Privacy Policy
INTRODUCTION
The data controller of your personal data, as described in this Privacy Policy, is Aldgate Advice Limited (address: 142 Maidstone Road, Rochester, ME1 3EA, United Kingdom) (“Aldgate”, “we”, “us”, or “our”).
The capitalized words used in this Privacy Policy as definitions are defined here or in our General Terms.
By visiting our Websites, by submitting your personal data to us, and by accessing, installing and/or using our Services, you confirm that you have read this Privacy Policy and agree to be bound by this Privacy Policy. If you do not agree with this Privacy Policy or any provisions hereof, please do not use our Services and Websites.
1. PROCESSING OF YOUR PERSONAL DATA
Aldgate processes personal data to a limited scope to provide Services, process payments for the Services, and enable the functioning of our Websites and mobile applications. We may process the following categories of personal data:
Information for creating your Account
Email address. We ask for your email address as part of your registration. It is necessary for the creation of your Aldgate Account, retrieving a lost password, and using the Services.
Subscription information
Subscription data. When you subscribe to our Services we process certain subscription information (e.g., your email address, the subscription plan you have chosen, subscription term, subscription ID, subscription frequency, amount, currency, status, auto-renewal status, information about enabled/disabled features such as multi-factor authentication (MFA), etc.).
SUBSCRIPTION AND AUTOMATIC RENEWALS
Subscription: All of our paid services are provided on a subscription basis. You choose the period of the Services and the payment method yourself when you purchase the Services.
Automatic Renewal: After the end of your period on the Service, your subscription will automatically renew for the consecutive defined periods of the Service at the time of renewal, unless you elect to cancel the subscription renewal before the payment due date. If you do not cancel the subscription at the appropriate time, your chosen payment method will be billed at the then current renewal price for the upcoming defined period of use of the service.
Payment related information (if using paid Services)
Payment data. This information is necessary to collect payments for the Services. Our payment processing partners process basic billing information for payment processing and refund requests (e.g., date of purchase, payer’s IP address, postal (ZIP) code, credit card owner's full name and credit card information). We also process some of such billing information ourselves (e. g., date of purchase, credit card owner's full name, part of your credit card number, its expiration date) in cases of recurring payments or when you provide your payment details directly to us.
Country details. When making a purchase we process information on the user’s country the purchase takes place from. This information is necessary for VAT calculation purposes.
Information for payment fraud prevention. To prevent fraudulent payments for the Services, your personal data (such as payer's email address and device information) can be verified by our and/or our payment processing partners fraud management tools. A payment transaction that is considered high risk may be rejected by us.
Information concerning zero authorization for billing. The purpose of the zero authorization is to confirm that your payment method is still valid, which, respectively, leads to a seamless continuation of your Subscription. No personally identifiable information is collected in this case, apart from the fact that your provided payment method is still valid (or not) and the date of such authorization.
Communication data
Email address. We use your email address to: i) send you important updates and announcements related to your use of the Services and Websites; ii) respond to your requests or inquiries; iii) send you offers, surveys, and other marketing content (you can opt-out of those at any time).
Customer support inquiries. We keep the information that you provide to our customer support team that was necessary to resolve the query. Depending on what information is necessary, it can consist of, but not limited to: payment information for customer verification processes, your country name, information of your OS, local application logs, etc.
Communication optimization data. We use various tools to help us optimize our emailing campaigns. These tools may track actions you perform with an email, such as open it or unsubscribe from further communication. We may also be able to see the user device’s operating system (e.g., Windows, Mac, iOS, Android) and country in order to optimize push and email notifications and automatically set the language.
Information collected on our applications and Websites
Service usage. We collect information about specific Aldgate Services (SecPath) and features you use.
Access logs. As most websites on the internet, our Websites collect access logs (such as IP address, browser type, operating system) to operate our Services and ensure their secure, reliable, and robust performance. This information is also essential for fighting against DDoS attacks, scanning, and similar hacking attempts.
Cookies. Cookies, pixels, and other similar technologies are usually small text or image files that are placed on your device when you visit our Websites. Some cookies are essential for our Websites to operate smoothly; others are used to improve Websites’ functionality, analyze aggregated usage statistics to improve Websites’ performance, and for advertising. We also use affiliate cookies to identify the customers referred to our Websites by our partners so that we can grant the referrers their commission. You can check what cookies we use at our Cookie policy.
Referrals data
Information for participating in referral programs. Participation in referral programs maintained by Aldgate requires referrers to submit personal data (e.g., full name, e-mail address, phone number, relationship with the referred party) about themselves and a referred party so that Aldgate could i) reach out to the referred party; ii) contact referrers with regards to their participation in referral programs and/or provision of rewards. It is the referrer's responsibility to abide by applicable privacy laws when disclosing third parties’ personal data to Aldgate, including informing third parties that they are providing referred parties’ personal data to Aldgate and how it will be used and processed. Referred parties may unsubscribe from any future communication at any time. If you believe that one of your contacts has provided us with your personal data and you would like it to be removed from our database, please contact us.
2. GROUNDS FOR PROCESSING OF PERSONAL DATA
Your personal data is processed:
Where it is necessary to fulfill our contract with you at your request. Such cases include: i) to provide access to our Services; ii) to process your purchase transactions; iii) to ensure the secure, reliable, and robust performance of our Services and Websites.
When we have a legal obligation to process certain personal data collected from you (e.g., to keep and process records for tax purposes and accounting).
Where you have provided your consent to us. Such cases may include: i) to send marketing communication (unless applicable law permits us to contact you without your prior consent); ii) to communicate with you and manage your participation in Aldgate’s contests, offers, referrals, or promotions. Please note that although Aldgate may also process your personal data for marketing purposes when applicable law permits us to contact you without your separate consent, if you choose not to receive marketing communication from us (i.e., if you opt-out), we will honor your request.
We sometimes may process your personal data under the legal basis of our or third parties’ legitimate interest. Such cases include: i) to properly administer business communication with you; ii) to detect, prevent, or otherwise address fraud, abuse, security, or technical issues with our Services and Websites; iii) to protect against harm to the rights, property, and safety of Aldgate, our users, or third parties; iv) to improve or maintain our Services and provide new products and features; v) to receive knowledge of how our Websites and applications are being used (crash reports, app store reviews, information about the channel from which our app was downloaded, etc.).
3. SHARING YOUR PERSONAL DATA
We do not share your personal data with third parties except as described in this Privacy Policy.
Service providers. We use third-party service providers to help us with various operations, such as payment processing, email automation, Websites and app diagnostics, analytics, and other. As a result, some of these service providers may process personal data.
Some of our main long-term service providers:
Emailing service providers, e.g., Iterable (provided by Iterable Inc.), Sendgrid (provided by Twilio Inc.)
Marketing, application analytics and diagnostics, e.g., Google Analytics, Firebase Analytics (provided by Google), AppsFlyer (provided by AppsFlyer Ltd.), Bugsnag (provided by Bugsnag Inc.)
Conversion attribution system, e.g., Hasoffers (provided by Tune Inc.)
Payment service provider, e.g. Novalnet. The person responsible for processing has integrated components from Novalnet AG on this website. Novalnet AG is a full payment service provider that, among other things, handles payment processing. If the data subject selects a payment method during the ordering process in the online shop, the data of the data subject is automatically transmitted to Novalnet AG. By selecting a payment option, the data subject consents to the transmission of personal data in order to process the payment.
The personal data transmitted to Novalnet generally includes first name, last name, address, gender, email address, IP address and, if applicable, date of birth, telephone number, mobile phone number and other data necessary to process a payment are. In order to process the purchase contract, personal data that is related to the respective order is also necessary. In particular, there can be a mutual exchange of
Payment information, such as bank details, card number, expiry date and CVC code, data on goods and services, prices.
The purpose of transmitting the data is, in particular, identity verification, payment administration and fraud prevention. The person responsible for processing will transmit personal data to Novalnet AG in particular if there is a legitimate interest in the transmission. The personal data exchanged between Novalnet AG and the person responsible for processing may be passed on by Novalnet AG to credit reporting agencies
transmitted. The purpose of this transmission is to check identity and creditworthiness.
Novalnet AG also passes on personal data to service providers or subcontractors to the extent that this is necessary to fulfill contractual obligations or the data is to be processed.
The data subject has the opportunity to revoke their consent to the handling of personal data to Novalnet AG at any time. A revocation does not affect personal data that must be processed, used or transmitted for (contractual) payment processing.
Aldgate partners. Sometimes our partners, for example, distributors, resellers, and app store partners, will be independent data controllers of your personal data. In such cases, the procedures established by them (e.g., terms of service and privacy policies) will apply to such relationships. In other cases we may collaborate with partners as joint controllers meaning that we jointly define the purpose and means of data processing with them. Both joint controllers are then responsible for the data processing and its compliance with applicable privacy laws.
We also partner with third parties to display advertising on our Websites or to manage our advertising on other sites. These partners help us deliver more relevant ads and promotional messages to you, which may include behavioral, contextual, and generic advertising. We and our advertising partners may process certain personal data to help us understand your preferences so that we can deliver advertisements that are more relevant to you.
Your personal data may be processed in any country in which we engage service providers and partners. When you use our Services and Websites, you understand and acknowledge that your personal data may be transferred outside of the country where you reside.
Bundled subscriptions (Third Party Services acquired through Aldgate). By subscribing to the Bundled Subscription which includes Third Party Services acquired through Aldgate, you agree that certain purchase information (e.g., your email address, Subscription term, payment amount, subscription ID) will be shared with the respective provider of Third Party Services for purposes of activating, administering, and provision of Third Party Services, also for improving your experience, and communicating with you about the Bundled Subscription and Third Party Services. When you use Third Party Services, your personal data is processed by the provider of Third Party Services (which acts as a separate data controller of your personal data) according to the procedures established by it and governed by its privacy policies.
Protection of our rights. We may disclose personal data to establish or exercise our legal rights or defend against any legal claims or other complaints. We may also share such information if we believe it is necessary in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, and violations of our General Terms.
Business transfers. We may share your personal data in those cases where we sell or negotiate to sell our business or go through a corporate merger, acquisition, consolidation, asset sale, reorganization, or similar event. In these situations, Aldgate will continue to ensure the confidentiality of your personal data.
Requests for data. Any request for user data should follow an appropriate official legal process recognized by the laws of the United Kingdom (e.g., mutual legal assistance treaty, letters rogatory). We carefully review each request to make sure it satisfies laws applicable to our company, laws of requesting country, international norms, and our internal policies. However, it is important to note that the laws of the United Kingdom do not oblige us to store logs of users’ online activity. Accordingly, we do not log users’ browsing history, traffic information, or IP addresses used to access the internet via our services. This means that we are not able to link shared IP addresses of VPN services to an individual user or otherwise individual users based on data that we do not process. Therefore, even if we were to receive a rightfully served request, it might be impossible for us to identify a specific person or provide any identifying information related to that person. In cases where, following an appropriate legal process, we are obligated to comply with a request and we are able to identify a specific person, we will provide the limited data we process as per our Privacy Policy given it falls within the scope of the request.
Cross-border transfers of personal data
To facilitate our Services and Websites, we may store, access, and transfer personal data from around the world, including in countries where Aldgate has operations. These locations may not guarantee the same level of protection of personal data as the one in which you reside. We assess the circumstances involving all cross-border data transfers and have suitable safeguards in place to require that your personal data will remain protected in accordance with this Privacy Policy. For example, in case your personal data is transferred to countries outside the EEA, we make sure there is an adequacy decision from the European Commission with regards to the recipient country or we use standard contractual clauses approved by the European Commission for such transfer of your personal data.
4. CHOICES RELATED TO YOUR PERSONAL DATA
Please note that there are various data protection laws across different jurisdictions that provide privacy rights to you as a data subject. Subject to those applicable data protection laws, among others, you may have the following rights:
Delete: request us to erase your personal data;
Access: know and access personal data Aldgate has collected about you;
Rectify: rectify, correct, update, or complement inaccurate/incomplete personal data Aldgate has about you;
Object: object to the processing of your personal data which is done on the basis of our legitimate interests (e.g., for marketing purposes);
Portability: request us to provide you with a copy of your personal data in a structured, commonly used and machine-readable format or to transmit (if technically feasible) your personal data to another controller (only where our processing is based on your consent and carried out by automated means);
Restrict: restrict the processing of your personal data (when there is a legal basis for that);
Withdraw consent: withdraw your consent where processing is based on a consent you have previously provided;
Lodge a complaint: exercise your rights by contacting us directly or, if all else fails, by lodging a complaint with a supervisory authority.
Rectification. If you’d like to edit your profile information (e.g., change your email address, add additional username).
Access/Deletion. If you wish to delete your Account or your personal data that we process, or request to provide you with a copy of your personal data.
Please note that you will need to pass through the Account verification process so that we can verify you are the owner of the Account before taking further action on your request.
Aldgate's Obligations on Termination. Upon expiration or termination of your Account and/or Subscription, Aldgate will immediately cease processing information that’s associated with you. However, please note that there might be cases when we retain information associated with you after expiration or termination of your Account and/or Subscription: (i) all Aldgate products' databases are connected; after expiration or termination of your Account, basic information (such as your email address) would still be visible in our system. In order to delete all of your data, we would need to delete all of your Accounts associated with different Aldgate products (in order to do so, please contact our support team); (ii) Aldgate also may retain information associated with you (e.g., payments data) in order to fulfill its obligations as required by applicable laws, regulations, court orders, subpoenas, or other legal processes for archival purposes.
You can control the use of cookies at the individual browser level on your device. To disable cookies, follow your browser’s instructions on how to block or clear cookies.
If you do not agree with the processing of your personal data by Aldgate, please do not use our Services and Websites. You can request us to discontinue processing your personal data, in which case your data will be processed only as much as it is necessary to effect the discontinuation of your use of the Services (e.g., final settlement or deleting all personal data based on your email address), or finalizing other Aldgate’s legal relationship with you (e.g., record keeping, accounting, processing refunds). Please note that we or our third-party service providers may be obliged to retain your certain personal data as required by law.
5. DATA SECURITY
We maintain tight controls over the personal data we collect. Our dedicated IT security team has implemented appropriate physical, technical, and organizational measures to protect information about you against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure, or access and against all other unlawful forms of processing:
Physical Measures. We control access to our facilities with access cards.We also use security alarm systems and CCTV. We store devices with personal data information only in locked rooms or cabinets. Our printers are protected by access control measures. A clean desk policy is implemented.
Technical Measures. We use layered defense with firewalls, anti-malware protection, intrusion detection and prevention systems. Our infrastructure is regularly updated and regular vulnerability scans are in place to detect possible vulnerabilities. We have security event and incident management solutions to correlate and investigate signals in security tools. Servers are hardened and automated configuration tools are used to manage them. All workplaces are managed from a centralized endpoint management tool. Data at rest and in transit are encrypted. Encryption protocols are used according to the newest security practices.
Organizational Measures. We adopted information security and data processing policies according to best practices. We have external audits to prove our information security and data processing policies are up to standards. We adopted a constant development culture of security and data protection awareness among our employees (including organizing regular and ongoing training and other awareness activities).. We analyze the threat landscape and attack surface and constantly update our security measures. Access to databases containing personal data is granted on a need-to-know basis.
If we detect something suspicious, we will notify you immediately and guide you through steps to stay better protected. However, no company can guarantee the absolute security of internet communications as no technology is completely bulletproof. By using the Services and Websites, you expressly acknowledge that we cannot guarantee the 100% security of personal data provided to or received by us through the Services and that any information received from you through Websites or our Services is provided at your own responsibility. If you have any reason to believe that your interaction with us is no longer secure, please notify us at privacy@Aldgateaccount.com.
6. DATA RETENTION AND DELETION
Aldgate will keep your personal data only as long as necessary to provide you with the Services, or for as long as we have another legitimate ground to do so, but not longer than permitted or required by law. Some of more specific data retention terms are provided below:
Customer billing information and payment details are kept by Aldgate for 10 years from the last payment transaction.
Aldgate will use your email for marketing communication for 1 year after the end of your Subscription or until you exercise your right to opt-out, whichever comes first.
When we no longer have a legal ground to keep your personal data, it will either be securely disposed of, or de-identified through appropriate anonymization means. Aldgate will destroy personal data recorded or stored in the form of electronic files using method(s) that would prevent the recovery of the data.
8. CONTACT US
If you have questions, requests, concerns, or complaints about this Privacy Policy or our personal data processing practices, or you wish to exercise your data subject rights, please contact us by writing to us at the following address:
Aldgate Advice Limited, 142 Maidstone Road, Rochester, ME1 3EA, United Kingdom
9. CHILDREN’S DATA
Aldgate does not knowingly collect or solicit personal data from anyone under the age of 18. If you are under 18, please do not attempt to send any personal data about yourself to Aldgate. If we acknowledge that we have collected and processed personal data from a child under the age of 18, we will delete that data as quickly as possible.
10. OTHER TERMS
Limitation of Liability. To ensure the security of personal data, Aldgate employs various technical, physical, and organizational security measures; however, it is your responsibility to exercise caution and reason when using the Services and Websites. You will be personally liable if your use of the Services and Websites violates any third party privacy or any other rights or any applicable laws. Under no circumstances is Aldgate liable for the consequences of your unlawful, willful and negligent activities, and any circumstances that may not have been reasonably controlled or foreseen (please read the General Terms for more information).
Links to other websites. Our Websites may include links to other websites (e.g., social media websites) whose privacy practices may be different from ours. If you access any of those websites via such links and/or submit your personal data to any of those websites, your personal data is processed by the procedures established by them and governed by their privacy policies. We encourage you to carefully read the privacy policy (or other respective privacy notice) of any website you visit.
Prevailing Language. For all purposes, the English language version of the Privacy Policy shall be the original, governing instrument and understanding between you and us. In the event of any conflict between this English language version of the Privacy Policy and any subsequent translation into any other language, the English language version shall govern and control.
Updates to the Privacy Policy. We develop our Services and Websites introducing new features or modifying current ones constantly. Therefore, we may need to amend the Privacy Policy from time to time. If the amendments to the Privacy Policy materially affect the activities of our processing of your personal data, we will notify you in advance of such changes by reasonable means (e.g., notification through the respective applications, our Websites, or via email), and we will always indicate the date of the last update. Unless it is stated by us otherwise, each update of the Privacy Policy comes into force as of the moment when the amended Privacy Policy is published on this Website. You are expected to check this Privacy Policy regularly so that you are familiar with the most current wording of the Privacy Policy. Your continued use of the Services and Websites will be deemed acceptance thereof.