PRIVACY POLICY
LAST UPDATED ON: JULY 12, 2022
Summary
Welcome to Onswell.
We are committed to respecting and protecting your privacy. This privacy notice sets out how we collect and use the personal data that you provide to us via this website, www.onswell.com (our "Site", together with any other services we provide to you, our "Services"). It also tells you about your privacy rights and how certain laws may apply to you.
If you have any queries about this notice or how we use your personal information, please contact us at privacy@onswell.com.
Contents
1. About us
Our Services are operated by Onswell LLC ("us", "we", or "our").
We are a limited liability company formed in Delaware, United States. We are the data controller of any data you provide to us via our Services.
2. What personal data do we collect via the Services?
'Personal data' means any data which can be associated with you as an individual, either directly or indirectly. We collect different information depending on how you use the Services and how you interact with us.
The personal data we may collect via the Services include:
We do not ask you for 'special categories' of personal data, such as details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership or health information. However, if you choose to provide us with this information, and provide us with your explicit consent, we may retain it. We do not collect data about actual or alleged criminal offences.
3. How we collect personal data
Different personal data is collected in different ways.
When you create an account to use our Services, you will provide us with your identity, contact, and log-in information, and your marketing and communications preferences.
When you enter your payment card details via our Services, they are provided to Easol which acts as our agent to collect payments related to our Services. Easol may integrate an appropriately regulated third party payment processor. Easol will act as our agent and any payment received by them from you on our behalf will discharge your obligations to make payment to us. Easol’s relationship with any third party payment processor is governed by its terms and conditions. The actions of the third party payment processors are beyond our and Easol’s control and we and Easol shall not be liable to you for any of their actions (including any losses that you, your affiliates or customers suffer as a result as any act or omission of such third party). While we will try to provide advance notice, you agree that we may, at any time and in our sole discretion, and without any notice to you, suspend, restrict or disable access to or remove from the Services, any payment processor, without any liability to you customers, including without limitation for any loss of profits, revenue, data, goodwill or other intangible losses (except where prohibited by applicable law). The third party payment processors may provide invoices for any transaction fees associated with transactions (including refunds) that you may be liable for. We do not collect or store payment card details. You will also provide us with personal data when you correspond with us.
As you use the Services, we will collect your technical, usage and transaction data as described above.
Some of this data is collected using cookies, beacons and similar technologies. Cookies are files with small amount of data which are sent to your browser (or device) from our Services and stored on your device.
We use the following cookies:
Cookie Title
Cookie Name
Purpose
Affiliate Link Identifier
aff_lk_[company_id]
Used for an affiliation program and to measure conversion.
Current Country
country
Users location based on IP. Used to infer appropriate currency for a user. Necessary for site function.
Preferred Currency
currency
Storing the user’s currency. Used for payments and necessary for site functionality.
Affiliate Link Identifier
aff_lk_[company_id]
Used for an affiliation program and to measure conversion.
Company Identification
c_id
Store the company ID associated with the subdomain. Used for authorization on some pages. Necessary for site functionality.
Company On-boarding Identification
co_id
Store the company ID for the purpose of company on-boarding. Necessary for site functionality.
Cart/Order Identification
order_id/cart_id
Used to link a user to their basket items in their cart and order for completing a purchase in checkout. Necessary for site functionality.
Last Booking Identification
[booking_id]_/conf
Keep track of whether or not to display a “thank you” page to the user after booking. Necessary for site functionality. Expires after 3 years.
Session Token
remember_token
Used to keep track of a user’s session/log in in the browser. Recognize you when you return to our site. Necessary for site functionality.
Find Device Information
fd
Used to know which device the user is using.
You can remove cookies from your computer through the settings on your browser but be aware that this may impact your ability to make use of some features on our and other web sites. Management of cookie settings varies from one browser to another. The "Help" menu of your web browser will provide full instructions.
Please note that the following third parties may also use cookies, over which we have no control. These named third parties may include, for example, advertising networks and providers of external services like web traffic analysis services. These third party cookies are likely to be analytical cookies or performance cookies or targeting cookies:
· Google Analytics
· Mixpanel
· Intercom
· Stripe
· Full Story
4. How and why we use personal data
We will only use your information where:
a) We need the information to fulfil our contract with you
If we have entered into a contract to provide you with our Services, we will need your personal data in order to do so. The personal data that we use will depend on the service(s) we have agreed. For example:
b) We have a legitimate interest (reasonable business purpose) in doing so
We will use your information for our legitimate business reasons where our doing so will not unduly affect your rights.
We will use your identity, log-in, contact and usage information to keep our records up to date.
We will use your technical, location and usage information to:
We may also use any or all of the information above to administer and manage our business in general, to detect and prevent misuse of our Services (including fraud and unauthorized payments), and to enforce our Terms of Use or any other contract to which we may be a party. If you feel that your interests and fundamental rights outweigh our business purposes, and that we should therefore stop processing your data, please let us know.
c) You have given us your consent
If you sign up to our mailing lists, we will send you updates and marketing information that you have consented to receive. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or instructions provided in any email we send, or by emailing us at privacy@onswell.com.
We will only ever store any 'special categories' of data when you have provided us with your explicit consent to this.
We will only ever use your exact location data if you have given us your express consent to this. Likewise, we may need your contact, identity, technical and/or usage information to respond to a question you have asked us.
d) We need to comply with a legal or regulatory obligation
In certain circumstances, we may need to retain or use your personal data to comply with regulations and/or the law.
5. Children
Our Services are not intended to be used by any child under the age of 18. Please do not provide us with any personal data relating to children under the age of 18 unless you are their legal guardian.
6. How we share personal data
We will share your data:
a) With our trusted third-party service providers
These include:
We will only disclose your data to third-party service providers under terms of confidentiality, and they will only use your personal data for the purposes stated in this notice.
As noted above, we do not share your payment information with payment processors – instead you provide your payment information to Easol, our agent, and their third party payment processors. For information about how they use your personal data, please see Easol’s privacy notice here. The only exception to this is if we suspect that your account is being misused, in which case we may discuss certain aspects of your transaction history and/or identity details with Easol and their payment processors.
We will also share your information with other third parties and suppliers, but only if you ask us to do so or to the extent necessary to provide the Services.
b) With other members of our Services
Where we provide the functionality, you may choose to share some of your profile information with other members of the Services. We will never make your profile visible to other members without your express consent.
c) If you choose to share it via social media
Where we provide the functionality, you may choose to share some of your information from our Services with your friends, followers or contacts on social media.
Your personal data may be disclosed or transferred to potential or actual buyers of, investors into or lenders to our business or any of our assets, or any of the advisors or representatives of the above. If so, we will ensure that appropriate confidentiality terms are in place.
On rare occasions, we may share personal data when we believe it is necessary to comply with the law, regulation or legal request (including a court order or government inquiry); to enforce or apply our terms of use or other agreements; in the context of a business reorganization or restructuring exercise; or to protect the rights, property, or safety of our business, our employees, our users, or others.
7. International transfers
Where we transfer personal data to a recipient in a third country in the absence of an adequacy decision by the European Commission, we take care to ensure that our data exports are compliant with data privacy law. We do this by relying on the Model Clauses and/or ensuring that the recipients of the data are certified under the EU-US Privacy Shield scheme. For further information, and/or to obtain copies of the relevant documents, please contact us at privacy@onswell.com.
Transfer of Data from European Economic Area (“EEA”) to United States of America
If you are located in the EEA, it is necessary for us to transfer your personal information outside of the EEA to our Website and third-party service providers located in the United States of America and as described herein.
When personal information is transferred to and stored in a country not determined by the European Commission as providing adequate levels of protection for personal information such as the United States, we take steps to provide appropriate safeguards to protect your personal information by implementing Model Clauses.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal information out of the EEA.
Notice of Transfer of Data From Canada to United States of America
If you are located in Canada, you understand that your personal information is being transferred from Canada to the United States of America.
8. Your United Kingdom and European Union privacy rights
You have the right to:
· Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
· Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
· Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
· Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
· Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
o If you want us to establish the data's accuracy.
o Where our use of the data is unlawful but you do not want us to erase it.
o Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
o You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
· Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
· Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
9. Your California privacy rights
The California Consumer Privacy Act, Cal. Civ. Code §§ 1798.100 et. seq., as implemented and amended (the “CCPA”) governs the use of ‘personal information’, which includes any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household.
If you are a California consumer, you may have the right, subject to certain exceptions defined in the CCPA, to request that businesses (as defined by the CCPA):
· disclose certain information to you about their collection, use, and disclosure of your personal information over the past 12 months and to request access to such information;
· delete any of your personal information that it has collected from you and retained; and
· not sell your personal information.
California consumers also have the right not to receive discriminatory treatment if they exercise the rights list above.
Businesses are not required to respond to a consumer’s requests for access or disclosure of personal information more than twice in a twelve (12) month period.
California Civil Code Section 1798.83 permits California residents to request a list of all third parties to which we, during the immediately preceding calendar year, have disclosed certain personal data for direct marketing purposes. We do not share personal information with other people or non-affiliated businesses for their direct marketing purposes. We are only required to respond to a customer request once during any calendar year. To make such a request you should send an email to privacy@onswell.com. Please be aware that not all information sharing is covered by the California privacy rights requirements and only information sharing that is covered will be included in our response.
Additionally, we do not sell your personal data to third parties.
We may act as a service provider when we collect personal information on behalf of our providers. In such instances, any request for such personal information should be made directly to the organization that uses our Services. If you submit a verified consumer request to us for such information, we will direct you to make that request directly to our providers.
9. Your Nevada privacy rights
Although we do not sell personal data, Nevada residents have the right to submit a verified request directing us not to sell their personal data. If you are a Nevada resident, and would like to submit such a request, please send your request by contacting us at privacy@onswell.com.
10. Data security
The safety of your personal data is of paramount important to us, and we use various technical and organizational measures to ensure that your data is secure.
However, no transmission of information via the Internet or electronic storage is ever completely secure. Although we take appropriate measures to safeguard against unauthorized disclosures of information, we cannot guarantee the security of your data.
11. How long we keep personal data
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
To obtain further information about how long we retain your personal data, please contact us at privacy@onswell.com.
12. Third party links
Our Services may contain links to third-party sites whose information practices may be different than ours. Please consult all third-party sites' privacy notices, as we have no control over information that is submitted to, or collected by, third parties and are not responsible for the privacy practices of such third-party sites.
13. Your rights
You have the right to:
You also have the right to lodge a complaint with the Office of the Attorney General (https://oag.ca.gov/) or the EU supervisory authority of competent authority for data protection issues, as applicable. We would, however, be grateful if you would contact us in the first instance so we can endeavor to deal with your concerns direct.
If you wish to exercise any of these rights, please contact us at privacy@onswell.com.
To protect your privacy and security, we will take reasonable steps to help verify your identity before granting access or making corrections.
14. Changes to this notice or your data
We may amend or modify this privacy notice from time to time. We will post any revised notice on this site and on our app, and if the changes are significant, we will notify you by email.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.