GDPR COMPLIANCE STATEMENT
Last updated: 5 June 2025
AltroPlus (“Company”, “we”, “our”, “us”) is committed to complying with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) when processing personal data of individuals located in the European Economic Area (EEA).
This statement explains how AltroPlus meets its GDPR obligations as a data controller and, where applicable, a data processor.
1. Scope of GDPR Compliance
This GDPR Compliance Statement applies to:
- Visitors from the European Union (EU) and EEA
- Business contacts, prospects, and clients located in the EU/EEA
- Personal data processed in connection with AltroPlus’s website, services, and contractual engagements
2. Roles Under GDPR
Data Controller
AltroPlus acts as a Data Controller when processing personal data related to:
- Website inquiries
- Quote requests
- Business communications
- Marketing and relationship management
Data Processor
AltroPlus acts as a Data Processor when processing personal data on behalf of clients as part of its cloud computing and infrastructure services.
3. Lawful Basis for Processing
We process personal data under the following lawful bases:
- Legitimate Interests – for B2B communications and service improvement
- Contractual Necessity – to deliver services and fulfill agreements
- Legal Obligations – regulatory and compliance requirements
- Consent – where explicitly required
4. Types of Personal Data Processed
Depending on interaction, we may process:
- Name, business email, job title
- Company name and contact details
- IP address and technical identifiers
- Usage and interaction data
- Client-provided data processed within cloud services (as instructed)
We do not intentionally process special category (sensitive) data.
5. Data Subject Rights
Under GDPR, individuals have the right to:
- Access their personal data
- Request rectification of inaccurate data
- Request erasure (“right to be forgotten”)
- Restrict or object to processing
- Request data portability
- Withdraw consent at any time (where applicable)
Requests can be submitted to:
info@altroplus.com
We respond to all valid requests within 30 days.
6. Data Security Measures
AltroPlus implements appropriate technical and organizational measures, including:
- Access control and authentication
- Encryption in transit and at rest (where applicable)
- Secure infrastructure environments
- Monitoring and incident response procedures
7. Data Retention
Personal data is retained only for as long as necessary to:
- Fulfill contractual obligations
- Meet legal and regulatory requirements
- Support legitimate business operations
Data is securely deleted or anonymized once retention periods expire.
8. International Data Transfers
As a global cloud services provider, AltroPlus may transfer personal data outside the EU/EEA.
When such transfers occur, we ensure appropriate safeguards, including:
- Standard Contractual Clauses (SCCs)
- Contractual data protection obligations
- Security and confidentiality controls
9. Sub-Processors
AltroPlus may engage trusted sub-processors (e.g., hosting, analytics, communication providers).
All sub-processors are subject to contractual GDPR-compliant data protection obligations.
A list of sub-processors may be provided upon request.
10. Data Processing Agreements (DPA)
AltroPlus offers a Data Processing Agreement (DPA) to clients where required under GDPR.
The DPA governs:
- Scope of data processing
- Security obligations
- Confidentiality
- Sub-processor use
- Data subject rights support
11. Data Breach Notification
In the event of a personal data breach that poses a risk to data subjects, AltroPlus will:
- Investigate promptly
- Notify affected clients without undue delay
- Cooperate with regulatory authorities where required
12. Supervisory Authority
EU data subjects have the right to lodge a complaint with their local supervisory authority if they believe their data protection rights have been violated.
13. Contact Information
For GDPR-related inquiries or requests:
AltroPlus
Email: info@altroplus.com
Jurisdiction: Hong Kong SAR