Privacy Statement

OSF Digital Privacy and Security Policy

Revised as of April 16, 2025

Privacy Statement Purpose

OSF Digital is committed to protecting your privacy. We value your privacy, and we are committed to protecting your personal information.

This Privacy Statement (“Statement”) sets out the types of personal information we collect, how we collect and process that information, who we share it with in relation to the services we provide, and certain rights and options that you may have in this respect.

These websites are owned and operated by OSF Global Services, Inc. d/b/a OSF Digital and/or its affiliates and subsidiaries (herein “OSF” or “We”). Your privacy while visiting our websites, including but not limited to osf.digital and allai.digital (collectively, the "Sites"), is of the utmost importance to us.

This Statement applies only to information collected on the Sites and will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not visit our Sites or provide us with any information.

As used in this Statement, “Personal Data (PII)” means information relating to an identified or identifiable natural person, which enables the natural person to be identified, directly or indirectly.

This Privacy Statement explains:

  • What personal data we collect.
  • How we collect and use this data.
  • Who we may share it with.
  • Your rights and choices when it comes to your data.

Who Is Responsible for Your Personal Data?

For the purposes of applicable data protection law (in particular, the General Data Protection Regulation (EU) 2016/679 - the "GDPR"), your data will be controlled by the OSF affiliate or subsidiary that you have instructed or that is providing services to you or communicating to you and each such entity is regarded as an independent data controller of your personal data.

This Statement does not apply to the extent we process Personal Data in the role of a processor or service provider on behalf of our customers, including where we offer to our customers various products and services through which our customers (or their affiliates) collect, use, share or process Personal Data. All the details about how OSF acts as a processor can be found in https://osf.digital/company/compliance.

OSF Digital is responsible for safeguarding your Personal Data. Depending on the services you use or the team you interact with, your data may be handled by OSF or one of our affiliated companies. Information on our subsidiaries can be found here.

When you receive services from us or our partners, we may also handle data on behalf of other organizations. In those cases, we act as a service provider, and the privacy policy of that organization will apply.

When and What Personal Data We Collect

We collect Personal Data when you interact with our websites or provide information directly. This can happen when you:

  • Register to access specific content.
  • Subscribe to newsletters or other communications.
  • Sign up for or attend an event we host.
  • Apply for a job or fill out a form.
  • Respond to surveys.
  • Post on our blogs, forums, or community pages.

The types of Personal Data we may collect include:

  • Your name and job title.
  • Company name and address.
  • Email address and phone number.
  • The content of your messages or communications with us.
  • Newsletter subscriptions or other preferences you’ve selected.

If you post on our public forums, blogs, or message boards, please note that this content—along with your profile details—may be visible to others. Even if you delete your account, some posts and profile info might remain publicly accessible.

We also collect standard website data, like:

  • IP address.
  • Browser type and language.
  • Access times and pages visited.
  • Referring website information.
  • Aggregated data on how users interact with the site.

When applying for OSF Digital Jobs:

If you apply for a job using the ”Jobs at OSF” website section (https://osf.digital/careers/jobs), you will be required to offer your explicit consent for your data to be further processed for recruitment purposes; in general, recruitment data refers to your Personal Data, such as your name, date of birth, phone number, e-mail address, and your resume and cover letter, if applicable. The information you will submit for recruitment purposes is collected through Zoho Recruit platform (https://www.zoho.com/recruit/), a third-party, and Zoho Recruit’s Privacy Policy terms will apply (https://www.zoho.com/privacy.html).

Sensitive Information. We do not usually seek to collect or obtain any sensitive information about individuals.

How We May Use Your Personal Data

Your PII may be used by OSF to:

  • Assess the needs of your business to determine suitable products.
  • Communicate with you, including sending you requested product or service information, newsletters, and/or marketing communications.
  • Administer your account.
  • Respond to your questions and concerns.
  • Improve our website and marketing efforts.
  • Conduct research and analysis.
  • Support our recruiting activities.
  • Participate in surveys, research or other similar data collection; and/or
  • Save or protect an individual’s vital interest. We may process Personal Data when necessary to save or protect an individual’s vital interest, such as to prevent harm.

We will communicate with you primarily in the form of e-mails. You can opt-out of receiving certain communications from the Sites by clicking the “Unsubscribe” link at the bottom of each email or emailing us at [email protected]. Please note that even if you unsubscribe or opt-out, we may still send you Sites related communications (e.g., e-mails related to your comments).

Consistent with international legislation, we do not knowingly request personally identifiable information from anyone under the age of 13. Please read the final section of this Statement for more detailed country-specific elements.

We may also use your Personal Data to create anonymous data records by excluding information that makes the data personally identifiable to you.

Cookies and Other Technologies

Like most websites, we use cookies and similar tools to improve your experience on our Sites. These help us understand how visitors use our pages, remember your preferences, and recognize you when you return. Unless you choose to identify yourself to OSF, either by responding to a promotional offer, registering to download a product, or filling out a web form (such as a “Contact Me”), you remain anonymous to OSF. We may collect basic information like:

  • Your browser type.
  • Your IP address.
  • Which pages you visit.
  • The links you click.
  • Where you came from (referring site).

Cookies don’t store personal data directly or access anything on your device. They simply help connect your activity on our Sites to information you've already provided — like if you filled out a form or signed up for updates.

Your Cookie Choices

When you first visit our website, you’ll be asked if you want to allow cookies. You can:

  • Accept all cookies.
  • Refuse non-essential cookies.
  • Adjust your browser settings to control or block cookies.

If you choose to block or disable cookies, some parts of our website might not work properly. For guidance on managing cookies, check the “Help” section of your browser. There, you’ll find step-by-step instructions on how to:

  • Block new cookies
  • Get notified when cookies are being used
  • Delete existing cookies

Usage Tracking

We do not correlate this information with data about individual users. We do aggregate and compile overall usage statistics according to a user’s domain name, browser type, and MIME type by reading this information from the browser string (information contained in every user’s browser).

OSF sometimes tracks and catalogs the search terms users enter in our Search function, however this tracking is never associated with individual users. We use tracking information to determine which areas of our Sites users prefer based on traffic to those areas. We do not track what individual users read, but rather how well each page performs overall. This may help us continue to build a better online experience for you.

DISCLOSURE TO THIRD PARTIES

Who We Share Your Data With — and Why

We do not sell, rent, or trade your Personal Data for any financial gain. Your information is only shared when necessary to support our services, meet legal obligations, or ensure business continuity.

We may share your data with:

1. Trusted Service Providers

We work with third-party providers who help us run our websites and services (like hosting, IT infrastructure, or email systems). These companies only use your data to perform tasks on our behalf and are contractually required to protect it through Data Processing Agreements (DPAs), which ensure your information is used responsibly and in line with data protection laws.

2. Legal or Regulatory Authorities

We may be required to share your data when the law demands it — for example, in response to a court order or official investigation. We may also disclose information if it’s necessary to protect our rights, prevent fraud, or ensure the safety of you or others.

3. OSF Global Affiliates

Because we operate internationally, your data may be shared with other OSF affiliates around the world to provide you with services or support. These affiliates follow the same data protection standards, including the use of the European Commission’s Standard Contractual Clauses to safeguard data shared between regions such as the EU/EEA, UK, and others.

4. In Case of a Business Transition

If OSF is ever acquired, merged, or enters bankruptcy, your Personal Data may be transferred to the new organization as part of that transition.

We apply strong security measures and legal safeguards when transferring data and are happy to provide more details about these agreements if requested. Similar appropriate safeguards are also in place with our third-party service providers and partners.

How We Transfer Personal Data Internationally

INTERNATIONAL TRANSFERS WITHIN OUR GROUP

As a global company, OSF may transfer your PII to other OSF affiliates around the world to support our operations and deliver services. Please see https://osf.digital/contact-us for a list of OSF Affiliates and their locations. No matter where your data goes, we ensure it’s protected to the highest standards.

We follow Binding Corporate Rules (BCRs) internal rules approved by the European Data Protection Board (EDPB) that guide how we handle and protect personal data across all our global offices. These rules are designed to fully align with the requirements of the General Data Protection Regulation (GDPR).

When data is transferred outside of the European Economic Area (EEA), Switzerland, or the UK, we also rely on:

  • Standard Contractual Clauses (SCCs) approved by the European Commission and Swiss authorities.
  • The UK Addendum to the SCCs for UK data transfers.

Additional technical and organizational safeguards where needed, such as data encryption, secure transfer protocols, and strict access controls.

These measures ensure your personal data remains secure and protected, no matter where it is processed.

Data Retention

In accordance with the data minimization principle, we retain Personal Data for the purpose for which it was collected. We maintain specific records management and retention policies and procedures so Personal Data are deleted after a reasonable time according to the following retention criteria:

We retain your data as long as we have an ongoing relationship with you (in particular, if you have an account with us) or as otherwise needed in order to comply with our global legal and contractual obligations.

INTERNATIONAL TRANSFERS TO THIRD PARTIES

Some of the third parties which provide services to us under contract are based in other countries that may not have equivalent privacy and data protection laws to the country in which you reside. When we share Personal Data of individuals in the EEA, Switzerland or UK with third parties, we use a variety of legal mechanisms to safeguard the transfer including the European Commission approved Data Privacy Framework Standard Contractual Clauses (SCC), as well as additional safeguards where appropriate. For transfers to or from the United Kingdom, we make use of the UK Addendum. For transfers to or from Canada, we make use of the SCCs. Please contact us if you need more information about the legal mechanisms, we rely on to transfer personal data outside the EEA, Switzerland, Canada, and UK.

Security Procedures

We have put in place security measures to prevent your Personal Data from being used or accessed in an unauthorized way. We have also put in place procedures to deal with any suspected Personal Data breach and will notify you and any applicable supervisory authority or regulator of a breach where we are legally required to do so. You can read OSF's commitment statement here.

Some of the security measures that we have put in place are the following:

  • Data Encryption: Data transmitted between the Sites and users is encrypted using secure protocols like HTTPS to prevent interception by unauthorized parties.
  • Access Control: Strict access controls are designed to limit which authorized personnel can access Personal Data or make changes to it.
  • Regular Updates: Keeping the website's software, including the CMS, plugins, and themes, up to date to protect against known vulnerabilities.
  • Secure Hosting: Using a reputable hosting service that offers strong security measures to protect the website from attacks like DDoS.
  • Monitoring and Response: Continuously monitoring the website for suspicious activity and having a response plan in place for potential security incidents.
  • Backup and Recovery: Regularly backing up the website data and having a disaster recovery plan to restore the website in case of data loss or corruption.
  • User Education: Educating employees about best practices for data safety, including strong password policies and recognizing phishing attempts.
  • Compliance and Audits: Ensuring compliance with industry standards and conducting regular security audits to identify and mitigate risks.

Third-Party Websites and Services

The Sites may contain links to other third-party web sites, products and services (collectively, "Linked Sites"). Such Linked Sites are offered for your convenience and/or information. OSF is not responsible for the contents or privacy practices of any Linked Site. Information collected by third parties may include location data or contact details. OSF makes no representations regarding the use of data by third-party websites-- third-party collection of data is governed by the privacy practices of those third parties. We encourage you to review the privacy statements posted on the other websites you visit.

Correcting and Updating Your Personal Data

We offer settings to control and manage certain Personal Data we have about you.

You have the right to:

  • Access your data.
  • Correct inaccurate data.
  • Delete your data (in certain cases).
  • Restrict or object to processing.
  • Withdraw consent anytime.
  • Data portability (receive data in a machine-readable format).

To exercise these rights, contact us at [email protected] or by filling in this Data Subject Complaint/Request Form. We will respond within 30 (thirty) days. In more detail, your rights are the following:

  • Access, Amend, or Delete your Personal Data: You can ask us to grant you access to your Personal Data, or to correct or delete all or some of your Personal Data (e.g., if it is no longer necessary to provide services to you).
  • Object to, or Limit or Restrict, Use of Data (Withdraw Consent): You can ask us to stop using all or some of your Personal Data (e.g., if we have no legal right to keep using it) or to limit our use of it (e.g., if your Personal Data is inaccurate or unlawfully held).
  • Complain: You have the right to complain to a data protection authority about our collection and use of your Personal Data.

Changes to This Privacy Statement

We may update this Privacy Statement from time to time. Any changes will be posted on this page along with the updated “Revised” date. We recommend checking back occasionally to stay informed about how we protect your data.

Trademarks

The names of companies and products mentioned within any website owned and operated by OSF may be the trademarks of their respective owners.

For Users in the EEA and EUROPE/UK

If you are located in the European Economic Area (EEA) or the United Kingdom (UK), we process your PII in line with the General Data Protection Regulation (GDPR) and applicable local data privacy laws.

Our legal basis for processing your data may include:

  • Your consent (Article 6(1)(a) GDPR).
  • Fulfilling a contract with you (Article 6(1)(b) GDPR).
  • Compliance with legal obligations (Article 6(1)(c) GDPR).
  • Our legitimate interests, provided they do not override your rights (Article 6(1)(f) GDPR).

OSF typically acts as a Data Controller when handling your Personal Data. If we process data on behalf of a customer (for example, through services we provide), we act as a Data Processor, and the customer is responsible for how your data is managed.

We may rely on the following legal bases to process your Personal Data:

  • Consent. We may process your Personal Data if you have given us permission (i.e., consent) to use your Personal Data for a specific purpose. You can withdraw your consent at any time.
  • Performance of a Contract. We may process your Personal Data when we believe it is necessary to fulfill our contractual obligations to you, including providing our Services or at your request prior to entering into a contract with you.
  • Legitimate Interests. We may process your Personal Data when we believe it is reasonably necessary to achieve our legitimate business interests and those interests do not outweigh your interests and fundamental rights and freedoms.
  • Legal Obligations. We may process your Personal Data where we believe it is necessary for compliance with our legal obligations, such as to cooperate with a law enforcement body or regulatory agency, exercise or defend our legal rights, or disclose your information as evidence in litigation in which we are involved.
  • Vital Interests. We may process your Personal Data where we believe it is necessary to protect your vital interests or the vital interests of a third party, such as situations involving potential threats to the safety of any person.

Contact details for data protection authorities in the EEA are available here: https://edpb.europa.eu/about-edpb/about-edpb/members_en.