Optechain
Privacy Policy
Protecting your privacy is important to us. This Privacy Policy (“Privacy Policy”) is meant to help you understand how we collect, use and share your personal data, and to assist you in exercising the privacy rights available to you.
SCOPE
Personal data is any information that can be used on its own or in combination with other information to identify, contact, or locate a natural person.
Please read our Privacy Policy carefully to get a clear understanding of how we collect, use, protect or otherwise handle your personal data.
This Privacy Policy applies to personal data processed by us in the course of our business operations, including on our website(s), our mobile applications, and other online or offline offerings (collectively, the “Services”).
Throughout this Privacy Policy, the terms “we”, “us” and “our” refer to Optechain PC.
Depending on the activity, Optechain PC acts as a “data controller” or “data processor” of the personal data provided to, collected by, or processed in connection with our Services.
This Privacy Policy does not apply to any third-party websites, services or applications, even if they are accessible through our Services.
Optechain will only process your personal data in accordance with the national laws applicable to its establishments, including the General Data Protection Regulation, hereafter referred to as the “GDPR” (Regulation 2016/679), as in force.
For any matter relating to the processing of personal data, you may directly contact Optechain’s competent department by e-mailing privacy@optechain.com
1. What personal data do we collect from users of our Services?
Depending on the purpose for which Optechain may be required to process your personal data from time to time, these may fall into the following categories:
i) basic identification data – your name, surname and Tax Identification Number
ii) contact details – your phone number, email address, and home and/or billing address
iii) information relating to transactions that are necessary for the provision of our Services – payment methods, available account balance
iv) location data (precise location [GPS]),
v) any other information voluntarily submitted to us by you (for example, through our Customer Service). Specifically:
Account Information. If you create an Account, we’ll collect certain personal data that can be used by Us to identify you, such as your name, surname, email address, phone number and company name, Tax Identification Number, and home and billing address.
If you create an Account using the log-in credentials from one of your Third-Party Accounts (e.g. Google Account), we’ll only be able to access and collect the personal data which your privacy settings on that Third-Party Account permit us to access.
We kindly remind you that, when asked to fill in your personal data to gain access to certain features or services of our app/website, we may mark some fields as ‘mandatory’ (*), if the information requested is indispensable to the provision of such features or services. Please bear in mind that if you refuse to provide us with ‘mandatory’ information, you may be unable to complete your registration or otherwise benefit from the relevant services.
Communications with Us. If you request information about our Services, including customer or technical support, apply for a job with Us or otherwise communicate with Us, we’ll collect the personal data necessary for Us to fulfil your request, such as your name, email address, phone number, or mailing address.
Location data. If you use our Services from a mobile device, that device will send us data about your location based on your phone settings. We will ask you to opt-in before we use GPS or other tools to identify your precise location.
Automatic Data Collection. Certain data may be collected automatically when you use our Services, by Third Parties that provide content and other functionalities on our Services These may include your Internet protocol (IP) address, your user settings, cookie IDs, device identifier and features, your mobile carrier, MAC address and other unique identifiers, details about your browser and operating system, your Internet service provider. and data regarding your use of our Services, such as the type of content you interact with, the frequency and the duration of your activities, and other information about how you use the Services. Specifically:
Cookies, Pixel Tags, Analytics, and other Interest-Based Advertising technologies. Our external service providers may use cookies, pixel tags, and other tools to automatically collect information whenever you visit or interact with our Services.
Cookies. Cookies are small text files placed in your computer browser whenever you load a particular website. Cookies help users navigate websites efficiently, store their preferences and perform certain functions. Most browsers will allow you to block and delete cookies. However, disabling cookies may prevent you from using certain websites or services. You can find out more about cookies by visiting https://www.allaboutcookies.org.
Pixel Tags. A pixel tag is a piece of code embedded in a service, that collects information about users’ engagement with a particular webpage. The use of a pixel may allow our external service providers to record, for example, that a user has accessed a certain website or clicked on a particular advertisement.
Use of the above tools will fall into the following categories:
Operationally Necessary: This includes tools that allow a user to access certain essential features of a service, and tools that are required to identify irregular site behaviour and improve security.
Functionality Related. This includes tools that allow a service provider to offer enhanced functionality for its service, such as identifying a user when it signs into the service or keeping track of its specified preferences and interests.
Performance Related. This refers to the use of certain tools for the purpose of assessing the performance of a service, including as part of analytic practices, to help a service provider understand the use that its visitors make of its service.
The automatic data collection by third-party service providers is governed by the Privacy Policies of the respective third-parties. You will find a list of the key service providers Optechain works with, including links to their respective Privacy Policies, in section 4.
Analytics. We may use certain tools for analytics purposes, to collect information about visitor behaviour on our Services, to assess the speed, accuracy and/or security of our Services, diagnose technical issues and generate usage reports.
2. How do we use your personal data?
How we use your personal data will depend on which Services you use, how you use those Services and the choices you make in your settings.
A) We use the data we collect from you for the following purposes:
i. To manage your registration as a user of our app
Should you decide to register on our app, we will process your personal data in order to identify you as a registered user and ensure that you have full access to the app as a registered user. You may deactivate your account at any time by deleting the app from your device.
ii. To fulfil our contract with you and deliver our Services, for example to:
Manage your account information;
Allow our app and website administrators to manage the performance and functionalities of our Services.
Provide access to certain areas, features and functionalities of our Services;
Verify or maintain the quality and safety of a service or device;
Allow our partners to process your financial information and other payment methods for products or Services purchased by you;
Communicate with you about your account or policy changes;
Provide customer and technical support and reply to your questions, customer service requests and suggestions for the improvement of our Services.
We may also process your personal data to comply with internal operations and procedures such as order management, invoicing, accounting, and pricing, implementation of business controls, management of customer directories, and other archiving and insurance policies.
iii. To analyse and improve our Services, for example to:
Fix bugs/errors, upgrade and enhance our Services;
Improve customer experience.
Detect security breaches and prevent malicious, fraudulent or illegal activities on our Services.
Monitor the use of our products and Services for research and development purposes, to improve their performance, resilience and efficiency.
Compile analytics reports for internal development purposes.
Enforce our terms and conditions.
Comply with our legal obligations and protect our users legitimate interests.
iv. To provide you with additional content and Services, for example to:
Contact you with promotional materials, personalized offers, products, and Services and other information that may be of interest to you, including new services.
If you do not wish to receive these communications, you may unsubscribe at any time by clicking on the ‘Unsubscribe’ button at the bottom of each communication.
v. To allow you to connect with us
We are active on social media platforms like Facebook, Instagram and LinkedIn. When you click on one of the corresponding icons on our Services, we will refer you to the website or app of the relevant third party.
These third party apps and websites are not controlled by us. We urge you to read the privacy policies of each website and application with which you interact. Optechain does not endorse, screen or approve the privacy practices or content of any third party website or application, and bears absolutely no responsibility for the content, activities or policies contained therein.
If you contact us via social media, we will process the personal data you submit to us in order to answer your questions and to respond to your messages. These may include your (user)name, email address, and any other personal data you choose to include in your message.
vi. To comply with the law
In some cases, we process your personal data to comply with applicable laws and regulations. This may, for example, be the case where tax-related obligations apply. In order to comply with relevant laws and regulations, we may need to disclose your personal data in response to a request or order of a regulatory agency or supervisory authority.
vii. Other purposes
We may use personal data and other data about you to create de-identified and aggregated information, such as demographic information, location information, information about the device from which you are accessing our Services, or other analyses we create.
B) The use of your personal data by data processors
When an external party that provides services to us processes your personal data following Optechain’s instructions, it acts as a ‘data processor’ with regard to that processing. Prior to interacting with such parties, Optechain enters into a Data Processing Agreement with them. This agreement includes obligations to ensure that your personal data is being processed by the data processor in a secure and lawful manner, to afford you the same level of protection as that afforded to you by Optechain.
C) The use of your personal data on behalf of our customers (as processors or sub-processors)
Our customers may use our Services to process certain information of their own, which may contain personal data. Such data will be processed through our Services by Us, on behalf of our customer (data controller), for the purpose of performing a contract assigned to Us by the latter (for example, a Maintenance and Support Agreement). In these cases, the purposes and means of processing, the type of personal data subjected to processing and the data retention periods, are solely determined by the specific controller, in accordance with the scope of the associated project contract, and therefore varies depending on the particular characteristics of each project. OPTECHAIN’s processing activities and privacy practices are governed by the scope and terms of the specific agreement (Data Processing Agreement) with our customer, and are carried out in accordance with the written instructions provided by him, insofar as they are compatible with the respective obligations imposed by the applicable legislative framework at a national and/or EU level. We will only have access to the data made available to Us by our customer, and only to the extent necessary to perform our contract with our customer.
If you have any questions or concerns about how such data is handled on behalf of our customers or would like to exercise your rights, please contact us at privacy@optechain.com and we will make sure to bring you in touch with our customer (i.e. the data controller who has contracted with us to use the Service for the purpose of processing such data). In these cases, it is our customers who control the personal data and determine the security settings within the account, the access controls and credentials. We will provide assistance to you and our customer, to address any questions or concerns you may have.
3. What is the legal basis for the processing of your personal data?
Optechain processes your personal data on the basis of your CONSENT.
Please note that, by:
accepting the terms and conditions of our Services, or
accessing in any way or downloading or activating or using any part of our Services, or
subscribing to our electronic catalogues for the purpose of receiving informational material or other promotional material, or by renewing/changing such preferences, or
contacting us through our customer support line, or
sending us emails or completing forms requesting for information or other technical support,
YOU ARE CONSENTING to the processing of your personal data by Optechain, in accordance with this Privacy Policy.
You can withdraw your consent any time by contacting us at privacy@optechain.com.
We will only collect the personal data necessary for the performance of the contract between You and Optechain.
4. Do we disclose your personal data to third parties?
Your personal data are only accessible by a limited number of authorized staff and service providers that act on our behalf, on a need-to-know basis.
Disclosure of your personal data to external parties. Optechain only discloses your personal data to third parties that support us in delivering our Services through a variety of critical services, such as hosting (storing and delivering), and help us respond to customer inquiries and requests, update our marketing catalogues, analyse data, offer supporting services and comply with our legal duties.
These include:
IT and related services (to provide technical and operational maintenance)
Payment service providers and financial institutions (to process payments made through our Services)
Business Partners (we may provide personal data to business partners with whom we jointly offer products or services)
Fraud detection and prevention organizations
ISPs and ICT service providers
Customer support service providers
Advertising Partners (we may share your personal data with third-party advertising partners to market our Services, provided that you have opted-in to receive such communications through your Account or our website).
We choose reliable Partners and take all appropriate contractual, technical and organisational measures to ensure that your personal data are processed by external parties only to the extent necessary for the purposes set out in this Privacy Policy and in accordance with applicable law. Optechain adheres to the security and data protection standards of the platforms it uses as part of delivering its Services.
Our Partners include:
Name | Data | Purpose of Processing | Entity Country | Entity Privacy Policy |
---|---|---|---|---|
Microsoft – Azure Cloud | Our users’ data | Cloud service provider | United States | Data Privacy in the Trusted Cloud | Microsoft Azure |
Microsoft – Power BI | Our users’ data | Analytics | United States | privacy.microsoft.com/en-gb/privacystatement |
List of Service Providers
Name | Data | Purpose of Processing | Entity Country | Entity Privacy Policy |
---|---|---|---|---|
Zendesk, Inc. | The information provided by the individual reaching out to Optechain, such as name, email address, phone number, and other information that may be included based on the nature of the communication | Customer service platform that supports customer interactions e.g. via phone, chat or email | United States | Privacy Policy – Zendesk |
Stripe | Information relating to our users’ transactions, contact information, payment methods, credit card information | Payment Processing Services | United States | Privacy Policy (stripe.com) |
Transfers outside EEA. Some of our external partners are located in countries outside the European Economic Area (EEA). If your personal data are transferred to a recipient in a country outside the European Economic Area (EEA) that does not provide an adequate level of protection in accordance with the GDPR, we will take the necessary measures to ensure that your personal data are adequately protected, such as entering into EU Standard Contractual Clauses with these recipients. In all other cases, your personal data will not be disclosed to external parties, except where required or permitted by law.
Optechain will disclose personal data whenever such disclosure is required by law, or in order to comply with any order or regulation of any governmental or other regulatory authority, or to avert unlawful acts against our company and our clients (e.g. fraud, insult).
4. Your rights as a data subject
Right of access:
You have the right to access your personal data and receive additional information about how we process it. You also have the right to obtain a confirmation from Optechain as to whether or not your personal data are being processed, and to verify the legitimate nature of the processing.
Right to rectification:
You have the right to correct inaccurate data, and to complete, update or modify your personal data, either yourself, through the app, or by contacting Optechain at the above contact details.
Right to erasure:
In certain cases, you have the right to request the deletion of your personal data, such as when the processing is based on your consent. You may contact us at any time to learn more about your right to erasure.
Right to restriction of processing:
You have the right to request that we restrict the processing of your personal data in the following cases: (a) when the accuracy of the personal data is contested and until such accuracy is verified, (b) when you oppose the deletion of your personal data and request a restriction of their use instead, (c) when your personal data are no longer needed for processing purposes, they are however required for the establishment, exercise, or defence of a legal claim, and (d) when you object to the processing of your personal data and a decision on your objection to the processing is still pending.
Right to object to processing:
Under certain conditions, you have the right to object to the processing of your personal data. If you exercise your right to object, we will be legally obligated to stop processing your personal data, unless we can show that the processing is necessary to protect our legitimate interests as data controllers, or to establish, exercise, or defend a legal claim.
Right to data portability:
Under certain conditions, you have the right to receive your personal data, free of charge, in a format that allows you to access, use, and edit them with commonly used editing methods. You may also request the transmission of your data directly to another controller, provided that this is technically feasible.
Right to withdraw your consent:
Where the processing is based on your consent, you have the right to withdraw it at any time, without, however, affecting the lawfulness of the processing that was carried out prior to its withdrawal.
In order to exercise any of the above rights, or to learn more about your rights, email Optechain’s competent department at privacy@optechain.com.
Right to lodge a complaint with a Supervisory Authority
If you believe that the processing of your personal data is unlawful, or that your rights have been violated, you have the right to lodge a complaint with the Hellenic Data Protection Authority, by completing the complaint form posted on the following webpage: www.dpa.gr > My rights > Submit a complaint.
Hellenic Data Protection Authority
Switchboard: +30 210 6475600
Fax: +30 210 6475628
e-mail: complaints@dpa.gr
You can also lodge a complaint with the supervisory authority in the Member State of your habitual residence or your place of work.
5. How do we protect your personal data?
We implement appropriate technical, physical, legal, and organizational measures to ensure that your personal data is collected, used, stored and transferred in compliance with data security standards and in accordance with the terms set out in this Policy, as well as applicable data protection legislation.
Optechain uses appropriate technical and other technological protection measures, such as access controls, encryption, pseudonymisation, and firewalls, to ensure the ongoing confidentiality, integrity, and security of your personal data.
We perform periodic security checks and our staff is regularly trained to comply with data protection and information security practices.
Whenever Optechain delegates processing activities to a third party data processor, to be carried out on our behalf, we make sure that the data processor possesses adequate resources and the necessary know-how to carry out the processing activities in a lawful and secure manner and in accordance with the legal requirements set out in the GDPR.
The data collected by Optechain is stored on Microsoft Azure.
Azure secures your data at rest and in transit:
With state-of-the-art encryption, Azure protects your data both at rest and in transit. Azure secures your data using various encryption methods, protocols, and algorithms, including double encryption.
For data at rest, all data written to the Azure storage platform is encrypted through 256-bit AES encryption and is FIPS 140-2 compliant. By default, Microsoft-managed keys protect your data, and Azure Key Vault helps ensure that encryption keys are properly secured. Azure key management also includes server-side encryption that uses service-managed keys, customer-managed keys in Azure Key Vault, or customer-managed keys on customer-controlled hardware. With client-side encryption, you can manage and store keys on-premises or in another secure location.
For data in transit—data moving between user devices and Microsoft datacenters or within and between the datacenters themselves—Microsoft adheres to IEEE 802.1AE MAC Security Standards, and uses and enables your use of industry-standard encrypted transport protocols, such as Transport Layer Security (TLS) and Internet Protocol Security (IPsec).
To find out more about Azure encryption please visit: https://docs.microsoft.com/en-us/azure/security/fundamentals/encryption-over
Azure complies with many external privacy standards, laws, and regulations, including: the GDPR, ISO/IEC 27701, ISO/IEC 27018, EU Standard Contractual Clauses, HIPAA, HITRUST, FERPA, Japan My Number Act, Canada PIPEDA, Spain LOPD, and Argentina PDPA.
If you have any reason to suspect that your interactions with us are no longer secure, please contact us immediately.
6. How long will your personal data be stored for?
Your personal data will be stored for as long as you use our Services or as necessary to fulfil the purpose for which it was collected, save where the data is required to resolve disputes, establish legal defences, conduct audits, enforce our agreements, or comply with applicable laws, and in any case having due regard to the relevant statutory limitation periods.
For example:
Where the data is necessary for our compliance with a legal obligation, the data will only be stored for such period as may be required for us to comply with that legal obligation;
Where the data is necessary for the provision of our Services to you, the data will be stored for as long as you use our Services, and depending on the circumstances, for a few years thereafter.
Your personal data will be deleted or made anonymous when they are no longer necessary for the purposes for which the personal data were collected.
Please note that certain legal provisions (for example, tax legislation) require us to keep certain data for a period of six years and, under certain conditions, for up to twenty years.
7. Changes to our Privacy Policy
We may update and/or revise our Privacy Policy from time to time.
If we make any amendments to our Privacy Policy, you will be notified either through our app (for example, via a pop-up window, banner or push notification), or via email. We’ll also update the “Last Updated Date” above to indicate when those changes will become effective.
In any case, we urge you to check for updates from time to time, by clicking on the relevant sections “Privacy and Security” > “Privacy Policy” on our app.
If you object to any changes, you may close your account and stop using our Services.
You acknowledge that your continued use of our Services after we publish or send a notice about our changes to this Privacy Policy means that the collection, use, storage and transfer of your personal data is subject to the updated Privacy Policy, as of its effective date.
8. How can you contact us?
If you have any questions about the way we process your personal data, please read this Privacy Statement first. For additional questions or complaints, please contact: