The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a privacy and data protection regulation adopted for the European Union (EU). The GDPR imposes obligations on organizations that control or process personal data and is applicable to any organization that offers goods or services to individuals in the EU.
The personal data of our users is important, regardless of their location, which is why we maintain GDPR compliant standards across all our operations specifically, when individuals who are based in the EU create accounts in Organimi, upload data through our data import features, and use other features of our software programs.
Organimi does not collect confidential personal information on individual users, except information such as a unique ID created for our system, user-created passwords for accessing the system, and similar data. Rather, users contribute information about themselves and others to the Organimi application. Depending on whether they are a visitor or a user, this information may be processed and stored in Organimi, or processed and stored in other third-party applications which we use to provide Organimi services, such as marketing, client support, database hosting, and other similar services.
Processing Personal Information
Personal information may include, for example, basic (“name, rank, serial number” type) data, contact details, such as email and phone data, and other custom fields contributed by our clients, such as work-related information relevant to their role type or their individual employment status. For account owners, administrators, users with editing permissions, and viewing rights, Organini process records of their usage history.
How We Use Your Personal Information
When collecting and processing your personal information, Organimi uses such data consistent with industry best practices to support improvements in our product offerings, responsive and responsible client service, and delivery of innovative new features and capabilities to meet user requirements.
We would typically use personal information contributed by users or generated through their use in the following ways:
- To provide users with Organimi products or services,
- To manage the products or services users have with us,
- To create anonymized data assets, not involving the use of personally identifiable information, which can be used in our research and development activities, for product development, and to support commercial initiatives we think may be useful for current or future customers,
- To improve the operation of our business and the quality, range, and reliability of the products and services we offer,
- To perform tests of our products, services, and internal processes.
Organimi only retains and uses personal data if and to the extent needed to accomplish the above-stated purposes. Should collected data not accomplish any of these intended purposes, it would be capable of being deleted. We use commercially reasonable efforts to enable our customers to manage access to and deletion of their own data using automated deletion tools.
Using Your Personal Information Legally
Right to Access and Right to be Forgotten
Organimi visitors and subscribers have the right to obtain confirmation as to whether or not personal data concerning them is being processed, where it is being processed, and for what purpose. They have a right to request the information held by Organimi in a commonly used and machine-readable format. Likewise, requests may be made at any time for the modification or correction of personal data. Organimi subscribers may export the data they have imported to Organimi at any time, free of charge, in an electronic format, using our data export features. Additionally, visitors and subscribers have the right to be forgotten, which entails that, upon request, Organimi will erase the personal data contributed by subscribers to Organimi accounts and cease its further dissemination.
Organimi conducts or commissions periodic audits for its products, processes, operations, and management. We believe we use commercially reasonable efforts and follow common industry practices and procedures to identify risks and assess and investigate any personal data breaches on a timely basis. All findings of data breaches are communicated to our team. Should a breach of personal information be discovered, subscribers and users affected by such breach will be notified of the details of the breach within a reasonable period of time as required by GDPR. They will also be notified of the remedial procedures in place. For incidents specific to an individual, Organimi will notify the concerned party through their primary email address provided.
Data Processing Agreements With Third Parties
Data controllers, such as Organimi, are required to use data processors that can guarantee the implementation of measures that meet the requirements of the GDPR. Our data processing agreement with Amazon AWS, our cloud service provider, and primary data processor, ensures that our users’ and subscribers’ data is processed in compliance with the protections afforded by the GDPR. Organimi also uses other industry platforms of major technology vendors, such as Google and Microsoft, and we refer our visitors and subscribers to their websites for their description of their GDPR compliance. Organimi shall use reasonable commercial efforts and appropriate diligence to select third-party service providers, including these parties as well as other vendors of software systems, components, and tools used by Organimi to operate our business and process visitor and user data, that substantially comply with GDPR requirements, including adopting GDPR compliant data processing agreements.
If you have any questions about our GDPR compliance, please contact firstname.lastname@example.org.