Altair Data Privacy Framework Policy for Consumer Data

Altair Engineering Inc. and its U.S. subsidiaries Altair Product Design, Inc., Datawatch Corporation, solidThinking, Inc., and illumisys, Inc., (collectively, “Altair”, “us”, or “we”) are committed to upholding the highest ethical standards in its business practices and strives to collect, use, and disclose personal information consistent with the laws of the countries in which it does business.

This Data Privacy Framework Policy (the “Policy”) sets forth the privacy principles that Altair follows with respect to personal information transferred to the United States from the European Economic Area (“EEA”) (which includes the twenty-seven member states of the European Union (“EU”) plus Iceland, Liechtenstein and Norway) and/or Switzerland and/or the United Kingdom (“UK”).

The Federal Trade Commission (FTC) has jurisdiction over Altair’s compliance with the Data Privacy Framework.

Altair has certified that it adheres to the Data Privacy Framework Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Data Privacy Framework (“DPF”) program, and to view Altair’s certification, please visit https://www.dataprivacyframework.gov/.

SCOPE

This Policy applies to all personal information received from consumers by Altair in the United States from the EEA and/or from Switzerland and/or from the UK, in any format including electronic, paper, or verbal.

Altair complies with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF (the “UK Extension”), and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) as set forth by the U.S. Department of Commerce. Altair has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) regarding the processing of personal information received from the EU in reliance on the EU-U.S. DPF and from the UK (and Gibraltar) in reliance on the UK Extension. Altair has also certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (“Swiss-U.S. DPF Principles”) regarding the processing of personal information received from Switzerland in reliance on the Swiss-U.S. DPF.

If there is any conflict between the terms in this Policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles (collectively, the “DPF Principles”), the DPF Principles shall govern.

Altair also collects personal information concerning its employees (Human Resources Data) in connection with administration of its Human Resources programs and functions and for the purpose of communicating with its employees. Altair applies the DPF Principles to these data. Further information in this regard can be found in Altair’s Human Resources Privacy Policy which is internally available to Altair’s employees.

DEFINITIONS

For purposes of this Policy, the following definitions shall apply:

"Agent" means any third party that collects or uses personal information under the instructions of, and solely for, Altair or to which Altair discloses personal information for use on Altair's behalf.

"Altair" means Altair Engineering Inc., its U.S. subsidiaries, divisions, and groups.

"Personal Information" means any information or set of personal information that identifies or is used by or on behalf of Altair to identify an individual. Personal Information does not include information that is encoded or anonymized, or publicly available information that has not been combined with non-public personal information.

"Sensitive Personal Information" means personal information that reveals race, ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, or that concerns health or sex life. While we do not consciously collect such information ourselves, Altair will treat as Sensitive Personal Information any information received from a third party where that third party treats and identifies the information as sensitive. When the defined term “Personal Information” is used hereafter in this Policy, it includes “Sensitive Personal Information” if and as applicable.

PRIVACY PRINCIPLES

The privacy principles in this Policy are based on the DPF Principles.

NOTICE: Where Altair collects Personal Information directly from individuals in the EEA, Switzerland, and the UK, it will inform them about the purposes for which it collects and uses Personal Information about them. Notice will be provided in clear and conspicuous language when individuals are first asked to provide Personal Information to Altair and in any event before Altair uses or discloses the information for a purpose other than that for which it was originally collected or discloses information to a non-agent third party.

Where Altair receives Personal Information from its subsidiaries, affiliates or other entities in the EEA, Switzerland, or the UK, it will use and disclose such information in accordance with the notices provided by such entities and the choices made by the individuals to whom such Personal Information relates.

Regardless of the sensitivity level of the Personal Information, Altair will give individuals the opportunity to affirmatively and explicitly (opt-in) consent to the disclosure of the information to a non-agent third party or the use of the information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. Altair will provide individuals with reasonable accommodations to exercise their choices.

DATA INTEGRITY: Altair will use all Personal Information only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual. Altair will take reasonable steps to ensure that such information is relevant to its intended use, accurate, complete, and current. Altair will only collect and store Personal Information that is relevant to fulfill the purpose of the request and will retain such information no longer than appropriate to fulfill the purpose of the request.

TRANSFERS TO AGENTS: Altair may share Personal Information with an Agent with your express consent or as necessary to complete any transaction or provide any product or service as requested or authorized. Altair may also share Personal Information with Altair-controlled affiliates and subsidiaries; with vendors working on its behalf; when required by law or to respond to legal process; to protect its customers; to maintain the security of its products; and to protect the rights or property of Altair.

Altair’s accountability for Personal Information that it receives under the DPF and subsequently transfers to an Agent is described in the DPF Principles. In particular, Altair remains responsible and liable under the DPF Principles if third-party Agents that it engages to process the Personal Information on its behalf do so in a manner inconsistent with the DPF Principles, unless Altair proves that it is not responsible for the event giving rise to the damage.

ACCESS AND CORRECTION: Upon request, Altair will grant individuals reasonable access to Personal Information that it holds about them. In addition, Altair will take reasonable steps to permit individuals to correct, amend, or delete information that is demonstrated to be inaccurate or incomplete. These requests may be made by sending an email to [email protected]. We may limit an individual’s access to Personal Information where the legitimate rights of persons other than the individual would be violated.

SECURITY: Altair will take reasonable precautions to protect all Personal Information in its possession from loss, misuse and unauthorized access, disclosure, alteration and destruction.

ENFORCEMENT: Altair will conduct annual compliance audits to ensure relevant privacy practices to verify adherence to this Policy. Any employee that Altair determines intentionally violates this Policy will be subject to disciplinary action up to and including termination of employment.

DISPUTE RESOLUTION: In compliance with the DPF Principles, Altair commits to resolve complaints about its collection or use of Personal Information. EU, Swiss, and UK individuals with inquiries or complaints regarding this Policy should first contact Altair’s General Counsel at [email protected].

If you have a complaint related to the DPF Principles and:

  • Don't receive timely acknowledgment from us, or
  • We haven't addressed your complaint to your satisfaction,

you can seek resolution through JAMS, an independent dispute resolution provider based in the United States. Their services are free of charge. Visit https://www.jamsadr.com/DPF-Dispute-Resolution for more information or to file a complaint.

Additionally, under specific conditions, you may have the option to invoke binding arbitration for complaints regarding our DPF compliance not resolved by any of the other DPF mechanisms. Please view the following for additional information on this process and the applicable requirements: https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2.

LIMITATIONS ON APPLICATION OF PRINCIPLES

Adherence by Altair to the DPF Principles may be limited (a) to the extent required or permitted by law or legal process, such as to respond to or investigate a legal or ethical obligation or request or pursuant to court orders, subpoenas, interrogatories or similar directive carrying the force of law; and (b) to the extent expressly permitted by an applicable law, rule or regulation.

INTERNET PRIVACY

Altair views the Internet and the use of other technologies as valuable tools for communicating and interacting with consumers. Altair recognizes the importance of maintaining the privacy of information collected online and has created a specific Internet Privacy Policy (the “IPP”) governing the treatment of Personal Information collected through web sites that it operates. With respect to Personal Information that is transferred from the EEA, Switzerland, or the UK to the U.S., the IPP is subordinate to this Policy. However, the IPP also reflects additional legal requirements and evolving standards with respect to Internet privacy. Altair’s Internet Privacy Policy can be found at https://altair.com/privacy-policy.

CONTACT INFORMATION

Questions or comments regarding this Policy should be submitted to Altair’s Office of the General Counsel by email to [email protected] or by mail to Altair Engineering Inc., 1820 E. Big Beaver Road, Troy, Michigan 48083, Attn: Office of the General Counsel.

CHANGES TO THIS DATA PRIVACY FRAMEWORK POLICY

This Policy may be amended consistent with the requirements of the DPF Principles. A notice will be posted on the Altair web page for thirty (30) days whenever this Policy is changed in a material way.

Last revised September 19, 2024