EU General Data Protection Regulation (GDPR)
The European Union’s General Data Protection Regulation (GDPR) protects European Union data subjects' fundamental right to privacy and the protection of personal data. It is intended to harmonize data protection laws throughout the European Union (EU) by applying a single data protection law that is binding throughout each member state.
As a data collector, the following is how OCS Hosting Service have complied with GDPR to meet the high bar for compliance, security, and data privacy requirements.
RIGHT TO BE INFORMED
ACCESS/RIGHT TO RECTIFICATION
We have provided a self-service client portal that gives our customers access to login and view their personal information (profile data). This same client portal also provides our customers with access to update their personal information including name, email address, postal address and phone number.
DATA PROCESSING AGREEMENTS
Our privacy agreement clearly articulate our privacy commitments to customers. We have evolved these terms over the years based on feedback from our customers and regulators.
PROCESSING ACCORDING TO INSTRUCTIONS
Any data that a customer and its users put into our systems will only be processed in accordance with the customer’s instructions.
PERSONNEL CONFIDENTIALITY COMMITMENTS
All OCS Hosting Service employees are required to sign a confidentiality agreement and complete mandatory confidentiality and privacy trainings, as well as our Code of Conduct training. OCS Hosting Service’s Code of Conduct specifically addresses responsibilities and expected behavior with respect to the protection of information.
AVAILABILITY, INTEGRITY & RESILIENCE
OCS Hosting Service designs the components of our platform to be highly redundant. OCS Hosting Service’s data centers are geographically distributed to minimize the effects of regional disruptions on global products such as natural disasters and local outages. In the event of hardware, software, or network failure, services are automatically and instantly shifted from one facility to another so that operations can continue without interruption. Our highly redundant infrastructure helps customers protect themselves from data loss.
OCS Hosting Service conducts disaster recovery testing on an annual basis to provide a coordinated venue for infrastructure and application teams to test communication plans, fail-over scenarios, operational transition, and other emergency responses. All teams that participate in the disaster recovery exercise develop testing plans and post mortems which document the results and lessons learned from the tests.
OCS Hosting Service uses encryption to protect data in transit and at rest. Data in transit to G Suite is protected using HTTPS, which is activated by default for all users. Our hosting services encrypt customer content stored at rest, without any action required from customers, using one or more encryption mechanisms. We also offer free SSL certificates to all hosting account and it is the responsibility of our customers to use this.
For OCS Hosting Service employees, access rights and levels are based on job function and role, using the concepts of least-privilege and need-to-know to match access privileges to defined responsibilities. Requests for additional access follow a formal process that involves a request and an approval from a data or system owner, manager, or other executives, as may be dictated by OCS Hosting Service’s security policies.
We scan for software vulnerabilities using a combination of commercially available and purpose-built in-house tools, intensive automated and manual penetration testing, quality assurance processes, software security reviews, and external audits. We also rely on the broader security research community and greatly value their help identifying vulnerabilities in our hosting platform, and other products.
Our Vulnerability Reward Program encourages researchers to report design and implementation issues that may put customer data at risk.
DATA RETURN & DELETION
When OCS Hosting Service receives a complete deletion instruction from you (such as a cancellation request), OCS Hosting Service will delete the relevant customer data from all of its systems during the next system sync.
For customers that registered with us but doesn't have an active account, our system automatically removes all data relating to the given customer including, but not limited to, personal information in the user's profile, service and invoice history, activity log entries, support ticket and email history.
TRANSFER TO AGENTS
ACCESS AND CORRECTION
Upon request and in compliance with the Safe Harbors, OCS Hosting Service shall grant to individuals reasonable access to their EU/Swiss Data that is held by OCS Hosting Service. In the event that such data is deemed by the responsible individual to be inaccurate or incomplete, OCS Hosting Service will permit individuals to correct, amend, or delete such data. OCS Hosting Service may limit access or correction of data as permitted by the Safe Harbors, for example, in the event that the cost or burden of providing such access or correction would be prohibitive or could not be provided without harming the rights of other individuals. In the event that a request for access or correction is denied, the requesting individual will be notified of the reason for denial and given an opportunity to discuss the matter with OCS Hosting Service and/or appeal the decision through the dispute resolution procedures referenced below.
OCS Hosting Service will take reasonable precautions to prevent the loss, misuse, or unauthorized access, disclosure, alteration, or destruction of any EU/Swiss Data. However, OCS Hosting Service does not guarantee that any of its data will be protected in all circumstances, including those beyond its reasonable control.
Adherence by OCS Hosting Service to these Safe Harbor Principles may be limited (a) to the extent required to respond to a legal or ethical obligation; (b) to the extent necessary to meet national security, public interest, or law enforcement obligations; and (c) to the extent expressly permitted by an applicable law, rule, or regulation, including but not limited to the EU Data Directive, the Swiss FADP, and/or the principles of the Safe Harbors.
INFORMATION OCS Hosting Service COLLECTS
Information Collected During Your Visits to the OCS Hosting Service Website
If you register or make a purchase while on the Website, OCS Hosting Service may ask for Personally Identifiable Information such as your name, email address, or physical address. In addition, OCS Hosting Service collects and analyzes traffic on the Website by keeping track of the IP addresses of our visitors and by collecting log file information. Your IP address is a number that is automatically assigned to the computer that you are using by your Internet service provider (ISP) or by another organization. An IP address, by itself, cannot identify you personally. However, when combined with other information, your IP address can be used to identify the computer you are using. In addition, OCS Hosting Service may use your IP address to estimate your geographic location. We discuss log file information further in a later paragraph of this Section 4.
COOKIES,WEB BEACONS AND TRACKING
OCS Hosting Service uses technologies such as: cookies, beacons, tags and scripts (such as advertising, marketing and analytics), affiliates or analytics or service providers. These technologies may be used in analyzing trends, administering the sites, tracking users’ movements around the sites and to gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies by such companies on an individual as well as aggregated basis. While we respect the privacy of our users, we are not able to respond to Do Not Track signals set by your browser at this time. As far as we know, your IP address, keystroke activity, and personal information are never stored or shared with any third-parties. If you wishes not be recorded, please do not use our websites.
OCS Hosting Service may also use web beacons, small graphic images or other web programming code (also known as "1x1 GIFs" or "clear GIFs"), which may be included in our web pages and e-mail messages. Web beacons may be invisible to you, but any electronic image or other web programming code inserted into a web page or e-mail can act as a web beacon. Web beacons or similar technologies may be used for a number of purposes, including, without limitation, to count visitors to the Website, to monitor how users navigate the Website, to count how many e-mails that were sent were actually opened or to count how many particular articles or links were actually viewed.
OCS Hosting Service may also use embedded scripts on the website and in connection with the provision of its Services. “Embedded scripts” are programming code designed to collect information about your interactions with a website, such as the links you click on, and may assist our customers in providing us with information used to provide the Services. The code is temporarily downloaded onto your device from our web server, our customer’s web server, or a third party service provider, is active only while you are connected to the website containing the embedded script, and is deactivated or deleted thereafter.
LOG FILE INFORMATION
Your web browser automatically sends information to every website you visit, including ours. For example, our server logs may receive and record information such as the pages you access on the Website, referring URLs, your browser type, your operating system, the date and time of your visit, and the duration of your visit to each page.
USER AGENT STRINGS
Log file information may also include a user agent string, a series of characters automatically sent with your Internet requests that provide information necessary for smooth Internet communications such as the operating system and browser you used. Similar to an IP address, a user agent string, by itself, does not identify you personally. However, when combined with other information, a user agent string might be used to identify the computer originating a message.
OCS Hosting Service may also request access to or otherwise receive information about your device location when you access the Website. Your location data may be based on your IP address. We use location data in connection with providing the Services and to help improve the Services.
UNIQUE IDENTIFICATION NUMBER
OCS Hosting Service may assign your computer or mobile device a unique identification number ("Unique ID") based on log file information when you access the Website OCS Hosting Service may set a cookie on your device containing, amongst other things, the device’s Unique ID. OCS Hosting Service uses information generated from the Unique ID for purposes of improving our Services, primarily our ability to detect fraud. OCS Hosting Service does not share the Unique ID or any associated data with unaffiliated third parties.
INFORMATION OCS HOSTING SERVICE RECEIVES FROM THIRD PARTIESs
COLLECTION OF ADDITIONAL INFORMATION; RETENTION
OCS Hosting Service may collect additional information from or about you in other ways, including responses to customer surveys or your communications with our customer service team. OCS Hosting Service may retain all information it collects for an indefinite period of time.
HOW OCS Hosting Service USES INFORMATION
Providing Our Services
As stated above, oOCS Hosting Service may use Personally Identifiable Information such as your name, address, telephone number, e-mail address, or other contact information we obtain from you, our customers, or our business partners, for the purposes of providing, enhancing, or improving our fraud detection, demographic targeting, and other services and products.
COMMUNICATIONS WITH YOU
OCS Hosting Service maintains one or more contact lists (with email addresses and other information) to allow OCS Hosting Service to communicate with individuals who do business with OCS Hosting Service or who have expressed an interest in the Services. We may contact you to confirm your purchases or respond to requests that you make, notify you of changes to your account or the Services, for marketing purposes, or to otherwise inform you of information related to our business or your account with us.
WEBSITE ADMINISTRATION AND CUSTOMIZATION
OCS Hosting Service may use the information we collect about you for a variety of website administration and customization purposes. For example, we use your information to process your registration request, provide you with services and communications that you have requested, send you email updates and other communications, customize features and advertising that appear on the Website, deliver the Website content to you, measure Website traffic, measure user interests and traffic patterns, and improve the Website and the services and features offered via the Website.
USAGE OF NON-IDENTIFYING INFORMATION
Non-identifying information includes information collected from or about you that does not personally identify you. OCS Hosting Service treats IP addresses, log file information, user agent strings, computer IDs, and related information as non-identifying information, except if applicable law or the Safe Harbor principles require us to do otherwise. OCS Hosting Service may use non-identifying information for any purpose. We may also combine your non-identifying information with third party data sources (including data obtained from offline sources and data obtained from our customers using the Services) in our effort to improve our Services. Unless you opt-out, OCS Hosting Service may share such non-identifying information with customers, affiliates, and other third parties, for any purpose.
IP ADDRESSES, UNIQUE ID, AND EU/SWISS DATA
SHARING WITH OUR SERVICE PROVIDER
We may provide your information to our third party service providers, contractors, business partners, and advertisers, for the purpose of delivering Services to you as well as for purposes related to Website administration and operation, including conducting analytics. When sharing information for the purpose of providing you with the Services you request, we will share your Personally Identifiable Information only as necessary for the third party working on OCS Hosting Service’s behalf to complete its work for us. For example, if you use a credit or debit card to complete a transaction on the Website, we may share your personal information and credit card number with a credit card processing and/or a fulfillment company in order to complete your transaction.
SHARING WITH OUR CUSTOMERS
SECURITY AND COMPLIANCE WITH THE LAW
We reserve the right to disclose your Personally Identifiable Information to appropriate third parties if we are required to do so by law or we believe that such action is necessary in order (a) to comply with legal process such as a search warrant, subpoena, or court order; (b) to protect the company’s rights and property; (c) to investigate reports of users sending material using a false email address or users sending harassing, threatening, or abusive messages; (d) to protect against misuse or unauthorized use of the Website or Services; or (e) to respond to emergencies, such as when we believe someone’s physical safety is at risk.
AGGREGATE INFORMATION AND NON-IDENTIFYING INFORMATION
OCS Hosting Service may share your non-identifying information (which may include non-identifying log file information or information derived from identifying information) with third parties, including our customers. While OCS Hosting Service may share such non-identifying information for any purpose (unless you opt-out of such sharing), OCS Hosting Service typically shares such non-identifying information for industry analysis, aggregated demographic profiling, and the delivery of targeted advertising about other products and services. For example, OCS Hosting Service might provide such non-identifying information to an industry analyst who wants to use the information to determine the popularity of various web browsers and operating systems in different geographic areas.
TRANSFER OF BUSINESS
Over time, OCS Hosting Service may buy or sell various assets. In the event that we sell some or all of our assets, or our company is acquired by another company, our databases and any Personally Identifiable Information we collect may be among the transferred assets.
With regard to the transfer of any EU/Swiss Data, such transfer will only occur with a third party in the event that such party has met the qualifications set forth in Section 2, above, or as otherwise permissible under the Safe Harbor principles.
OPT-OUT OF EMAIL COMMUNICATIONS
If you are a registered member of the Website, you can make changes to your account information by logging into the Website and modifying your preferences here. If you do not wish to receive email notifications from us, you may opt-out by contacting us at privacy[at]ordercloudserver.com with your request. In addition, certain email communications we send to you, such as newsletters and promotional announcements, contain a clearly worded "Opt-Out" or "Unsubscribe" link allowing you to withdraw your permission for future mailings. Please note that we reserve the right to send you certain communications relating to your account or use of the Services (for example, administrative and service announcements) and these transactional account messages may be unaffected even if you opt-out from marketing communications.
OPT-OUT OF INFORMATION SHARING
(a) OCS Hosting Service will cease sharing information in any databases created after your opt-out date. We highlight that information about you in any databases shared with our customers is non-identifying information (not Personally Identifying Information). Versions of databases created and released prior to your opt-out date may have been created using your non-identifying information, and our customers may continue to have access to such earlier versions. Note that the utility of a database diminishes over time and most customers eventually discard older versions of a database in favor of an updated version.
(b) The non-sharing of information pertains to any information OCS Hosting Service can associate with you. OCS Hosting Service sometimes receives anonymous log file information that cannot be linked to a specific email address, IP address, or individual.
(c) If you do opt-out of having us share your non-identifying information, OCS Hosting Service will not gather, retain, use and share such information for fraud detection purposes.
(d) If you opt-out based on your IP address, OCS Hosting Service will process the IP address opt-out if the IP address is associated with one individual or one household (i.e., it is not uncommon for a single IP address to be shared by hundreds of devices). Also, since IP address assignments are subject to change, OCS Hosting Service will stop sharing information related to that IP address until such time that OCS Hosting Service reasonably believes the IP address has been assigned to another device (which period shall not be less than one year).
BLOCKING OR DELETING COOKIES<
You can manually delete cookies, which are normally located in your temporary Internet folder or cookie folder. You can also reset the preferences in your web browser to notify you when you have received a cookie or, alternatively, to refuse to accept cookies. Deleting or blocking cookies will prohibit your ability to make online purchases on the Website and to use and access portions of the Website that require logging in with a username and password, and may affect other functionality. You can learn how to do this at:
ADDITIONAL INFORMATION FOR RESIDENTS OF CERTAIN STATES
Customers in certain jurisdictions of the United States may have a right to access personal information held or shared about themselves. Your right of access can be exercised in accordance with applicable law. Please submit any requests for access to your personal data in writing to our privacy agent indicated at the bottom of this webpage.
YOUR CALIFORNIA PRIVACY RIGHTS
When California customers provide Personally Identifiable Information to a business, they have the right to request certain disclosures if that business shares Personally Identifiable Information with third parties (and in some cases affiliates) for the third parties’ or affiliates’ direct marketing purposes. Once per calendar year the customer may request that the business provide a list of companies with which it shares Personally Identifiable Information for those companies’ direct marketing purposes, and a list of the categories of Personally Identifiable Information that the business shares. Instead of responding to such requests, however, a company may choose to comply with this law by establishing and publishing on its website a policy of not disclosing a customer’s Personally Identifiable Information to such third parties and affiliates unless the customer affirmatively agrees to such disclosures.
OCS Hosting Service does not share Personally Identifiable Information with third parties or affiliates for those third parties’ or affiliates’ direct marketing purposes.
California customers may request information about our compliance with this law by contacting us by e-mail at legal[at]ordercloudserver.com.com or by mail at the address set forth in Section 11 below. Any such inquiry must include California Privacy Rights Request in the first line of the description and include your name, street address, city, state, and ZIP code. Please note that we are only required to respond to one request per customer each year, and we are not required to respond to requests made by means other than through this email address. EU/Swiss Data Rights
In addition to the opt-out rights set forth above, OCS Hosting Service permits individual owners of EU/Swiss Data the option of choosing to opt-out of: (a) the disclosure of their EU/Swiss Data to third parties, and (b) the use of their EU/Swiss Data for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. Individuals residing in the EEA and wishing to make an opt-out request should contact OCS Hosting Service directly using the information at Section 11, below.
THIRD PARTY ANALYTICS; ONLINE TRACKING
OCS Hosting Service works with certain third parties (including analytics companies) to provide us with information regarding traffic on and use of the Website. Some of these parties may collect Personally Identifiable Information when you visit the Website or other online websites and services. These third parties may set and access their own tracking technologies (including cookies, embedded scripts, and web beacons) and may otherwise collect or have access to your IP address or other unique identifier, log information, and related information about you. These tracking technologies, including the Google Analytics User ID feature, may be used to assist in providing analytics, marketing, and for other purposes. We may share IP addresses or other unique identifiers and log information about visitors with third party analytics providers and other vendors for similar purposes. OCS Hosting Service does not control the information collection, use, or sharing practices of third party analytics providers. Some third parties may collect Personally Identifiable Information about your online activities over time and across different websites when you use the Website.
Your browser settings may allow you to automatically transmit a "Do Not Track" signal to websites and online services you visit; however, there is no consensus among industry participants as to what "Do Not Track" means in this context. Like many websites and online services, the Website currently does not alter its practices when it receives a "Do Not Track" signal from a visitor’s browser. To find out more about "Do Not Track," you may wish to visit https://allaboutdnt.com. You may opt out of Google Analytics tracking in particular using a browser plugin found at https://tools.google.com/dlpage/gaoptout.
POLICY REGARDING CHILDREN
The Website is not intended for use by children under the age of thirteen years old. OCS Hosting Service does not knowingly collect information from children under the age of thirteen.
CONTACT FOR ADDITIONAL INFORMATION, OPTING OUT, DATA ACCESS AND CORRECTION, AND DISPUTES
Or to the:
Data Protection Officer
OCS Hosting Service
1007 N. Orange St. 4th Floor, Wilmington, DE 19801