Updated November 7th, 2023
LIST OF DATA COLLECTED AND PROCESSED BY ALVALDI
- Signup user information; name, organization, email address / account password
- Application data entered by users (including commands run, files transferred to/from devices, etc.)
- Device public keys (for authentication)
- Device inventory information (OS, MAC address, IP, customizable by user)
- Product usage / API logs (including user / device IP addresses, operations, timestamps)
To comply with data protection laws like GDPR and relevant data retention and privacy policies, Northern.tech (“NT”) has developed a comprehensive legal and technical framework and internal processes to ensure compliance.
NT adheres to industry best practices by exercising the appropriate professional skill, care, diligence, prudence and reasonable foresight that is to be expected from a data processor.
Alvaldi is a service to remotely access and troubleshoot connected devices, including running commands, gathering information about the device, and transferring files both to and from the device. The data processed by Alvaldi is very limited and typically does not include personal data; commands and files used to troubleshoot devices typically do not contain personal data, and the metadata gathered about a device is limited to what is necessary for remote access and troubleshooting (OS, MAC address, IP address, etc.).
NT will in no event attempt to log in to, investigate, or reverse engineer customers devices or data. NT maintains all personal data strictly confidential and does not disclose or grant access to the personal data to any unauthorized third parties.
Technical and organizational measures
The protection of your personal data is a high priority for us. We continuously work to protect personal data and other confidential information. Our security measures include physical, technical and administrative measures that will ensure that your personal data is not compromised, not unintentionally changed and available when required.
Any threats to data security are handled efficiently as security and the protection of your personal data is part of the daily work of our business.
We comply with the requirements for the protection and safeguarding of personal data as provided by applicable privacy laws, including GDPR, and good industry practice. Login information and all other data are encrypted and separation of customer data is provided by the software. We use sub-processors who require two- factor authentication to store personal data.
Our employees receive training and guidance on how to handle personal data safely. We have routines and access control to prevent unauthorized disclosure and unauthorized access to your personal data. All developer and system administrator laptops have encrypted harddisks.
Any breach of security practices will be documented. We have procedures and capacity to detect and deal with any breaches of security. If a security breach is detected, it will be reported to the management, the risk of privacy breaches will be assessed and the Norwegian Data Inspectorate (Datatilsynet) will be notified if required. You will also be notified if the breach poses a risk to you and your rights.
Our security measures are continually monitored and improved to reflect technological developments.
Any questions or comments regarding NT’s security and data privacy policies can be sent to its Head of Data Privacy, Gaustadalleen 21, N-0349 Oslo, Norway, Email: firstname.lastname@example.org.
NT seeks to keep the number of sub-processors to a minimum. Every sub-processor shall comply with the same standards as NT. Alvaldi currently uses AWS, Microsoft Azure and MongoDB as the main sub-processors which run the backend and database, thus having access to the data we process. In addition, NT uses various sub-processors to conduct the business with you as a customer. A complete list of sub-processors follows below.