Last Updated: May 21st, 2018
Who we are
Onapsis Inc. respects your privacy and is committed to protecting the Personal Data that you share with us on our website, www.onapsis.com (the "Website"). The Website is owned and operated by Onapsis Inc. (called in this notice “Onapsis”, “we”, “our” or “us”).
The following information summarizes Onapsis's policy relating to the collection, use and disclosure of personal data obtained from the Website. It also describes your data protection rights, including a right to object to some of the processing which Onapsis Inc. carries out. More information about your rights, and how to exercise them, is set out in the “What rights do I have?” section.
By accessing or using the Website, you agree to the policies and practices described in this notice. If you do not agree with our policies and practices as described in this notice, you may not use the Website. We may change this notice from time to time. Your use of the Website at any time indicates your acceptance of the version of this notice posted on the Website at such time, so please check this notice periodically for updates.
Collection of Personal Data
“Personal Data” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier including, but not limited to, a first and last name, e-mail address, an online-identifier, a home, postal or other physical address, other contact information and other information required to provide a service you requested, such as title, birth date, gender, occupation, industry, etc.
Onapsis will only collect contact and other Personal Data:
- when voluntarily submitted by you;
- automatically as you navigate through the Website, such as your IP address, pages viewed, length of time spent on the Website and other transactions performed on the Website, and information collected through cookies and other tracking technologies; and
- from third parties you have authorized to share it with us.
- Information You Provide to Us
The information we collect on or through the Website may include:
- information you provide by filling in forms or making other affirmative choices on the Website, including information you provide when you register to use the Website or online events like webcasts; and
- details of transactions you carry out through the Website.
- Information We Collect Through Automatic Data Collection Technologies (Cookies Policy)
As you navigate through and interact with the Website, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including:
- details of your visits to the Website, such as traffic data, logs, navigation data and other communication data and the resources that you access and use on Website; and
- information about your computer and internet connection, including your IP address, operating system, and browser type.
The information we collect automatically is statistical data and may include personal information, but we may maintain it or associate it with personal information we collect in other ways or receive from third parties. This information helps us to:
- understand our user base and usage patterns;
- store information about your preferences, allowing us to customize our Website;
- improve the Website and deliver better service; and
- recognize you when you return to the Website.
The technologies we use for automatic data collection may include:
Pages of the Web ite may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit us to ascertain the effectiveness of our product, service campaigns and marketing programs; allow us to customize the services offered on or through our Website; and help us determine the best use for Website content, and product and service offerings.
Third-Party Use of Tracking Technologies
Your browser may offer you a "Do Not Track" option, which allows you to signal to operators of websites and web applications and services (including behavioral advertising services) that you do not wish such operators to track certain of your online activities, over time and across different websites. Do Not Track signals are set on a browser-by-browser basis, so you must set them on every browser you use if you do not wish to be tracked.
Social Media Buttons
On our Website we use the following social media plug-ins: Facebook, Twitter, LinkedIn, YouTube. The plug-ins can be identified by the social media buttons at the bottom of the Website marked with the logo of the provider of the respective social media networks.
We have implemented these plug-ins using the so-called 2-click solution. This means that when you surf on our website, Personal Data will initially not be collected by the providers of these social media plug-ins. Only if you click on one of the plug-ins will your Personal Data be transmitted: By activating the plug-in, data is automatically transmitted to the respective plug-in provider and stored by them (in the case of US providers your Personal Data will be stored in the USA). We neither have influence on the collected data and data processing operations conducted by the providers, nor are we aware of the full extent of data collection, the purposes or the retention periods.
Information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the respective data protection policies of these providers, where you will also find further information on your rights and options for privacy protection.
Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA: https://www.facebook.com/privacy/explanation
Google LLC (for YouTube)., 1600 Amphitheater Parkway, Mountainview, California 94043, USA: https://www.google.com/policies/privacy/
Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy
LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA: http://www.linkedin.com/legal/privacy-policy
External or Third Party Websites
How we use your Personal data and what the legal basis for this is
Your Personal Data may be processed by Onapsis for the following purposes:
To fulfill a contract, or take steps linked to a contract: this is relevant where you enter or are likely to enter into a service contract with us. This includes:
- verifying your identity;
- communicating with you;
- providing customer services and arranging the delivery or other provision of products and services;
As required by Onapsis to conduct our business and pursue our legitimate interests, in particular:
- we will use your information to provide products and services you have requested, and respond to any comments or complaints you may send us
- we monitor use of our websites and online services, and use your information to help us monitor, improve and protect our products, content, services and websites, both online and offline
- we use information you provide to personalize our website, products or services for you;
- we use information you provide to investigate any complaints received from you or from others, about our website or our products or services;
- we will use data in connection with legal claims, compliance, regulatory and investigative purposes as necessary (including disclosure of such information in connection with legal process or litigation); and
Where you give us your consent:
- we will send you direct marketing in relation to our new relevant products and services, or other products and services provided by us and our affiliates and carefully selected partners.
- we place cookies and use similar technologies in accordance with our Cookies Policy above and the information provided to you when those technologies are used.
- on other occasions where we ask you for consent, we will use the data for the purpose which we will explain at that time.
For purposes which are required by law:
- In response to requests by government or law enforcement authorities conducting an investigation.
Who will we share this data with, where and when?
We may disclose Personal Data that we collect or you provide as described in this notice:
- to fulfill the purpose for which you provide it;
- to service providers we use to support our business (such as helping to provide our Services, for promotional and/or marketing purposes, and to provide you with information relevant to you such as product announcements, software updates, special offers, or other information) and who are bound by contractual obligations to keep personal information confidential and use it only for the purposes for which we disclose it to them;
- for any other purpose disclosed by us when you provide the information;
- for any other purpose with your consent;
We may also disclose your Personal Data as is necessary to: (a) comply with a subpoena or court order; (b) cooperate with law enforcement or other government agency; (c) establish or exercise our legal rights; (d) protect the property or safety of our company and employees, contractors, vendors, and suppliers; (e) defend against legal claims; (f) help with internal and external investigations; or (g) as otherwise required by law or permitted by law or if required for the legal protection of our legitimate interests in compliance with applicable laws.
In the event that our business is sold or integrated with another business, your data will be disclosed to our advisers and any prospective purchaser’s adviser and will be passed to the new owners of the business (subject to the applicable laws).
Where information is transferred outside the EEA, and where this is to a stakeholder or vendor in a country that is not subject to an adequacy decision by the EU Commission, data is adequately protected by EU Commission approved standard contractual clauses, an appropriate Privacy Shield certification or a vendor's Processor Binding Corporate Rules. A copy of the relevant mechanism can be provided for your review on request to [email protected].
Withdrawing consent or otherwise objecting to direct marketing
Wherever we rely on your consent, you will always be able to withdraw that consent, although we may have other legal grounds for processing your data for other purposes, such as those set out above. In some cases, we are able to send you direct marketing without your consent, where we rely on our legitimate interests. You have an absolute right to opt-out of direct marketing, or profiling we carry out for direct marketing, at any time. You can do this by clicking on the "unsubscribe from this list” link in the bottom of the direct marketing email, or by contacting us using the details set out below.
We implement technical and organizational measures that are appropriate to the risk to protect the Personal Data that we process about you.
This Website has industry standard security measures in place to protect against the loss, misuse and alteration of the personal data under Onapsis's control. However, although Onapsis has endeavored to create a secure and reliable Website, the confidentiality of any communication or material transmitted via the Internet cannot be guaranteed. Accordingly, you should consider carefully if you want to submit sensitive Personal Data via the Internet.
Data Retention Periods
We keep your Personal Data for as long as is necessary for the purposes of our relationship with you and/or our clients or for as long as is required pursuant to applicable legal and/or regulatory requirements.
Where we process registration data, we do this for as long as you are an active user of our Website and for 5 years after this.
Where we process Personal Data for marketing purposes or with your consent, we process the data until you ask us to stop and for a short period after this (to allow us to implement your requests). We also keep a record of the fact that you have asked us not to send you direct marketing or to process your data indefinitely so that we can respect your request in future.
Where we process Personal Data for site security purposes, we retain it for 6 months.
Where we process Personal Data in connection with performing a contract or for a competition, we keep the data for 6 years from your last interaction with us for book keeping purposes.
Children Under the Age of 16
Onapsis will not collect Personal Data from any person who is actually known to us to be under the age of 16. If we become aware that a person under 16 has provided Personal Data, Onapsis will take steps to remove such data and terminate that individual's account, access and use of the Website. If you believe we might have any information about a child under 16, please contact us at [email protected]
State of California Residents
Under California Civil Code Section 1798.83 (the "Shine the Light" law), California residents who provide personal information in obtaining products or services from Onapsis are entitled to request and obtain from us once a calendar year information about the customer information we shared, if any, with other businesses for their own direct marketing uses. If applicable, this information would include the categories of customer information and the names and addresses of those businesses with which we shared customer information for the immediately prior calendar year (e.g., requests made in 2016 will receive information regarding 2015 sharing activities). If you are a California resident and would like a copy of this information, please submit a written request to:
Attn: California/Shine the Light
60 State St, 10th Floor
Boston, MA 02109
What rights do I have?
You have the right to ask us for a copy of your Personal Data; to correct, delete or restrict (stop any active) processing of your Personal Data; and to obtain the Personal Data you provide to us for a contract or with your consent in a structured, machine readable format, and to ask us to share (port) this data to another controller.
In addition, you can object to the processing of your Personal Data in some circumstances (in particular, where we don’t have to process the data to meet a contractual or other legal requirement, or where we are using the data for direct marketing).
These rights may be limited, for example if fulfilling your request would reveal Personal Data about another person, where they would infringe the rights of a third party (including our rights) or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping. Relevant exemptions are included in the GDPR. We will inform you of relevant exemptions we rely upon when responding to any request you make.
To exercise any of these rights, or to obtain other information, such as a copy of a legitimate interests balancing test, you can get in touch with us using the details set out below.
If you have unresolved concerns, you have the right to complain to an EU data protection authority where you live, work or where you believe a breach may have occurred.
Which Onapsis entity is my data controller, and which affiliates might my data be shared with?
The data controller for your Personal Data is:
60 State St., 10th Floor
Boston, MA 02109
+1 (617) 603-9932
We hope that we can satisfy any queries you may have about the way we process your data. If you have any concerns about how we process your data, or would like to opt out of direct marketing, you can get in touch at [email protected] or by writing to:
60 State St., 10th Floor
Boston, MA 02109