ODR.com is committed to protecting your privacy. There are various ways that you might interact with ODR.com, and the information you provide when doing so allows us to improve our services.
This policy applies to ODR.com and covers our processing activities as a data controller.
This website, our related websites and any mobile site or mobile application that link to this policy (individually, the “Site” and collectively “Sites”) are owned and operated by ODR.com Inc. with its principal place of business at 1292 High St. #1015, Eugene, OR 97401.
This policy explains:
What information we collect, and why we collect it;
How we use that information;
How we protect that information;
How you can control your information, including accessing, updating and deleting what we store; and
How we share information collected.
You should review this policy carefully, and be sure you understand it, prior to using the Site. Your use of the Site is deemed to be acceptance of this policy. If you do not agree to this policy, you should not use, and should immediately terminate your use of, the Site. For purposes of this policy, accessing the Site only to review this policy is not deemed to be use of the Site.
Information we collect:
Information Voluntarily Provided
We may collect or record basic personal data which you voluntarily provide through completing forms on the Site, through questions you send to us, or through other means of communication between you and us. The categories of personal information you provide may include:
- first and last name;
- job title and company name;
- email address;
- phone number;
- mailing address;
- password to register with us;
- your personal or professional interests;
- any dispute or conflict description information;
- any other identifier that permits us to contact you.
Information from Site Visits
We collect, store and use information about your visits to the Sites and about your computer, tablet, mobile or other device through which you access the Sites. This may include the following information:
- technical information, including the Internet protocol (IP) address, browser type, internet service provider, device identifier, your login information, time zone setting, browser plug-in types and versions, operating system and platform, and geographical location;
- information about your visits and use of the Site, including the full Uniform Resource Locators (URL), clickstream to, through and from the Site, pages you viewed and searched for, page response times, length of visits to certain pages, referral source/exit pages, page interaction information (such as scrolling, clicks and mouse-overs), and Site navigation and search terms used.
ODR.com Inc. as a Data Controller
As a data controller, we will only use your personal data in compliance with applicable law. For example, under the GDPR, we may be required to have a legal basis for processing your personal data. The purpose for which we use and process your information and the legal basis on which we carry out each type of processing is explained below. Note that we may process your personal data for more than one legal basis.
Purposes for which we will process information:
- To provide you with information and materials that you request from us. It is in our legitimate interests to respond to your queries and provide any information and materials requested in order to generate and develop business. To ensure we offer an efficient service, we consider this use to be proportionate and will not be prejudicial or detrimental to you.
- To personalize our services and products and the Sites to you. It is in our legitimate interests to improve the Site in order to enhance your experience on the Site, to facilitate system administration and better our services. We consider this use to be proportionate and will not be prejudicial or detrimental to you.
- To update you on services, products and benefits we offer. It is in our legitimate interests to market our services and products. We consider this use to be proportionate and will not be prejudicial or detrimental to you.
For direct marketing sent by email, we need your consent to send you unsolicited direct marketing:
- To send you information regarding changes to our policies, other terms and conditions and other administrative information. It is in our legitimate interests to ensure that any changes to our policies, other terms and administrative information are communicated to you. We consider this use to be necessary for our legitimate interests and will not be prejudicial or detrimental to you.
- To administer the Sites including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- To help keep the Sites safe and secure.
For all these categories, it is in our legitimate interests to continually monitor and improve our services and your experience of the Sites and to have network security. We consider this use to be necessary for our legitimate interests and will not be prejudicial or detrimental to you.
· To measure or understand the effectiveness of any marketing we provide to you and others, and to deliver relevant marketing to you. It is in our legitimate interests to continually improve our offering and to develop our business. We consider this use to be necessary in order to effectively generate business and will not be prejudicial or detrimental to you.
· To enforce the terms and conditions and any contracts entered into with you. It is in our legitimate interests to enforce our terms and conditions of service. We consider this use to be necessary for our legitimate interests and proportionate.
UPDATING YOUR INFORMATION AND OPTING OUT
If you do not wish to provide us with your personal data and processing such data is necessary for the performance of a contract with you and to fulfill our contractual obligations to you, we may not be able to perform our obligations under the contract between us. Where you provide consent, you can withdraw your consent at any time and free of charge, but without affecting the lawfulness of processing based on consent before its withdrawal. No withdrawal of consent will be effective until we receive it and have had a reasonable period of time to act on it. You can update your details or change your privacy preferences by contacting us as provided in “Contacting Us” below.
To review, correct, update, delete, object or otherwise limit our use of your personal data that has been provided to us, or request portability and/or details of your personal data that is held by us, please contact us using the contact information listed below in the “Contacting Us” section and clearly describe your request.
If you have registered for an account with us, you can help to ensure that your personal data is accurate and up to date by logging into your account and updating your personal data.
You may unsubscribe from marketing communications at any time by clicking the “Unsubscribe” button available at the bottom of any electronic communication we may send to you. You may also unsubscribe from any medium of communication by contacting us using the information set out in the “Contacting Us” section below.
ODR.com AS DATA PROCESSOR
In certain cases, we also operate as a data processor and we collect, process and transfer personal data on behalf of our business customers in the provision of our services and products. In these circumstances, ODR.com is acting as a data processor and our business customers remain the data controller in respect of personal data they provide to us.
Our business customers remain the data controllers with respect to any personal data that they provide to us for our provision of services. To the extent that we are acting as data processor, we act in accordance with the instructions of such customers regarding the collection, processing, storage, deletion and transfer of customer data, as well as other matters such as the provision of access to and rectification of personal data. We will only use such personal data for the purposes of providing the services and products for which our business customers have engaged us.
Our business customers are responsible for ensuring that these individuals’ privacy is respected, including communicating to the individuals in their own privacy policies who their personal data is being shared with and processed by. Where RIS is acting as a data processor, we will refer any request from an individual for access to personal data which we hold about them to our customer. We will not usually respond directly to the request.
As a data processor, we may share personal data where instructed by our business customer. Where authorized by the business customer, we may also share personal data with third party service providers who work for us and who are subject to security and confidentiality obligations.
We will retain personal data which we process on behalf of our customers for as long as appropriate to provide services and products to our customers and in accordance with any agreement with our customers or as permitted by applicable law.
DISCLOSURE OF YOUR PERSONAL DATA TO THIRD PARTIES
We may share your personal data with our group companies, affiliates, subsidiaries or contractors as appropriate to carry out the purposes for which the information was supplied or collected (i.e. to provide the services and products you have requested from us) or as otherwise provided in this policy. Personal data will also be shared with our third-party service providers and business partners who assist with the running of the Sites and our services and products (including hosting providers, email service providers and payment processing partners). Our third-party service providers and business partners are subject to security and confidentiality obligations and are only permitted to process your personal data for specified purposes and in accordance with our instructions.
In addition, we may disclose personal data about you when we believe that such use or disclosure is reasonably appropriate to: comply with any legal or regulatory obligation; enforce the terms of our agreements; establish, exercise or defend the rights of RIS, our staff, customers or others; protect our rights, property, safety or vital interests, or the rights, property, safety or vital interests of our users or other third parties; and implement the purchase of all or substantially all of our assets, a merger, or other similar transaction that results in a change of control.
If you are based in the EU or EEA
We may share your personal data within the RIS group of companies. This involves transferring your data outside the European Economic Area (EEA) to RIS’ affiliates and third-party service providers in Canada, United States, Australia, New Zealand, South Africa and Malaysia. Canada and New Zealand have been deemed by the EU as having an adequate level of protection for personal data.
Whenever we transfer your personal data outside the EEA to the countries identified above which have not been deemed by the EU to have an adequate level of protection for personal data, and specifically to the United States, we ensure a similar degree of protection is afforded to it by using standard data protection clauses approved by the European Commission (as permitted under Article 46(2)(c)) that are designed to help safeguard your privacy rights or by certifying under the E.U.-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield.
SECURITY OF YOUR PERSONAL DATA
The security of your personal data is important to us. We follow generally accepted industry standards to protect the personal data received by us. We use commercially reasonable measures to safeguard personal data, which measures are appropriate to the type of information maintained, and follow applicable laws regarding the safeguarding of any such information under our control. No method of transmission over the Internet, or method of electronic storage, can be 100% secure. Therefore, we cannot guarantee the absolute security of your personal data. The Internet by its nature is a public forum, and we encourage you to use caution when disclosing information online. Often, you are in the best situation to protect yourself online. You are responsible for protecting your username and password from third party access, and for selecting passwords that are secure.
DATA RETENTION: HOW LONG WE KEEP YOUR PERSONAL DATA
We will retain personal data which we process on behalf of our customers for as long as appropriate to provide services and products to our customers in accordance with any agreement in place with our customers and for other legitimate purposes. When you contact us, we may keep a record of personal data contained in your communication to help solve any issues that you might be facing. Your personal data may be retained for as long as appropriate to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirement, and for other legitimate purposes. In determining how long we will retain personal data, we will consider all relevant factors.
You may request from us access to, correction of, blocking of and/or deletion of your personal data in line with applicable law. You may also withdraw your consent for us to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. Where your personal data is processed by us with your consent or for the performance of a contract by automated means, we will, to the extent required by applicable law, provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format upon request.
RESPONDING TO REQUESTS
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights) under applicable law. This is a security measure to protect personal data from being disclosed to any person who has no right to receive it. We may also contact you to ask for further information in relation to your request to speed up our response. We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated. You will not have to pay a fee to access your personal data (or to exercise any of your other rights) under applicable law. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances. Also, please note that we may refuse a request for blocking and/or deletion where continued processing is necessary to comply with a legal obligation or necessary for the establishment, exercise or defense of legal claims or for other purposes permitted by applicable law.
We may collect data in connection with your use of the Sites using small files commonly known as “cookies”. A cookie is a small amount of data which often includes a unique identifier that is sent to your computer, mobile phone or other device from the Sites and is stored on your device’s browser or hard drive. We may also collect data that your browser sends to us, such as your IP address, browser type, location, language, access time and referring website addresses. Such data may be used to analyze trends, to administer the Site, to track your movements around the Site and to gather demographic data about our visitor base as a whole. The data gathered by these cookies is in the form of aggregated anonymous data.
You can find more information about how to do manage cookies for all the commonly used internet browsers by visiting www.allaboutcookies.org. This website will also explain how you can delete cookies which are already stored on your device.
We are obliged by Google Analytics to state the following:
IP ADDRESSES AND AGGREGATE INFORMATION
An Internet Protocol (“IP”) address is associated with your computer’s connection to the internet. We may use your IP address to help diagnose problems with our server, to administer the Site and to maintain contact with you as you navigate through the Site. Your computer’s IP address also may be used to provide you with information based upon your navigation through the Site. Aggregate information is used to measure the visitors’ interest in, and use of, various areas of the Site and the various programs that we administer. We will rely upon aggregate information, which is information that does not identify you, such as statistical and navigational information. With this aggregate information, we may undertake statistical and other summary analyses of the visitors’ behaviors and characteristics. Although we may share this aggregate information with third parties, none of this information will allow anyone to identify you, or to determine anything else personal about you.
LINKS TO THIRD PARTIES
Our Sites may contain links to third party websites. These third-party websites are operated by companies that are outside of our control, and your activities at those third-party websites will be governed by the policies and practices of those third parties. RIS does not in any way endorse or make any representations about such third-party websites and applications. As such, RIS is not responsible for the privacy practices or content of such third-party websites and applications that are subject to their own privacy policies. If you choose to access such links, we encourage you to review all third-party site privacy policies before submitting any of your personal data.
SOCIAL MEDIA AND ONLINE ENGAGEMENT
We occasionally use a variety of new technologies and social media options to communicate and interact with customers, potential customers, employees and potential employees. These sites and applications include popular social networking and media sites, open source software communities and more. To better engage the public in ongoing dialog, certain of our businesses use certain third-party platforms including, but not limited to, Facebook, Twitter, LinkedIn, Instagram, Pinterest and Google+. Third-Party Websites and Applications (TPWA) are Web-based technologies that are not exclusively operated or controlled by us. When interacting on those websites, you may reveal certain personal data to us or to third parties. Other than when used by our employees for the purpose of responding to a specific message or request, we will not use, share, or retain your personal data.
The Facebook data policy is available at: http://www.facebook.com/policy.php
The Instagram data policy is available at: https://help.instagram.com/519522125107875?helpref=page_content
We do not sell our services to children, and the Site is not intended for or directed at children under the age of 16 years. As such, the Sites are designed for adult user interaction. We do not intentionally collect personal data from children under the age of 16. If you believe that we may have collected personal data from someone under the age of 16 without proper consent, please let us know using the methods described in this policy.
We will, to the extent required by any applicable law, disclose, delete or take any other action with respect to any of personal data that is collected by us from residents of California. Residents of California may make a request pursuant to the California Consumer Privacy Protection Act (the “California Act”) to have us, among other things:
Disclose to you:
(a) The categories of your personal data that is collected by us;
(b) The categories of sources from whom or which such personal data is collected by us;
(c) The purposes for our collecting such personal data;
(d) The categories of third parties to whom or which we transfer such personal data;
(e) The specific pieces of such personal data collected by us; and
(f) If such personal data is sold or disclosed for a business purpose to a third party, the categories of such personal data that are sold or disclosed for a business purpose, and the categories of third parties to which or whom such personal data are sold or disclosed for a business purpose; and
Except in certain circumstances, delete your personal data that is collected by us.
Any such request by an individual under the California Act (1) can only be made twice in a 12-month period, (2) will require the collection of certain information by us to verify the identity of such individual, and (3) can be submitted to us at the toll-free number listed on the home page of the Site. We will respond to any such request within 45 days after receiving it.
The California Act requires certain additional disclosures that can be found at this link California Disclosures.
We will not discriminate against any individual for exercising any right made available to such individual under the California Act.
GENERAL DATA PROTECTION REGULATION
Subject to certain limitations and exceptions, if you are in the European Economic Area, you have the following rights under the GDPR:
Access to personal data. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Correction of personal data. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of personal data. This enables you to ask us to delete personal data when there is no good reason for us continuing to process it. You also have the right to ask us to delete your personal data when you have successfully exercised your right to object to processing (see below), when we may have processed your information unlawfully or when we are required to erase your personal data to comply with applicable law.
Restriction of processing personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) when our use of personal data is unlawful, but you do not want us to erase it; (c) when you want us to hold personal data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of personal data, subject to our verifying whether we have an overriding legitimate interest to continue using it.
Request transfer of personal data. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format.
Right to withdraw consent. You can withdraw your consent at any time when we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.
If we receive formal written requests or complaints, we will follow up with the party making the request or complaint. To the extent required by applicable law, where we would not properly address properly your request, you have the right to lodge a complaint with the competent data protection authority in your locality (for example, in the UK, the supervisory authority would be the Information Commissioner’s Office).
Otherwise, any complaint by you regarding personal data or otherwise relating to this policy must first be submitted to RIS as set forth in the Contacting Us section and RIS must be given a reasonable opportunity of not less than 30 days to investigate and respond to your complaint. Upon our completing such investigation and so responding, we and you must then, in good faith, attempt to promptly resolve any remaining aspects of your complaint. If any aspect of your remains unresolved after an additional reasonable period of not less than 30 days, you may commence litigation against us in connection with the unresolved portion of your complaint only in a court located in the county (or other similar municipality) in which RIS is located. You consent to any such court being a proper venue for such litigation, and waive any right to object to such venue for inconvenience or otherwise.
We have appointed a Data Protection Contact who you can reach out to about any queries you may have in relation to this policy. If you have any questions about this policy or your information, or to exercise any of your rights as described in this policy or under applicable laws, you can contact us at firstname.lastname@example.org.
CHANGES TO THIS POLICY
LAST UPDATED: May 5, 2022