Privacy Policy

Latest Revision November 1, 2018

Dot Alpha and the website www.dotalpha.co (“Dot Alpha, we,” us”) is a digital innovation studio.

This Privacy Policy explains how we treat information from or about our users, including how we collect, use, and share information in connection with our Services.  We may, at times,

add or remove functionalities or features of our service or we may suspend or stop a Service altogether.  Your continued use of this Site after such notices constitutes your agreement to all such terms, conditions, and notices.  If you do not agree with any of these conditions, please do not use the site.

Dot Alpha complies with the General Data Protection Regulation (GDPR) The regulation is data protection and privacy policy for all individuals within the European Union and the European Economic Area. It also addresses the export of personal data outside the EU and EEA. The GDPR aims primarily to give control to citizens and residents over their own data and to simplify the regulatory environment for international business by unifying the regulation within the EU.

Superseding the Data Protection Directive, the regulation contains provisions and requirements about the processing of personally identifiable information of data subjects inside the European Union. Business processes that handle personal data must be built with privacy by design and by default, meaning that personal data must be stored using pseudonymization so that the data is not available publicly without explicit consent, and cannot be used to identify a subject without additional information stored separately. No personal data may be processed unless it is done on a legitimate basis specified by the regulation, or if the data controller or processor has received explicit, opt-in consent from the data’s owner. The business must allow this permission to be withdrawn at any time.

 

1. The lawful basis for processing

Data may not be processed unless there is at least one legitimate basis to do so:

• The data subject has given consent to the processing of personal data for one or more specific purposes.
• Processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject before entering into an agreement.
• Processing is necessary for compliance with a legal obligation to which the controller is subject.
• Processing is required to protect the vital interests of the data subject or of another natural person.
• Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
• Processing is required for the purposes of the legitimate interests pursued by the controller or by a third party unless such interests are overridden by the interests or fundamental rights and freedoms of the data subject, which require protection of personal data, in particular if the data subject is a child.

If consent is used as the lawful basis for processing, permission must be explicit for data collected, and the purposes data is used for (GDPR Article 7; defined in Article 4). Consent for children must be given by the child’s parent or custodian, and verifiable (GDPR Article 8). Data controllers must be able to prove “consent” (opt-in), and consent may be withdrawn.

This area of GDPR consent has some implications for businesses who record calls as a matter of practice. The typical “calls are recorded for training and security purposes” warnings will no longer be sufficient to gain presumed consent to record calls. Additionally, when recording has commenced, should the caller withdraw their consent then the agent receiving the request must be able to stop a previously started recording and ensure the record does not get stored.

 

2. Data protection by design and by default

GDPR Article 25 requires data protection to be designed into the development of business processes for products and services. Privacy settings must, therefore, be set at a high level by default, and technical and procedural measures should be taken by the controller to make sure that the processing, throughout the whole processing lifecycle, complies with the regulation. Controllers should also implement mechanisms to ensure that personal data is not processed unless necessary for each specific purpose.

 

3. Right to erasure

GDPR Article 17 provides that the data subject has the right to request erasure of personal data related to them on any one of some grounds.   A processor of personal data must clearly disclose what data is being collected and how, why it is being processed, how long it is being retained, and if it is being shared with any third-parties. Users have the right to request a portable copy of the data collected by a processor in a standard format, and the right to have their data erased under certain circumstances. Our data protection officer (DPO), is responsible for managing compliance with the GDPR.

 

4. Records of processing activities

Dot Alpha agrees that Records of processing activities must be maintained that include purposes of the processing, categories involved and envisaged time limits. The records must be made available to the supervisory authority on request (Article 30).

 

5. Data Protection Officer

Dot Alpha employs personnel to manage IT processes, data security (including dealing with cyber attacks) and other critical business continuity issues around the holding and processing of personal and sensitive data. The skill set required stretches beyond understanding legal compliance with data protection laws and regulations. The controller’s core activities consist of processing operations that require regular and systematic monitoring of the data subjects, and processing on a large scale of particular categories of data under GDPR Article 9 and personal expert knowledge of data protection law and practices should assist the controller or processor to monitor internal compliance with this regulation.

 

6. Data breaches

The data controller, is under a legal obligation to notify the supervisory authority without undue delay unless the breach is unlikely to result in a risk to the rights and freedoms of the individuals. Individuals have to be notified if adverse impact is determined (GDPR Article 34). Also, the data processor will have to inform the controller without undue delay after becoming aware of a personal data breach (Article 33).

However, the notice to data subjects is not required if the data controller has implemented appropriate technical and organisational protection measures that render the personal data unintelligible to any person who is not authorised to access it, such as encryption (Article 34).

7. WHAT PERSONAL INFORMATION DOES DOT ALPHA COLLECT

7.1 Member Registration

If you decide to register on our site, there will be specific information you must provide such as your legal name, e-mail address, gender, and a unique login name, and password to confirm your new member registration using the Dot Alpha  Service.

7.2 Transaction Information

Dot Alpha is a is an online retail  company.  The purchase of services includes the collection of Credit Card information. We do not store any credit card information you provide. We do save the history of acquisitions.

7.3 Collection and Processing

Data controllers may collect and process personal data when any of the following conditions are met:

For collecting personal data: Under the Web, a data controller may only collect personal data if he has a purpose for this.  The goal must be:

• Specified; Explicit; and Legitimate.

A data controller may not collect data if he has not explicitly specified the purpose.

For personal processing data:

• The data subject has given his prior consent to it; or
• The processing is necessary for the performance of a contract to which the data subject is a party; or
• The handling is required to comply with a legal obligation to which the data controller is subject; or
• The transfer is necessary to protect the vital interests of the data subject; or
• The removal is necessary or legally required to preserve a significant public interest; or
• The processing is essential for upholding the legitimate interests of the data controller or of a third party to whom the data is supplied, except where the interests or fundamental rights and freedoms of the data subject, in particular, the right to protection of individual privacy, prevail.

Also, personal data may not be further processed in a way incompatible with the purposes the data were collected.  Whether further processing is incompatible depends on different circumstances, such as:

• The relationship between the use of the intended processing and the purposes for which the data initially was obtained;
• The nature of the data concerned;
• The consequences of the proposed processing for the data subject;
• The manner in which the data have been collected;
• The extent to which appropriate guarantees have been put in place concerning the data subject;

Also, personal data may only be processed, where, given the purposes for which they are collected or subsequently processed, they are adequate, relevant and not excessive.

 

8. Personal information we may share

We WILL NOT share your Personal data; we do share aggregate non-personal data with third parties without notice to you under certain circumstances. Finally, the Web sets out strict rules about sensitive data.  The primary law is that such data may not be processed unless the data subject has given its explicit consent to it.

• Website Providers

When we engage a Website   Provider to perform specific business-related functions, we only provide them with the information that they need to perform their particular function.

• Legal Requirements

If we are required to do so by law, court order, as requested by other government or law enforcement authority, or in the good faith belief that disclosure is necessary or advisable including, without limitation, to protect the rights or properties of Dot Alpha.

• Business Transfers

In the case of a corporate sale, asset sale, merger, reorganization, dissolution, or similar event, we may share your information with new business partners.  Personal Information and Non-Personal Information may be part of the assets that are transferred.

• Aggregated Information

We may aggregate your Personal and Non-Personal Information and provide it to our existing or potential business partners, sponsors, advertisers, or other third parties, in response to a government request for lawful purposes.

We may disclose Personal Information to third party marketers (who may combine such Personal Information with their records, and files available from other sources), for their direct marketing purposes.

 

9. How are cookies used on the Dot Alpha service?

A “cookie” is a small piece of data that a site transmits to your browser that helps our site remember information about you and your preferences.  What this helps us is to identify you to a place when you revisit it, and to load your preferences and to track the pages you have visited.

Session data:  Session data is when we automatically track generic information during your time or session on our website.  The information can include your individual IP address and your OS and browser software information, and the activities performed by the user while using the Avrljean.com Service.  Why do we collect your session data information?  We receive this information as it helps us analyze critical data as what subject’s visitors are most likely to click on, how many persons are clicking on multiple pages on the site, how long they are staying and how often they are visiting.  It also helps us diagnose problems with our servers and lets us better administer our systems.  We only access these tools so users can share our information through their social media feeds.

 

10. Third party services

10.1 Advertising Data Collected by Third Parties Vendors

The advertisements you see on the Dot Alpha  Service is served by third-party vendors or by us.  We allow third-party Vendors to collect data about your online sessions through cookies and other technologies.  We won’t let these third parties receive personal data about you via the advertisements they serve on the Dot Alpha service.  The data gathered by these third parties is used to make predictions about you, your interests, or preferences and to display advertisements on Dot Alpha

10.2 Third Party Disclaimers

Users to our website may find advertising or other content that link to the sites and services of our vendor third parties.  We cannot control the content that appears on these sites and are not liable for the practices performed by websites linked to or from our Site.  These sites and services may have their privacy policies and customer service policies.

 

11. third party plugins

Our website uses Social Plugins (“Plugins).  We use the social network, facebook.com,  Twitter Inc., and Google+ Plugins.

 

12. Advertising data collected by us

We may directly or indirectly through Website Providers, serve personalized advertisements for products, website’s, and programs when you visit our Site.  Your Personal Information and General Information is combined and compared with other user information and databases for marketing or advertising purposes.  You may opt out of the tailoring of advertising based on information we collect.

Dot Alpha is dedicated to providing you with pertinent content and data.  To do this, we may, through cookies and other technologies, gather information about your searches.  This data collected is used to display ads to you on our website or elsewhere online; that match your apparent interests.  We use this data, combined with other data we have collected, to display advertisements to you on our website that match your apparent interests.

 

13. Advertising data collected by third party vendors

The advertisements you see on the Dot Alpha service is served by third-party vendors or by us.  We allow third-party Vendors to collect data about your online sessions through cookies and other means.  We do not permit these third parties to receive personal data about you via the advertisements they serve on the Dot Alpha service.  The data gathered by these third parties is used to make predictions about you, your interests, or preferences and to display advertisements on Dot Alpha.

 

14. With whom will my personal information be shared?

We use third party’s vendors to provide the services and technology that make up the Dot Alpha service.  Dot Alpha offers these third parties with access to information specifically for use in connection with providing such services and techniques.  We may at times, use third parties to act on our behalf for projects such as market-research surveys or will contract with third parties to provide co-branded products.  The information we provide is protected by confidentiality agreements and is to be used solely for the purpose(s) permitted by such contracts.

We use non-personal generic data to build quality, beneficial, online services.  We perform statistical analyses of the overall characteristics and behavior patterns of our customers.  We may also provide aggregate data to third parties who contribute a portion of the services and technology that make up the Dot Alpha service so they can optimize, maintain, support, and improve the Dot Alpha service.

 

15. How can i update or correct my personal information?

Your personal profile, which includes member registration and policy information, can be updated through “My Account” on the www.dotalpha.co homepage.  Because of the way we store data after you update your information or request that your account is deactivated for marketing purposes, residual copies of your information may remain in our active servers for a period and may stay in our backup systems.  Information may also be retained as required by law or for legitimate business purposes.

 

16. Safeguards in place to protect my data?

While no website can promise complete security, we have incorporated the latest, technical, and physical security procedures designed to protect your personal data.  Only authorized personnel are permitted to access personal data, and they may just do so for authorized business functions.  Also, we use encryption when transmitting your private data between systems.  We employ firewalls and intrusion detection systems to help prevent unauthorized persons from gaining access to your information.

 

17. Transfer of your personal data

Removal of a data subject’s personal data to non-EU/European Economic Area countries is allowed if the states provide “adequate protection.”  For the transfer of data to the United States, companies, which adhere to the US/EU Safe Harbor principles, are deemed to offer adequate protection.

Data controllers may transfer personal data out of the European Economic Area to countries which are not deemed to offer adequate protection if any of the following exceptions apply:

1. The data subject has unambiguously given its consent to it; or
2. The transfer is necessary for the performance of the contract between the data controller and the data subject; or
3. The removal is required for respect of vital public interest, or for the establishment, exercise or defense in the law of any right.

 

18. OPT-OUT

You can control your privacy preferences regarding email.  You may update these preferences at any time.

You may opt-out of receiving promotional emails from us regarding new features, Website, and special offers when registering for an account by unchecking the box that asks whether you would like to receive e-mail updates.

You may unsubscribe from receiving promotional e-mails of certain types at any time by using the Unsubscribe page on our Site.  You may also opt-out from promotional emails from us by calling Customer Care.

 

19. Contacting us

We are committed to conducting our business by these principles to ensure that the confidentiality of personal information is protected and maintained.  If you have any questions about our privacy practices or this Policy, please contact us at Customer Service Support or email us.

studio@dotalpha.com