Privacy Statement

OSF Digital Privacy and Security Policy

Revised as of March 21, 2024

Privacy Statement Purpose

OSF Digital is committed to protecting your privacy.

This Privacy Statement (“Statement”) sets out the types of personal information we collect, how we collect and process that information, who we share it with in relation to the services we provide, and certain rights and options that you may have in this respect.

These websites are owned and operated by OSF Global Services, Inc. d/b/a OSF Digital and/or its affiliates and subsidiaries (herein “OSF” or “We”). Your privacy while visiting our websites, including but not limited to osf.digital and allai.digital (collectively, the "Sites"), is of the utmost importance to us.

This Statement applies only to information collected on the Sites and will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not visit our Sites or provide us with any information.

As used in this Statement, “Personal Data” means information relating to an identified or identifiable natural person, which enables the natural person to be identified, directly or indirectly.

Who Is Responsible for Your Personal Data?

OSF is responsible for your Personal Data. Information on our subsidiaries can be found here.

For the purposes of applicable data protection law (in particular, the General Data Protection Regulation (EU) 2016/679 - the "GDPR"), your data will be controlled by the OSF affiliate or subsidiary that you have instructed or that is providing services to you or communicating to you and each such entity is regarded as an independent data controller of your personal data.

This Statement does not apply to the extent we process Personal Data in the role of a processor or service provider on behalf of our customers, including where we offer to our customers various products and services through which our customers (or their affiliates) collect, use, share or process Personal Data.

What Data We Collect

We may collect Personal Data when you interact with the Sites (e.g., registering with us to gain access to specific content or attend a hosted event, responding to a survey or requesting communications) or otherwise provide it to us. Depending on your specific interaction, such information may consist of your name, current job title, company address, email address, telephone number, correspondence with you, which newsletters you subscribe to, and/or other information you provide to us.

Our Sites may offer publicly accessible message boards, blogs, and community forums (e.g., AllAI Connect). You may be required to register for an account with us to post on such Sites. Please keep in mind that if you directly disclose any information through our public message boards, blogs, or forums (including profile information associated with the account you use to post the information) it may be read, collected and used by any member of the public who accesses these pages on the Sites. Any of these posts and certain of your profile information may remain active even after you terminate your account.

In addition, OSF gathers standard internet log information about our visitors’ use of the Sites, including your Internet Protocol (IP) address, browser type and language, access times and referring website addresses, as well as various aggregated tracking information derived mainly by tallying page views. More details on this are below.

When applying for OSF Digital Jobs:

If you apply for a job using the ”Jobs at OSF” website section (https://osf.digital/careers/jobs), you will be required to offer your explicit consent for your data to be further processed for recruitment purposes; in general, recruitment data refers to your Personal Data, such as your name, date of birth, phone number, e-mail address, and your resume and cover letter, if applicable. The information you will submit for recruitment purposes is collected through Zoho Recruit platform (https://www.zoho.com/recruit/), a third-party, and Zoho Recruit’s Privacy Policy terms will apply (https://www.zoho.com/privacy.html).

Sensitive Information. We do not usually seek to collect or obtain any sensitive information about individuals.

How We May Use Your Personal Data

Your Personal Data may be used by OSF to:

  • Assess the needs of your business to determine suitable products;
  • Communicate with you, including sending you requested product or service information, newsletters, and/or marketing communications;
  • Administer your account;
  • Respond to your questions and concerns;
  • Improve our website and marketing efforts;
  • Conduct research and analysis;
  • Support our recruiting activities;
  • Participate in surveys, research or other similar data collection; and/or
  • Save or protect an individual’s vital interest. We may process Personal Data when necessary to save or protect an individual’s vital interest, such as to prevent harm.

We will communicate with you primarily in the form of e-mails. You can opt-out of receiving certain communications from the Sites by clicking the “Unsubscribe” link at the bottom of each email or emailing us at [email protected]. Please note that even if you unsubscribe or opt-out, we may still send you Sites related communications (e.g., e-mails related to your comments).

Consistent with international legislation, we do not knowingly request personally identifiable information from anyone under the age of 13. Please read the final section of this Statement for more detailed country-specific elements.

We may also use your Personal Data to create anonymous information records by excluding information that makes the information personally identifiable to you.

Cookies and Other Technologies

Like many companies, OSF uses automatic data collection tools on its websites, such as cookies and embedded web links. These tools collect certain standard information that your browser sends to our websites, such as your browser type and the address of the website from which you arrived at one of our websites. These tools may also collect information about your IP address and clickstream behavior (for example, the pages you view and the links you click). Collectively, these tools help make your visit to our websites easier, more efficient and more valuable by providing you with a customized experience and recognizing you upon your return to our site.

A cookie itself does not contain Personal Data. The cookie can't read data off your hard drive or read cookie files created by other sites. Instead, the cookie will enable us to relate your use of this Sites to information that you have specifically and knowingly provided to OSF. Cookies on their own do not identify you; they merely recognize your web browser. Unless you choose to identify yourself to OSF, either by responding to a promotional offer, registering to download a product, or filling out a web form (such as a “Contact Me”), you remain anonymous to OSF.

Upon your first visit from a certain device to a Site, we will ask for permission to enable cookies. You may not accept cookies, in which case you can continue to the Site, but you may be unable to access certain services. You can monitor our use of cookies on your computer by setting your web browser to inform you when cookies are set, or you can prevent the cookies from being set entirely.

The “help” portion of the toolbar on most browsers will tell you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. If you disable the use of cookies on your computer, you may be unable to access certain services on our Sites.

Usage Tracking

We do not correlate this information with data about individual users. We do aggregate and compile overall usage statistics according to a user’s domain name, browser type, and MIME type by reading this information from the browser string (information contained in every user’s browser).

OSF sometimes tracks and catalogs the search terms users enter in our Search function, however this tracking is never associated with individual users. We use tracking information to determine which areas of our Sites users prefer based on traffic to those areas. We do not track what individual users read, but rather how well each page performs overall. This may help us continue to build a better online experience for you.

DISCLOSURE TO THIRD PARTIES

We may make certain Personal Data available to our third-party service providers, such as those we engage to host and maintain the Sites or other aspects of our IT infrastructure. They are generally contractually obligated to protect and use such data on our behalf. We do not sell, rent or trade your Personal Data with any third party.

We also may be required to provide certain Personal Data to comply with legally mandated reporting, disclosure, or other legal process requirements. We reserve the right to use or disclose your Personal Data if required by law or if we reasonably believe that use or disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or comply with a law, court order, or legal process.

If we (or our assets) are acquired by another company, whether by merger, acquisition, bankruptcy or otherwise, that company would receive all information gathered by OSF on the Sites, including your Personal Data.

We have implemented measures to protect your Personal Data, including by using the European Commission’s Standard Contractual Clauses for transfers of personal information between our group companies and between us and our third-party providers. These clauses require all recipients to protect all Personal Data that they process originating from the EEA or UK in accordance with European data protection laws and regulations. We have implemented similar appropriate safeguards with our third-party service providers and partners and further details can be provided upon request.

How We Transfer Personal Data Internationally

INTERNATIONAL TRANSFERS WITHIN THE OSF GROUP

To facilitate our global operations, we may transfer information to other OSF Affiliates where we have operations for the purposes described in this policy. Please see https://osf.digital/contact-us for a list of OSF Affiliates and their locations. We also have Binding Corporate Rules in place, covering our intra-company data transfers, as approved by the European Data Protection Board (EDPB).

This Statement will apply even if we transfer Personal Data to other countries. We have taken appropriate safeguards to require that your Personal Data will remain protected wherever it is transferred. When we share Personal Data of individuals in the EEA, Switzerland or the UK within and among OSF’s Affiliates, we rely upon the Standard Contractual Clauses (approved by the European Commission and Swiss authorities) and on the UK Addendum to the Standard Contractual Clauses (approved by the UK authorities) where required, as well as additional safeguards where appropriate (such as commercial industry standard secure encryption methods to protect customer data at rest and in transit, web application firewall protection, and other appropriate contractual and organizational measures).

Data Retention

In accordance with the data minimization principle, we retain Personal Data for the purpose for which it was collected. We maintain specific records management and retention policies and procedures so Personal Data are deleted after a reasonable time according to the following retention criteria:

We retain your data as long as we have an ongoing relationship with you (in particular, if you have an account with us) or as otherwise needed in order to comply with our global legal and contractual obligations.

INTERNATIONAL TRANSFERS TO THIRD PARTIES

Some of the third parties which provide services to us under contract are based in other countries that may not have equivalent privacy and data protection laws to the country in which you reside. When we share Personal Data of individuals in the EEA, Switzerland or UK with third parties, we use a variety of legal mechanisms to safeguard the transfer including the European Commission approved Data Privacy Framework Standard Contractual Clauses, as well as additional safeguards where appropriate. For transfers to or from the United Kingdom, we make use of the UK Addendum. For transfers to or from Canada, we make use of the standard contractual clauses. Please contact us if you need more information about the legal mechanisms we rely on to transfer personal data outside the EEA, Switzerland, Canada, and UK.

Security Procedures

We have put in place security measures to prevent your Personal Data from being used or accessed in an unauthorized way. We have also put in place procedures to deal with any suspected Personal Data breach and will notify you and any applicable supervisory authority or regulator of a breach where we are legally required to do so. You can read OSF's commitment statement here.

Some of the security measures that we have put in place are the following:

  • Data Encryption: Data transmitted between the Sites and users is encrypted using secure protocols like HTTPS to prevent interception by unauthorized parties.
  • Access Control: Strict access controls are designed to limit which authorized personnel can access Personal Data or make changes to it.
  • Regular Updates: Keeping the website's software, including the CMS, plugins, and themes, up to date to protect against known vulnerabilities.
  • Secure Hosting: Using a reputable hosting service that offers strong security measures to protect the website from attacks like DDoS.
  • Monitoring and Response: Continuously monitoring the website for suspicious activity and having a response plan in place for potential security incidents.
  • Backup and Recovery: Regularly backing up the website data and having a disaster recovery plan to restore the website in case of data loss or corruption.
  • User Education: Educating employees about best practices for data safety, including strong password policies and recognizing phishing attempts.
  • Compliance and Audits: Ensuring compliance with industry standards and conducting regular security audits to identify and mitigate risks.

Third-Party Websites and Services

The Sites may contain links to other third-party web sites, products and services (collectively, "Linked Sites"). Such Linked Sites are offered for your convenience and/or information. OSF is not responsible for the contents or privacy practices of any Linked Site. Information collected by third parties may include location data or contact details. OSF makes no representations regarding the use of data by third-party websites-- third-party collection of data is governed by the privacy practices of those third parties. We encourage you to review the privacy statements posted on the other websites you visit.

Correcting and Updating Your Personal Data

We offer settings to control and manage certain Personal Data we have about you, including the ability to:

  • Access, Amend, or Delete your Personal Data: You can ask us to grant you access to your Personal Data, or to correct or delete all or some of your Personal Data (e.g., if it is no longer necessary to provide services to you).
  • Object to, or Limit or Restrict, Use of Data (Withdraw Consent): You can ask us to stop using all or some of your Personal Data (e.g., if we have no legal right to keep using it) or to limit our use of it (e.g., if your Personal Data is inaccurate or unlawfully held).
  • Complain: You have the right to complain to a data protection authority about our collection and use of your Personal Data.

You may exercise the above rights by writing to us at [email protected], subject: Personal Data. We will respond to your request within an estimated period of 30 (thirty) days.

However, if you make posts through publicly accessible message boards, blogs, and community forums on the Site, OSF will not delete these posts, and your post and certain of your profile information may remain active even if you exercise the above rights.

In addition, if you have any questions or concerns, you may contact us at [email protected].

Notification on Privacy Statement Changes

OSF reserves the right to change this Statement. The updated version will be indicated by an updated “Revised” date and the updated version will be effective as soon as it is accessible. Only the current Statement is deemed effective, so we encourage you to periodically review this page for the latest information on our privacy practices.

Trademarks

The names of companies and products mentioned within any website owned and operated by OSF may be the trademarks of their respective owners.

Other Country-Specific Elements

EUROPE/UK

If you are located in the European Economic Area (“EEA”) or United Kingdom (“UK”), this section applies to you: The General Data Protection Regulation (GDPR) and the applicable data privacy legislation require us to explain the valid legal bases we rely on to process your Personal Data. Our legal basis for collecting and using any Personal Data will depend on the Personal Data concerned and the specific context in which we collect it. However, we will normally collect Personal Data from you only where we have your consent to do so, where we need the Personal Data to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect Personal Data from you.

In legal terms, we are generally the “Data Controller” under European data protection laws of the Personal Data described in this privacy notice, since we determine the means and/or purposes of the data processing we perform. This privacy notice does not apply to the Personal Data we process as a “Data Processor” on behalf of our customers. In those situations, the customer that we provide services to and with whom we have entered into a data processing agreement is the “Data Controller” responsible for your personal information, and we merely process your information on their behalf in accordance with your instructions.

We may rely on the following legal bases to process your Personal Data:

  • Consent. We may process your Personal Data if you have given us permission (i.e., consent) to use your Personal Data for a specific purpose. You can withdraw your consent at any time.
  • Performance of a Contract. We may process your Personal Data when we believe it is necessary to fulfill our contractual obligations to you, including providing our Services or at your request prior to entering into a contract with you.
  • Legitimate Interests. We may process your Personal Data when we believe it is reasonably necessary to achieve our legitimate business interests and those interests do not outweigh your interests and fundamental rights and freedoms.
  • Legal Obligations. We may process your Personal Data where we believe it is necessary for compliance with our legal obligations, such as to cooperate with a law enforcement body or regulatory agency, exercise or defend our legal rights, or disclose your information as evidence in litigation in which we are involved.
  • Vital Interests. We may process your Personal Data where we believe it is necessary to protect your vital interests or the vital interests of a third party, such as situations involving potential threats to the safety of any person.

Contact details for data protection authorities in the EEA are available here: https://edpb.europa.eu/about-edpb/about-edpb/members_en.