1.1 Introduction
Set forth in this privacy policy is a description of how we collect, use and handle certain types of data and information when you interact with our website and your use of Onna.
This relates purely to the information described below, generated over the course of your interaction with the website, including your enrollment for our services, and use of Onna. In the event you sign up for use of Onna, you will be required to accept and agree to our standard services agreement, which contains our commitments to protect and keep secure and confidential the data and content that you make accessible to Onna. Also, please read our Data and AI Ethics statement, which describes our commitment to the highest ethical standards of data stewardship, privacy, and the trustworthy development of technology.
1.2 Types of Information Collected
We may collect the following information listed below in connection with your interaction with our website and use of Onna. Onna is a web-based information platform for data integration and organization and by its very nature will be accessing your data and content for the purposes of providing you with its functions. The following types of information do not include such data and content. If you do sign up for Onna, please be sure to review the relevant sections of the services agreement regarding protection and confidentiality of your content and data which we take very seriously.
- Account Information; We collect and associate with your account, information like your name, email address, phone number, payment info, and physical address.
- Analytics Information and Usage Data; We may collect data regarding your interaction with our website as well as your use of Onna, and its features and functions. This may include the frequency with which certain features of Onna are used as well as collecting demographic information on customer data applications being integrated by Onna. We may also collect information from and about the devices you use to access our website and Onna. This includes things like IP addresses, the type of browser and device you use, the web page you visited before coming to our sites, and identifiers associated with your devices. Your devices (depending on their settings) may also transmit location information to us.
- Cookies and Pixel Tags; We use technologies like cookies and pixel tags, both of which are further described below.
- Cookies are small data files sent to your browser when you visit a site. We use cookies to do things like: (i) log you into Onna; (ii) remember preferences and settings; and (iii) better understand how people are interacting with our website and Onna and improve and promote such experiences based on that information. For example, cookies help us with things like remembering your username for your next visit, understanding how you are interacting with our website and Onna, and improving your experience based on that information. You can set your browser to not accept cookies, but this may limit your ability to interact with our website and your use of Onna.
- A pixel tag is a small piece of code that can be embedded on websites and emails. We use pixel tags to learn how you interact with our webpages and emails. This information helps us tailor and promote our services. For example, if you visit one of the pages on our website describing a particular feature of functionality of Onna, you may later see an ad for Onna when you visit a tech news site.
- Third Party Sources (Google, Facebook, Dropbox, etc.). When you sign up and use Onna, we also obtain information from third parties. For example, we may have access to certain information from a third-party social media or authentication service when you use Onna or otherwise provide us with access to your data and information collected and stored by that service. Any access that Onna may have to such data and information from a third party social or authentication service is in accordance with the authorization procedures determined by that service. By authorizing us to connect with a third-party service, you authorize us to access and store your name, email address(es), current city, profile picture URL, and other information that the third-party service makes available to us. Unless any information accessed by Onna (and from any third-party service provider that you permit Onna to access) falls into any of the categories described in the foregoing clauses, all such information is subject to our services agreement. Please see the “Additional Limits on Use of Your Google User Data” section below for more information about our collection of your Google User Data.
1.3 Use of Information
We do not share, sell, lend or lease any information that identifies a client or purchaser of our services (such as email addresses or personal details) with anyone.
However, all other data and information that does not identify you as the client or any of your end-clients or customers – such as information collected using cookies as well as data collected about your interaction with our website or Onna – may be used by us for any lawful business purposes, including the following:
- General Business Uses; We may use the information that we collect for a variety of internal, business purposes, including to: (i) provide, operate, maintain, improve, and promote Onna; (ii) monitor and analyze trends, usage, and activities in connection with Onna and for marketing or advertising purposes; and (iii) investigate and prevent fraudulent transactions, unauthorized access to Onna, and other illegal activities. In addition, we work with third party service providers to provide website, application development, hosting, maintenance, back-up, storage, virtual infrastructure, payment processing, analysis and other services for us. These service providers may have access to your information for the purpose of providing those services for us. Please see the “Additional Limits on Use of Your Google User Data” section below for more information about our use of your Google User Data.
- Aggregated or Anonymized Data; Except for Google Data, we may also use aggregated or anonymized information that does not directly identify you for any internal purposes.
- Other Authorized Users; Enterprise versions of Onna may display use and profile information of each authorized user under such enterprise license to other authorized users.
Additional Limits on Use of Your Google User Data: Onna’s services access and use the files and information within your G Suite account, including the files stored in your Google Drive service, the labels, messages, and attachments sent and received in your Gmail service, the information in your Audits service and messages through your Hangouts service, including metadata stored within each service (collectively, “Google Data”). You can connect Onna’s services to your Google accounts using OAuth authentication, a secure mechanism to give Onna access to your Google Data without letting us know your password. Once you provide access, we can collect and use Google Data through the G-Suite or Google Workspace APIs. Notwithstanding anything else in this Privacy Policy, if you provide Onna with access to the following types of your Google Data, Onna’s use of that data will be subject to these additional restrictions:
- We will only use access to read, write, modify, or control Google Data to provide you with our services.
- We will not transfer Google Data to others unless doing so is necessary to provide and improve these features, comply with applicable law, or as part of a merger, acquisition, or sale of assets.
- We will not use Google data for serving advertisements.
- We will not allow humans to read this data unless:
- we have your affirmative agreement for specific content
- doing so is necessary for security purposes such as investigating abuse or technical issues;
- to comply with applicable law; or
- for our internal operations and even then, only when the data has been aggregated or anonymized.
- Onna’s use of information received from Google’s Gmail and Google Drive APIs will adhere to Google’s Limited Use Requirements.
Onna’s use and transfer to any other app of information received from Google Accounts will adhere to Google API Services User Data Policy, including the Limited Use requirements.
1.4 Where
To support your use of the website or Onna, we may store, process, and transmit information in the United States and other locations around the world. Information may also be stored on the devices you use to access the website or Onna, primarily when you choose to download or export information.
We comply with the EU-U.S. and Swiss–U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, the European Economic Area, and Switzerland to the United States. Onna adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Resource, Enforcement and Liability. As part of Onna’s commitment to these principles, we have adopted a Privacy Shield Policy which you may read here. The Privacy Shield Policy establishes Onna’s adoption and commitment to the EU-US and Swiss-US Privacy Shield framework and Privacy Shield Principles. You may view our Privacy Shield certification and more information about Privacy Shield at https://privacyshield.gov.
In compliance with the Privacy Shield Principles, we commit to resolve complaints about our collection or use of your personal information. Individuals with inquiries or complaints regarding our Privacy Shield policy should first contact us at: privacy@onna.com.
We have further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not resolved your complaint, please contact or visit JAMS at https://www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint. The services of JAMS are provided at no cost to you.
We are aware of the July 16, 2020 decision from the European Union Court of Justice which invalidated the EU-US Privacy Shield. Nonetheless, we will continue to abide by the Privacy Shield Principles with respect to the protection of personal information. Onna is closely monitoring developments and guidance from both European and US regulatory authorities and will update this privacy policy as needed.
1.5 How Long
How long we keep your data and information depends on the type of information and the purpose for which it is collected. In general, we will retain your personal information for the length of time reasonably needed to fulfill such purpose unless a longer retention period is required or permitted by law.
1.6 System Administrators
In some cases (most commonly when your company requests that you use Onna in connection with your employment) another user (such as a system administrator in your company) may create an account on your behalf and may provide your information, including personal information in connection with the creation of your account. We sometimes collect information under the direction of our enterprise customers and often have no direct relationship with the individuals who are using Onna as “Authorized Users” and whose personal data we process. If you are an employee of one of our enterprise customers and would no longer like us to process your information, we recommend that you first contact your employer. If you are providing information (including personal information) about someone else, you must have the authority to act for them and their consent to the collection and use of their personal information as described in this privacy policy.
If you are an authorized systems administrator, you may request deletion of customer data, including account deletion, by emailing such request to support@onna.com.
1.7 Compliance with Laws and Law Enforcement Requests; Protection of Our Rights.
As permitted by applicable law, we may disclose any information, including that which might identify you as the client, to a third party (a) if that disclosure is reasonably necessary to comply with any applicable law, regulation, legal process or governmental request, including to meet national security or law enforcement requirements, (b) to enforce our agreements, policies and terms of service, (c) to protect the security or integrity of Onna or any other products and services of Onna, (d) to protect Onna, our clients or the public from harm or illegal activities, or (e) to respond to an emergency which we believe in good faith requires us to disclose information to assist in preventing the death or serious bodily injury of any person. Please be aware that Onna may be required to disclose an individual's personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.
1.8 Changes
If we are involved in a reorganization, merger, acquisition or sale of our assets, your information may be transferred as part of that deal. We will notify you (for example, via a message to the email address associated with your account) of any such deal and outline any choices you may have in that event. We may revise this privacy policy from time to time and will post the most current version on our website.
1.9 Your Choices
You may opt out of receiving promotional communications from Onna by using the unsubscribe link within each email or emailing us to have your contact information removed from our promotional email list or registration database. Although opt-out requests are usually processed immediately, please allow ten (10) business days for a removal request to be processed. Even after you opt out from receiving promotional messages from us, you will continue to receive transactional messages from us.
If you have any other questions or concerns about this privacy policy, please contact us at privacy@onna.com.