At Otiom, the right to privacy is the most important thing for us. We protect the personal information we collect about you. You can see how below.
Otiom is a Danish company with headquarters in Aalborg and a subsidiary of Acubit. Both companies respect your privacy. This privacy statement describes your privacy rights and our obligation to safeguard your personal information. Otiom is subject to the European legislation on data protection and the General Data Protection Regulation (GDPR).
Otiom is a location service that can be used to prevent people with dementia from wandering. At the same time, Otiom helps to ensure that people who wander and get lost are found quickly, accurately and safely. It is provided to private and public companies (customers) in Denmark and the rest of Europe. We collect information for the purpose of optimising and improving both localisation and user experience.
We work in accordance with the privacy laws that apply in your country. As we are based in Europe, European legislation on the protection of personal data also applies. The legislation gives you a high level of protection by only allowing us to use your data when the provisions in these laws are complied with. Otiom’s privacy and personal data processing policy reflect these laws, and this policy is also applicable globally.
What types of personal data do we collect?
When you use our websites, products and services, we collect data from or about you. The data we collect depends on how you use our product. We collect and process three categories of data:
The data you provide
This comprises the data that you disclose to us when you use our websites, products, and services. These data includes names, email addresses, address, phone number, username, password, login ID and credit card information, as well as the information you otherwise provide in connection with the use of our products.
Data collected via sensors
Sensors are for example our NB antenna, GPS receivers, Wi-Fi or Bluetooth receivers. These sensors automatically collect data when activated. Depending on the purpose for which the data was collected, the data in combination with data that identifies you or your device may be sent to Otiom and others for subsequent use.
This refers to all data that is collected or automatically generated while you use Otiom’s websites, products or services. In many cases, metadata is collected or generated as an integral part of your use of a computer device or by the transfer of data over computer networks such as the internet. This data comprises user interface events and other events when using the device, IP addresses, unique device identifiers, Wi-Fi and Bluetooth MAC addresses, cookies, and computer activity tracking.
Data we receive from other parties
We also receive data from others about you when you have interacted with them, for example when you have visited their websites or used their mobile apps. This data may comprise IP addresses, unique device identifiers, advertisement identifiers, Wi-Fi and Bluetooth MAC addresses, cookies and other computer activity registrations, as well as indications about your behaviour, interests and demographics.
Otiom does not process sensitive personal data about you.
What is personal data?
Personal data means any information relating to an identified or identifiable natural person (the registered, the data subject) An identifiable person is a person who may be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
What is the processing of personal data?
Processing of personal data is any operation or set of operations which is performed on personal data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
How do we process your personal information?
- Otiom follows the at any time applicable law on the processing of your data.
- Otiom collects personal data for explicitly specified and legitimate purposes and does not further process personal data in a manner that is incompatible with those purposes.
- Otiom ensures that personal data is adequate and relevant in relation to the purposes for which it is collected and/or subsequently processed.
- Otiom ensures that personal data is correct and up to date.
- Otiom does not store personal data in a form that allows users to be identified for a longer period than is necessary for the purposes for which the personal data was collected, or for which it is later processed.
- Otiom only processes personal data, if:
- The user has unequivocally given his or her consent;
- Processing is necessary for the fulfilment of an agreement to which the user is a party or to take precautions requested by the user prior to the conclusion of the contract;
- Processing is necessary to ensure compliance with legal obligations to which Otiom is subject;
- Processing is necessary in connection with legitimate interests undertaken by Otiom, unless such interests override the fundamental rights and freedoms of the user, including the right to privacy.
- Otiom does not process personal data about racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or sexual orientation.
- Otiom only processes personal data relating to health conditions if the user has provided this in their basic contact details.
- To ensure reasonable processing of personal data, Otiom informs about the purpose of the processing and how the users can access and correct their personal data.
- Otiom implements necessary technical and organisational measures to protect personal data against accidental or unlawful destruction, accidental loss, alteration, or unauthorised disclosure or access, in particular where the processing involves transmission of personal data in a network, as well as against any other form of unlawful processing. Otiom does this with awareness of the latest technology to ensure an adequate level of security in relation to the risks entailed by the processing.
- If others undertake processing on behalf of Otiom, Otiom ensures that the data processer provides and complies with sufficient guarantees regarding the technical and organisational provisions relating to the processing that is to be carried out. Otiom ensures that the processing is regulated by a data processing agreement which binds the processer to the controller and which, in particular, establishes that:
a) The processer only acts on the instructions of Otiom;
b) The provisions in section 10 apply to the processor.
- The police and other authorities may require Otiom to disclose personal information. In such cases, Otiom will only disclose the information if there is a court order or equivalent which orders this action.
- Otiom processes personal data in the European Economic Area (EEA). In cases where personal data is transferred or processed outside the EEA by Otiom or on Otiom’s behalf, Otiom will ensure there are appropriate safeguards with regard to the protection of confidentiality and fundamental rights and freedoms, as well as for the exercise of other rights associated with these, by applying appropriate contractual clauses or other acceptable legally binding instruments.
How does Otiom safeguard and store personal data?
Otiom undertakes to avoid unauthorised access, disclosure or other diverging processing of personal data. Otiom ensures the confidentiality of the personal data we process and ensures its availability in accordance with applicable data protection laws.
We take reasonable and adequate organisational, technical and physical procedures and provisions to protect the information we collect and process. Vigilance and respect among our employees in connection with data protection is fundamental for ensuring a legal processing and protection of your information, including:
- Mandatory procedures for registering processing activities and risk assessment.
- The entering into of data processing agreements with all subcontractors who process data on Otiom’s behalf.
- Evaluation of encryption and pseudonymisation as risk mitigation measures.
- Restricting access to personal data to persons who require it to fulfil obligations in connection with agreements or legislation etc.
- Utilising systems that detect, prevent and warn of any possible personal data security breaches.
- Utilising security evaluation and self-assessment to analyse whether existing technical and organisational measures are sufficient for the protection of personal data based on the requirements set out in applicable data protection legislation.
- Locations are protected by access control.
Length of time that we store your personal data
Otiom retains information that tells us how and when you use our services. This covers information about the device you are using and the information that we receive when you use the service, including locations, routes and activation of the alarm function. Otiom uses this information for technical troubleshooting purposes, to improve its services and the product and to detect possible misuse. The information is only stored in connection with these purposes and only for a limited period, after which it is deleted. Otiom cannot identify you based on this information and we will not attempt to do so. Otiom utilises security methods based on industry standards to protect the information against unauthorized opening. Otiom will not give anyone else access to your information or use it for any other purpose unless we are explicitly and legally required to do so after proper legal process.
To what extent does Otiom use subcontractors?
Otiom uses subcontractors to process personal data. These subcontractors are typically providers of cloud services or other IT hosting services.
Otiom enters into data processing agreements (DPA) with subcontractors to protect your personal data rights and to fulfil our obligations towards our customers.
Otiom uses your Otiom profile to give you access to services you have activated, software upgrades and the parts of our website that require registration, such as information about your purchase or subscription. We also use your Otiom profile if you wish to purchase additional products.
To create an Otiom profile, you must as a minimum provide your name and email address and choose a password. Otiom recommends that you keep your profile information confidential and use a password that you do not use elsewhere.
We use your email address when we occasionally send information that is related to the products and services registered under your Otiom profile. We only do so if there are updates you must be aware of to ensure that you can use your product in a safe, reliable manner without disruption, or if we are legally required to contact you.
If you wish to delete your Otiom profile, please contact us at email@example.com.
We do not share your Otiom profile information with anyone, unless they work under our responsibility, according to our instructions, or we are explicitly and legally required to do so after proper legal process.
What are your rights?
You have the right to access, correct or delete your personal data at any time by requesting Otiom to do this. Similarly, you may also limit or express objections to Otiom’s processing of your personal data in accordance with the privacy statement or other service-specific terms.
Please submit any requests to firstname.lastname@example.org.
You may also make a complaint to the Danish Data Protection Agency regarding the processing of your personal data.
The right to unsubscribe from marketing communication
You can unsubscribe from marketing communication from Otiom by: 1. Following the instructions for unsubscribing in the relevant marketing communication 2. Contacting us by email at email@example.com. Even though you unsubscribe from marketing communication, you will continue to receive order confirmations and notices which are necessary for administering your account or the services provided to Otiom’s customers.
Changes to the privacy statement
Any changes to this privacy statement will be published by updating this statement on the website. We recommend that you review the statement regularly. If we make significant changes to our statement, which significantly alter our data protection practice, we will inform you of this by sending an email or by publishing a message on our website and/or on social media prior to the changes coming into effect.
This privacy statement was updated on 21 December 2018.
If you have any comments or questions regarding our privacy statement and data use, or about a possible breach of your personal data protection, you should send them to firstname.lastname@example.org. You can also send your request in writing to: Acubit ApS, attn. The Data Protection Officer, Alfred Nobels Vej 21A, DK-9220 Aalborg Ø.
All requests are confidential.