This policy applies to Visitors to our website and Customers using the contact form.

The purpose of this Privacy Policy is to let you know how we collect, use, store, share, retain, transfer and process your Personal Information. This policy also describes your choices and rights with respect to your Personal Information and how to exercise those rights. “Personal Information” is any information relating to an identified or identifiable individual.

We may amend this policy from time to time. We encourage you to review this policy periodically, as changes will be posted on this page. If we make any material changes to this policy we will provide a prominent notice. If you do not agree with this policy, you should not use our website, products or services.

We collect various types of information depending on how you interact with us.

Personal Information you provide to us

If you fill out a contact form on our website that requires contact information such as submitting a request for information or products and services, we will collect and process that information to provide you with the communication, products or services. These types of Personal Information may include

• your name;
• email address;
• company name;
• job title.

Personal Information collected when you visit our website

When you use our website, we may automatically collect Personal Information such as IP address, user-agent information (which is automatically sent by your web browser and may include device type) and information collected by cookies and other similar technologies. Our cookie policy can be found at andsolutions.net/cookie-policy/

Unless otherwise noted in this policy, we act as the “controller” of personal data that we collect and process.

We collect Personal Information from you when you visit our website or use our products and services. Some of this information is provided by you and some is collected automatically. We collect Personal Information in the following ways:

• directly from you when you inquire about our products and services,
• from your device when you access our website.

We process your personal information for the following purposes:

• To provide our services;
• To respond to your requests for information;
• To contact you with updates about our services;
• To market and advertise our services;
• To analyze and improve our website and services.

We use the following legal bases for collecting Personal Information:

• We may collect or process information with your consent, such as when you ask for information.
• We may collect or process information we need to provide our services or fulfill a contractual obligation.
• We may collect or process information to fulfill a legal obligation.
• We may collect information when we have a legitimate interest to do so, such as for marketing, as long as our legitimate interests are not outweighed by your rights.
• We may collect or process information if necessary to protect the vital interests of the user or another individual.

We share Personal Information with our affiliates and partners, as needed to provide our services. We share Personal Information with service providers such as vendors we use to operate our website and provide our products and services.

Our vendors and service providers are not permitted to use your personal information for any other purpose than to provide contracted services. Vendors are not permitted to use your personal information for their own marketing, and are not allowed to share your information for marketing purposes.

We may share personal information in response to a legal summons or subpoena, or if required by law enforcement agencies.

How long we keep Personal Information that we have collected depends on the type of information and the purpose for which it was collected. After a reasonable period of time or the completion of the purpose for which it was collected, we will either delete or anonymize personal information.

We retain Personal Information where we have an ongoing legitimate business purpose to do so, for example to resolve disputes or to comply with ongoing legal obligations.

We retain your personal information for as long as it is needed to provide our services to you and to fulfill our legal obligations and for a reasonable period of time after such services are completed.

Cookies are small files stored on your web browser when you visit our website. Some cookies last only as long as you remain on the website; others, called “persistent cookies” may be stored for longer periods of time.These cookies can make browsing easier by storing your password or your preferences regarding how you use the website. Cookies collect information such as the IP address of your computer, your browser settings, and information about how you use the website. Your general location may be estimated from your IP address. Some cookies track users’ activity on our website, apps, and services in order to deliver personalized advertising to you on this and other websites.

If you would like to opt out of cookies, you may change the settings on your web browser to reject or delete cookies. You may also find more information about cookies, including how to opt out of interest-based advertising, at cookiesandyou.com.

More information about how we use cookies may be found here: andsolutions.net/cookie-policy/

If you reside in the EU/EEA/UK, you may have the following rights with regard to your personal information:

• Right of information and access – You have the right to access your Personal Information we have about you and to be provided with a copy of your Personal Information.

• Right to rectification – You have the right to correct or update your inaccurate or out of date Personal Information.

• Right of erasure – You have the right to request that your Personal Information be permanently erased/deleted.

• Right to restrict processing – You have the right to restrict the processing of your Personal Information.

• Right to object to processing – You have the right to object to specific types of processing of your Personal Information.

• Right to portability – You may ask to receive a portable copy of your personal information in a format that may be transferred to another organization.
• Right not to be subject to decisions based solely on Automated Decision Making – You have the right not to be subject to decisions based solely on automated processing.

• Right to complain to a data protection authority – You have the right to complain to a supervisory authority in the country in which you reside, details of which can be provided upon request or to the lead supervisory authority for AND Solutions, which is: Data Protection Commission, 21 Fitzwilliam Square South Dublin 2 D02 RD28, Ireland.

• Right to withdraw consent – If you have given us consent to collect or process your Personal Information, you may withdraw that consent at any time. 
• Right to non-discrimination – We may not discriminate against you if you exercise your privacy rights.

If you wish to exercise any of these rights, please refer to the “Contact us” section of this policy.

We have appointed DataRep as our Data Protection Representative in the European Union so that you can contact them directly in your home country. DataRep has locations in each of the 27 EU countries, the UK, and Norway & Iceland in the European Economic Area (EEA), so that our customers can always raise the questions they want with them.

If you wish to raise a question regarding your personal data or otherwise exercise your rights in respect of your personal data, please refer to the “Contact us” section of this policy.

We take appropriate safeguards to ensure that Personal Information remains protected wherever it is transferred.

When Personal Information is transferred from users residing in the European Union to our servers, partners, or vendors located in non-EU countries where there may not be an adequacy opinion issued with respect to that country, we make use of the GDPR Standard Contractual Clauses, the UK Addendum or the ASEAN Model Contractual Clauses, as well as additional safeguards where appropriate.

We take all reasonable steps to protect the information we receive from you from accidental or unlawful destruction, loss, alteration, and unauthorized disclosure or access. We have put in place appropriate physical, technical, and administrative measures to safeguard and secure your information, but no security measures are perfect; the risk of a data breach is possible. 

• We obtained ISO/IEC 27001 Information Security Management certifications in September 2021
• Personal data is encrypted during transmission
• Personal information is encrypted at rest at our data centers
• Employees are given access to users’ personal information only on a “need to know” basis
• All employees are required to receive training on information security
• All employees with access to personal information are subject to background checks
• All employees with access to personal information are required to sign a binding confidentiality agreement
• Before sharing personal information with our vendors, we make sure they have implemented security procedures to protect your data. Our vendors and partners are not permitted to use or share your information for any purpose other than to provide the services for which they have been contracted.

We do not perform any solely automated decision making or profiling.

We do not knowingly collect or solicit personal information from children under age 13 without parental consent, unless permitted by law. If we become aware that we have collected personal information from children under the age of 13 without parental consent (or as permitted by law), we will delete it. If you believe that a child may have provided us with personal information without such parental consent, please contact us.

California consumers: We will not sell the information of California consumers who are 16 years old or younger unless we have prior parental authorization. If a California consumer is under the age of 13, a parent or guardian must consent to the sale of such minor’s personal information. If the California consumer is between the ages of 13 and 16 years old, the minor may consent on an opt-in basis to the sale of their personal information.

EU residents: We do not collect or process personal information of data subjects in the EU under the age of 16 without explicit consent from a parent or guardian.

Unless specifically requested, we ask that you not send us, and you not disclose on or through our websites or otherwise to us sensitive personal Information unless specifically requested by us or required by law.

If you wish to raise a question regarding your personal data or otherwise exercise your rights in respect of your personal data, you may contact our Data Protection Representative by

• sending an email to DataRep at datarequest@datarep.com quoting <AND Solutions Pte. Ltd.> in the subject line,
• contacting DataRep through the online form at datarep.com/data-request, or
• mailing your inquiry to DataRep at the most convenient of the addresses listed here: andsolutions.net/datarep-representative-contacts/.

If your request is not valid under applicable law, repetitive or excessive, we may charge you a reasonable fee. We may also request additional information from you in order to verify your identity before processing your request.

For other non-privacy related communications, please use our contact form at andsolutions.net/contact-us.

The California Consumer Privacy Act (CCPA) applies to information collected from California residents. Residents of California have the following rights with regard to their personal information:

• The Right to Know and Access Information

The categories of personal information we collect is described above in the section entitled “ The Information We Collect”. California residents may submit a verifiable  request regarding the information collected, the types of sources from which personal Information is collected, the purposes for which information is collected, and the specific  personal information collected about them.

• The Right to Have Personal Information Deleted 

• The Right To Portability 

California residents may request a copy of their personal information in a format that can be transferred to another person or entity.

• The Right to Non-Discrimination

We may not discriminate against you if you exercise your privacy rights.

You may be asked for more information in order for us to verify your identity when you make a request. You may exercise your rights by

• writing to us at dpo@andsolutions.net
• using our contact form at andsolutions.net/contact-us/

We do not sell Personal Information to third parties (pursuant to California Civil Code Sections 1798.100-1798.99, also known as the California Consumer Privacy Act of 2018.

The “What Personal Information We Collect” section lists the categories of Personal Information we have collected in the preceding 12 months.