Legal
How OCTO collects, uses, and protects your personal information.
This website is owned and provided by OCTO Standards NP Inc ("OCTO", "us", "we", or "our"). We are committed to maintaining the security and privacy of your personal information while using our Service. This Policy documents our on-going commitment to you and has been developed in compliance with the Personal Information Protection Act ("PIPA") and the European Union General Data Protection Regulation ("GDPR").
This Policy informs you of our policies regarding the collection, use and disclosure of personal information when you use our Services and the rights you have associated with such information.
We have appointed a privacy officer who is responsible for overseeing questions in relation to this Policy. If you have any questions about this Policy, including any requests to exercise your legal rights, please contact our privacy officer using the details set out under the "Complaints" section at the end of this Policy.
This Policy addresses personal information collected related to the Services and otherwise in the course of our business activities. Personal information includes any information about an individual which the individual can be identified. Personal information does not include information where the identity of the individual has been removed (anonymous data) or information concerning corporate or commercial entities.
As a provider of the Services, we may receive, process or store certain information, including personal information, on behalf of our providers and business partners ("Suppliers"). All such information ("Supplier Data") is owned and controlled by our Suppliers, who are the data controllers for such information with respect to GDPR. As data controllers, our Suppliers determine the purposes and means of processing personal information. Supplier Data may include information from the end points and other systems, tools or devices that our Suppliers manage or monitor using our Services, and end user data related to individual activities on Supplier's network and systems. Supplier Data may also include event logs and end user information (such as IP address, email address and device type).
We are a data processor for Supplier Data. This means that we process Supplier Data on the basis of instructions from our Suppliers.
We collect information as part of our normal business operation and in the administration of our relationship with Suppliers, which may include personal information.
We collect and maintain information about our Suppliers, which may include company name, business contact name and title, phone number, email and other contact details. We may also collect payment information such as billing address, financial account, credit card information, order details, license information and usage details.
In using the Service, you may be prompted to provide certain personal information to us which may include:
When Suppliers contact us for support or other customer services requests, we maintain support tickets and other records related to the requests, including any information provided by Suppliers related to such support or service requests.
When you use the Services, we use cookies and similar tracking technologies to collect information about your usage of our Services ("Usage Data") including IP address, browser type, browser version, date, time and duration of visit of the Services, operating system, page visits, the unique device identifiers and other diagnostic data. We do not collect Usage Data about end users of Suppliers, except as necessary for support or to provide services as requested by our Suppliers (in which case we are a data processor of such data).
The following is an overview of our purposes for using personal information that we process and store as data processor. For individuals in the European Union, our processing of personal information is justified on the following legal bases:
We collect personal information for the following purposes:
When personal information is to be used for a purpose not previously identified, the new purpose will be disclosed to you prior to such use, and your consent will be sought unless the use is authorized or required by applicable laws and regulations.
We use cookies and similar tracking technologies to track the activity on our Services and hold certain information. Cookies are files with a small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyze our Service.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. However, this may prevent you from taking full advantage of our Services. For more information about cookies and how to disable them, please visit allaboutcookies.org.
We use the following cookies:
We use Google Analytics to monitor and analyze the use of our Service. You can opt out of Google Analytics by downloading the Google Analytics opt-out browser add-on. For more information, see Google's Privacy & Terms.
We maintain personal information on servers located in the United States or on the servers of a designated data processor under our control. Such transfer is necessary for the Purposes. By allowing us to collect your personal information, you consent to such transfer and the processing thereof. While your personal information is located outside your home jurisdiction, it may be subject to the laws of the jurisdiction in which it is retained.
We will take all reasonable steps necessary to ensure that personal information is treated securely and in accordance with this Policy and will not be transferred unless there are adequate controls in place to protect the personal information.
We may share your personal information with the following third parties:
Our Services are not directed to, and we do not knowingly collect personal information from, persons under the age of majority. If you are under the age of majority in your home country, please do not use our Services. If we are made aware that we have collected personal information from a minor without parental consent and are asked to erase such information, we will do so without undue delay.
We will seek consent to collect, use or disclose personal information except where we are authorized or required by applicable laws and regulations to do so without consent.
By using the Service, you freely consent to the collection and use of your personal information for the specified Purposes in accordance with this Policy. This paragraph does not apply if you are a resident of the European Union.
Where we do rely on consent, you may withdraw your consent at any time, subject to legal or contractual restrictions, provided reasonable written notice of withdrawal is given to us. Upon receipt of your written notice, we will inform you of the likely consequences of the withdrawal.
You will not be subject to decisions that will have a legal or significant impact on you based solely on automated processing, unless we have a lawful basis for doing so and we have notified you.
We do not track you for advertising or marketing purposes, therefore, we do not support Do Not Track ("DNT"). You can enable or disable DNT by visiting the Preferences or Settings page of your web browser.
Your personal information will only be used or disclosed for the Purposes set out above and as authorized by applicable laws and regulations.
We will keep personal information for no longer than is necessary for the Purpose(s) for which it was required, to comply with any other legal obligation, to resolve disputes, or to enforce our contractual agreements. Pursuant to the requirements of Section 35 of PIPA, we will keep personal information that was used to make a decision affecting an individual for at least one year.
We will destroy, erase or make anonymous documents or other records containing personal information as soon as it is reasonable to assume that the original purpose is no longer being served by retention.
We protect personal information in our custody or control by making reasonable security arrangements to prevent unauthorized access, collection, use, disclosure, copying, modification, disposal or similar risks.
You should be aware that confidentiality and security are not assured when information is transmitted through e-mail or wireless communication. We will not be responsible for any loss or damage suffered as a result of a breach of security or confidentiality when information is transmitted by e-mail or wireless communication.
You have the following rights regarding your personal information that we process. If you contact us regarding Supplier Data for which we are a data processor, we will attempt to refer your request to the relevant Supplier.
You have a right to access your personal information held by us. Upon written request and authentication of identity, we will provide you with your personal information under our control within 30 days, or provide written notice where additional time is required.
We will comply with your request to correct incomplete or inaccurate parts of your personal information, although we may need to verify the accuracy of the new information you provide us.
If you reside in the European Union, upon your request to erase your personal information under our control, we will do so promptly where the legal basis for doing so is met. We may decline your request if the processing is necessary to comply with our legal obligations, in pursuit of a legal action, or for the performance of a task in the public interest.
At your request, we will stop using your personal information for the purpose of direct marketing. Please note that even if we stop all marketing communications, you may still receive administrative communications from us.
At your request, we will limit the processing of your personal information in circumstances permitted under applicable law.
At your request, we will provide you free of charge with your personal information in a structured, commonly used and machine readable format, where applicable under GDPR.
We may update this Policy from time to time. We will inform you of any material changes via email and/or a prominent notice on our Service prior to the change coming into effect. You are also advised to review this Policy periodically for any changes.
If you are a resident of the European Union, you are entitled to make a complaint to the Data Protection Authority in the Member State in which you habitually reside. However, we would appreciate the chance to deal with your concerns before you approach the Authority so please contact us in the first instance.
Any inquiry, complaint or question regarding this Policy must be directed in writing to our privacy officer: