# GRC Risk Assessment — Albato - Platform: **Albato** (albato) - Headline risk rating: **UNKNOWN** - Website: https://www.albato.com - Generated: 2026-06-12T23:25:07.996Z - Findings (verified, published): **168** > Every assertion is anchored to a verbatim quote with a SHA-256 snapshot hash and a Wayback archive URL for independent verification. Informational only; not legal advice. ## Control crosswalk (NIST AI RMF 1.0 + ISO/IEC 42001) | Surface | Risk | Confidence | NIST AI RMF | ISO/IEC 42001 | |---|---|---|---|---| | training use | unknown | high | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) | | training use | unknown | high | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | medium | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | medium | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | data retention | unknown | high | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) | | data retention | unknown | high | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) | | data retention | unknown | high | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) | | data retention | unknown | high | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) | | data retention | unknown | high | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) | | data retention | unknown | high | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) | | data retention | unknown | high | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) | | data retention | unknown | high | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) | | data retention | unknown | high | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) | | data retention | unknown | high | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) | | data retention | unknown | high | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) | | data retention | unknown | high | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) | | subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | unknown | low | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | audit rights dpa residency | unknown | high | GOVERN-2.1 (accountability, audit) | ISO 42001 A.6.2 (internal audit) | | audit rights dpa residency | unknown | medium | GOVERN-2.1 (accountability, audit) | ISO 42001 A.6.2 (internal audit) | | audit rights dpa residency | unknown | high | GOVERN-2.1 (accountability, audit) | ISO 42001 A.6.2 (internal audit) | | audit rights dpa residency | unknown | high | GOVERN-2.1 (accountability, audit) | ISO 42001 A.6.2 (internal audit) | | audit rights dpa residency | unknown | high | GOVERN-2.1 (accountability, audit) | ISO 42001 A.6.2 (internal audit) | | audit rights dpa residency | unknown | medium | GOVERN-2.1 (accountability, audit) | ISO 42001 A.6.2 (internal audit) | | audit rights dpa residency | unknown | high | GOVERN-2.1 (accountability, audit) | ISO 42001 A.6.2 (internal audit) | | audit rights dpa residency | unknown | high | GOVERN-2.1 (accountability, audit) | ISO 42001 A.6.2 (internal audit) | | audit rights dpa residency | unknown | high | GOVERN-2.1 (accountability, audit) | ISO 42001 A.6.2 (internal audit) | | audit rights dpa residency | unknown | high | GOVERN-2.1 (accountability, audit) | ISO 42001 A.6.2 (internal audit) | | audit rights dpa residency | unknown | high | GOVERN-2.1 (accountability, audit) | ISO 42001 A.6.2 (internal audit) | | audit rights dpa residency | unknown | high | GOVERN-2.1 (accountability, audit) | ISO 42001 A.6.2 (internal audit) | | audit rights dpa residency | unknown | high | GOVERN-2.1 (accountability, audit) | ISO 42001 A.6.2 (internal audit) | | audit rights dpa residency | unknown | high | GOVERN-2.1 (accountability, audit) | ISO 42001 A.6.2 (internal audit) | | audit rights dpa residency | unknown | medium | GOVERN-2.1 (accountability, audit) | ISO 42001 A.6.2 (internal audit) | | audit rights dpa residency | unknown | high | GOVERN-2.1 (accountability, audit) | ISO 42001 A.6.2 (internal audit) | | audit rights dpa residency | unknown | high | GOVERN-2.1 (accountability, audit) | ISO 42001 A.6.2 (internal audit) | | audit rights dpa residency | unknown | high | GOVERN-2.1 (accountability, audit) | ISO 42001 A.6.2 (internal audit) | | confidentiality | unknown | high | MEASURE-2.7 (confidentiality) | ISO 42001 A.7.5 (information handling) | | confidentiality | unknown | high | MEASURE-2.7 (confidentiality) | ISO 42001 A.7.5 (information handling) | | confidentiality | unknown | high | MEASURE-2.7 (confidentiality) | ISO 42001 A.7.5 (information handling) | | confidentiality | unknown | high | MEASURE-2.7 (confidentiality) | ISO 42001 A.7.5 (information handling) | | confidentiality | unknown | high | MEASURE-2.7 (confidentiality) | ISO 42001 A.7.5 (information handling) | | confidentiality | unknown | high | MEASURE-2.7 (confidentiality) | ISO 42001 A.7.5 (information handling) | | confidentiality | unknown | high | MEASURE-2.7 (confidentiality) | ISO 42001 A.7.5 (information handling) | | confidentiality | unknown | high | MEASURE-2.7 (confidentiality) | ISO 42001 A.7.5 (information handling) | | governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | moderation enforcement | unknown | medium | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | medium | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | medium | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | ## Evidence (verbatim, with provenance) ### training use — risk unknown > The use of any Customer Data that you send to Google by Albato is limited to the practices disclosed above and Albato only accesses this data under your explicit instructions. - Interpretation (disclaimed): This segment restricts Albato's use of Customer Data sent to Google to only the practices disclosed in the policy, and limits access to such data to situations where the user has given explicit instructions, preventing broader or undisclosed uses of that data. - Tier: All - Location: Privacy Policy › “Google integrations” - Source: https://www.albato.com/privacy - Snapshot SHA-256: `04aca116047222d2be156642b0dd6e895d7702c82e0dad6ff18fd9ef6c3a2d15` - Wayback: — - Deep link: https://www.albato.com/privacy#:~:text=%20The%20use%20of,under%20your%20explicit%20instructions. ### training use — risk unknown > Purpose(s) for which the personal data is processed on behalf of the controller The personal data will be used to perform the services described in the Agreement to which this DPA is incorporated. - Interpretation (disclaimed): Defines the purposes for which personal data is processed as performance of services described in the Agreement, incorporating the License Agreement's service scope to bound permissible uses of Controller Personal Data. - Tier: All - Location: Schedule 2 - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=%20Purpose(s)%20for%20which,this%20DPA%20is%20incorporated. ### privacy data use — risk unknown > "Consent" means agreement, which must be freely given, specific, informed and be an unambiguous indication of the Data Subject's wishes by which they, by a statement or by a clear positive action, signify agreement to the Processing of Personal Data relating to them. - Interpretation (disclaimed): This segment defines 'Consent' as it applies to processing of personal data, establishing the legal standard required for lawful consent-based processing throughout the policy. - Tier: All - Location: Privacy Policy › “Definitions and interpretation” - Source: https://www.albato.com/privacy - Snapshot SHA-256: `04aca116047222d2be156642b0dd6e895d7702c82e0dad6ff18fd9ef6c3a2d15` - Wayback: — - Deep link: https://www.albato.com/privacy#:~:text=%20%22Consent%22%20means%20agreement%2C,Data%20relating%20to%20them. ### privacy data use — risk unknown > "Data controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; - Interpretation (disclaimed): This segment defines 'Data controller,' identifying the party that determines the purposes and means of processing personal data, which is legally operative for assigning responsibility under data protection legislation. - Tier: All - Location: Privacy Policy › “Definitions and interpretation” - Source: https://www.albato.com/privacy - Snapshot SHA-256: `04aca116047222d2be156642b0dd6e895d7702c82e0dad6ff18fd9ef6c3a2d15` - Wayback: — - Deep link: https://www.albato.com/privacy#:~:text=%20%22Data%20controller%22%20means,processing%20of%20personal%20data%3B ### privacy data use — risk unknown > "Data subject", "You", "your" means: - Interpretation (disclaimed): This segment defines 'Data subject,' 'You,' and 'your,' identifying the categories of individuals whose personal data rights and protections are established throughout the policy. - Tier: All - Location: Privacy Policy › “Definitions and interpretation” - Source: https://www.albato.com/privacy - Snapshot SHA-256: `04aca116047222d2be156642b0dd6e895d7702c82e0dad6ff18fd9ef6c3a2d15` - Wayback: — - Deep link: https://www.albato.com/privacy#:~:text=%20%22Data%20subject%22%2C%20%22You%22%2C%20%22your%22%20means%3A ### privacy data use — risk unknown > ● Visitors to our websites; - Interpretation (disclaimed): This segment specifies 'Visitors to our websites' as a category of data subject, extending the scope of data subject protections to website visitors. - Tier: All - Location: Privacy Policy › “Definitions and interpretation” - Source: https://www.albato.com/privacy - Snapshot SHA-256: `04aca116047222d2be156642b0dd6e895d7702c82e0dad6ff18fd9ef6c3a2d15` - Wayback: — - Deep link: https://www.albato.com/privacy#:~:text=%20%E2%97%8F%20Visitors%20to%20our%20websites%3B ### privacy data use — risk unknown > ● Data Subjects receiving services from the Customer. - Interpretation (disclaimed): This segment specifies 'Data Subjects receiving services from the Customer' as a category, extending the policy's data subject protections to end-users of the customer's services. - Tier: All - Location: Privacy Policy › “Definitions and interpretation” - Source: https://www.albato.com/privacy - Snapshot SHA-256: `04aca116047222d2be156642b0dd6e895d7702c82e0dad6ff18fd9ef6c3a2d15` - Wayback: — - Deep link: https://www.albato.com/privacy#:~:text=%20%E2%97%8F%20Data%20Subjects,services%20from%20the%20Customer. ### privacy data use — risk unknown > "Personal data" means any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. - Interpretation (disclaimed): This segment defines 'Personal data' by setting out the legal standard for what constitutes identifiable information, determining the scope of data subject to protection and processing obligations throughout the document. - Tier: All - Location: Privacy Policy › “Definitions and interpretation” - Source: https://www.albato.com/privacy - Snapshot SHA-256: `04aca116047222d2be156642b0dd6e895d7702c82e0dad6ff18fd9ef6c3a2d15` - Wayback: — - Deep link: https://www.albato.com/privacy#:~:text=%20%22Personal%20data%22%20means,of%20that%20natural%20person. ### privacy data use — risk unknown > "Processing" means any activity that involves the use of Personal Data. It includes obtaining, recording or holding the data, or carrying out any operation or set of operations on the data including organizing, amending, retrieving, using, disclosing, erasing or destroying it. - Interpretation (disclaimed): This segment defines 'Processing' broadly to include all operations on personal data, establishing the scope of activities regulated under the policy and applicable data protection legislation. - Tier: All - Location: Privacy Policy › “Definitions and interpretation” - Source: https://www.albato.com/privacy - Snapshot SHA-256: `04aca116047222d2be156642b0dd6e895d7702c82e0dad6ff18fd9ef6c3a2d15` - Wayback: — - Deep link: https://www.albato.com/privacy#:~:text=%20%22Processing%22%20means%20any,erasing%20or%20destroying%20it. ### privacy data use — risk unknown > ● Customer Data that you send to Google, or data that you request from any of the Google services, automatically or otherwise. Note that, as a security precaution, if you choose to connect your apps or services provided by Google via Albato API and you request data from any of the Google services, information that identifies you or your device may also be sent in order to authenticate the request. You can revoke access at any time. - Interpretation (disclaimed): This segment discloses that Customer Data sent to or requested from Google services may include identifying information for authentication purposes, and grants the data subject the right to revoke access at any time. - Tier: All - Location: Privacy Policy › “Google integrations” - Source: https://www.albato.com/privacy - Snapshot SHA-256: `04aca116047222d2be156642b0dd6e895d7702c82e0dad6ff18fd9ef6c3a2d15` - Wayback: — - Deep link: https://www.albato.com/privacy#:~:text=%20%E2%97%8F%20Customer%20Data,access%20at%20any%20time. ### privacy data use — risk unknown > You may give us your data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you: - Interpretation (disclaimed): This segment describes the procedure and circumstances under which users provide personal data to the company, establishing the mechanism for direct data collection. - Tier: All - Location: Privacy Policy › “Direct interactions.” - Source: https://www.albato.com/privacy - Snapshot SHA-256: `04aca116047222d2be156642b0dd6e895d7702c82e0dad6ff18fd9ef6c3a2d15` - Wayback: — - Deep link: https://www.albato.com/privacy#:~:text=%20You%20may%20give,you%20provide%20when%20you%3A ### privacy data use — risk unknown > · create an account on our website; - Interpretation (disclaimed): Identifies account creation on the website as a specific method by which users provide personal data, establishing a data collection trigger. - Tier: All - Location: Privacy Policy › “Direct interactions.” - Source: https://www.albato.com/privacy - Snapshot SHA-256: `04aca116047222d2be156642b0dd6e895d7702c82e0dad6ff18fd9ef6c3a2d15` - Wayback: — - Deep link: https://www.albato.com/privacy#:~:text=%20%C2%B7%20create%20an%20account%20on%20our%20website%3B ### privacy data use — risk unknown > · subscribe to our publications; - Interpretation (disclaimed): Identifies subscription to publications as a specific method by which users provide personal data, establishing a data collection trigger. - Tier: All - Location: Privacy Policy › “Direct interactions.” - Source: https://www.albato.com/privacy - Snapshot SHA-256: `04aca116047222d2be156642b0dd6e895d7702c82e0dad6ff18fd9ef6c3a2d15` - Wayback: — - Deep link: https://www.albato.com/privacy#:~:text=%20%C2%B7%20subscribe%20to%20our%20publications%3B ### privacy data use — risk unknown > We process all personal data lawfully, fairly and in a transparent manner according to this privacy policy. We use the data we collect for the following basic purposes, described in more detail below: - Interpretation (disclaimed): This segment establishes the company's obligation to process all personal data lawfully, fairly, and transparently, and introduces the categories of purposes for which data is used. - Tier: All - Location: Privacy Policy › “How we will use your personal data (Lawful basis for processing)” - Source: https://www.albato.com/privacy - Snapshot SHA-256: `04aca116047222d2be156642b0dd6e895d7702c82e0dad6ff18fd9ef6c3a2d15` - Wayback: — - Deep link: https://www.albato.com/privacy#:~:text=%20We%20process%20all,in%20more%20detail%20below%3A ### privacy data use — risk unknown > To take steps at the request of the data subject prior to entering into a business relationship (oral or written contract): - Interpretation (disclaimed): This segment defines the contractual basis for processing data in connection with steps taken prior to entering a business relationship, establishing the legal ground for this category of processing. - Tier: All - Location: Privacy Policy › “How we will use your personal data (Lawful basis for processing)” - Source: https://www.albato.com/privacy - Snapshot SHA-256: `04aca116047222d2be156642b0dd6e895d7702c82e0dad6ff18fd9ef6c3a2d15` - Wayback: — - Deep link: https://www.albato.com/privacy#:~:text=%20To%20take%20steps,(oral%20or%20written%20contract)%3A ### privacy data use — risk unknown > 1.2 We will use the provided information to do our best to respond to your enquiries. - Interpretation (disclaimed): This segment obliges the company to use provided information to respond to user enquiries, establishing a specific processing purpose tied to the contractual basis. - Tier: All - Location: § 1.2 - Source: https://www.albato.com/privacy - Snapshot SHA-256: `04aca116047222d2be156642b0dd6e895d7702c82e0dad6ff18fd9ef6c3a2d15` - Wayback: — - Deep link: https://www.albato.com/privacy#:~:text=%201.2%20We%20will,respond%20to%20your%20enquiries. ### privacy data use — risk unknown > 1.3 Once you enter into a business relationship (oral or written contract) with us, we will invoice our services. - Interpretation (disclaimed): This segment establishes the company's obligation to invoice services once a business relationship is entered, identifying invoicing as a processing purpose under the contractual lawful basis. - Tier: All - Location: § 1.3 - Source: https://www.albato.com/privacy - Snapshot SHA-256: `04aca116047222d2be156642b0dd6e895d7702c82e0dad6ff18fd9ef6c3a2d15` - Wayback: — - Deep link: https://www.albato.com/privacy#:~:text=%201.3%20Once%20you,will%20invoice%20our%20services. ### privacy data use — risk unknown > 1.4 We will use your contact details to provide you training and marketing information on our products and services as well as information necessary to provide you services in accordance with relevant contract between us. - Interpretation (disclaimed): This segment permits the company to use contact details to provide training and marketing information on products and services and to fulfill contractual obligations, identifying these as processing purposes. - Tier: All - Location: § 1.4 - Source: https://www.albato.com/privacy - Snapshot SHA-256: `04aca116047222d2be156642b0dd6e895d7702c82e0dad6ff18fd9ef6c3a2d15` - Wayback: — - Deep link: https://www.albato.com/privacy#:~:text=%201.4%20We%20will,relevant%20contract%20between%20us. ### privacy data use — risk unknown > 2.3.1 To administer our site and for internal operations, including data security, troubleshooting, testing, statistical and survey purposes; - Interpretation (disclaimed): This segment permits processing of personal data for site administration, data security, troubleshooting, testing, and statistical purposes under the legitimate interests basis. - Tier: All - Location: § 2.3.1 - Source: https://www.albato.com/privacy - Snapshot SHA-256: `04aca116047222d2be156642b0dd6e895d7702c82e0dad6ff18fd9ef6c3a2d15` - Wayback: — - Deep link: https://www.albato.com/privacy#:~:text=%202.3.1%20To%20administer,statistical%20and%20survey%20purposes%3B ### privacy data use — risk unknown > 2.3.2 To ensure that content from our site is presented in the most effective manner for you and for your device. - Interpretation (disclaimed): This segment permits use of personal data to ensure website content is presented effectively for users and their devices, identifying this as a legitimate interests processing purpose. - Tier: All - Location: § 2.3.2 - Source: https://www.albato.com/privacy - Snapshot SHA-256: `04aca116047222d2be156642b0dd6e895d7702c82e0dad6ff18fd9ef6c3a2d15` - Wayback: — - Deep link: https://www.albato.com/privacy#:~:text=%202.3.2%20To%20ensure,and%20for%20your%20device. ### privacy data use — risk unknown > 3.2 If you wish not to receive such promotional e-mails, you may withdraw your consent at any time by contacting us as described in paragraph "Your rights" or follow the "unsubscribe" or instructions contained in the promotional communications you receive. - Interpretation (disclaimed): This segment grants data subjects the right to withdraw consent and unsubscribe from promotional emails at any time, and describes the procedure for exercising that right. - Tier: All - Location: § 3.2 - Source: https://www.albato.com/privacy - Snapshot SHA-256: `04aca116047222d2be156642b0dd6e895d7702c82e0dad6ff18fd9ef6c3a2d15` - Wayback: — - Deep link: https://www.albato.com/privacy#:~:text=%203.2%20If%20you,promotional%20communications%20you%20receive. ### privacy data use — risk unknown > You may occasionally receive emails from us. These may be marketing or other informational emails to you as our existing client. You have right to unsubscribe from our marketing emails, you may find the unsubscribe link in every email. In this case we will continue to send you only informational emails on our products and services necessary to provide you services under relevant contract between us (including without limitation information on the products, services, on your personal account status, updates on the operation of the Services). - Interpretation (disclaimed): This segment grants data subjects the right to unsubscribe from marketing emails and explains that informational emails related to contracted services will continue, establishing the scope of the company's ongoing communication permission and the data subject's opt-out right. - Tier: All - Location: Privacy Policy › “EmailCommunications.” - Source: https://www.albato.com/privacy - Snapshot SHA-256: `04aca116047222d2be156642b0dd6e895d7702c82e0dad6ff18fd9ef6c3a2d15` - Wayback: — - Deep link: https://www.albato.com/privacy#:~:text=You%20may%20occasionally%20receive,of%20the%20Services).%20 ### privacy data use — risk unknown > to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. - Interpretation (disclaimed): This clause grants data subjects the right to receive a copy of personal data held about them and to verify the lawfulness of processing, constituting a data subject access right under applicable privacy law. - Tier: All - Location: Privacy Policy › “Request access” - Source: https://www.albato.com/privacy - Snapshot SHA-256: `04aca116047222d2be156642b0dd6e895d7702c82e0dad6ff18fd9ef6c3a2d15` - Wayback: — - Deep link: https://www.albato.com/privacy#:~:text=%20to%20your%20personal,lawfully%20processing%20it.%20 ### privacy data use — risk unknown > of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us. - Interpretation (disclaimed): This clause grants data subjects the right to have incomplete or inaccurate personal data corrected, subject to verification of accuracy of the new data, creating both a user right and a platform-side verification obligation. - Tier: All - Location: Privacy Policy › “Request correction” - Source: https://www.albato.com/privacy - Snapshot SHA-256: `04aca116047222d2be156642b0dd6e895d7702c82e0dad6ff18fd9ef6c3a2d15` - Wayback: — - Deep link: https://www.albato.com/privacy#:~:text=%20of%20the%20personal,provide%20to%20us.%20 ### privacy data use — risk unknown > of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: - Interpretation (disclaimed): This clause grants data subjects the right to request suspension of processing of their personal data, enumerating specific scenarios in which this right applies. - Tier: All - Location: Privacy Policy › “Request restriction of processing” - Source: https://www.albato.com/privacy - Snapshot SHA-256: `04aca116047222d2be156642b0dd6e895d7702c82e0dad6ff18fd9ef6c3a2d15` - Wayback: — - Deep link: https://www.albato.com/privacy#:~:text=%20of%20your%20personal,the%20following%20scenarios%3A%20 ### privacy data use — risk unknown > · Where our use of the data is unlawful but you do not want us to erase it. - Interpretation (disclaimed): This clause specifies a scenario in which a data subject may request restriction of processing where use of data is unlawful but the subject does not want erasure. - Tier: All - Location: Privacy Policy › “Request restriction of processing” - Source: https://www.albato.com/privacy - Snapshot SHA-256: `04aca116047222d2be156642b0dd6e895d7702c82e0dad6ff18fd9ef6c3a2d15` - Wayback: — - Deep link: https://www.albato.com/privacy#:~:text=%20%C2%B7%20Where%20our,us%20to%20erase%20it. ### privacy data use — risk unknown > if you have a concern about our information rights practices. - Interpretation (disclaimed): This clause grants data subjects the right to lodge a complaint with a supervisory authority if they have concerns about the platform's information rights practices, establishing a regulatory recourse right. - Tier: All - Location: Privacy Policy › “Right to lodge a complaint with a supervisory authority” - Source: https://www.albato.com/privacy - Snapshot SHA-256: `04aca116047222d2be156642b0dd6e895d7702c82e0dad6ff18fd9ef6c3a2d15` - Wayback: — - Deep link: https://www.albato.com/privacy#:~:text=%20if%20you%20have,information%20rights%20practices.%20 ### privacy data use — risk unknown > This Agreement governs legal terms for processing by the Provider of the personal data you may need to process by using Albato Services. - Interpretation (disclaimed): Defines the subject matter and purpose of the DPA, establishing that it governs the legal terms under which the Provider processes personal data when the Customer uses Albato Services. - Tier: All - Location: Terms of Service › “DATA PROCESSING AGREEMENT” - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=%20This%20Agreement%20governs,by%20using%20Albato%20Services. ### privacy data use — risk unknown > • The Customer acts as Controller, who determines the purposes and means of the processing of personal data; - Interpretation (disclaimed): Defines the Customer's role as Controller who determines the purposes and means of personal data processing, establishing the legal basis for the controller-processor relationship. - Tier: All - Location: Terms of Service › “WHEREAS” - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=%20%E2%80%A2%20The%20Customer,processing%20of%20personal%20data%3B ### privacy data use — risk unknown > • The DPA apply to the processing of personal data as specified in Schedule 1 thereto; - Interpretation (disclaimed): Incorporates Schedule 1 by reference, establishing that the scope of personal data processing subject to the DPA is defined in that schedule. - Tier: All - Location: Terms of Service › “WHEREAS” - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=%20%E2%80%A2%20The%20DPA,in%20Schedule%201%20thereto%3B ### privacy data use — risk unknown > The terms, “Commission”, “Controller”, “Data Subject”, “Member State”, “Personal Data”, “Sensitive Data”, “Personal Data Breach”, “Processing” and “Supervisory Authority” shall have the same meaning as in the GDPR, and their cognate terms shall be construed accordingly. - Interpretation (disclaimed): Incorporates GDPR definitions for Commission, Controller, Data Subject, Member State, Personal Data, Sensitive Data, Personal Data Breach, Processing, and Supervisory Authority by reference, ensuring alignment with the regulatory framework. - Tier: All - Location: § 1.1.7.2 - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=%20The%20terms%2C%20%E2%80%9CCommission%E2%80%9D%2C,shall%20be%20construed%20accordingly. ### privacy data use — risk unknown > PROCESSING OF CONTROLLER PERSONAL DATA. SAFEGUARDS - Interpretation (disclaimed): Section heading introducing the operative processing obligations and safeguard requirements applicable to the Processor when handling Controller Personal Data. - Tier: All - Location: Terms of Service › “GENERAL WARRANTY” - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=%20PROCESSING%20OF%20CONTROLLER%20PERSONAL%20DATA.%20SAFEGUARDS%20 ### privacy data use — risk unknown > 3.1.4. process personal data for the list of data Subjects indicated in Schedule 1 hereto; - Interpretation (disclaimed): Limits processing to the categories of data subjects identified in Schedule 1, confining the Processor's authorized processing activities to a defined population. - Tier: All - Location: § 3.1.4 - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=%203.1.4.%20process%20personal,in%20Schedule%201%20hereto%3B ### privacy data use — risk unknown > 3.2. Controller guarantees and warrants that is uses the Services/Software and provides to the Processor for processing the personal data only in compliance with applicable Data Protection Legislation, including without limitation, complying with all Data Subjects rights, providing all necessary notices and information to them and having all necessary consents and authorizations from the Data Subjects. The personal data to be processed by the Processor is not sold to the Processor or provided for any consideration, it is processed as part of the Services/Software functionally under the License Agreement as part of the Services. - Interpretation (disclaimed): The Controller warrants compliance with applicable Data Protection Legislation when using the Services and providing personal data for processing, including obtaining necessary consents, providing notices, and confirming that personal data is not sold to the Processor but processed functionally under the License Agreement. - Tier: All - Location: § 3.2 - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=%203.2.%20Controller%20guarantees,part%20of%20the%20Services. ### privacy data use — risk unknown > 5.1. Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Processor shall in relation to the Controller Personal Data implement appropriate technical and organizational measures to ensure a level of security appropriate to that risk, including, as appropriate, the measures referred to in Article 32(1) of the GDPR. The list of major security measures is laid down in Schedule 4 thereto. - Interpretation (disclaimed): Requires the Processor to implement appropriate technical and organizational security measures proportionate to the risk of processing, including measures referenced in GDPR Article 32(1), with major security measures detailed in Schedule 4, creating a binding security safeguard obligation. - Tier: All - Location: § 5.1 - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=%205.1.%20Taking%20into,in%20Schedule%204%20thereto. ### privacy data use — risk unknown > Taking into account the nature of the Processing, Processor shall assist the Controller by implementing appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of the Controller obligations, as reasonably understood by Controller, to respond to requests to exercise Data Subject rights under the Data Protection Laws. - Interpretation (disclaimed): Obliges the Processor to implement appropriate technical and organizational measures to assist the Controller in responding to data subject rights requests under Data Protection Laws, to the extent possible given the nature of the processing. - Tier: All - Location: Terms of Service › “DATA SUBJECT RIGHTS” - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=%20Taking%20into%20account,the%20Data%20Protection%20Laws. ### privacy data use — risk unknown > Processor shall notify the Controller without undue delay upon Processor becoming aware of a Personal Data Breach affecting Controller Personal Data, providing Controller with sufficient information to allow the Controller to meet any obligations to report or inform Data Subjects of the Personal Data Breach under the Data Protection Laws. - Interpretation (disclaimed): Obliges the Processor to notify the Controller without undue delay upon becoming aware of a Personal Data Breach affecting Controller Personal Data, and to provide sufficient information for the Controller to meet its reporting obligations under Data Protection Laws. - Tier: All - Location: Terms of Service › “PERSONAL DATA BREACH” - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=%20Processor%20shall%20notify,the%20Data%20Protection%20Laws. ### privacy data use — risk unknown > the data of the Controller and/or Controller’s clients - Interpretation (disclaimed): Defines the categories of data subjects covered by the DPA as the Controller and/or the Controller's clients, establishing the scope of whose personal data is subject to the processing obligations. - Tier: All - Location: Terms of Service › “Categories of data subjects whose personal data is processed” - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=the%20data%20of%20the%20Controller%20and%2For%20Controller%E2%80%99s%20clients ### privacy data use — risk unknown > • Access control policy is implemented - Interpretation (disclaimed): Specifies that an access control policy is implemented as a security measure, constituting a technical and organizational safeguard obligation under the DPA. - Tier: All - Location: Terms of Service › “Major security measures” - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=%20%E2%80%A2%20Access%20control%20policy%20is%20implemented ### privacy data use — risk unknown > •   Employee training on data protection and information security - Interpretation (disclaimed): Specifies employee training on data protection and information security as an implemented security measure, constituting an organizational safeguard obligation under the DPA. - Tier: All - Location: Terms of Service › “Major security measures” - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=%E2%80%A2%20Employee%20training%20on,protection%20and%20information%20security ### privacy data use — risk unknown > •         Monitoring the composition of hardware software and information security tools - Interpretation (disclaimed): Specifies monitoring of hardware, software, and information security tools as an implemented security measure, constituting a technical safeguard obligation under the DPA. - Tier: All - Location: Terms of Service › “Major security measures” - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=%E2%80%A2%20Monitoring%20the%20composition,and%20information%20security%20tools ### privacy data use — risk unknown > •          Formalized list of positions allowed to process personal data - Interpretation (disclaimed): Establishes a formalized list of positions permitted to process personal data, restricting personal data processing to authorized roles only. - Tier: All - Location: Terms of Service › “Major security measures” - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=%E2%80%A2%20Formalized%20list%20of,to%20process%20personal%20data ### privacy data use — risk unknown > • Processor provides for identification and authorization of Albato system users; - Interpretation (disclaimed): Obligates the Processor to provide identification and authorization mechanisms for Albato system users, imposing a technical security obligation governing access to personal data. - Tier: All - Location: Terms of Service › “Major security measures” - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=%E2%80%A2%20Processor%20provides%20for,of%20Albato%20system%20users%3B ### privacy data use — risk unknown > “DPA” means this Data Processing Agreement and all Schedules; “Controller Personal Data” means any Personal Data processed by the Processor on behalf of the Controller pursuant to or in connection with the License Agreement; “EEA” means the European Economic Area; “EU Data Protection Laws” means EU Directive 95/46/EC, as transposed into domestic legislation of each Member State and as amended, replaced or superseded from time to time, including by the GDPR and laws implementing or supplementing the GDPR; “GDPR” means EU General Data Protection Regulation 2016/679; “Data Transfer” means: 1.1.7.1. a transfer of the Controller Personal Data from the Controller to the Processor; or 1.1.7.2. an onward transfer of the Controller Personal Data from the Processor to a Subcontractor, or between two establishments of the Processor, in each case, where such transfer would not be prohibited by Data Protection Laws (or by the terms of data transfer agreements put in place to address the data transfer restrictions of Data Protection Laws); “Services” means subscription services provided by the Provider to the Customer under the License agreement consisting in web-based, application integration and data linking service accessed through the Albato website. “Subprocessor” means any person appointed by or on behalf of Processor to process Personal Data on behalf of the Customer in connection with the License Agreement. - Interpretation (disclaimed): Defines key terms including DPA, Controller Personal Data, EEA, EU Data Protection Laws, GDPR, and Data Transfer, establishing the precise legal meaning of concepts used throughout the operative provisions of the DPA. - Tier: All - Location: Terms of Service › “Definitions and Interpretation” - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=%20%E2%80%9CDPA%E2%80%9D%20means%20this,with%20the%20License%20Agreement. ### privacy data use — risk unknown > 5.2. In assessing the appropriate level of security, Processor shall take account in particular of the risks that are presented by Processing, in particular from a Personal Data Breach. - Interpretation (disclaimed): Imposes an obligation on the Processor to consider specific risks, particularly Personal Data Breach risks, when determining the appropriate level of security for processing personal data. - Tier: All - Location: § 5.2 - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=%205.2.%20In%20assessing,a%20Personal%20Data%20Breach. ### privacy data use — risk unknown > Processor shall: - Interpretation (disclaimed): Introduces an enumerated list of specific obligations the Processor must fulfill in relation to data subject requests, functioning as a lead-in obligation clause to the sub-obligations that follow. - Tier: All - Location: Terms of Service › “DATA SUBJECT RIGHTS” - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=%20Processor%20shall%3A ### privacy data use — risk unknown > • The Provider acts as Processor which processes personal data on behalf of the Controller (provided that nothing shall limit the - Interpretation (disclaimed): Defines the Provider's role as Processor acting on behalf of the Controller, establishing the foundational processing relationship and authority structure. - Tier: All - Location: Terms of Service › “WHEREAS” - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=%20%E2%80%A2%20The%20Provider,nothing%20shall%20limit%20the ### privacy data use — risk unknown > Processor’s right to act as processor for other controllers, being Processor’s customer’s or not, and act as controller in relations with any third parties); - Interpretation (disclaimed): Expressly preserves the Processor's right to act as processor for other controllers and as a controller in its own relationships with third parties, ensuring the DPA does not restrict the Provider's broader processing activities. - Tier: All - Location: Terms of Service › “WHEREAS” - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=Processor%E2%80%99s%20right%20to%20act,with%20any%20third%20parties)%3B ### privacy data use — risk unknown > 3.1.3. process Controller Personal Data within the list (but not obligatory each time all the listed data) stated in Schedule 1 hereto. The Controller warrants that the Controller Personal Data to be processed by the Processor hereunder shall not include any Sensitive Data. - Interpretation (disclaimed): Restricts processing to the categories of personal data listed in Schedule 1 and imposes a warranty on the Controller that no Sensitive Data will be included in the data provided for processing. - Tier: All - Location: § 3.1.3 - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=%203.1.3.%20process%20Controller,include%20any%20Sensitive%20Data. ### privacy data use — risk unknown > 3.3. In case the Processor has any legal or technical obstacles to process the personal data under Controller instructions, then the Processor shall inform the Controller accordingly and shall await updated instructions. - Interpretation (disclaimed): Establishes the procedure by which the Processor must notify the Controller of any legal or technical obstacles to processing and await updated instructions before proceeding, protecting the Controller's right to direct processing. - Tier: All - Location: § 3.3 - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=%203.3.%20In%20case,shall%20await%20updated%20instructions. ### privacy data use — risk unknown > promptly notify Controller if it receives a request from a Data Subject under any Data Protection Law in respect of the Controller Personal Data, provided that in general availability to answer the Data Subjects is vested in the Controller; and - Interpretation (disclaimed): Obliges the Processor to promptly notify the Controller upon receipt of any data subject request relating to Controller Personal Data, while clarifying that the primary responsibility to respond to data subjects rests with the Controller. - Tier: All - Location: Terms of Service › “DATA SUBJECT RIGHTS” - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=%20promptly%20notify%20Controller,in%20the%20Controller%3B%20and ### privacy data use — risk unknown > 4.1. Processor shall take reasonable steps to ensure the reliability of any employee, agent or contractor who may have access to the Controller Personal Data, ensuring in each case that access is strictly limited to those individuals who need to know / access the relevant Controller Personal Data, as strictly necessary for the purposes of the License Agreement, and to comply with Data Protection Laws in the context of that individual’s duties to the Processor, ensuring that all such individuals are subject to confidentiality undertakings or professional or statutory obligations of confidentiality. - Interpretation (disclaimed): Requires the Processor to take reasonable steps to ensure the reliability of all personnel with access to Controller Personal Data, to limit access on a need-to-know basis, and to bind all such individuals to confidentiality undertakings or statutory obligations of confidentiality. - Tier: All - Location: § 4.1 - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=%204.1.%20Processor%20shall,statutory%20obligations%20of%20confidentiality. ### privacy data use — risk unknown > 3.1.5. The Processor shall process the Controller Personal Data only for the specific purpose(s) of the transfer, as set out in Schedule 2 hereto unless on further instructions from the Controller; and - Interpretation (disclaimed): Restricts the Processor to processing Controller Personal Data only for the specific purposes set out in Schedule 2, unless the Controller provides further instructions, limiting purpose beyond the agreed scope. - Tier: All - Location: § 3.1.5 - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=%203.1.5.%20The%20Processor,from%20the%20Controller%3B%20and ### privacy data use — risk unknown > • personal data is protected during transmission by Processor by using SSL/TLS; - Interpretation (disclaimed): Requires the Processor to protect personal data during transmission using SSL/TLS encryption, imposing a technical security obligation for data in transit. - Tier: All - Location: Terms of Service › “Major security measures” - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=%E2%80%A2%20personal%20data%20is,Processor%20by%20using%20SSL%2FTLS%3B ### privacy data use — risk unknown > ensure that it does not respond to that request except on the documented instructions of the Controller or as required by applicable laws to which the Processor is subject, in which case Processor shall to the extent permitted by applicable laws inform the Controller of that legal requirement before the Processor responds to the request. - Interpretation (disclaimed): Restricts the Processor from responding to data subject requests except on documented Controller instructions or as required by applicable law, and requires the Processor to inform the Controller of any such legal requirement before responding, to the extent permitted by law. - Tier: All - Location: Terms of Service › “DATA SUBJECT RIGHTS” - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=%20ensure%20that%20it,responds%20to%20the%20request. ### privacy data use — risk unknown > 3.1 Processor shall: 3.1.1. comply with all applicable Data Protection Laws in the Processing of Controller Personal Data; and 3.1.2. not Process Controller Personal Data other than on the relevant Controller’s documented instructions. Without limiting other means of giving instructions Controller hereby instructs Processor to process, during the term of this DPA, personal data in accordance with automated instructions made by the Controller via Processor’s Service connected to Processor’s Software product in accordance with the License Agreement to which these DPA is incorporated. Any instructions via the said Services/Software shall be deemed to be provided by the Controller; and the Controller agrees and acknowledges that the Controller, not the Processor, is responsible for choice of any Services/Software functionality and its implementation under the License Agreement, and you shall use Service/Software functionality with due care and using reasonably secure mechanisms and your internal systems and software decisions; and - Interpretation (disclaimed): Imposes obligations on the Processor to comply with all applicable Data Protection Laws and to process Controller Personal Data only on the Controller's documented instructions, and provides the Controller's standing instruction authorizing processing via the Albato Service during the DPA term. - Tier: All - Location: § 3.1 - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=%203.1%20Processor%20shall%3A,and%20software%20decisions%3B%20and ### privacy data use — risk unknown > any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, namely recording, storage, adaptation or alteration, structuring, transmission (transfer), erasure or destruction, encryption, data extraction, use - Interpretation (disclaimed): Defines the nature of processing as any operation performed on personal data including recording, storage, adaptation, structuring, transmission, erasure, encryption, and data extraction, establishing the operative scope of processing activities governed by the DPA. - Tier: All - Location: Terms of Service › “Nature of the processing” - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=any%20operation%20or%20set,encryption%2C%20data%20extraction%2C%20use ### privacy data use — risk unknown > Name, Company name, Email, Phone number, information about the lead form where the request was left and other data as may be requested by the Controller, including by using Albato interface - Interpretation (disclaimed): Defines the specific categories of personal data processed, including name, company name, email, phone number, lead form information, and other data requested by the Controller via the Albato interface, establishing the scope of data covered by the DPA. - Tier: All - Location: Terms of Service › “Categories of personal data processed” - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=Name%2C%20Company%20name%2C%20Email%2C,by%20using%20Albato%20interface ### privacy data use — risk unknown > Processor shall co-operate with the Controller and take reasonable commercial steps as are directed by the Controller to assist in the investigation, mitigation and remediation of each such Personal Data Breach. - Interpretation (disclaimed): Obliges the Processor to cooperate with and take reasonable commercial steps directed by the Controller to assist in investigating, mitigating, and remediating any Personal Data Breach. - Tier: All - Location: Terms of Service › “PERSONAL DATA BREACH” - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=%20Processor%20shall%20co-operate,such%20Personal%20Data%20Breach. ### privacy data use — risk unknown > 2.1 To promote our products and services online. - Interpretation (disclaimed): This segment permits the company to process personal data for the purpose of promoting its products and services online under the legitimate interests lawful basis. - Tier: All - Location: § 2.1 - Source: https://www.albato.com/privacy - Snapshot SHA-256: `04aca116047222d2be156642b0dd6e895d7702c82e0dad6ff18fd9ef6c3a2d15` - Wayback: — - Deep link: https://www.albato.com/privacy#:~:text=%202.1%20To%20promote,products%20and%20services%20online. ### privacy data use — risk unknown > 2.3 Website improvement - Interpretation (disclaimed): This heading identifies website improvement as a processing purpose under the legitimate interests basis, introducing the specific uses described in subsequent sub-segments. - Tier: All - Location: § 2.3 (Website improvement) - Source: https://www.albato.com/privacy - Snapshot SHA-256: `04aca116047222d2be156642b0dd6e895d7702c82e0dad6ff18fd9ef6c3a2d15` - Wayback: — - Deep link: https://www.albato.com/privacy#:~:text=%202.3%20Website%20improvement ### privacy data use — risk unknown > 1.5 We will use your contact details to provide you training on our products and services. - Interpretation (disclaimed): This segment permits the use of contact details to provide product and service training, identifying this as a specific processing purpose under the contractual lawful basis. - Tier: All - Location: § 1.5 - Source: https://www.albato.com/privacy - Snapshot SHA-256: `04aca116047222d2be156642b0dd6e895d7702c82e0dad6ff18fd9ef6c3a2d15` - Wayback: — - Deep link: https://www.albato.com/privacy#:~:text=%201.5%20We%20will,our%20products%20and%20services. ### privacy data use — risk unknown > · give us feedback or contact us. - Interpretation (disclaimed): Identifies feedback and contact as specific methods by which users provide personal data, establishing a data collection trigger. - Tier: All - Location: Privacy Policy › “Direct interactions.” - Source: https://www.albato.com/privacy - Snapshot SHA-256: `04aca116047222d2be156642b0dd6e895d7702c82e0dad6ff18fd9ef6c3a2d15` - Wayback: — - Deep link: https://www.albato.com/privacy#:~:text=%20%C2%B7%20give%20us%20feedback%20or%20contact%20us. ### privacy data use — risk unknown > We do not sell any products or services for purchase by children. If you are under 16, you may use our websites only with the involvement of your holder of parental responsibility. We do not knowingly collect personal information from children below 16 without the consent of the child's holder of parental responsibility. - Interpretation (disclaimed): This segment imposes an obligation on users who provide third-party personal data to have notified those individuals of processing purposes, recipients, and access rights, and to have obtained all necessary consents, placing legal responsibility on the user as a de facto data controller for third-party data. - Tier: All - Location: Privacy Policy › “Children” - Source: https://www.albato.com/privacy - Snapshot SHA-256: `04aca116047222d2be156642b0dd6e895d7702c82e0dad6ff18fd9ef6c3a2d15` - Wayback: — - Deep link: https://www.albato.com/privacy#:~:text=%20We%20do%20not,holder%20of%20parental%20responsibility. ### privacy data use — risk unknown > In providing personal data about other individuals (such as someone in whose name you are registering an account or subscribing to our marketing promotions), you represent that you have notified them of (i) the purposes for which information will be used (ii) the recipients of their personal data and (iii) how they can access and correct the information. You further represent that You have obtained all necessary consents from them. - Interpretation (disclaimed): This segment introduces the enumeration of different methods used to collect personal data, fulfilling the disclosure obligation to inform data subjects of data collection methods; the segment is incomplete but begins the required disclosure. - Tier: All - Location: Privacy Policy › “Information You Provide About Others” - Source: https://www.albato.com/privacy - Snapshot SHA-256: `04aca116047222d2be156642b0dd6e895d7702c82e0dad6ff18fd9ef6c3a2d15` - Wayback: — - Deep link: https://www.albato.com/privacy#:~:text=%20In%20providing%20personal,necessary%20consents%20from%20them. ### privacy data use — risk unknown > In European Union and some other jurisdictions you may have the following rights concerning our processing of your personal data: - Interpretation (disclaimed): This clause establishes that data subjects in the EU and certain other jurisdictions hold specific rights concerning processing of their personal data, defining the geographic and legal scope of the rights that follow. - Tier: All - Location: Privacy Policy › “Your rights” - Source: https://www.albato.com/privacy - Snapshot SHA-256: `04aca116047222d2be156642b0dd6e895d7702c82e0dad6ff18fd9ef6c3a2d15` - Wayback: — - Deep link: https://www.albato.com/privacy#:~:text=%20In%20European%20Union,of%20your%20personal%20data%3A ### privacy data use — risk unknown > ● Prospective or existing customers and partners; - Interpretation (disclaimed): This segment specifies 'Prospective or existing customers and partners' as categories of data subject, extending the policy's protections to these groups. - Tier: All - Location: Privacy Policy › “Definitions and interpretation” - Source: https://www.albato.com/privacy - Snapshot SHA-256: `04aca116047222d2be156642b0dd6e895d7702c82e0dad6ff18fd9ef6c3a2d15` - Wayback: — - Deep link: https://www.albato.com/privacy#:~:text=%20%E2%97%8F%20Prospective%20or%20existing%20customers%20and%20partners%3B ### privacy data use — risk unknown > · integrate our services; - Interpretation (disclaimed): Identifies service integration as a specific method by which users provide personal data to the company, establishing a data collection trigger. - Tier: All - Location: Privacy Policy › “Direct interactions.” - Source: https://www.albato.com/privacy - Snapshot SHA-256: `04aca116047222d2be156642b0dd6e895d7702c82e0dad6ff18fd9ef6c3a2d15` - Wayback: — - Deep link: https://www.albato.com/privacy#:~:text=%20%C2%B7%20integrate%20our%20services%3B ### privacy data use — risk unknown > · If you want us to establish the data's accuracy. - Interpretation (disclaimed): This clause specifies a scenario in which a data subject may request restriction of processing, namely where the accuracy of data is in dispute and requires establishment. - Tier: All - Location: Privacy Policy › “Request restriction of processing” - Source: https://www.albato.com/privacy - Snapshot SHA-256: `04aca116047222d2be156642b0dd6e895d7702c82e0dad6ff18fd9ef6c3a2d15` - Wayback: — - Deep link: https://www.albato.com/privacy#:~:text=%20%C2%B7%20If%20you,establish%20the%20data%26%23x27%3Bs%20accuracy. ### privacy data use — risk unknown > · Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims. - Interpretation (disclaimed): This clause specifies a scenario in which a data subject may request restriction of processing where the data is needed to establish, exercise, or defend legal claims even if no longer required by the platform. - Tier: All - Location: Privacy Policy › “Request restriction of processing” - Source: https://www.albato.com/privacy - Snapshot SHA-256: `04aca116047222d2be156642b0dd6e895d7702c82e0dad6ff18fd9ef6c3a2d15` - Wayback: — - Deep link: https://www.albato.com/privacy#:~:text=%20%C2%B7%20Where%20you,or%20defend%20legal%20claims. ### privacy data use — risk unknown > You can exercise your rights by contacting us at support@albato.com - Interpretation (disclaimed): This clause specifies the procedure for exercising data subject rights, directing users to contact the platform at a specified support email address. - Tier: All - Location: Privacy Policy › “Right to lodge a complaint with a supervisory authority” - Source: https://www.albato.com/privacy - Snapshot SHA-256: `04aca116047222d2be156642b0dd6e895d7702c82e0dad6ff18fd9ef6c3a2d15` - Wayback: — - Deep link: https://www.albato.com/privacy#:~:text=%20You%20can%20exercise,contacting%20us%20at%20support%40albato.com ### privacy data use — risk unknown > For the purpose of the Data Protection Legislation the data controller ("Albato", "we", "us" and "our" ) is Albato Ltd, a company incorporated in Cyprus having its registered office at Vasilissis Freiderikis, 34 Flat/Office 106, 1035, Nicosia, Cyprus. - Interpretation (disclaimed): This segment identifies Albato Ltd (incorporated in Cyprus) as the data controller for purposes of Data Protection Legislation, establishing legal responsibility and the corporate entity subject to the obligations in the policy. - Tier: All - Location: Privacy Policy › “Who we are” - Source: https://www.albato.com/privacy - Snapshot SHA-256: `04aca116047222d2be156642b0dd6e895d7702c82e0dad6ff18fd9ef6c3a2d15` - Wayback: — - Deep link: https://www.albato.com/privacy#:~:text=%20For%20the%20purpose,106%2C%201035%2C%20Nicosia%2C%20Cyprus. ### privacy data use — risk unknown > why we are able to process your information; what purpose we are processing it for; whether you have to provide it to us; how long we store it for; whether there are other recipients of your personal information; whether we intend to transfer it to another country; and whether we do automated decision-making or profiling. Please read this privacy policy carefully. - Interpretation (disclaimed): This segment enumerates the specific categories of processing information that the controller must disclose, including legal basis, purpose, retention, recipients, international transfers, and automated decision-making, creating disclosure obligations under data protection law. - Tier: All - Location: Privacy Policy › “Privacy Policy” - Source: https://www.albato.com/privacy - Snapshot SHA-256: `04aca116047222d2be156642b0dd6e895d7702c82e0dad6ff18fd9ef6c3a2d15` - Wayback: — - Deep link: https://www.albato.com/privacy#:~:text=%20why%20we%20are,this%20privacy%20policy%20carefully. ### privacy data use — risk unknown > 2.2 To collect information about how visitors use our website - Interpretation (disclaimed): This segment permits collection of information about how visitors use the website under the legitimate interests basis, identifying website analytics as a processing purpose. - Tier: All - Location: § 2.2 - Source: https://www.albato.com/privacy - Snapshot SHA-256: `04aca116047222d2be156642b0dd6e895d7702c82e0dad6ff18fd9ef6c3a2d15` - Wayback: — - Deep link: https://www.albato.com/privacy#:~:text=%202.2%20To%20collect,visitors%20use%20our%20website ### privacy data use — risk unknown > We might use your automatically collected data such as IP address and browser data for our Website improvement, such as: - Interpretation (disclaimed): This segment permits use of automatically collected data such as IP address and browser data for website improvement purposes, identifying the data types and the overarching purpose. - Tier: All - Location: § 2.3 (Website improvement) - Source: https://www.albato.com/privacy - Snapshot SHA-256: `04aca116047222d2be156642b0dd6e895d7702c82e0dad6ff18fd9ef6c3a2d15` - Wayback: — - Deep link: https://www.albato.com/privacy#:~:text=%20We%20might%20use,Website%20improvement%2C%20such%20as%3A ### privacy data use — risk unknown > Based on your Consent: - Interpretation (disclaimed): This heading introduces consent as a lawful basis for processing, defining the legal ground for the marketing and interactive communication purposes described in the following segments. - Tier: All - Location: § 2.3.2 - Source: https://www.albato.com/privacy - Snapshot SHA-256: `04aca116047222d2be156642b0dd6e895d7702c82e0dad6ff18fd9ef6c3a2d15` - Wayback: — - Deep link: https://www.albato.com/privacy#:~:text=%20Based%20on%20your%20Consent%3A ### privacy data use — risk unknown > 3.1 To send you communications, including promotional communications and advertising with your explicit consent or allow you to participate in interactive features of our service, when you choose to do so. - Interpretation (disclaimed): This segment permits sending promotional communications and advertising and allowing participation in interactive features based on explicit user consent, establishing consent as the lawful basis for these processing activities. - Tier: All - Location: § 3.1 - Source: https://www.albato.com/privacy - Snapshot SHA-256: `04aca116047222d2be156642b0dd6e895d7702c82e0dad6ff18fd9ef6c3a2d15` - Wayback: — - Deep link: https://www.albato.com/privacy#:~:text=%203.1%20To%20send,choose%20to%20do%20so. ### privacy data use — risk unknown > ● The contents, metadata and related information of emails, Google calendar events and stored files when you choose to sync your App with Gmail, calendar and cloud storage services (Google Drive); - Interpretation (disclaimed): This segment identifies specific types of data (email contents, metadata, calendar events, stored files) that may be collected when users sync apps with Google services, fulfilling the obligation to specify what customer data is accessed during Google integrations. - Tier: All - Location: Privacy Policy › “Google integrations” - Source: https://www.albato.com/privacy - Snapshot SHA-256: `04aca116047222d2be156642b0dd6e895d7702c82e0dad6ff18fd9ef6c3a2d15` - Wayback: — - Deep link: https://www.albato.com/privacy#:~:text=%20%E2%97%8F%20The%20contents%2C,storage%20services%20(Google%20Drive)%3B ### privacy data use — risk unknown > We respect your privacy and are committed to protecting your personal data. This privacy policy will inform you as to how we look after your personal data when you visit our website (regardless of where you visit it from) and tell you about your privacy rights and how the law protects you. - Interpretation (disclaimed): This segment commits the data controller to respecting and protecting personal data, and informs data subjects of their privacy rights, establishing the document's foundational obligations regarding personal data handling. - Tier: All - Location: Privacy Policy › “Privacy Policy” - Source: https://www.albato.com/privacy - Snapshot SHA-256: `04aca116047222d2be156642b0dd6e895d7702c82e0dad6ff18fd9ef6c3a2d15` - Wayback: — - Deep link: https://www.albato.com/privacy#:~:text=%20We%20respect%20your,the%20law%20protects%20you. ### privacy data use — risk unknown > where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent. - Interpretation (disclaimed): This clause grants data subjects the right to withdraw consent at any time while disclaiming that withdrawal does not affect the lawfulness of prior processing, and noting that withdrawal may limit available products or services. - Tier: All - Location: Privacy Policy › “Withdraw consent at any time” - Source: https://www.albato.com/privacy - Snapshot SHA-256: `04aca116047222d2be156642b0dd6e895d7702c82e0dad6ff18fd9ef6c3a2d15` - Wayback: — - Deep link: https://www.albato.com/privacy#:~:text=%20where%20we%20are,withdraw%20your%20consent.%20 ### privacy data use — risk unknown > Automated technologies or interactions. - Interpretation (disclaimed): This heading introduces automated technologies and interactions as a separate category of data collection, defining a distinct mechanism for collecting personal data without direct user input. - Tier: All - Location: Privacy Policy › “Direct interactions.” - Source: https://www.albato.com/privacy - Snapshot SHA-256: `04aca116047222d2be156642b0dd6e895d7702c82e0dad6ff18fd9ef6c3a2d15` - Wayback: — - Deep link: https://www.albato.com/privacy#:~:text=%20Automated%20technologies%20or%20interactions. ### privacy data use — risk unknown > 1.1 By contacting us by means specified in paragraph "Personal Data we may collect from you", we assume that processing is necessary for the performance of a business relationship (oral or written contract) or in order to take steps prior to entering into a business relationship (oral or written contract), and therefore the lawful basis is Contract. - Interpretation (disclaimed): This segment establishes that contacting the company is treated as consent to processing necessary for the performance of or steps prior to a business relationship, with contract as the lawful basis. - Tier: All - Location: § 1.1 - Source: https://www.albato.com/privacy - Snapshot SHA-256: `04aca116047222d2be156642b0dd6e895d7702c82e0dad6ff18fd9ef6c3a2d15` - Wayback: — - Deep link: https://www.albato.com/privacy#:~:text=%201.1%20By%20contacting,lawful%20basis%20is%20Contract. ### privacy data use — risk unknown > ● Email addresses of your Inbox and Sent folders, when you choose to sync your apps and Gmail with your device's address book using Albato services. Please note, Albato has no access to your Contacts; and - Interpretation (disclaimed): This segment discloses that email addresses from Inbox and Sent folders may be collected when syncing with Gmail via Albato, and clarifies that Albato does not access Contacts, partially limiting the scope of data access disclosed. - Tier: All - Location: Privacy Policy › “Google integrations” - Source: https://www.albato.com/privacy - Snapshot SHA-256: `04aca116047222d2be156642b0dd6e895d7702c82e0dad6ff18fd9ef6c3a2d15` - Wayback: — - Deep link: https://www.albato.com/privacy#:~:text=%20%E2%97%8F%20Email%20addresses,to%20your%20Contacts%3B%20and ### privacy data use — risk unknown > Based on our Legitimate interests: - Interpretation (disclaimed): This heading introduces legitimate interests as a lawful basis for processing, defining the legal ground for the processing purposes described in the following segments. - Tier: All - Location: § 1.5 - Source: https://www.albato.com/privacy - Snapshot SHA-256: `04aca116047222d2be156642b0dd6e895d7702c82e0dad6ff18fd9ef6c3a2d15` - Wayback: — - Deep link: https://www.albato.com/privacy#:~:text=%20Based%20on%20our%20Legitimate%20interests%3A ### privacy data use — risk unknown > California Privacy Rights: We will not share any Personal Data with third-parties for their direct marketing purposes to the extent prohibited by California law. If our practices change, we will do so in accordance with applicable laws and will notify you in advance. - Interpretation (disclaimed): This clause restricts the platform from sharing Personal Data with third parties for direct marketing purposes to the extent prohibited by California law, and imposes a procedural obligation to notify users in advance if practices change. - Tier: All - Location: Privacy Policy › “Your rights” - Source: https://www.albato.com/privacy - Snapshot SHA-256: `04aca116047222d2be156642b0dd6e895d7702c82e0dad6ff18fd9ef6c3a2d15` - Wayback: — - Deep link: https://www.albato.com/privacy#:~:text=%20California%20Privacy%20Rights%3A,notify%20you%20in%20advance. ### privacy data use — risk unknown > The information you may provide us is Personally Identifiable Information that identifies an individual or may with reasonable efforts cause the identification of an individual, and may include the following data: - Interpretation (disclaimed): This segment characterizes the information collected as Personally Identifiable Information capable of identifying individuals, defining the nature of the data and framing the disclosure of specific categories that follow. - Tier: All - Location: Privacy Policy › “Personal data we may collect from you” - Source: https://www.albato.com/privacy - Snapshot SHA-256: `04aca116047222d2be156642b0dd6e895d7702c82e0dad6ff18fd9ef6c3a2d15` - Wayback: — - Deep link: https://www.albato.com/privacy#:~:text=%20The%20information%20you,include%20the%20following%20data%3A ### privacy data use — risk unknown > of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you. - Interpretation (disclaimed): This clause grants data subjects the right to receive or transfer their personal data in a structured, machine-readable format, limited to data provided with consent or used to perform a contract, establishing data portability rights with defined scope. - Tier: All - Location: Privacy Policy › “Request the transfer” - Source: https://www.albato.com/privacy - Snapshot SHA-256: `04aca116047222d2be156642b0dd6e895d7702c82e0dad6ff18fd9ef6c3a2d15` - Wayback: — - Deep link: https://www.albato.com/privacy#:~:text=%20of%20your%20personal,contract%20with%20you.%20 ### privacy data use — risk unknown > of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms. - Interpretation (disclaimed): This clause grants data subjects the right to object to processing based on legitimate interests or for direct marketing purposes, while also noting the platform's ability to override objections based on compelling legitimate grounds, balancing user rights against platform interests. - Tier: All - Location: Privacy Policy › “Object to processing” - Source: https://www.albato.com/privacy - Snapshot SHA-256: `04aca116047222d2be156642b0dd6e895d7702c82e0dad6ff18fd9ef6c3a2d15` - Wayback: — - Deep link: https://www.albato.com/privacy#:~:text=%20of%20your%20personal,rights%20and%20freedoms.%20 ### privacy data use — risk unknown > · You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it. - Interpretation (disclaimed): This clause specifies a scenario in which a data subject may request restriction of processing where an objection has been raised and legitimate grounds are being verified, creating a temporary suspension right pending resolution. - Tier: All - Location: Privacy Policy › “Request restriction of processing” - Source: https://www.albato.com/privacy - Snapshot SHA-256: `04aca116047222d2be156642b0dd6e895d7702c82e0dad6ff18fd9ef6c3a2d15` - Wayback: — - Deep link: https://www.albato.com/privacy#:~:text=%20%C2%B7%20You%20have,grounds%20to%20use%20it. ### privacy data use — risk unknown > You can always choose whether or not to disclose personally identifiable information and that choice will not prevent you from using the Website. Please note, however, if you should choose to withhold requested information, we may not be able to provide you with some of the services offered through this website. - Interpretation (disclaimed): This clause grants users the right to choose whether to disclose personally identifiable information while also noting that withholding information may limit available services, creating a conditional permission structure around data disclosure. - Tier: All - Location: Privacy Policy › “Choices available to you” - Source: https://www.albato.com/privacy - Snapshot SHA-256: `04aca116047222d2be156642b0dd6e895d7702c82e0dad6ff18fd9ef6c3a2d15` - Wayback: — - Deep link: https://www.albato.com/privacy#:~:text=%20You%20can%20always,offered%20through%20this%20website. ### privacy data use — risk unknown > Contact Data includes billing address, delivery address, email address and telephone numbers, Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us, Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website, Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses, Usage Data includes information about how you use our website, products and services, Marketing and Communications Data includes your preferences in receiving marketing from us. - Interpretation (disclaimed): This segment enumerates specific categories of personal data collected (Contact Data, Transaction Data, Technical Data, Profile Data), fulfilling the controller's obligation to inform data subjects of the types of personal data processed about them. - Tier: All - Location: Privacy Policy › “Personal data we may collect from you” - Source: https://www.albato.com/privacy - Snapshot SHA-256: `04aca116047222d2be156642b0dd6e895d7702c82e0dad6ff18fd9ef6c3a2d15` - Wayback: — - Deep link: https://www.albato.com/privacy#:~:text=%20Contact%20Data%20includes,receiving%20marketing%20from%20us. ### data retention — risk unknown > We will keep your personal data during the performance of an oral or written contract between you and us or during the communication process related to the steps prior to entering a prospective verbal or written contract. - Interpretation (disclaimed): This segment establishes the obligation to retain personal data for the duration of a contract or during pre-contractual communication, defining the primary retention period tied to the contractual relationship. - Tier: All - Location: Privacy Policy › “Data retention” - Source: https://www.albato.com/privacy - Snapshot SHA-256: `04aca116047222d2be156642b0dd6e895d7702c82e0dad6ff18fd9ef6c3a2d15` - Wayback: — - Deep link: https://www.albato.com/privacy#:~:text=%20We%20will%20keep,verbal%20or%20written%20contract. ### data retention — risk unknown > The identity of the data subject must be proven in a suitable way, thus we will verify your identity and then process your request in accordance with applicable law. The right to request deletion of your information is not unreservedly guaranteed, it is limited especially when colliding with the right of freedom of expression and information and compliance with our legal obligations. Depending on the situation (e.g. our obligations may differ for Site and Services situation), we may partly deny your request, e.g. when we are legally obliged to keep all or some of your information for some prescribed time. - Interpretation (disclaimed): This clause limits the right to erasure by requiring identity verification and specifying that the right is not absolute, noting exceptions including conflicts with freedom of expression, legal obligations, and the possibility of partial denial of erasure requests. - Tier: All - Location: Privacy Policy › “Request erasure” - Source: https://www.albato.com/privacy - Snapshot SHA-256: `04aca116047222d2be156642b0dd6e895d7702c82e0dad6ff18fd9ef6c3a2d15` - Wayback: — - Deep link: https://www.albato.com/privacy#:~:text=%20The%20identity%20of,for%20some%20prescribed%20time. ### data retention — risk unknown > Please be informed that after we delete your personal account at your request, you will not be able to reactivate it and restore the information. - Interpretation (disclaimed): This clause disclaims any ability to reactivate a deleted account or restore information after deletion at the user's request, informing users of the permanent consequences of exercising the erasure right. - Tier: All - Location: Privacy Policy › “Request erasure” - Source: https://www.albato.com/privacy - Snapshot SHA-256: `04aca116047222d2be156642b0dd6e895d7702c82e0dad6ff18fd9ef6c3a2d15` - Wayback: — - Deep link: https://www.albato.com/privacy#:~:text=%20Please%20be%20informed,and%20restore%20the%20information. ### data retention — risk unknown > Data processing will be for the period until the termination of the Agreement to which this DPA is incorporated. - Interpretation (disclaimed): Establishes that data processing under the DPA will continue only for the period until termination of the Agreement, thereby limiting the duration of the Processor's authorization to process personal data and creating a retention boundary. - Tier: All - Location: Terms of Service › “Duration of the processing” - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=Data%20processing%20will%20be,this%20DPA%20is%20incorporated. ### data retention — risk unknown > •          Daily data backup - Interpretation (disclaimed): Requires daily data backup, establishing an operational and data preservation obligation with implications for data retention and recovery. - Tier: All - Location: Terms of Service › “Major security measures” - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=%E2%80%A2%20%C2%A0%20%C2%A0%20%C2%A0%20%C2%A0%20%C2%A0Daily%20data%20backup ### data retention — risk unknown > •          Backups of deleted data are stored for 1 months - Interpretation (disclaimed): Mandates that backups of deleted data be stored for one month, creating a specific data retention obligation with a defined duration for deleted data. - Tier: All - Location: Terms of Service › “Major security measures” - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=%E2%80%A2%20Backups%20of%20deleted,stored%20for%201%20months ### data retention — risk unknown > 3.1.5. The Processor shall process/store the Controller Personal Data only for the period specified in Schedule 3 hereto, and after elapse of legal ground to keep the relevant personal data, the Processor shall erase or destroy it. - Interpretation (disclaimed): Requires the Processor to store Controller Personal Data only for the period specified in Schedule 3 and mandates erasure or destruction once the legal ground for retention lapses, establishing binding data retention and deletion obligations. - Tier: All - Location: § 3.1.5 - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=%203.1.5.%20The%20Processor,erase%20or%20destroy%20it. ### data retention — risk unknown > We may continue to retain such Personal Information even after the contract between parties terminates, as reasonably necessary to comply with our legal obligations or to protect our legitimate interests if applicable. We will use reasonable endeavours to ensure your data is up-to-date. As a data subject you have rights related to maintenance, storage and processing of your personal data. Please see paragraph "Your rights". - Interpretation (disclaimed): This segment permits continued retention of personal data after contract termination to comply with legal obligations or protect legitimate interests, and references data subjects' rights regarding their data. - Tier: All - Location: Privacy Policy › “Data retention” - Source: https://www.albato.com/privacy - Snapshot SHA-256: `04aca116047222d2be156642b0dd6e895d7702c82e0dad6ff18fd9ef6c3a2d15` - Wayback: — - Deep link: https://www.albato.com/privacy#:~:text=%20We%20may%20continue,see%20paragraph%20%22Your%20rights%22. ### data retention — risk unknown > If you would like to exercise the said right in connection with the Services or with the site www.albato.com , please contact us via email support@albato.com or via support chat available in your personal account. - Interpretation (disclaimed): This clause specifies the procedure for exercising the erasure right, directing users to contact the platform via email or support chat in connection with the services or website. - Tier: All - Location: Privacy Policy › “Request erasure” - Source: https://www.albato.com/privacy - Snapshot SHA-256: `04aca116047222d2be156642b0dd6e895d7702c82e0dad6ff18fd9ef6c3a2d15` - Wayback: — - Deep link: https://www.albato.com/privacy#:~:text=%20If%20you%20would,in%20your%20personal%20account. ### data retention — risk unknown > You have right to Request Erasure of your information, always subject to the provisions of the applicable law. - Interpretation (disclaimed): This clause grants data subjects the right to request erasure of their personal information, subject to applicable law provisions, establishing a deletion right with legal limitations. - Tier: All - Location: Privacy Policy › “Request erasure” - Source: https://www.albato.com/privacy - Snapshot SHA-256: `04aca116047222d2be156642b0dd6e895d7702c82e0dad6ff18fd9ef6c3a2d15` - Wayback: — - Deep link: https://www.albato.com/privacy#:~:text=%20You%20have%20right,the%20applicable%20law.%20 ### data retention — risk unknown > Based on our Legal obligation: - Interpretation (disclaimed): This segment establishes the company's obligation to retain personal data as necessary to comply with legal obligations and legitimate interests after the contractual relationship ends, identifying legitimate interests and legal obligation as the lawful bases for such retention and referencing data subject rights. - Tier: All - Location: § 3.2 - Source: https://www.albato.com/privacy - Snapshot SHA-256: `04aca116047222d2be156642b0dd6e895d7702c82e0dad6ff18fd9ef6c3a2d15` - Wayback: — - Deep link: https://www.albato.com/privacy#:~:text=%20Based%20on%20our%20Legal%20obligation%3A ### data retention — risk unknown > Unless otherwise specified, where you have indicated to us that you are happy for us to send you the information about our products and services we offer and we feel may interest you or similar to those that you have already purchased or enquired about do so, we assume you are happy for us to keep your collected personal data. We may retain your Personal Information (contact details) for as long as your User Account is active or as otherwise needed to provide you with information about our services. As the data subject you have rights related to processing of your personal data and the option of withdrawing your consent to receive promotions at any time. Please see paragraph "Your rights". - Interpretation (disclaimed): This segment permits retention of personal data including contact details for as long as the user account is active or as needed to provide services, conditioned on user consent to marketing communications. - Tier: All - Location: Privacy Policy › “Data retention” - Source: https://www.albato.com/privacy - Snapshot SHA-256: `04aca116047222d2be156642b0dd6e895d7702c82e0dad6ff18fd9ef6c3a2d15` - Wayback: — - Deep link: https://www.albato.com/privacy#:~:text=%20Unless%20otherwise%20specified%2C,see%20paragraph%20%22Your%20rights%22. ### subprocessors data sharing — risk unknown > If you connect your apps or services provided by other parties such as Google via your Albato integration services, certain Customer Data may be collected from your device by Google and accessed by Albato. In order to provide authentication and authorization for these processes Google APIs use the OAuth protocol. Certain types of data may be collected automatically through the use of application programming interfaces such as the Google API Services or Gmail's API (OAuth), you can find further information here: https://developers.google.com/identity/protocols/oauth2 and may include: - Interpretation (disclaimed): This segment discloses that connecting Google services via Albato may result in Google collecting Customer Data from the user's device, that Google APIs use OAuth for authentication, and that data may be collected through Google APIs, directing users to Google's documentation—fulfilling disclosure obligations regarding third-party data collection. - Tier: All - Location: Privacy Policy › “Google integrations” - Source: https://www.albato.com/privacy - Snapshot SHA-256: `04aca116047222d2be156642b0dd6e895d7702c82e0dad6ff18fd9ef6c3a2d15` - Wayback: — - Deep link: https://www.albato.com/privacy#:~:text=%20If%20you%20connect,https%3A%2F%2Fdevelopers.google.com%2Fidentity%2Fprotocols%2Foauth2%20and%20may%20include%3A ### subprocessors data sharing — risk unknown > As you interact with our website, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. This includes technical data from analytics providers such as Google based outside the EU; - Interpretation (disclaimed): This segment describes the automatic collection of Technical Data via cookies, server logs, and analytics providers including Google outside the EU, disclosing the use of third-party subprocessors and cross-border data flows involved in data collection. - Tier: All - Location: Privacy Policy › “Direct interactions.” - Source: https://www.albato.com/privacy - Snapshot SHA-256: `04aca116047222d2be156642b0dd6e895d7702c82e0dad6ff18fd9ef6c3a2d15` - Wayback: — - Deep link: https://www.albato.com/privacy#:~:text=%20As%20you%20interact,based%20outside%20the%20EU%3B ### subprocessors data sharing — risk unknown > We might hold your information for as long as is necessary to comply with our and legal obligations and in accordance with our legitimate interests as a data controller after the contractual relationship between you and us elapses. The lawful basis for such retention is Legitimate interests and Legal obligation. As the data subject you have rights related to maintenance, storage and processing of your personal data. Please see paragraph "Your rights". - Interpretation (disclaimed): This segment restricts the company from renting, selling, or sharing personal information with third parties or non-affiliated companies without user consent, while carving out exceptions for service delivery, user permission, and legally compelled disclosures. - Tier: All - Location: § 3.2 - Source: https://www.albato.com/privacy - Snapshot SHA-256: `04aca116047222d2be156642b0dd6e895d7702c82e0dad6ff18fd9ef6c3a2d15` - Wayback: — - Deep link: https://www.albato.com/privacy#:~:text=%20We%20might%20hold,see%20paragraph%20%22Your%20rights%22. ### subprocessors data sharing — risk unknown > We do not rent, sell, or share personal information about you with other people or non-affiliated companies without your consent except to provide products or services you've requested, when we have your permission, or under the following circumstances: - Interpretation (disclaimed): This segment restricts the company from sharing personal information without consent, while permitting disclosure when required by law, to prevent fraud, or pursuant to legal process such as subpoenas or court orders, establishing the conditions under which third-party access is allowed. - Tier: All - Location: Privacy Policy › “Disclosure of information to third parties” - Source: https://www.albato.com/privacy - Snapshot SHA-256: `04aca116047222d2be156642b0dd6e895d7702c82e0dad6ff18fd9ef6c3a2d15` - Wayback: — - Deep link: https://www.albato.com/privacy#:~:text=%20We%20do%20not,under%20the%20following%20circumstances%3A ### subprocessors data sharing — risk unknown > 3.4. Data Transfers outside the EAA shall be made in accordance with Data Protection Legislation, list of subcontractors, adequate decisions or other agreement between the Parties. - Interpretation (disclaimed): Requires that data transfers outside the EEA comply with Data Protection Legislation and mandates use of adequate decisions, subcontractor lists, or other inter-party agreements, imposing a compliance obligation for cross-border transfers. - Tier: All - Location: § 3.4 - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=%203.4.%20Data%20Transfers,agreement%20between%20the%20Parties. ### subprocessors data sharing — risk unknown > necessary assistance will be provided to the controller in case of necessity personal data stored on the backups; - Interpretation (disclaimed): Continuation of segment 107, specifying that the necessary assistance obligation applies to personal data stored on backups, completing the scope of the Processor's communication and assistance duty. - Tier: All - Location: Terms of Service › “Major security measures” - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=necessary%20assistance%20will%20be,stored%20on%20the%20backups%3B ### subprocessors data sharing — risk unknown > Address: P.O. Box 81226 Seattle, WA 98108-1226 - Interpretation (disclaimed): Provides the registered address of the named subprocessor AWS, forming part of the subprocessor's identifying particulars required under data processing obligations. - Tier: All - Location: Schedule 5 - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=%20Address%3A%20P.O.%20Box%2081226%20Seattle%2C%20WA%2098108-1226 ### subprocessors data sharing — risk unknown > Name: Amazon Web Services, Inc. and/or its affiliates (“AWS”) - Interpretation (disclaimed): Identifies Amazon Web Services, Inc. and/or its affiliates as a named subprocessor, defining the legal entity authorized to process data under the agreement. - Tier: All - Location: Schedule 5 - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=%20Name%3A%20Amazon%20Web,and%2For%20its%20affiliates%20(%E2%80%9CAWS%E2%80%9D) ### subprocessors data sharing — risk unknown > •      Processor authorized the persons in charge of communication with Controller and provided means of communication so as to ensure that all the - Interpretation (disclaimed): Obligates the Processor to authorize persons responsible for communication with the Controller and to provide means of communication to ensure necessary assistance is available regarding personal data stored on backups. - Tier: All - Location: Terms of Service › “Major security measures” - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=%E2%80%A2%20Processor%20authorized%20the,ensure%20that%20all%20the ### subprocessors data sharing — risk unknown > Contact person’s name, position and contact details: Data Protection Officer, email: aws-EU-privacy@amazon.com Description of processing (including a clear delimitation of responsibilities in case several sub-processors are authorised): Data storage - Interpretation (disclaimed): Defines the contact person, role, and contact details for AWS as subprocessor, and delimits the description of processing (data storage) including responsibility allocation, which is an operative definition required under DPA subprocessor authorization. - Tier: All - Location: Schedule 5 - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=Contact%20person%E2%80%99s%20name%2C%20position,are%20authorised)%3A%20Data%20storage ### subprocessors data sharing — risk unknown > The Parties agree that the Processor has Controller’s general authorization to use services of Subprocessors from the list indicated in Schedule 5 hereto. The processor may change the said list with 30 days prior written notice to the Controller. In case the Controller reasonably objects to the changes to the Subprocessors list, with provision of reasonable concerns as to the personal data security, then the sole and exclusive remedy for the Controller shall be termination of the License Agreement for convenience with 15 days prior written notice. - Interpretation (disclaimed): Grants the Processor general authorization to use subprocessors listed in Schedule 5, establishes a procedure for list changes with 30 days' notice, and defines the Controller's sole remedy of termination upon reasonable objection to subprocessor changes, thereby both permitting subprocessing and limiting the Controller's remedial rights. - Tier: All - Location: Terms of Service › “SUBPROCESSING” - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=%20The%20Parties%20agree,days%20prior%20written%20notice. ### subprocessors data sharing — risk unknown > ● We may disclose your information to third parties when we reasonably believe we are obligated to do so by law, and in order to investigate, prevent, or take action regarding suspected or actual prohibited activities, including but not limited to, fraud and situations involving potential threats to the physical safety of any person. We may disclose or otherwise allow others access to your Personal Information pursuant to a legal request, such as a subpoena, legal proceedings, search warrant or court order, or in compliance with applicable laws, if we have a good faith belief that the law requires us to do so, with or without notice to you. Your details may also be disclosed to the police and law enforcement agencies for the purpose of fraud detection, crime prevention and national security. - Interpretation (disclaimed): This segment permits disclosure of personal information to third parties when legally compelled or to prevent fraud and safety threats, and allows disclosure pursuant to legal requests including subpoenas and court orders, establishing the conditions and procedure for such disclosures. - Tier: All - Location: Privacy Policy › “Disclosure of information to third parties” - Source: https://www.albato.com/privacy - Snapshot SHA-256: `04aca116047222d2be156642b0dd6e895d7702c82e0dad6ff18fd9ef6c3a2d15` - Wayback: — - Deep link: https://www.albato.com/privacy#:~:text=%20%E2%97%8F%20We%20may,prevention%20and%20national%20security. ### subprocessors data sharing — risk unknown > Any changes we may make to this privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail or when you next visit or log onto any of our websites. - Interpretation (disclaimed): This segment, appearing under the 'Third-party links' heading, reiterates the policy-change notification procedure text but contextually serves as a notice that third-party websites have separate privacy policies for which the controller disclaims responsibility; the duplication suggests a drafting error, but the placement under third-party links is treated as a disclaimer regarding external sites. - Tier: All - Location: Privacy Policy › “Third-party links” - Source: https://www.albato.com/privacy - Snapshot SHA-256: `04aca116047222d2be156642b0dd6e895d7702c82e0dad6ff18fd9ef6c3a2d15` - Wayback: — - Deep link: https://www.albato.com/privacy#:~:text=%20Any%20changes%20we,any%20of%20our%20websites. ### subprocessors data sharing — risk unknown > "Data processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller; - Interpretation (disclaimed): This segment defines 'Data processor' as the entity processing personal data on behalf of the controller, which is legally operative for establishing the processor relationship and associated obligations throughout the document. - Tier: All - Location: Privacy Policy › “Definitions and interpretation” - Source: https://www.albato.com/privacy - Snapshot SHA-256: `04aca116047222d2be156642b0dd6e895d7702c82e0dad6ff18fd9ef6c3a2d15` - Wayback: — - Deep link: https://www.albato.com/privacy#:~:text=%20%22Data%20processor%22%20means,behalf%20of%20the%20controller%3B ### subprocessors data sharing — risk unknown > ● In the event we are acquired by or merged with a third party entity or undergo another change of control, we reserve the right to transfer information to a successor entity. In this event, we will notify you by electronic means before information about you is transferred and becomes subject to a different privacy policy. - Interpretation (disclaimed): This segment reserves the right to transfer personal information to a successor entity in the event of acquisition, merger, or change of control, and requires prior electronic notification to users before the transfer occurs. - Tier: All - Location: Privacy Policy › “Disclosure of information to third parties” - Source: https://www.albato.com/privacy - Snapshot SHA-256: `04aca116047222d2be156642b0dd6e895d7702c82e0dad6ff18fd9ef6c3a2d15` - Wayback: — - Deep link: https://www.albato.com/privacy#:~:text=%20%E2%97%8F%20In%20the,a%20different%20privacy%20policy. ### subprocessors data sharing — risk unknown > When we processes any personal data on your behalf, you are the controller and we are the Processor for the purposes of the Data Protection Legislation.We only will process that personal data only on your explicit instructions, notify you without undue delay on becoming aware of a personal data breach; at your direction, delete or return personal data and copies thereof, unless required by Applicable Law to store the personal data; - Interpretation (disclaimed): This segment establishes that Albato acts as a data processor when processing customer personal data on the customer's behalf, obligating it to process only on explicit instructions, notify of breaches without undue delay, and delete or return data as directed unless legally required to retain it. - Tier: All - Location: Privacy Policy › “Customer personal data” - Source: https://www.albato.com/privacy - Snapshot SHA-256: `04aca116047222d2be156642b0dd6e895d7702c82e0dad6ff18fd9ef6c3a2d15` - Wayback: — - Deep link: https://www.albato.com/privacy#:~:text=%20When%20we%20processes,store%20the%20personal%20data%3B ### audit rights dpa residency — risk unknown > Your personal data will be processed in EEA and United States. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy regardless of any legal requirements which may apply in these jurisdictions. - Interpretation (disclaimed): This heading introduces the international transfers section, defining the subject matter of the cross-border data transfer provisions that follow. - Tier: All - Location: Privacy Policy › “International transfers” - Source: https://www.albato.com/privacy - Snapshot SHA-256: `04aca116047222d2be156642b0dd6e895d7702c82e0dad6ff18fd9ef6c3a2d15` - Wayback: — - Deep link: https://www.albato.com/privacy#:~:text=%20Your%20personal%20data,apply%20in%20these%20jurisdictions. ### audit rights dpa residency — risk unknown > ### - Interpretation (disclaimed): Structural delimiter confirming the DPA's formal annexation to the License Agreement. - Tier: All - Location: Terms of Service › “Albato License Agreement” - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=%20%23%23%23 ### audit rights dpa residency — risk unknown > This Data Processing Agreement (“DPA“) forms part of the his License Agreement (“License Agreement“) between you ("you", "Customer" or "your") and Albato Limited, Cyprus, HE 420916 ("Provider," “Processor”, "we," or "us"), together the “Parties” and individually a “Party”. - Interpretation (disclaimed): Defines the parties to the DPA — Customer as Controller and Albato Limited as Processor — and establishes that the DPA forms part of the License Agreement, creating binding legal identity for each party. - Tier: All - Location: Terms of Service › “DATA PROCESSING AGREEMENT” - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=%20This%20Data%20Processing,and%20individually%20a%20%E2%80%9CParty%E2%80%9D. ### audit rights dpa residency — risk unknown > • The Parties seek to implement a data processing agreement that complies with the requirements of the current legal framework in - Interpretation (disclaimed): States the parties' mutual intent to implement a DPA that complies with the current legal framework for data processing, creating a compliance obligation anchored in applicable law. - Tier: All - Location: Terms of Service › “WHEREAS” - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=%20%E2%80%A2%20The%20Parties,current%20legal%20framework%20in ### audit rights dpa residency — risk unknown > relation to data processing and wish to ensure compliance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) and to the maximum extent to other Data Protection Legislation; - Interpretation (disclaimed): Identifies the GDPR (EU 2016/679) and other Data Protection Legislation as the governing legal standards the parties commit to comply with, establishing the regulatory baseline for the entire DPA. - Tier: All - Location: Terms of Service › “WHEREAS” - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=relation%20to%20data%20processing,other%20Data%20Protection%20Legislation%3B ### audit rights dpa residency — risk unknown > IT IS AGREED AS FOLLOWS: - Interpretation (disclaimed): Signals the transition from recitals to operative agreed terms, marking the commencement of binding contractual obligations. - Tier: All - Location: Terms of Service › “WHEREAS” - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=%20IT%20IS%20AGREED%20AS%20FOLLOWS%3A%20 ### audit rights dpa residency — risk unknown > Unless otherwise defined herein, capitalized terms and expressions used in this DPA shall have the following meaning: - Interpretation (disclaimed): Establishes that capitalized terms not otherwise defined in the DPA carry the meanings assigned in this section, creating the interpretive framework for the entire agreement. - Tier: All - Location: Terms of Service › “Definitions and Interpretation” - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=%20Unless%20otherwise%20defined,have%20the%20following%20meaning%3A ### audit rights dpa residency — risk unknown > The Controller warrants that it has used reasonable efforts to determine that the Processor is able, through the implementation of appropriate technical and organizational measures, to satisfy its obligations under this DPA. - Interpretation (disclaimed): The Controller warrants that it has used reasonable efforts to verify the Processor's ability to satisfy DPA obligations through appropriate technical and organizational measures, creating a due-diligence warranty obligation on the Controller. - Tier: All - Location: Terms of Service › “GENERAL WARRANTY” - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=%20The%20Controller%20warrants,obligations%20under%20this%20DPA. ### audit rights dpa residency — risk unknown > Subject to this section 10, Processor shall make available to the Controller on request all information reasonably necessary to demonstrate compliance with this DPA, and shall allow for and contribute to audits, including inspections, by the Controller or an auditor mandated by the Controller in relation to the processing of the Controller Personal Data hereunder. Any audit and provision of the information shall be at the Controller’s own expense. - Interpretation (disclaimed): Grants the Controller the right to request compliance information and conduct audits or inspections of the Processor's processing activities, while placing the cost of such audits on the Controller. - Tier: All - Location: Terms of Service › “AUDIT RIGHTS” - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=%20Subject%20to%20this,the%20Controller%E2%80%99s%20own%20expense. ### audit rights dpa residency — risk unknown > Information and audit rights of the Controller only arise under section 10.1 above to the extent that the License Agreement does not otherwise provide for the Controller’s right/possibility to receive information and audit rights meeting the relevant requirements of Data Protection Legislation. - Interpretation (disclaimed): Creates an exception limiting when the Controller's audit and information rights under section 10.1 arise, specifying they only apply to the extent equivalent rights are not already provided under the License Agreement. - Tier: All - Location: Terms of Service › “AUDIT RIGHTS” - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=%20Information%20and%20audit,of%20Data%20Protection%20Legislation. ### audit rights dpa residency — risk unknown > •          Information security risk internal analysis is conducted annually - Interpretation (disclaimed): Establishes a recurring annual obligation to conduct internal information security risk analysis, a procedural security control relevant to DPA compliance. - Tier: All - Location: Terms of Service › “Major security measures” - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=%E2%80%A2%20Information%20security%20risk,analysis%20is%20conducted%20annually ### audit rights dpa residency — risk unknown > (CONTROLLER TO PROCESSOR) - Interpretation (disclaimed): Specifies the legal relationship type as controller-to-processor, defining the directional flow of data processing obligations between the parties. - Tier: All - Location: Terms of Service › “DATA PROCESSING AGREEMENT” - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=%20(CONTROLLER%20TO%20PROCESSOR)%20 ### audit rights dpa residency — risk unknown > • Schedules to the DPA form an integral part of this DPA; - Interpretation (disclaimed): Declares all Schedules to be an integral part of the DPA, incorporating them as legally binding components of the agreement. - Tier: All - Location: Terms of Service › “WHEREAS” - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=%20%E2%80%A2%20Schedules%20to,part%20of%20this%20DPA%3B ### audit rights dpa residency — risk unknown > Processor shall provide reasonable assistance to the Controller with any data protection impact assessments, and prior consultations with Supervising Authorities or other competent data privacy authorities, which the Controller reasonably considers to be required by article 35 or 36 of the GDPR or equivalent provisions of any other Data Protection Legislation, in each case solely in relation to the personal data processed hereunder, and taking into account the nature of the processing and information available to, the Processor. - Interpretation (disclaimed): Obliges the Processor to provide reasonable assistance to the Controller for data protection impact assessments and prior consultations with supervisory authorities as required by GDPR Articles 35 or 36 or equivalent provisions, limited to the personal data processed under the DPA. - Tier: All - Location: Terms of Service › “DATA PROTECTION IMPACT ASSESSMENT AND PRIOR CONSULTATION” - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=%20Processor%20shall%20provide,available%20to%2C%20the%20Processor. ### audit rights dpa residency — risk unknown > • The Parties wish to lay down their rights and obligations. - Interpretation (disclaimed): Recital confirming the parties' mutual intent to establish their rights and obligations, framing the operative purpose of the DPA. - Tier: All - Location: Terms of Service › “WHEREAS” - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=%20%E2%80%A2%20The%20Parties,their%20rights%20and%20obligations. ### audit rights dpa residency — risk unknown > This DPA forms part of the License Agreement, you do not need to sign it additionally to the License Agreement itself, but in case you need to have a signed copy of the DPA alone please contact us at support@albato.com . - Interpretation (disclaimed): Establishes the procedural mechanism by which the DPA is incorporated into the License Agreement without separate signature, and provides a contact procedure for obtaining a signed standalone copy. - Tier: All - Location: Terms of Service › “DATA PROCESSING AGREEMENT” - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=%20This%20DPA%20forms,us%20at%20support%40albato.com%20. ### audit rights dpa residency — risk unknown > Terms and expressions defined in the Licensee Agreement shall have the meaning assigned to them in the said Agreement; - Interpretation (disclaimed): Incorporates by reference all defined terms from the License Agreement, ensuring definitional consistency between the DPA and the parent agreement. - Tier: All - Location: Terms of Service › “Definitions and Interpretation” - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=%20Terms%20and%20expressions,in%20the%20said%20Agreement%3B ### audit rights dpa residency — risk unknown > "Data Protection Legislation" means Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR), California Consumer Privacy Act, Brazilian Civil Rights Framework for the Internet (Law 12,965/2014), Decree 8,771 of 11 May 2016 (Decreto N 8.771 de 11 de Maio de 2016) and any other European Union or Brazilian legislation relating to personal data and all other legislation and regulatory requirements in force from time to time which apply to a party relating to the use of personal data (including, without limitation, the privacy of electronic communications). - Interpretation (disclaimed): This segment defines 'Data Protection Legislation' by enumerating the specific laws (GDPR, CCPA, Brazilian legislation, etc.) that govern data processing obligations, making it operative as an incorporation clause that determines the applicable legal framework. - Tier: All - Location: Privacy Policy › “Definitions and interpretation” - Source: https://www.albato.com/privacy - Snapshot SHA-256: `04aca116047222d2be156642b0dd6e895d7702c82e0dad6ff18fd9ef6c3a2d15` - Wayback: — - Deep link: https://www.albato.com/privacy#:~:text=%20%22Data%20Protection%20Legislation%22,privacy%20of%20electronic%20communications). ### confidentiality — risk unknown > On request of a data subject or other person entitled to receive relevant information, a Party shall make a copy of this DPA, including the Schedules as completed by the Parties, available to the data subject free of charge. To the extent necessary to protect business secrets or other confidential information, including personal data, a Party may redact part of the text of the DPA (including any Schedule) prior to sharing a copy, but shall provide a meaningful summary where the data subject would otherwise not be able to understand its content or exercise his/her rights. On request, the Parties shall provide the data subject with the reasons for the redactions, to the extent possible without revealing the redacted information. - Interpretation (disclaimed): Establishes the procedure by which either party must make the DPA available to data subjects upon request, permits redaction of confidential or business-sensitive information, and requires a meaningful summary to preserve data subject rights where redaction would otherwise obscure exercisable rights. - Tier: All - Location: Terms of Service › “DATA PROCESSING AGREEMENT” - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=%20On%20request%20of,revealing%20the%20redacted%20information. ### confidentiality — risk unknown > (b) the relevant information is already in the public domain. - Interpretation (disclaimed): Creates an exception to the confidentiality obligation where the relevant information is already in the public domain, thereby excluding publicly available information from confidentiality protection. - Tier: All - Location: Terms of Service › “GENERAL TERMS” - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=(b)%20the%20relevant%20information,in%20the%20public%20domain. ### confidentiality — risk unknown > •          NDAs with employees are signed - Interpretation (disclaimed): Mandates that non-disclosure agreements be signed with employees, creating a confidentiality obligation binding personnel. - Tier: All - Location: Terms of Service › “Major security measures” - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=%E2%80%A2%20%C2%A0%20%C2%A0%20%C2%A0%20%C2%A0%20%C2%A0NDAs%20with%20employees%20are%20signed ### confidentiality — risk unknown > •          Confidentiality policy - Interpretation (disclaimed): References and incorporates a confidentiality policy, creating a binding obligation governing disclosure and handling of confidential information. - Tier: All - Location: Terms of Service › “Major security measures” - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=%E2%80%A2%20%C2%A0%20%C2%A0%20%C2%A0%20%C2%A0%20%C2%A0Confidentiality%20policy ### confidentiality — risk unknown > •          License Agreements are signed with counterparties - Interpretation (disclaimed): Requires that license agreements be signed with counterparties, creating a contractual obligation governing the legal relationship and use rights with third parties. - Tier: All - Location: Terms of Service › “Major security measures” - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=%E2%80%A2%20%C2%A0%20%C2%A0%20%C2%A0%20%C2%A0%20%C2%A0License%20Agreements%20are%20signed%20with%20counterparties ### confidentiality — risk unknown > •          Information security provisions are included in contracts with counterparties - Interpretation (disclaimed): Requires that information security provisions be included in contracts with counterparties, extending security obligations contractually to third parties. - Tier: All - Location: Terms of Service › “Major security measures” - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=%E2%80%A2%20Information%20security%20provisions,in%20contracts%20with%20counterparties ### confidentiality — risk unknown > (a) disclosure is required by law; - Interpretation (disclaimed): Creates an exception to the confidentiality obligation where disclosure is required by law, permitting a Party to disclose Confidential Information without consent in such circumstances. - Tier: All - Location: Terms of Service › “GENERAL TERMS” - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=(a)%20disclosure%20is%20required%20by%20law%3B ### confidentiality — risk unknown > Confidentiality. Each Party must keep information it receives about the other Party and its business in connection with this DPA (“Confidential Information”) confidential and must not use or disclose that Confidential Information without the prior written consent of the other Party except to the extent that: - Interpretation (disclaimed): Imposes a mutual obligation on each Party to keep the other Party's business information received under the DPA confidential and restricts use or disclosure of such Confidential Information without prior written consent, subject to defined exceptions. - Tier: All - Location: Terms of Service › “GENERAL TERMS” - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=%20Confidentiality.%20Each%20Party,to%20the%20extent%20that%3A ### governing law disputes — risk unknown > Notices. All notices and communications given under this DPA must be in writing and will be delivered personally, sent by post or sent by email to the address or email address indicated by the Parties while entering into or performing under the License Agreement, including the DPA, or at such other address as notified from time to time by the Parties. - Interpretation (disclaimed): Establishes the procedure for valid delivery of notices under the DPA, requiring written form and specifying permissible delivery methods including personal delivery, post, and email to addresses provided under the License Agreement. - Tier: All - Location: Terms of Service › “GENERAL TERMS” - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=%20Notices.%20All%20notices,time%20by%20the%20Parties. ### governing law disputes — risk unknown > This Agreement is governed by the laws of the republic of Cyprus. Competent Supervisory Authority: Commissioner for Personal Data Protection 15, Kypranoros Street, 1061 Nicosia, P.O. Box. 23378, 1682 Nicosia Email: commissioner@dataprotection.gov.cy - Interpretation (disclaimed): Establishes that the DPA is governed by the laws of Cyprus and designates the Commissioner for Personal Data Protection in Cyprus as the competent supervisory authority, fixing the applicable legal framework and regulatory oversight body. - Tier: All - Location: Terms of Service › “GENERAL TERMS” - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=%20This%20Agreement%20is,Nicosia%20Email%3A%20commissioner%40dataprotection.gov.cy%20 ### governing law disputes — risk unknown > GOVERNING LAW. COMPETENT SUPERVISORY AUTHORITY - Interpretation (disclaimed): Section heading introducing the governing law and competent supervisory authority provisions, scoping the jurisdictional and regulatory framework applicable to the DPA. - Tier: All - Location: Terms of Service › “GENERAL TERMS” - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=%20GOVERNING%20LAW.%20COMPETENT%20SUPERVISORY%20AUTHORITY%20 ### moderation enforcement — risk unknown > •          Rules for using email and spam protection - Interpretation (disclaimed): Imposes an obligation on the party to follow specific rules regarding email use and spam protection, constituting an enforceable security/operational requirement. - Tier: All - Location: Terms of Service › “Major security measures” - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=%E2%80%A2%20%C2%A0%20%C2%A0%20%C2%A0%20%C2%A0%20%C2%A0Rules%20for%20using%20email%20and%20spam%20protection ### moderation enforcement — risk unknown > •          Differentiation of access rights - Interpretation (disclaimed): Requires differentiation of access rights, imposing a security control obligation limiting who can access what within the system. - Tier: All - Location: Terms of Service › “Major security measures” - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=%E2%80%A2%20%C2%A0%20%C2%A0%20%C2%A0%20%C2%A0%20%C2%A0Differentiation%20of%20access%20rights ### moderation enforcement — risk unknown > •          Risk management policy - Interpretation (disclaimed): References and incorporates a risk management policy, establishing a governance obligation for managing operational and security risks. - Tier: All - Location: Terms of Service › “Major security measures” - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=%E2%80%A2%20%C2%A0%20%C2%A0%20%C2%A0%20%C2%A0%20%C2%A0Risk%20management%20policy ### moderation enforcement — risk unknown > •          Areas of responsibility for information security are defined and distributed - Interpretation (disclaimed): Mandates that areas of responsibility for information security are defined and distributed, imposing an organizational accountability obligation. - Tier: All - Location: Terms of Service › “Major security measures” - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=%E2%80%A2%20Areas%20of%20responsibility,are%20defined%20and%20distributed ### moderation enforcement — risk unknown > •          Employees have access to the training material on information security - Interpretation (disclaimed): Requires that employees have access to information security training materials, imposing a procedural obligation for maintaining a security-aware workforce. - Tier: All - Location: Terms of Service › “Major security measures” - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=%E2%80%A2%20Employees%20have%20access,material%20on%20information%20security ### moderation enforcement — risk unknown > •          Clean desk policy - Interpretation (disclaimed): Imposes a clean desk policy obligation requiring physical security measures to protect information from unauthorized access. - Tier: All - Location: Terms of Service › “Major security measures” - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=%E2%80%A2%20%C2%A0%20%C2%A0%20%C2%A0%20%C2%A0%20%C2%A0Clean%20desk%20policy ### moderation enforcement — risk unknown > •          Clean screen policy - Interpretation (disclaimed): Imposes a clean screen policy obligation requiring personnel to prevent unauthorized viewing of information displayed on screens. - Tier: All - Location: Terms of Service › “Major security measures” - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=%E2%80%A2%20%C2%A0%20%C2%A0%20%C2%A0%20%C2%A0%20%C2%A0Clean%20screen%20policy ### moderation enforcement — risk unknown > •          Lock screen policy - Interpretation (disclaimed): Mandates a lock screen policy, creating a technical security obligation to prevent unauthorized access to unattended devices. - Tier: All - Location: Terms of Service › “Major security measures” - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=%E2%80%A2%20%C2%A0%20%C2%A0%20%C2%A0%20%C2%A0%20%C2%A0Lock%20screen%20policy ### moderation enforcement — risk unknown > •          An ACL is configured between VLANs - Interpretation (disclaimed): Mandates configuration of an ACL between VLANs, imposing a network security technical obligation to segment and control traffic. - Tier: All - Location: Terms of Service › “Major security measures” - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=%E2%80%A2%20%C2%A0%20%C2%A0%20%C2%A0%20%C2%A0%20%C2%A0An%20ACL%20is%20configured%20between%20VLANs ### moderation enforcement — risk unknown > •          Rules are set up to filter incoming traffic; all ports are blocked - Interpretation (disclaimed): Requires rules to filter incoming traffic with all ports blocked by default, imposing a restrictive network security obligation. - Tier: All - Location: Terms of Service › “Major security measures” - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=%E2%80%A2%20Rules%20are%20set,all%20ports%20are%20blocked ### moderation enforcement — risk unknown > •          Logins and exits to the admin account are logged - Interpretation (disclaimed): Requires logging of logins and exits to the admin account, imposing an audit trail obligation for privileged access monitoring. - Tier: All - Location: Terms of Service › “Major security measures” - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=%E2%80%A2%20Logins%20and%20exits,admin%20account%20are%20logged ### moderation enforcement — risk unknown > •          The administrator can differentiate access rules for personnel - Interpretation (disclaimed): Grants the administrator the right to differentiate access rules for personnel, conferring a permission to configure role-based access controls. - Tier: All - Location: Terms of Service › “Major security measures” - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=%E2%80%A2%20The%20administrator%20can,access%20rules%20for%20personnel ### moderation enforcement — risk unknown > • IT security is ensued by way of Code Review, which obligatory comprises code security review; - Interpretation (disclaimed): Mandates that IT security be maintained through Code Review that obligatorily includes a code security review, imposing a procedural development security obligation. - Tier: All - Location: Terms of Service › “Major security measures” - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=%E2%80%A2%20IT%20security%20is,comprises%20code%20security%20review%3B ### moderation enforcement — risk unknown > •          Information security policy is implemented - Interpretation (disclaimed): Mandates implementation of an information security policy, creating an enforceable organizational obligation for maintaining security standards. - Tier: All - Location: Terms of Service › “Major security measures” - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=%E2%80%A2%20%C2%A0%20%C2%A0%20%C2%A0%20%C2%A0%20%C2%A0Information%20security%20policy%20is%20implemented ### moderation enforcement — risk unknown > •          External web application scanning for vulnerabilities - Interpretation (disclaimed): Requires external web application vulnerability scanning, creating a recurring security assessment obligation to protect platform integrity. - Tier: All - Location: Terms of Service › “Major security measures” - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=%E2%80%A2%20%C2%A0%20%C2%A0%20%C2%A0%20%C2%A0%20%C2%A0External%20web%20application%20scanning%20for%20vulnerabilities ### moderation enforcement — risk unknown > •          Inventory of information assets is carried out annually - Interpretation (disclaimed): Creates an annual obligation to conduct inventory of information assets, a recurring procedural security requirement. - Tier: All - Location: Terms of Service › “Major security measures” - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=%E2%80%A2%20Inventory%20of%20information,is%20carried%20out%20annually ### moderation enforcement — risk unknown > •          A registry of information assets is maintained - Interpretation (disclaimed): Obligates maintenance of a registry of information assets, a procedural security and governance requirement. - Tier: All - Location: Terms of Service › “Major security measures” - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=%E2%80%A2%20%C2%A0%20%C2%A0%20%C2%A0%20%C2%A0%20%C2%A0A%20registry%20of%20information%20assets%20is%20maintained ### moderation enforcement — risk unknown > •          When an employee quits, they need to complete the steps concerning infosecurity set out in the checklist - Interpretation (disclaimed): Establishes a procedural obligation requiring departing employees to complete information security checklist steps upon termination, addressing access revocation and data protection. - Tier: All - Location: Terms of Service › “Major security measures” - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=%E2%80%A2%20When%20an%20employee,out%20in%20the%20checklist ### moderation enforcement — risk unknown > •          Log of Information security incidents - Interpretation (disclaimed): Requires maintenance of a log of information security incidents, imposing a procedural obligation for incident tracking and accountability. - Tier: All - Location: Terms of Service › “Major security measures” - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=%E2%80%A2%20%C2%A0%20%C2%A0%20%C2%A0%20%C2%A0%20%C2%A0Log%20of%20Information%20security%20incidents ### moderation enforcement — risk unknown > •          The recommended data transfer channels are given in the product instruction - Interpretation (disclaimed): Specifies that recommended data transfer channels are provided in product instructions, establishing a procedural obligation to guide secure data transmission. - Tier: All - Location: Terms of Service › “Major security measures” - Source: https://www.albato.com/dpa - Snapshot SHA-256: `d04f3929fa13d41ed57b429eace9ee986809f4f604a3126828eeb97fdb6e0cad` - Wayback: — - Deep link: https://www.albato.com/dpa#:~:text=%E2%80%A2%20The%20recommended%20data,in%20the%20product%20instruction