Owasys Customer Privacy Policy

Last modified: June 24th 2024

Objectives

The purpose of this policy is to inform our customers how we handle personally identifiable information. As our customers are other businesses, this generally refers to contact persons at these companies.

The intention is to provide clear and transparent information about what data we collect, why and how it is used. The policy will fulfil the requirements of Article 13 in General Data Protection Regulation (GDPR).

Scope

This policy applies to Owasys Advanced Wireless Devices S.L. (hereinafter, Owasys) and all processes and systems where we handle Personally Identifiable Information (PII) for customers or potential customers.

Responsibilities

Table 3.1: Responsibilities of given roles for the activities described in this document.

Role

Responsibility

Quality Manager

Responsible for updating this document

Managing Director

Responsible for approving this document

All employees

All Owasys employees are required to follow our policies.

Related Documents

None

Privacy Policy

This privacy policy was last updated on 24th June 2024.

At Owasys we place great importance on the protection of personal data and want to be transparent regarding how personal data is collected, processed and shared by us.

Personally Identifiable Information refers to any data that can be related to you as a person and processing refers to all our handling, including the use of it, storage and possible 3rd party transfer.

This privacy policy covers our relationship with customers and potential customers including marketing activities. When we refer to “you” below, we refer to you as a customer representative.

The policy may be updated from time to time, and you will always find the latest version on our web sites. If we make a major update that impacts how we handle data in the future, we will notify you via the email address we have registered or notify you when using our webservices.

Information we collect and process about you

In general, Owasys is a business-to-business company, and we process information about our customers’ contact persons based on legitimate interest to maintain our business relationship with the company where you are employed.

Our purpose of processing personal data is to communicate and refer to our customers’ contact persons within our business relationship as well as, if applicable, enabling you to use the services provided to the company you represent.

In light of the above, we have come to the conclusion that our legitimate interest outweighs your interest of not having your personal data processed for these purposes. You may object to this assessment, please read more about your rights below.

In some cases, we may also collect, and process personal data based on your consent.

The personal data is mainly collected directly from you. However, we may also collect your personal data from the company you represent.

Customer surveys

To enhance our offering, check trends and your overall satisfaction with Owasys and our product and services, we do customer surveys from time to time.

If not otherwise mentioned, we will store your contact information together with your answers to be able to follow up on you if necessary.

We will send you surveys based on our legitimate interest, as described in the beginning of this section. The processing of your answers is based on your consent to participate in the survey.

Attendance to seminaries, trainings etc.

If you attend seminars, presentations or trainings arranged by Owasys, on-line or at location, we can store your contact information for follow up and for marketing activities.

Recordings of presentations may occur, if we record questions etc. from participants, we will inform you about this.

In case food is provided we may ask for specific food preferences, this information can be sensitive and is only processed if required for the arrangement of the event and is then deleted.

On-line forums and social media activities

If you submit information to our on-line forums or social media accounts managed by Owasys, you provide this information based on your consent for us to process it. We ask you to not post any information that can be related to any third person.

When you visit our webpages

Analytics

When you visit our websites, we gather GDPR-compliant web analytics. These analytics provide us with information about how our websites and web content is used. We use this data to improve the customer visiting experience on our websites. No Personal Identifiable information is obtained data is obtained. The data is stored in accordance with GDPR and remains the property of Owasys and is not shared with any outside party. Owasys stores and uses this analytical data for 3 years.

You can choose to deny this website permission to collect and analyse information about your actions here. By doing so, you will protect your privacy, but you will also prevent the owner from learning from your actions and thereby creating a better experience for you and other users.

Server related data

For all visits we automatically collect some technical information on the web server:

Name of the file accessed, date and time of access, amount of data transmitted, notification of successful access, web browser, requesting domain and the public IP addresses of the requesting computer.

We store this information based on legitimate interest only to be able to detect misuse or technical problems. The server logs are stored for six months.

Marketing Automation

We are using a Marketing Automation System that can track web visitor page history and web form submissions, which in turn links this data to our Customer CRM/Marketing System.

Whenever a contact visits a marketing-tracked key page, the marketing Automation system correlates the behaviour-analysis cookie ID with the incoming contact data submitted with the marketing page form. In this way the cookie ID becomes mapped to a CRM/Marketing contact ID, so we can determine who has been browsing the site. The system applies its configured duplicated-detection method to determine whether incoming landing page data should be mapped to an existing contact or to a new contact.

By deactivating ‘functional cookies’ on our websites using the cookie consent tool, you will trigger an ‘anonymize script‘ in our marketing automation system which intern tells the system not to set non-essential cookies. This will mean that although we can process your form submission data, we would not be able to correlate your website activities on our sites with your contact data in our system.

To deliver products or services

Processing of personal data is necessary to handle orders and deliver products or services to the company where you are employed, as well as handle warranty and payments.

We process information about which company you represent and your contact information, payment information and information about the products ordered. If you use our on-line services related to this, your IP number will also be stored.

The data collected during order handling can also be used to contact you regarding products updates and advisories, Owasys customer surveys and marketing of new products and services.

If you do not want to receive such information you can ask us to block delivery by contacting us. We will store your data seven years after your last contact with us, it will then be erased at the end of that year.

In addition, economic transaction data will be archived according to the legal requirements for bookkeeping and taxes, in general for maximum ten years + current year.

Owasys cloud services

When using our cloud services, we are responsible data controller for processing information in the following categories:

  • Identification data (name, address, telephone, phone number, email address, company name and company identification)

  • Account data (username, account name)

  • List of connected hardware/devices

  • Traffic metadata (including: the time and duration of the connection, number of bytes transferred, device identification and similar metadata)

  • Credentials (password, hint password)

We process your data as long as you have an active service account. If there has not been any traffic associated to the account for seven years, the account and any associated data will be permanently deleted.

We process this information to be able to provide the services as defined in the terms of usage and to develop and maintain our cloud services.

This processing is based on our legitimate interest. The processing of personal data is necessary to ensure that only authorized individuals access the cloud services and to ensure that the cloud services are fully functioning and continuously developed, which we also believe is beneficial for you as a customer representative or user. In light of the above we have come to the conclusion that our legitimate interest outweighs your interest of not having your personal data processed for these purposes. You may object to this assessment, please read more about your rights below.

If you do not provide your personal data to us, we may not be able to provide you with access to the cloud services.

Personally Identifiable Information in customer data / log data

Traffic data generated to/from connected devices (log data) is owned by the Owasys customer responsible for the current account. In case there is personal identifiable information processed in this data, the account owner (Owasys Customer) is the responsible data controller and Owasys will act as data processor in regards of this data.

Customer relationship management

To deliver excellent services and provide you with quotations etc. we use a customer relationship management system. In this system we process your contact information, our activities (phone calls, emails, visits etc.) and what kind of information you want to receive.

In case we have received your explicit consent, we may also process information about your visits on our webpages, see section “when you visit our web pages”.

We base this process on legitimate interest and keep this information for seven years from the last activity.

Technical support and RMA handling

To provide you with customer support we process your contact information, information about the product or service supported and other information you may submit related to the support case.

To be able to follow up on your cases we keep this data for seven years after last contact, after this period we may keep general support information to improve our products and solutions but will remove any information that can be linked to an individual.

We base this process on legitimate interest.

Marketing communication from Owasys

We will send you marketing information in the following cases:

You are a customer of us. In this case we will send you information based on legitimated interest.

You have actively signed up to receive email marketing, submitted a web form, or otherwise showed clear interest in Owasys and our products and services, for example, at tradeshow fairs, trainings/seminars or via online webinar events. In this case we will send you information based on your consent.

When sending you E-mail Marketing, we use legitimate interest the basis to send you marketing information on our products and services within in B2B environment. You will always have an option to “unsubscribe” in all commercial (non-transactional) emails that we send. Subscribing and unsubscribing from our Marketing Emails will require a double opt-in /opt-out process to verify your email address is valid. In some countries where it is appropriate, we will ask you to confirm your email address via a “double opt-in” process even with a form submission.

In the case of industry lists from external marketing partners that provide GDPR-compliant addresses to relevant companies, we send your e-mail marketing on the basis of ‘legitimate interest’.

Social Media

Owasys communicates via various social media channels. We are responsible for information we post on these channels, if you have any concerns or questions on such content please contact us.

For the social media service in general and how data is handled by these companies we refer you to these companies and their privacy policies..

  • Google and YouTube: https://policies.google.com/privacy

  • LinkedIn: https://www.linkedin.com/legal/privacy-policy

Sharing and storage

How we share your data

To be able to provide our services and fulfil the purposes stated above, we may transfer your personal data to external parties, that act as separate data controllers, this includes:

  • Address and contact information to transportation companies to deliver orders to the company you represent.

  • Contact details and invoicing information, like data usage, to an Owasys Distributor when we sell to you via such channel.

We will never sell your information to any third party but can process your information within the HMS group globally. We may also share some of your personal data with Owasys distributors to organize marketing or promotional operations, contests, games and similar events; and to prevent fraud.

Please be informed that, notwithstanding the abovementioned, in the event of a supervisory authority lawfully requests Owasys to retain and provide personal data we will provide all reasonable assistance and information to fulfil such request.

External data processors

We use external data processors to provide us with different services, including:

  • IT service providers (Hosting, back-up, cloud solutions etc.)

  • Marketing partners (Surveys, e-mailing etc.)

These service providers are only allowed to process information on behalf of Owasys and as specifically instructed by us.

Protection of your data

For us it is important that your data is safe. We use up-to-date data protection mechanisms and have implemented appropriate information security measures.

Owasys ensure due care and take appropriate organizational and technical measures to protect the confidentiality and integrity of the personal data and communication data provided, collected and/or stored on our systems and shall not retain it any longer than permitted in order to perform its services or as required under relevant legislation.

Your personal data can only be accessed by authorized employees of Owasys that need to have access to this data in order to be able to fulfil their given duties.

Data storage and location

Your information may be stored and processed in any country in which Owasys maintain facilities, including outside of the European Economic Area (EU, Norway, Liechtenstein and Iceland). Furthermore, we may use data processors in countries outside the European Economic Area.

We only make such transfers outside the European Economic Area if the recipient of the data is located in a country which provides an adequate level of protection following a European Commission adequacy decision or if appropriate safeguards have been provided by Owasys by executing standard contractual clauses. The standard contractual clauses can be found via this link:

https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en.

Right to data and contact information

Your data – your rights

You have the right to know what personal data we process about you and to request a copy of such personal data. You also have the right to object to processing, have your personal data corrected and, in some cases, you may request that we delete your personal data or limit the processing of it. You also have the right of data portability.

If we process data based on your consent, you can withdraw your consent for processing at any time. Please note that such withdrawal will not affect the lawfulness of processing based on your consent before the withdrawal.

Please note that limitation or deletion of your personal data may result in us not being able to provide you with access to relevant services.

If you want to exercise one of your rights, please contact us using the contact information below. Within a reasonable period of time and upon verification of your identity and to the extent your request is legitimate, we will fulfil your request, provided we will not act contrary to applicable legislation by fulfilling your request.

Responsible data controller and contact information

Owasys is responsible for your personal data, do not hesitate to contact us in case you have questions. The controller of your personal data will be the Owasys representative which is providing services or communicating to you.

For data protection questions in general, or questions regarding our cloud services and global processing:

Owasys Advanced Wireless Devices S.L. Att: Data protection responsible Bizkaia Technology Park, 202 48170 Zamudio Spain privacy@owasys.com

Registering a complaint

In case you do not think we have fulfilled our obligations you have the right to lodge a complaint with a supervisory authority.

For Owasys, the supervisory authority is:

Agencia Española de Protección de Datos C/ Jorge Juan, 6. 28001 - Madrid https://www.aepd.es/

​​​