PRIVACY POLICY

Otentico Limited takes personal data seriously. This notice explains how we look after your personal data and tells you about your privacy rights and how the law protects you.

SUMMARY OF OUR PRIVACY POLICY

Our clients using the Otentico platform are responsible for their own data. Otentico will not sell or use contact details clients use on our portal for anything other than the purposes required within the portal. Clients are responsible for ensuring they have suitable permissions to handle the data they upload to and save on our platform and handle all sensitive data with the suitable care.

OUR FULL PRIVACY POLICY

Otentico Limited (“Otentico Limited”, or “Otentico”, or “we” or “us”), acting under the brand Otentico, are committed to protecting and respecting your privacy. Our Privacy Policy describes how we capture and use the personal data that we gather about visitors to this website, our clients and users of our products and services. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

For the purposes of European data protection legislation, Otentico Limited acts as data controller in relation to all personal data (e.g. registration, billing and account information) described in this Privacy Policy other than data provided in connection with the use of our platform by our clients’ customers.

As further described below, the data controller for customers data obtained while using our platform and services is our client who produced the products, or otherwise uploaded their data to the platform and with which its customers interacted, who determines the type and level of interaction and services provided to its customers, and how their data is to be used and disclosed to others. We will only process such client data in accordance with our client’s instructions and for the purposes set out in the relevant contract between us and our client, such as our Terms and Conditions of Service.

If you have any questions, comments or complaints regarding our Privacy Policy or practices, please contact us at one of the following addresses:

  • Email at privacy@otenti.co
  • or a letter to : Otentico Limited, 64 New Cavendish Street, London, W1G 8TB

Information we may collect from You

When you use our website or our products and services, we may collect and process the following data about you:

a) Information that you give us

You may give us information about you by corresponding with us by phone, email or otherwise. This includes information that you provide when you register to use our website, subscribe to our services, including setting up a client account, place an order with us, engage in online or mobile chat with us for the purpose of customer support and education or when you report a problem with our website, platform or services. The information you give us may include your name, organization, job title, address, email address, phone number, username, financial and credit card information (including billing address). We also ask for and collect personal data such as an email address and a name from any individual that you authorise to use our products and services such as your employees, representatives or affiliates.

Our products and services enable our clients to create and administer digital records of their own products and make certain information about these products available via mobile apps. We may host our clients’ data on our servers and collect some information about interactions with their products via mobile apps, our website or otherwise. Our clients may also use this data to carry out business analysis , produce reports and if you provided them with your private information contact you in the course of conducting their own businesses. As a result, if you are a client of us using our services:

  • we may hold, store and process data for you, or
  • we may process information if you provide us with contact information of your customers and users, or if invite them to use your services provided through our platform,

in accordance with our Terms and Conditions of Service. We do not use the data or information ourselves or provide it to third parties, except in the limited circumstances described below.

If you are a customer of one of our clients, or a user of one of our mobile apps, our platform may collect and store anonymised information about your interaction with our client(s)’ products, and may carry out an analysis of this data to produce a report to our client. Please note that our client, with which product you interacted with, remines that data controller and responsible for this data and its management, as explained below in ‘How We Use the Information’.

b) Information that we collect about you

We use Google Analytics and its cookies on our website. When you visit our website, we may automatically collect anonymised information about your visit such as the webpages you viewed, length of visits to certain pages, and the times and dates of these visits. We may also collect data from the device and application that you use to access our website and mobile apps, including your browser type, IP address and internet service provider, from both of which we may infer your geographic location, and GPS location when you use our mobile apps and authorised our apps to access that information. If you arrive at our website from an external source (such as a link on another website or in an email) we may record that source (i.e. referral link).

We may also automatically collect information about the usage of our software, including the version of mobile app(s) you use and, if any, crash or error reports generated while using our mobile apps.

c) Information that we receive from other sources

We may receive information about you from our clients, third parties with whom we work, including our business partners, sub–contractors in technical, payment and delivery services, analytics providers, search information providers and our group companies.

How we use the information

We use the information held about you in the following ways:

  • To carry out our obligations arising from any contracts entered into between you or your organisation and us and to provide you with our services that you request from us. This may include providing you with customer support.
  • To ensure that content from our website is presented in the most effective manner for you and your device.
  • To administer our website and for our internal operations, including troubleshooting, data analysis, testing, research and statistical purposes, and as part of our efforts to keep our website and services safe and secure and prevent unauthorised access to our services.

We may use information collected about your use of our software or services to provide you with the benefits of any updated feature and improvements, or to ensure that you are using our platform in accordance with our Terms and Conditions of Service.

Legal basis for processing (EEA only)

where your data is processed by Otentico Limited or if you are an individual from the EEA, our legal basis for collecting and using your personal data when we act as data controller will depend on the personal data concerned and the specific context in which we collect it. However, we will normally collect personal data from you only:

  • where we require the personal data to perform and deliver our service to you (e.g. to deliver the services that you have requested or paid for);
  • where we have your consent to do so, and in this case you have the right to withdraw or refuse to give your consent at any time. This will not however affect the lawfulness of any processing based on your consent before you withdraw it;
  • where the processing is in our legitimate interests in operating our business and supplying our services, and those legitimate interests are not overridden by your data protection interests or fundamental rights and freedoms; or
  • if we have a legal obligation to collect the personal data from you.

If we ask you to provide personal data to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal data is mandatory or not.

If you have any questions about or require further information concerning the legal basis on which we collect and use your personal data, please contact us using the contact details above.

Use of client data by clients: we will use your data to hold, store and process it in accordance with your instructions, our service and Terms and Conditions of Service. We use the data purely to provide our service to you and will only use it for our own purposes if we are required to do so by law.

Use of client data by their customers and users: all information that is collected during your use of our services according to this Privacy Policy will be provided to our relevant client, with which product(s) you have interacted. Please be aware that our clients control the data and can decide how the data is to be used, which may include using it for research, business analytics, preparation of reports, provision of customer service related to their products and contacting you if you have opted-in and authorised them to do so through our mobile apps. We recommend that you review and understand the privacy policy of our client(s), whose product(s) you have interacted with. We will not use your personal details for our own purposes unless we are required to do so by law.

Disclosure or sharing of your information

We will not disclose your personal information in any circumstance except as described below:

  • We use third-party intermediaries to manage payment and credit card processing for us. These intermediaries are not permitted to store, retain, or use our clients’ billing and credit card information for any purpose except for processing payments for our services on our behalf;
  • In order to enforce or apply our Terms and Conditions of Service or other agreements, and to protect the rights (including intellectual property rights), property or safety of Otentico Limited, our customers or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction;
  • If we are under a duty to disclose or share your personal data in order to comply with any legal obligation such as a court order or subpoena or respond to a request from a government or a regulatory body.

In relation to data collected from interactions with our clients’ products, we will not provide any such data to anyone other than our relevant client (i.e. the data controller), or to the relevant law enforcement authority if required to do so by law.

Updating your information

If you wish to update, amend or request deletion of your personal information or data you may do so by making the change within your account once logged in, or by emailing us at privacy@otenti.co. We will respond to your request within 30 days.

Your rights as a data subject

On your request we will provide you with information about whether we hold any of your personal information, but if you are a customer or user of our client(s), please see below. To request this information please contact us at privacy@otenti.co. You may update, amend or request deletion of your information as described above.

If you are a customer of any of our clients, or a user of our mobile apps, and wish to access, correct, or delete any data about you stored or processed by us on behalf of one of our clients, or exercise the rights described below, you should contact the relevant client as data controller in the first instance. Where needed, we will provide assistance to our clients to deal with your request.

Where your data is processed by Otentico Limited or if you are from the EEA you may have the right to exercise additional rights available to you, including:

Right of Erasure: in certain circumstances you have the right to erasure of personal data held about you, although this may be qualified where e.g. it is necessary for that data to be retained for record keeping purposes or compliance with our obligations.

Right to Object: you have the right to opt-out, if you have opted-in in the first place.

Right of Restriction: you may have to right to request that we restrict the processing of your personal data (e.g. where you believe that the personal data we hold about you is inaccurate or unlawfully held).

Right to Data Portability: you may have the right to be provided with your personal data in a structured, machine readable and commonly used format and to request that we transfer the personal information provided by you to another data controller where and if appropriate.

If you would like to exercise such rights, please contact us at privacy@otenti.co. To protect your privacy and security, we may take steps to verify your identity before complying with the request.

You also have the right to complain to a data protection authority about our collection and use of your personal data. For more information, please contact your local data protection authority. In the UK, this is the Information Commissioner’s Office (https://ico.org.uk).

Data retention

We will retain your information for as long as your client account is active or as needed to provide our services to you, or otherwise fulfil the purposes described in this Privacy Policy. If you wish to cancel your account or request that we no longer use your information to provide our services to you and/or your customers and users, please contact us at privacy@otenti.co.

We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Our retention of data related to interactions with our clients’ products is governed by the Terms and Conditions of Service that our clients agree to. As data controllers, our clients are responsible for the management of their data and can download that data to their own systems or delete it at any time. Where needed, we will help our clients to deal with such tasks.

Cookies and other tracking technologies

We use Google Analytics’ standard service. Google Analytics uses cookies to improve users’ experience by enabling a website to ‘remember’ you, either for the duration of your visit (using a ‘session cookie’) or for repeat visits (using a ‘persistent cookie’).

We may use the data from Google Analytics to improve our website’s performance and your experience of using our website. Visitors to our website can block the use of cookies at the individual browser level. If you reject cookies, you may still use our website uninterrupted.

Links to other websites

Our website may but not necessarily contain links to and from third party websites. The information practices and the content of such other websites are governed by their privacy policies. If you click on a link to those websites you will leave our website to go to the website that you selected. Please note that we cannot accept responsibility or liability for any use of your personal information by such third parties and cannot guarantee that they will adhere to the same privacy practices as us.

Social media features and widgets

Our mobile apps may contain social media features, such as Share, Post and the Facebook Like button. If you click on or invoke any of these features, you may be prompted to leave our mobile app and get transferred to their apps or webpages, which are governed by their own privacy policy.

Storage and security

The information that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who work for us or one of our suppliers. Such staff may be engaged in, for example, providing you with our services or processing your payment details. By submitting your personal information and data you consent to this transfer, storing or processing. The security of your personal information is important to us and we will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy.

All information that you provide to us is stored on secure servers. When you enter personal information within the customer login area of the site, we encrypt that information using secure socket layer technology (SSL). Where you use a password to access your account and certain areas of our website and services you are responsible for keeping this password confidential and must not share it with anyone.

No method of transmission over the internet, or method of electronic storage, is 100% secure, however. Therefore, while we will do our best to protect your personal information, we cannot guarantee its absolute security, and any transmission of data to our website or services is at your own risk.

Changes to our Privacy Policy

Any changes we may make to this Privacy Policy in the future will be posted on this page and, where the changes are material, notified to you by email or by means of a notice on our home page, prior to the changes becoming effective. Please check back frequently to see any updates or changes to our Privacy Policy.

OTENTICO Limited.

Last Updated: 11 November 2018