How we collect and use your personal information
- Personal information you give to us
- When you use our websites.We may collect any personal information that you choose to send to us or provide to us, for example, on our “Contact Us,” “Request a Trial” or similar online form. If you contact us through our websites, we will keep a record of our correspondence. This information includes, but is not limited to financial information and credit worthiness, any information not available relating to an identified individual of the customer, its employees, contractors, customers, patients or the employees, contractors, patients or customers of customer’s customers, and any “nonpublic personal information as such term is defined under the Title V of the U.S. Gramm-Leach-Biley Act, 15 USC § 6801 et seq., and any information which falls under the Payment Card Industry Security Standards Council or other applicable standards or rules relating to electronic transaction processing and personal information; all of the foregoing in this list are as they presently exist and as promulgated or amended thereafter.
- When you use our services.When you use our services, we collect personal information, such as names, e-mail addresses, postal addresses, phone numbers, and job titles, in order to provide you with the services. We also collect information related to the actions you have taken in our applications.
- Correspondence with the Omni companies (including job applicants)If you correspond with us by email, the postal service, or other form of communication, we may retain such correspondence and the personal information contained in it and use it to respond to your inquiry (including job applications); to notify you of conferences, publications, or other services; or to keep a record of your complaint, accommodation request, and the like. As always, if you wish to have us refrain from communicating with you, please contact us at email@example.com.
- Personal information we get from third parties. From time to time, we receive personal information about individuals from third parties. This may happen if your employer is a user of our services and signs you up for training or support. One of our third-party partners may also share your personal information with us when you sign up for services through that partner. We also collect personal information from publicly or commercially available sources that are deemed credible. Such personal information may include your name, address, email address, preferences, interests, and demographic/profile data. The personal information we collect from public or commercial sources may be used along with the personal information we collect when you visit our websites. For example, we may compare the geographic information acquired from commercial sources with the IP address collected by data collection tools to derive your general geographic area.
- What happens if you don’t give us your personal information. You can enjoy many of our services without giving us your personal information. Much of the information on our websites is available even to those who are not our users. Some personal information is necessary so that we can supply you with the products or services you have purchased or requested, and to authenticate you so that we know it is you and not someone else. You may manage your subscriptions and you may opt-out of receiving marketing communication at any time.
Use of our websites
The following sections provide additional information about commonly-used web technology tools.
- Web beacons.Our websites and third-party web pages, applications, and HTML-formatted email use web beacons alone or in conjunction with cookies to compile information about your website usage and your interaction with email, as well as to measure performance on our websites and applications. A web beacon is an electronic image, called a single-pixel (1×1) or clear GIF. Web beacons can recognize certain types of information on your computer such as cookies, the time and date of a page viewed, and a description of the page where the web beacon is placed. Depending on the context, web beacons may also refer to content on a third-party server, and may be used by service providers to deliver relevant advertising to you. You may be able to disable web beacons in email messages by not downloading images contained in the message you receive (this feature varies depending on the email software used on your personal computer). However, doing this may not always disable a web beacon or other automatic data collection tools in the email message due to specific email software capabilities. If you choose to receive marketing emails or newsletters from us, we may automatically collect personal information about you. For example, through web beacons and personalized URLs embedded in these emails or newsletters, we can track whether you’ve opened those messages and whether you’ve clicked on links contained within those messages.
- Embedded Web links.Emails from us often use links designed to lead you to a relevant area on the web, after redirection through our servers. The redirection system allows us to change the destination URL of these links, if necessary, and to determine the effectiveness of our marketing initiatives. In emails, such web links may also allow us to determine whether you have clicked a link in an email, and this information about the interaction may be connected to your personal identity. If you do not want us to collect information about the links that you click, you can choose not to click links in an email that we send.
- “Do Not Track” disclosures.Currently, various browsers – including Chrome, Internet Explorer, Firefox, and Safari – offer a “do not track” or “DNT” option that relies on a technology known as a DNT header, which sends a signal to web sites visited by the user about the user’s browser DNT preference setting. We do not currently commit to responding to browsers’ DNT signals with respect to the Omni websites and/or services, in part, because no common industry standard for DNT has been adopted by industry groups, technology companies or regulators, including no consistent standard of interpreting user intent. We take privacy and meaningful choice seriously and will make efforts to continue to monitor developments around DNT browser technology and the implementation of a standard.
How and why we use your personal information
- We will use the personal information we collect via our websites:
- To administer our websites, our events and for internal operations, including troubleshooting, data analysis, testing, statistical and survey purposes;
- To improve our websites to ensure that content is presented in the
most effective manner for you and for your computer; and
- As part of our efforts to keep our websites safe and secure.
- We may use the personal information we collect from you when contacting us, when enquiring about using our services, or from our customers and their users in connection with the services we provide for a range of reasons, including to:
- For purposes made clear to you at the time you submit your personal information – for example, to fulfill your request for a trial, to provide you with access to one of our webinars or whitepapers or to provide you with information you have requested about our services;
- To set up a user account
- Provide, operate and maintain the services
- Process and complete transactions, and send related information, including transaction confirmations and invoices;
- Manage our customers’ use of the services, respond to enquiries and comments and provide customer service and support;
- Send customers technical alerts, updates, security notifications, and administrative communications;
- Investigate and prevent fraudulent activities, unauthorized access to the services, and other illegal activities; and
- For any other purposes about which we notify customers and users.
The legal basis we rely on to process your personal information is Article 6(1)(b) of the GDPR, which relates to processing necessary to enter into a contract or to perform it once concluded. Not providing us with this information may prevent us from properly identifying you as our client and providing you with efficient services or answers tailored to your requests.
We will only retain your personal information for as long as reasonably necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. Regulatory provisions such as the Limitation Act 1980 or the VAT Act 1994 require us to keep some basic information, such as contracts concluded with our clients or service delivery records for six (6) years after the end of a contract. We may retain your personal information for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation with respect to our relationship with you.
- Users who apply for a job; Users who become employees.When you apply for a job with us, we may process the personal data necessary to assess your suitability for the job you apply for. The data collected may include identity and contact details, previous experience, education and references. Depending on stage of the recruiting process, other information may be required such as criminal records. The legal basis we rely on for processing your personal data in this context is Article 6(1)(b) of the GDPR, which relates to processing necessary to perform a contract or to take steps at your request before entering a contract. This information is necessary for us to decide if we want to hire you and to enter into an employment contract with you. If your application is unsuccessful, the data will be retained for 1 year from the end of the recruitment process. If the application is successful, the data, as well as additional human resources data, will be retained for at least the period of employment. In this case, your employee file will be retained for 6 years from the end of employment.
How we share your personal information
We do not rent or sell your personal information. We may share and disclose information, including personal information in limited circumstances as described below.
- Vendors, consultants and other service providers.We transfer personal information to third parties such as vendors and service providers who perform tasks on our behalf such as for processing and storage purposes. These companies include, for example, our payment processing providers, website analytics companies (e.g., Google Analytics), product feedback or help desk software providers (e.g., Zendesk), CRM service providers (e.g., Salesforce), marketing service providers, and email service providers.
If we have received your personal information and subsequently transfer that personal information to a third-party agent or service provider for processing, we will remain responsible by executing contracts requiring them to protect the privacy and confidentiality of the personal information provided to them for purposes of performing their functions for us. Unless we tell you differently and you consent, our agents do not have any right to use the personal information we share with them beyond what is necessary to assist us.
- Business transfers. We may choose to buy or sell assets and may share and/or transfer customer information in connection with the evaluation of and entry into such transactions. Also, if we (or our assets) are acquired, or if we go out of business, enter bankruptcy, or go through some other change of control, personal information could be one of the assets transferred to or acquired by a third party. It is our practice to seek appropriate protection for personal information in these types of transactions.
- Other reasons we share your personal information. We do not otherwise reveal your personal information to third-parties for their independent use unless:
- you request or authorize it;
- the personal information is provided to comply with the law (for example, to comply with a search warrant, subpoena or court order), enforce an agreement we have with you, or to protect our rights, property or safety, or the rights, property or safety of our employees or others;
- to address emergencies or force majeure/acts of God; or
- to address disputes, claims, or to persons demonstrating legal authority to act on your behalf.
We may also gather aggregated data about our customers and website visitors and disclose the results of such aggregated (but not personally identifiable) information to our partners, service providers, advertisers and/or other third parties for marketing or promotional purposes.
International Data Transfers
- We may transfer personal information pursuant to our own Privacy Shield self-certification, as described further below, or to other organizations that participate in the Privacy Shield for transfers from the EEA or Switzerland to the U.S;
- We may transfer personal information to countries that are covered by adequacy decisions; or
- We may enter into contractual provisions between us and the recipient, approved by the European Commission, to impose on the recipient the same protection and security obligations as if they were in the EEA.
Privacy Shield Frameworks
We are subject to the jurisdiction of the U.S. Federal Trade Commission for purposes of Privacy Shield enforcement.
In compliance with the Privacy Shield Principles, we commit to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact us at firstname.lastname@example.org.
We have further committed to cooperate with the panel established by the EU data protection authorities (DPAs) with regard to unresolved Privacy Shield complaints concerning human resources data transferred from the EU in the context of the employment relationship.
Under certain limited circumstances, individuals in the EEA may invoke binding Privacy Shield arbitration as a last resort if all other forms of dispute resolution have been unsuccessful. To learn more about this method of resolution and its availability to you, please visit https://www.privacyshield.gov/.
If we have received your personal information under the Privacy Shield and subsequently transfer it to a third-party service provider for processing, we will remain responsible if they process your personal information in a manner inconsistent with the Privacy Shield Principles, unless we prove that we are not responsible for the event giving rise to the damage.
Data subject rights
Under data protection laws, you have various rights, such as the right of access, that gives you the right to ask us for copies of any of your personal information that is in our possession; the right to rectification that allows you to rectify and complete information that you think is inaccurate or incomplete; and the right to erasure that gives you the right to ask us to erase your personal information in certain circumstances. You also have the right to restriction of processing, to object to processing and to data portability.
These rights available to you may depend on our reason for processing your information and the circumstances. You are not required to pay any charge for exercising your rights, unless your request is clearly unfounded, repetitive or excessive. We will respond to any legitimate requests within one month. In the event that your request is clearly unfounded, repetitive or excessive or if we are not in a position to identify you, we are entitled to refuse to act on your request.
If you wish to confirm that we are processing your personal information, or to have access to the personal information we may have about you, please contact us at email@example.com.
Security of your personal information
To help protect the privacy of personal information you transmit to us, we maintain physical, technical and administrative safeguards. We update and test our security technology on an ongoing basis. We restrict access to your personal information to those employees who need to know that personal information to provide benefits or services to you. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your personal information. We commit to taking appropriate disciplinary measures to enforce our employees’ privacy responsibilities.
We do not knowingly collect or solicit personal information from anyone under the age of 13. If you are under 13, please do not attempt to register for the services or send any personal information about yourself to us. If we learn that we have collected personal information from a child under age 13, we will delete that information as quickly as possible. If you believe that a child under 13 may have provided us personal information, please contact us at firstname.lastname@example.org.
Contacting us & how to make a complaint
Omni Software Systems, Inc.
190 Bluegrass Valley Parkway
Alpharetta, GA 30005
Sherry Askin, Data Protection Officer