Effective Date: December 09, 2021
Net Alpha Financial Systems (“N-ALPHA”®) is committed to maintaining robust privacy protections for its customers. This Privacy and Data Protection Policy (“Policy”) is designed to help you understand how we collect, use and safeguard the information you provide to us and to assist you in making informed decisions when using the Services (as defined below).
In this Policy, the terms “you”, “your”, or “Customer” refer to you. The terms “we”, “us,” “our” or “N-ALPHA” hereafter refer to Net Alpha Financial Systems, LLC, a Michigan company, with a place of business at 199 W. Brown Street Suite 210, Birmingham, MI 48009.
By using the Services, you accept this Policy and you consent to our collection, storage, use and disclosure of your Personal Information (as defined below) as described in this Policy.
“Customer Data” is any data and other information made available to us by you through the use of the Services. It may include Sensitive Data (as defined below) and Personal Information that relates to your relationship with N-ALPHA, including the names or contact information of individuals authorized by you to access your account and billing information that you associated with your account, any data N-ALPHA may need to collect for the purpose of identity verification (including providing the MFA Services as defined below), any data processed by N-ALPHA for the purposes of transmitting or exchanging Personal Information, including data used to identify the source and destination of a communication, such as (a) your telephone number, data on the location of the device generated in the context of providing the Services, and the date, time, duration and the type of communication and (b) activity logs used to identify the source of our Services requests, optimize and maintain performance and security of the Services, and investigate and prevent system abuse.
Multi factor authentication services (“MFA Services”) means the provision of a portion of the Services under which you use an additional factor to verify your identity in connection with your use of the Services.
“Non-Personal Information” includes information that cannot be used to personally identify you, such as anonymous usage data, general demographic information, referring/exit pages and URLs, platform types, preferences you may submit and preferences that are generated based on the data you submit and number of clicks.
“Personal Information” may include your email, first name, last name, job title, address, phone number, credit card or bank information, IP address, geographic location, login, IDs, and other contact information in case you submit it in a registration process at the Site.
“Sensitive Data” means (a) social security number, passport number, driver’s license number, or similar identifier (or any portion thereof); (b) credit or debit card number (other than the truncated (last four digits) of a credit or debit card), financial information, banking account numbers or passwords; (c) employment, financial, genetic, biometric or health information; (d) racial, ethnic, political or religious affiliation, trade union membership, or information about sexual life or sexual orientation; (e) account passwords, mother’s maiden name, or date of birth; (f) criminal history; or (g) any other information or combinations of information that falls within the definition of “special categories of data” under GDPR or any other applicable law or regulation relating to privacy and data protection.
“Services” refers to N-ALPHA’s services accessed via the Site.
“Site” refers to N-ALPHA’s digital domains including websites which can be accessed at the n-alpha.com, materialx.io, or other domains and sub-domains as may be used by N-ALPHA.
3. Data Protection Principles
Throughout this Section 3, processing Personal Information is detailed in Section 5.1 (Personal Information), Section 5.3 (Personal Information, Non-Personal Information and Customer Data) and Section 6 (How we protect / secure information).
We will comply with any applicable data protection laws (including Europe’s General Data Protection Regulation, when applicable), as well as the standards set out in this Policy, when processing Personal Information.
- To the extent that data protection laws exceed the standards set out in this Policy, we will comply with those laws; but
- where there are no applicable data protection laws, or where applicable data protection laws do not meet the standards set out in this Policy, we will process Personal Information in accordance with the standards set out in this Policy.
3.2 Fairness and transparency
When requested by you, we will provide you with the purposes for which Personal Information is processed. We will take appropriate measures to communicate to you this information in a concise, transparent, intelligible and easily accessible form, using clear and plain language.
3.3 Purpose limitation
We will only process Personal Information for specified explicit and legitimate purposes that have been communicated in accordance with above Section 3.2. We will not process Personal Information in a way that is incompatible with these purposes, except in accordance with applicable law or with your consent.
If we intend to process Personal Information for a purpose which is incompatible with these purpose for which the Personal Information was originally collected, we may only do so if such further processing is permitted by applicable law or we have your consent.
In assessing whether any processing is compatible with the purpose for which Personal Information was originally collected, we will take into account:
- any link between the purposes for which Personal Information was originally collected and the purposes of the intended further processing;
- the context in which Personal Information was collected, and in particular your reasonable expectations;
- the nature of Personal Information, in particular whether such information may constitute special categories of data;
- the possible consequences of the intended further processing; and
- the existence of any appropriate safeguards that we have implemented in both the original and intended further processing operations.
3.4 Data minimization
We will only process Personal Information that is adequate, relevant and limited in order to properly fulfil the desired processing purposes. We will not process Personal Information that is unnecessary to achieve those purposes.
We will take appropriate measures to ensure that the data we process is accurate and, where necessary, kept up to date – for example, by giving you the ability to inform us when Personal Information has changed or has become inaccurate.
We will take every reasonable step to ensure that Personal Information that is inaccurate in regard to the purposes for which it is processed, is erased or rectified without delay.
3.6 Storage limitation
We will not keep Personal Information in a form which permits your identification for longer than is necessary for the purposes for which that information is processed.
3.7 Security, integrity and confidentiality
We will implement appropriate technical and organizational measures to protect Personal Information against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, in particular where processing involves transmission of personal data over a network, and against all other unlawful forms of processing.
Such measures will ensure a level of security appropriate to the risk. These measures may include the following, as appropriate in light of the risk:
- the pseudonymization or encryption of Personal Information;
- the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
- the ability to restore the availability and access to Personal Information in a timely manner in the event of a physical or technical incident; and
- a process for regularly monitoring, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.
In particular, we will comply with the requirements in the security policies in place within N-ALPHA, as revised and updated from time to time, together with any other security procedures relevant to a business area or function.
We will ensure that any staff member who has access to or is involved in the processing of Personal Information does so only for lawful purposes as authorized and instructed by N-ALPHA and under a duty of confidence.
3.8 Service provider management
Where we select a third party service provider to process Personal Information on our behalf as part of our Site or Services, we take appropriate measures in our third party service provider assessment procedure to ensure that the third party provider :
- where applicable, acts according to our instructions
- has the appropriate technical and organizational security measures to safeguard Personal Information
- assists us in ensuring compliance with our obligations as a controller under applicable data protection laws, in particular with respect to reporting data security incidents under Section 3.9 and responding to your requests to exercise Personal Information protection rights under Section 3.10;
- can return or delete Personal Information once it has completed its services; and
- can make available to us all information we may need in order to ensure its compliance with these obligations.
3.9 Security incident reporting
When we become aware of a data security incident that presents a risk to Personal Information that we process, we will immediately follow our data security incident management policies.
N-ALPHA will review the nature and seriousness of the data security incident and determine whether it is necessary under applicable data protection laws to notify competent data protection authorities and/or individuals affected by the incident. N-ALPHA management shall be responsible for ensuring that any such notifications, where necessary, are made in accordance with applicable data protection law.
3.10 Honoring individuals’ data protection rights
Various data protection laws around the world, including European Union laws, provide individuals with certain data protection rights. These may include:
- The right of access: This is your right to obtain confirmation whether we process Personal Information and, if so, to be provided with details of Personal Information and access to it;
- The right to rectification: This is your right for to obtain rectification of inaccurate Personal Information we may process.
- The right to erasure: This is your right to require us to erase Personal Information on certain grounds – for example, where Personal Information is no longer necessary to fulfil the purposes for which it was collected.
- The right to restriction: This is your right to require us to restrict processing of Personal Information on certain grounds.
- The right to data portability: This is your right to receive Personal Information from us in a structured, commonly used and machine readable format.
- The right to object: This is your right to object, on grounds relating to your particular situation, to processing of Personal Information, if certain grounds apply.
Where you wish to exercise any of these rights, we will respect those rights in accordance with applicable law.
In addition, N-ALPHA shall communicate any rectification or erasure of Personal Information or restriction of processing carried out in accordance with this Section 3.10 to each recipient to whom Personal Information have been disclosed, unless this proves impossible or involves disproportionate effort. We will inform you about those recipients if you request it.
4. Information We Collect
We may collect Non-Personal Information, Personal Information, and Customer Data.
4.1 Information collected via technology
4.2 Information you provide us by registering for an account
In addition to the information provided automatically by your browser when you visit the Site, to become a user of the Services you may need to create a personal or organizational profile. By becoming a user, you are authorizing us to collect, store and use your Personal Information in accordance with this Policy. Information collected will be stored, secured, and kept as long as necessary in relation to your account and use of our Site and Services.
4.3 Children’s privacy
The Site and the Services are not directed at anyone under the age of 13. In the event that we learn that we have gathered Personal Information from anyone under the age of 13 without the consent of a parent or guardian, we will delete that information as soon as possible. If you believe we have collected such information, please contact us at firstname.lastname@example.org.
4.4 Third party providers
Net Alpha may utilize the services of third party providers for data collection and analytics. The following table lists several of the third party vendors that we use, including links to their privacy policies:
|Google Analytics||https://policies.google.com/privacy||Used for analytics and continuous improvement of the user experience|
|Log Rocket||https://logrocket.com/privacy/||Used for improving the user experience and faster resolution of issues|
|Firebase||https://firebase.google.com/support/privacy||Used for transmitting push messages and displaying real-time notifications|
(a Twilio company)
|https://sendgrid.com/policies/privacy/||Used for sending platform emails|
|AWS||https://aws.amazon.com/compliance/data-privacy/||Used for access and identity management|
|Stripe||https://stripe.com/gb/privacy||Used for subscription management|
|Sentry||https://sentry.io/privacy/||Used for monitoring and alerting|
5. How We Use and Share Information
5.1 Personal Information
Information and Customer Data collected by us may be used for, but not limited to, purposes such as creating customer accounts, customer identification, controlling access, processing payments, generating billing documentation, preventing fraud (by using geolocation), identifying and troubleshooting Site and Services performance, and enhancing user experience.
Except as otherwise stated in this Policy, we do not sell, trade, rent or otherwise share for marketing purposes your Personal Information or Customer Data with third parties without your consent. We do share Personal Information and Customer Data with vendors who are providing services to N-ALPHA, such as the servers for our email communications that are provided access to the users’ email addresses for purposes of sending emails to them. Those vendors use your Personal Information and Customer Data in accordance with this Policy. We do share Personal Information with third party data service providers for data licensing purposes, in cases where the third party data service demands such reporting in their data licensing agreement.
In general, the Personal Information you provide to us is used to help us communicate with you. For example, we use Personal Information to contact users in response to questions, solicit feedback from users, provide technical support, and inform users about promotional offers.
We may share Personal Information and Customer Data with outside parties if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to meet any applicable legal process or enforceable governmental request; to enforce applicable End User License Agreement, including investigation of potential violations; address fraud, security or technical concerns; or to protect against harm to the rights, property, or safety of our users or the public as required or permitted by law.
5.2 Non-Personal Information:
In general, we use Non-Personal Information to help us improve the Services and customize the user experience. We also aggregate Non-Personal Information in order to track trends and analyze use patterns on the Site. This Policy does not limit in any way our use or disclosure of Non-Personal Information and we reserve the right to use and disclose such Non-Personal Information to our partners, advertisers and other third parties at our discretion.
5.3 Personal Information, Non-Personal Information and Customer Data:
In the event we undergo a business transaction such as a merger, acquisition by another company, or sale of all or a portion of our assets, your Personal Information, Non-Personal Information and Customer Data may be among the assets transferred. You acknowledge and consent that such transfers may occur and are permitted by this Policy, and that any acquirer of our assets may continue to process your Personal Information, Non-Personal Information, and Customer Data as set forth in Policy.
6. How We Protect / Secure Information
We implement security measures designed to protect your information from unauthorized access. Your account is protected by your account password and we urge you to take steps to keep your Personal Information and Customer Data safe by not disclosing your password and by logging out of your account after each use. We further protect your information from potential security breaches by implementing certain technological security measures including MFA Services, encryption, firewalls, and secure socket layer technology. However, these measures do not guarantee that your information will not be accessed, disclosed, altered or destroyed by breach of such firewalls and secure server software. By using our Services, you acknowledge that you understand and agree to assume these risks.
7. Your Rights Regarding the Use of Your Personal Information
If you registered to receive information from us, you have the right at any time to prevent us from contacting you for marketing purposes. Please note that if you unsubscribe from promotional communications, we may continue to send you administrative emails including, for example, periodic updates to this Policy.
8. Links to Other Websites
9. Changes to this Policy
N-ALPHA reserves the right to change this Policy at any time. Except as otherwise specified by us, updates will be effective upon the Effective Date indicated at the top of the updated version of this Policy. The updated version of this Policy will supersede all prior versions. We will provide you by email (or other similar electronic communication method) with prior written notice of any significant changes to this Policy reasonably in advance of the Effective Date of any updated version of this Policy. Current and most recent prior versions of this Policy are available at www.n-alpha.com/legal/privacy-policy.
10. Contact us
If you have any questions regarding this Policy or the practices of this Site, please contact us by sending an email to email@example.com.