Privacy Policy
Effective 28 June 2026
1. WHO WE ARE
This Privacy Policy describes how Altisium 360 FZ-LLC and its Affiliates ("Altisium", "we", "us", "our") collect, use, and share Personal Data when you:
(a) visit our website at altisium.com (the "Website");
(b) interact with our marketing materials, events, or communications;
(c) use the Altisium Service in your capacity as an Authorised User (e.g. an employee or contractor of an Altisium customer); or
(d) otherwise engage with us as a prospective customer, partner, supplier, or job applicant.
Important — what this Policy does NOT cover. Where our customers ("Customers") use the Service to process Personal Data of their own employees, vendors, or other parties, those Customers are the data controllers of that Personal Data and we act as their data processor. Our processing of that data is governed by the Data Processing Agreement between Altisium and the relevant Customer, not by this Privacy Policy. If you are a vendor or vendor employee whose data has been entered into our Service by an Altisium Customer, please contact that Customer for information about how your Personal Data is being processed.
2. CONTROLLER AND CONTACT DETAILS
| Field | Value |
|---|---|
| Data Controller | Altisium 360 FZ-LLC |
| Registered address | Ras Al Khaimah, United Arab Emirates |
| Registration number | Available on request |
| General contact | privacy@altisium.com |
| Data Protection Officer (DPO) / Privacy Lead | privacy@altisium.com |
| EU representative (Article 27 EU GDPR), if any | To be appointed |
| UK representative (Article 27 UK GDPR), if any | To be appointed |
| UAE PDPL contact | privacy@altisium.com |
3. WHAT PERSONAL DATA WE COLLECT
We collect the following categories of Personal Data:
3.1 Information you provide directly
| Category | Examples |
|---|---|
| Identity and contact information | Name, business email, business phone, job title, employer |
| Account and authentication data | User ID, encrypted password, MFA tokens, recovery questions |
| Communications | Inquiries, support tickets, survey responses, sales communications |
| Marketing preferences | Subscription preferences, opt-in / opt-out elections |
| Job application data (if applicable) | Up to 12 months after application close (longer with consent) |
3.2 Information collected automatically
| Category | Examples |
|---|---|
| Device and connection data | IP address, browser type and version, operating system, device identifiers |
| Usage data | Pages viewed, links clicked, features used, timestamps, time spent |
| Cookies and similar technologies | See our Cookie Policy at /06-privacy/Cookie-Policy.md (live URL: altisium.com/cookies) |
| Location data | Approximate location derived from IP address |
3.3 Information collected from third parties
| Source | Examples |
|---|---|
| Customer (your employer) | Identity and contact information needed to provision your Authorised User account |
| Identity providers / SSO | Authentication data (when you log in via SSO) |
| Marketing data providers | Limited business contact information for prospecting |
| Public sources | Public business directories, professional networks (e.g. LinkedIn) |
3.4 What we do NOT collect
We do not knowingly collect Personal Data from children under 16 (or the higher minimum age set by applicable law in your jurisdiction). The Service is not intended for individual consumer use.
4. HOW WE USE PERSONAL DATA
We use Personal Data for the purposes set out below. The legal bases under EU GDPR / UK GDPR are indicated in brackets.
4.1 To provide and operate the Service
(a) provisioning, authenticating and supporting Authorised User accounts;
(b) delivering Service functionality and Documentation;
(c) processing payments and managing customer relationships.
(Legal bases: performance of a contract; legitimate interests in operating our business)
4.2 To communicate with you
(a) responding to inquiries, support tickets, and contractual notices;
(b) sending operational communications (security alerts, billing, service announcements);
(c) sending marketing communications, where permitted by law and subject to your preferences.
(Legal bases: performance of a contract; legitimate interests; consent for direct marketing where required)
4.3 To improve and secure the Service
(a) analysing how the Service and Website are used;
(b) detecting and preventing fraud, abuse and security incidents;
(c) debugging, troubleshooting and improving Service performance.
(Legal bases: legitimate interests in operating, securing and improving our Service)
4.4 To meet legal and regulatory obligations
(a) complying with applicable laws, regulations and court or regulator orders;
(b) responding to lawful requests from public authorities;
(c) record-keeping for tax, accounting and corporate governance purposes;
(d) enforcing our agreements and protecting our rights.
(Legal bases: legal obligation; legitimate interests; establishment, exercise or defence of legal claims)
4.5 For recruitment
(a) evaluating job applications, conducting interviews, and managing the recruitment process.
(Legal bases: pre-contractual measures; consent for retention beyond the immediate role; legitimate interests in hiring)
4.6 With consent, for any other purpose disclosed to you at the time of collection.
5. AI USE OF PERSONAL DATA
The Service includes AI-powered features (described in our Documentation and AI Addendum). With respect to Personal Data of Website visitors and Customer-Authorised Users (i.e. data covered by this Privacy Policy):
(a) we do not use such Personal Data to train, fine-tune, or improve generally-applicable AI Models;
(b) we may use AI tools internally for operational tasks (e.g. customer support, document drafting, internal analytics) where doing so is consistent with this Privacy Policy and applicable law;
(c) we have contractual commitments with our AI Sub-processors that no Customer-tenant data is used to train their models, as described in the AI Addendum.
6. SHARING WITH THIRD PARTIES
We share Personal Data with the following categories of recipients:
6.1 Sub-processors and service providers
We share Personal Data with third-party service providers who help us operate our business and deliver the Service, including hosting providers, email providers, analytics providers, customer support tools, payment processors, AI providers, and identity / SSO providers. Our current list of Sub-processors is published at altisium.com/subprocessors.
6.2 Affiliates
We share Personal Data with our Affiliates for purposes consistent with this Privacy Policy.
6.3 Customers
If you are an Authorised User of a Customer's tenant, we share certain Personal Data (e.g. your account activity logs) with that Customer.
6.4 Professional advisers
We share Personal Data with our legal, accounting, audit, insurance and other professional advisers, where necessary for them to advise us.
6.5 In corporate transactions
We may share Personal Data in connection with a merger, acquisition, financing, sale of assets, reorganisation, or similar corporate event, in which case we will require the recipient to honour this Privacy Policy or notify you of any changes.
6.6 Legal and safety
We may share Personal Data with public authorities, law enforcement, courts, regulators, or other third parties where (a) required by applicable law or a binding order; (b) necessary to protect the rights, property or safety of Altisium, our Customers, our personnel, or the public; or (c) necessary to enforce our agreements.
6.7 With your consent
We may share Personal Data with other third parties with your consent.
We do not sell Personal Data, and we do not "share" Personal Data for cross-context behavioural advertising within the meaning of the CCPA/CPRA, except in the limited cookie-based circumstances disclosed in our Cookie Policy.
7. INTERNATIONAL TRANSFERS
Altisium is headquartered in the United Arab Emirates and operates internationally. Personal Data may be transferred to, stored in, and processed in jurisdictions outside your country of residence, including (but not limited to) the United Arab Emirates, the European Union, the United Kingdom, and the United States. These jurisdictions may have data-protection laws that differ from those in your country.
Where we transfer Personal Data subject to EU GDPR, UK GDPR, Swiss FADP, or UAE PDPL to a recipient in a jurisdiction not subject to an adequacy decision, we rely on appropriate safeguards, including:
(a) EU Standard Contractual Clauses (Module 2) approved under Implementing Decision (EU) 2021/914;
(b) the UK International Data Transfer Addendum issued by the UK ICO;
(c) Swiss-equivalent safeguards in accordance with FDPIC guidance; and
(d) UAE PDPL transfer mechanisms (including consent or contractual safeguards as applicable).
You may request a copy of the safeguards applicable to a specific transfer by contacting us at privacy@altisium.com.
8. RETENTION
We retain Personal Data only for as long as necessary for the purposes for which it was collected, or as required to comply with applicable law, resolve disputes and enforce our agreements. The following retention periods apply, in summary:
| Category | Retention period |
|---|---|
| Authorised User account data | For the duration of the Customer's Subscription Term, plus the data export and deletion periods set out in the MSA and DPA |
| Sales and marketing data (CRM) | Up to 5 years after last meaningful interaction, or until you opt out |
| Website visitor analytics | Up to 24 months, subject to cookie consent |
| Support tickets and communications | Up to 5 years after the ticket is closed |
| Job application data | Up to 12 months after application close (longer with consent) |
| Billing and tax records | As required by applicable tax / corporate law (typically 5–10 years) |
| Security logs | 12 months (or longer where required for a security investigation) |
After the applicable retention period, Personal Data is deleted or anonymised so that you cannot be re-identified.
9. YOUR RIGHTS
Depending on your jurisdiction, you may have the rights described below. To exercise any of these rights, please contact us at privacy@altisium.com.
9.1 Rights under EU GDPR / UK GDPR / Swiss FADP
(a) Right of access — to obtain confirmation of whether we process your Personal Data and a copy of it.
(b) Right of rectification — to have inaccurate Personal Data corrected.
(c) Right of erasure / "right to be forgotten" — to have Personal Data deleted in certain circumstances.
(d) Right to restrict processing — to limit our processing in certain circumstances.
(e) Right to data portability — to receive your Personal Data in a structured, machine-readable format.
(f) Right to object — to object to processing based on legitimate interests, or to direct marketing.
(g) Right to withdraw consent — where processing is based on consent, you may withdraw at any time (without affecting the lawfulness of prior processing).
(h) Right not to be subject to a Solely Automated Decision that produces legal or similarly significant effects.
(i) Right to lodge a complaint with a supervisory authority. The lead supervisory authority for Altisium for EU GDPR purposes is typically the Irish Data Protection Commission, or you may complain to your local supervisory authority.
9.2 Rights under UAE PDPL
(a) right to be informed about processing;
(b) right of access;
(c) right of rectification;
(d) right of erasure;
(e) right to restrict processing;
(f) right to object to processing;
(g) right to data portability;
(h) right to challenge automated decisions;
(i) right to lodge a complaint with the UAE Data Office.
9.3 Rights under US state privacy laws
If you are a resident of California (CCPA/CPRA), Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Texas (TDPSA), or another US state with a comprehensive privacy law, you may have the following rights, subject to the exceptions in the applicable statute:
(a) Right to know / access the categories and specific pieces of Personal Data we have collected about you, the sources, the purposes of collection, and the categories of recipients.
(b) Right to delete Personal Data, subject to statutory exceptions.
(c) Right to correct inaccurate Personal Data.
(d) Right to opt out of the "sale" or "sharing" of Personal Data for cross-context behavioural advertising. We do not sell Personal Data; for cookie-based "sharing" please see our Cookie Policy.
(e) Right to opt out of profiling in furtherance of solely automated decisions that produce legal or similarly significant effects.
(f) Right to non-discrimination for exercising your rights.
(g) Right to data portability in a portable and (to the extent technically feasible) machine-readable format.
(h) Right to limit use of sensitive personal information (CCPA/CPRA, where applicable).
(i) Right to appeal a refusal of a rights request, in jurisdictions that provide such a right.
To exercise these rights, contact us at privacy@altisium.com. You may use an authorised agent, subject to our verifying the agent's authority. We will respond within the timeframes required by applicable law (generally 45 days, with possible extensions).
9.4 Verification
To protect your Personal Data, we will take reasonable steps to verify your identity before responding to a rights request. We may ask you to provide information sufficient to confirm your identity.
9.5 Charges
We will not charge a fee to respond to a rights request, except where the request is manifestly unfounded or excessive (in which case we may charge a reasonable fee or refuse to act).
10. SECURITY
We maintain a written information security programme including the technical and organisational measures described in Annex 2 to our Customer DPA (a summary is available at altisium.com/trust). However, no method of transmission over the internet, or method of electronic storage, is completely secure; we cannot guarantee absolute security.
If you suspect unauthorised access to your account or any Personal Data, contact us immediately at security@altisium.com.
11. COOKIES
Our Website uses cookies and similar technologies. For details, please see our Cookie Policy at altisium.com/cookies (also at /06-privacy/Cookie-Policy.md).
12. CHILDREN
The Service is intended for B2B use and is not directed to children. We do not knowingly collect Personal Data from children under 16 (or the higher minimum age set by applicable law). If you believe we have collected Personal Data from a child, contact us at privacy@altisium.com.
13. CHANGES TO THIS POLICY
We may update this Privacy Policy from time to time. We will post the updated version at altisium.com/privacy, with an updated "Last updated" date. Where the changes are material, we will provide additional notice (e.g. by email to registered users or by a prominent Website notice). The latest version applies to all subsequent processing.
14. CONTACT US
If you have any questions about this Privacy Policy or our processing of your Personal Data, please contact us at:
| Channel | Detail |
|---|---|
| privacy@altisium.com | |
| DPO | privacy@altisium.com |
| Postal | Ras Al Khaimah, United Arab Emirates |
| EU representative | To be appointed |
| UK representative | To be appointed |
