Alfa Roza LLC Owner and operator of the registered website address alfaroza.com, executes this Privacy Policy. Alfa Roza is committed to the protection of all personal and sensitive data for which it holds responsibility as the Data Controller and the processing of such data in line with the data protection principles and the General Data Protection Regulation (GDPR). Your acceptance without modification of the Policy contained herein (the "Policy").
1.Definition & Interpretation
These words and phrases have defined meanings;
|
Policy |
this Policy, and any amendments from time to time; |
|
Personal and Sensitive Data |
means information that relates to a living person who can be identified from that data (a ‘data subject’) on its own, or when taken together with other information which is likely to come into our possession. It includes any expression of opinion about the person and an indication of the intentions of us or others, in respect of that person. It does not include anonymized data. |
|
Permitted Purpose |
for website hosting; |
|
Data |
Collectively all information that you submit to Alfa Roza via the Website. This definition incorporates, where applicable, the definitions provided under the General Data Protection Regulation (GDPR) (EU) 2016/679 and the Privacy Act of 1974 (Privacy Act); |
|
Alfa Roza, or us, our, we |
Alfa Roza, or any affiliated parties, subsidiaries or holding or any group of companies; |
|
GDPR |
General Data Protection Regulation (GDPR) (EU) 2016/679; |
|
Act |
the Privacy Act of 1974, 5 U.S.C. § 552a; |
|
User or You |
any third party that accesses the Website and is not either (i) employed by Alfa Roza and acting in the course of their employment or (ii) engaged as a consultant or otherwise providing services to Alfa Roza and accessing the Website in connection with the provision of such services; and |
2. Obligations in relation to Personal and Sensitive Data
The legal basis for processing data shall be in accordance with:
|
Consent |
consent for us to process their data for a specific purpose; |
|
Contract |
the processing is necessary for the Permitted Purpose; |
|
Legal obligation |
the processing is necessary for us to comply with the GDPR and the Privacy Act (not including contractual obligations). |
|
Vital interests |
the processing is necessary for us to share personal data, but the individual is incapable of giving consent to the processing |
|
Legitimate interests |
the processing is necessary for us to share personal data where it is considered to be reasonably expected and which will have minimal privacy impact, or where there is a compelling justification for the processing |
3. Obligations in relation to Personal and Sensitive Data
All data within our control shall be identified as personal, sensitive or both to ensure that it is handled in compliance with legal requirements and that access to it does not breach the rights of the individuals to whom it relates. In compliance with Article 5 of the GDPR, personal data shall be
- (a) use the same degree of care to protect the Personal and Sensitive Data as it uses to protect its confidential information, being at least a reasonable degree of care.
- (b) processed lawfully, fairly, and in a transparent manner in relation to individuals;
- (c) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
- (d) adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed;
- (e) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that inaccurate personal data, having regard to the purposes for which they are processed, are erased or rectified without delay;
- (f) kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organizational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and
- (g) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.
4. Permitted disclosures
Alfa Roza may disclose Personal and Sensitive Data to its employees, professional advisers, agents and sub-contractors (each a "Permitted Disclosee") provided that the Permitted Disclosee (i) has a need to have access to the Personal and Sensitive Data for the performance of its work in relation to the Permitted Purpose and (ii) is bound by a written Policy or professional obligation to protect the confidentiality of the Personal and Sensitive Data which it receives from you.
5. Data Security
In order to assure the protection of all data being processed and inform decisions on processing activities, we shall undertake an assessment of the associated risks of proposed processing and equally the impact on an individual’s privacy in holding data related to them.
Security of data shall be achieved through the implementation of proportionate physical and technical measures. Nominated staff shall be responsible for the effectiveness of the controls implemented and reporting of their performance.
The security arrangements of Alfa Roza with which data is shared shall also be considered and where required shall provide evidence of the competence in the security of shared data.
6. Data Protection
Alfa Roza shall take the security and privacy of your data seriously. We need to gather and use information or ‘data’ about you as part of our business and to manage our relationship with you. We intend to comply with our legal obligations under the Data Protection Act 2018 (the ‘2018 Act’) and the EU General Data Protection Regulation (‘GDPR’) in respect of data privacy and security. We have a duty to notify you of the information contained in this policy.
Alfa Roza is a ‘data controller’ for the purposes of your data. This means that we determine the purpose and means of the processing of your data.
This policy explains how Alfa Roza will hold and process your information. It explains your rights as a data subject. It also explains your obligations when obtaining, handling, processing or storing personal data in the course of working for, or on behalf of, Alfa Roza.
7. Procedure for Processing Data
All Personal and Sensitive data will:(a) be collected and processed only for specified, explicit and legitimate purposes; (b) be adequate, relevant and limited to what is necessary for the purposes for which it is processed; (c) be accurate and kept up to date. Any inaccurate data must be deleted or rectified without delay; (d) not be kept for longer than is necessary for the purposes for which it is processed; and (e) be processed securely.
8. Disclosure
Sometimes we might share your personal data with employees, or our contractors and agents to carry out our obligations under our contract with you or for our legitimate interests. If deemed necessary, we will complete a Privacy Impact Assessment (PIA) form before sharing such information.
We require affiliated parties to keep your personal data confidential and secure and to protect it in accordance with the law and our policies. They are only permitted to process your data for the lawful purpose for which it has been shared and in accordance with our instructions.
9. Limitation of liability
You hereby warrant to Alfa Roza that it has the legal right and authority to acknowledge and accept the terms and conditions set out under this Policy.Subject to the above, Alfa Roza, nor any of their respective employees, officers, agents, subsidiaries or any other associated third parties associated accepts any responsibility or liability for, or makes any representation or warranty, express or implied, that the Personal and Sensitive Data disclosed by you is accurate or complete.
10. Your Rights
Right to Access: You have the right to confirm whether Alfa Roza is processing your personal data and, if so, to access your personal data along with additional information regarding its processing.
Right to Rectification: You can request the correction of any inaccuracies in your personal data.
Right to Be Forgotten: You have the right to ask Alfa Roza to delete your personal data (the "right to be forgotten"). This includes situations where the data is no longer necessary for the purposes for which it was collected or has been processed unlawfully.
Right to Restriction: You can obtain a restriction on the processing of your personal data, especially when you dispute the accuracy of your data.
Data Portability: You have the right to receive your personal data, which you have provided to us, in a structured, commonly used, and machine-readable format. You can also transmit this data to another data controller if the processing is based on your consent or a contract.
Right to Object: You can object to the processing of personal data based on Alfa Roza's legitimate interests. We will cease processing your personal data unless we can demonstrate compelling legitimate reasons that outweigh your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims. If your personal data is being processed for direct marketing purposes, you can always object to such processing.
Withdraw Consent: If your personal data processing relies on your consent, you have the right to withdraw your consent at any time. The withdrawal of consent does not affect the legality of the processing conducted before consent was revoked.
11. Cookies
You hereby warrant to Alfa Roza that it has the legal right and authority to acknowledge and accept the terms and conditions set out under this Policy.
Before the Website places Cookies on your computer, you will be presented with a message bar requesting your consent to set those Cookies. By giving your consent to the placing of Cookies, you are enabling alfaroza.com to provide a better experience and service to you. You may, if you wish, deny consent to the placing of Cookies; however, certain features of the Website may not function fully or as intended.
(a) You can choose to delete Cookies at any time; however, you may lose any information that enables you to access the Website more quickly and efficiently including, but not limited to, personalization settings. (b) It is recommended that you ensure that your internet browser is up-to-date and that you consult the help and guidance provided by the developer of your internet browser if you are unsure about adjusting your privacy settings.
12. Circumstances beyond the control of the parties
Alfa Roza to this Policy will not be liable for any failure or delay in performing its obligations where such failure or delay results from any cause that is beyond the reasonable control.13. SHARE YOUR PERSONAL DATA
When initiating a transaction, your transaction data is transmitted to the respective payment service provider for the purpose of processing your payment. For instance, when using a credit card for payment, Stripe Inc. handles the payment processing, and in the case of PayPal, PayPal Inc. is responsible for this process. Furthermore, should you request Alfa Roza to register a domain on your behalf, we will need to share the necessary information with the relevant domain registration service provider. Additionally, in compliance with applicable laws, regulations, court orders, or legal mandates, Alfa Roza may disclose your personal data to external entities, including law enforcement and government institutions, with your consent if required by law.
Effective 2 November 2023
