personal data by sub-processor infrastructure personnel.
We monitor decisions of the European Data Protection Board (EDPB) and the Italian Garante, and update our transfer mechanisms when required. A Transfer Impact Assessment (TIA) has been completed for each third-country transfer.
Drepturile tale în temeiul GDPR
Dreptul de acces (Art. 15): Obtain confirmation of whether we process your personal data, and receive a copy of it together with supplementary information (purposes, categories, recipients, retention periods, safeguards for any third-country transfers).
Dreptul la rectificare (Art. 16): Request correction of inaccurate personal data and completion of incomplete data, without undue delay.
Dreptul la ștergere / "Dreptul de a fi uitat" (Art. 17): Request deletion of your personal data where it is no longer necessary for its original purpose, where consent is withdrawn, where you object to processing, where processing is unlawful, or where erasure is required by Union or Member State law — subject to legitimate overriding grounds (e.g., legal retention obligations).
Dreptul la restricționarea prelucrării (Art. 18): Request that we limit processing to storage only while a dispute about accuracy, lawfulness, or a legitimate interests objection is resolved.
Dreptul la portabilitatea datelor (Art. 20): Where processing is based on consent or contract and carried out by automated means, receive your data in a structured, commonly used, machine-readable format (JSON or CSV) and transmit it to another controller.
Dreptul de obiecție (Art. 21): Object at any time to processing based on legitimate interests (Art. 6(1)(f)), including profiling, on grounds relating to your particular situation. Object unconditionally to processing for direct marketing purposes — we will cease such processing immediately.
Drepturi legate de deciziile automatizate (Art. 22): We do not make decisions based solely on automated processing that produce legal effects or similarly significant impacts on you. Any automated risk scoring or filtering used in our Services is reviewed by human operators before consequential decisions are made.
Dreptul de retragere a consimțământului (Art. 7(3)): Where processing is based on consent, withdraw it at any time. See Section 10 for withdrawal methods.
Exercitarea drepturilor tale
Verificarea identității: To protect your data, we will ask you to verify your identity before processing the request. Verification is carried out via your registered email address or, where necessary, via additional documentary evidence.
Termene de răspuns: We respond to all requests within 30 de zile calendaristice of receipt. For complex or multiple requests, this period may be extended by a further 2 months — we will notify you within the initial 30 days if an extension is required, together with the reasons for the extension.
Retragerea consimțământului: To withdraw consent for analytics cookies, use the cookie preference manager accessible from the footer. To withdraw consent for marketing communications, click "Unsubscribe" in any marketing email or email [email protected].
Fără taxă: All data subject requests are handled free of charge. If requests are manifestly unfounded, excessive, or repetitive, we may charge a reasonable administrative fee or refuse to act — we will explain our reasoning.
Dreptul de a depune o plângere: If you believe Altovar has violated your GDPR rights, you have the right to lodge a complaint with the competent supervisory authority:
— Garante per la protezione dei dati personali (Italy) — garanteprivacy.it
— The supervisory authority of your EU member state of habitual residence or place of work
— The supervisory authority of the member state where the alleged infringement occurred
Cookie-uri și tehnologii de urmărire
Module cookie esențiale are strictly necessary for security, authentication, and service operation. They are deployed without consent on the basis of Article 5(3) of the ePrivacy Directive as technically required for a service you have explicitly requested. You cannot opt out of these cookies without disrupting service functionality.
Module cookie de analiză are only set with your prior, freely given, specific, informed, and unambiguous consent. We use EU-hosted, privacy-preserving analytics tools. We do not use Google Analytics or any US-based analytics service without explicit consent covering international transfers.
Cookie-uri de marketing are not currently set on our marketing site. If this changes, we will request separate, granular consent.
For the complete list of cookies in use, their names, purposes, durations, and providers, and for managing your cookie preferences, please read our Cookie Policy →
Securitate și răspuns la incidente
— Criptare: All data in transit is encrypted using TLS 1.2 or higher. Data at rest is encrypted using AES-256. Database backups are encrypted end-to-end.
— Controluri de acces: Role-based access control (RBAC), principle of least privilege, multi-factor authentication (MFA) for all internal systems, and privileged access management (PAM) for infrastructure access.
— Securitatea rețelei: Network segmentation, Web Application Firewall (WAF), DDoS mitigation, and intrusion detection/prevention systems (IDS/IPS).
— Gestionarea vulnerabilităților: Regular penetration testing, automated SAST/DAST scanning, dependency vulnerability monitoring, and a responsible disclosure programme.
— Evaluări de impact asupra protecției datelor (DPIAs): We conduct DPIAs for new processing activities that are likely to result in a high risk to individuals, as required under Article 35 GDPR.
— Instruirea personalului: All staff with access to personal data complete mandatory GDPR and information security training on onboarding and annually thereafter.
Încălcări ale datelor cu caracter personal: In the event of a breach likely to result in a risk to your rights and freedoms, we will notify the Garante within 72 hours of becoming aware (Art. 33). Where the breach is likely to result in a ridicat risk, we will notify you directly without undue delay (Art. 34), including the nature of the breach, likely consequences, and measures taken or proposed.
Confidențialitatea copiilor
We do not knowingly collect personal data from minors. Account registration requires users to confirm they are of the requisite age. If we discover that we have inadvertently collected personal data from a minor, we will delete that data immediately and close the associated account.
If you believe a minor has created an account or provided us with personal data, please contact [email protected] with the details. We will investigate and take remedial action within 5 business days.
Modificări ale acestei politici
Modificări substanțiale — those that meaningfully affect your rights or how we use your data — will be communicated to you by:
— Email notification to your registered address (for account holders), with at least 30 days' notice before the change takes effect
— A prominent notice on our website for the same 30-day period
— In-product notification for changes affecting the platform
Modificări minore (corrections, formatting, clarifications that do not alter substance) may be made without notice. The "Last updated" date at the top of this Policy always reflects the date of the most recent revision.
Continued use of our Services after material changes take effect constitutes acceptance of the revised Policy. If you do not accept the revised Policy, you must discontinue use of the affected Services and may request deletion of your data under Section 09.