Altus Privacy Policy
At Altus, we are committed to safeguarding the privacy and security of your data. This privacy policy outlines how we collect, process, and protect customer data within Microsoft 365 (M365) installations and Altus owned Microsoft Azure subscriptions known as Altus Cloud Services (ACS). In addition to the existing policies, we are actively reviewing and updating our practices to ensure compliance with relevant regulations such as GDPR and the Australian Privacy Principles. As we expand our services, we are committed to transparently communicating any changes to our customers and ensuring that their data is handled responsibly and in accordance with applicable laws and regulations.
Data Collection and Purpose
Altus applications collect customer data within the customer's M365 tenancy and ACS. This data includes information necessary for work management and can include - but is not limited to - documents, communication, and collaboration data. The primary purpose is to provide a highly functional and customisable work management platform for our customers and their partner organisations.
Collected Customer data is used to:
- Provide and deliver our products and services, including software updates.
- Respond to your questions and comments and to provide customer service.
- Provide service and support, such as sending confirmations, invoices, technical notices, updates, security alerts, administrative messages, and providing troubleshooting.
- Use Customer data characteristics in the service of promotions, upcoming events, and news about products and services offered by Altus and selected partners.
- Enforce our terms and conditions, licensing, or protect our business, our partners, or our users.
- Detect, protect against, investigate, and deter fraudulent, unauthorised, or illegal activity where required to do so by law.
- Comply with legal process and other lawful requests, and verification requests in connection with internal and external audits.
- For any other purpose disclosed to you in connection to Altus products or services.
Anonymised Customer data is used to:
- Maintain and improve our operations, systems, products, and services.
- Understand your preferences to enhance your experience.
- Link or combine information about you with Personal Data that we receive from third parties to help understand your needs and provide you with better and more personalised services.
Data Ownership and Control
Customers retain ownership and control over their data regardless of the hosted location. Altus will not use or access customer data for purposes other than providing, maintaining, and improving our applications unless explicit consent is obtained. Customers can configure and customise the Altus family of applications to align with their specific needs. Altus applications may provide the ability to opt-out of various ACS functions to make the security posture of the deployment more conservative or to meet local legislative requirements.
Security Measures
In cooperation with Microsoft, Altus implements robust security measures to protect customer data. This includes encryption, access controls, and regular security assessments.
When data is required for telemetry purposes it is anonymised and aggregated (i.e. for the purposes of understanding telemetry information), and does not personally identify individuals (except in cases where those individuals have voluntarily identified themselves), and is handled in alignment with our data handling policy (please see here for more information).
We are committed to maintaining the confidentiality, integrity, and availability of customer information.
Data Location and Transfers
Customer data may be processed in the customer's M365 tenancy or ACS, but in either case Altus will endeavour to ensure that the processing occurs within the customer's selected geographic region. The exact regional borders of the available Altus geographic regions can be supplied on request, and while a best effort will be made to have these regional definitions coincide with harmonious privacy legislation, this outcome cannot be guaranteed by Altus. Customers will be informed of any changes to regional data location and any events that may necessitate cross-border transfers.
Compliance with Privacy Regulations
Altus is dedicated to complying with global privacy regulations. We understand that due to the diversity of privacy laws the work to adapt our practices accordingly is an ongoing process. Customers from different regions can trust that our policies strive to align with relevant data protection legislation.
Data Retention
Customer data will only be retained for the period necessary to fulfil the purposes outlined in this policy unless a longer retention period is required or permitted by law. For M365 Applications see Microsoft for data their latest data retention policy and for ACS based applications Customers can configure retention settings within the applications. If you wish to request that we no longer use your information to provide you services, contact us at GDPR@altus.pro. Please keep in mind that we may need to keep your data to comply with our legal obligations, resolve disputes or enforce legal agreements.
Third-Party Partners
Altus may facilitate engagement with third-party service providers (Partners) to enhance our services. These partners adhere to privacy and security standards consistent with Altus policies and will provide additional information and be responsible for any changes to the Altus family of applications that varies from this policy. Customers engaging with an Altus partner are encouraged to review their privacy practices.
Privacy Inquiries and Complaints
Altus is committed to addressing privacy inquiries and complaints promptly. Customers can contact our privacy team via email at security@altus.pro for assistance.
Policy Updates
This privacy policy may be updated to reflect changes in laws, regulations, or our business practices. Customers will be notified of any significant updates. By using the Altus family of applications, customers acknowledge and agree to the terms outlined in this privacy policy. We value your trust and are dedicated to maintaining the highest standards of data privacy and security.