Last modified 15 August 2023
The persons affected by data processing in visiting and using our website are the persons that visit and use our website over the internet.
If you visit our website, we may also process personal data that you voluntarily and directly through our website provide us with. This includes data you provide to us when you book a demo, subscribe to our marketing communications, correspond with us, or use any other feature of our website. This data includes: first name, last name, e-mail address, phone number, employer, job position, communication, and correspondence data (including chats).
In requesting data from you, we will indicate to you if the provision of certain personal data is mandatory or optional. If you choose not to provide any personal data marked as mandatory, we may not be able to respond to your requests or provide other services to you.
We may combine the personal data you provide us with and that we collect ourselves or through third-party services.
We process the personal data mentioned above for the purpose of making our website function properly, and to make improvements to the functioning of our website and/or the information contained in it. The lawful basis for such processing is our legitimate interest.
We also process the personal data mentioned above in order to reply to the requests that you have submitted to us, e.g. for setting up a demo or negotiating over establishing a potential customer relationship. In such case, the lawful basis for such processing is either our legitimate interest, the performance of a contract or taking steps at your request to enter into or prepare the entry into a contract or hold negotiations related thereto.
In case you have subscribed to our marketing communications, we will process your personal data based on your consent which you may at all times withdraw by an unsubscribe link provided in the marketing communication.
We may anonymise and aggregate any of the personal data we collect as such that the personal data will not allow for the identification of an individual. We may use such anonymised information for purposes that include testing our IT systems, research, data analysis, improving our website, providing our services, and developing new services and features. We may also share such anonymised and aggregated information with others, including for our commercial purposes.
We retain the personal data we collect in connection with you visiting or using our website for a period of 30 days.
We retain the personal data you provide to us with your requests etc. for a period of three years to enable us to better manage the relationship between us and cater to any of your follow-up requests and queries.
We may be required to store your personal data for periods which are longer than the periods above when this is necessary for resolving disputes, protecting our lawful and legitimate interests, or required by applicable laws.
Cookies and Tracking
Cookies are small files or part of a file stored on your computer, created, and subsequently read by a website server, and containing personal information (such as a user identification code, customized preferences, or a record of pages visited).
Strictly necessary cookies. These are cookies that are required for the operation of our website and these are the only type of cookies from which it is not possible to opt out from.
Analytical cookies. These are cookies that track how users navigate and interact with our website. The information collected is used to help us improve the website.
Functionality/performance cookies. These are cookies that help enhance our website’s performance and functionality. We may use this information e.g. for remembering your settings.
Third party cookies. These are cookies that have been created by a website other than ours. These cookies are used to analyse users’ web usage in order to offer users a personalised web experience.
You can modify cookies in your browser settings or in our cookie manager accessible via our website. Please note that if you disable all cookies which can be disabled, our website or parts of it may not function properly.
The Align Application is available and accessible on and through our website. The use of the Align Application is regulated in detail in the Alignment Technology General Service Agreement.
In providing the Align Application, we act both as a data controller and a data processor as outlined below.
In processing general customer contact data, we act as a data controller.
In allowing our customers to transmit, input, view, edit and delete data in the Align Application concerning inter alia their client relationships, client communication, internal and external business processes, and employees’ sales and client management related activities and communication (“Sales’ Process Data”) using APIs and their dedicated exclusive access dashboards available in the Align Application, we act as a data processor. Our customers are liable for ensuring that a lawful basis exists for the entry into and the further processing in the Align Application of the personal and other data provided by the relevant customer.
The persons affected by data processing in connection with managing Align Application related customer relationships are the contact persons appointed by the customer and notified to us. For that purpose, we may process personal data including first name, last name, e-mail address, phone number, and job position (“Contact Data”). We also process company (customer) specific information, including with regard to invoicing.
The persons affected by data processing in connection with the functions and services of the Align Application are the customer’s employees and customer’s client’s employees and other natural persons regarding whom our customer has transmitted or input data into the Align Application. For that purpose, we may process personal data including first name, last name, job title, seniority, email address, images, phone number (“Data on Persons”).
We process Contact Data for the administration and fulfilment of our customer contracts, and for ensuring that the customer contracts are duly fulfilled by our customers. The lawful bases for such processing activities are the fulfilment of a contract with a customer, and our legitimate interests in protecting our rights (e.g. in case of disputes, and in collection of debt).
We process Data on Persons both as a controller and a processor.
As a controller, we process Data on Persons to improve and develop our services. The lawful basis for such processing is our legitimate interest in providing our services via the Align Application to our customers.
As a processor, we process Data on Persons for the customer acting as a controller, and the customer is liable for and obliged to have a lawful basis for processing. In acting as a processor, we enable the customers to transmit, input, view, edit, and delete Sales’ Process Data (which may include Data On Persons) using APIs and their dedicated exclusive access dashboards available in the Align Application.
Customer Data shall be retained for the duration of the relevant customer contract and for a period of 3 years thereafter. Customer Data which is related to accounting, billing and taxes shall be retained for a period of 10 years or until required by applicable legislation. We may be required to store Customer Data for longer periods when this is necessary for resolving disputes, protecting our lawful and legitimate interests, or required by applicable laws.
Data on Persons shall be retained for the duration of the relevant customer contract and shall be deleted within 12 months as of termination of the relevant customer contract. Data on Persons shall also be deleted if requested by the relevant data subject or the customer, and we shall in such case follow the instructions of the customer.
We implement appropriate technical and organisational measures to protect your personal data, Customer Data and Data on Persons against accidental or unlawful destruction, loss, change or damage. All data we collect will be stored on the secure servers of our reputable cloud service providers.
Any transfers of personal data outside the EU/EEA shall be done under a lawful basis, including to a recipient which is in a country which provides an adequate level of protection for personal data; or under appropriate safeguards which cover the EU/EEA requirements for the transfer of personal data outside the EU/EEA.
Your personal data may be shared with third party service providers that perform services for us or on our behalf. Such services may include e-mail and chat services, cloud services, large language model services’ providers, fraud prevention services, and analytics services.
Your personal data may also be shared with external recipients if we are legally obliged to do so. This may include court orders and judgements, and data protection supervisory authority requests. In honouring such orders, judgements, and requests, we shall make sure that a lawful basis exists under which we share the information.
We may share your personal data in connection with legitimate exercise or protection of our or our customers’ rights, or in investigating contract breaches or illegal activity. In such cases the recipients of your personal data may be professional advisors or law enforcement agencies.
Your personal data may be disclosed to third parties if we are involved in a merger, sale of all or part of our assets or shares, reorganisation, or financing.
In accordance with and subject to exceptions prescribed by applicable law, you as a data subject have the following rights against us to the extent we act as a data controller, which you may exercise by submitting a relevant request to us which we shall process in accordance with applicable legal acts:
Right of access (the “subject access request”). This will provide you information on your personal data processed by us (including a copy thereof, if requested), including the lawful bases and purposes thereto.
Data portability right. You can request a copy of your personal data in a structured, commonly used and machine-readable format or to transfer this data to another party.
Rectification right. You may request for us to correct your personal data held by us if it is inaccurate or incomplete.
Right to restrict processing. You may request for us to restrict processing of your personal data if you have contested the accuracy of the personal data, if the data processing is unlawful, if there is no purpose for the controller to process the data but you need the data for making a legal claim, or if you have objected to processing.
Right to object. Under bases provide by applicable legal acts, you may object to the processing of your personal data by us. In such case we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing, which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.
Erasure right. Unless prohibited by statutory provisions or overridden by our legitimate interests, you may demand the deletion of your personal data held by us.
Right to withdraw consent. If we process your data based on consent, you may revoke it at any time, following which we will no longer process your data based on such consent. This does not affect the lawfulness of prior processing activities based on consent.
OÜ Alignment Technology
Estonian commercial register code: 16718998
Registered address: Valukoja 8/1, Tallinn, 11415, Estonia
e-mail address: email@example.com
Our supervisory authority is the Estonian Data Protection Inspectorate (www.aki.ee)