Altus Data Handling Policy
This Data Handling Policy outlines the approach Altus takes to the global processing of data within Microsoft 365 (M365) applications and Altus Cloud Services (ACS). It is designed to ensure transparency, security, and compliance with various privacy regulations across different regions.
Data Processing Scope
Altus processes customer data within M365 applications and ACS to provide a work management platform. This data includes information necessary for work-related activities, such as documents, communication, and collaboration data.
Data Processing Principles
Altus adheres to the following principles in handling customer data:
Lawfulness, Fairness, and Transparency: Data processing is conducted in accordance with applicable laws and regulations. Transparency is maintained regarding data processing activities and locations.
Purpose Limitation: Customer data is processed for the explicit purpose of delivering and enhancing our applications. Any additional use requires customer consent.
Data Minimisation: Only the minimum necessary data is processed, transmitted and stored to achieve the intended purpose.
Accuracy: Altus takes reasonable steps to ensure the accuracy of customer data and enables customers to rectify inaccuracies.
Storage Limitation: Customer data is retained for the duration necessary to fulfil the specified purposes or as required by law.
Integrity and Confidentiality: Robust security measures are implemented to maintain data integrity and confidentiality.
Data Location and Transfers
Customer data may be processed within the customer's M365 tenancy or customer selected ACS region, Altus will endeavour to prevent cross-border transfers of customer data. Altus will ensure that such treatment of data within a region will conform to the local data protection laws.
Security Measures
In cooperation wth Microsoft, Altus employs industry-standard security measures, including encryption, access controls, and regular security assessments, to safeguard customer data from unauthorized access, disclosure, alteration, and destruction.
Data Access and Control
Customers retain ownership and control over their data at all times in M365 and in ACS. Altus does not access or use customer data for purposes other than providing and improving our applications. Customers can configure and customise access controls and regional selections within M365 and ACS applications.
Incident Response
In the event of a data security incident, Altus has established incident response procedures to promptly identify, contain, and mitigate the impact of the incident. Customers will be notified in accordance with legal requirements, and in a manner that balances accuracy with timeliness.
Third-Party Engagement
Altus and Customers may engage with third-party partner providers to enhance services. These providers must adhere to the privacy and security standards remaining consistent with Altus policies. Customers will be informed of any third-party involvement and are encouraged to review their privacy practices.
Compliance with Privacy Regulations
Altus commits to complying with global privacy regulations. The Data Handling Policy is designed to align with the diverse privacy laws applicable to our global customer base.
Policy Updates
This Data Handling Policy may be updated to reflect changes in laws, regulations, or business practices. Customers will be notified of significant updates.
By using Altus applications and ACS, customers acknowledge and agree to the terms outlined in this Data Handling Policy. Altus is dedicated to maintaining the highest standards of data handling to ensure the privacy and security of customer information.