Effective Date: October, 2018
This policy describes how Altec Products, Inc. collects and handles personal information that customers provide through or in conjunction with Altec products and services. It as describes your choices regarding use, access and correction of your personal information.
This policy refers to Altec as “we,” “us” and “our.” References to “you” and “your” are to the owners of the data input into DocLink. This generally is our customers, the companies and organizations that have subscribed to DocLink. In some cases, this may be our partners with respect to data owned by you as a partner. If you are an individual whose data is controlled by a customer or partner of ours and input into DocLink by such customer or partner, please direct your privacy-related inquiries to the company or organization that has subscribed to DocLink, as more fully described in “Data Access and Choice” below.
Information Provided by You
You provide us with several kinds of information: Customer Data, Administrative Data, and Billing Data.
Customer Data is the information submitted into DocLink when you use DocLink or when you receive customer support. This includes accounting information, documents and document metadata, as well as information derived by the operation of DocLink from such submissions, such as reports and analytics. Customer Data may be submitted directly by you or indirectly through our partners.
Our system processes and stores Customer Data strictly on your behalf in order to provide you services and perform our contractual obligations to you. We restrict our employees’ access to Customer Data to (1) support, client services and technical staff, who with your consent may have access to your Customer Data to provide customer support, technical troubleshooting and professional services, and (2) a limited number of operations personnel, who may have controlled access to Customer Data for troubleshooting and system maintenance. We use Customer Data to provide you services and to address customer support requests and technical problems.
Administrative Data is information you provide during sign-up, purchase or administration of DocLink. This includes company name, address, email and phone number, and individual users’ names, emails, phone numbers and account credentials.
We collect, store and use Administrative Data to perform our contractual obligations to you and/or for our legitimate business interests. Specifically, we use Administrative Data to provide DocLink to you, administrate your account, provide customer support and professional services, keep a records of our dealings with you, notify you of new product offerings and of changes, updates and availability of DocLink, understand your experience using DocLink (for example, by sending you surveys), conduct research, improve DocLink, plan and host events, contact you with marketing communications, and identify and prevent fraud.
Billing Data is financial qualification and billing information you provide as our customer when you purchase, subscribe for, renew or expand DocLink. This includes name, billing address, credit card information, credit references and other financial data.
We use Billing Data for our legitimate business interests: to process or collect payment for your transactions with us, keep a record of our dealings with you, and prevent fraud. We store Billing Data for use in your future transactions with us.
Information Collected by Us
DocLink does not store any user information in any persistent storage mechanism. Our product uses localStorage to store user settings such as sort order, column order, display modes, etc. DocLink uses sessionStorage for the secure data, which is tied to the current tab in the browser and is not accessible outside of that tab instance. This data is gone as soon as the tab is closed. DocLink does not utilize cookies.
IP Addresses: We collect the Internet Protocol (IP) address of the computer used to access the DocLink services. We use IP addresses for added security of the DocLink services and to optimize the performance of the DocLink services. A security feature of the DocLink services allows a client’s administrator to review the list of IP addresses from which the client’s DocLink account has been accessed. We do not provide an opt-out option for IP addresses.
Statistical Data: When you use the DocLink services, we may collect statistical information (metadata), such as server log files, usage patterns and frequency, and volume and value of transactions. Such statistical information does not include Customer Data. We may use this statistical information for product improvement and billing.
Anonymous Data: If Statistical Data is used by us for any other purposes, we aggregate this data in a way that does not identify or otherwise permit the identification of you or any of your users. We may use and disclose Anonymous Data for training, quality assurance, product development, marketing, promotion, statistical analysis, market analysis, financial analysis, benchmarking and other business purposes. We do not provide an opt-out option for Anonymous Data.
Some browsers contain features that signal that the user does not want to be tracked, known as “Do Not Track” or DNT. The DocLink services currently do not respond to such signals.
Third-Party Provided Data: We partner with third parties who provide products and services within, or related to, the DocLink services. These third parties may provide us your Customer Data or Billing Data. We treat this information in the same manner as we treat Customer Data and Billing Data that you provide directly to us.
We retain Customer Data for the duration of your subscription to the DocLink services. After your subscription expires, we retain Customer Data for at least 90 days and may store it for up to an additional 90 days. Customer Data may be retained beyond that period in data backups, which may be stored for up to 5 years. We retain Customer Data as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
We keep Administrative Data and Billing Data as part of our business and accounting records for the duration of your relationship with us and thereafter for so long as necessary for our legitimate business purposes. We retain credit cardholder data for no longer than 90 days from the card expiration date. We do not store card-verification code or value (CVV).
Altec Policies for Access and Use of Customer/Prospect/Partner Data
Altec has several databases and documents including customer, prospect and partner information that may or may not contain personal data. You can make choices about how Altec collects and uses your data. You can control your personal data Altec has obtained and exercise your data protection rights by contacting Altec or using various tools that we provide.
To opt-out of receiving marketing related communications from Altec, please click on the “opt-out” link in the communications you receive. Please note that if you do opt-out of receiving marketing related emails from us, we may still use your contact information to send you important administration messages, such as billing and support. If you wish for us to completely delete your personal record from our database, email marketingIS@Altec-Inc.com and we will remove it.
Communications Preferences and Opt-Out As a result of providing your contact information, Altec may market to you, including sending promotional communications and relevant offers. To opt out of receiving marketing related communications from Altec, please click on the “opt-out” link in the communication. Please note that if you do opt-out of receiving marketing-related emails from us, we may still use your email address to send you important administrative messages. If you wish for us to completely delete your personal record from our database, email marketingIS@Altec-Inc.com and we will delete your contact information.
Disclosure of Information
We will disclose your data to third parties only as directed by you, as described in your agreements with us and in this policy, or as required by law.
- When you authorize third-party access to the DocLink services, or use our API or third-party applications accessed through the DocLink service, you may affirmatively transfer Customer Data to third parties. Such use is under your control, and we consider this a disclosure initiated and directed by you.
- We may contract with other companies to provide services or functionality on our behalf. If we do so, we may share Customer Data and/or Administrative Data with such providers to the extent necessary for their engagement. In such cases, we will require such providers to maintain the confidentiality of your information and to use it only for the purposes of their engagement by us. Transfers to subsequent third parties are covered by the provisions in this Policy regarding notice and choice and our agreements with you.
- We may store copies of our database backups in facilities provided by third parties. These third parties do not have the right to access such data.
- We may share Administrative Data for marketing purposes with our partners and other third parties whose products or services we think may interest you in the operation of your business activities.
- Anonymous Data does not identify you or your users and, therefore, we may disclose it to third parties as appropriate to support our business needs.
We also may disclose your information if we believe in good faith that it is necessary to (1) respond to a subpoena or request by government authorities or comply with any law, regulation, legal process, administrative or other government proceeding, (2) protect against misuse or unauthorized use of the DocLink services, (3) prevent or address fraud; (4) enforce our rights, policies and agreements or defend ourselves in legal or government proceedings; or (5) protect our rights, property or safety, or those of third parties.
Unless we are prohibited by law, we will attempt to notify you of any request to disclose your Customer Data to the authorities or any other party and, where appropriate, refer such requests directly to you.
We may transfer some or all of our assets, including data, in connection with a merger, acquisition, or sale of assets, or if we dissolve, reorganize our business, or cease operating as a going concern (for example, in the event of a bankruptcy).
We maintain administrative, physical, and technical safeguards for protection of the security, confidentiality and integrity of your Customer Data that are consistent with industry standards.
Our data security measures include (but are not limited to):
- Integration of application security into the agile product development lifecycle with both manual and automated controls to address static testing and dynamic code analysis;
- Regular internal and external penetration testing against both our application and associated supporting infrastructure;
- Intrusion detection systems monitoring both network and hosts;
- Data encryption in transit to and from us;
- Physical security measures of data centers;
- Multiple levels of backup data protection (onsite and offsite);
- Fully redundant backup data center capability and failover recovery covered by our SLA;
- Configurable security controls by the customer that allow you to adjust security; setting of roles and permissions to further restrict access based on business needs;
- Web services API;
- Mandatory DocLink-internal security controls; password complexity; protocols to prevent brute-force authentication attempts.
Information Location and Transfers
We store Customer Data, Administrative Data and Billing Data in the United States.
Data Access and Choice
We are a data processor of Customer Data, which is controlled by you, our customers. You are responsible for complying with all privacy laws and regulations applicable to you as a user of the DocLink service and controller of Customer Data. We have no direct relationship with the individuals whose personal data we process as part of Customer Data. We acknowledge that the individuals have the right to access their personal information. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data, should direct his query to you, our customer (the data controller). If requested to remove the data, we will respond to the individual within reasonable timeframe and direct the request to our customer.
Upon request we will provide you with information about whether we hold any of your personal information in Administrative Data or Billing Data. If you want to edit and/or change any Administrative Data or Billing Data (other than company ID or user ID, which cannot be changed without creating a new account and/or new user) you can do so at any time by using your company ID, user ID, and password to access your account. Please contact marketingIS@Altec-Inc.com for further instructions about deleting or deactivating your DocLink account.
Changes to This Policy
We may update this policy to reflect changes to our information practices. If we make any material changes, we will notify you by email (sent to the email address of your DocLink subscription representative on record with us) or by a notice posted in the DocLink services prior to the change becoming effective. We encourage you to periodically review this page for the latest information about our privacy practices.