Privacy Policy

This Privacy Policy describes the management by Solentra – A Cultura Company of any personal data relating to you and your use of the following website address owned by Solentra – A Cultura Company: http://www.solentraglobal.com.

Purpose

This Privacy Policy outlines the steps that Solentra – A Cultura Company take to:

• Keep your Personal Data confidential
• Inform you about how and why we collect such data  
• Outline your rights and our contact information to exercise these rights
• Raise questions or concerns arising out of this Privacy Policy

It is important to know:

• We will not sell, rent or loan your information to third parties
• We respect your privacy when we contact you concerning various products and services which are made available to you from time to time
• We may have control over who obtains, uses and the circumstances to give out information about you
• You will have access to the information that we hold about you.

Scope

This Privacy Policy applies to our products, services and websites and does not concern any websites that you may visit through external links.

Controllers and Processors of Personal Data

Solentra – A Cultura Company with a registered office of 3820 Mansell Road Ste 355, Alpharetta, GA 30022, determines the purposes and means of Personal Data for collection and processing.

The processing operations of Personal Data (automated and non-automated), are performed on behalf of Solentra – A Cultura Company.

Why we collect Personal Data

• Establish identity
• Perform necessary identity and security verifications
• Process transactions and conduct business
• Deliver products and services
• Provide customer support and services
• Provide ongoing service delivery
• Provide you with information
• Improve products, services and service delivery
• Better understand your needs, interests and suitability for various products and services
• Recommend specific products and services that may meet your needs
• Respond to issues, questions and queries
• Protect you against errors or fraud; and
• Co-operate with law enforcement and legal authorities, where required, to comply with applicable laws and with court orders.

Solentra – A Cultura Company collect, use and may disclose personal information only as deemed appropriate in the circumstances.  We collect as little information as possible.

Aggregated statistics and information, where the identity of a specific individual cannot be identified, is not Personal Data.

We reserve the right to use aggregated information, which may include the preparation of aggregated user statistics and information summaries to improve efficiencies, more effectively describe Solentra – A Cultura Company’s product and service offerings, and assist in the marketing of our products and services.

Aggregated statistics and information will not contain Personal Data.

The type of Personal Data we may collect

Solentra – A Cultura Company collects various types of Personal Data. During the course of using our Web Site, interacting or doing business with us (including the receipt of products and services) you may be asked to provide us with:

• Geographic (physical) addresses
• Demographic information
• E-mail addresses
• Phone numbers or other contact information
• Names (first, and last or whatever the family identifying name is)
• Shipping information
• Billing information
• Transaction history
• Web site usage preferences
• Feedback regarding business, services, web site and public relations
• Source IP addresses
• Times and dates of access to Web site servers
• Language
• Personal preferences
• Product and service preferences
• Browsers types and configurations and Miscellaneous administrative and computer traffic information

Certain forms of information and identification, such as government issued or private sector issued licenses, permits, certificates, cards, driver licenses, social insurance/security number, passports, insurance cards, voucher numbers, and more besides, are voluntary.

It is your decision whether you want to provide this, or other suitable identification, subject to any legal requirements.

How do we collect Personal Data?

Solentra – A Cultura Company will only collect Personal Data that you have provided (voluntarily or agreed) to us. We will not collect any Personal Data without advising you why and how that Personal Data is being collected and how such Personal Data will be used or disclosed. Solentra – A Cultura Company may collect Personal Data through a variety of means:

• Using our Web Site
• Using our services
• In the course of communications with us (face-to-face, by e-mail, by phone, mail or otherwise) and in the course of feedback with us regarding our business, services, website and publications
• When registering with us for services, accounts or for the download of our software
• Customer, membership, recipient, or service lists that have been lawfully acquired from third parties
• Through the completion of manual or electronic forms
• Website cookies – Cookies are identifiers that can be sent from a website via your browser to be placed on your computer’s hard drive. You may elect not to accept cookies by changing the designated settings on your web browser. However, not utilizing cookies may prevent you from using certain functions and features of our Web Site. Information collected from the use of cookies is used to improve our  services
• Web beacons – Web beacons are small, graphic images that allow a website operator to collect certain information and monitor user activity on its website. A web beacon is a very small pixel which is invisible to the user. We use web beacons to collect information that is not of a personal nature
• Clickstreaming – Clickstreaming is a technology that allows a website operator to track the paths that surfers take as they access a website and look at the site’s pages, and as they use links to other sites. We collect such information from visitors to our Web Site; and
• Website traffic information, which is monitored and analyzed in order to determine which products, services or features may be of interest to visitors, so we may improve our website, products, services, features or other offerings.

In addition, we may review and analyze your use of products and services, to help serve you better, and to bring other beneficial products and services to your attention. We also collect and analyze information from other sources for the same purposes.

How we may disclose Personal Information

Solentra – A Cultura Company does not sell any Personal Data it collects to third parties. We may share Personal Data with affiliates, subsidiaries, employees, contractors and agents in the course of providing you with our business services, support, or the fulfillment or delivery of products or services.

We may disclose Personal Data if it is required to do so:

• To comply with any legal process served on us
• Maintain, uphold or protect our rights or property
• Protect and ensure the personal safety of the public or other of our clients
• Protect against criminal or quasi-criminal activities
• Detect, prevent, investigate allegations of, or address, misrepresentation or fraud.

Solentra – A Cultura Company reserves the right that in the event of a bankruptcy filing, mergers with third parties, acquisition by third parties, sale of assets, or any other transfer of our relevant assets to a third party, that we shall be entitled to share the Personal Data provided by you to the third party.

Retention and Disposal

Solentra – A Cultura Company keeps information only for so long as it is needed for the efficient and effective delivery or fulfilment of the software, products, or services. We will either destroy or remove information when it is no longer needed.

Security and Storage

Solentra – A Cultura Company endeavours to maintain appropriate physical, procedural and technical security with respect to its and Processor’s offices and information storage facilities so as to prevent any loss, misuse, unauthorized access, disclosure, or modification of Personal Data. This also applies to our disposal or destruction of Personal Data.

We keep Personal Data collected about you strictly confidential. Only authorized personnel have access to this Personal Data. Personnel of ours who have access to Personal Data receive training regarding privacy protection.

Our security specialists build security by design and by default into our computer systems. The aim is to protect information at all times, when it is stored in data files or handled by our employees. Solentra – A Cultura Company’s systems are also designed to protect information when it is transmitted, for example, between our data processing facilities and corporate offices.

Personal Information may be stored or processed in any jurisdiction in which we or our affiliates, suppliers, subsidiaries or agents maintain facilities. By supplying us with Personal Data, you consent to any transfer of this information to other jurisdictions (including countries which have not been assessed for adequacy of privacy laws).

Solentra – A Cultura Company does, and shall continue to use, industry-standard technology to maintain the security of Personal Data, and for our connections to the internet. However, we cannot and do not guarantee the privacy, security, authenticity or non-corruption of any information transmitted through the internet or any for information stored in any third-party system connected to the internet.

We take steps to verify that any service providers, suppliers or the like with whom we share Personal Data, are committed to maintaining the privacy of Personal Data at standards that are at least as stringent as our own Privacy Policy.

It has been communicated to them to refrain from making any independent or unauthorized use of any Personal Data.  We do not and cannot guarantee the actions, conduct or standards of any such parties.

Solentra – A Cultura Company shall not be responsible for any claims, damages, costs or losses whatsoever arising out of or in any way related to third-party connections to or through the use of the Internet.

We cannot and do not ensure the protection of any Personal Data that you provide to a third-party web site that may reference, be referenced or link to our Web Site. Personal Data collected by these third parties is not subject to, or governed by, this Privacy Policy.

Solentra – A Cultura Company shall not be responsible for events beyond our direct control, and therefore will not be liable for any direct, indirect, incidental, consequential or punitive damages relating to the uses or releases of Personal Data.

Data Subjects’ Rights

You are entitled at any time to obtain confirmation of the existence of Personal Data and to be informed of their contents and origin, to verify their accuracy, or request that such data be supplemented, updated or rectified.

You have the right to request erasure, anonymization or blocking of any data that is processed in breach of the law as well as to object in all cases to processing of the data.

Contact

Solentra – A Cultura Company is committed to upholding this Privacy Policy. We have policies and procedures in place to educate and assist our employees and contractors in fulfilling their obligations under this Privacy Policy. Our policies and procedures will be reviewed on a regular basis and the results of such review will be presented to our personnel responsible for overseeing privacy matters.

We are committed to treating you with the greatest respect and consideration.  Should you want to advise us of any questions or concerns regarding this Privacy Policy, confirm the accuracy of applicable Personal Data, believe that the privacy of Personal Data has not been respected, or would like to update or delete incorrect Personal Data, please contact us by emailing [email protected] or write to the attention of Privacy Policy Manager, 3820 Mansell Road Ste 350, Alpharetta, GA 30022.

The appropriate Privacy Policy Manager will acknowledge the query and will respond within thirty (30) business days. If we need to extend the timing to respond, or have to refuse your request, we will advise you accordingly, subject to any legal restrictions.

Age

Solentra – A Cultura Company is committed to protecting the safety of children. We will not knowingly request or use Personal Data from children under the age of eighteen without parental consent. If we receive actual knowledge, not knowingly or intentionally collecting any Personal Data from children under the age of eighteen, we will take steps to have such Personal Data eliminated.

Our website is not to be used by anyone under the age of eighteen. Persons under the age of eighteen are not authorized to use our website and are directed to immediately discontinue use of it.

Updates

Solentra – A Cultura Company may from time to time update this Privacy Policy, with the updated policy to be posted on our website. The use of Personal Data provided to us prior to the update will continue to be governed by the policy in effect at the time the information was provided. We recommend that you revisit this Privacy Policy from time to time on a regular basis.

Consent

In most cases you will be asked to specifically express consent for the collection and processing of Personal Data by Solentra – A Cultura Company in accordance with this Policy Privacy. You will not be obliged to provide such consent.

If you do not consent, you must immediately discontinue use of our website and refrain from further use.

Governing Law and Venue

Where the processing of Personal Data is performed in the context of the activities of the Controller and/or Processor established in European Union. This processing may be subject to EU Regulation 2016/679 and other applicable privacy laws on the protection of you with regard to the processing of personal data and the free movement of such data, and to the relevant EU member country national law before the competent local court.

Solentra – A Cultura Company’s website is hosted and administered in Atlanta, Georgia.

We will disclose Personal Data without your permission when required by law, or in good faith belief that such action is necessary to investigate or protect against harmful activities to our company, associates, or property (including this website), or to others.

Cookie Policy

What is a cookie?

A cookie is a small text file that stores Internet settings. Almost every website uses cookie technology. The cookie is downloaded by your Internet browser the first time you visit a website. The next time you visit this website from the same device, the cookie and the information contained in it are either sent back to the originating website (first-party cookies) or to another website to which it belongs (third-party cookies). In that way, the website can detect that it has already been opened using this browser, and in some cases it will then vary the content it displays.

Some cookies are extremely useful because they can improve your user experience when you return to a previously visited website. This assumes that you are using the same device and the same browser as before; if so, cookies will remember your preferences, will know how you use the website, and will adapt the content you are shown so that it is more relevant to your personal interests and needs.

Your cookie settings on this website.

Cookies on this website that do not require approval.

Cookies that are essential, also known as ‘strictly necessary’ cookies, enable features without which you would not be able to use the website as intended. These cookies are used exclusively by Volaris and are therefore known as first-party cookies. They are only saved on your computer while you are actually browsing the website. An example of why strictly necessary cookies are used is to set the language of your preference when browsing this website.

Another example of what these cookies do is facilitate a switch from HTTP to HTTPS when you change pages, so that the security of data transmitted is maintained. Furthermore, a cookie of this kind is used to store your decision about the use of cookies on our website. Your consent is not required for the use of strictly necessary cookies. Strictly necessary cookies cannot be disabled without losing some of the features of this website.

Categories of cookies.

Based on what function cookies have and the purpose for which cookies are used, there are four categories of cookie: strictly necessary cookies, performance cookies, functional cookies and marketing cookies.

Strictly necessary cookies

Are essential in order to enable you to move around the website and use its features. Without these cookies, some services cannot be provided – for example, remembering previous actions (e.g. the language in which you want to browse this site) when navigating back to a page in the same session.

Performance cookies

Gather information about how a website is used – for example, which pages a visitor opens most often, and whether the user receives error messages from some pages. These cookies do not save information that would allow the user to be identified. The collected information is aggregated, and therefore anonymous. These cookies are used exclusively to improve the performance of the website, and with it the user experience.

Functional cookies

Enable a website to save information which has already been entered (such as user names, languages choices, and your location), so that it can offer you improved and more personalized functions. For example, a website can offer you local information if it uses a cookie to remember the region in which you are currently located. Functional cookies are also used to enable features you request such as playing videos. These cookies collect anonymous information and cannot track your movements on other websites.

Marketing cookies

Are used to deliver adverts and other communications more relevant to you and your interests. They are also used to limit the number of times you see an advertisement and to help measure the effectiveness of advertising campaigns. They remember whether you have visited a website or not, and this information can be shared with other parties such as advertisers. Cookies for improving group targeting and advertising will often be linked to site functionality provided by other organizations.

Your cookie settings on this website.

You can completely disable cookies in your browser at any time.

It is important to note that if you change your settings and block certain cookies, you will not be able to take full advantage of some features of our site, and we might not be able to provide some features you have previously chosen to use.

How do I change my cookie settings?

Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set, visit www.aboutcookies.org or www.allaboutcookies.org.

Find out how to manage cookies on popular browsers:

• Google Chrome
• Microsoft Edge
• Mozilla Firefox
• Microsoft Internet Explorer
• Opera
• Apple Safari

To opt out of being tracked by Google Analytics across all websites, visit http://tools.google.com/dlpage/gaoptout.

 

Vulnerability Disclosure

Overview

Solentra is committed to ensuring the security of our customers by protecting their information from unwarranted disclosure. This policy is intended to give security researchers clear guidelines for conducting vulnerability discovery activities and convey our preferences as to how to submit vulnerabilities discovered.

This policy describes what systems and types of research are covered, how to send vulnerability reports, and how long security researchers should wait before publicly disclosing vulnerabilities.

We want security researchers to feel comfortable reporting vulnerabilities, so they can be fixed. This policy has been developed to reflect our values and uphold our sense of responsibility to security researchers who share their expertise with us in good faith.

Authorization

If you make a good faith effort to comply with this policy during your security research, we will consider your research to be authorized, work with you to understand and resolve the issue quickly and will not recommend or pursue legal action related to your research. However, we do not offer monetary rewards for vulnerability disclosures.

Guidelines

Under this policy, “research” means activities in which you:

• Notify us as soon as possible after you discover a real or potential security issue
• Make every effort to avoid privacy violations, degradation of user experience, disruption to production systems, and destruction or manipulation of data
• Only use exploits to the extent necessary to confirm a vulnerability’s presence. Do not use an exploit to compromise or exfiltrate data, establish command line access and/or persistence, or use the exploit to “pivot” to other systems
• Provide us a reasonable amount of time to resolve the issue before you disclose it publicly
• Do not intentionally compromise the privacy or safety of Solentra personnel, customers, or third parties
• Do not intentionally compromise the intellectual property or other commercial or financial interests of any Solentra personnel or entities, customers, or third parties.

Once you have established that a vulnerability exists or encounter any sensitive data (including Personally Identifiable Information (PII), financial information, proprietary information, or trade secrets of any party), you must stop your test, notify us immediately, and not disclose this data to anyone else.

Scope

All systems and services associated with the domains listed are in scope, including any subdomains and any website with a link to this policy.

Vulnerabilities found in non-Cultura systems are out of scope and should be reported directly to the vendor in accordance with its own Vulnerability Disclosure Program (VDP) Policy (if any).

Though we develop and maintain other internet-accessible systems or services, we ask that active research and testing only be conducted on the systems and services covered by the scope of this document. If there is a system, which is out of scope that you think merits testing, please contact us to discuss it first.

Product	Domain
Solentra Global Website	www.solentraglobal.com

Rules of Engagement

Security researchers must not:

• Test any system other than the systems in the ‘Scope’ section (above)
• Disclose vulnerability information except as defined in the ‘Reporting a Vulnerability’ and ‘Disclosure’ sections (below)
• Engage in physical testing of facilities or resources
• Engage in social engineering
• Send unsolicited electronic mail to Solentra personnel or customers, including “phishing” messages
• Execute or attempt to execute “Denial of Service” or “Resource Exhaustion” attacks
• Introduce malicious software
• Test in a manner which could degrade the operation of Solentra systems or intentionally impair, disrupt, or disable Solentra systems
• Test third-party applications, websites, or services that integrate with or link to or from Solentra systems
• Delete, alter, share, retain, or destroy Solentra data, or render Solentra data inaccessible
• Use an exploit to exfiltrate data, establish command line access, establish a persistent presence on Solentra systems, or “pivot” to other Solentra systems.

Security researchers must:

• Cease testing and notify us immediately upon discovery of a vulnerability
• Cease testing and notify us immediately upon discovery of an exposure of non-public data
• Purge any stored Solentra non-public data upon reporting a vulnerability.

Security researchers may:

• View or store Solentra non-public data only to the extent necessary to document the presence of a potential vulnerability.

Reporting a Vulnerability

We accept vulnerability reports at [email protected]

Information submitted under this policy will be used for defensive purposes only i.e., to mitigate or remediate vulnerabilities. If your findings include newly discovered vulnerabilities that affect all users of a product or service and not solely Solentra, we may share your report with the Cybersecurity and Infrastructure Security Agency (CISA), where it will be handled under their coordinated vulnerability disclosure process. We will not share your name or contact information without express permission.

By submitting a vulnerability, you are indicating that you have read, understood, and agree to the guidelines described in this policy for the conduct of security research and disclosure of vulnerabilities or indicators of vulnerabilities related to Solentra information systems, and consent to having the contents of the communication and follow-up communications stored on a Solentra system.

To help us triage and prioritize submissions, we recommend that your reports:

• Adhere to all legal terms and conditions
• Describe the vulnerability, where it was discovered, and the potential impact of exploitation
• Offer a detailed description of the steps needed to reproduce the vulnerability (proof of concept scripts or screenshots are helpful).
  
  

Disclosure

Solentra is committed to timely correction of vulnerabilities. However, we recognize that public disclosure of a vulnerability in the absence of a readily available corrective action increases the risk. Accordingly, we require that you refrain from sharing information about discovered vulnerabilities for 90 calendar days after you have received our acknowledgement of receipt of your report. If you believe others should be informed of the vulnerability prior to us implementing corrective action, we require you to coordinate in advance with us.

We may share vulnerability reports with the Cybersecurity and Infrastructure Security Agency (CISA), as well as any affected vendors. We will not share names or contact details of security researchers unless given explicit permission.

Verification and Remediation

The General Manager (or delegate) will be responsible for keeping an audit trail of public reports, verifications, and remediations. Verification and remediation will be assigned to the appropriate team members according to the source of the vulnerability.

Verification and Remediation Procedures

• Upon receipt of an email the Solentra General Manager (or delegate) is responsible for calling a team meeting and deciding who should respond and the level of response
  • The level of response will include verifying the threat and communicating with the source
• The General Manager (or delegate) will also be responsible for determining the severity of the threat e.g., the vulnerability may constitute a security incident and require involvement from other staff within the wider Volaris Organization.

Review and Revision

This policy will be reviewed as it is deemed appropriate, but no less frequently than every 12 months. Policy review will be undertaken by the Systems Administrator.