It does not apply to OCS Hosting Service’s services that OCS Hosting Service’s customers or resellers may use on their own websites, to other companies’ or organizations’ sites to which we link, or to companies that OCS Hosting Service does not own or control, even if such companies are contractors or business partners of OCS Hosting Service.
EU GENERAL DATA PROTECTION REGULATION (GDPR)
The European Union General Data Protection Regulation (GDPR) protects European Union data subjects' fundamental right to privacy and the protection of personal data.
It is intended to harmonize data protection laws throughout the European Union (EU) by applying a single data protection law that is binding throughout each member state.
As a data collector, the following is how OCS Hosting Service has complied with GDPR to meet the high bar for compliance, security, and data privacy requirements.
RIGHT TO BE INFORMED
ACCESS/RIGHT TO RECTIFICATION
We have provided a self-service client portal that gives our customers access to login and view their personal information (profile data). This same client portal also provides our customers with access to update their personal information including name, email address, postal address, and phone number.
DATA PROCESSING AGREEMENTS
Our privacy agreement clearly articulates our privacy commitments to customers. We have evolved these terms over the years based on feedback from our customers and regulators.
PROCESSING ACCORDING TO INSTRUCTIONS
Any data that a customer and its users put into our systems will only be processed in accordance with the customer instructions.
PERSONNEL CONFIDENTIALITY COMMITMENTS
All OCS Hosting Service employees are required to sign a confidentiality agreement and complete mandatory confidentiality and privacy training, as well as our Code of Conduct training. OCS Hosting Service Code of Conduct specifically addresses responsibilities and expected behavior with respect to the protection of information.
AVAILABILITY, INTEGRITY & RESILIENCE
OCS Hosting Service designs the components of our platform to be highly redundant. OCS Hosting Service data centers are geographically distributed to minimize the effects of regional disruptions on global products such as natural disasters and local outages.
In the event of hardware, software, or network failure, services are automatically and instantly shifted from one facility to another so that operations can continue without interruption. Our highly redundant infrastructure helps customers protect themselves from data loss.
OCS Hosting Service conducts disaster recovery testing on an annual basis to provide a coordinated venue for infrastructure and application teams to test communication plans, fail-over scenarios, operational transition, and other emergency responses. All teams that participate in the disaster recovery exercise develop testing plans and post mortems which document the results and lessons learned from the tests.
OCS Hosting Service uses encryption to protect data in transit and at rest. Data in transit to G Suite is protected using HTTPS, which is activated by default for all users. Our hosting services encrypt customer content stored at rest, without any action required from customers, using one or more encryption mechanisms. We also offer free SSL certificates to all hosting accounts and it is the responsibility of our customers to use this.
For OCS Hosting Service employees, access rights and levels are based on job function and role, using the concepts of least privilege and need-to-know to match access privileges to defined responsibilities. Requests for additional access follow a formal process that involves a request and approval from a data or system owner, manager, or other executives, as may be dictated by OCS Hosting Service security policies.
We scan for software vulnerabilities using a combination of commercially available and purpose-built in-house tools, intensive automated and manual penetration testing, quality assurance processes, software security reviews, and external audits. We also rely on the broader security research community and greatly value their help identifying vulnerabilities in our hosting platform, and other products.
Our Vulnerability Reward Program encourages researchers to report design and implementation issues that may put customer data at risk.
DATA RETURN & DELETION
When OCS Hosting Service receives a complete deletion instruction from you (such as a cancellation request), OCS Hosting Service will delete the relevant customer data from all of its systems during the next system sync.
For customers that registered with us but don't have an active account, our system automatically removes all data relating to the given customer including, but not limited to, personal information in the user's profile, service and invoice history, activity log entries, support ticket, and email history.
TRANSFER TO AGENTS
ACCESS AND CORRECTION
Upon request and in compliance with the Safe Harbors, OCS Hosting Service shall grant to individuals reasonable access to their EU/Swiss Data that is held by OCS Hosting Service. In the event that such data is deemed by the responsible individual to be inaccurate or incomplete, OCS Hosting Service will permit individuals to correct, amend, or delete such data.
OCS Hosting Service may limit access or correction of data as permitted by the Safe Harbors, for example, in the event that the cost or burden of providing such access or correction would be prohibitive or could not be provided without harming the rights of other individuals.
In the event that a request for access or correction is denied, the requesting individual will be notified of the reason for denial and given an opportunity to discuss the matter with OCS Hosting Service and/or appeal the decision through the dispute resolution procedures referenced below.
OCS Hosting Service will take reasonable precautions to prevent the loss, misuse, or unauthorized access, disclosure, alteration, or destruction of any EU/Swiss Data. However, OCS Hosting Service does not guarantee that any of its data will be protected in all circumstances, including those beyond its reasonable control.
For any complaints that cannot be resolved by OCS Hosting Service and the complainant, OCS Hosting Service has agreed to participate in the Better Business Bureau Safe Harbor Dispute Resolution Program. Individuals wishing to avail themselves of the foregoing dispute resolution program should follow the procedures set forth in Section 11, below.
INFORMATION OCS HOSTING SERVICE COLLECTS
VISITS TO THE OCS HOSTING SERVICE WEBSITE
If you register or make a purchase while on the website, OCS Hosting Service may ask for Personally Identifiable Information such as your name, email address, or physical address. In addition, OCS Hosting Service collects and analyzes traffic on the website by keeping track of the IP addresses of our visitors and by collecting log file information.
Your IP address is a number that is automatically assigned to the computer that you are using by your Internet service provider (ISP) or by another organization. An IP address, by itself, cannot identify you personally. However, when combined with other information, your IP address can be used to identify the computer you are using.
In addition, OCS Hosting Service may use your IP address to estimate your geographic location. We discuss log file information further in a later paragraph of this Section 4.
COOKIES,WEB BEACONS AND TRACKING
OCS Hosting Service uses technologies such as cookies, beacons, tags, and scripts (such as advertising, marketing, and analytics), affiliates or analytics, or service providers. These technologies may be used in analyzing trends, administering the sites, tracking users’ movements around the sites, and gathering demographic information about our user base as a whole.
We may receive reports based on the use of these technologies by such companies on an individual as well as aggregated basis. While we respect the privacy of our users, we are not able to respond to Do Not Track signals set by your browser at this time. As far as we know, your IP address, keystroke activity, and personal information are never stored or shared with any third parties. If you wish not to be recorded, please do not use our websites.
BLOCKING OR DELETING COOKIES
You can manually delete cookies, which are normally located in your temporary Internet folder or cookie folder. You can also reset the preferences in your web browser to notify you when you have received a cookie or, alternatively, to refuse to accept cookies. Deleting or blocking cookies will prohibit your ability to make online purchases on the website and to use and access portions of the website that require logging in with a username and password, and may affect other functionality. You can learn how to do this at support.google.com/accounts/answer/32050?hl=en.
For information on how to manage cookie settings click on the links below:
- Chrome Cookie Settings
- Firefox Cookie Settings
- Microsoft Edge Cookie Settings
- Safari Cookie Settings
OCS Hosting Service may also use web beacons, small graphic images, or other web programming code (also known as "1x1 GIFs" or "clear GIFs"), which may be included in our web pages and e-mail messages. Web beacons may be invisible to you, but any electronic image or other web programming code inserted into a web page or e-mail can act as a web beacon. Web beacons or similar technologies may be used for a number of purposes, including, without limitation, to count visitors to the website, to monitor how users navigate the website, to count how many e-mails that were sent were actually opened or to count how many particular articles or links were actually viewed.
OCS Hosting Service may also use embedded scripts on the website and in connection with the provision of its Services. “Embedded scripts” are programming code designed to collect information about your interactions with a website, such as the links you click on and may assist our customers in providing us with information used to provide the Services. The code is temporarily downloaded onto your device from our web server, our customer’s web server, or a third-party service provider, is active only while you are connected to the website containing the embedded script, and is deactivated or deleted thereafter.
LOG FILE INFORMATION
Your web browser automatically sends information to every website you visit, including ours. For example, our server logs may receive and record information such as the pages you access on the website, referring URLs, your browser type, your operating system, the date and time of your visit, and the duration of your visit to each page.
USER AGENT STRINGS
Log file information may also include a user agent string, a series of characters automatically sent with your Internet requests that provide information necessary for smooth Internet communications such as the operating system and browser you used. Similar to an IP address, a user agent string, by itself, does not identify you personally. However, when combined with other information, a user agent string might be used to identify the computer originating a message.
OCS Hosting Service may also request access to or otherwise receive information about your device location when you access the website. Your location data may be based on your IP address. We use location data in connection with providing the Services and to help improve the Services.
UNIQUE IDENTIFICATION NUMBER
OCS Hosting Service may assign your computer or mobile device a unique identification number ("Unique ID") based on log file information when you access the website OCS Hosting Service may set a cookie on your device containing, amongst other things, the device’s Unique ID. OCS Hosting Service uses information generated from the Unique ID for purposes of improving our Services, primarily our ability to detect fraud. OCS Hosting Service does not share the Unique ID or any associated data with unaffiliated third parties.
INFORMATION OCS HOSTING SERVICE RECEIVES FROM THIRD PARTIES
COLLECTION OF ADDITIONAL INFORMATION
OCS Hosting Service may collect additional information from or about you in other ways, including responses to customer surveys or your communications with our customer service team. OCS Hosting Service may retain all information it collects for an indefinite period of time.
Whenever OCS Hosting Service collects data directly from individuals, it will provide:
- notice of such collection;
HOW WE USE YOUR INFORMATION
PROVIDING OUR SERVICES
As stated above, OCS Hosting Service may use Personally Identifiable Information such as your name, address, telephone number, e-mail address, or other contact information we obtain from you, our customers, or our business partners, for the purposes of providing, enhancing, or improving our fraud detection, demographic targeting, and other services and products.
COMMUNICATIONS WITH YOU
OCS Hosting Service maintains one or more contact lists (with email addresses and other information) to allow OCS Hosting Service to communicate with individuals who do business with OCS Hosting Service or who have expressed an interest in the Services. We may contact you to confirm your purchases or respond to requests that you make, notify you of changes to your account or the Services, for marketing purposes, or to otherwise inform you of information related to our business or your account with us.
WEBSITE ADMINISTRATION AND CUSTOMIZATION
OCS Hosting Service may use the information we collect about you for a variety of website administration and customization purposes. For example, we use your information to process your registration request, provide you with services and communications that you have requested, send you an email update and other communications, customize features and advertising that appear on the website, deliver the website content to you, measure website traffic, measure user interests and traffic patterns, and improve the website and the services and features offered via the website.
USAGE OF NON-IDENTIFYING INFORMATION
Non-identifying information includes information collected from or about you that does not personally identify you. OCS Hosting Service treats IP addresses, log file information, user agent strings, computer IDs, and related information as non-identifying information, except if applicable law or the Safe Harbor principles require us to do otherwise. OCS Hosting Service may use non-identifying information for any purpose.
We may also combine your non-identifying information with third-party data sources (including data obtained from offline sources and data obtained from our customers using the Services) in our effort to improve our Services. Unless you opt-out, OCS Hosting Service may share such non-identifying information with customers, affiliates, and other third parties, for any purpose.
IP ADDRESSES, UNIQUE ID, AND EU/SWISS DATA
SHARING WITH OUR SUB-CONTRACTORS & PAYMENT PROCESSORS
We may provide your information to our third party service providers, sub-contractors, business partners, and advertisers, for the purpose of delivering Services to you as well as for purposes related to website administration and operation, including conducting analytics. When sharing information for the purpose of providing you with the Services you request, we will share your Personally Identifiable Information only as necessary for the third party working on OCS Hosting Service’s behalf to complete its work for us.
For example, if you use a credit or debit card to complete a transaction on the website, we may share your personal information and credit card number with a credit card processing and/or a fulfillment company in order to complete your transaction.
SHARING WITH OUR CUSTOMERS
SECURITY AND COMPLIANCE WITH THE LAW
We reserve the right to disclose your Personally Identifiable Information to appropriate third parties if we are required to do so by law or we believe that such action is necessary in order (a) to comply with legal processes such as a search warrant, subpoena, or court order; (b) to protect the company’s rights and property; (c) to investigate reports of users sending material using a false email address or users sending harassing, threatening, or abusive messages; (d) to protect against misuse or unauthorized use of the website or services; or (e) to respond to emergencies, such as when we believe someone’s physical safety is at risk.
AGGREGATE INFORMATION AND NON-IDENTIFYING INFORMATION
OCS Hosting Service may share your non-identifying information (which may include non-identifying log file information or information derived from identifying information) with third parties, including our customers. While OCS Hosting Service may share such non-identifying information for any purpose (unless you opt-out of such sharing), OCS Hosting Service typically shares such non-identifying information for industry analysis, aggregated demographic profiling, and the delivery of targeted advertising about other products and services. For example, OCS Hosting Service might provide such non-identifying information to an industry analyst who wants to use the information to determine the popularity of various web browsers and operating systems in different geographic areas.
TRANSFER OF BUSINESS
Over time, OCS Hosting Service may buy or sell various assets. In the event that we sell some or all of our assets, or our company is acquired by another company, our databases and any Personally Identifiable Information we collect may be among the transferred assets.
With regard to the transfer of any EU/Swiss Data, such transfer will only occur with a third party in the event that such party has met the qualifications set forth in Section 2, above, or as otherwise permissible under the Safe Harbor principles.
OPT-OUT OF EMAIL COMMUNICATIONS
If you are a registered member of the website, you can make changes to your account information by logging into the website and modifying your preferences here. If you do not wish to receive email notifications from us, you may opt-out by contacting us at privacy[at]ordercloudserver.com with your request. In addition, certain email communications we send to you, such as newsletters and promotional announcements, contain a clearly worded "Opt-Out" or "Unsubscribe" link allowing you to withdraw your permission for future mailings. Please note that we reserve the right to send you certain communications relating to your account or use of the Services (for example, administrative and service announcements) and these transactional account messages may be unaffected even if you opt-out from marketing communications.
OPT-OUT OF INFORMATION SHARING
Please note that the records maintained by OCS Hosting Service are not complete for all consumers (i.e., many records do not contain name or email address information). As a result, a record containing information about you may not be identifiable by an email address search, IP address search, or other simple search criteria. Any individual whose record can be identified has the option of having OCS Hosting Service cease from sharing with unaffiliated third parties any of the individual’s non-identifying information. This non-sharing has several important qualifications:
- OCS Hosting Service will cease sharing information in any databases created after your opt-out date. We highlight that information about you in any databases shared with our customers is non-identifying information (not Personally-Identifying Information). Versions of databases created and released prior to your opt-out date may have been created using your non-identifying information, and our customers may continue to have access to such earlier versions. Note that the utility of a database diminishes over time and most customers eventually discard older versions of a database in favor of an updated version.
- The non-sharing of information pertains to any information OCS Hosting Service can associate with you. OCS Hosting Service sometimes receives anonymous log file information that cannot be linked to a specific email address, IP address, or individual.
- If you do opt-out of having us share your non-identifying information, OCS Hosting Service will not gather, retain, use and share such information for fraud detection purposes.
- If you opt-out based on your IP address, OCS Hosting Service will process the IP address opt-out if the IP address is associated with one individual or one household (i.e., it is not uncommon for a single IP address to be shared by hundreds of devices). Also, since IP address assignments are subject to change, OCS Hosting Service will stop sharing information related to that IP address until such time that OCS Hosting Service reasonably believes the IP address has been assigned to another device (which period shall not be less than one year).
YOUR DATA PROTECTION RIGHTS
8.1 Depending on your jurisdiction of residence, you may have the data protection right to access, correct, update, or request deletion of your personal information.
RESIDENTS IN STATES WITHIN UNITED STATES
Customers in certain jurisdictions of the United States may have a right to access personal information held or shared about themselves. Your right of access can be exercised in accordance with applicable law. Please submit any requests for access to your personal data in writing to our privacy agent indicated at the bottom of this webpage.
EU RESIDENTS PRIVACY RIGHTS
If you are a resident of the EEA you also have the following data protection rights:
- you can object to the processing of your personal information, ask us to restrict the processing of your personal information, or request portability of your personal information.
- if we have collected and processed your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.
- you have the right to complain to a data protection authority about our collection and use of your personal information. Contact details for data protection authorities in the EU are available here: https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm
CALIFORNIA RESIDENTS PRIVACY RIGHTS
When California customers provide Personally Identifiable Information to a business, they have the right to request certain disclosures if that business shares Personally Identifiable Information with third parties (and in some cases affiliates) for the third parties’ or affiliates’ direct marketing purposes. Once per calendar year the customer may request that the business provide a list of companies with which it shares Personally Identifiable Information for those companies’ direct marketing purposes, and a list of the categories of Personally Identifiable Information that the business shares. Instead of responding to such requests, however, a company may choose to comply with this law by establishing and publishing on its website a policy of not disclosing a customer’s Personally Identifiable Information to such third parties and affiliates unless the customer affirmatively agrees to such disclosures.
OCS Hosting Service does not share Personally Identifiable Information with third parties or affiliates for those third parties’ or affiliates’ direct marketing purposes.
California customers may request information about our compliance with this law by contacting us by e-mail at legal[at]ordercloudserver.com.com or by mail at the address set forth in Section 11 below. Any such inquiry must include California Privacy Rights Request in the first line of the description and include your name, street address, city, state, and ZIP code. Please note that we are only required to respond to one request per customer each year, and we are not required to respond to requests made by means other than through this email address.
THIRD PARTY ANALYTICS
OCS Hosting Service works with certain third parties (including analytics companies) to provide us with information regarding traffic on and use of the website. Some of these parties may collect Personally Identifiable Information when you visit the website or other online websites and services. These third parties may set and access their own tracking technologies (including cookies, embedded scripts, and web beacons) and may otherwise collect or have access to your IP address or other unique identifiers, log information, and related information about you. These tracking technologies, including the Google Analytics User ID feature, may be used to assist in providing analytics, marketing, and other purposes. We may share IP addresses or other unique identifiers and log information about visitors with third-party analytics providers and other vendors for similar purposes. OCS Hosting Service does not control the information collection, use, or sharing practices of third-party analytics providers. Some third parties may collect Personally Identifiable Information about your online activities over time and across different websites when you use the website.
Your browser settings may allow you to automatically transmit a "Do Not Track" signal to websites and online services you visit; however, there is no consensus among industry participants as to what "Do Not Track" means in this context. Like many websites and online services, the website currently does not alter its practices when it receives a "Do Not Track" signal from a visitor’s browser.
To find out more about "Do Not Track," you may wish to visit All About DNT. You may opt-out of Google Analytics tracking in particular using a browser plugin found at Google Analytics Opt-out Browser Add-on Download Page.
CHILDREN’S ONLINE PRIVACY PROTECTION (COPPA)
The website is not intended for use by children under the age of thirteen years old. OCS Hosting Service does not knowingly collect information from children under the age of thirteen.
CONTACT FOR ADDITIONAL INFORMATION, OPTING OUT, DATA ACCESS AND CORRECTION, AND DISPUTES
The Data Protection Officer
OCS Hosting Service
1007 N. Orange St. 4th Floor, Wilmington, DE 19801
+1 (650) 620-7020
If you have question regarding this page or want to know more, please send your questions via our Contact Form.