Privacy policy

Data Security and Cookie Policy

1. Introduction

This document outlines the principles and practices our organization follows to ensure the protection of user data and the proper use of cookies on our website. By accessing or using our services, you agree to the terms set forth in this policy.

2. Data Security

2.1 Data Collection and Use

• We collect only the data necessary for providing and improving our services. (e.g Analytics, account management)
• Personal data includes, but is not limited to, names, email addresses, phone numbers, and payment details.

2.2 Data Storage

• All data is stored in secure servers with access limited to authorized personnel.
• Usage of cloud infrastructure:
  • Hosted within OVH Public Cloud infrastructure, which adheres to stringent security standards, including robust physical and network security measures to safeguard data.
    https://www.ovhcloud.com/en-ie/personal-data-protection/security/
• We use encryption protocols (e.g., SSL/TLS) to safeguard data during transmission.

2.3 Access Control

• Access to sensitive data is restricted to personnel who require it to perform their duties.
• Access to servers is restricted to users connected via a secure VPN.
• Multi-factor authentication (MFA) is mandatorily implemented where feasible.
• 3rd Party authentication requires SSH with private key pairs for server access.

2.4 Third-Party Services

• We ensure that all third-party service providers comply with industry security standards.
• Data shared with third parties is limited to what is strictly necessary for their services.

2.5 Incident Response

• In the event of a data breach, we will notify affected users and relevant authorities within 72 hours, as per applicable laws.

2.6 Retention and Disposal

• Data is retained only as long as necessary for its intended purpose or to comply with legal obligations.
• When data is no longer needed, it is securely deleted or anonymized.

3. Cookie Policy

3.1 What Are Cookies?

• Cookies are small text files stored on your device when you visit a website. They help us understand user behaviour, improve user experience, and deliver personalized content.

3.2 Types of Cookies We Use

• Essential Cookies: Required for basic website functionality, including security*
  • *Specifically, to protect against Cross-Site Request Forgery (CSRF) attacks.
• Performance Cookies: Collect information about how visitors use the website.
• Functionality Cookies: Remember user preferences to enhance the experience.
• Targeting/Advertising Cookies: Deliver relevant ads based on user behaviour.

3.3 Managing Cookies

• Users can manage or disable cookies through browser settings.
• Disabling certain cookies may impact the functionality of our website.

3.4 Third-Party Cookies

• Some cookies may be placed by third-party services (e.g., analytics or advertising partners).
• We do not control these cookies, and users are encouraged to review the privacy policies of these third parties.

4. User Rights

4.1 Access and Correction

• Users have the right to request access to their personal data and request corrections if inaccuracies are found. Alimak_Group_Technical_Training_Data_Privacy_Policy.pdf

4.2 Data Portability

• Users may request a copy of their data in a structured, commonly used, and machinereadable format.

4.3 Withdrawal of Consent

• Users can withdraw consent for data processing at any time, subject to legal or contractual obligations.

4.4 Right to Erasure

• Users may request the deletion of their data, provided it is not required for legal or business purposes.

5. Contact Information

For questions or concerns regarding this policy, please contact us:

• Email: privacy@alimakgroup.com
• Mailing Address: Att: Global Data Protection Manager, Brunkebergs torg 5, 111 51 Stockholm, Sweden

6. Updates to This Policy

This policy may be updated periodically to reflect changes in our practices or legal requirements. Any amendments will be notified by update of this policy.

Effective Date: 17/02/2025