Privacy Policy

Atlas11 values your privacy. Read on to discover how we store and secure your data

Introduction

 

The General EU Data Protection Regulation (“GDPR”) entered into force throughout the European Union on 25 May 2018. Based on the concept of “privacy by design” and adopting a risk-based approach, the GDPR has been designed to meet the requirements of the digital age.

 

The 21st century is leading to a wider use of technology, new definitions of what constitutes personal data and a significant increase in cross-border processing. The new regulation aims to standardize laws and data protection processing throughout the EU; give individuals more extensive and consistent rights to access and control their personal information.

 

Our commitment:

 

Atlas11 is dedicated to protecting the personal information under our control and developing an effective data protection regime that is appropriate for this purpose and demonstrates an understanding of and compliance with the new regulations. Our preparation and compliance objectives for the GDPR have been summarized in this statement and include the development and implementation of new roles, policies, procedures, controls and data protection measures to ensure maximum and ongoing compliance.

 

Atlas11 is committed to ensuring the security and protection of the personal information we process and to providing a consistent and coherent approach to data protection. We have always had a robust and effective data protection program in place, in compliance with applicable legislation and in compliance with data protection principles. However, we recognize our obligation to update and expand this program to meet the requirements of the GDPR.

 

Atlas already has a high level of data protection and security throughout our organization. However, our objective is to be fully compliant with the GDPR. So our preparation includes: 

 

Information audit – conduct a company-wide information audit to identify and assess the personal information we hold, where it comes from, how it is processed and who has access to it.

 

Policies and Procedures – We also revise our data protection policies and procedures to comply with GDPR requirements and standards and all relevant data protection laws, including 

 

Data Protection – our main data protection policy and procedure document has been revised to meet GDPR standards and requirements. Accountability and governance measures are in place to ensure that we properly understand and communicate and demonstrate our obligations and responsibilities

 

Data retention and erasure – we have updated our retention policy and schedule to comply with the principles of “data minimization” and “storage limitation” and to keep, archive and destroy personal information in a consistent and ethical manner. We have put in place dedicated erasure procedures to meet the new “Right to be forgotten” obligation and are aware of the application of this right and the rights of other data subjects; as well as all exemptions, response times and notification responsibilities.

 

As of May 25 2018, all so-called sensitive data such as chats & emails will be automatically deleted after a period of 12 months following their creation. Customers will therefore no longer have access to it after this period.

The customer wishing to close his account will have all his personal data (except billing data) deleted.

We only keep the minimum amount of customer data necessary for the platform to operate properly.

Customer emails are only used for email marketing and only if the customer consents (opt-in). Any customer who no longer wishes to receive emails from us can let us know by contacting us at [email protected], his email address will then be removed from the list. 

Absolutely no customer data is resold/data to third party users.

The experts have no access to any data concerning the clients except their pseudonyms/name as well as the emails & chats/photos exchanged between the client and his expert.

We also strongly advise customers not to give private data such as their last names, telephone numbers, email address etc. to experts.

 

International Data Transfers and Third Party Information – In the event that Atlas stores or transfers personal information outside the EU, we have robust procedures and safeguards in place to secure, encrypt and maintain data integrity. Our procedures include a continuous review of the procedures and laws of these countries; standard data protection clauses or codes of conduct approved for these countries. We carry out rigorous due diligence on all recipients of personal data to assess and verify that they have appropriate safeguards to protect the information, guarantee the rights of the data subjects and have effective legal remedies for the data subjects where appropriate.

 

Request for access to your data – We have revised our procedures to reflect the 30-day deadline for providing the requested information and to make this provision free of charge. Our new procedures detail how to verify the data subject, what steps to take to process an access request, what exemptions apply and a series of response templates to ensure that communications with data subjects are compliant, consistent and appropriate.

 

Legal basis for data processing – we examine all processing activities to determine the legal basis for the processing and ensure that each basis is appropriate for the activity to which it relates. Where applicable, we also maintain records of our processing activities, ensuring that our obligations under Article 30 of the GDPR and Schedule 1 of the draft Data Protection Act are met.

Privacy Notice / Policy – we review our privacy policy to ensure that all individuals whose personal information we process have been informed of why we need it, how it is used, and who has access to it and what measures are in place to protect their information.

 

Also, users have the right to object to any direct marketing by us and the right to file a complaint or seek legal redress and who to contact in such cases.

 

Data Breaches – our breach procedures ensure that we have protection measures and measures in place to identify, evaluate, investigate and report any personal data breaches as soon as possible. Our procedures are robust and have been communicated to all employees, which has made them aware of the reporting lines and steps to follow.

 

Use of third party services – when we use a third party to process personal information on our behalf (e.g. PAYPAL & POSTFINANCE & other payment methods), we have verified that the processing is in accordance with GDPR obligations. These measures include initial and ongoing reviews of the service provided, the need for the processing activity, the technical and organizational measures in place and compliance with the GDPR.

 

Data Protection Impact Assessments (DPIAs) – where we process personal information considered high risk; We have developed rigorous evaluation procedures and models to conduct impact assessments in accordance with the requirements of Article 35 of the GDPR. We have documentation processes in place that record each assessment, allow us to assess the risk posed by the processing activity and implement mitigation measures to reduce the risk posed to the person(s) concerned.

 

Obtaining consent – We review our consent mechanisms to obtain personal data, ensure that individuals understand what they are providing, why and how we use it and provide clear and defined means for us to process their information. We have developed rigorous processes to record consent, ensuring that we can prove your acceptance, as well as date and time records; and an easy way to view and access your consent at any time.

 

Sensitive data – When we obtain and process sensitive information, we do so in full compliance with the requirements of Article 9 and have encryption and protection on all such data. Sensitive data are not processed. Your consent for the processing is explicit and the right to modify or withdraw consent is clearly indicated.

 

Your rights as a user of our services:

 

In addition to the policies and procedures mentioned above that ensure that individuals can exercise their data protection rights, we provide easily accessible information via our website www.atlas11.com or on request at [email protected]

 

Users of our services can therefore request:

what personal data we hold about you

why we hold this information

who has access to this data

how long we store personal data

the deletion of personal data 

 

Information security and technical and organizational measures

 

Atlas takes the privacy and security of individuals and their personal information very seriously and takes all measures and precautions to protect and secure the personal data we process. We have robust information security policies and procedures in place to protect personal information from unauthorized access, alteration, disclosure or destruction, including several levels of security measures:

SSL encryption, access controls, password policy, pseudonymization, data access restrictions, and intra-company data management practices.

 

Manage your cookies

Click here to manage your cookies.

Experts can start using the Atlas11 platform without paying anything. You can create your profile page and start accepting appointments or registrations to your online events today! 

Atlas11 is dedicated to enable everyone to share knowledge and expertise online easily and fairly.