Altrata’s privacy promise
Effective: August 2025
In the short time since the digital revolution, personal information has become one of the most valuable assets in the world. As businesses become increasingly reliant on people intelligence to shape growth strategies, choose talent, and make other critical decisions, they need a partner they can trust, both in terms of data quality, and security. At Altrata, our commitment to ethical data practices, privacy, and compliance isn’t just a responsibility, it’s a promise.
Altrata is designed our company from the ground up to ensure responsible data stewardship, establishing privacy and security as part of our DNA. Unlike providers that prioritize scale over accountability, we combine best-in-class security and legal compliance with a human-verified approach to research, ensuring accuracy, compliance, and ethical sourcing at every level of our company and product portfolio.
Read on for more information.
Altrata’s privacy promise at a glance
Our policies aren’t just about protecting user privacy and the security of all collected data, but ensuring transparency about compliance, and data privacy rights. We comply with prevailing data privacy laws and standards recognized around the world.
We are fully compliant with prevailing data privacy laws and standards recognized around the world, including:
- United States federal law
- General Data Protection Regulation (GDPR)
- China’s Personal Information Protection Law
- California’s landmark Consumer Privacy Act (CCPA)
We’ve separated our privacy policy into two notices to better detail processes and rights:
- Online Privacy Notice, detailing how Altrata handles website visitors
- Product Privacy Notice, overviewing how personal data is processed in our different people intelligence platforms
Read our full Privacy Notice to learn more about:
Beyond policy: A culture of data privacy, protection and security
At Altrata, data privacy isn’t just a policy — it’s embedded in our culture, operations, and leadership.
While many companies prioritize automation, we continue to invest in people. Our human researchers meticulously verify and source data to reduce the privacy risks of AI and ensure more ethical handling.
Privacy compliance is overseen at the highest levels of the company. Our General Counsel, a veteran with more than 15 years of experience in data protection law, sets rigorous standards across our organization.
This top-down dedication to data privacy has earned global recognition, including from the PICCASO Privacy Awards. We continuously track emerging legislation worldwide and update our policies annually to stay ahead of evolving regulations.
We also recognize the high standards our clients expect for security, which is why every Altrata product is built with state-of-the-art technologies to be secure by design.
We regularly invest in independent auditors to assess our security environment as part of our SOC2 attestation. We also conduct continuous penetration testing and make our audit reports – along with our full collection of security documentation — available to clients and prospects upon request.
Recognition
The PICCASO Awards Europe
The PICCASO Awards Europe recognize and celebrate companies that sincerely hold privacy at their heart. Those organizations who look to innovate and embrace the constantly changing demands of privacy, information security, and the legislative and regulatory landscape.
Altrata has been shortlisted as a finalist in the Best Privacy Program category in the 2025 awards, a category that celebrates companies who demonstrate privacy programmes of the highest level. The judges considered Altrata’s policies and processes in order to award us a finalist badge, which was bestowed in response to the practices we exhibit.
Being shortlisted for a PICCASO Award highlights Altrata’s leadership in privacy and data protection. Being a finalist supports the view that our approach to privacy not only meet regulatory requirements but deliver measurable impact, for Altrata and for our clients. We understand that our approach to privacy directly impacts our clients and it therefore makes sense that is a critical part of our foundations and strategy.
Altrata has up to date Data Broker Registrations in the following states:
California
Oregon
Texas
Vermont
Data privacy resources
Learn more about your data privacy rights:
Information Commissioner’s Office
The Information Commissioner’s Office (ICO) is the UK’s independent data protection and information rights regulator. It upholds people’s rights to access information and protects their personal data by providing guidance, investigating complaints, and enforcing legislation like the Data Protection Act and the Freedom of Information Act. The ICO’s activities include responding to complaints about nuisance calls, unsolicited emails, issues with cookie consent, and failures by public bodies to provide requested information.
Department of Justice
The U.S. Department of Justice (DOJ) is the federal executive department responsible for enforcing federal laws, upholding the rule of law, and ensuring public safety. Headed by the Attorney General, the DOJ prosecutes federal criminal and civil cases, protects civil rights, provides leadership in crime prevention, manages federal prisons, and oversees key law enforcement agencies.
Frequently asked questions
Data protection law
What is personal data or personal information?
Personal data or personal information is any information that identifies or can reasonably identify a person. This includes more than just an individual’s name, it also includes online identifiers, email addresses and more. Some personal data or personal information is considered sensitive or special category, based on the applicable law, and is subject to stricter rules and obligations for processing.
What is processing?
Any use of or operation performed on personal data would be classified as processing. This includes collecting, storing, using, sharing, disclosing and deleting it.
What is a data controller and a data processor?
Data Controllers: Decide how and why data is processed.
Data Processors: Process data for a controller and under a controller’s specific instruction
What is a lawful basis of processing according to the GDPR?
There are 6 lawful bases of processing according to Article 6(1) of the GDPR.
Altrata relies on legitimate interests as its lawful basis of processing and has undertaken Legitimate Interest Assessments to confirm the position. We ensure that our interests are carefully balanced against those of the individual whose data we are processing except where such interests are overridden by the interests or fundamental rights and freedoms of a data subject.
What is the lawful basis ‘legitimate interests’?
Under the GDPR, legitimate interests is a lawful basis that allows a data controller to process personal data when it has a genuine specific business need and it uses the data only to the extent necessary for that need. Such need cannot outweigh an individual’s fundamental rights and freedoms. This balancing act is also included in our Privacy Policy and justified in our Legitimate Interest Assessment.
Compliance with data protection laws
There are a lot of data protection and privacy laws. Does Altrata comply with applicable law?
At Altrata, we are committed to privacy and comply with all applicable data privacy legislation (including GDPR, CCPA and other US and international laws) in the provision of our products, while also providing our clients with actionable intelligence.
Does Altrata operate as a data controller or a data processor?
Altrata has an independent controller to controller relationship with our clients. Each party is responsible for ensuring they comply with applicable law, including data protection law and the obligations under it. We include this language in our contracts and believe it is important for it to be there to ensure that data subjects are protected. In very limited circumstances Altrata may act as a processor and again we include appropriate contractual language when applicable.
How do you ensure your legitimate interests assessment (LIA) is fair and lawful?
We hold ourselves accountable to gold standards of data protection and have our processes and positions regularly confirmed by auditors and lawyers in both the US and UK.
Do you perform any solely automated decisions or conduct profiling?
No. We do not profile or make any decisions with legal or similarly significant impacts without human overview.
Where is Altrata’s data sourced from?
We collect data within our products lawfully from our talented, inhouse research teams and from reputable data providers. Sources include but are not limited to: press releases, websites, media publications, public filings.
Is Altrata’s data collected lawfully?
Yes, absolutely. Our products are designed to deliver insights and information in a compliant manner.
What steps does Altrata take to ensure accuracy? How often is this updated?
Altrata has multiple procedures and policies in place to confirm its data points are as accurate and up to date as possible. The data within our products is comprised of various data sets that are updated on differing cadences.
Transparency, rights, and preferences
How are individuals notified their data being in the Products?
Individuals are notified via our privacy policy, which is fully enabled to comply with data subject requests in accordance with applicable law. For the avoidance of doubt, this is also addressed within our LIA as noted above.
How does Altrata handle data subject requests?
Our external facing Privacy Notice clearly identifies our data subjects may enact their rights. We fully respect and handle all valid data subject requests action without delay and in accordance with timescales prescribed by law. Additionally, we also carefully monitor any such requests so that we can pre-empt any growing trend, continually reassess and consider our position.
Do you use any personal data we provide to you to enrich the products?
No, we do not comingle any of our clients’ personal data with the data in our products. All personal data provided by our clients is only used to fulfil our obligations under the contract with those clients and provide our products accordingly.
Artificial Intelligence (AI) is a growing trend. What is Altrata’s position with AI?
We use AI with intention. This includes using AI to enhance searches in the preparation of our products and accelerate research cycles so our clients can act fast on this insight. We prioritize the importance of human oversight in our research methods.
Does Altrata use any of its clients’ personal data to train AI?
No.
Cybersecurity
Do you undergo any audits or reviews?
On an annual basis, an independent expert third party auditor assesses our security environment in detail as part of our commitments to maintain our SOC2 attestation. Please contact a member of our commercial team for a copy of our SOC-2 report. We also undertake an internal review annually (or whenever a change in law occurs) and externally verify our positions on a regular basis.
What steps do you take to ensure the appropriate technical, contractual and organizational measures are in place?
Altrata implements all appropriate technical and organizational measures, including maintaining a security by design process, appropriate trainings for personnel, the use of Standard Contractual Clauses (SCCs) when applicable. We are SOC2 compliant.
Does Altrata participate in any penetration testing?
Yes, we also have a patch and vulnerability management process in place.
Does Altrata have a data deletion policy?
We have a data deletion policy in place that addresses all personal data, client data and records. Any retention is limited to the extent necessary and in compliance with law or regulatory requirements.
Do you segregate client data from the data in your products?
Yes, we have robust data segregation standards. We do not use or comingle any of our client’s data with the data in our products.