Effective: 6th January 2023

Alliants Limited Privacy Notice

Purpose of this Privacy Notice

The purpose of this privacy notice is to explain what Personal Data we collect about you, how we use it, who we share it with, how long we keep it and what your rights are in relation to that Personal Data.

Please read this privacy notice carefully as it provides important information about how we handle your Personal Data and your rights. If you have any questions about any aspect of this privacy notice you can contact us using the information provided below under ‘How to contact us’.

Please revisit this privacy notice regularly, as we may change the content to reflect how we deliver our products and services. We last updated this privacy notice on the date shown above.

Definitions

Certain terms and abbreviations in this privacy notice have the meanings given below.

ADGM means the Abu Dhabi Global Market.

AXP means Alliants Experience Platform, an Application (App), which includes a web platform and a mobile platform.

Business Associate means a representative of an existing, former or potential client of ours.

CCPA means California Consumer Privacy Act.

CPA means the Colorado Privacy Act.

CPRA means the California Privacy Rights Act.

Consulting Services means the services we provide to our clients, including Customer Experience, Data and Analytics, Software Development and Technology Consulting. 

CDPA means the Consumer Data Protection Act in Virginia.

Controller means the natural person or legal entity that decides the means and purposes for processing the Personal Data.

CTDPA means the Connecticut Act Concerning Personal Data Privacy and Online Monitoring.

DIFC means the Dubai International Financial Centre.

DPL means Dubai’s Data Protection Law No.5 of 2020.

DPA 2018 means the Data Protection Act 2018.

DPR 2020 means the DIFC Data Protection Regulations 2020.

DPR 2021 means the ADGM Data Protection Regulations 2021.

Entrusted Party is defined in the PIPL and means the legal entity or natural person that processes Personal Data on behalf of and in accordance with instructions from a Controller in accordance with the PIPL.

EU GDPR means the EU General Data Protection Regulation.

ICO means the Information Commissioner’s Office, the supervisory authority in the United Kingdom.

Kominfo Regulation 20 means the Indonesian Regulation No. 20 of 2016 on Personal Data Protection in Electronic System.

LTAs means Luxury Travel Agencies, which are our clients.

OPDPL means Oman’s Personal Data Protection Law.

PA means Australia’s Privacy Act.

PDP means Bahrain’s Law No. (30) of 2018 concerning the Protection of Personal Data.

PDPIR means Saudi Arabia’s Personal Data Protection Interim Regulations.

PDPL means UAE’s Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data Protection.

Personal Data is defined in the UK GDPR and the EU GDPR and means any information from which you can be identified, either directly or indirectly. For example, your name or an online identifier. 

Personal Information Processing Entity is defined in the PIPL and means the legal entity or natural person that determines the means and purposes for processing the Personal Data.

PIPEDA means Canada’s Personal Information Protection and Electronic Documents Act.

PIPL means China’s Personal Information Protection Law.

Property and Properties means hotel(s) and residency(ies), which are our clients.

Processor means the natural person or legal entity that processes Personal Data on behalf of the Controller. 

Product means the Alliants Experience Platform (AXP) App, which is a messaging platform we provide to our clients including Properties, Luxury Travel Agencies and logistics service providers.

UK GDPR means the UK General Data Protection Regulation.

Users means users of our AXP App, for example the staff of the clients we have provided the AXP App to and the guests at Properties and users of Luxury Travel Agencies.

Who we are and what we do

Who we are

We are Alliants Limited (“Alliants”, “us”, “we”, “our”). We are a limited company registered in England and Wales under registration number 6868886 and we have our registered office at Fryern House, 125 Winchester Road, Chandlers Ford, SO53 2DR. We are registered with the UK supervisory authority, ICO, in relation to our processing of Personal Data under registration number Z2906616.

What we do

We provide our Consulting Services to a wide range of organisations across numerous industries, including the hospitality sector, education and retail. 

We provide our AXP App to various businesses including Properties, LTAs and logistics service providers, enabling them to deliver exceptional experiences to their customers. For example, Properties use the AXP App as a concierge and messaging service to enable their employees to easily and efficiently communicate with each other and with their guests. LTAs use the AXP App to connect with their customers and create a perfect travel itinerary for them.

Controllers and Processors

We are the Controller of the Personal Data we collect for our own purposes and we are a Processor in respect of the Personal Data we process on behalf of our Controller clients, such as Properties, LTAs and logistics service providers. The terms Controller and Processor are defined in the UK GDPR and the EU GDPR and in our definitions section above. 

We are a Processor of your Personal Data if you are a User of the AXP App and the Controllers are the Properties, LTAs or logistics service providers etc you have engaged with.   The Controllers decide how your Personal Data is processed, not Us. Please contact them for further details in relation to this. 

That said, if you are a Business Associate, as well as a User of the AXP App because, for example, you are an employee of a Property, a LTA or logistics service provider, we will be the Controller in respect of your contact information. For further information see the section entitled ‘Personal Data we collect’, and the table within the section entitled ‘Purposes, retention periods and lawful bases’.

For everyone else mentioned in this Privacy Notice, we are the Controller.

Who this Privacy Notice applies to

This Privacy Notice applies to you if:

  • You visit our website
  • We send our newsletters to you or otherwise contact you to promote our products and/or services 
  • You enquire about our products and/or services or request a demo
  • You are a Business Associate of ours
  • You are a User of the AXP App.

Security of your Personal Data

All Personal Data that we hold about you will be stored and processed securely by us. We are committed to protecting the privacy and security of the Personal Data we process about you and will comply with all applicable data protection legislation.

We have implemented appropriate technical and organisational measures to safeguard your Personal Data and protect it from accidental or unlawful destruction, loss or alteration and from unauthorised disclosure or access. Further, we have put in place procedures to deal with any Personal Data breach and will notify you and the relevant supervisory authority where we are legally required to do so.

For the security measures of the third-party providers we engage, we refer you to the links shown above under ‘Sharing your Personal Data’.

Personal Data we collect

The type of Personal Data we collect about you will depend on our relationship with you.

Website Visitors and Users of Social Media

If you visit our website, we will collect information about your engagement with us online via our cookies and similar technologies such as your IP address and geographical location. See our Cookie Policy for more information on our use of cookies and similar technologies.

Social Media Widgets

Our website includes social media features such as the Facebook and LinkedIn “Like” buttons and might include widgets such as the ‘share’ button or other interactive mini-programs. These features may collect your IP address, which page(s) you are visiting on our website and may set a cookie to enable the specific feature to function properly. These social media features are either hosted by a third party or hosted directly on our website. Your interactions with these features are governed by the privacy policy of the company providing it.

Analytics

If you consent, we may also collect information about you using cookies. For example, we may use Google Analytics and Google Analytics Demographics to collect information regarding visitor behaviour and visitor demographics on some of our services, and to develop website content.

See our Cookie Policy for more information on our use of cookies and similar technologies.

Business Associates etc

If you enquire about our products and/or services, request a demo and/or are a Business Associate of ours we will collect your contact details such as your name, job title, name of the company you work for, work email address, work phone number and information about which products and/or services you are interested in.

If we send our newsletters to you or otherwise contact you to promote our products and/or services, we will collect your contact details such as your name, job title, the name of the company you work for, work email address and work phone number. We will also collect information relating to whether or not you have opened our emails and clicked on links provided. We use Pardot for this. (See the section below on email marketing for further details and see our Cookie Policy for more information on our use of cookies and similar technologies.)

Users of the AXP App

If you are a User of our AXP App, we will collect information as follows:

Information you provide directly to us

When you engage in certain activities, such as registering, requesting services, or contacting us directly, we may ask you to provide some or all of the following types of information:

  • Contact information, such as full name, address, email address, mobile phone number and, in some cases, another type of unique identifier;
  • Reservation information, such as confirmation number, room number, arrival date and departure date;
  • Demographic information, such as your gender, date of birth and details about your personal preferences;
  • Payment information, such as credit card number, expiration date, and credit card security code where needed to complete a transaction;
  • Requests and other correspondence you send to us;
  • Username and password you choose for using the AXP App.

You may choose not to provide information to us directly. However, some of this information is needed for you to use certain functions of the AXP App such as registering or requesting services from Properties, LTAs and logistics service providers. Please do not enter private or sensitive information into the AXP App which is not required.

Analytics in the AXP App

If you consent, we may collect certain information automatically through your use of the AXP App, such as:

Location information as provided by your device or browser, such as your device's GPS signal or information about nearby WiFi access points;

Your Internet Protocol (IP) address, cookie identifiers, mobile advertising identifiers, and other device identifiers that are automatically assigned to your computer or device when you access the Internet;

Information about your device such as browser type, operating system, and Internet service provider; and

Information about your visit to our web platform such as pages that you visit before and after using the AXP App, the date and time of your visit, the amount of time you spend on each page, information about the links you click and pages you view within the AXP App, and other actions taken through use of the AXP App.

We use Intercom for this. See our Cookie Policy for more information on our use of cookies and similar technologies.

Information we obtain from other sources

Our clients that use the AXP App, send us User information regarding communications, requests, maintenance, and other service delivery. We may also obtain information about you from other third-party services and organisations to enhance your experience. Additionally, Properties may use additional technologies such as in-room entertainment to send to us service requests, which may contain Personal Data.

Other

We will also collect any other information you provide to us.

Email marketing and e-newsletters

We send e-newsletters and marketing emails to people who have opted in to receive these communications. We also send them to Business Associates who have shown an interest in our products and services and to organisations we consider may be interested in what we can offer.  You can opt-out at any time as we provide an unsubscribe button in every communication. 

We gather statistics around email opening and clicks using industry standard technologies including single pixel gifs to help us monitor and improve our e-newsletters and email marketing. We use Pardot for this. (See our Cookie Policy for more information on our use of cookies and similar technologies.

How we collect your Personal Data

We collect your Personal Data directly from you when you:

  • visit our website: alliants.com
  • use our AXP App
  • use our Consulting Services
  • engage with us as a Business Associate
  • sign up to our newsletters
  • enquire about our products and/or services or request a demo.

We may also collect your Personal Data by telephone, at trade fairs, through project work and from social media platforms such as LinkedIn and from bought in lists.

Purposes, retention periods and lawful bases

We will keep your Personal Data in accordance with the retention periods set out in the table below, following which we will permanently and securely destroy it. 

We will only use your Personal Data when the law allows. Most commonly, we will use your personal information in the following circumstances:

Type of Individual

Type of Personal Data

Purpose of Processing

Lawful Basis

Retention Period

Any of the individuals referred to above

First name, last name, job title, company name, work email address and/or work phone number.

To enforce or manage legal claims.

Legal obligation

For as long as is necessary

Any of the individuals referred to above

First name, last name, job title, company name, work email address and/or work phone number.

To respond to requests for information by competent public bodies and judicial authorities.

Legal obligation

For as long as is necessary

Any of the individuals referred to above

First name, last name, job title, company name, work email address and/or work phone number. Date of birth, gender, National Insurance number, marital status, home address, bank account details.

To perform accounting and administrative tasks.

Legal obligation

7 years from date of last financial year

Any of the individuals referred to above

First name, last name, job title, company name, work email address and/or work phone number.

For audit and reporting purposes, including internal and external investigations.

Legal obligation

7 years from date of last financial year

Website visitors

Using Google Analytics tracking data, we collect the following information.

ClientID, UserID, IP address, Time of visit, pages visited, time spent on each webpage, referring site details (URL), Type of web browser, Type of operating system (OS), Flash version, JavaScript support, screen resolution, screen colour processing ability, Network location, document downloads, clicks on links leading to external websites, errors from forms, clicks on videos, scroll depth, interactions with site-specific widgets. Age, gender and interest categories.

We may use your Personal Data to create anonymised information and aggregated information, such as de-identified demographic information, de-identified location information, information about the computer or device from which you access the services, or other analyses, for a number of purposes, including the measurement of website visitors’ interest in and use of various portions or features of the website. Anonymised or aggregated information is not Personal Data, and we may use such information in a number of ways, including research, internal analysis, analytics and any other legally permissible purposes.

Consent

Varies per cookie. See our Cookie Policy

Website visitors

First name, last name, job title, company name, work email address and/or work phone number.

Conduct surveys, research and evaluations.

Legitimate interests or consent where required

3 years from the date of last meaningful contact

Business Associates

First name, last name, job title, company name, work email address and/or work phone number.

By submitting your details via 3rd party advertising platforms, we will send you content and communications that you have requested or which are necessary for fulfilling our contractual obligations to our client.

Legitimate interests

3 years from date of last meaningful contact

Website visitors

First name, last name, job title, company name, work email address and/or work phone number.

By submitting your details via our website forms, we will send you content and communications that you have requested or which are necessary for fulfilling our contractual obligations to our client.

Legitimate interests

3 years from the date of last meaningful contact

Website visitors

Using Google Analytics tracking code, we collect the following information.

ClientID, UserID, IP address, Time of visit, pages visited, time spent on each webpage, referring site details (URL), Type of web browser, Type of operating system (OS), Flash version, JavaScript support, screen resolution, screen colour processing ability, Network location, document downloads, clicks on links leading to external websites, errors from forms, clicks on videos, scroll depth, interactions with site-specific widgets. Age, gender and interest categories.

Analyse your use of our website to improve your experience and develop new services.

Consent

Varies per cookie. See our Cookie Policy

Business Associates

First name, last name, job title, company name, work email address and/or work phone number.

Conduct surveys, research and evaluations.

Legitimate interests or consent where required

3 years from date of last meaningful contact

Business Associates

First name, last name, company name, work email address.

To send you newsletters and/or other marketing material.

Legitimate interests

3 years from the date of last meaningful contact

Business Associates

First name, last name, job title, company name, work email address and/or work phone number.

To administer the contract for our client contract.

Legitimate interests

6 years from the date the contract with your employer / our client is terminated

Business Associates

First name, last name, job title (if provided), work email address and company name.

To book and deliver a demo at your request.

Legitimate interests

2 years from the date of last meaningful contact

Business Associates

First name, last name, job title (if provided), company name, work email address and/or work phone number and reason for contacting us.

To answer your query/enquiry.

Legitimate interests

2 years from the date of last meaningful contact

Users of the AXP App

(who are employees of our client Property or LTA or logistics service providers)

First name, last name, company name, job title, work email address, work phone number and in some cases, another type of unique identifier.

To send you content and communications that you have requested or which are necessary for fulfilling our contractual obligations with our client Property, LTA or logistics services providers.

Legitimate interests

1 month from the date our contract with the Property, LTA or logistics service provider is terminated, unless otherwise agreed with a Property, LTA or logistics service provider

Users of the AXP App

(who are employees of our client Property or LTA or logistics service providers)

First name, last name, company name, job title, work email address, work phone number and in some cases, another type of unique identifier.

To provide you with materials about offers, products, and services offered by us, including new content or services.

Legitimate interests

1 month from the date our contract with the Property, LTA or logistics service provider is terminated, unless otherwise agreed with a Property, LTA or logistics service provider

Users of the AXP App

(who are employees of our client Property or LTA or logistics service providers)

First name, last name, company name, job title, work email address, work phone number, profile picture and in some cases, another type of unique identifier.

For any other activities that are necessary to support our contractual obligations with our client Property, LTA or logistics services providers.

Legitimate interests

1 month from the date our contract with the Property, LTA or logistics service provider is terminated, unless otherwise agreed with a Property, LTA or logistics service provider

Users of the AXP App

(who are employees of our client Property or LTA or logistics service providers)

First name, last name, company name, job title, work email address, work phone number, profile picture and in some cases, another type of unique identifier.

To enable you to communicate with your employer’s customers.

Legitimate interests

1 month from the date our contract with the Property, LTA or logistics service provider is terminated unless otherwise agreed with a Property or LTA

Users of the AXP App

(who are customers of a client Property or LTA)

Personal Data such as full name, address, email address, mobile phone number and, in some cases, another type of unique identifier.

Reservation information, such as confirmation number, room number, arrival date and departure date.

Request Information such as booking reference and confirmation number.

For any other activities that are necessary to support our contractual obligations to our client Property, LTA or logistics services provider.

Legitimate interests

1 month from the date our contract with the Property or LTA is terminated, unless otherwise agreed with a Property or LTA

Users of the AXP App

(who are customers of a client Property or LTA)

Payment data, payment token, billing address, card holder name, email address, phone number.

In order to process payments for products and services.

Contract

1 month from the date our contract with the Property or LTA is terminated, unless otherwise agreed with a Property or LTA

Users of the AXP App

(who are employees of a Property, LTA or logistics service providers)

First name, last name, email, job title, in some cases, another type of unique identifier.

To send you content and communications that you have requested or which are necessary for fulfilling our contractual obligations with our client Properties, LTA or logistics service providers.

Legitimate interests

1 month from the date our contract is terminated with the Property, LTA or logistics service provider,  unless otherwise agreed with a Property, LTA or logistics service provider

Users of the AXP App

(who are customers of a Property or LTA)

Personal Data such as full name, address, email address, mobile phone number and, in some cases, another type of unique identifier.

Reservation information, such as confirmation number, room number, arrival date and departure date.

Request Information such as booking reference, confirmation number.

To send you content and communications that you have requested or which are necessary for fulfilling our contractual obligations with our client Properties or LTA.

Legitimate interests

1 month from the date our contract with the Property or LTA is terminated, unless otherwise agreed with a Property or LTA

Users of the AXP App

(who are customers of a Property or LTA)

Personal Data such as full name, address, email address, mobile phone number and, in some cases, another type of unique identifier.

Reservation information, such as confirmation number, room number, arrival date and departure date.

Request Information such as booking reference, confirmation number.

To provide customized content and make recommendations that would improve your experience with the  Property or LTA. This includes, for example, preselecting the Property you are visiting when you open the AXP App based on the information you have provided.

Legitimate interests

1 month from the date our contract with the Property or LTA is terminated, unless otherwise agreed with a Property or LTA

Sharing your Personal Data

Marketing

In order to deliver our e-newsletters and email campaigns, we use third-party providers, namely Pardot and Salesforce

We also use these providers to send updates about our products to registered Users of our products. 

We will ensure that we have entered into data processing agreements with the service providers which means that they can only process your Personal Data in accordance with our instructions and the applicable data protection legislation and they will not be able to use it for their own purposes.

Authorised Third-Party Vendors and Service Providers

We may share Personal Data with third-party vendors and service providers (including sub-processors) that provide business services to us or on our behalf, such as IT services, hosting services, payment processing services. Payment information will be used and shared only to effectuate your order and may be stored by a service provider for purposes of future orders. We prohibit our service providers from using or sharing your Personal Data except as necessary to perform the contracted services on our behalf or to comply with applicable legal requirements.

As mentioned above, we use Google Analytics. For more information about Google Analytics, please visit Google's Privacy & Terms. You can opt out of Google’s collection and processing of data generated by your use of the Services by going to Google Analytics Opt-out Browser Add-on.

We also use Intercom on our AXP App for the purposes of analytics. Please see our Cookie Policy for more information on our use of cookies and similar technologies.

Properties and LTA

If you are a customer of a Property or LTA, we will share your Personal Data with the Property or LTA  you visit/use. We do not control the privacy practices of these Properties and their information practices are not covered by this Privacy Notice. We recommend that you refer to the Privacy Notice for each Property and LTA that you visit/use.

Legal Purposes

We may disclose Personal Data to respond to subpoenas, court orders, legal process, law enforcement requests, legal claims or government inquiries, and to prevent fraud and to protect and defend the rights, interests, safety, and security of us, our users, or the public.

Anonymous and Aggregated Information

We may share anonymous or aggregated information within Alliants and with third parties for our or their purposes in an anonymized or aggregated form that is designed to prevent anyone from identifying you.

International transfers

The Personal Data we collect from you when you visit our website or AXP App, make a purchase from us, enquire about our products and/or services, request a demo or sign up to receive our newsletters may be processed outside of the UK and the EEA. This is because the service providers we use to provide these functions are based outside the UK and the EEA. 

We have taken appropriate steps to ensure that the personal data processed outside the UK and the EEA has an essentially equivalent level of protection as it has within the UK and the EEA. We do this by ensuring that:

  • Your Personal Data is only processed in a country that has adequacy status or
  • We ensure appropriate safeguards are in place to protect your personal data when it is transferred to the providers. For transfers from the UK we will use International Data Transfer Agreements (“IDTAs”) , for transfers from the EEA we will use the new EU Standard Contractual Clauses (“SCCs”) and for transfers of data from the EEA and the UK, we will use the new SCCs, together with the International Data Transfer Addendum (“IDT Addendum”). These contracts will be supplemented by additional safeguards, where necessary.

Your rights and how to complain

You have certain rights in relation to the processing of your Personal Data. These rights will vary depending on where you are located. 

To exercise your rights or to complain to us, please contact us using the details set out in the section entitled ‘Contacting us and exercising your rights’. To complain to your supervisory authority (where applicable) see the details set out below for your location.

If you are in the UK or the EEA

If you reside in the UK or the EU you have the following rights under the UK GDPR and the EU GDPR respectively:

  • Right to be informed. You have the right to know details such as what personal data we collect about you, who we share it with, how we use it, for what purpose and how long we keep it. We use our privacy notice to explain this.
  • Request access to your Personal Data (commonly known as a “Subject Access Request”). This enables you to receive a copy of the Personal Data we hold about you.
  • Request rectification of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where you have exercised your right to object to processing (see below).
  • Object to processing of your Personal Data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. If you object to us using your Personal Data for marketing purposes, we will stop sending you marketing material. 
  • Request the restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of your Personal Data, for example if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of your Personal Data to another party (data portability).
  • Automated decision-making. You have the right not to be subject to a decision based solely on automated processing which will significantly affect you. We do not use automated decision-making.  
  • Right to withdraw consent. If you have provided your consent to the processing of your Personal Data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we are permitted by law.
  • Right to complain. You have the right to lodge a complaint with the relevant supervisory authority, if you believe we are infringing the applicable data protection legislation or you are concerned about the way in which we are handling your Personal Data. The supervisory authority in the UK is the Information Commissioner’s Office who can be contacted online at:
  • Contact the ICO or by telephone on 0303 123 1113
  • For supervisory authorities in other countries within the EU, visit: https://edpb.europa.eu/about-edpb/about-edpb/members_en

If you are in America

If you are in California

If you live in California, you have the following rights under the California Consumer Privacy Act (“CCPA”), as amended by the California Privacy Rights Act (“CPRA”)

This comes into force on 1 Jan 2023

The CCPA (as amended) provides California residents certain rights related to their Personal Data. You have the right to:

  • know what Personal Data we collect about you;
  • request a copy of the Personal Data we have about you;
  • require that we delete your Personal Data;
  • request that we correct any inaccurate Personal Data we have about you;
  • request that we limit the use and disclosure of Personal Data that we have about you which is sensitive (as defined in the CPRA);
  • know whether we sell your Personal Data and whether we disclose your data to anyone;
  • object to the sale of your Personal Data; and
  • not be discriminated against because you exercised your rights under the CCPA.

We do not sell or disclose your Personal Data for monetary gain or any valuable consideration. We do not use the Personal Data collected by our clients about you for our own purposes. We provide operations software to our clients and they use your Personal Data to provide services to you.

The Personal Data we collect about you is set out above under ‘Personal Data we collect’. 

Complaints

If you are concerned about the way in which we are handling your Personal Data, you can submit a complaint to your supervisory authority, the California Privacy Protection Agency who can be contacted online at:

If you are in Colorado

If you live in Colorado, from 1st July 2023 you have the following rights under the Colorado Privacy Act (“CPA”):

  • Right to be informed. You have the right to know details such as what personal data we collect about you, who we share it with, how we use it, for what purpose and how long we keep it. We use our privacy notice to explain this.
  • Right of access (commonly known as a “Subject Access Request”). You have the right to access and receive a copy of the Personal Data we hold about you.
  • Right to rectification. You have the right to have any incomplete or inaccurate information we hold about you corrected.
  • Right to erasure (commonly known as the right to be forgotten). You have the right to ask us to delete or de-identify your Personal Data.
  • Right to opt out. You have the right to opt out of us processing your Personal Data for the purposes of targeted advertising and for the sale of your Personal Data.
  • Right to portability. You have the right to ask us to transfer your Personal Data to another party.
  • Automated decision-making. You have the right not to be subject to a decision based solely on automated processing which will significantly affect you. We do not use automated decision-making. 
  • Right not to be discriminated against for exercising your rights.
  • Right to appeal if we refuse to process your request to exercise your rights.
Complaints

If you are concerned about the way in which we are handling your Personal Data, you can submit a complaint to the Office of the Attorney General for Colorado who can be contacted at:

  • https://coag.gov
  • Department of Law, Ralph L. Carr Judicial Building, 1300 Broadway, 10th Floor Denver, CO 80203
  • Phone: +1 720-508-6000
If you are in Connecticut

If you live in Connecticut, from 1st July 2023 you have the following rights under the Connecticut Act Concerning Personal Data Privacy and Online Monitoring (“CTDPA”):

  • Right to be informed. You have the right to know details such as what personal data we collect about you, who we share it with, how we use it, for what purpose and how long we keep it. We use our privacy notice to explain this.
  • Right of access (commonly known as a “Subject Access Request”). You have the right to access and receive a copy of the Personal Data we hold about you.
  • Right to rectification. You have the right to have any incomplete or inaccurate information we hold about you corrected.
  • Right to erasure (commonly known as the right to be forgotten). You have the right to ask us to delete or de-identify your Personal Data.
  • Right to opt out. You have the right to opt out of us processing your Personal Data for the purpose of targeted advertising and the sale of your Personal Data.
  • Right to portability. You have the right to ask us to transfer your Personal Data to another party.
  • Automated decision-making. You have the right not to be subject to a decision based solely on automated processing which will significantly affect you. We do not use automated decision-making. 
  • Right not to be discriminated against for exercising your rights.
  • Right to appeal if we refuse to process your request to exercise your rights. 
Complaints

If you are concerned about the way in which we are handling your Personal Data, you can submit a complaint to the Office of the Attorney General for Connecticut who can be contacted at:

If you are in Utah

If you live in Utah, from 31st December 2023 you have the following rights under the Utah Consumer Privacy Act (“UCPA”):

  • Right to be informed. You have the right to know details such as what personal data we collect about you, who we share it with, how we use it, for what purpose and how long we keep it. We use our privacy notice to explain this.
  • Right of access (commonly known as a “Subject Access Request”). You have the right to access and receive a copy of the Personal Data we hold about you.
  • Right to erasure (commonly known as the right to be forgotten). You have the right to ask us to delete or de-identify your Personal Data.
  • Right to opt out to processing. You have the right to opt out of us processing your Personal Data for the purposes of targeted advertising or sale of Personal Data.
  • Right to portability. You have the right to ask us to transfer your Personal Data to another party.
  • Automated decision-making. You have the right not to be subject to a decision based solely on automated processing which will significantly affect you. We do not use automated decision-making. 
  • Right not to be discriminated against for exercising your rights.
Complaints

If you are concerned about the way in which we are handling your Personal Data, you can submit a complaint to the Office of the Attorney General for Utah who can be contacted at:

If you are in Virginia

If you live in Virginia, from 1st January 2023 you have the following rights under the Consumer Data Protection Act (“CDPA”):

  • Right to be informed. You have the right to know details such as what personal data we collect about you, who we share it with, how we use it, for what purpose and how long we keep it. We use our privacy notice to explain this.
  • Right of access (commonly known as a “Subject Access Request”). You have the right to access and receive a copy of the Personal Data we hold about you.
  • Right to rectification. You have the right to have any incomplete or inaccurate information we hold about you corrected.
  • Right to erasure (commonly known as the right to be forgotten). You have the right to ask us to delete or de-identify your Personal Data.
  • Right to opt out. You have the right to opt out of us processing your Personal Data for the purposes of targeted advertising and the sale of your Personal Data.
  • Right to portability. You have the right to ask us to transfer your Personal Data to another party.
  • Automated decision-making. You have the right not to be subject to a decision based solely on automated processing which will significantly affect you. We do not use automated decision-making. 
  • Right not to be discriminated against for exercising your rights.
  • Right to appeal if we refuse to process your request to exercise your rights.
Complaints

If you are concerned about the way in which we are handling your Personal Data, you can submit a complaint to the Office of the Attorney General for Virginia who can be contacted at:

If you are in Abu Dhabi, Dubai or other countries in the United Arab Emirates (“UAE”)

If you reside in Abu Dhabi, you have the following rights under the Data Protection Regulations 2021 (“DPR 2021”) which apply to the Abu Dhabi Global Market (“ADGM”).

If you reside in Dubai, you have the following rights under the Dubai International Financial Centre (“DIFC”) Data Protection Law No.5 of 2020 (“DPL”) and the Data Protection Regulations 2020 (“DPR 2020”)

If you reside in any other countries within the UAE, you have the following rights under the Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data Protection (“PDPL”).

  • Right to be informed. You have the right to know details such as what personal data we collect about you, who we share it with, how we use it, for what purpose and how long we keep it. We use our privacy notice to explain this.
  • Request access to your Personal Data (commonly known as a “Subject Access Request”). This enables you to receive a copy of the Personal Data we hold about you.
  • Request rectification of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where you have exercised your right to object to processing (see below).
  • Object to processing of your Personal Data in certain circumstances.
  • Request the restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of your Personal Data, for example if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of your Personal Data to another party (data portability).
  • Automated decision-making. You have the right not to be subject to a decision based solely on automated processing which will significantly affect you. We do not use automated decision-making.
Complaints

If you believe we are infringing the applicable data protection legislation or you are concerned about the way in which we are handling your Personal Data, you can lodge a complaint with the relevant supervisory authority. Their contact details are set out below:

Dubai

Abu Dhabi

  • The Office of Data Protection, Authorities Building, ADGM Square, Al Maryah Island, Abu Dhabi, UAE
  • Data.Protection@adgm.com

United Arab Emirates

For the first two years of its operation, the Telecommunications and Digital Government Regulatory Authority (“TDRA”) will provide the Data Office with administrative and logistical support.

The TDRA can be contacted as follows: 

  • Al Salam St - Abu Dhabi - UAE
  • Al Wuheida Rd, Hor Al Anz East - Dubai - UAE
  • Email: info@tdra.gov.ae
  • Customer care: 80012
  • Fax: 0097147772229

If you are in Australia

Privacy Act

If you reside in Australia, you have the following rights:

  • You have the right to request access to your Personal Data
  • You have the right to correct inaccuracies in your Personal Data.
  • You have the right to stop receiving unwanted direct marketing.
  • You can also make a complaint about us to the Office of the Australian Information Commissioner if you think we have mishandled your Personal Data.

If you are in Bahrain

If you reside in Bahrain, you have the following rights under the Law No. (30) of 2018 concerning the Protection of Personal Data (“PDP”)

  • Right to be informed. You have the right to know details such as what personal data we collect about you, who we share it with, how we use it, for what purpose and how long we keep it. We use our privacy notice to explain this.
  • Request rectification of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where you have exercised your right to object to processing (see below).
  • Object to processing of your Personal Data in certain circumstances including processing your Personal Data for direct marketing purposes, making the Personal Data publicly available and processing causing material or psychological damage to you or others.
  • Automated decision-making. You have the right not to be subject to a decision based solely on automated processing which will significantly affect you. We do not use automated decision-making.
Complaints

If you believe we are infringing the applicable data protection legislation or you are concerned about the way in which we are handling your Personal Data, you can lodge a complaint with the Data Protection Authority for Bahrain who can be contacted at:

If you are in Canada

Personal Information Protection and Electronic Documents Act (“PIPEDA”)

If you reside in Canada, you have the following rights:

  • You have the right to access your Personal Data (subject to limited exceptions)
  • You have the right to correct inaccuracies in/update your Personal Data.
  • You have the right to withdraw consent in certain circumstances.
Complaints

If you believe we are infringing the applicable data protection legislation or you are concerned about the way in which we are handling your Personal Data, you can lodge a complaint with the Privacy Commissioner for Canada who can be contacted at:

  • Office of the Privacy Commissioner, 30 Victoria Street, Gatineau, Quebec, J8X 0A8
  • www.priv.gc.ca

If you are in China

Personal Information Protection Law (“PIPL”)

If you reside in the People’s Republic of China, you have the following rights:

  • You have the right to know and decide upon Personal Data Processing.
  • You have the right of access to your Personal Data and can request copies of it and information about our processing of it.
  • If the Personal Data we hold about you is incorrect or incomplete, you can ask us to rectify or add to it.
  • You have the right to request that your Personal Data is deleted, in certain circumstances.
  • You have the right to object and have the right to restrict the use of your Personal Data in certain circumstances.
  • You have the right not to be subject to a decision based solely on automated processing.
  • You have the right to portability, subject to conditions stipulated by the Cyberspace Administration of China.
  • Where we are processing your Personal Data with your consent you can withdraw your consent at any time. If you withdraw your consent, we may not be able to provide you with access to certain specific functionalities of the Service.
  • You have the right to ask Entrusted Parties to explain their processing rules on data subjects’ requests.
  • The close relatives of a deceased data subject also have certain rights.
  • You can also raise a complaint with the Cyberspace Administration of China (Address: Beijing Website: https://www.cac.gov.cn), the relevant State Council departments or relevant departments of local governments at county-level and higher.

If you are in Hong Kong

If you live in Hong Kong, we comply with the Personal Data (Privacy) Ordinance (Cap.486) (“PDPO”) 

You have the following rights in relation to the processing of your Personal Data:

  • Right to be informed. You have the right to know details such as what personal data we collect about you, who we share it with, how we use it, for what purpose and how long we keep it. We use our privacy notice to explain this.
  • Right of access (commonly known as a “Subject Access Request”). You have the right to access and receive a copy of the Personal Data we hold about you.
  • Right to rectification. You have the right to have any incomplete or inaccurate information we hold about you corrected.
  • Right to cease using your Personal Data for marketing. You have the right to ask us to stop using your Personal Data for marketing purposes. 
Complaints

If you are concerned about the way in which we are handling your Personal Data, you can contact the supervisory authority for Hong Kong whose contact details are:

  • Office of the Privacy Commissioner for Personal Data (the “Privacy Commissioner”), Room 1303, 13/F, Dah Sing Financial Centre, 248 Queen's Road East, Wanchai, Hong Kong.
  • Telephone: +852 2827 2827

If you are in Indonesia

If you live in Indonesia you have the following rights under Regulation No. 20 of 2016 on Personal Data Protection in Electronic System (“Kominfo Regulation 20”).

  • Right to be informed. You have the right to know details such as what personal data we collect about you, who we share it with, how we use it, for what purpose and how long we keep it. We use our privacy notice to explain this.
  • Right of access (commonly known as a “Subject Access Request”). You have the right to access and receive a copy of the Personal Data we hold about you.
  • Right to rectification. You have the right to have any incomplete or inaccurate information we hold about you corrected.
  • Right to erasure (commonly known as the right to be forgotten). You have the right to ask us to delete or de-identify your Personal Data.
  • Right to object. You have the right to object to us processing your Personal Data in certain circumstances.
Complaints

The data protection laws pertaining to data held electronically are mainly enforced by the Ministry of Communication and Information ("Menkominfo").

If you are in New Zealand

If you live in New Zealand, we comply with New Zealand’s Privacy Act 2020.

You have the following rights in relation to the processing of your Personal Data, including to:

  • Right to be informed. You have the right to know details such as what personal data we collect about you, who we share it with, how we use it, for what purpose and how long we keep it. We use our privacy notice to explain this.
  • Right of access (commonly known as a “Subject Access Request”). You have the right to access and receive a copy of the Personal Data we hold about you.
  • Right to rectification. You have the right to have any incomplete or inaccurate information we hold about you corrected.
Complaints

If you are concerned about the way in which we are handling your Personal Data, you can contact the Office of the Privacy Commissioner of New Zealand (OPC”) whose contact details are:

  • Office of the Privacy Commissioner, Level 8, 109-111 Featherston Street, Wellington 6143
  • www.privacy.org.nz 

If you are in Oman

If you reside in Oman you have the following rights under the Personal Data Protection Law (“OPDPL”):

  • Right to be informed. You have the right to know details such as what personal data we collect about you, who we share it with, how we use it, for what purpose and how long we keep it. We use our privacy notice to explain this.
  • Request access to your Personal Data (commonly known as a “Subject Access Request”). This enables you to receive a copy of the Personal Data we hold about you.
  • Request rectification of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where you have exercised your right to object to processing (see below).
  • Request the transfer of your Personal Data to another party (data portability).
  • Right to withdraw consent. If you have provided your consent to the processing of your Personal Data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we are permitted by law.
  • Right to complain. If you believe we are infringing the applicable data protection legislation or you are concerned about the way in which we are handling your Personal Data, you have the right to lodge a complaint with The Ministry of Transport, Communications and Information Technology, who can be contacted at:
  • 4th Floor, Block 5, Bowshar, Muscat, Sultanate of Oman
  • Phone +968 24 68 50 00 
  • Fax : +96824685757 
  • Sultanate of Oman Email: info@mtcit.gov.om 

If you are in Saudi Arabia

If you reside in Saudi Arabia you have the following rights under the Personal Data Protection Interim Regulations (“PDPIR”)

  • Right to be informed. You have the right to know details such as what Personal Data we collect about you, who we share it with, how we use it, for what purpose and how long we keep it. We use our privacy notice to explain this.
  • Request access to your Personal Data (commonly known as a “Subject Access Request”). This enables you to receive a copy of the Personal Data we hold about you.
  • Request rectification of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where you have exercised your right to object to processing (see below).
  • Request the transfer of your Personal Data to another party (data portability).
  • Right to withdraw consent. If you have provided your consent to the processing of your Personal Data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we are permitted by law.
Complaints

If you believe we are infringing the applicable data protection legislation or you are concerned about the way in which we are handling your Personal Data, you can lodge a complaint with the Data Protection Authority for Saudi Arabia who can be contacted at:

  • Saudi Data and Artificial Intelligence Authority, RD04 Al Raidah Digital City,Al Nakheel Riyadh, 12382 Saudi Arabia
  • Website: www.sdaia.gov.sa 

If you are in Switzerland

If you reside in Switzerland you have the following rights under the UK GDPR and the EU GDPR respectively:

  • Right to be informed. You have the right to know details such as what personal data we collect about you, who we share it with, how we use it, for what purpose and how long we keep it. We use our privacy notice to explain this.
  • Request access to your Personal Data (commonly known as a “Subject Access Request”). This enables you to receive a copy of the Personal Data we hold about you.
  • Request rectification of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where you have exercised your right to object to processing (see below).
  • Object to processing of your Personal Data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. If you object to us using your Personal Data for marketing purposes, we will stop sending you marketing material.
Complaints

If you believe we are infringing the applicable data protection legislation or you are concerned about the way in which we are handling your Personal Data, you can lodge a complaint with the Swiss Federal Data Protection Authority who can be contacted at:

  • The Swiss Federal Data Protection and Information Commissioner (the “DPIC”), Feldeggweg 1, CH-3003 Berne, Switzerland
  • www.edoeb.admin.ch 

If you are in Tanzania

Under the Cybercrimes Act, you have the right not to have your information published in a misleading manner with intent to defame, threaten, abuse, insult, or otherwise deceive or mislead the public.

If you are in Turks and Caicos

There is no dedicated data protection law in Turks and Caicos.

Children's privacy

Our Services are not directed to children under the age of 16 and we do not knowingly collect Personal Data from such children without parental consent, unless permitted by law. If you are under the age of 16, you must have your parent’s permission to use our AXP App or any of our services. If you learn that your child has provided us with Personal Data without your consent, you may contact us as described hereafter. If we become aware of the fact that a child under the age of 16 provided us with his/her Personal Data, we will delete this in accordance with applicable law.

Third-Party Websites

Our website and our AXP App contains links to other websites. If you follow a link, please note these websites will have their own Privacy Notices. We do not accept responsibility or liability for the Privacy Notices of third-party websites. Please check their privacy notices before submitting any Personal Data to these websites.

Contacting us and exercising your rights

If you wish to contact us in relation to this privacy notice or if you wish to exercise your rights, please contact our VP Data and Customer Success by post at Alliants Limited, Universal Marina, Crableck Lane, Sarisbury Green, Southampton SO31 7ZN or by email at support@alliants.com.

If you are in the EU, please see below for the contact details of our EU representative.

You will not usually need to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

We may need to request specific information from you to help us confirm your identity before we can process a request from you to exercise any of the above rights.  This is another appropriate security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it.

EU Representative

We are based in the UK but, under the EU GDPR, we are required to appoint an EU representative. The purpose of an EU representative is to make it easy for individuals located in the EU to contact us should they wish to exercise their rights or make a complaint or enquiry in relation to how we are processing their Personal Data. It is also a contact point for the supervisory authorities located in the EU.

If you’re based in the EU/EEA and wish to contact us via our GDPR Representative, DataRep, you may do so at:

  • alliants@datarep.com  
  • https://www.datarep.com/data-request/ 
  • Or by mailing the most convenient address from the list below. PLEASE NOTE: when mailing inquiries, it is ESSENTIAL that you mark your letters for ‘DataRep’ (EU Subjects) and not ‘Alliants’, or your inquiry may not reach DataRep.

Country

Address

Austria

DataRep, City Tower, Brückenkopfgasse 1/6. Stock, Graz, 8020, Austria

Belgium

DataRep, Place de L'Université 16, Louvain-La-Neuve, Waals Brabant, 1348, Belgium

Bulgaria

DataRep, 132 Mimi Balkanska Str., Sofia, 1540, Bulgaria

Croatia

DataRep, Ground & 9th Floor, Hoto Tower, Savska cesta 32, Zagreb, 10000, Croatia

Cyprus

DataRep, Victory House, 205 Archbishop Makarios Avenue, Limassol, 3030, Cyprus

Czech Republic

DataRep, IQ Ostrava Ground floor, 28. rijna 3346/91, Ostrava-mesto, Moravska, Ostrava, Czech Republic

Denmark

DataRep, Lautruphøj 1-3, Ballerup, 2750, Denmark

Estonia

DataRep, 2nd Floor, Tornimae 5, Tallinn, 10145, Estonia

Finland

DataRep, Luna House, 5.krs, Mannerheimintie 12 B, Helsinki, 00100, Finland

France

DataRep, 72 rue de Lessard, Rouen, 76100, France

Germany

DataRep, 3rd and 4th floor, Altmarkt 10 B/D, Dresden, 01067, Germany

Greece

DataRep, 24 Lagoumitzi str, Athens, 17671, Greece

Hungary

DataRep, President Centre, Kálmán Imre utca 1, Budapest, 1054, Hungary

Iceland

DataRep, Kalkofnsvegur 2, 101 Reykjavík, Iceland

Ireland

DataRep, The Cube, Monahan Road, Cork, T12 H1XY, Republic of Ireland

Italy

DataRep, Viale Giorgio Ribotta 11, Piano 1, Rome, Lazio, 00144, Italy

Latvia

DataRep, 4th & 5th floors, 14 Terbatas Street, Riga, LV-1011, Latvia

Liechtenstein

DataRep, City Tower, Brückenkopfgasse 1/6. Stock, Graz, 8020, Austria

Lithuania

DataRep, 44A Gedimino Avenue, 01110 Vilnius, Lithuania

Luxembourg

DataRep, BPM 335368, Banzelt 4 A, 6921, Roodt-sur-Syre, Luxembourg

Malta

DataRep, Tower Business Centre, 2nd floor, Tower Street, Swatar, BKR4013, Malta

Netherlands

DataRep, Cuserstraat 93, Floor 2 and 3, Amsterdam, 1081 CN, Netherlands

Norway

DataRep, C.J. Hambros Plass 2c, Oslo, 0164, Norway

Poland

DataRep, Budynek Fronton ul Kamienna 21, Krakow, 31-403, Poland

Portugal

DataRep, Torre de Monsanto, Rua Afonso Praça 30, 7th floor, Algès, Lisbon, 1495-061, Portugal

Romania

DataRep, 15 Piaţa Charles de Gaulle, nr. 1-T, Bucureşti, Sectorul 1, 011857, Romania

Slovakia

DataRep, Apollo Business Centre II, Block E / 9th floor, 4D Prievozska, Bratislava, 821 09, Slovakia

Slovenia

DataRep, Trg. Republike 3, Floor 3, Ljubljana, 1000, Slovenia

Spain

DataRep, Calle de Manzanares 4, Madrid, 28005, Spain

Sweden

DataRep, S:t Johannesgatan 2, 4th floor, Malmo, SE - 211 46, Sweden