At Otiom, we think the right to privacy is crucial. We protect the personal data we collect about you. You can see how below.
Otiom is a Danish company with its head office in Aalborg, and is a subsidiary of Acubit. Both companies respect your privacy. This privacy statement describes your rights to privacy and our commitment to securing your personal data. Otiom is subject to European privacy laws and the General Data Protection Regulation (GDPR).
Otiom is a localisation service which can be used to find missing persons. It is supplied to private and public companies (customers) in Denmark and the rest of Europe. We collect data to optimise and improve localisation and the user experience
Otiom’s policy on confidentiality and processing personal data
The way we work is based on the privacy laws which are applicable in your country. As we are based in the European Union, European privacy laws also apply. The laws give you a high level of protection by only allowing us to use your data when the conditions of these laws are met. Otiom’s policy on confidentiality and processing personal data reflects these laws, and we use this policy globally.
What types of personal data do we collect?
When you use our websites, products and services, we collect data from or about you. The data we collect depends on how you use our product. We collect and process three categories of data:
Data you provide
This comprises the data which you provide to us when you use our websites, products and services. This data includes, for example, names, e-mail addresses, addresses, telephone numbers, user names, passwords, login IDs and credit card information, as well as additional information which you provide when using our products.
Data collected via sensors
Examples of sensors: our NB antenna, GPS receivers, WiFi or Bluetooth receivers. When these sensors are activated, they automatically collect data. Depending on the purpose the data was collected for, the data may, in combination with data which identifies you or your device, be sent to Otiom and others for later use.
This refers to all data collected or generated automatically while using Otiom’s websites, products or services. In many cases, metadata is collected or generated as an integral part of your use of a computer device or by the transfer of data across computer networks like the internet. This data includes events on the user interface and other events which happen when using the device, IP addresses, unique device identifiers, WiFi and Bluetooth MAC addresses, cookies and registration of computer activity.
Data we receive from others
We receive data from third parties. They have collected this data in accordance with their privacy policies, on their own responsibility, and shared it with us. We use this data within the framework which the third parties have allowed us to, and we also comply with our own principles and policies regarding personal data. For example, we receive data about location, speed, sensors and other vehicle and device data from mobile phone users and online map services, among other sources. We only use this data after we have made sure that it cannot be traced back to you.
We also receive data about you from others when you have interacted with them, for example, if you visit their websites or use their mobile apps. This data may include IP addresses, unique device identifiers, advert identifiers, WiFi and Bluetooth MAC addresses, cookies and other records of computer activity, as well as indications about your behaviour, interests and demographics.
Otiom does not process sensitive personal data about you.
What is personal data?
Personal data is information relating to an identified or identifiable natural person (the data subject, the user). An identifiable person is a person who can be identified, directly or indirectly, by reference to an identification number or to one or more factors specific to their physical, physiological, mental, economic, cultural or social identity.
What is the processing of personal data?
The processing of personal data is any action or series of actions performed concerning personal data, such as collection, recording, systematisation, storage, adaptation or alteration, downloading, consultation, use, disclosure by transmission, dissemination or otherwise in which personal data is made available, comparison or combination, blocking, deletion or destruction.
How do we process your personal data?
1. Otiom complies with applicable law when processing your data.
2. Otiom collects personal data for specified, explicit and legitimate purposes and does not process personal data further in a way which is inconsistent with those purposes.
3. Otiom ensures that personal data is sufficient for and relevant to the purposes for which it is collected and/or later processed.
4. Otiom ensures that personal data is accurate and updated.
5. Otiom does not store personal data in a form which enables the identification of users for longer than is necessary for the purposes for which the personal data was collected or further processed.
6. Otiom only processes personal data if:
a) The user has given their explicit consent, or
b) Processing is necessary for the performance of an agreement to which the user is a party, or to take precautions that a user has requested before entering into a contract, or
c) Processing is necessary to ensure compliance with statutory obligations to which Otiom is subject, or
d) Processing is necessary for legitimate interests of Otiom’s, unless such interests disregard the user’s fundamental rights and freedoms, including the right to privacy.
7. Otiom does not process personal data about racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or sexual relations.
8. Otiom only processes personal data concerning health, or data provided by the user in the basic contact details.
9. To ensure reasonable processing of personal data, Otiom informs users about the purpose of the processing and how users can access and correct their personal data.
10. Otiom implements appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of personal data on a network, and against all other unlawful forms of processing. Otiom does this with an awareness about the latest technology, ensuring a level of security appropriate to the risks presented by the processing.
11. If others perform processing on Otiom’s behalf, Otiom ensures that the processor provides and complies with adequate safeguards for the technical and organisational measures regarding the processing to be performed. Otiom ensures that the processing is controlled by a data processing agreement which binds the processor to the controller and in particular stipulates that:
a) The processor only acts on instructions from Otiom;
b) The provisions of provision 10 apply to the processor.
12. The police and other authorities may require Otiom to disclose personal data. In such cases, Otiom will only disclose data if there is a court order or an equivalent measure which makes this mandatory.
13. Otiom processes personal data in the European Economic Area (EEA). In cases where personal data is transferred or processed outside the EEA by Otiom or on Otiom’s behalf, Otiom will ensure adequate safeguards for the protection of privacy and fundamental rights and freedoms, as well as for exercising the corresponding rights, by applying appropriate contractual clauses or other acceptable legally binding instruments.
How does Otiom secure and store personal data?
Otiom is obligated to prevent unauthorised access, disclosure or other deviant processing of personal data. Otiom ensures the confidentiality of the personal data it processes and ensures accessibility in compliance with applicable law on personal data protection.
We take reasonable and appropriate organisational, technical and physical precautions and procedures to protect the data we collect and process. Vigilance and respect among our employees in connection with data protection are fundamental to ensuring the lawful processing and protection of your data, including:
- Mandatory recording procedures for processing activities and risk assessments.
- Entering into data processing agreements with all subcontractors who process data on behalf of Otiom.
- Assessment of the use of encryption and pseudonymisation as risk mitigation measures.
- Restricting access to personal data to individuals who need it to comply with obligations in connection with entering into agreements or legislation, etc.
- Use of systems that detect, prevent and warn of any personal data breach.
- Use of security and self-assessment to analyse whether the existing technical and organisational measures will be sufficient for the protection of personal data, based on the requirements laid down in the applicable data protection law.
- Localities are protected by access control.
How long do we store your personal data for?
Otiom stores data that tells us how and when you use our services. This includes data about the device you are using and the data we receive when you use the service, for example, locations, routes and activation of the alarm feature. Otiom uses this data for technical troubleshooting to improve its services and products and to record any misuse. The data is only stored for these purposes and only for a limited period, after which it is deleted. Otiom cannot identify you from this data, and we will not try to do so. Otiom uses security methods that are based on industry standards to protect the data from unauthorised access. Otiom will not give anyone else access to your data or use it for other purposes unless we are explicitly and legally required to do so according to due legal processes.
To what extent does Otiom use subcontractors?
Otiom uses subcontractors to process personal data. These subcontractors are typically providers of cloud services and other IT hosting services.
Otiom enters into data processing agreements (DPA) with subcontractors to secure your personal data rights and to fulfil our commitments to our customers.
Otiom uses your Otiom profile to provide you with services you have enabled, software upgrades and the parts of our website that require registration, for example, information about your purchase or subscription. We also use your Otiom profile if you want to buy additional products.
To create an Otiom profile, you must, as a minimum, provide us with your name and e-mail address and choose a password. Otiom recommends that you keep your profile information confidential and use a password that you do not use elsewhere.
We use your e-mail address when we occasionally send information related to the products and services that are registered to your Otiom profile. We only do this if there are updates that you must know about to ensure that you use your product securely and reliably without disruption or if it is required by law to contact you.
If you want to delete your Otiom profile, please contact us at email@example.com.
We will not share your Otiom profile data with anyone unless they are working under our responsibility or under our instructions, or unless we are explicitly and legally required to do so according to due legal process.
What rights do you have?
You have the right at any time to access, correct or delete your personal data by informing Otiom. You can also limit or raise objections to Otiom’s processing of your personal data under this Privacy Statement or other service-specific terms.
Requests can be submitted to firstname.lastname@example.org.
You can also submit a complaint to the Danish Data Protection Agency regarding the processing of your personal data.
The right to opt out of marketing communications
You can opt out of receiving marketing communications from Otiom by 1. Following the instructions to opt out of the relevant marketing communications 2. Contacting us by e-mail at email@example.com Even if you opt out of receiving marketing communications, you will still receive order confirmations and notifications that are necessary to manage your account or services provided to Otiom’s customers.
Amendments to the Privacy Statement
Any amendments to this Privacy Statement will be published in an updated statement on this website. We encourage you to review the Privacy Statement regularly. If we make material amendments to our Privacy Statement which significantly change our practice for personal data protection, we will inform you by sending an e-mail or by posting a message on our website and/or on social media before the changes take effect.
This Privacy Statement was updated on 21 December 2018.
If you have any comments or questions concerning our Privacy Statement and data use or a possible breach of your personal data, you can e-mail them to firstname.lastname@example.org. You can also send your request in writing to Acubit ApS, Att. The Data Protection Officer, Alfred Nobels Vej 21A, DK-9220 Aalborg.
We process your requests in confidence.