Privacy Policy
OMNICOMM – GLOBAL PRIVACY POLICY
Introduction
OMNICOMM, located at A-A Tiimanni 1, Narva 21004, Estonia and its affiliates (collectively, "OMNICOMM") respect your privacy. This Global Privacy Policy describes the types of personal data provided by a data subject (hereinafter, the “Personal Data Subject”), how we use the information, and the choices you can make about our use of the information. We also describe the measures we take to protect the information and how you can contact us about our privacy practices.
Our privacy practices may vary among the countries in which we operate to reflect local practices and legal requirements.
This Global Privacy Policy provides a general statement of the ways in which OMNICOMM protects your personal data. You may, however, in connection with specific products or services offered by OMNICOMM, be provided with privacy policies or statements that supplement this policy. This policy may be changed from time to time to reflect changes in our practices concerning the processing of personal data. The revised policy will be effective immediately upon posting to our website.
If you have any questions regarding the processing of your personal information, please contact our OMNICOMM OU representative via e-mail or phone: OMNICOMMs OU, -A Tiimanni 1, Narva 21004, Estonia, [email protected], +372 3569592 .
This version of the policy is effective as of April 2018.
The Sources of Information
OMNICOMM may obtain information about you from various sources, including:
-
on our websites
-
in response to marketing or other communications
-
through social media
-
by your signing up for OMNICOMM products or services
-
through participation in an offer, program or promotion
-
in connection with an actual or potential business or employment relationship with us.
You may also choose to consent to third parties disclosing information about you to us that those third parties have received.
Information Provided by Data Subjects and How We Use Information
Personal data processing by OMNICOMM is always carried out in a legal and fair manner. OMNICOMM will only process personal data for particular, pre-determined purposes that are or were legitimate with regard to applicable law, and that are relevant to OMNICOMM’s business. You will always know what kind of information you provide to OMNICOMM after you confirm with your consent. The data, which you provide, depends on the services, products and features you use, and can include the following types of data:
· To ensure the required performance of products and services:
-
The unique identifier of the device
-
License information
-
Network addresses of client devices
-
Email address
-
Information about system operation and the environment of the product in case of a failure in the product’s functioning.
-
Information about the system environment in which the product operates.
-
Analytical information provided by analytical services such as Google Analytics, Google AdWords, AppsFlyer, Facebook and others.
· To increase the level of support and to improve the performance and quality of OMNICOMM’s products:
The unique identifier of the device.
-
Information about system operation and the environment of the product in case of a failure in the product’s functioning.
-
Information about the system environment in which the product operates.
· To administer promotions or contests, establish contact with the user, as well as to forward notices, requests and information related to the OMNICOMM products and services and the performance of agreements and contracts, and to process user requests and applications, organize promotional events, send marketing emails and special offers and to contact you about other OMNICOMM services or those of our affiliates or other third parties:
-
License information
-
Email address
· To evaluate and improve quality in the use of our products, services and websites:
-
Analytical information provided by analytical services such as Google Analytics, Google AdWords, AppsFlyer, Facebook and others.
-
Information about system operation and the environment of the product in case of a failure in the product’s functioning.
-
Information about the system environment in which the product operates.
OMNICOMM will retain personal data for as long as necessary to fulfill the purpose for which the data is processed in accordance with the objectives specified in the agreements (consents), or to comply with applicable legal requirements.
International Data Transfers
We may transfer the personal information we obtain from you to recipients in countries other than the country in which the information was originally collected. Those countries may not have the same data protection laws as the country in which you initially provided the information. When we transfer your information to other countries, we will protect that information as described in this Global Privacy Policy or as otherwise disclosed to you at the time the data is collected (e.g. via program specific privacy notice).
OMNICOMM is a global business. To offer our services, we may need to transfer your personal information among several countries, including Estonia, where we are headquartered. We comply with applicable legal requirements providing adequate safeguards for the transfer of personal information to countries outside of the European Union.
The personal data provided by users to OMNICOMM can be processed in the following countries, including countries outside European Union (EU) or the European Economic Area (EEA):
Within the EU or EEA:
-
Estonia
-
France
-
Germany
Outside of the EU or EEA:
-
India
The personal data may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers.
How We Share Information
We may disclose the Information as follows:
-
Affiliates. We may share your information with our affiliates — companies that control, are controlled by, or are under common control with OMNICOMM.
-
Service Providers. We also may share your information with vendors that provide services to us, including companies that provide web analytics, data processing, advertising, e-mail distribution, payment processing, order fulfillment, and other services.
-
For legal reasons:
o To protect our rights, operations or property, or that of our users.
o To investigate, prevent, or take action regarding potential or suspected illegal activities, fraud, threats to the personal safety of any person, or violations of the Services Terms and Conditions.
o To comply with applicable law or respond to valid legal process, including from law enforcement.
Your Rights and Options
You have certain rights regarding the personal data we maintain about you. We also offer you certain options about what personal data you provide to us, how we use that information, and how we communicate with you.
In most cases you can choose not to provide personal data to us when you use OMNICOMM’s products, services and websites. You may also refrain from submitting information directly to us. However, if you do not provide personal data when requested, you may not be able to benefit from the full range of OMNICOMM products and services and we may not be able to provide you with information about products, services and promotions.
You can at any time tell us not to send you marketing communications by e-mail by clicking on the unsubscribe link within the marketing e-mails you receive from us.
If your employer provides your personal data to OMNICOMM, you may have certain options with respect to OMNICOMM’s use or disclosure of the information. Please contact your employer to learn about and to exercise your options.
To the extent provided by applicable law, you may withdraw any consent you previously provided to us, or object at any time on legitimate grounds, to the processing of your personal data. We will apply your preferences going forward. In some circumstances, withdrawing your consent to OMNICOMM’s use or disclosure of your personal data will mean that you cannot take advantage of certain OMNICOMM products or services.
Subject to applicable law, you may have the right to: obtain confirmation that we hold personal data about you, request access to and receive information about the personal data we maintain about you, receive copies of the personal data we maintain about you, update and correct inaccuracies in your personal data, object to the processing of your personal data, and have the information blocked, anonymized or deleted, as appropriate. The right to access personal data may be limited in some circumstances by the requirements of local law. To exercise these rights, please contact us as set forth below.
If you provide us with any information or material relating to another individual, you should make sure that this sharing with us and our further use as described to you from time to time is in line with applicable laws; thus, for example, you should duly inform that individual about the processing of her/his personal data and obtain her/his consent, as may be necessary under applicable laws.
If we fall short of your expectations in processing your personal data or you wish to make a complaint about our privacy practices, please relate this to us, as it gives us an opportunity to fix the problem. You may contact us by using the contact details provided in the “How to Contact Us” section below. To assist us in responding to your request, please give full details of the issue. We attempt to review and respond to all complaints within a reasonable time.
The Privacy Principles
Personal data processing at OMNICOMM is based on the following principles:
Consent and choice
Presenting to the Personal Data Subject the choice whether or not to allow the processing of their personal data except where the Personal Data Subject cannot freely withhold consent or where applicable law specifically allows the processing of personal data without the natural person’s consent. The Personal Data Subject election must be freely given, specific and made on a knowledgeable basis;
-
Obtaining the opt-in consent of the Personal Data Subject for processing sensitive Personal Data except where applicable law allows the processing of sensitive personal data without the natural person’s consent;
-
Informing the Personal Data Subject, before obtaining consent, about their rights under the individual participation and access principle;
-
Providing the Personal Data Subject, before obtaining consent, with the information indicated by the openness, transparency and notice principle; and
-
Explaining to the Personal Data Subject the implications of granting or withholding consent.
Purpose legitimacy and specification
-
Ensuring that the purpose(s) complies with applicable law and relies on a permissible legal basis;
-
Communicating the purpose(s) to the Personal Data Subject before the information is used for the first time for a new purpose;
-
Using language for this specification which is both clear and appropriately adapted to the circumstances; and
-
If applicable, giving sufficient explanations for the need to process sensitive personal data.
Data processing limitation
Limiting the gathering of personal data to that which is within the bounds of applicable law and strictly necessary for the specified purpose(s).
Deleting and disposing of personal data whenever the purpose for personal data processing has expired, there are no legal requirements to keep the personal data, or whenever it is practical to do so.
Use, retention and disclosure limitation
Limiting the use, retention and disclosure (including transfer) of personal data to that which is necessary in order to fulfil specific, explicit and legitimate purposes;
-
Limiting the use of personal data to the purposes specified by the Personal Data Controller prior to receiving the data, unless a different purpose is explicitly required by applicable law;
-
Retaining personal data only as long as necessary to fulfill the stated purposes, and thereafter securely destroying or anonymizing it; and
-
Locking (i.e. archiving, securing and exempting the personal data from further processing) any personal data when and for as long as the stated purposes have expired, but where retention is required by applicable laws.
Accuracy and quality
-
Ensuring that the personal data processed is accurate, complete, up-to-date (unless there is a legitimate basis for keeping outdated data), adequate and relevant for the purpose of use;
-
Ensuring the reliability of personal data provided from a source other than from the Personal Data Subject before it is processed;
-
Verifying, through appropriate means, the validity and correctness of the claims made by the Personal Data Subject prior to making any changes to the personal data (in order to ensure that the changes are properly authorized), where it is appropriate to do so;
-
Establishing personal data processing procedures to help ensure accuracy and quality; and
-
Establishing control mechanisms to periodically check the accuracy and quality of personal data processing.
Openness, transparency and notice
Providing the Personal Data Subject with clear and easily accessible information about the Personal Data Controller’s policies;
-
Establishing procedures and practices with respect to the processing of personal data;
-
Including in notices the fact that personal data is being processed, the purpose for which this is done, the types of privacy stakeholders to whom the personal data might be disclosed, and the identity of the Personal Data Controller including information on how to contact the Personal Data Controller;
-
Disclosing the options and means offered by the Personal Data Controller to Personal Data Subject for the purposes of limiting the processing of, and for accessing, correcting and removing their information; and
-
Giving notice to the Personal Data Subject when major changes in the personal data handling procedures occur.
Individual participation and access
-
Giving Personal Data Subject the ability to access and review their personal data, provided their identity is first authenticated with an appropriate level of assurance and such access is not prohibited by applicable law;
-
Allowing the Personal Data Subject to challenge the accuracy and completeness of the personal data and have it amended, corrected or removed as appropriate and possible in the specific context;
-
Providing any amendment, correction or removal to personal data processors and third parties to whom personal data had been disclosed, where they are known; and
-
Establishing procedures to enable the Personal Data Subject to exercise these rights in a simple, fast and efficient way, which does not entail undue delay or cost.
Information Security: How We Protect Your Privacy
Data security is OMNICOMM’s priority. All data and all information provided by you is confidential by default. OMNICOMM will therefore always apply technical and organizational data security measures for the protection of personal data that are adequate and appropriate, taking into account the concrete risks resulting from the processing of personal data as well as up-to-date security standards and procedures. In order to, among other reasons, identify and fulfill the appropriate level of protection, OMNICOMM classifies processing systems with personal data and implements cascading sets of protective measures.
OMNICOMM also maintains physical, electronic and procedural safeguards to protect the information against loss, misuse, damage or modification and unauthorized access or disclosure. Some of the other central features of our information security program are:
The Information Security Department, which designs, implements and provides oversight to our information security program;
-
A determination of personal data safety hazards in the course of processing in a OMNICOMM processing system;
-
Application of appropriate information security tools;
-
Performance evaluation of applied personal data security measures before commissioning processing systems;
-
Implementing controls to identify, authenticate and authorize access to various services or websites;
-
Discovering the facts surrounding unauthorized access to personal data and adopting corresponding measures;
-
Recovery of personal data that was modified or destructed;
-
Establishing access rules to personal data processed in OMNICOMM processing systems and also recording and accounting for all actions undertaken with personal data in these systems;
-
We restrict access to personal information to OMNICOMM employees and to contractors who need to know the information in order to process it for us and who are subject to strict contractual confidentiality obligations. They may be disciplined or their contract terminated if they fail to meet these obligations.
-
Monitoring of our systems infrastructure to detect weaknesses and potential intrusions;
-
Monitoring measures taken to ensure the security of personal data;
-
Providing OMNICOMM personnel with relevant training and continually updating our security practices in light of new risks and developments in technology.
How To Contact Us
If you have any questions or comments about this Global Privacy Policy, OMNICOMM's privacy practices or if you would like us to update information or preferences you provided to us, please click here.