DATA PROTECTION POLICY
Last revised: October 2022
1. Overview
This document outlines the data protection guidelines established by Ordex IA ("we," "us," or "our") in connection with our offerings and solutions (the "Solutions") and platform (the "Platform"). Safeguarding your privacy and maintaining the security of your information is central to how we deliver our Solutions and operate the Platform.
Our Solutions and Platform may link to external sites and solutions. We are not responsible for the privacy practices of these external entities. We recommend reviewing their privacy policies before engaging with them.
All information obtained by us in connection with our Solutions is treated as confidential. We apply comprehensive technical, security, and organisational measures to protect Personal Data (as specified below) against unauthorised processing, accidental loss, destruction, damage, theft, or disclosure.
When you submit information through our platform, you may be asked to provide personal details, such as your name, email address, phone number, date of birth, and various identification particulars. This information may be used, among other things, to verify identity, manage records, provide technical support, and fulfil contractual and legal requirements. We may send important details via notifications and, with your consent, share information about products and solutions by SMS, email, etc. You have the ability to manage your notification preferences and opt out of certain communications.
2. Platform; Visitors and Users
2.1. Overview
This section outlines data collection details across various groups: Platform visitors ("Visitors"), users ("Users"), and business partners (collectively "Partners"). Personal Data includes IP address, name, contact details, and information about your relationship with us, as defined by applicable data protection regulations.
2.2. Collection and Use
By accessing the Platform, you consent to the collection and use of your Personal Data. Disagreement with these terms should prevent you from accessing the Platform. We may collect information through page view activity, IP addresses, and cookies. We also process data submitted via forms and registrations.
2.3. Purpose of Personal Data Processing
We process Personal Data to improve, understand, and personalise our Platform and Solutions. This includes enhancing accuracy, communicating about Solutions, providing support, meeting contractual requirements, and collaborating with partners. Consent or a lawful basis is required for any processing activity.
The following details describe the purposes and legal basis for processing Personal Data:
| Account registration and setup | Your consent; Performance of Solutions or contractual requirements |
| Providing and utilising the Solutions | Performance of Solutions or contractual requirements |
| Service updates and notifications | Performance of Solutions or contractual requirements |
| Responding to enquiries and providing support | Legitimate interests or performance of Solutions |
| Personalised solutions, advertising, and marketing | Legitimate interests or your consent |
| Improving and developing new Solutions | Consent and legitimate interests |
| Distributing advertising and marketing materials | Your consent |
| Evaluating the performance of marketing campaigns | Legitimate interests or consent |
| Carrying out various support activities | Legitimate interests or performance of Solutions |
| Analytics, including statistical assessment | Legitimate interests |
| Protecting interests, rights, and assets | Legitimate interests or legal requirements |
2.4. Sharing of Personal Data
We may share information with service providers, Partners, and contractors. For Visitors and Users in the European Data Region, data processing complies with GDPR and applicable Data Protection Laws and regulations.
3. Partners
3.1. Overview
To deliver Solutions and collaborate with Partners, we collect and process specific types of data. Partners are responsible for their own data, and we may access it through secure means.
3.2. Personal Data Processing
We rely on Partner consent or legitimate interests to process Personal Data. Data Aggregations may be created for development and quality improvement purposes.
3.3. Controller/Processor
We may act as Controller or Processor depending on the type of data:
- Visitor/User Data: Controller
- Partner Data: Processor
- All data is hosted securely, adhering to the highest security standards. We implement physical, technical, and organisational protection measures.
3.4. External Data Protection
Where Solutions involve processing Personal Data on an external platform:
- We act as Processor
- We follow the instructions of the external party
- We implement security measures
- We report data breaches
- We do not subcontract without authorisation
- We do not process data outside the European Economic Area without authorisation
- For electronic marketing communications, consent and opt-out options are provided.
4. Security
We apply administrative, organisational, and technical protection measures to safeguard Personal Data from unauthorised access, disclosure, alteration, loss, misuse, or damage. When sharing data with external parties, we ensure they maintain equivalent data protection standards, and contractual obligations are established for exclusive and secure processing aligned with this Policy.
If there is any suspicion that an interaction with us has been compromised, Visitors, Users, or Partners should notify us immediately. It is important to note that, despite our security measures, we cannot guarantee complete immunity from external attacks. Users acknowledge the inherent risks and potential for breaches.
5. Cookies
Please refer to our Cookie Policy for detailed information on the types of cookies and tracking technologies used on the Platform, the reasons for their use, and how to accept or decline them.
6. Links to External Sites
While navigating the Platform, Users may encounter links to external sites beyond our control. We accept no responsibility for the content or privacy policies of these sites. Users are encouraged to review the privacy policies of such external websites and solutions before disclosing any Personal Data.
7. Retention and Removal
Data, including Personal Data, will not be retained longer than necessary. Visitors and/or Users with active accounts are responsible for the timely removal of their data. Upon the closure of an account or partnership, the relevant Personal Data collected through the Platform and/or Solutions will be removed in accordance with applicable laws and our internal policies.
Withdrawing consent for the processing of Personal Data may limit access to some or all requested Solutions, without any claims or disputes being available.
8. Your Rights
Users are entitled to specific rights regarding their Personal Data:
8.1. Right of Access
- Verify whether Personal Data is being processed
- Access Personal Data and related information
- Information on processing purposes, categories, recipients, retention duration, rights, and the existence of profiling
8.2. Right to Rectification
- Correction of inaccurate Personal Data
- Completion of incomplete Personal Data
8.3. Right to Erasure
- Request the removal of Personal Data on specific grounds
8.4. Right to Restriction of Processing
- Obtain restriction of processing in specific circumstances
8.5. Right to Data Portability
- Receive Personal Data in a structured, machine-readable format
- Transfer Personal Data to another controller
8.6. Right to Object
- Object to processing based on legitimate interests or direct marketing
- Cease processing unless compelling legal grounds apply
8.7. Right to Withdraw Consent
- Withdraw consent for the processing of Personal Data at any time
9. Advertising and Marketing Materials
Consent is obtained to use Personal Data and contact details to deliver advertising and marketing materials. Withdrawal of consent is possible by sending a written notice to the email address provided.
10. Acceptance of this Policy
By using the Platform and/or Solutions, Visitors, Users, and/or Partners are presumed to have read and accepted this Policy. Any disagreement implies refraining from using the platform. We reserve the right to amend the Policy, and Users are encouraged to check for updates periodically. Continued use following amendments constitutes acceptance.
11. Legal Requirement to Disclose Personal Data
Personal Data may be disclosed without prior permission where it is believed necessary to establish identity, make contact, or initiate legal proceedings against individuals suspected of infringing rights or property. Disclosure will be made when legally required.
12. Data Protection Officer
For matters relating to privacy and data protection, a designated "Data Protection Officer" may be contacted at