This website is owned and provided by OCTO Standards NP Inc (“OCTO”, “us”, “we”, or “our”). We are committed to maintaining the security and privacy of your personal information while using our Service. This Policy documents our on-going commitment to you and has been developed in compliance with the Personal information Protection Act (“PIPA”) and the European Union General Data Protection Regulation (“GDPR”).
This Policy informs you of our policies regarding the collection, use and disclosure of personal information when you use our Services and the rights you have associated with such information.
We have appointed a privacy officer who is responsible for overseeing questions in relation to this Policy. If you have any questions about this Policy, including any requests to exercise your legal rights, please contact our privacy officer using the details set out under the “Complaints” section at the end of this Policy.
SCOPE OF POLICY
This Policy addresses personal information collected related to the Services and otherwise in the course of our business activities. Personal information includes any information about an individual which the personal can be identified. Personal information does not include information where the identity of the individual has been removed (anonymous data) or information concerning corporate or commercial entities.
(a) Supplier DataAs a provider of the Services, we may receive, process or store certain information, including personal information, on behalf of our providers and business partners (“Suppliers”). All such information (“Supplier Data”) is owned and controlled by our Suppliers, who are the data controllers for such information with respect to GDRP. As data controllers, our Suppliers determine the purposes and means of processing personal information. Supplier Data may include information from the end points and other systems, tools or devices that our Suppliers manage or monitor using our Services, and end user data related to individual activities on Supplier’s network and systems. Supplier Data may also include event logs and end user information (such as IP address, email address and device type).
We are a data process for Supplier Data. This means that we process Supplier Data on the basis of instructions from our Suppliers.
(b) Data Relating to Users of Our SiteWe collect information as part of our normal business operation and in the administration of our relationship with Suppliers, which may include personal information.
We collect and maintain information about our Suppliers, which may include company name, business contact name and title, phone number, email and other contact details. We may also collect payment information such as billing address, financial account, credit card information, order details, license information and usage details.
In using the Service, you may be prompted to provide certain personal information to us which may include:email address;first and last name;company name;phone number;business address; andpayment information
When Suppliers contact us for support or other customer services requests, we maintain support tickets and other records related to the requests, including any information provided by Suppliers related to such support or service requests.
LEGAL BASIS FOR PROCESSING
The following is an overview of our purposes for using personal information that we process and store as data processor.For individuals in the European Union, our processing of personal information is justified on the following legal bases:Performance of Contract: the processing is necessary to perform a contract with you or take steps to enter into a contract at your request;Compliance with Law: the processing is necessary for us to comply with relevant legal obligations;Our Legitimate Interests: the processing is in our legitimate interests, namely, in using applicable information to conduct and develop our business activities, such as developing and maintaining relationships with our customers, to understand how our customers use our products and services, and to operate and grow our business (the majority of the processing covered by this Policy is legitimate interest based), subject to your interests and fundamental rights;Defend Our Rights: where the processing is necessary to the establishment, exercise or defence of legal claims; orWith Your Consent: you have consented to the processing (for example, where we are required by local law to rely upon your prior consent for the purposes of direct marketing).
PURPOSES OF DATA PROCESSING
We collect personal information for the following purposes (the “Purposes”):to provide and administer products and services requested and to use and disclose the information for any purpose related to the provision of requested products and services including billing;to notify you about changes to our Services, our systems, this Policy, our Terms and Conditions and similar documents;to provide and maintain our Service;to notify you about changes to our Service;
and to allow you to participate in interactive features of our Service when you choose to do so;to provide customer support;to improve our Service;to monitor the usage of our Service;to authenticate your identity;to detect, prevent, and address technical issues;to provide you with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless you have opted not to receive such information;to protect us, yourself and others from fraud and error and to safeguard our financial interests;to collect debts owed to us; andto comply with legal and regulatory requirements.
The Purposes listed above are a reasonably necessary part of your relationship with us.
When personal information is to be used for a purpose not previously identified, the new purpose will be disclosed to you prior to such use, and your consent will be sought unless the use is authorized or required by applicable laws and regulations.We may use collected personal information for further purposes without consent if the information was collected on the basis of a contractual obligation between you and OCTO, a legitimate interest of OCTO, or for protecting your vital interests or where these further purposes are compatible with an originally stated purpose.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. However, this may prevent you from taking full advantage of our Services. For more information about cookies and how to disable them, please visit http://www.allaboutcookies.org.
We use the following cookies:Session Cookies. We use Session Cookies to operate our Service.Preference Cookies. We use Preference Cookies to remember your preferences and various settings.Security Cookies. We use Security Cookies for security purposes.
We use Google Analytics to monitor and analyze the use of our Service. Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network. You can learn about Google’s practices in connection with information collected by Google Analytics and how to opt-out of it by downloading the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout. For more information on the privacy practices of Google, please see Google Privacy & Terms at: https://www.google.com/intl/en/policies/privacy/
We maintain personal information on servers located in the United States or on the servers of a designated data processor under our control. Such transfer is necessary for the Purposes. By allowing us to collect your personal information, you consent to such transfer and the processing thereof. While your personal information is located outside your home jurisdiction, it may be subject to the laws of the jurisdiction in which it is retained.
We will take all reasonable steps necessary to ensure that personal information is treated securely and in accordance with this Policy and will not be transferred unless there are adequate controls in place to protect the personal information.
We contractually require agents, service providers, and affiliates who may process personal information related to the Services to provide the same level of protections for personal information as required under the Policy. We currently do not transfer personal information to a third party for the third party’s own use, but only for the Purposes as outlined above.
DISCLOSURE OF INFORMATION
Our Services are not directed to, and we do not knowingly collect personal information from, persons under the age of majority. If you are under the age of majority in your home country, please do not use our Services. If we are made aware that we have collected any personal information from a minor without parental consent, and are asked to erase such information from our database, we will do so without undue delay.
We will seek consent to collect, use or disclose personal information except where we are authorized or required by applicable laws and regulations to do so without consent.
By using the Service, you freely consent to the collection and use of your personal information for the specified Purposes in accordance with this Policy. This paragraph does not apply if you are a resident of the European Union.
Consent may be provided orally, in writing, electronically, or otherwise. For example, oral consent could be expressed over the telephone at the time information is being collected; electronically when submitting an agreement, application or other information; or in writing when signing an agreement or application form.
Where we do rely on consent, you may withdraw your consent at any time, subject to legal or contractual restrictions, provided reasonable written notice of withdrawal of consent is given by you to us. Upon receipt of your written notice, we will inform you of the likely consequences of the withdrawal, which may include the inability of us to provide certain products or services for which the delivery of that information is a prerequisite.
AUTOMATED DECISION MAKING
Automated decision making takes place when our electronic systems process your personal information to make a decision about you without human intervention.
You will not be subject to decisions that will have a legal or significant impact on you based solely on automated processing, unless we have a lawful basis for doing so and we have notified you.
DO NOT TRACK
We do not track you for advertising or marketing purposes, therefore, we do not support Do Not Track (“DNT”). DNT is a preference you can set in your web browser to inform websites that you do not want to be tracked.
You can enable or disable DNT by visiting the Preferences or Settings page of your web browser.
RETENTION OF INFORMATION
Your personal information will only be used or disclosed for the Purposes set out above and as authorized by applicable laws and regulations.
We will keep personal information for no longer than is necessary for the Purpose(s) for which the personal information was required, to comply with any other legal obligation, to resolve disputes, or to enforce our contractual agreements.
Pursuant to the requirements of Section 35 of PIPA, we will keep personal information that was used to make a decision affecting an individual for at least one year.
Usage Data will be retained for internal analysis purposes, to strengthen security, and to improve the functionality of our Service. This information will be destroyed once it is no longer necessary for these purposes.
We will destroy, erase or make anonymous documents or other records containing personal information as soon as it is reasonable to assume that the original purpose is no longer being served by retention of the information and retention is no longer necessary for any other purpose.
We will take due care when destroying personal information so as to prevent unauthorized access to such information.
We protect personal information in our custody or control by making reasonable security arrangements to prevent unauthorized access, collection, use, disclosure, copying, modification, disposal or similar risks.
You should be aware that confidentiality and security are not assured when information is transmitted through e-mail or wireless communication. We will not be responsible for any loss or damage suffered as a result of a breach of security or confidentiality when information is transmitted by e-mail or wireless communication.
You have the following rights regarding your personal information that we process. If you contact us regarding Supplier Data for which we are a data processor, we will attempt to refer your request to the relevant Supplier, the data controller for your personal information.
Right to Access
You have a right to access your personal information held by us. Upon written request and authentication of identity, we will provide you with your personal information under our control, information about the ways in which that information is being processed, sources that the information was collected from, a description of the individuals and organization to whom such information has been disclosed, and the existence of any automated decision-making and the logic involved.
We will provide you free of charge with a copy of your personal information, but we may charge you a fee to cover our administrative costs if you request further copies of the same information.
We will make the requested personal information available within 30 days or provide written notice where additional time is required to fulfill the request.
In some situations, we may not be able to provide access to certain personal information. We may also be prevented by law from providing access to certain personal information.
Where an access request is refused in whole or in part, we will notify you in writing within 30 days of request, giving the reason for refusal and outlining further steps which are available to you.
Right of Correction
We will comply with your request to correct incomplete or inaccurate parts of your personal information, although we may need to verify the accuracy of the new information you provide us.
Right to be Forgotten
If you reside in the European Union, upon your request to erase your personal information under our control, we will do so promptly if the personal information is no longer necessary in relation to the purposes for which it is collected, you withdraw the consent which formed the basis of your personal information processing, you object to the processing of your personal information, the personal information was processed illegally, or if the personal information must be deleted for us to comply with our legal obligations.
When a request has been made and the personal information has been shared with third parties, we will take reasonable steps to inform third parties that are process the information that you have requested it to be erased.
We may decline your request for deleting if the processing of your personal information is necessary to comply with our legal obligations, in pursuit of a legal action, or for the performance of a task in the public interest.
Right to Stop Directing Marketing
At your request, we will stop using your personal information for the purpose of direct marketing. If you want to stop us from calling, emailing you in connection with marketing communications, please contact us using the information provided under the Contact Us section.
Please note that even if we stop all marketing communications, you may still receive administrative communications from us.
Right to Restrict Processing
At your request, we will limit the process of your personal information if:the accuracy of the information is contested;the information was processed unlawfully but you oppose the erasure of your personal information;we no longer need your personal information but you require retention of the personal information in connection with a legal claim; oryou object to the processing of your personal information pending verification of whether overriding legitimate ground for such processing exist.We will make reasonable effort to inform third parties with whom your personal information has been shared of your request to restrict processing.
Right to Data Portability
At your request, we will provide you free of charge with your personal information in a structured, commonly used and machine readable format, if you provided us with the personal information, the processing of your personal information is based on your consent or required for the performance of a contract, or if the process is carried out by automated means.
CHANGES TO POLICY
We may update this Policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal or regulatory reasons. We will inform you of any material changes via email and/or a prominent notice on our Service prior to the change coming into effect. The “Effective Date” at the top of this Policy will be updated with each amendment. You are also advised to review this Policy from time to time for any changes. Changes to the Policy are effective when they are posted on our Service.
If you are a resident of the European Union, you are entitled to make a compliant to the Data Protection Authority in the Member State in which you habitually reside. However, we would appreciate the chance to deal with your concerns before you approach the Authority so please contact us in the first instance.
Any inquiry, complaint or question regarding this Policy must be directed in writing to the our privacy officer.
OCTO members are organizations who
know that open communication is critical to
the success of the industry.
Stay up to date on OCTO news and upcoming events.