EU-US Privacy Shield Policy

EU-U.S. Privacy Shield. Onna Technologies, Inc. complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and the European Economic Area to the United States. Onna Technologies, Inc. has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program and to view our certification, please visit https://www.privacyshield.gov.

Data Processing

Onna may process personal data on behalf of our customers to provide Onna’s Services. In providing our Services, we process data our customers submit and instruct us to collect, process, index, share, and export on their behalf in connection to our Services. Other than as provided herein or as permitted under applicable data protection law, the data Onna collects is not disclosed or shared with third parties. Onna only discloses data to third parties that provide our Services in order to process your data. For more information about the types of information collected and the uses of said information, please see Onna’s Privacy Policy.

Use of Third-Parties

Onna uses a limited number of third parties to assist in providing Onna’s Services to our customers. These third party providers perform the technical implementation and management of some aspects of Onna’s Services such as data collection and processing, data storage, hosting services, and support services. Third-parties may access, collect, process, and store personal data in the course of providing Onna’s Services.

In order to provide Services related to data processing for customers, Onna requires the use of Google Cloud Platform to collect, process, and host customer data. Google Cloud Platform adheres to EU-US Privacy Shield regulations. For more information about regulatory certifications, please see Google’s Compliance Policy.

Third Party Onward Transfer Liability

Onna is responsible for the collection and processing of data it may receive under the Privacy Shield Framework, including subsequent transfers to third parties Onna engages that act on our behalf. Onna complies with the Privacy Shield Principles of all transfers of data in the EU.

Right to Access, Limit Use and Disclosure of Personal data

Onna collects information via Onna’s Services as instructed by customers and may not have a direct relationship to the individual’s whose personal data those customers collect and process. Individuals (including those whose personal data is within the scope of this Privacy Shield Certification) have certain legal rights to access personal data Onna holds and to obtain its correction, amendment or deletion. If individuals seek to access, correct, limit, amend, or delete inaccurate data please contact us at support@onna.com and we will work with you and the third party responsible for processing the individual’s personal data and to respond to that request within a reasonable timeframe.

Onna will offer EU individuals whose personal information has been transferred to us the opportunity to choose whether the personal information it has received is to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. An individual may opt-out of such uses of their personal information by contacting us at support@onna.com.

Required Disclosures

Onna is subject to oversight by the U.S. Federal Trade Commission. JAMS is the US-based independent organization responsible for reviewing and resolving complaints about our Privacy Shield compliance—free of charge to you. We ask that you first submit any such complaints directly to us via support@onna.com. If you aren’t satisfied with our response, please contact JAMS at https://www.jamsadr.com/eu-us-privacy-shield. In the event your concern still isn’t addressed by JAMS, you may be entitled to a binding arbitration under Privacy Shield and its principles. Please visit https://www.privacyshield.gov/article?id=ANNEX-I-introduction for further information.