DATA PROTECTION NOTICE
Last updated: October 2022
1. Overview
This document outlines the data protection practices used by ONT 365 (“we,” “us,” or “our”) in relation to our services and solutions (the “Solutions”) and our platform (the “Platform”). Safeguarding your privacy and ensuring the security of your information is essential to the way we deliver our Solutions and manage the Platform.
Our Platform and Solutions may include links to external sites or services. We do not control and are not responsible for the privacy practices of those third-party entities. We recommend reviewing their privacy policies before engaging with them.
All information collected by us through the Solutions is handled confidentially. We employ comprehensive technical, organisational, and security measures to protect Personal Data (as defined below) from unauthorised access, accidental loss, destruction, damage, theft, or disclosure.
When using our Platform, you may be asked to provide certain personal details—such as your name, email address, phone number, date of birth, and other identifying information. This information may be used for identity verification, account administration, technical support, and to comply with legal and contractual obligations. We may also send important updates through notifications and—with your permission—share information about products and services via SMS, email, and similar channels. You may manage your notification preferences and opt out of certain communications at any time.
2. Platform; Visitors and Users
2.1. Overview
This section explains how we collect information from different groups: visitors to the Platform (“Visitors”), users of our services (“Users”), and business partners (collectively, “Partners”). Personal Data may include an IP address, name, contact details, and information relating to your interactions with us, in line with relevant data protection regulations.
2.2. Data Collection and Use
By accessing the Platform, you agree that we may collect and process your Personal Data. If you do not accept these terms, you should not use the Platform. Data may be collected through page activity, IP addresses, cookies, and information submitted through registration forms and other submissions.
2.3. Purpose of Personal Data Processing
We process Personal Data to enhance, understand and personalise our Platform and Solutions. This includes improving accuracy, communicating about Solutions, providing support, meeting contractual obligations, and coordinating with partners. A lawful basis or consent is required for any processing.
The following table summarises the purposes for which we process Personal Data and the legal basis:
| Account registration and setup | Your consent; performance of the Solutions or contractual necessity |
| Delivering and operating the Solutions | Performance of the Solutions or contractual necessity |
| Service updates and notifications | Performance of the Solutions or contractual necessity |
| Responding to requests and providing support | Legitimate interests or performance of the Solutions |
| Personalised services, advertising and marketing | Legitimate interests or your consent |
| Improving and developing new Solutions | Consent and legitimate interests |
| Distributing promotional and marketing materials | Your consent |
| Measuring marketing campaign performance | Legitimate interests or consent |
| Providing various support activities | Legitimate interests or performance of the Solutions |
| Analytics, including statistical evaluation | Legitimate interests |
| Protecting rights, interests and assets | Legitimate interests or legal obligations |
2.4. Sharing Personal Data
We may disclose information to service providers, Partners and contractors. For Visitors and Users located within the European Data Region, data processing is carried out in accordance with the GDPR and applicable Data Protection Laws.
3. Partners
3.1. Overview
To provide the Solutions and work with Partners, we collect and process particular categories of data. Partners are responsible for their own data and may provide access to certain Partner data via secure channels.
3.2. Processing of Personal Data
We rely on Partner consent or legitimate interests to process Personal Data. Aggregated data may be generated to support product development and quality improvements.
3.3. Controller / Processor
Depending on the data involved, we may act as Controller or Processor:
- Visitor/User data: Controller
- Partner data: Processor
- All data is hosted securely in accordance with robust security standards. We apply physical, technical and organisational safeguards.
3.4. External Data Protection
If the Solutions involve processing Personal Data on an external platform:
- We act as Processor
- We follow the instructions of the external platform owner
- We implement appropriate security measures
- We report data breaches in line with legal obligations
- We do not appoint sub-processors without authorisation
- We will not transfer data outside the European Economic Area without permission
- Where electronic marketing communications are used, consent options and unsubscribe choices will be provided.
4. Security
We use administrative, organisational and technical safeguards to protect Personal Data from unauthorised access, disclosure, alteration, loss, misuse or damage. When sharing data with third parties, we require them to meet equivalent data protection standards and bind them contractually to process data exclusively and securely in accordance with this Notice.
If you suspect your interaction with us has been compromised, Visitors, Users or Partners should notify us immediately. While we implement strong security controls, no system can be guaranteed completely immune to external attacks. Users acknowledge the inherent risks and the possibility of breaches.
5. Cookies
Please see our Cookie Policy for full details about the types of cookies and tracking technologies used on the Platform, why we use them and how to accept or opt out.
6. Links to External Sites
While navigating the Platform, Users may encounter links to external websites beyond our control. We accept no responsibility for the content or privacy practices of those sites. Users should review the privacy policies of any external websites or services before submitting Personal Data.
7. Retention and Deletion
Data, including Personal Data, will not be retained longer than is necessary. Visitors and/or Users with active accounts are responsible for keeping their information up to date and removing data where appropriate. Upon termination of an account or partnership, Personal Data collected via the Platform and/or Solutions will be deleted in accordance with applicable law and our internal policies.
Withdrawing consent for Personal Data processing may restrict access to some or all of the Solutions, and may limit available remedies or recourse.
8. Your Rights
Users have specific rights in relation to their Personal Data:
8.1. Right of Access
- Confirm whether Personal Data is being processed
- Obtain access to Personal Data and related information
- Information on processing purposes, categories, recipients, retention periods, rights and profiling
8.2. Right to Rectification
- Correct inaccurate Personal Data
- Complete incomplete Personal Data
8.3. Right to Erasure
- Request deletion of Personal Data in certain circumstances
8.4. Right to Restrict Processing
- Request restriction of processing in certain circumstances
8.5. Right to Data Portability
- Receive Personal Data in a structured, machine-readable format
- Transfer Personal Data to another controller
8.6. Right to Object
- Object to processing based on legitimate interests or direct marketing
- Require processing to stop unless compelling legal grounds apply
8.7. Right to Withdraw Consent
- Withdraw consent for Personal Data processing at any time
9. Promotional and Marketing Materials
Consent is sought to use Personal Data and contact details to provide promotional and marketing materials. You can withdraw consent by sending a written request to the contact email provided.
10. Acceptance of this Notice
By using the Platform and/or Solutions, Visitors, Users and/or Partners are deemed to have read and accepted this Notice. If you disagree with this Notice, please refrain from using the Platform. We reserve the right to update this Notice and encourage Users to check for changes regularly. Continued use after modifications constitutes acceptance.
11. Legal Requirement to Disclose Personal Data
Personal Data may be disclosed without prior consent where we reasonably believe disclosure is necessary to identify, contact or commence legal action against individuals suspected of violating rights or property. Disclosures will be made when required by law.
12. Data Protection Officer
For privacy and data protection queries, a designated Data Protection Officer may be contacted at