We, at AllITHost, adhere to strict privacy guidelines with respect to all individuals who use our Systems, visit our Websites, or use applications that are hosted in our networks.
This document details our methods of collection, storage, and use of user related data and information, and the safeguard measures taken by us on order to protect that data and information.
Some of the words and terms used in this document have their meanings properly defined in the last Section (“DEFINITIONS”).
Please refer to that Section on order to clarify the choice of words, in the context of this document.
- PRIVACY SAFE HARBOR PRINCIPLES
We, at AllITHost, strive to comply with the requirements of the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework, as set forth by the U.S. Department of Commerce Safe Harbor Privacy Program and to follow the directives established by this program.
In addition, certain personal information may be subject to more specific privacy policies, which are also consistent with the requirements of the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework.
As such, we adhere to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement with respect to all personal information, and/or data, transferred within our networks, in the U.S., or from the EU or Switzerland to the U.S.
Hence, on regards of data and information privacy, we abide by the seven following principles:
NOTICE: Whenever we collect personal information, and/or data, directly from individuals, we will inform them about the type of personal information, and/or data, collected, the purposes for which we collect and use the personal information, and/or data, and the types of non-agent third parties to which we disclose, or may disclose, that information, and/or data.
We will also inform the individuals of the choices and means, if any, we offer for them to limit the use and disclosure of their personal information.
Notices will be provided in clear and conspicuous language when individuals are first asked to provide personal information to us, or as soon as practicable thereafter, and in any event before we use or disclose the information for a purpose other than that for which it was originally collected.
CHOICE: We will offer individuals the opportunity to choose (opt-out) whether their personal information, and/or data, is:
(a) to be disclosed to a non-agent third party, or
(b) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual.
For sensitive personal information, and/or data, we will give individuals the opportunity to affirmatively and explicitly consent (opt-in) to the disclosure of the information to a non-agent third party or the use of the information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual.
We will always provide individuals with reasonable mechanisms to exercise those aforementioned choices, and we will always abide by this Policy on regards of any information collected.
DATA INTEGRITY: We will use personal information, and/or data, only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual.
We will take reasonable steps to ensure that personal information, and/or data, we collect is relevant to its intended use, accurate, complete, and current.
TRANSFERS TO AGENTS: We will obtain assurances from any third party that is acting as an agent that they will safeguard personal information, and/or data, consistently with this Policy, and that the third party subscribes to the Safe Harbor Privacy Principles or is subject to the Directive or another adequacy finding.
Examples of appropriate assurances that may be provided by agents include:
(a) a contract obligating the agent to provide at least the same level of protection as is required by the relevant Safe Harbor Principles,
(b) the third party being subject to EU Directive 95/46/EC (the EU Data Protection Directive),
(c) a Safe Harbor certification by the third party acting as an agent, or
(d) the third party being subject to another European Commission adequacy finding.
Whenever we become aware that an agent is using or disclosing personal information, and/or data, in a manner contrary to this Policy, we will take all reasonable steps to prevent or stop such use or disclosure.
ACCESS AND CORRECTION: Upon request, we will grant individuals reasonable access to personal information that it holds about them, except where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question, or where the rights of persons other than the individual would be violated.
In addition, we will take reasonable steps to permit individuals to correct, amend, or delete information, and/or data, which are demonstrated to be inaccurate or incomplete.
SECURITY: We will take all comprehensive measures and reasonable precautions to protect personal information, and/or data, in our possession from loss, misuse and unauthorized access, disclosure, alteration and destruction.
These measures include:
(a) employee data safety training,
(b) periodic reviews,
(c) assessment and implementation of new (or applicable) technologies
(d) purging of data,
(f) firewalls and
(g) restrictions on access.
All personal information related data is located in data center facilities with enhanced security features.
However, even if all data is safeguarded to established security standards, we cannot guarantee, and will not be liable for the security of personal data due to the very own nature of the Internet.
ENFORCEMENT: We will conduct compliance audits of our relevant privacy practices to verify adherence to this Policy.
We will also provide:
(a) readily available and affordable independent recourse mechanisms so that each individual’s complaints and disputes can be investigated and resolved and damages awarded where the applicable law or private sector initiatives so provide,
(b) procedures for verifying that the commitments we make here, to adhere to the safe harbor principles, have been implemented by us, and by any client that use our systems, and
(c) means to apply sanctions on order to remedy problems arising out of a failure to comply with the principles in this Policy.
Any employee, contractor, third party agent, licensor, or Cloud Services or network customer that we determine to be in violation of this policy will be subject to disciplinary action up to, and including, termination of employment, service/license contract, or that given customer agreement, in addition to any other legal measures that may be taken by us, our clients, or the affected individuals and their representatives.
We will cooperate with European Data Protection Authorities, the U.S. Department of Commerce, the U.S. Federal Trade Commission, relevant state or provincial agencies, and law enforcement and judicial authorities in investigating any privacy complaints or suspected violations of privacy laws or our Safe Harbor commitments, as well as in rectifying any noncompliant practices.
LIMITATION ON APPLICATION OF PRINCIPLES: Adherence by us to these Safe Harbor Principles may be limited:
(a) to the extent required to respond to a legal or ethical obligation; and
(b) to the extent expressly permitted by an applicable law, rule or regulation.
- OUR CUSTOMERS OBLIGATIONS ON REGARDS OF PRIVACY
For the terms of this Policy, AllITHost’s customers are any individual, entity, company, or governmental agency (“Customers”), using any of our services to provide services or to sell products to any other individual, entity, company, or governmental agency (“End Users”).
We, as a provider of hosted infrastructure, applications, systems and services are not responsible, and will not be liable, for the way our Customers handle their respective End Users’ information and data privacy.
We act only as a Data Processor with respect to End Users information, and/or data, collected, stored or used by its Customers.
As a result, under the terms of U.S. Department of Commerce Safe Harbor program and under European Union privacy directives, and other international and foreign privacy related legislation, as we are considered a Data Processor only, our sole function is to provide the limited technical support needed to run Customers’ systems on AllITHost’s servers for the sole benefit of those Customers.
We do not have the authority to access or use Customers’ End Users information or data that is hosted in these Customers’ allocated systems, besides under the terms provided by this Policy and/or any Agreement signed by and between us and the Customers.
Customers declare that, as Data Controllers, they remain as the sole responsible for the information and/or data belonging to each one of their respective individual End Users, under the terms of U.S. Department of Commerce Safe Harbor program and under European Union privacy directives, and other international and foreign privacy related legislation (which may be more stringent than the equivalent Safe Harbor principles).
Hence, Customers are solely responsible for following all necessary legal, corporate and ethical guidelines within their environments and we cannot be held responsible for how Customers use information, and/or data, received or transmitted over our network, within allocated Customers’ partitions, sub-systems and sub-networks.
Customers declare they are, also, solely responsible for determining the suitability of the Services we provide to them through our network and/or systems, for any use in light of any applicable regulations such as the Payment Card Industry Data Security Standard, the Gramm-Leach-Bliley Act or the Health Insurance Portability and Accountability Act, and in compliance with the EU Data Privacy requirements or other applicable data privacy laws and regulations.
Also, In accordance with the provisions of Safe Harbor’s FAQ 10 – Article 17 (“contracts”), we have entered into respective Agreements with each one of our Customers, Agreements that define AllITHost’s and Customers’ respective obligations with respect to Customers’ End Users information and/or data.
Those Agreements determine that our Customers shall handle their respective end users information and data, at least, accordingly to the same aforementioned U.S. Department of Commerce Safe Harbor principles or those from another replacement program (or shall adopt a compliance solution which achieves compliance with the terms of Article 25 of Directive 95/46/EC) throughout the Term of those respective Agreements with us.
Also, privacy compliance obligations, to be fulfilled by the Costumers, include, but are not limited to, the following:
(a) Customers will protect the privacy and legal rights of their End Users under all applicable laws and regulations, which include a legally adequate privacy notice communicated from Customers to their respective End Users.
(b) Customers shall disclaim they may have the ability to access, monitor, use, or disclose any of the information and/or data submitted by these End Users as part of their use of any product, service, application or system offered by the Customers through our network.
(c) Customers will obtain and maintain any required consents from End Users to allow Customer’s access, monitoring, use and disclosure of any of the information and/or data submitted by these End Users as part of their use of any product, service, application or system offered by the Customers through our network.
(d) Customers will notify their End Users that any of the information and/or data submitted by these End Users as part of their use of any product, service, application or system offered by the Customers through our network, will be made available to a third party (us) as part of our technical process of providing our services, systems, applications and network access to the Customers.
We shall not be liable for any claim brought by any End User or Data subject of any kind, and on any jurisdiction, arising from any action or omission by us, to the extent that such action or omission resulted from compliance by us with any Customers’ instructions.
Customers agree to indemnify, defend and hold harmless AllITHost and its employees, agents, shareholders, officers, directors, successors and assigns, from and against any and all claims, damages, liabilities, costs, settlements, penalties and expenses (including attorneys’ fees, expert’s fees and settlement costs) arising out of or relating to any suit, action, proceeding, arbitration, subpoena, claim or demand brought or asserted by a third party, pursuant to any theory of liability against AllITHost arising out of or relating to any data breach, data loss, data theft or any other privacy related issue relative to these Customers’ respective End Users.
This Policy is limited, or may be limited, by applicable legal, regulatory, ethical, or public interest consideration, and as expressly permitted or required by any applicable law, rule, or regulation.
- CANADIAN PRIVACY ADDENDUM
Customers that may have End Users in Canada acknowledge that our Services are provided from facilities located outside of Canada and any data, or information (including personal information) submitted by these End Users as part of their use of any product, service, application or system offered by the Customers, through our network, will be transmitted and stored outside of Canada.
Customers will be sole responsible to ensure that they have obtained all rights, permissions, and consents or have provided disclosures necessary to use and transfer such data and information outside of Canada in conjunction with their use of our Services, systems and network.
Customers will also be responsible to ensure that they are permitted to disclose or transfer data and information outside of Canada under any laws that may be applicable to their businesses, including the data and information collected and used by or in the course of conducting their businesses.
- ALLITHOST AS A DATA CONTROLLER
We, AllITHost, when acting as Data Controllers, understood as the entity that handles and is responsible for the storage, control and safety of the data collected from their first-hand, direct users, only collect information and data from any individuals on an at-will, opt in, basis, and only to perform our services and other necessary business related to the provision of our services and products.
In this capacity, we will collect information:
(a) From Customers that wish to use our systems and services, solely on order to provide such systems and services.
(b) From visitors, clients, users, customers and prospective customers, when they access our website, our mobile applications, or any other interactive tool we provide, or may provide in the future, electronically, through the Internet, or through any other data network that may be used.
We do not collect, knowingly, any Personal Information that reveals race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, views or activities, that concerns health or sex life, information about social security benefits, or information on criminal or administrative proceedings and sanctions, except when in the context of pending legal proceedings and when responding to proper lawful requests.
We also do not knowingly collect information from or about children under 13 years of age.
Personal Information that may be collected by us includes the following:
reasons for contacting AllITHost;
information regarding Visitors, Customers, and their companies;
addresses, phone numbers, facsimile numbers and email addresses;
product and service preferences;
service orders and maintenance requests;
billing and transaction information; and
other information relevant to conducting business with our company or becoming a customer of AllITHost.
Personal Information is not collected from individuals unless they consent to provide such information to us. However, if a Visitor arrives at our Websites via a search engine, referral tool or forum, certain Personal Information may be transmitted to us by a third party.
We will use and store that information, if any is received, in accordance with this policy.
We may collect device-specific information (such as hardware model, operating system version, unique device identifiers, and mobile network information including phone number), on order to properly provide our services to any individual or entity accessing our systems.
We may associate such device identifiers or phone numbers to that individual’s information.
We may collect and store information (including personal information) locally on any device using mechanisms such as browser web storage (including HTML 5) and application data caches.
We also collect standard information from visitors, clients, users, customers and prospective customers using automated tools.
These automated tools collect information such as a Visitor’s browser type and language, Internet service provider, Internet protocol (IP) address, access dates and times, Web pages viewed, search information, and other similar statistics.
The automated tools used by us to collect this information include, without limitation:
(a) A Web beacon: an invisible file located on a Web page that is used to track a visitor’s navigation of a Website.
Web beacons may communicate with the individuals’ computers to determine, among other things, whether they have been to a page on one of our AllITHost’s Websites before, or viewed a particular online advertisement.
(b) A cookie: a small data file saved on your computer by a Website that an individual visits.
Individuals do not need to enable cookies in their browsers to visit AllITHost’s Websites.
However, we recommend that individuals leave cookies turned on their browsers, as, if they block or otherwise reject our cookies, they will not be able to use some of our systems’ advanced features and/or sign in or log on their respective customers’ dashboards.
(c) An embedded link: a link to a Web page that may be located in an email received from us.
If an individual clicks on such an embedded link, we may collect information about the interaction that follows, and this information could be connected to their online identity with us.
If individuals do not want us to collect information about the links they click, they can opt to receive text-based only emails.
All the information we collect about visitors, clients, users, customers and prospective customers is stored in a secure environment, and encrypted, making it impossible for anyone to track that information back to their owners. However, if any individuals or entities need, or want, to access all information related to their behavior in any of our systems, they can request a copy of their information and data profile to us.
They can also request to change or rectify any information on such information and data profiles. On order to do so, they just need to contact us.
Any contact on regards of data profile requests or data profile rectifications can be done by the legit information owner, by sending an email or regular mail request to the following addresses:
ALLITHOST INC. att. Privacy Enforcement
2255 Glades Road, 324a, Boca Raton, FL 33431
AllITHost’s Websites include links to external Websites.
Among other things, these links may lead you to white papers, reference articles, agency or authority Websites, press releases, customer Websites, and the Websites of AllITHost’s preferred vendors.
We do not transmit any Visitor information to these sitesnordo we havecontrol or authority over the privacy policies on those Websites or over any third parties thereafter.
Visitors should refer to the respective privacy policies of any externally linked websites for more information.
6.USING THE INFORMATION WE COLLECT
The information we collect is used to:
(a) provide services and products to Customers,
(b) process payments,
(c) diagnose problems with a Customer’s hosting environment,
(e) provide access to secure areas of our Websites and systems,
(f) personalize a Visitor’s experience on this Website,
(g) configure marketing and outreach programs,
(h) compile anonymous statistics for the purpose of improving the Website,
(i) track the number of times advertisements and emails are viewed,
(j) correspond with potential new customers (subject to their consent), and
(k) update services on a periodic basis.
As a managed hosting, networking and security services provider, we occasionally provide log monitoring services to Customers.
These services involve monitoring a Customer’s data to ensure its integrity.
This data is located at their customer database and storage layers, and it may include Personal Information.
We do not use or have control over this information, and we only store logs that relate to its integrity but contain no Personal Information.
We are not responsible for how Customers process or use data within their environments.
- DISCLOSING AND USING THE INFORMATION WE COLLECT
We, AllITHost, use the information we collect, from all of our services, to provide, maintain, protect and improve them, to develop new ones, and to protect our company, our customers, and our users.
When any individuals or entities contact us, we may keep a record of their communications to help solve any issues they might be facing.
We will not associate a cookie or anonymous identifier with sensitive categories, such as those based on race, religion, sexual orientation or health.
We will not combine advertisement cookie information with personally identifiable information unless we have the respective information owner opt-in consent.
Except as otherwise provided in this privacy statement, Personal Information is for internal use and will not be communicated to a third party.
If a need arises, or we otherwise desire to transfer information about our customers and users to third parties, we will first send them notice and their information will not be transferred without their prior consent.
We may process personal information on our servers in the United States, but also in other countries around the world, which means we may process users personal information on a server located outside the country where they live.
Hence, users and customers authorize us to make worldwide transfers of their information and data, and, in the case of Customers, the information and data belonging to their End Users, within our corporate systems, and to other entities, agents or subcontractors, or to other relevant business partners who may have incidental, and necessary, access to that information data, provided these transfers happen in the normal course of business, and for the purpose of performing our obligations under the Agreements signed by and between us and the Customers.
When making such transfers, we will ensure appropriate protections are in place to safeguard any information and data transferred under or in connection with this Policy.
Notwithstanding the foregoing, we may disclose Personal Information under the following circumstances:
(a) We may transfer a Customer’s Personal Information to unaffiliated entities that provide products and services that complement those provided by us.
No Personal Information will be disclosed to these entities without Customer’s prior consent.
If any data is transferred to such entities, we will ensure that it is handled in accordance with the provisions of this Policy.
(b) If AllITHost, or substantially all of our assets, are acquired, customer information will be one of the transferred assets.
As a result, we reserve the right to disclose some information or data belonging to the Customers, or to their respective End Users, reasonably related to the sale or disposition of all or part of our business, provided such information or data does not constitute Personal Identifiable Information or PII, and that we request the proper previous written authorizations from such Customers.
(c) We will also release Personal Information when:
(i) we believe such release is necessary to comply with the law, subpoena or court decision;
(ii) to enforce or apply AllITHost’ Acceptable Use Policy and other Agreements; or
(iii) to protect the rights, property, or safety of our company, our Customers, or any others. This includes exchanging information with other companies and organizations for fraud protection and credit risk reduction, and/or local, national and international law enforcement agencies.
Any newer version will supersede any older version, either in electronic or writing format.
All amendments will be consistent with the Safe Harbor principles.
- DISPUTE RESOLUTION:
We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information in accordance with the principles contained in this Policy.
For complaints that cannot be resolved between us and the complainant, we will search for dispute resolution procedures through Arbitration, in accordance with the directives established by the European data protection authorities to resolve disputes pursuant to the Safe Harbor Principles.
The arbitration shall be conducted in the city of Miami, Florida.
The arbitration shall proceed in accordance with the commercial arbitration rules of the American Arbitration Association (“AAA”) in effect at the time the claim or dispute arose.
The arbitration shall be conducted by one (1) arbitrator, dully credentialed and authorized by AAA, or a comparable arbitration service, which shall be selected pursuant to the applicable rules of the AAA.
The arbitrator shall issue a reasonable award, with findings of fact and conclusions of law.
The judgment on the award rendered by the arbitrator may be enforced in any court having jurisdiction thereof.
(a) “Visitor” or “you” means any individual or entity who visits AllITHost’s Website, whether they are a customer or not.
(b) “Customer” means an individual, entity, company or governmental agency that is a client of AllITHost.
(c) “Data Controller” means a party or entity that determines the purposes and means of processing of Personal Information. A company functions as a Data Controller when it decides how such data is to be used and uses it accordingly.
(d) “Data Processor” means a party or entity that processes Personal Information on behalf of a Data Controller. With respect to Personal Information, processing includes collecting, recording, organizing, storing, adapting or altering, retrieving, consulting, using, disclosing by transmission, dissemination or otherwise making available, aligning or combining, blocking, erasing or destroying the information.
(e) “Personal Information” means any information or set of information that identifies or could be used by or on behalf of AllITHost to identify an individual. Personal Information does not include information that is encoded or anonymized, or publicly available information that has not been combined with nonpublic Personal Information.
(f) “We”, “us” or “the company” refers to AllITHost.
(g) “Website” means AllITHost’s Website at www.allithost.com, or any other websites deemed as officially affiliated with our company, brands, and/or products.
(h) “Systems” mean any our diverse services, networks, applications and systems provided through our data network and from our infrastructure.
(i) “Customer Data” means all data, records, files, input materials, reports, forms and other such items that are received, stored, or transmitted using the Services.
(j) “Personally Identifiable Information” or “PII” means:
(i) a combination of any information that identifies an individual with that individual’s sensitive and non-public financial, health or other data or attribute, such as a combination of the individual’s name, address, or phone number with the individual’s social security number or other government issued number, financial account number, date of birth, address, biometric data, mother’s maiden name, or other personally identifiable information;
(ii) any “non-public personal information” as that term is defined in the Gramm-Leach-Bliley Act found at 15 USC Subchapter 1, § 6809(4), and (iii) “protected health information” as defined in the Health Insurance Portability and Accountability Act found at 45 CFR §160.103.