Preventance Privacy Notice
What this Privacy Notice Covers. This Privacy Notice applies only to APT’s processing of your Personal Data (we’ll define that below) in connection with your access to and use of APT’s Preventance product (the “Product”). If you have provided personal data to APT in another context, APT’s processing of that personal data is explained in another privacy notice.
Read this Privacy Notice! We want you to feel that our processing of your Personal Data is conducted fairly and transparently, so we want you to read this Privacy Notice. We also understand that you’re busy, and these things can be dense. That’s why we’ve provided . . . .
A Quick Guide to this Privacy Notice. This Privacy Notice is your one-stop-shop for understanding what we’re doing with your Personal Data and why. Of course, you should read it top-to-bottom. In case you don’t have the time right now, you can use the menu below to jump to your topic of interest and come back to the other parts as soon as you can.
1. Who are we?
Click here if: You want to know what we mean when we say “APT” (or “us” or “our” or “we”).
2. What are we processing?
Click here if: You want to know what personal data we’re processing and how.
3. Why are we processing it?
Click here if: You want to know why we need your Personal Data.
4. How are we processing it?
Click here if: You want to know how we process your Personal Data and what that means for you.
5. How long will we have it?
Click here if: You want to know how long we’re going to keep your Personal Data.
6. Who else is getting it?
Click here if: You want to know if we’re sharing your Personal Data and, if so, with whom.
7. Where is it going?
Click here if: You want to know whether your Personal Data is taking any international trips.
8. What if something changes?
Click here if: You’re wondering how you’ll know if our processing or this Privacy Notice changes.
9. What can you do about it?
Click here if: You don’t like what you’ve seen so far.
10. Anything else?
Click here if: You’ve read all of the other sections and haven’t answered your question.
Who are we?
When we say “APT” (or “us” or “our” or “we”), we mean Asset Performance Technologies, Inc. and, where noted in this Privacy Notice, our affiliated entities (like our parent company, Uptake Technologies, Inc. (“Uptake”)). We don’t mean other companies or individuals that we don’t own or control or are not affiliated with.
You can find, and send mail to (if you’d like), our headquarters at 400 Gold Ave. SW, Albuquerque, NM 87102. If you prefer phone, you can reach us at 505-903-5768. Emails related to this Privacy Notice can be sent to email@example.com. Please note that this email address is maintained by Uptake.
What are we processing?
We are processing the following information (“Personal Data”): name; email address; billing-related contact information; and similar information required to establish, validate, or further your use of the Product. We obtained your Personal Data directly from you when you submitted it to create an account to access and use the Product.
Why are we processing it?
We are collecting your Personal Data for a few reasons, which we’ve summarized below.
ˆ To facilitate your use of the Product:
- We need some of your Personal Data to provide your access to the Product. We use Personal Data to authenticate that access (i.e., proving that you are who you say you are).
- We may need to communicate with you concerning the Product and your use of it, including, for example, to let you know that we’ve updated this Privacy Notice.
- If you request support from our Customer Service team, we need your Personal Data to provide you with the requested support, which may include related communications. We will maintain records of these Customer Service-related communications and services for internal use purposes (mostly quality assurance).
- Your Personal Data may be passed to a Subprocessor (we define that term below) that manages our internal issue tracking and remediation process.
ˆ To do other important things:
- We are keeping a record of your review and acknowledgment of this Privacy Notice.
APT does not process personal data without a lawful basis for doing so. We believe that we have a lawful basis for processing your Personal Data and that our lawful basis is our legitimate interests in providing you access to the Product, communicating with you regarding the same, and fulfilling our contractual obligations and exercising our contractual rights (like the right to receive payment) with your company. Achieving these interests is critical to our business, and the processing under this Privacy Notice is necessary to achieve these interests. The provision of your Personal Data is neither a statutory requirement nor a requirement under a contract between you and APT.
How are we processing it?
Scope of Processing.
Throughout this Privacy Notice, you’ll see us talk about “processing” your Personal Data. This has a broad definition and refers to everything we’re doing with respect to your Personal Data under this Privacy Notice. More specifically, though, we are storing your Personal Data, organizing it to make it usable, and otherwise analyzing and using it, in all cases as we require to achieve the reasons for processing described above. When we’re done with it (described in more detail below), we may also delete or destroy it. We are not conducting any automated decision-making, including profiling, with respect to your Personal Data.
Consequences of Processing.
Our processing of your Personal Data under this Privacy Notice will have some consequences for you. These consequences include the following:
ˆ You will be able to log into and use, and receive communications from us regarding, the Product.
ˆ We will have access to a record of your interaction with our Customer Service team.
APT takes data security very seriously and will always use commercially reasonable efforts to secure your Personal Data. We have implemented appropriate technical and organizational measures to protect personal data, including HTTPS and encryption of certain Personal Data transmitted to and from our website and the Product. However, no data transmission over the Internet is completely secure, so we cannot guarantee the absolute security of this data.
How long will we have it?
The description above of our data retention and deletion processes does not apply to any data that we have derived from your Personal Data, provided that this derived data cannot be used to identify you. This data is not considered “personal data.”
Who else is getting it?
Your Personal Data will be shared among the APT employees and contractors (which may include employees and contractors of Uptake) that need to use it to communicate with you, to analyze your use of the Product, or to make improvements to or otherwise modify the Product. This will likely include members of our internal engineering, research and development, accounting, Customer Service (mostly employees of Uptake), and security teams. It won’t include employees or contractors that have no involvement in the research, development, engineering, security, billing, or other use or analysis related to the Product.
Outside of APT: Subprocessors.
Your Personal Data will be processed by certain third parties who need to process it to provide Product-related services to us (we tend to call these “Subprocessors”). As of the date of this Privacy Notice, our primary Sub-processor for the Product is Microsoft Azure, our hosting provider. As we refine the Product or otherwise change our practices, we may engage additional, similar Subprocessors that may need to process your Personal Data. In all cases, we only make your Personal Data available to Subprocessors who truly need it, and their processing will generally be limited to what is necessary to provide us with the Product-related services.
Special Circumstance: Law Enforcement.
Like other global companies, APT is subject to various legal obligations and falls within the jurisdiction of numerous government and law enforcement officials. We will cooperate with these officials, as well as any private parties, as required to enforce and comply with the law. We may disclose your Personal Data as we, in our discretion, believe is necessary or appropriate: (a) to comply with law, regulation, or valid legal process; or (b) to protect our property, rights, and safety, and the property, rights, and safety of a third party or the public in general. If we are going to release your Personal Data on this basis, we will do our best to provide you with prior notice unless doing so is prohibited by law, regulation, or valid legal process or could otherwise be prejudicial to our ability to enforce and/or comply with the law.
Where is it going?
APT is a New Mexico-based company, and our hosting and other cloud providers keep our data in the United States. Once here, your Personal Data will not leave the United States unless you ask for it back, in which case it will be transferred back to the country in which you reside.
Read This if You Live in Europe.
As you may be aware, the United States has not been subject to a universal adequacy decision by the European Commission. While we can’t read their minds, we believe this means that the European Commission does not consider U.S. laws to provide the same level of legal protections to individuals concerning their personal data and how it is used, in part because U.S. companies may not be subject to legal obligations as stringent as those applicable to European companies. This means that processing in the U.S. may be undertaken with fewer privacy- and security-focused protections than in Europe, which may increase the risk of data breaches, losses of data, or similar events affecting personal data privacy and security. In any event, APT and Uptake are firmly committed to data privacy and security and has implemented a number of measures that are intended to ensure all personal data (including your Personal Data) is protected just as strongly in the U.S. as it might be in Europe. We won’t
get into all of it here, but this includes entering into EU-approved model contract clauses with certain of our processors and Subprocessors and providing appropriate technical and organizational measures to secure your Personal Data (as discussed above). If you have any questions about cross-border processing, please don’t hesitate to reach out to firstname.lastname@example.org.
What if something changes?
It could happen. This Privacy Notice is current as of May 3, 2018, but we may change this Privacy Notice or the way in which we process your Personal Data (including the purpose of that processing or the methods for doing so). If we do, we do our best to notify you in advance (probably by email). The current version of this Privacy Notice will always be accessible within the Product.
What can you do about it?
APT is committed to the cause of giving individuals greater control over the processing of their personal data. In furtherance of this commitment, as one of our “data subjects” (a technical term), you may be entitled to certain rights:
ˆ Right to Access. You have the right to request access to your Personal Data. You can do this through your “My Account” page.
ˆ Right to Rectification. You have the right to ask us to correct errors, or to complete omissions, in your Personal Data. You can also do this through your “My Account” page.
ˆ Right to Erasure.* You may have the right to ask us to delete your Personal Data. Some people call this the “right to be forgotten.”
ˆ Right to Object.* You may have the right to object to, and stop, our processing of your Personal Data.
ˆ Right to Restriction of Processing.* You may have the right to limit our processing of your Personal Data.
ˆ Right to Data Portability.* You may have the right to receive, or have us transmit to another person, a portable copy of your Personal Data.
The rights above with an asterisk (*) are subject to some conditions and may not be applicable under this Privacy Notice. If you want to know more about those conditions, or if you would like to exercise one or more of the rights above, shoot your request to email@example.com.
If you’re not happy with what you’ve read so far, or if you believe we’ve overstepped, you can always reach out to your local data protection authority. The identity of your local data protection authority depends on where you live, so we are unable to identify it for you. If you live in Europe, we have found this link to be helpful: https://ec.europa.eu/info/law/law-topic/data-protection/reform/what-are-data-protection-authorities-dpas_en.
If we haven’t answered your question yet, you sure do have a lot of questions. Fire those questions over to firstname.lastname@example.org.