Introduction

OnCorps is committed to protecting your privacy. In order to provide our services and to provide a personalised experience, we need to collect certain information from you. This Privacy Notice explains when and why we collect Personal Information about you as well as the types of Personal Information we may collect when you interact with us. It also explains how we’ll look after your data and keep it safe. If you have any questions, please contact us at privacy@oncorps.io.

It’s likely that we’ll need to update this Privacy Notice every now and again to make sure it's accurate. We’ll let you know of any major changes, but the most up-to-date version will always be here for you to check.

About OnCorps

This Privacy Policy applies to all the products, services, websites, and apps offered by OnCorps Inc. and OnCorps Ltd (collectively “OnCorps”), except where otherwise noted. We refer to those products, services, websites, and apps collectively as the “services” in this policy.

References to "data" in this Privacy Policy refer to whatever data you use our services to collect, whether it be app interaction or signing up for an event. Reference to Personal Information or just “information” means information about you personally that we collect.

Explaining the legal bases we rely on

The GDPR law on data protection sets out a number of different reasons a company may collect and process your Personal Information, including:

  • Consent: In specific situations, we can collect and process your data with your consent - e.g. when you tick a box online or sign up to receive invitations from us. When collecting your Personal Information, we’ll always make clear to you which data is necessary in connection with a particular service.
  • Contractual obligations: In some instances, we need your Personal Information to comply with our contractual obligations.
  • Legal compliance: We may be legally bound to collect and process your data.
  • Legitimate interest: We require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom, or interests.

Types of relationships

Depending on our relationship with you, we require different types of Personal Information in order to deliver our services to you. Here are some definitions of the type of relationships we may have with you:

  • Owners: You create or administer OnCorps solutions.
  • Users: You use a solution powered by OnCorps.
  • Community Member: You expressed interest in our events, attended one or more of our events, or asked to stay in touch with OnCorps.
  • Visitor: You visited our website.

The types of Personal Information we collect

CONTACT INFORMATION (FOR EXAMPLE, AN EMAIL ADDRESS)

You might provide us with your contact information, whether through use of our services, a form on our website, an interaction with our sales or support team, or as a user of one of our apps. We always keep our requests for contact information to a minimum.

PROFILE DATA

When you sign into our apps, attend our events, or create an application with us, you may be asked to provide us with information about yourself and to give us more detailed insights into who you are.

USAGE INFORMATION

We collect usage information whenever you interact with our websites or solutions. This includes which webpages you visit, what you click on, when you perform those actions, what language preference you have, and so on.

DEVICE AND BROWSER DATA

We collect information from the device and application you use to access our services. This data mainly refers to your IP address, operating system version, device type, system and performance information, and browser type.

INFORMATION FROM COOKIES

We use third party tracking services that employ cookies to collect data about visitors to our websites. This data includes usage and user statistics. Emails sent by OnCorps or by users through our services include page tags that allow the sender to collect information about who opened those emails and clicked on links within them. We provide more information on cookies in our Cookies Policy.

LOG DATA

Like most websites today, our web servers keep log files that record data each time a device accesses those servers. The log files contain data about the nature of each access, including originating IP addresses, internet service providers, the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system versions, device type, and timestamps.

REFERRAL INFORMATION

If you arrive at an OnCorps website from an external source (such as a link on another website or in an email), we record information about the source that referred you.

INFORMATION FROM THIRD PARTIES AND INTEGRATION PARTNERS

We collect your Personal Information or data from third parties if you give permission to those third parties to share your information with us (e.g. LinkedIn for authentication).

If you are an Owner, we will also collect:

ACCOUNT INFORMATION

We require information about your company and role as part of the account information.

BILLING INFORMATION

If you make a payment to OnCorps, we require you to provide your billing details, a name, address, email address, and financial information corresponding to your selected method of payment.

If you are a User of our own applications, we will collect:

APPLICATION DATA

We store your application data (responses) for you and provide ways to analyse and understand this information.

How we collect your Personal Information

There are a number of ways in which we may collect information about you:

  • When you visit our website
  • When you sign up for an event or ask to be notified about future events
  • When you consent to receive information about OnCorps
  • When you engage OnCorps to create a solution for your business
  • When you use an OnCorps powered application
  • When you try out some of our demonstration applications
  • When you engage with us on social media
  • When you have given a third-party permission to share information they hold about you with us

How and why we use your Personal Information

The information we hold about you may be used in any of the following ways:

  • To provide and to improve our services to you
  • To send you further information about our services which we think may be of interest to you
  • To send you further information about our services based on a request we have received from you
  • To fulfill our obligations to you
  • To provide you with notification about any changes to our services relevant to you

Protection of your Personal Information

The security of your Personal Information is very important to us. We take a lot of care to handle and store it as best we can and in line with new legislation.

Here are some ways we secure your data:

  • We have in place an information security management system, including security processes and policies that are certified as ISO 27001 compliant by an external assessor.
  • We encrypt Personal Information data at rest where possible.
  • We use encrypted https links between our web server and your browser.
  • We monitor and check our data security systems for possible vulnerabilities and attacks, and we carry out penetration testing to identify ways to further strengthen security.

Who we need to share your Personal Information with and why

At times, we need to share your Personal Information with trusted third parties. We only provide what they need and they cannot use your data for anything other than their stated purposes. Your data is deleted or rendered anonymous if we stop working with them.

We use companies who will process and store your Personal Information as part of their contract or terms and conditions with us, including Google Analytics, Google Suite, and Amazon Web Services.

We will never sell or trade your contact details with any third parties. There are some instances when we may have to share your information based on our legal obligations.

Where your Personal Information may be processed

Sometimes we will need to share your Personal Information with third parties outside the European Economic Area (EEA), such as the USA.

If we do this, we have procedures in place to ensure your data receives the same protection as if it were being processed inside the EEA by ensuring they have adequate controls in place.

Any transfer of your Personal Information will follow applicable laws and we will treat the information under the guiding principles of this Privacy Notice.

Your rights over your Personal Information

You retain the right to request us to refrain from processing your Personal Information for the purposes of marketing. To exercise such right, you may unsubscribe using the link in an email we send to you or you can exercise this same right by contacting us electronically via email at privacy@oncorps.io.

We are required to maintain your Personal Information accurately. If you believe any of the Personal Information that we process is inaccurate, you are entitled to contact us to correct any inaccuracies at privacy@oncorps.io. When we agree that the Personal Information held by us is inaccurate, we will correct such inaccuracies without undue delay.

We will not be responsible for correcting inaccuracies in third party Personal Information unless you have informed us of such inaccuracies, in which case we will provide you with reasonable assistance in complying with your obligations as data controller under the applicable Data Protection Laws in relation to any inaccurate third party data.

Right to be forgotten - if we no longer have a legal basis to process your Personal Information or if the legal basis that we are relying on is consent and you subsequently withdraw your consent, then we will stop processing your Personal Information.

You are responsible for ensuring that any third party request to be forgotten is applied to any third party Personal Information that you send to us. We will provide you with reasonable assistance in complying with your obligations as data controller under the applicable Data Protection Laws in relation to any third party requests to be forgotten.

You may at any time contact us to review the Personal Information we hold about you. You may exercise this right by contacting us at privacy@oncorps.io.

EU-US Privacy Shield

In compliance with the EU-US Privacy Shield Principles, OnCorps commits to resolve complaints about your privacy and our collection or use of your personal information.  European Union individuals with inquiries or complaints regarding this privacy policy should first contact our Privacy Officer at: Email address: privacy@oncorps.io

OnCorps has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) with regard to unresolved Privacy Shield complaints concerning data transferred from the EU and will refer unresolved privacy complaints under the EU-US Privacy Shield Principles to the UK ICO, the UK’s independent body set up to uphold information rights. If you do not receive timely acknowledgment of your complaint by OnCorps, or if your complaint is not satisfactorily addressed by OnCorps, please contact the Regulator as noted below.

OnCorps complies with the EU/US Privacy Shield framework and U.S Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union members.  OnCorps has certified to the Department of Commerce that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability.  If there is any conflict between the policies in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.  To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/.

U.S. Privacy Shield: Transfer of Personal Information

OnCorps participates in and has certified its compliance with the EU and U.S. Privacy Shield Framework. OnCorps is committed to subjecting all Personal Information received from European Union (EU) member countries, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles.

OnCorps is responsible for the processing of customer Personal Information it receives under the requirements specified by the Privacy Shield Framework.  Any  transfers from OnCorps to a third party acting as an agent on OnCorps's behalf are generated in accordance with OnCorps’s contractual obligations with its customers.  OnCorps complies with the Privacy Shield Principles for all onward transfers of Personal Information from the EU, including the onward transfer liability provisions.

In certain situations, OnCorps may be required to disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Inquiries and Complaints

You may also be able to invoke binding arbitration for unresolved complaints but prior to initiating such arbitration, a resident of a European country participating in the Privacy Shield must first: (1) contact us at privacy@oncorps.io and afford us the opportunity to resolve the issue; (2) seek assistance from ICO an alternate dispute resolution provider located in the United Kingdom; and (3) contact the U.S. Department of Commerce (either directly or through a European Data Protection Authority) and afford the Department of Commerce time to attempt to resolve the issue. US Dept. of Commerce.

With respect to human resources data, OnCorps will cooperate and comply with the EU DPA’s and the UK Information Commissioner’s Office with respect to human resources data transferred from the EU or the UK in the context of the employment relationship.

OnCorps has further committed to refer unresolved Privacy Shield complaints to the ICO. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact ICO as noted below.  The services of the ICO are provided at no cost to you.

U.S. Federal Trade Commission Enforcement

Our Privacy Shield compliance is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

Internet Security Policy

For site security purposes and to ensure that this service remains available to all users, this computer system employs software programs to monitor network traffic to identify unauthorized attempts to upload or change information, or otherwise cause damage. Unauthorized attempts to upload information or change information on this service are strictly prohibited and may be punishable under the Computer Fraud and Abuse Act of 1986 and the National Information Infrastructure Protection Act.

Contacting the Regulator/Arbitrator

If you are at all unhappy about the handling of your data, you can send a complaint to the Information Commissioner’s Office by calling +44 303 123 1113 or go online to www.ico.org.uk/concerns

If you are based outside the UK, you have the right to lodge your complaint with the relevant data protection regulator in your country of residence.

Questions?

We hope this Privacy Notice has been helpful in setting out the way we handle your Personal Information and your rights to control it.