Privacy Shield Policy

Important Update

As of July 16, 2020, Alfa Financial Software Inc. no longer relies on the Privacy Shield to facilitate cross-border data transfers. Alfa Financial Software Inc. continues to process Personal Data it received under the Privacy Shield in compliance with the Principles, including those related to the onward transfer of Personal Data to third parties. Alfa Financial Software Inc. remains liable if such agents process Personal Data from the European Economic Area, the United Kingdom, and Switzerland in a manner inconsistent with the Principles (unless Alfa Financial Software Inc. can prove that it is not responsible for the event giving rise to the damage).

Alfa Financial Software Inc. offers a contractual framework that includes EU Standard Contractual Clauses (“SCCs”). The European Commission has approved the of use of SCCs as an adequate cross-border data transfer mechanism.

1. Introduction

This Privacy Shield Policy ("Privacy Policy") is compliant with the requirements of the EU-US. and the Swiss-US. Privacy Shield Frameworks.

Alfa Financial Software Inc. ("Alfa") a wholly owned subsidiary of Alfa Financial Software Holdings plc, is required to collect and maintain personal information in order to comply with governmental and contractual obligations. However, Alfa Financial Software Inc. complies with the EU-U.S. and the Swiss-U.S. Privacy Shield Frameworks (Privacy Shield) as set forth by the U.S. Department of Commerce (the 'Privacy Shield Principles') regarding the collection, use, and retention of personal information (as described below) transferred from the European Union and the United Kingdom and Switzerland to the United States in reliance on Privacy Shield. Alfa Financial Software Inc. has certified to the Department of Commerce that it adheres to the Privacy Shield Principles with respect to such information.  If there is any conflict between the terms in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. The Federal Trade Commission has enforcement authority over Alfa's compliance with the Frameworks. To learn more about the Privacy Shield program, and to view our certification, please visit

For the purposes of this Privacy Policy, “personal information” means information that is about, or pertains to a specific individual and can be linked either directly or indirectly to that individual. In addition, certain personal information covered by Alfa’s Privacy Shield certification may be subject to more specific privacy policies of Alfa, which are also consistent with the requirements of the Privacy Shield Principles, and in the case of any conflict between these policies and the Privacy Shield Principles, the Privacy Shield Principles will control.

This Privacy Policy describes the personal information collected by Alfa and how Alfa uses that data.

This Privacy Policy applies to non Human Resources data within the scope of Alfa’s Privacy Shield certification, which covers the following categories of information:

  • Personal information regarding current, former and prospective clients and their personnel or others for the purposes of delivering Alfa's services, maintaining ongoing relationships and performing business development activities.
  • Personal information regarding current or former clients' end personal customer data for the purposes of delivering Alfa's services under an executed contract between the client and Alfa Financial Software Holdings plc, or any subsidiary of Alfa Financial Software Holdings plc, in reliance of the EU-US. and/or Swiss-US. Privacy Shield Frameworks. 
  • Personal information regarding our third parties (e.g., vendors, service providers, etc.) and their personnel for the purposes of managing and administering Alfa’s business relationships with such third parties.

For example:

  • Certain Alfa websites maintain their own privacy policies that apply to personal information collected via those sites. These policies may be accessed through those websites.
  • Personal information obtained from or relating to clients, clients' end customer data or former clients is further subject to the terms of any specific privacy notice or privacy policy provided to the client, any contractual arrangements with the client and applicable laws and professional standards.

2. Individual Notice and Choice

Alfa collects and processes personal information from certain individuals and for the purposes described in this Privacy Shield Policy. Personal information covered by this Privacy Shield Policy is collected and processed only as permitted by the Privacy Shield Principles.

Notice to individuals regarding the personal information collected from them and how that information is used may be provided through this Privacy Shield Policy, other Alfa website notices, or other direct forms of communication with appropriate parties, such as contracts or agreements. Where necessary and appropriate, consent for personal information to be collected, used, and/or transferred may also be obtained through these same means of communication (including opt-in consent for sensitive personal information).

3. Disclosures & Accountability for Onward Transfers

Consistent with the Privacy Shield Principles, Alfa may transfer personal information to third parties, including transfers from one country to another.  Alfa will only disclose an individual’s non-public personal information to third parties under one or more of the following conditions:

  • The disclosure is to a third party providing services to Alfa, or to the individual, in connection with the operation of our business, and as consistent with the purpose for which the personal information was collected. Alfa maintains written contracts with these third parties and requires that these third parties provide at least the same level of privacy protection and security as required by the Privacy Shield Principles. To the extent provided by the Privacy Shield Principles, Alfa remains responsible and liable under the Privacy Shield Principles if a third-party that it engages to process personal information on its behalf does so in a manner inconsistent with the Privacy Shield Principles, unless Alfa proves that it is not responsible for the matter giving rise to the damage;
  • With the individual’s permission to make the disclosure;
  • Where required to the extent necessary to meet a legal obligation to which Alfa is subject, including a lawful request by public authorities and national security or law enforcement obligations and applicable law, rule, order, or regulation;
  • Where reasonably necessary for compliance or regulatory purposes, or for the establishment of legal claims.

4. Access

Individuals whose personal information is covered by this Privacy Shield Policy have the right to access the personal information that Alfa maintains about them as specified in the Privacy Shield Principles. Individuals may contact Alfa to correct, amend or delete such personal information if it is inaccurate or has been processed in violation of the Privacy Shield Principles (except when the burden or expense of providing access, correction, amendment, or deletion would be disproportionate to the risks to the individual’s privacy, or where the rights of persons other than the individual would be violated). Requests for access, correction, amendment or deletion should be sent to:

5. Security

Alfa takes appropriate measures to protect personal information in its possession to ensure a level of security appropriate to the risk of loss, misuse, unauthorised access, disclosure, alteration, and destruction. These measures take into account the nature of the personal information and the risks involved in its processing, as well as best practices in the industry for security and data protection.

6. Data Integrity and Purpose Limitation

Alfa collects and processes personal information only to the extent that it is compatible with the purposes for which it was collected or subsequently authorised by the data subject. Alfa does not retain personal information after it no longer serves the purposes for which it was collected or subsequently authorised. Alfa takes reasonable steps to ensure that personal information is accurate, complete, current, and reliable for its intended use.

7. Enforcement

In compliance with the Privacy Shield Principles, Alfa commits to resolve complaints about our collection or use of your personal information. Individuals with inquiries or complaints regarding our Privacy Shield Policy should first contact Alfa at: Alfa has a policy of responding to individuals within forty-five (45) days of an inquiry or complaint.

If an individual has an unresolved complaint or concern that is not addressed satisfactorily, that individual may contact the EU Data Protection Authorities (EU DPAs) to serve as an independent recourse mechanism (IRM) for dispute resolution arising from collection, use, and retention of personal information transferred from EU member countries to Alfa.

This resource mechanism is available free of charge. Alfa Financial Software Inc. agrees to cooperate with the EU Data Protection Authority (DPA) to receive, review and undertake best efforts to facilitate resolution of the of the complaint and respond to the DPA within 90 days.

Alfa commits to cooperate with EU DPAs and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with the advice given by such authorities with regard to unresolved Privacy Shield complaints concerning data transferred from the EU and Switzerland.

You may have the option to select binding arbitration under the Privacy Shield Panel for the resolution of your complaint under certain circumstances. For further information, please see the Privacy Shield website.

8. Modifications

Alfa may update this Policy at any time by publishing an updated version here. We will not update this Privacy Shield Policy in contravention to the Privacy Shield Principles so long as we remain certified to the Privacy Shield.

Privacy Shield Policy updated: May 25, 2021