Last Updated: June 4, 2018
1. What is Personal Data?
“Personal Data” is information that, either alone or in combination with other information, identifies you or can be used to identify you. When we combine other information (i.e., information that does not, on its own, identify you) with Personal Data about you, we treat the combined information as Personal Data.
- You use Odaseva products and services (collectively, the “Service“).
3. What Personal Data Do We Collect and For What Purposes
If you are a user of our Service (a “Customer”) or otherwise visit our Site, we may collect the following type of information through your use of the Site:
- Contact, Account, and Billing Information: We process Personal Data that you provide through creation and management of your account, such as your last name, first name, e-mail address, job title, phone number, and payment information. We process this Personal Data only as necessary to provide you with the Service under the terms of our Master Services Agreement or for our legitimate interests in providing a Service that meets your needs and expectations. For example, we use this information to bill you for your use of the Service; respond to your inquiries regarding the Service; facilitate our account recovery services in the event you forget your log-in credentials; and for other purposes related to the reasons for which you provide Personal Data.
We use your email address to contact you from time to time in furtherance of our legitimate interests in providing you with information regarding the Service, such as invoices, payment receipts, and information regarding critical updates to your subscription. Unless you opt out using the process described in Section 6, below, we will also send you a newsletter, as well as information on new features available with an upgrade to your subscription.
- User ID and Password Information. We process Customers’ user ID and password information to enable them to log into and use the Service. We process this Personal Data only as necessary to provide you with the Service under our Master Services Agreement.
- IP Address, Header Information, and Audit Trails: We automatically collect certain information when you visit our Site, such as IP address and Header Information. We sometimes provide our customers’ administrators with detailed Audit Trails, upon request. “Header Information” is information such as browser type, operating system, language, screen resolution, referring URL, etc. provided to our web server by your browser. We have a legitimate interest in using such information to assist in log-in, systems administration purposes, information security and abuse prevention, and to track user trends.
To help operate the Site and the Service, enhance your experience, and collect information about online activity, we place small data files on your device known as “cookies,” or we use similar technologies (e.g., pixel tags, web beacons, local shared objects). Cookies and similar technologies enable us to personalize the Site, and help make our Site load faster (through “load balancing” technology). These technologies may allow us to store and manage your preferences and settings; measure and analyze how you use the Services and effectiveness of our communications; administer the Site, offer targeted products, programs, and services; and help us improve Site, our products, services, and security.
Most browsers provide you with the ability to block, delete, or disable these technologies. If you choose to reject cookies or similar technologies, some features of our Site and Service may not be available or some functionality may be limited or unavailable. Please review your browser manufacturer’s help pages for assistance with changing your settings.
5. To Whom We Disclose Personal Data
This section describes to whom we disclose Personal Data, and for what purposes:
- Our Service Providers. We employ service providers to perform tasks on our behalf and to assist us in providing the Site and Service. For more information, please see our List of Service Providers.
- Companies Involved in Mergers and Acquisition Transactions and Other Corporate Reorganizations. In some cases, Odaseva may choose to buy or sell assets. In these types of transactions, user data (including Personal Data) is typically one of the business assets transferred. Moreover, if Odaseva, or substantially all of its assets, were acquired, user data would be one of the assets that is reviewed and transferred or acquired by a third party.
- Law Enforcement, Government Agencies, and Courts: We may disclose Personal Data at the request of law enforcement or government agencies or in response to subpoenas, court orders, or other legal process to establish, protect, or exercise our legal or other rights or to defend against a legal claim or as otherwise required or allowed by law, or to protect the rights, property, or safety of a Customer or any other person. We may also disclose Personal Data to investigate or prevent a violation by you of any contractual or other relationship with us or your illegal or harmful activity.
6. How You Can Opt-Out
- Email Opt-Out. Customers may choose not to receive marketing emails from us and can opt out of such e-mails through their account settings or by utilizing the opt-out functionality included in marketing emails.
7. Personal Data Transferred from the EU or Switzerland
Odaseva has committed to refer unresolved privacy complaints under the Privacy Shield Principles to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://www.jamsadr.com/eu-us-privacy-shield for more information and to file a complaint.
These recourse mechanisms are available at no cost to you. Damages may be awarded in accordance with applicable law.
Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.
In cases of onward transfer to third parties of data of EU or Swiss individuals received pursuant to the Privacy Shield, Odaseva is potentially liable.
8. Your Rights
As a controller of the Personal Data collected by or through the Site and in connection with your use of the Services, we take steps to help ensure that you are able to exercise rights regarding Personal Data about you in accordance with applicable law.
If you would like to access, amend, erase, export (i.e., data portability or right to be forgotten), or object to or restrict the processing of Personal Data collected via the Site, you may submit a request to firstname.lastname@example.org. We will promptly review all such requests in accordance with applicable laws. Our opt-out feature, described in Section 6, also enables you to exercise your right to object to certain processing activities.
Depending on where you live, you may have a right to lodge a complaint with a supervisory authority or other regulatory agency if you believe that we have violated any of the rights concerning Personal Data about you. We encourage you to first reach out to us at email@example.com, so that we have an opportunity to address your concerns directly before you do so.
9. Personal Data Relating To Children
We do not knowingly provide access to the Service to children under the age of sixteen (16). If we learn that we have collected Personal Data from children, we will promptly take steps to delete such Personal Data.
10. Retention of Personal Data
We dispose of our copies of Personal Data that we retain on behalf of our customers until the expiration of our contracts with such customers. Because we process Personal Data on behalf of our customers, we cannot control how long customers retain their copies of Personal Data.
Where feasible, we dispose of data, including Personal Data, on a regular schedule. For example, we retain analytics information relating to visitors of our Site for approximately 3 years.
11. How We Protect the Confidentiality and Integrity of Personal Data
Odaseva considers security of Personal Data to be of the utmost importance. As such, Odaseva uses state-of-the-art administrative, technical, and physical security measures to protect Personal Data. While we may use third-party services to conduct business, our security process is built around an in-depth assessment of the security level of these third parties, and we apply strict security rules when authenticating and using these services. However, we cannot guarantee that hackers or unauthorized personnel will not gain access to your Personal Data despite our efforts.
12. Links to Third Party Websites
Our Site may contain links to third party websites. Please be aware that we are not responsible for the privacy practices of third party websites you choose to visit. If you provide any information directly to parties other than us, different rules may apply to the use or disclosure of that information. We encourage you to investigate and ask questions before disclosing Personal Data to third parties.
14. Contacting Us
Attn: Privacy Officer
185 Alewife Brook Parkway, Suite 210
Cambridge, MA 02138
United States of America