OnCorps is committed to protecting your privacy. In order to provide our services and to provide a personalised experience, we need to collect certain information from you. This Privacy Notice explains when and why we collect Personal Information about you as well as the types of Personal Information we may collect when you interact with us. It also explains how we’ll look after your data and keep it safe. If you have any questions, please contact us at firstname.lastname@example.org.
It’s likely that we’ll need to update this Privacy Notice every now and again to make sure it's accurate. We’ll let you know of any major changes, but the most up-to-date version will always be here for you to check.
The GDPR law on data protection sets out a number of different reasons a company may collect and process your Personal Information, including:
Depending on our relationship with you, we require different types of Personal Information in order to deliver our services to you. Here are some definitions of the type of relationships we may have with you:
CONTACT INFORMATION (FOR EXAMPLE, AN EMAIL ADDRESS)
You might provide us with your contact information, whether through use of our services, a form on our website, an interaction with our sales or support team, or as a user of one of our apps. We always keep our requests for contact information to a minimum.
When you sign into our apps, attend our events, or create an application with us, you may be asked to provide us with information about yourself and to give us more detailed insights into who you are.
We collect usage information whenever you interact with our websites or solutions. This includes which webpages you visit, what you click on, when you perform those actions, what language preference you have, and so on.
DEVICE AND BROWSER DATA
We collect information from the device and application you use to access our services. This data mainly refers to your IP address, operating system version, device type, system and performance information, and browser type.
INFORMATION FROM COOKIES
We use third party tracking services that employ cookies to collect data about visitors to our websites. This data includes usage and user statistics. Emails sent by OnCorps or by users through our services include page tags that allow the sender to collect information about who opened those emails and clicked on links within them. We provide more information on cookies in our Cookies Policy.
Like most websites today, our web servers keep log files that record data each time a device accesses those servers. The log files contain data about the nature of each access, including originating IP addresses, internet service providers, the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system versions, device type, and timestamps.
If you arrive at an OnCorps website from an external source (such as a link on another website or in an email), we record information about the source that referred you.
INFORMATION FROM THIRD PARTIES AND INTEGRATION PARTNERS
We collect your Personal Information or data from third parties if you give permission to those third parties to share your information with us (e.g. LinkedIn for authentication).
If you are an Owner, we will also collect:
We require information about your company and role as part of the account information.
If you make a payment to OnCorps, we require you to provide your billing details, a name, address, email address, and financial information corresponding to your selected method of payment.
If you are a User of our own applications, we will collect:
We store your application data (responses) for you and provide ways to analyse and understand this information.
There are a number of ways in which we may collect information about you:
The information we hold about you may be used in any of the following ways:
The security of your Personal Information is very important to us. We take a lot of care to handle and store it as best we can and in line with new legislation.
Here are some ways we secure your data:
At times, we need to share your Personal Information with trusted third parties. We only provide what they need and they cannot use your data for anything other than their stated purposes. Your data is deleted or rendered anonymous if we stop working with them.
We use companies who will process and store your Personal Information as part of their contract or terms and conditions with us, including Google Analytics, Google Suite, and Amazon Web Services.
We will never sell or trade your contact details with any third parties. There are some instances when we may have to share your information based on our legal obligations.
Sometimes we will need to share your Personal Information with third parties outside the European Economic Area (EEA), such as the USA.
If we do this, we have procedures in place to ensure your data receives the same protection as if it were being processed inside the EEA by ensuring they have adequate controls in place.
Any transfer of your Personal Information will follow applicable laws and we will treat the information under the guiding principles of this Privacy Notice.
You retain the right to request us to refrain from processing your Personal Information for the purposes of marketing. To exercise such right, you may unsubscribe using the link in an email we send to you or you can exercise this same right by contacting us electronically via email at email@example.com.
We are required to maintain your Personal Information accurately. If you believe any of the Personal Information that we process is inaccurate, you are entitled to contact us to correct any inaccuracies at firstname.lastname@example.org. When we agree that the Personal Information held by us is inaccurate, we will correct such inaccuracies without undue delay.
We will not be responsible for correcting inaccuracies in third party Personal Information unless you have informed us of such inaccuracies, in which case we will provide you with reasonable assistance in complying with your obligations as data controller under the applicable Data Protection Laws in relation to any inaccurate third party data.
Right to be forgotten - if we no longer have a legal basis to process your Personal Information or if the legal basis that we are relying on is consent and you subsequently withdraw your consent, then we will stop processing your Personal Information.
You are responsible for ensuring that any third party request to be forgotten is applied to any third party Personal Information that you send to us. We will provide you with reasonable assistance in complying with your obligations as data controller under the applicable Data Protection Laws in relation to any third party requests to be forgotten.
You may at any time contact us to review the Personal Information we hold about you. You may exercise this right by contacting us at email@example.com.
OnCorps has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) with regard to unresolved Privacy Shield complaints concerning data transferred from the EU and will refer unresolved privacy complaints under the EU-US Privacy Shield Principles to the UK ICO, the UK’s independent body set up to uphold information rights. If you do not receive timely acknowledgment of your complaint by OnCorps, or if your complaint is not satisfactorily addressed by OnCorps, please contact the Regulator as noted below.
U.S. Privacy Shield: Transfer of Personal Information
OnCorps participates in and has certified its compliance with the EU and U.S. Privacy Shield Framework. OnCorps is committed to subjecting all Personal Information received from European Union (EU) member countries, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles.
OnCorps is responsible for the processing of customer Personal Information it receives under the requirements specified by the Privacy Shield Framework. Any transfers from OnCorps to a third party acting as an agent on OnCorps's behalf are generated in accordance with OnCorps’s contractual obligations with its customers. OnCorps complies with the Privacy Shield Principles for all onward transfers of Personal Information from the EU, including the onward transfer liability provisions.
In certain situations, OnCorps may be required to disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Inquiries and Complaints
You may also be able to invoke binding arbitration for unresolved complaints but prior to initiating such arbitration, a resident of a European country participating in the Privacy Shield must first: (1) contact us at firstname.lastname@example.org and afford us the opportunity to resolve the issue; (2) seek assistance from ICO an alternate dispute resolution provider located in the United Kingdom; and (3) contact the U.S. Department of Commerce (either directly or through a European Data Protection Authority) and afford the Department of Commerce time to attempt to resolve the issue. US Dept. of Commerce.
With respect to human resources data, OnCorps will cooperate and comply with the EU DPA’s and the UK Information Commissioner’s Office with respect to human resources data transferred from the EU or the UK in the context of the employment relationship.
OnCorps has further committed to refer unresolved Privacy Shield complaints to the ICO. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact ICO as noted below. The services of the ICO are provided at no cost to you.
U.S. Federal Trade Commission Enforcement
Our Privacy Shield compliance is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).
Internet Security Policy
For site security purposes and to ensure that this service remains available to all users, this computer system employs software programs to monitor network traffic to identify unauthorized attempts to upload or change information, or otherwise cause damage. Unauthorized attempts to upload information or change information on this service are strictly prohibited and may be punishable under the Computer Fraud and Abuse Act of 1986 and the National Information Infrastructure Protection Act.
If you are at all unhappy about the handling of your data, you can send a complaint to the Information Commissioner’s Office by calling +44 303 123 1113 or go online to www.ico.org.uk/concerns
If you are based outside the UK, you have the right to lodge your complaint with the relevant data protection regulator in your country of residence.
We hope this Privacy Notice has been helpful in setting out the way we handle your Personal Information and your rights to control it.