Introduction

OnCorps is committed to protecting your privacy. In order to provide our services and to provide a personalised experience, we need to collect certain information from you. This Privacy Notice explains when and why we collect Personal Information about you as well as the types of Personal Information we may collect when you interact with us. It also explains how we’ll look after your data and keep it safe. If you have any questions, please contact us at privacy@oncorps.io. 

It’s likely that we’ll need to update this Privacy Notice every now and again to make sure it's accurate. We’ll let you know of any major changes, but the most up-to-date version will always be here for you to check.

About OnCorps

This Privacy Policy applies to all the products, services, websites, and apps offered by OnCorps Inc. and OnCorps Ltd (collectively “OnCorps”), except where otherwise noted. We refer to those products, services, websites, and apps collectively as the “services” in this policy. 

References to "data" in this Privacy Policy refer to whatever data you use our services to collect, whether it be app interaction or signing up for an event. Reference to Personal Information or just “information” means information about you personally that we collect.

Explaining the legal bases we rely on

The GDPR law on data protection sets out a number of different reasons a company may collect and process your Personal Information, including:

  • Consent: In specific situations, we can collect and process your data with your consent - e.g. when you tick a box online or sign up to receive invitations from us. When collecting your Personal Information, we’ll always make clear to you which data is necessary in connection with a particular service.
  • Contractual obligations: In some instances, we need your Personal Information to comply with our contractual obligations. 
  • Legal compliance: We may be legally bound to collect and process your data.
  • Legitimate interest: We require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom, or interests. 

Types of relationships

Depending on our relationship with you, we require different types of Personal Information in order to deliver our services to you. Here are some definitions of the type of relationships we may have with you:

  • Owners: You create or administer OnCorps solutions.
  • Users: You use a solution powered by OnCorps.
  • Community Member: You expressed interest in our events, attended one or more of our events, or asked to stay in touch with OnCorps.
  • Visitor: You visited our website.

The types of Personal Information we collect

Contact Information (for example, an email address)

You might provide us with your contact information, whether through use of our services, a form on our website, an interaction with our sales or support team, or as a user of one of our apps. We always keep our requests for contact information to a minimum.

Profile data

When you sign into our apps, attend our events, or create an application with us, you may be asked to provide us with information about yourself and to give us more detailed insights into who you are.

Usage information

We collect usage information whenever you interact with our websites or solutions. This includes which webpages you visit, what you click on, when you perform those actions, what language preference you have, and so on.

Device and browser data

We collect information from the device and application you use to access our services. This data mainly refers to your IP address, operating system version, device type, system and performance information, and browser type. 

Information from cookies

We use third party tracking services that employ cookies to collect data about visitors to our websites. This data includes usage and user statistics. Emails sent by OnCorps or by users through our services include page tags that allow the sender to collect information about who opened those emails and clicked on links within them. We provide more information on cookies in our Cookies Policy.

Log data

Like most websites today, our web servers keep log files that record data each time a device accesses those servers. The log files contain data about the nature of each access, including originating IP addresses, internet service providers, the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system versions, device type, and timestamps.

Referral information

If you arrive at an OnCorps website from an external source (such as a link on another website or in an email), we record information about the source that referred you.

Information from third parties and integration partners

We collect your Personal Information or data from third parties if you give permission to those third parties to share your information with us (e.g. LinkedIn for authentication).

If you are an Owner, we will also collect:

Account Information

We require information about your company and role as part of the account information.

Billing information

If you make a payment to OnCorps, we require you to provide your billing details, a name, address, email address, and financial information corresponding to your selected method of payment.

If you are a User of our own applications, we will collect:

Application data

We store your application data (responses) for you and provide ways to analyse and understand this information.

How we collect your Personal Information

There are a number of ways in which we may collect information about you:

  • When you visit our website
  • When you sign up for an event or ask to be notified about future events
  • When you consent to receive information about OnCorps
  • When you engage OnCorps to create a solution for your business
  • When you use an OnCorps powered application
  • When you try out some of our demonstration applications
  • When you engage with us on social media
  • When you have given a third-party permission to share information they hold about you with us

How and why we use your Personal Information

The information we hold about you may be used in any of the following ways:

  • To provide and to improve our services to you
  • To send you further information about our services which we think may be of interest to you
  • To send you further information about our services based on a request we have received from you
  • To fulfil our obligations to you
  • To provide you with notification about any changes to our services relevant to you

Protection of your Personal Information

The security of your Personal Information is very important to us. We take a lot of care to handle and store it as best we can and in line with new legislation.

Here are some ways we secure your data:

  • We have in place an information security management system, including security processes and policies that are certified as ISO 27001 compliant by an external assessor.
  • We encrypt Personal Information data at rest where possible.
  • We use encrypted https links between our web server and your browser.
  • We monitor and check our data security systems for possible vulnerabilities and attacks, and we carry out penetration testing to identify ways to further strengthen security.

Who we need to share your Personal Information with and why

At times, we need to share your Personal Information with trusted third parties. We only provide what they need and they cannot use your data for anything other than their stated purposes. Your data is deleted or rendered anonymous if we stop working with them.

We use companies who will process and store your Personal Information as part of their contract or terms and conditions with us, including Google Analytics, Google Suite, and Amazon Web Services.

We will never sell or trade your contact details with any third parties. There are some instances when we may have to share your information based on our legal obligations.

Where your Personal Information may be processed

Sometimes we will need to share your Personal Information with third parties outside the European Economic Area (EEA), such as the USA.

If we do this, we have procedures in place to ensure your data receives the same protection as if it were being processed inside the EEA by ensuring they have adequate controls in place, e.g. EU-US Privacy Shield.

Any transfer of your Personal Information will follow applicable laws and we will treat the information under the guiding principles of this Privacy Notice.

Your rights over your Personal Information

You retain the right to request us to refrain from processing your Personal Information for the purposes of marketing. To exercise such right, you may unsubscribe using the link in an email we send to you or you can exercise this same right by contacting us electronically via email at privacy@oncorps.io. 

We are required to maintain your Personal Information accurately. If you believe any of the Personal Information that we process is inaccurate, you are entitled to contact us to correct any inaccuracies at privacy@oncorps.io. When we agree that the Personal Information held by us is inaccurate, we will correct such inaccuracies without undue delay.

We will not be responsible for correcting inaccuracies in third party Personal Information unless you have informed us of such inaccuracies, in which case we will provide you with reasonable assistance in complying with your obligations as data controller under the applicable Data Protection Laws in relation to any inaccurate third party data.

Right to be forgotten - if we no longer have a legal basis to process your Personal Information or if the legal basis that we are relying on is consent and you subsequently withdraw your consent, then we will stop processing your Personal Information. 

You are responsible for ensuring that any third party request to be forgotten is applied to any third party Personal Information that you send to us. We will provide you with reasonable assistance in complying with your obligations as data controller under the applicable Data Protection Laws in relation to any third party requests to be forgotten.

You may at any time contact us to review the Personal Information we hold about you. You may exercise this right by contacting us at privacy@oncorps.io.

Safety of Minors

Our services are not intended for and may not be used by minors. “Minors” are individuals under the age of 13 (or under a higher age if permitted by the laws of their residence). If it comes to our attention that we have collected Personal Information from a Minor, we may delete this information without notice. If you have reason to believe that this has occurred, please contact privacy@oncorps.io.

Contacting the Regulator

If you are at all unhappy about the handling of your data, you can send a complaint to the Information Commissioner’s Office by calling +44 303 123 1113 or go online to www.ico.org.uk/concerns

If you are based outside the UK, you have the right to lodge your complaint with the relevant data protection regulator in your country of residence.

Questions?

We hope this Privacy Notice has been helpful in setting out the way we handle your Personal Information and your rights to control it.

If you have any questions that haven’t been covered, please contact our Privacy Manager who will be pleased to help you: privacy@oncorps.io