PRIVACY

ORGANISATIONAL CONTROLS

Altinet employees are expected to be competent in their roles, helpful, and stewards of customer information that is stored on products in the Altinet Datacentre and on our suppliers’ infrastructure. Altinet has established a number of measures to ensure that our customers and their data are protected. Altinet is also part of the Arrow Group and its affiliates and the Arrow entities are privy to their relevant policies and data protection measures.

PRIVACY & CONTROL MECHANISMS

Altinet only uses the information provided by our customers to deliver the products and services purchased, including all managed service agreements. All customer data is in compliance with Altinet’s Privacy Policy.

ALTINET EMPLOYEES

All employees are required to accept and acknowledge in writing Altinet’s policies for non- disclosure and protection of Altinet and third party information. Altinet’s technical support team understand that during their day to day activities they may come into contact with customer information and data and they must keep this information confidential.

TRAINING

All Altinet employees including technicians are trained in a variety of ways. All employees receive class time training with the Altinet Management Team and HR specialists, this includes a Data Protection element. New technical employees also spend a large amount of time learning about the individual products that we provide, including getting the relevant accreditations. Product knowledge is tested through a formal online training university for all the products in Altinet’s portfolio.

All Altinet staff receive ongoing training throughout their employment.

When an employee leaves Altinet a formal process is followed to ensure all access to business systems is revoked.

MANAGED SERVICES ARCHITECTURE & DATA CENTRE INFRASTRUCTURE

Altinet leases space in Amazon Web Services European Data Centres and each location is equipped with the following:

• Network firewalls built into Amazon VPC, and web application firewall capabilities in AWS WAF let you create private networks, and control access to your instances and applications
• Encryption in transit with TLS across all services
• Connectivity options that enable private, or dedicated, connections from your office or on-premises environment
• AWS Identity and Access Management (IAM) lets you define individual user accounts with permissions across AWS resources
• AWS Multi-Factor Authentication for privileged accounts, including options for hardware-based authenticators
• Controlled access systems requiring key-card authentication
• Video-monitored access points
• Intrusion alarms
• Locking cabinets
• Climate control systems
• Waterless fire-suppressant systems
• Redundant power (generator backup, UPS, no single point of failure)
• Redundant Internet connectivity
• ISO and/or SOC II certified

DATA LOCATION

Altinet is aware that customers knowing the location of their data is essential for meeting legal compliance and data protection laws. As above Altinet leases Data Center space from AWS and all locations used for Altinet services are based in European Union.

REDUNDANCY

All Altinet services are hosted in AWS and are built in a High Availability mode that is durable and designed top operate continuously without failure. All services are regularly tested.

DATA PRIVACY

Data stored in the Altinet Managed Services solutions is our customer’s data and we protect their right to make decisions about that data and we are transparent about what happens to that data. All customers that use the Altinet services are still and always will be the owner of that data.

Customer data is defined as all data, including text, sound, video, or image files and software, that you provide to Altinet, or is provided on your behalf. Altinet will use your data only to provide the services we have agreed upon, and for the purposes that are compatible with providing those services.

All customers can access their data at any time for any reason.

ADVERTISING

Except for the below, Altinet does not share customer data with our marketing suppliers. Troubleshooting aimed at preventing, detecting, and repairing problems affecting the operation of services

• Ongoing improvement of features, such as those that improve the reliability of our services, or involve the detection of, and protection against, threats to the services or customer data (such as malware or spam)
• Providing personalized customer experiences
• Contacting you about new products and services

INTERNAL MARKETING

We may also use your data to market the services provided by us and the members of the Arrow Group to:

• existing and former customers; and
• third parties who have previously expressed an interest in our services,
• in each case for the purposes of our legitimate interests, ie to promote the Arrow business to existing and former customers and third parties that may be interested in our services.

We will also use your personal data to send you updates (by email, text message, telephone or post) about the products and/or services of the Arrow Group, including exclusive offers, promotions or new products and/or services.

You have the right to opt out of receiving marketing communications at any time by:

• contacting us at legal@altinet.co.uk;
• using the ‘unsubscribe’ link in emails or ‘STOP’ number in texts
• updating your marketing preferences on our website.

We may ask you to confirm or update your marketing preferences if you ask us to provide further products and/or services in the future, or if there are changes in the law, regulation, or the structure of our business.

We may disclose your personal data to:

• other members of the Arrow Group; and
• third parties in the event that we sell or transfer any business or assets, in which case we may disclose personal data we hold about you to the prospective and actual buyer of such business or assets.

Where we disclose your data to other members of the Arrow Group, those other group members may contact you and send you marketing communications about products and services which may be of interest to you.

If you have consented to receive marketing communications from the Arrow Group (or, if you are a corporate subscriber, you have not objected to us sending you marketing communications), you have the right to ask us to stop sending you marketing communications at any time, although that will not affect the lawfulness of such processing before consent has been withdrawn or your objection has been received. To withdraw your consent or to object to receiving marketing communications, please contact us at legal@altinet.co.uk or follow the unsubscribe instructions included in each electronic marketing communication. Once we have received notification that you no longer wish to receive marketing from us, we will no longer process your information for this purpose, unless we have another legitimate basis for doing so in law.

CUSTOMER DATA SEGREGATION

Altinet use logical isolation to segregate customer data. Altinet’s cloud services are multi-tenant services, meaning that your data, deployments, and virtual machines may be stored on the same physical hardware as that of other customers. When data from many customers is stored at a shared physical location, Altinet logically segregates storage and processing for different customers through specialized technology engineered specifically for that purpose.

Altinet takes strong measures to protect customer data from inappropriate use or loss and to prevent customers from gaining access to one another’s data.

TECHNOLOGY PARTNERSHIPS

Altinet works with other technology companies to provide services, such as Message Archiving, Web Filtering and Email Security. Altinet’s legal team has ensured that all suppliers meet the standards outlined above and some of the key technology partners Data Protection information can be found at the following links:

Barracuda Networks: https://www.barracuda.com/support/Security

Fortinet: https://www.fortinet.com/corporate/about-us/privacy.html

Sophos: https://www.sophos.com/en-us/legal/data-handling-statement.aspx

Tenable: https://www.tenable.com/privacy-policy

Arcserve: https://arcserve.com/about/privacy/

Censornet: https://www.censornet.com/privacy-policy/

AWS: https://aws.amazon.com/compliance/data-privacy-faq/

Cisco: https://www.cisco.com/c/en_uk/about/legal/privacy-full.html

Nuvias: https://www.nuvias.com/privacy-policy/

CMS Distribution: https://www.cmsdistribution.com/privacy-policy/

DATA RETENTION

If you, the customer, terminate your subscription or if it expires (except for free trials), Altinet will remove all data from the relevant service within a maximum 12-month period.

Altinet will disable the service and may delete all customer data at its discretion, including any cached or backup copies.

In the multitenant environments of Altinet managed services, we take careful measures to logically separate customer data to help prevent one customer’s data from leaking into the data of another customer, as well as to help block any customer from accessing another customer’s deleted data.

GDPR

• Altinet have a separate GDPR statement, which can be found at www.altinet.co.uk
• Altinet also have available individual GDPR whitepapers for each of the following Managed Service Offerings:
• Altinet Managed Email Security
• Altinet Managed Cloud Backup
• Altinet Managed Next-Generation Firewalls

CUSTOMER DATA RIGHTS

You may contact us by email at legal@altinet.co.uk at any time, to request that we:

Update any Personal Information which is out of date or incorrect;

Delete any Personal Information which we are holding about you;

Delete any employee information that may have activated their RBT (Right to be forgotten);

Restrict the way that we process your Personal Information;

Provide your Personal Information to a third-party provider of services; or

Provide you with a copy of any Personal Information which we hold about you.

We will consider all such requests and provide our response within the time period stated by applicable law.

You have the right to ask us to not process your Personal Information for marketing purposes.. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your Personal Information. Alternatively, you can contact us by email at legal@altinet.co.uk at any time. If you have previously given your consent to the use of your Personal Information for marketing purposes, you can choose to stop receiving marketing communications which we send to you from time to time by following the unsubscribe instructions included in such communications. Alternatively, you can opt out of such communications at any time by contacting us by email at legal@altinet.co.uk .

You can choose to opt-out from your Personal Information being used for any purpose that differs from the purposes notified to you when we collected your personal information; or disclosed to any third party.

If you would like to do this, please contact us as set forth in the Contact Us section of this website. Please note that opting-out may prevent us from providing you with our services or information requested by you.

Altinet’s Privacy Statement is subject to change.