Your privacy is important to Optty Pte Ltd, our subsidiaries and affiliates (Optty, We, Us or Our). Optty is committed to protecting your privacy and complying with its obligations under the relevant data protection regulations, in particular, the Privacy Act 1988 (Cth), the Californian Consumer Privacy Act (CCPA). The UK Data protection Act 2018 and the regulations of the EU General Data Protection Regulation (GDPR).
If the term You or Your is used in this policy without referring to a specific category of person, it is deemed to refer to all individuals who interact with us. Otherwise, the term You or Your should be read as referring to the category of an individual as specified. Other capitalised terms are as defined in our Optty Data Privacy Policy contained in our merchant terms of service. Copies of that policy are available by request to privacy@optty.com.
This Privacy policy (Policy) governs Optty’s process, storage, use and disclosure of your personal information and covers the choices you can make about the way your information is collected.
We collect, process and use personal information from (a) individuals who visit our websites (Visitors), including www.optty.com (Websites); (b) Service users and their end-customers based on contract terms and conditions.
By visiting our Websites, using the Service, engaging with integrated applications or services, or otherwise providing Optty with your personal information, you consent to your personal information being collected, stored, used and disclosed as set out in this Policy or as otherwise disclosed by us at the time of the collection. Merchants (and not us) are responsible for seeking the consent of end-customers to the collection, storage, use and disclosure of their personal information by us for the purposes set out in this Policy.
Optty has no direct contractual relationship with end-customers, or with any other individuals whose personal data we may process on our Merchant’s behalf.
Optty supports industry self-regulation and adheres to applicable industry guidelines.
We may update this Policy from time to time. You can find the most current version on our Websites.
1. What Kinds of Personal Information do we Collect?
1.1. Merchants and Visitors
When you visit our website or services, we may also process the following personal information via our web application firewall (WAF), beacons, application programming interface (API) or software development kit (SDK): (a) internet addresses (i.e. IP address); (b) device identification number; (c) cookie identification number.
The personal information we process and hold about Visitors and Merchants will depend on the nature of your interaction with us.
For Merchants, this may include the following types of information: (a) name, physical address and contact information such as phone numbers and email addresses, including of people within your organisation, if applicable; (b) your transaction history; (c) payment details that you have made to us or that have been made on your behalf; (d) your user name and hashed password to access your account you may have with us; (e) job title; (f) any other personal information which you supply to us.
For website Visitors, we only collect and use personal data of Visitors to the extent necessary to provide a functional Website as well as our contents and services. The collection and use of personal data of Visitors only takes place if the processing of the data is permitted by legal regulations or with the Visitor's consent.
1.2. Merchants Customers
For merchants who use our platform, we will record the customer email address for all transactions irrespective of whether they are successful or not. The information will be held as an anonymised encrypted string, secured via a one way hash.
2. What Kinds of Non-personal Information Do We Collect?
2.1. Visitors and Merchants
We use data collection services called “cookies” and data collected by other technologies that allow us to track Visitors’ use of the Websites and Merchants’ and end-customers’ activity on the Service. The technical data is used to determine visitor traffic, trends, remember your preferences, deliver personalised content to you while you are using the Websites and to improve our Service.
We may also share aggregated, non-personally identifiable information publicly, for example, to show trends about the general use of the Websites and Service.
3. How Do We Collect Personal Information?
3.1. Visitors and Merchants
We endeavour to only collect personal information about an individual from that individual. There are some circumstances when we may need to collect your personal information from third parties, such as financial institutions. We may also collect personal information from publicly available records.
We may hold your personal information in electronic or hard copy form, or a combination of both.
Optty collects personal information from Visitors and Merchants directly, if you choose to provide it through one of the following means:
3.1.1. Data Obtained Through Cookies When You Use the Website and Creation of Log Files
a) Description of data processing
Every time you visit our Website, our system automatically collects personal data and information from the Visitor’s computer system in the form of browser cookies
The following personal data is collected in this process:
• Information about the browser type and version used
• Device and Operating system
• IP address
• Date and time of access
• Country and Language
The personal data is also stored in the log files of our system. This data is not stored together with other personal data of the Visitor.
b) Legal basis for data processing
The legal basis for the temporary storage of personal data and log files is “Consent” as per point (a) of Art. 6 (1) GDPR. This is achieved via the Pop-Up alert that is displayed directing the website user to our Cookie Policy and settings when they first visit the site.
c) Purpose of data processing
The personal data is stored in log files to ensure that the Website functions properly. In addition, the data helps us optimise our Website and serves to ensure the security of our information technology systems.
d) Duration of storage
The personal data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. If the personal data are stored in log files, this is the case after 30 days at the latest. Further storage is possible. In this case, the IP addresses of the Visitors are deleted or anonymized, so that the data can no longer be attributed to the Visitor.
e) Possibility of objection and elimination
The collection of personal data for the provision of the Website and the storage of personal data in log files is necessary for the optimal operation of the Website. The visitor can object and prevent the cookies by selecting DENY on the pop-up alert when first visiting the site.
3.1.2. Contact Forms (Book a Demo / Download a Copy / Partner Integration)
a) Description of data processing
Contact forms are available on our Website that can be used for booking a consultation, signing up for Services and otherwise engaging with us. If a Visitor uses this option, the personal data entered in the input mask (mandatory fields and optional information) will be transmitted to us and stored. These data are for example:
• First and last name
• Job title
• Business email
• Company
• Phone number
b) Legal basis for data processing
The legal basis for the processing of data is Consent, as defined in point (a) of Art. 6 (1) GDPR. If the contact is for the purpose of the conclusion of a contract or a contract-like obligation, then the legal basis for the processing of this data is Contract, as per point (b) of Art. 6 (1) GDPR.
c) Purpose of data processing
The processing of this data solely serves to handle your inquiry. This also constitutes the necessary legitimate interest in the processing of personal data.
d) Duration of storage
The personal data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. For the personal data entered in the contact form, this is the case when the conversation with the Visitor or the contractual relationship with the Visitor, whichever is applicable, is finished and no legal retention period exists.
e) Possibility of objection and elimination
The Visitor can object to the storage of its personal data at any time. If the personal data is required to fulfil a contract, premature deletion of the data is only possible insofar as contractual or statutory obligations do not prevent the data from being deleted.
3.2. End-customers
Optty may process personal (and non-personal) information about end-customers when you engage with a platform or service integrated with our Service.
4. How Do We Use Your Personal Information?
4.1. Visitors and Merchants
Optty uses the personal identifiable information (which is not sensitive information) of Visitors and Merchants it collects for the purposes for which it was provided to Optty and for related secondary purposes, to carry out Optty’s business purposes, to fulfil its legal obligations, other related purposes or as permitted or required by law.
In particular, Optty may use your personal information to (a) verify your identity; (b) provide products and services that you have requested, and respond to your enquiries; (c) recommend products and services that may be of interest to you, based on your transaction history and preferences (consent); (d) manage your Account Details and provide you with customer support; (e) provide you with information about our events or our services that may interest you, and more generally, to maintain our relationship with you (consent); (f) send promotional offers and marketing material to you (consent); (g) maintain a database of registered users and Merchants of the Service; (h) enhance your experience of the Websites and the Service and make the Websites easier for you to use, including remembering your preferences and personalising your experience on the Websites and in the Service; (i) plan our product and service development in accordance with the needs of our customers; (j) facilitate our business operations.
You do not have to provide personal information to us if you do not wish to, but if you do not do so, it may affect our ability to provide you with our goods and services and with information about them.
4.1.1 Legal Basis for Data Processing
Insofar as we obtain the Visitor's consent for the processing of personal data on our Website, point (a) of Art. 6 (1) GDPR serves as the legal basis for the processing of personal data.
For the processing of personal data required for the performance of a contract to which the Visitor is a party, point (b) of Art. 6 (1) GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of a contractual obligation or pre-contractual measures.
Insofar as the processing of personal data is required to fulfil a legal obligation to which our company is subject, point (c) of Art. 6 (1) GDPR serves as the legal basis.
If processing is necessary to protect a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject concerned do not outweigh the legitimate interest mentioned above, point (f) of Art. 6 (1) GDPR serves as the legal basis for data processing (so-called “weighing of interests”).
In addition, there are other legal bases for the processing of personal data that we have specifically listed below, where relevant.
4.1.2. Storage Period
Visitor's personal data will be deleted as soon as the purpose of storage ceases to apply. Furthermore, personal data may be stored if this has been provided for by laws or other regulations to which our company is subject. The personal data will also be blocked or deleted where a storage period prescribed by the aforementioned standards expires unless there is a need for further storage of the personal data for the conclusion or fulfilment of a contract.
4.1.3. Cookies
Description of data processing
We use “cookies” to make your visit to our Website attractive and to enable the use of certain functions. Cookies are small text files stored in the browser or by the browser on the terminal device. If a Visitor visits a website, a cookie may be stored on the Visitor's operating system. This cookie contains a characteristic string of characters that allows the browser to be uniquely identified when the website is visited again.
a) Technically necessary cookies
We use cookies to make our Website function. They are necessary to keep your visit consistent, to ensure that saved search queries are retained during the session, and to allow proper function of the website. Some functions of our website cannot be offered without the use of cookies. For this it is necessary that the browser is recognized even after a page change.
The personal data collected by technically necessary cookies are not used to create user profiles.
Technically necessary cookies cannot be manually deactivated by you via our website. However, you have the option of using your browser settings to specify that cookies should generally be rejected. Please note that in this case some functions of the website cannot be used.
b) Note on changing the browser settings Most browsers are set to accept cookies automatically. However, the Visitor can prevent the storage of cookies on its computer by means of appropriate browser settings, which, however, can limit the range of functions of our Website.
Legal basis for data processing
The legal basis for the processing of personal data using cookies is Legitimate Interest, as defined in point (f) of Art. 6 (1) GDPR.
Purpose of data processing
The purpose of using technically necessary cookies is to simplify the use of the Website for Visitors. Some functions of our Website cannot be offered without the use of cookies. For this reason, it is necessary for the browser to be recognizable even after leaving the Website. With the assistance of the analysis cookies, we learn how the Website is used and can thus continuously improve and optimize it. The aforementioned purposes constitute our legitimate interest in the processing of personal data pursuant to point (f) of Art. 6 (1) GDPR.
Duration of storage, the possibility of objection and elimination
Cookies are stored on the Visitor's computer and transmitted to our Website. Therefore, you as the Visitor have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our Website, it may no longer be possible to use all functions of the Website fully.
4.1.4 Web Analysis and Other Tools
Optty is using web analytics tools such as Google Analytics, Google Tag Manager, Hubspot and and FullStory. These tools collect non-personal information on our behalf about your operation system, the type of mobile Internet browser you use, your location information, device model and version. This information is being used to track behaviour and improving the quality of the advertising service.
4.1.5 Social Networks / External Links
In addition to this Website, we also maintain a presence at various social media sites (e.g. Facebook, Instagram, Twitter, LinkedIn) which you may be able to reach by clicking on the corresponding icon on our Website. Where you decide to visit such a site, they may set third-party cookies. It is possible that further information will be processed by the social network provider in addition to the retention of the data concretely provided by you.
Additionally, the social network provider may process the most important data from the computer system used to visit them, e.g. their IP-addresses, the processor type used as well as the browser version including plug-ins.
Should you be logged in to such a website with your personal account with the social network in question during your visit to such a website, then this social network can also match the visit with your account.
The purpose and scope of the collection of data by the medium in question as well as the further processing of your data as well as your corresponding rights can be reviewed under the terms and conditions of the respective controller.
Additionally, the Website may contain links to other websites that are not owned, operated or controlled by us. As such, we are not responsible for the information on these sites, or their privacy policies.
4.2. End-customers
Optty may use end-customers’ personal information in connection with (a) your engagement with a Merchant in which our Service is used (Legitimate interest and compliance with a legal obligation); (b) produce anonymised data and aggregated data (Legitimate interest). By way of example, such data may be used to support the diagnosis of server problems, to identify and create new service offerings and features and to improve our service offerings.
Legal basis for data processing
Optty process such data under the direction of our Merchants.
5. How Do We Use Sensitive Information?
Sensitive information is a type of personal information that includes information about an individual’s criminal record, racial or ethnic origin or sexual orientation or practices. We do not collect or record such information.
6. Who Do We Disclose Your Personal Information To?
Optty will not disclose your personal information to any other third parties unless you have consented to such disclosure. Such consent may be given expressly or it may be implied by conduct.
In particular, your personal information may occasionally be disclosed to (a) our directors, officers, employees and related entities (including entities located overseas), for the purpose of our business and marketing purposes only; (b) subsidiaries and/or affiliates, third party contractors or service providers that we use in the ordinary course of our business to assist with the delivery of our products and services (on a confidential basis and such service providers (so-called “processors”) will be limited in their use of the information to the purpose of our business only); (c) specialist advisers who have been engaged to provide us with legal, administrative, financial, insurance, research, marketing or other services; and (d) any other person authorised, implicitly or expressly, when the personal information is provided to or collected by us.
Some of Optty’s related entities, or third-party service providers to whom we may disclose your personal information, may be located in countries and regions outside Singapore or may hold your data on servers located outside of Singapore, including in Australia, United States of America and Europe. We will endeavour to take reasonable steps to ensure that these parties handle such information in a manner that is consistent with the Australian Privacy Principles, with the CCPA, with the GDPR provisions on the transfer of personal data to so-called “third countries” where applicable and this Privacy Policy.
Optty reserves the right to disclose any personal information to law enforcement or other government officials where we reasonably believe that this may be necessary or appropriate, or where it will prevent or lessen a serious and imminent threat to somebody’s safety, life or health.
7. Our Commitment to Data Security
Optty takes the security of your personal information very seriously. We take reasonable steps to protect the personal information we hold, whether in electronic or another form, from misuse, interference and loss and from unauthorised access, modification or disclosure.
Optty may retain any personal information you provide during the use of the Websites and Service, for as long as you remain an active Merchant of the Service or user of the Websites, or until you tell us that you no longer wish for us to retain such information and otherwise to the extent permitted by applicable law. We will take reasonable steps to destroy or permanently de-identify personal information we hold if it is no longer needed for Optty’s business purposes and it is permissible by law to do so. If requested or authorised to do so, we may shorten the retention period.
We may also retain and use your personal information to fulfil our legal obligations, resolve disputes, enforce any agreements to which we are a party, and protect the legal rights and legitimate interests of others and ourselves.
8. Access to Personal Information
8.1. Visitors and Merchants
You have the right to obtain confirmation as to whether or not personal information concerning you is being processed; where this is the case, you have the right to request access to personal information that Optty holds about you in writing by using the contact details below. Optty will process such request within 1 month of receipt to provide a copy of the personal data which is undergoing processing from the controller, further copies may result in the charge of an administrative fee that will cover the costs of verifying the application and retrieving the information requested by the controller. If Optty denies an access request, it will provide reasons for doing so.
8.1.1. Restriction of processing
You have the right to obtain the restriction of processing where one of the conditions detailed in Art. 18 GDPR is met, e.g. where you have objected to the processing, pending the verification of whether the objection should be upheld.
8.1.2. Erasure
You have the right to obtain the erasure of personal data concerning yourself without undue delay, to the degree that one of the grounds specifically listed under Art. 17 GDPR applies, e.g. where the personal data are no longer necessary for the purposes for which they were collected and the legal retention regulations do not hinder an erasure.
8.1.3. Data Portability
As per Art. 20 GDPR, you have the right to receive the personal data concerning yourself, that you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data yourself or – where technically feasible – to have this data transferred by us to another controller.
8.1.4. Object
Within the scope of requirements of Art. 21 GDPR, you have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning yourself.
8.1.5. Withdraw the data protection declaration of consent
You have the right to withdraw at any time the data protection declaration of consent with which you provided us. The withdrawal of the declaration of consent does not affect the legality of processing performed on the basis of the consent prior to its withdrawal.
8.1.6. Rights in cases of automated decisions
To the degree that we, on an exceptional basis, make decisions in individual cases on an automated basis – including profiling – we are obligated under the legal provisions to make provisions so that you may influence the decision (Art. 22 GDPR).
8.2. End-customers
As an EU citizen or a California Consumer, you are able to access, update or erase data held concerning you.
If your relationship with Optty is via Merchants or other companies that use our Services, all requests other than Objection to Processing requests must be submitted directly to them. Optty processes data as a service provider on behalf of those companies. That means they are responsible for authenticating your request and ensuring it is communicated to all service providers.
Optty is committed to working with our partners to honour data subject requests to the full extent required by GDPR and CCPA.
9. Opt-out for end-customers
If you choose to block cookies, you can set your browser to reject cookies or you can manually delete individual cookies or all of the cookies on your computer by following your browser’s help file directions. Note that turning off cookies may also disable functions of many websites you visit.
If you are an iOS user, you can enable Limit Ad Tracking on your iOS device by following instructions here (link: https://support.apple.com/en- us/HT202074).
Android users can opt-out of interest-based ads by following instructions described (link: https://support.google.com/ googleplay/android-developer/ answer/6048248?hl=en)
10. Correction of Personal Information
Optty will take reasonable steps to ensure that any personal information we hold about you is accurate, complete and up to date. If there are any changes to your personal information, please let us know using the contact details below.
If you request us to, we will take reasonable steps to correct the personal information we hold about you so that it is accurate, complete and up to date, or will provide reasons for not doing so.
You have the right to obtain without undue delay the rectification of inaccurate personal data concerning yourself as well as, where appropriate, the right to have incomplete personal data completed (Art. 16 GDPR).
11. Complaints
If you wish to make a complaint about a breach of this Privacy Policy, or the Data protection provisions, you can contact Optty using the contact details below. You will need to provide sufficient details regarding your complaint, as well as any supporting evidence and information.
Your complaint will be reviewed by our Data Protection Officer, who will investigate the issue and determine the steps that Optty will take to resolve your complaint. Optty will contact you if it requires any further information from you and will notify you in writing of the outcome of the investigation.
12. Changes to this Policy
We may update this Policy from time to time. You can find the most current version on our Website.
13. Contact Details
Optty Pte Ltd
Address: 160 Robinson Road, #14-04, Singapore 068914
Attention: Data Protection Officer
Email: privacy@optty.com
Last Updated: 08 August 2022