PRIVACY NOTICE

This Privacy Notice explains the information ODI Operation and Data Integrity Ltd.  (“odix”, “we,” “us”, or “our”) collects from you as you, whether as a representative of one of our business clients or the personnel of one of our business clients, how we use this information, with whom we share it, and the choices you have in connection with this.

        1.INFORMATION WE COLLECT

We collect personal information in a variety of ways. This includes when you use our website odi-x.com (the “Website”) or when you or your employer utilizes our FileWall™ product for disarming malware files in MS365 business applications or our File Sanitization Service product (collectively, the “Services”). Through your use of our Website or when a company engages our Services, we collect personal information, which is information that identifies you as an individual or relates to you as an identifiable individual.

A. Information About Users of our FileWall Product

Our FileWall product scans attachments/files in MS365 business applications such as email and SharePoint and disarms any non-valid code found. To do so, odix collects your emails that contain attachments and/or files uploaded to SharePoint, processes the files via its algorithm that neutralizes code, and returns the emails with the clean attachments to your inbox with a notification that it has been sanitized by odix and/or the clean file to the relevant folder it was taken from. If the sanitization process was not successful, you would receive a notification that the attachment was not sanitized or was blocked due to our business client’s (your employer’s) policy. In providing these Services to our business clients, we process personal information of their personnel (you) when they use the email system and/or other MS365 business applications provided by the employer (“Client End Users”). We collect your name, email address, username, the attachments to your emails and the content of emails that have attachments from your employer’s email environment and/or the files uploaded to your employer’s MS365 environment. We also access the personal information described above to provide your employer IT support. We use this information to provide your employer the requested Services. In processing this information, odix acts as the data processor for the information and the relevant business client/employer acts as the data controller.

We share this information with AWS which is our storage service provider. The information is stored in AWS servers in Ireland with support being provided from a jurisdiction which has been recognized by the EU as providing adequate protection to data privacy. The scanned attachment with your personal information associated with it will be retained for approximately four (4) weeks or longer if determined necessary by your employer after our analysis has concluded.

It is your employer’s responsibility to provide you with any notices and/or acquire any consent that might be required by data protection laws for our processing of your personal information.

In order to accommodate any requests for access to your personal information that you may have under applicable data protection laws, your employer may access this information independently in its own MS365 files. To accommodate a request to delete your personal information that you may have under applicable data protection laws, your employer can delete the personal information independently in its own MS365 files. Your personal information will be automatically deleted from our files within two (2) to four (4) weeks per your employer’s instruction. During the time before it is deleted, the information will be used only to provide the Services during that time.

B. Information About Users of Our File Sanitization Service Product.

Our File Sanitization Service product scans files and disarms any non-valid code found. To do so, odix processes the files via an algorithm that neutralizes any non-valid code and returns clean files to a pre-defined folder that is configured by the relevant business client (your employer). In providing these Services to our business clients, we may process personal information of their Client End Users if embedded in the content of a scanned file. We use this information to provide your employer the requested Services. In processing this information, odix acts as the data processor for the information and the relevant business client (your employer) acts as the data controller

We share this information with Microsoft Azure which is our storage service provider. The information is stored in Azure servers in the location your employer will choose with support being provided from  the chosen location adequate protection to data privacy. If a scanned file is found to be clean, your personal information associated with that file is saved or deleted according to your employer’s configuration of the service settings.

It is your employer’s responsibility to provide you with any notices and/or acquire any consent that might be required by data protection laws for our processing of your personal information. In order to accommodate any requests to access or delete your personal information that you may have under applicable data protection laws, your employer may access and/or delete this information independently. Your personal information will be automatically deleted within the timeframe set forth by your employer’s instruction and will only be used to provide the Services during that time.

C. Information About Client Representatives or Website Visitors

We collect personal information directly from you and automatically as you visit or engage with our Website. Except as otherwise indicated below, the personal information you provide is such that we need in order to maintain our Website or carry out the requested action. If you do not provide us with your personal information, we would not be able to do so. To the extent GDPR applies to this processing of personal information, odix is the data controller.

               a.Information you provide directly to odix

We collect personal information directly from you when you:

  • Contact us. When you send us a question or inquiry, request a demo, request to partner with us, or ask for other support, you will need to provide us with your name, email address, telephone number, company name, country, and any additional information you choose to disclose. We use this personal information to respond to your questions or inquiries, facilitate your request, troubleshoot where necessary, and address any issues you may have. The legal basis for this processing is performance of our contract with you.
  • Subscribe to odix news and insights. When you subscribe to odix news and insights, we will collect your name and email address. We collect this information to fulfill your request to receive news and insights from odix. The legal basis for this processing is your consent. Subscribing to these communications is optional and you can withdraw your consent at any time by clicking the “unsubscribe” link provided with each email. Our email communications contain tracking technologies, provided by HubSpot, to gain insight into whether you open the email and how you interact with them in order to better adapt and distribute our emails. When you subscribe to news and insights, you are opting in to the use of these technologies. You can disable email tracking by disabling the display of images by default in your email program.
  • Apply for employment. When you apply for employment with odix, we collect your name, email address, physical address, telephone number, resume, cover letter, employment history, and educational history. We use this personal information to manage and consider your application and as necessary to comply with the law. The legal basis for this processing is that the processing is necessary to perform a contract with you or to take steps, at your request, before entering a contract. We also process this personal information as part of our legitimate interest in the facilitation and optimization of our recruitment process.

As part of processing of your personal information we share it, as described in the HOW WE SHARE YOUR INFORMATION section below.

              b.Information collected automatically

In addition to the personal information you provide directly, we also collect information from you automatically. This information includes:

  • Usage Information. This includes which pages of the Website you visit, the frequency of access, how much time you spend on each page, what you click on while using the Website, and referring website addresses.
  • Device Information. This includes certain information about your device that you use to access the Website, such as browser type, browser language, hardware model, operating system, and your preferences.
  • Location Information. We may collect information about your location, which may be determined through your IP address.

To collect this information, we use cookies and other tracking technologies. Cookies are small pieces of text sent by your browser to your device. Cookies can be persistent (cookies that remain on your device for a set period of time or until you delete them) or session (cookies that are deleted as soon as you close your browser). When you use the Website, we and our third-party providers may place a number of cookies on your device. These cookies include:

  • Essential cookies. We use essential cookies to authenticate users, prevent fraudulent use of the Website, and to allow the Website and its features to function properly.
  • Functional cookies. We use functional cookies to provide enhanced functionality and personalization, to remember your preferences, to diagnose server and software errors, and in cases of abuse, track and mitigate the abuse.
  • Analytics cookies. Our analytics providers use cookies as part of their tools. Analytics cookies allow us and our analytics providers to recognize and count the number of users to the Website, see how users interact with the Website and different functions, and when users are using the Website. We use this information to improve the Website.
  • Advertising cookies. Our advertising providers use advertising cookies to identify and store behaviors that users take when visiting our Website. These cookies are used in order to: (i) identify you as a prospect for our services; (ii) deliver advertisements that are more relevant to you and your interests; (iii) limit the number of times you see an advertisement; and (iv) help measure the effectiveness of our advertising campaigns.

A list of all cookies we use, their purpose, and the information they collect, as well as the ability to change your preferences regarding cookies can be found
here
.

List of Essential Cookies

WordPress Cookie Name Duration Purpose
wordpress_{hash} WordPress uses the login wordpress_{hash} cookie to store authentication details. Its use is limited to the Administration Screen area, /wp-admin/
wordpress_logged_in_{hash} Session Remember User session. WordPress sets the after login wordpress_logged_in_{hash} cookie, which indicates when you’re logged in, and who you are, for most interface use.
wordpres_test_cookie Session Test if cookie can be set. WordPress also sets wordpress_test_cookie cookie to check if the cookies are enabled on the browser to provide appropriate user experience to the users. This cookie is used on the front-end, even if you are not logged in.
wp-settings-{user_id} 1 year Customization cookie. Used to persist a user’s wp-admin configuration. The ID is the user’s ID. This is used to customize the view of admin interface, and possibly also the main site interface.
wp-settings-time-{user} 1 year Time at which wp-settings-{user} was set
wp-saving-post 1 day Auto-saving cookie: wp-saving-post is a WordPress cookie created when auto-saving a post in the editor. Used to track if there is saved post exists for a post currently being edited. If exists then let user restore the data.
wp-postpass_{hash} 10 days Used to maintain session if a post is password protected
wordpress_sec There is not yet any general information about this cookie based on its name only.

List of Functional Cookies

Cookie Name  Domain Vendor Purpose Category
 AWSELB app.hubspot.com Amazon AWS Elastic Load Balancer Performance
 __utma hubspot.com Google Google Analytics Targeting
 __utmb hubspot.com Google Google Analytics Targeting
 __utmc hubspot.com Google Google Analytics Targeting
 __utmz hubspot.com Google Google Analytics Targeting
 _gauges_unique_hour hubspot.com Gauges Gauges Analytics Performance
 _gauges_unique_day hubspot.com Gauges Gauges Analytics Performance
 _gauges_unique_month hubspot.com Gauges Gauges Analytics Performance
 _gauges_unique_year hubspot.com Gauges Gauges Analytics Performance
 _gauges_unique hubspot.com Gauges Gauges Analytics Performance
 apex__product hubspot.com Salesforce Salesforce Analytics Strictly Necessary
 __hstc hubspot.com HubSpot HubSpot Analytics Targeting
 __hssrc hubspot.com HubSpot HubSpot Analytics Targeting
 __hssc hubspot.com HubSpot HubSpot Analytics Targeting
 hsPagesViewedThisSession hubspot.com HubSpot HubSpot Analytics Strictly Necessary
__hs_preview_auth preview.hs-sites.com HubSpot Memberships Authentication Strictly Necessary
 hubspotutk hubspot.com HubSpot HubSpot Analytics Targeting
 hubspot.hub.id hubspot.com HubSpot HubSpot Authentication Strictly Necessary
 hubspotauth hubspot.com HubSpot HubSpot Authentication Strictly Necessary
 hubspotauthcms hubspot.com HubSpot HubSpot Authentication Strictly Necessary
 hubspotauthremember hubspot.com HubSpot HubSpot Authentication Functionality
_hs_opt_out hubspot.com HubSpot Opt out of HubSpot tracking Strictly Necessary
hs_c2l hubspot.com HubSpot HubSpot Authentication Functionality
hubspotutktzo academy.hubspot.com HubSpot Time Zone Offset Functionality
__hluid hubspot.com HubSpot In-app usage tracking Targeting
mp_id_mixpanel hubspot.com Mixpanel In-app usage tracking Targeting
__cfduid hubspot.com Cloudflare Detection of malicious actors Strictly Necessary
__cfruid hubspot.com Cloudflare Rate limiting policies Strictly Necessary

List of Analytics Cookies

Cookie Name Expiration Time Description
_ga 2 years Used to distinguish users.
_gid 24 hours Used to distinguish users.
_gat 1 minute Used to throttle request rate. If Google Analytics is deployed via Google Tag Manager, this
cookie will be named _dc_gtm_.
AMP_TOKEN 30 seconds to 1 year Contains a token that can be used to retrieve a Client ID from AMP Client ID service. Other
possible values indicate opt-out, inflight request or an error retrieving a Client ID from AMP
Client ID service.
_gac_ 90 days Contains campaign related information for the user. If you have
linked your Google Analytics and Google Ads accounts, Google Ads
website conversion tags will read this cookie unless you opt-out. Learn more.

To disable cookies and limit the collection and use of information through them, you can set your browser to refuse cookies or indicate when a cookie is being sent. When you opt-out, an opt-out cookie will be placed on your device. The opt-out cookie is browser and device specific and will only last until cookies are cleared from your browser or device.

Particular third-party cookies on our Website to note include:

  • AdRoll. We use AdRoll’s remarketing service to optimize and serve you ads based on your past visits to our Website. To do so, AdRoll may place a cookie on your device to allow AdRoll to serve ad that are more relevant to you. The AdRoll cookie collects your browsing history, device information, IP address, and information about your interaction with online advertisements AdRoll served or attempted to serve you. This information may be used by third-parties to target advertising to you on other websites based on your online activity. For more information on AdRoll’s privacy practices, please review its Privacy Policy. You can opt-out of AdRoll remarketing by visiting AdRoll’s advertising preference’s page.
  • DoubleClick. We utilize DoubleClick by Google to serve ads based on a user’s prior visit to our Website. Each visitor to our Website receives a different cookie and the information collected by the cookie is used to generate conversion statistics and allows us to see the total number of individuals who clicked on our ads. DoubleClick enables Google and its partners to serve ads to you based on your visit to our Website in addition to other websites on the Internet. Please review Google’s Privacy Policy for additional information on how Google uses the information collected. To opt-out of targeted advertising by Google, you can go to Google’s ad settings or you can install the DoubleClick opt-out add-on.
  • HubSpot. We use Hubspot to analyze the data traffic on our Website and your behavior while using our Website. We use this information to gain valuable insights into user behavior on our Website to improve our Website. We also use Hubspot to send our emails and to track the behavior of our email recipients. With the help of Hubspot’s conversion tracking, we can analyze whether a predefined action took place by an email recipient, such as opening our email, in order to better adapt and distribute our emails. To do this, our emails include web beacons and other tracking pixels. We link the information collected by Hubspot with your email address in order to provide you with more personalized emails. For more information on Hubspot, please review its privacy policy. You can control the information provided to Hubspot by following the instructions in YOUR INFORMATION CHOICES. You can disable email tracking by disabling the display of images by default in your email program.

          2.HOW WE SHARE YOUR INFORMATION

We share personal information about you and Client End Users with our service providers and other third parties as described below. From Client End Users, please see Section 1(A).

Information of our client representatives and Website visitors

  • With service providers. We share personal information with third-party service providers that perform functions on our behalf and help us to administer the Services this includes facilitating the sending of marketing emails and pursuing marketing leads. The legal basis for this is our legitimate interest in providing the Services more efficiently. We use the following service providers:
  • Within odix. We may share personal information within the odix corporate family, such as with subsidiaries, joint ventures, or affiliates, in order to efficiently carry out our business and to the extent permitted by law. The legal basis for this is our legitimate interest in carrying out our business operations efficiently.
  • In the event of a corporate reorganization. In the event that we enter into, or intend to enter into, a transaction that alters the structure of our business, such as a reorganization, merger, acquisition, sale, joint venture, assignment, consolidation, transfer, change of control, or other disposition of all or any portion of our business, assets or stock, we would share personal information with third parties, including the buyer or target (and their agents and advisors) for the purpose of facilitating and completing the transaction. We would share personal information with third parties if we undergo bankruptcy or liquidation, in the course of such proceedings. The legal basis for this is our legitimate interest in carrying out our business operations.
  • With your consent. Apart from the reasons identified above, we may request your permission to share your personal information for a specific purpose. We will notify you and request consent before you provide the personal information or before the personal information you have already provided is shared for such purpose. You may revoke your consent at any time.

Information of Client End Users

We share personal information as part of the Services that we provide for our business clients:

  • With service providers. We share personal information with third-party service providers that facilitate the storage functions on our behalf and help us to administer the Services.
  • With clients. We make the end user’s personal information available for to their respective employer, our client, in accordance with our obligations under the Services we perform for the business client.
  • Pursuant to our client’s instructions. When requested, we will share or facilitate the sharing of end user’s personal information with third parties pursuant to instructions from the individual’s employer, which is our business client. We do not have any legal relationship with such third parties.

We share personal information of our client representatives, Website visitors and Client End Users for the following purposes:

  • To prevent harm. We will share personal information if we believe it is necessary to detect, investigate, prevent, or take action against illegal activities, fraud, or situations involving potential threats to the rights, property, or personal safety of any person. The legal basis for this is compliance with the law, compliance with legal obligations, and our legitimate interest in the protection of the rights of others.
  • For legal purposes. We will share personal information where we are legally required to do so, such as in response to court orders, law enforcement or legal processes; to establish, protect, or exercise our legal rights or contractual obligations; to defend against legal claims or demands; or to comply with the requirements of any applicable law. The legal basis for this processing is compliance with a legal obligation applicable to us and our legitimate interest in compliance with other laws applicable to odix.

         3.RIGHTS OF INDIVIDUALS IN THE EUROPEAN UNION

Requests from Client End Users. In our role as data processor, we provide assistance to our clients with information requests from their Client End Users under applicable law. If you are a Client End User, please submit any request regarding your personal information directly to your employer.

Requests from client representatives and Website visitors

Individuals in the European Union (EU) are entitled certain rights under the General Data Protection Regulation (GDPR). If our processing of your personal information is subject to the GDPR, you are entitled to the following rights:

  • Right to access. You have the right to ask us for copies of your personal information. This right has some exemptions, which means you may not always receive all the personal information we process.
  • Right to rectification. You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
  • Right to erasure. You have the right to ask us to erase your personal information in certain circumstances.
  • Right to restrict processing. You have the right to ask us to restrict the processing of your personal information in certain circumstances. See INFORMATION CHOICES for additional ways you can restrict processing of your personal information.
  • Right to object to processing. You have the right to object at any time, for reasons arising from your particular situation, to processing of your personal information, which is carried out on the basis of our legitimate interests. See INFORMATION CHOICES for additional ways you can object to processing of your personal information.
  • Right to data portability. This only applies to personal information you have given us. You have the right to ask that we transfer the personal information you gave us from one organization to another, or give it to you.

Right to lodge a complaint. You have the right to lodge a complaint with the relevant Supervisory Authority. A list of Supervisory Authorities is available here.

To exercise these rights, please contact us info@odi-x.com.

          4.INFORMATION CHOICES

With respect to personal information of visitors of our Website, you have the following choices:

  • Disable cookies generally. To disable cookies and limit the collection and use of information through them, you can set your browser to refuse cookies or indicate when a cookie is being sent. When you opt-out, and opt-out cookie will be placed on your device. The opt-out cookie is browser and device specific and will only last until cookies are cleared from your browser or device.
  • Unsubscribe from marketing communications. You can opt-out of receiving marketing communications from us by clicking the “unsubscribe” link provided in each communication. Please note we will continue to send you notifications necessary for the Services or any assistance you request.

         5.RETENTION OF YOUR PERSONAL INFORMATION

For our client representative and Website visitors: We will retain your personal information until the earlier of (i) the information is no longer necessary to accomplish the purpose for which it was provided; or (ii) we delete your information pursuant to your request. We retain your personal  information for longer periods for specific purposes to the extent that we are obliged to do so in accordance with applicable laws and regulations and/or as necessary to protect our legal rights or for certain business requirements. Even if you delete personal information, please keep in mind that the deletion by our third-party providers may not be immediate and that the deleted information may persist in backup copies for a reasonable period of time. For information on the retention of information collected via cookies, please see our
Cookie Policy.

For Client End Users: We retain information in accordance with our business clients’ instructions and return/delete the information upon their request, unless required to retain the information by applicable law or to defend our legal rights.

         6.TRANSFER OF PERSONAL INFORMATION

We process and store your personal information on servers or databases, and use third-party providers, located within the European Union, specifically Ireland or in countries which have been recognized by the EU as providing adequate protection to personal data.

        7.DO NOT TRACK

We do not support Do Not Track (DNT). Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked. You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser.

        8.AGE RESTRICTIONS

The Services are not intended for individuals under the age of eighteen (18). If we learn that we have collected or received personal information from individuals under the age of eighteen (18), we will delete the personal information. If you believe we have personal information on individuals under the age of eighteen (18), please contact us at the contact information provided below.

         9.INFORMATION SECURITY

We implement and maintain reasonable security procedures and practices to protect the personal information we collect from unauthorized access, destruction, use, modification, or disclosure. These security procedures and practices include multi-factor authentication, access controls, and encryption. However, no security measure or modality of data transmission over the Internet is 100% secure and we are unable to guarantee the absolute security of the personal information we have collected from you.

        10.CHANGES TO THIS PRIVACY NOTICE

From time to time, we may amend this Privacy Notice. We will post the changes to this page, and will indicate the date the changes go into effect. We encourage you to review our Privacy Notice to stay informed. If we make changes that materially affect your privacy rights, we will notify you via email and/or a prominent post on the Website.

        11.CONTACT US

If you have any questions about this Privacy Notice, please contact us at info@odi-x.com.

Last modified on August 29, 2022