Last Updated: May 15th, 2023
For instance, when you browse or visit our website, www.atera.com (“Website”) and use its various offerings (like downloading resources, and subscribing to newsletters), create an account and log in to our platform, download and use our apps and any other software application that we license (each individually, and collectively, the “Platform”, and together with our Website, the “Services”), take part in our marketing activities, and interact with us on our social media profiles, or apply for a job with us, as well as when we acquire your Personal Data from third-party sources for marketing, use Personal Data of our clients or service providers, or undertake social media marketing, all as detailed below.
“Personal Data” means any information that can be used, alone or together with other data, to uniquely identify any living human being and any information deemed as Personally Identifiable Information by applicable privacy laws.
- WHAT INFORMATION WE COLLECT, WHY WE COLLECT IT, AND HOW IT IS USED
We collect and use the following information:
- When you browse our website: https://www.atera.com.
- Legal basis (GDPR only, if applicable): Legitimate interest (e.g., essential cookies required for the operation of the Website) or Consent (e.g., non-essential cookies, to the extent required under applicable law).
- Consequences of not providing the Personal Data: Certain Website features may not be available.
- When you submit information via our Website forms (e.g., contact us form, request a trial).
- Personal Data we may collect: Full name, phone number, business email address, business name, job position, country, comments/messages, as well as any other Personal Data that you decide to provide us.
- For what purposes: To receive and answer your questions; to provide further information to the extent requested; to allow you to download an asset; to allow you to register for a free trial and to open an account; to provide and operate the account; to respond to your questions, comments, and other requests for ongoing customer assistance, technical support and maintenance of the Website and your account; to better understand your needs, both on an aggregated and individualized basis, in order to further develop, customize and improve our Services based on users’ preferences, experiences and difficulties; to communicate with you and contact you to obtain feedback from you regarding the Services; to establish a business relationship with you; to send you marketing communications.
- Legal basis (GDPR only, if applicable): Performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract and/or legitimate interest (e.g. respond to a query sent by you, marketing) or consent (for marketing, if required under applicable law).
- Consequences of not providing the Personal Data: We will not be able to: receive and answer your questions; provide further information to the extent requested; allow you to download an asset; allow you to register to a free trial and to open an account; provide and operate the account; respond to your questions, comments, and other requests for ongoing customer assistance, technical support and maintenance of the Website and your account; to better understand your needs, both on an aggregated and individualized basis, in order to further develop, customize and improve our Services based on users’ preferences, experiences and difficulties; to communicate with you and contact you to obtain feedback from you regarding the Services; to establish a business relationship with you; to send you marketing communications.
- When you register to our Platform, log-in and make use of it
- Personal Data we may collect: Business email address, company name, phone number, business address full name, job position, number of employees in your team, how Atera may assist you, data relating to your use of our Services (including, without limitation, admins’ and users’ data, as well as any other Personal Data you decide to provide us with.
- For what purposes: To allow you to register for and log-in to our Platform (including for a free trial); to provide you with the Platform’s services and perform our agreements with our clients; for monitoring and security purposes, including for user authentication, logging and debugging; to provide support (e.g. ticketing and chat functions); to improve our Platform’s services; to allow you to send us feedback, reports and additional features; to send you marketing communications via email.
- Legal basis (GDPR only, if applicable): Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering a contract, compliance with legal obligations (e.g. tax laws, bookkeeping laws, etc.), legitimate interest (to send you contract-related communication and in certain cases where permitted under applicable law, B2B marketing), or consent (for marketing, if required under applicable law).
- Consequences of not providing the Personal Data: We will not able to: allow you to register for and log-in to our Platform (including for a free trial); provide you with the Platform’s services and perform our agreements with our client; monitor and secure following purposes, including for user authentication, logging and debugging; provide support (e.g. ticketing and chat functions); improve our Platform’s services; allow you to send us feedback, reports and additional features; send you marketing communications via email.
- When you download our online resources
- Personal Data we collect: Full name and business email address.
- For what purposes: To allow you to download the online resources and to send you marketing communications.
- Legal basis (GDPR only, if applicable): Legitimate interest (provide your requested materials) or consent (for marketing, if required under applicable law).
- Consequences of not providing the Personal Data: We will not be able to provide you with the requested online resources.
- When you subscribe to our blog, newsletter(s) or distribution list(s)
- Personal Data we collect: Full name and business email address.
- For what purposes: To subscribe you to our blog or newsletter and send you updates about Atera, including marketing communications.
- Legal basis (GDPR only, if applicable): Depending on the context, legitimate interest or consent.
- Consequences of not providing the Personal Data: We will not be able to provide you with updates or send you marketing communications.
- When you contact us (e.g. via our customer support, sales, submit a request or similar forms):
- Personal Data we may collect: Full name, business email address, job title, work telephone number, messages/comments, as well as recording and any other Personal Data that you decide to provide us with.
- For what purposes: To process and answer questions and to contact you upon your request; to provide support and related communications; to customize your experience.
- Legal basis (GDPR only, if applicable): Performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering a contract and/or legitimate interest (e.g. respond to a query sent by you, marketing).
- Consequences of not providing the Personal Data: We will not be able to: process and answer questions and to contact you upon your request; provide support and related communications; customize your experience.
- When you attend a marketing event, exchange business cards with us or otherwise provide us with your Personal Data for marketing purposes:
- Personal Data we may collect: Full name, business email address, job title, business address and phone number, as well as any other Personal Data you decide to provide us with.
- For what purposes: To establish a business relationship with you, contact you about our Services and send you marketing communications.
- Legal basis (GDPR only, if applicable): Depending on the context, legitimate interest or consent.
- Consequences of not providing the Personal Data: We will not be able to establish a business relationship or send you marketing communications.
- When we acquire your Personal Data from third-party sources
- Personal Data we may collect: Contact details.
- For what purposes: To establish a first business connection and to send marketing communications.
- Legal basis (GDPR only, if applicable): Depending on the context, legitimate interest or contract.
- Consequences of not providing the Personal Data: We will not be able to contact you regarding our services and establish a business relationship.
- When we use Personal Data of our service providers:
- Personal Data we may collect: Full name, business email address, business phone number, job title, business address, country, payment information, and any other Personal Data that you provide us.
- For what purposes: To perform our agreements with our service providers and communicate with them, and to comply with our legal obligations and record keeping requirements.
- Legal basis (GDPR only, if applicable): Performance of a contract to which the service provider is a party, compliance with a legal obligation (e.g. tax laws, bookkeeping laws, etc.), and/or legitimate interest (e.g. send you contract-related communications).
- Consequences of not providing the Personal Data: We will not be able to perform our agreements with our service providers and communicate with them, and to comply with our legal obligations and record keeping requirements.
- When you interact with us on our social media profiles (e.g. Facebook, Instagram, Twitter, LinkedIn):
- Personal Data we may collect: Full name, business email address, any other Personal Data that you decide to share with us.
- For what purposes: To respond to your questions or request, establish a business relationship and send you marketing communications.
- Legal basis (GDPR only, if applicable): Depending on the context, legitimate interest or consent.
- Consequences of not providing the Personal Data: We will not be able to respond to your requests, establish a business relationship and send you marketing communications.
- When you apply for a job with us:
- Personal Data we may collect: Full name, email address, any Personal Data contained in your resume (c.v.), your responses to any assessment, any other Personal Data that you decide to provide us with. Please note that, in most cases, we receive the information directly from you, but we may also receive information in some cases from recruitment companies or other methods.
- For what purposes: To assess you as a candidate, review and examine your job application and communicate with you.
- Legal basis (GDPR only, if applicable): N/A
- Consequences of not providing the Personal Data: We will not be able to assess you as a candidate, review and examine your job application and communicate with you.
Finally, please note that some of the abovementioned Personal Data will be used for detecting, taking steps to prevent, and prosecution of fraud or other illegal activity, to identify and repair errors, to conduct audits, and for security purposes. Personal Data may also be used to comply with applicable laws, with investigations performed by the relevant authorities, law enforcement purposes, and/or to exercise or defend legal claims. In certain cases, we may anonymize or de-identify your Personal Data. “Anonymous Information” means information which does not enable identification of an individual user, such as aggregated information about the use of our Services. We may use Anonymous Information and/or disclose it to third parties for our business purposes and further use such anonymized data for internal business purposes, including, without limitation, to improve our Services and for research and development purposes.
- YOUR CUSTOMERS’ INFORMATION
Atera has a contractual relationship with its clients (“Client”). In the context of the Platform’s services, the Client can upload (at the Client’s discretion) information, technical data, and Personal Data to the Platform, which generally speaking belongs to the customers or users of the Client (“Client Users Information”).
For the avoidance of doubt, Atera is considered a “Processor” and the Client a “Controller” (as both such capitalized terms are defined in the European Union General Data Protection Regulation (“GDPR”)) of such Client’s Users Information. Atera is considered a “Service Provider” and the Client a “Business” (as both capitalized terms are defined in CCPA). Client is responsible for the security, integrity and authorized usage of Personal Data in the context of the Platform about the Client’s Users Information, and also for obtaining consents, permissions and providing any required data subject rights and fair processing notices required for the collection and usage of such Personal Data. Please note that Atera does not have any contractual relationship with the Client’s customers and users, therefore, Atera’s Clients are the responsible party for complying with all laws and regulations (including, without limitation, privacy laws) that apply to the collection and use of the Client’s Users Information. If you are a Client’s customer or user and have any questions about your Personal Data, please contact the Client directly.
If your use of our Services includes processing “personal data” that is subject to the GDPR or “personal information” that is subject to the CCPA, of Client Users Information, then the processing of such Clients Users Information shall be made in accordance with Atera’s Data Processing Addendum (“DPA”) that is available here.
- HOW WE PROTECT YOUR PERSONAL DATA
We have implemented appropriate technical, organizational and security measures designed to protect your Personal Data. However, please note that we cannot guarantee that the information will not be compromised as a result of unauthorized penetration to our servers. As the security of information depends in part on the security of the computer, device or network you use to communicate with us and the security you use to protect your user IDs and passwords, please make sure to take appropriate measures to protect this information.
- HOW WE RETAIN YOUR PERSONAL DATA
- WITH WHOM WE SHARE YOUR PERSONAL DATA
In addition to de descriptions from Section 1, we may share your Personal Data with the following categories of third parties:
- Vendors, Partners and Affiliates. Atera uses certain selected third parties to help us provide, improve, enhance, protect, and promote our Services. From time to time we may need to share your Personal Data with these parties. These include service providers of the following services: hosting / storage, email distribution and monitoring, authentication, marketing automation, logging and monitoring, data enrichment, sales engagement and automation, analytics and business intelligence, cookies and other targeting and re-targeting vendors, data and cyber security services, billing and payment processing services, fraud detection and prevention services, risk management, session recording and remote access services, and our legal and financial advisors and document management. Depending on the context, we may share the following categories of Personal Data with such third-party service providers for business purposes: identifiers, including name, alias, unique personal identifiers, online identifiers, IP addresses, business email addresses, or other similar identifiers, as well as information regarding services purchased, obtained, or considered.
- Atera affiliated companies. We may share your Personal Data internally within our affiliated companies, to the extent necessary to fulfill the purposes listed above.
- Team Admins and Team Members. If you are a member of a team, your administrator may have the ability to access and control your team account, and your Personal Data may be shared with your other team members and others. Please refer to your organization’s internal policies if you have questions about this.
- Third parties. You or your team administrators can also give or direct us to give Third Party Services access to your information and account – for example, via third-party CRM platforms. We also allow you to share your Personal Data with Third Party Services as requested or directed by you through the Services (e.g. sharing contact information with an add-on service or a payment processor). This Personal Data may include your full name, business email address and a unique ID number, and will be used by Atera and the applicable partner for the purposes of integrating between Atera’s platform and services and the partner’s add-on services, registering you to the partner’s add-on services, for providing the add-on or feature in question, providing support with respect to the partner’s add-on services and for billing purposes.
- In connection with a change in corporate control. Should Atera or any of its affiliates undergo any change of control, including by means of merger, acquisition or purchase of substantially all of its assets, or in the event of bankruptcy or a comparable event, your Personal Data (to the minimum extent required) may be shared with the parties involved in such event.
- WHERE WE STORE YOUR PERSONAL DATA AND ADDITIONAL INFORMATION ABOUT TRANSFERS OF GDPR PROTECTED PERSONAL DATA
- Your Personal Data is stored in data centers of our cloud-hosting third-party service providers that are located in the United States and the EU.
- Internal transfers of Personal Data within Atera. Transfers within the Atera group will be covered by an internal processing agreement between the Atera entities, which contractually obliges each entity to ensure that Personal Data receives an adequate level of protection.
- External transfers of Personal Data. Atera affiliates and third-party service providers that store or process Personal Data on Atera’s behalf are contractually committed to ensuring that Personal Data receives an adequate level of protection. If you are located in the EEA where we transfer your Personal Data outside of the EEA (for example, to third-party service providers for the purposes listed above), we will generally rely on either: (i) Adequacy Decisions adopted by the European Commission under Article 45 of the GDPR; or (ii) the Standard Contractual Clauses issued by the European Commission (or applicable mechanism adopted by the relevant competent authority).
- YOUR PRIVACY RIGHTS. HOW TO DELETE YOUR ACCOUNT
- Rights: The following rights (which may be subject to certain exemptions or derogations) shall apply to certain individuals (some of which only apply to individuals protected by the GDPR):
- You have a right to access Personal Data held about you. Your right of access may normally be exercised free of charge, however we reserve the right to charge an appropriate administrative fee where permitted by applicable law;
- You have the right to request that we rectify any Personal Data we hold that is inaccurate or misleading;
- You have the right to request the erasure/deletion of your Personal Data (e.g. from our records). Please note that there may be circumstances in which we are required to retain your Personal Data, for example for the establishment, exercise or defense of legal claims;
- You have the right to object, to or to request restriction, of the processing;
- You have the right to data portability. This means that you may have the right to receive your Personal Data in a structured, commonly used and machine-readable format, and that you have the right to transmit that data to another controller;
- You have the right to object to profiling;
- When we process your data on the basis of your consent, you have the right to withdraw your consent at any time. Please note that the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal;
- You also have a right to request certain details of the basis on which your Personal Data is transferred outside the European Economic Area, but data transfer agreements and/or other details may need to be partially redacted for reasons of commercial confidentiality;
- You have a right to lodge a complaint with your local data protection supervisory authority (i.e., your place of habitual residence, place or work or place of alleged infringement) at any time or before the relevant institutions in your place of residence. We ask that you please attempt to resolve any issues with us before you contact your local supervisory authority and/or relevant institution.
- You may have certain additional rights under local privacy laws applicable in your jurisdiction. To the extent such privacy laws apply to you, we will respect your rights and comply with such laws.
- You can exercise your rights by contacting us at [email protected]. Subject to legal and other permissible considerations, we will make every reasonable effort to honor your request within 30 days in accordance with applicable law or inform you if we require further information in order to fulfil your request. When processing your request, we may ask you for additional information to confirm or verify your identity and for security purposes, before processing and/or honoring your request. We reserve the right to charge a fee where permitted by law, for instance, if your request is manifestly unfounded or excessive. In the event that your request would adversely affect the rights and freedoms of others (for example, would impact the duty of confidentiality we owe to others) or if we are legally entitled to deal with your request in a different way than initially requested, we will address your request to the maximum extent possible, all in accordance with applicable law.
- Deleting your account: Should you ever decide to delete your account, you may do so by emailing [email protected]. If you terminate your account, any association between your account and Personal Data we store will no longer be accessible through your account.
- USE BY CHILDREN
Atera does not offer its products or services for use by children and, therefore does not knowingly collect personal information from minors who are under the age of 18 through the Services. If a parent or guardian becomes aware that his or her child has provided us with personally identifiable information without his/her consent, then he or she should contact Atera as described below. If we become aware that a child under the age of 18 has provided us with personally identifiable information, please contact us at [email protected] so we will delete such information.
- LINKS TO AND INTERACTION WITH THIRD PARTY SERVICES
Our Website and/or Services may enable you to interact with or contain links to your third-party accounts and other third-party websites, mobile software applications and products or services that are not owned or controlled by us (each a “Third Party Service”). We are not responsible for the privacy practices or the content of such Third Party Services. Please be aware that Third Party Services may collect Personal Data from you. Accordingly, we encourage you to read the terms and conditions and privacy policies of each Third Party Service that you choose to use or interact with.
- Our Services collect and store information that your browser automatically transmits to us in “server log files”. We use such information to analyze trends, administer our Services, and track the use of our Website.
- Analytic tools. We use the analytical tools listed below in order to improve our Services.
- Google reCaptcha. Our Platform uses “Google reCaptcha” (“reCAPTCHA”) solely for protection against unauthorized access to, and abusive automated crawling and spam of, our Platform by bots and other automated means. reCAPTCHA analyzes the behavior of visitors of the Platform’s log-in page based on various characteristics. This analysis starts automatically as soon as a Platform user reaches the log-in page, and it involves the evaluation of various information (e.g., device and application data, mouse movements and time spent in the log-in page, and the results of integrity checks). Such information is also shared with Google. We do not combine reCaptcha data with Personal Data we collect. For more information about Google’s use of information processed by reCaptcha and Google’s privacy practices, please visit: https://www.google.com/reCaptcha/about/ and https://policies.google.com/privacy
- Advertising Partners. Through our Website and/or Services, we allow third party advertising partners to set technologies and other tracking tools to collect information regarding your activities and your device (e.g., your IP address, website identifiers, page(s) visited, location, time of day). We also combine and share such information and other information with third party advertising partners. These advertising partners will use this information (and similar information collected from other websites) for purposes of delivering targeted advertisements to you when you visit third party websites within their networks. This practice is commonly referred to as “interest-based advertising” or “online behavioral advertising. We allow access to other data collected by the services to share information that may be useful, relevant, valuable or otherwise of interest to you.
- SPECIFIC PROVISIONS APPLICABLE UNDER CALIFORNIA PRIVACY LAW
- California privacy rights. If you are a California resident using the Services, the CCPA grant you the right:
- To request, in writing, access to and/or deletion of the specific Personal Data Atera collects about you.
- Please note that deletion requests are subject to different exceptions under California law, including (but not limited to) where the data is necessary for us to complete a transaction for which the Personal Data was collected, provide a service requested by you or otherwise perform a contract between us; detect security incidents; protect against malicious, deceptive, fraudulent or illegal activity (or prosecute those responsible); debug and repair functionality errors; enable solely internal uses aligned with consumer’s expectations; comply with a legal obligation.
- To request, in writing, that we disclose the categories of Personal Data we collect about you, the categories of sources they were collected from, the business or commercial purpose for the collection, and the categories of third parties with whom we have shared Personal Data.
- To request, in writing, a list of the categories of Personal Data, that Atera has disclosed to third parties during the immediately preceding calendar year for the third parties’ direct marketing purposes, together with the names and addresses of all such third parties.
- To know whether your Personal Data is sold (as such terms is defined under the CCPA) and to opt-out of such sale of your Personal Data
- Not to be discriminated against for exercising any of their rights under the CCPA.
- No discrimination. Atera does not discriminate against any client or user for exercising their rights under the CCPA.
- Do Not Track Signals. Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers to inform websites that they do not want to be tracked. We do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers, but we may allow third parties, such as companies that provide us with analytics tools, to collect personally identifiable information about an individual consumer’s online activities over time and across different web sites when a consumer uses the Website and/or Services.
Please note: In order to protect our clients’ and end users’ accounts and Personal Data and safeguard their privacy rights, we verify deletion and access requests, and to that extent, we may ask you, or your authorized agent, for additional information or documentation (depending on the case), such as account related information, and, in some cases, a copy of documents that can assist with verifying your identity. Authorized agents may also need to provide Atera with a copy of the consumer’s signed authorization designating them as their agent. Such identification documentation (if requested) will be used only for verification purposes and we will delete it after your request is processed.
- COMMUNICATION FROM ATERA
- Promotional Messages
We may use your Personal Data to send you promotional content and messages by e-mail, notifications within our platform, marketing calls and similar forms of communication from Atera or our partners (acting on Atera’s behalf) through such means.
If you do not wish to receive such promotional messages, you may notify Atera at any time or follow the “unsubscribe” or STOP instructions contained in the promotional communications you receive.
- Service and billing messages
Atera may also contact you with important information regarding our Services, or your use thereof. For example, we may send you a notice (through any of the means available to us) if a certain Service is temporarily suspended for maintenance; reply to your support ticket or e-mail; send you reminders or warnings regarding upcoming or late payments for your current or upcoming subscriptions; or notify you of material changes in our Services.
It is important that you are always able to receive such messages. For this reason, you are not able to opt-out of receiving such Service and Billing Messages unless you are no longer our user (which can be done by deactivating your account).
- CONTACT US
If you have any questions, concerns or complaints regarding our compliance with this notice and the data protection laws, or if you wish to exercise your rights, we encourage you to first contact us at [email protected].