Privacy Policy

Last updated: July 2024

Introduction

Here at Onsi, a trading name of Collective Group Holdings Ltd, Collective Society Ltd, Collective Benefits Ltd, Collective Netherlands BV and Collective Denmark ApS (Onsi Denmark ApS) (they're our fancy official legal names and more simply "we" or "us" and where required, "Onsi", "onsi.com" also meaning the websites and applications www.onsi.com, app.onsi.com, our native mobile application and partners.onsi.com and referred to as the "Sites"), we take your privacy seriously.

We are committed to protecting the privacy of any personal data we collect, organise, structure, share, use, or otherwise process about you, complying with all relevant and applicable data protection legislation, in particular the General Data Protection Regulation (EU) 2016/679 ("GDPR") in respect of our EU-based activities and the UK Data Protection Laws (namely the UK GDPR and the UK Data Protection Act 2018) in respect of our UK activities, and only using your personal data for the purposes set out in this Privacy Policy. That's very important to us.

Depending on where you reside and from where you are using our services, there may be different data protection laws that apply when we use your personal data and/or certain rights may not apply in certain jurisdictions. Therefore, we have indicated throughout this Privacy Policy, as applicable, if certain information will not apply in particular jurisdictions. Additional jurisdiction-specific information relating to Australia, Israel and Singapore can be found in the addendums at the bottom of this Privacy Policy.

This Privacy Policy along with any additional terms of use, terms of business and/or end-user licence agreement ("EULA") apply to your use of the Sites.

Please grab a cup of coffee or tea (and perhaps a biscuit if you're peckish) and take the time to read this Privacy Policy, as it is important for you to understand how we collect and use your data when you use our website. This Privacy Policy explains how we collect, use and store your personal data, including any which you provide to us. We keep our Privacy Policy under regular review and you can see the last time it was update at the top of this policy.

Throughout this Privacy Policy we use the following terms:

"Customer" and "Customers" to refer to on-demand platforms and other platforms, businesses and communities that work with and support flexible workers and to whom we have arranged the insurance policy for and/or have a contract with.
"Beneficiary" to refer to flexible workers who are covered by an insurance policy we have arranged for them, placed for a Customer and / or who are required to accept (i) our terms of use, (ii) our terms of business and (iii) in the UK our membership club rules.
"Partner" or "Partners" to refer to insurance intermediary, insurers, banking institutions and payment processors and third-party suppliers.
"Website User" or "Website Users" to refer to visitors to our Sites.

Where we need to collect personal data by law or under the terms of a contract we have with you and that personal data is not provided when requested, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

If you have any questions about our Privacy Policy, please contact us through the details set out in the 'Get in touch' section below.

So, what data do we collect about you?

"Personal Data" is data that relates to you and identifies or can be used to identify you – this might be your name, email address, or other digital identifiers relating to you such as cookies, IP addresses or logs (think of it a little like bringing the classic board game 'Guess Who' into the 21st Century).

We may collect, use, store and transfer different kinds of Personal Data about you which we have grouped together as follows:

Type of Data	Description
Identity data	Name, username or similar identifier, date of birth
Proof of Identity data	Copy of a passport, drivers licence or other photo identification. Confirmation of your address, for example a utility bill or bank statement.
Contact data	Billing address, email address or telephone numbers
Earning data	Earnings or salary for work perform for, on behalf of, or obtained through a Customer
Employment data	Includes income; employment status; shifts and hours; name of employer and place of work.
Financial data	Bank account number, sort code, IBAN, account holder name or other information you provide us about your bank account.
Transaction data	Details about payments to and from you where you are a Customer or Beneficiary
Insurance data	Information which is relevant to the insurance policy we place or arrange any claims made under a policy. For example, where you are a beneficiary under an insurance policy we place, we collect your name, email address, phone number and your platform ID (this is the identification that is provided to you by the company engaging you as a worker).
Marketing and Communications data	Your preferences in receiving marketing from us and our third parties and your communication preferences
Profile data	Username and password, income or salary information, your preferences, feedback and survey responses
Special category data	Where you are a Beneficiary, we will collect your current or former physical or mental health.
Technical data	Includes cookies, internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types, and versions your device's gyroscope data, operating system and platform and other technology devices you use to access the Sites. Such Technical data is collected from Website Users.
Usage data	Information about how Website Users use the Sites and services

Please note that our wellbeing offering in which workers are offered wellbeing support, is provided exclusively by third party providers. This means that we do not collect or process any personal data or special category data as part of this offering. Please review any Third Parties' privacy policy which will be provided to you to understand how they process your personal data.

We also aggregate and anonymise your personal data to form statistical or demographic data ('Aggregated Data'). For example, we may aggregate your Usage data (where you are a Website User) to calculate the percentage of users accessing a specific website or platform feature. Such aggregated and anonymised data is not Personal Data and does not directly or indirectly reveal your identity. However, if we combine or connect Aggregated Data with your Personal Data so that it can directly or indirectly identify you, we treat the combined data as Personal Data which will be used in accordance with this Privacy Policy.

How do we collect your Personal Data?

We collect Personal Data about you when you access our Sites, register as a Beneficiary with us either directly or via one of our Customers, sign up to our membership club, sign up to our rewards card, sign up to a benefits package, contact us, send us feedback, post material to one of our platforms or interact with us through the Sites over the telephone, or face to face.

We collect this Personal Data from you either directly, such as when you register with us, or contact us, and indirectly, such as your browsing activity while on the Sites (see 'Cookies' below).

We use different methods to collect data from and about you including through:

Direct interactions. You may give us your identity and contact information by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
- create an account;
- apply for our products or services;
- correspond with us directly;
- subscribe to our services or publications;
- give us feedback or contact us;
- request marketing to be sent to you; and
- enter a competition, promotion or survey;
Automated technologies or interactions. We'll automatically collect technical data about your equipment, browsing actions and patterns when you, as a Website User, use the Sites. We'll also automatically collect telematics and gyroscope data from your device when you use the Halo's crash detection feature. We collect this personal data:
- using cookies, server logs and other similar technologies. We may also receive technical data about you if you visit other websites employing our cookies. Please see our cookie policy for further details; and

Third parties or publicly available sources. We receive personal data about you from various other third parties and public sources as set out below:

our Customers (where you are an individual working for one of our Customers or a Beneficiary);
Partners who might introduce customers to us such as another insurance intermediary and/or insurers;
technical data from analytics providers such as Google based outside the UK; and
identity and contact data from publicly available sources such as credit reference agencies, or customer due diligence providers, or Companies House where you are a Partner or Beneficiary.

And how do we use your Personal Data?

We have set out below descriptions of the ways we use your Personal Data and under applicable data protection laws, we must have a 'lawful basis' to do so. We have set out below different ways we use your Personal Data and our lawful basis for doing so:

where we need to use your Personal Data to enter into or perform our contract with you, for example, in order to fulfil our obligations under the agreement we have in place with you. In respect of our motor insurance product in the UK, we will process your Personal Data because it is necessary to enter into or perform our contract with you i.e., to check your eligibility;
where we have a legitimate business interest to use your Personal Data. A legitimate interest is when we have a business or commercial reason to use your information which, when balanced against your rights, is justifiable such as maintaining our business records, ensuring the security of our systems and analysing and improving our business model and products. In all such cases, we will always consider your interests and undertake a balancing exercise to ensure that our business interest does not cause you harm or override your own interest;
where we need to process your data for compliance with our legal and/or regulatory obligations such as compliance with data protection laws; or
in limited circumstances where we have your consent.

When the information that we process is classed as a special category data, we must have one of the following additional legal grounds for such processing:

it is necessary for an insurance purpose and it is in the substantial public interest. This will apply where we are advising or arranging an insurance policy, assisting with your claims as a Beneficiary under a policy, and undertaking any activities to prevent and detect fraud. Please note that this lawful ground will only apply to our UK operations;
you have provided your consent. There may be some circumstances that without your consent to use your special categories of information we would be unable to arrange your insurance cover. We will notify you when this will be applicable and why your consent is necessary; or
where the use of your special category data is necessary to establish, exercise or defend our legal claims, for example legal proceedings have been brought against us or we want to bring a legal claim ourselves.

We may process your Personal Data in reliance of more than one lawful basis depending on the specific purpose for which we are using your Personal Data. If you want to know exactly which lawful basis we're relying on (where more than one lawful basis is set out in the table), please get in touch.

Please note that this table is generally applicable to all UK and EU jurisdictions except where otherwise stated.

What we use your Personal Data for	What Personal Data we collect	Our lawful basis for processing
To register you, as a Beneficiary, on our platform and to inform a Customer if you have registered	Identity Contact Profile	Performance of a contract with you Legitimate interests (to develop our services and grow our business)
To confirm your identity	Proof of Identity Identity	Performance of a contract with you
Where you are a Customer or an individual working at a Customer, or a Beneficiary we use your Personal Data to process your orders or requests and to deliver services to you effectively, which may include the selling of regulated products, like insurance, unregulated products and/or access to deals, discounts and offers provided by third party suppliers.	Identity Contact Employment Financial Transaction	Legitimate interests (being efficient about how we deliver our services and fulfil our obligations.) Performance of contract Necessary to comply with a legal obligation Necessary to establish, exercise or defend legal rights
To process insurance, provide insurance policies, evidence of cover, processing of claims and complaints relating to insurance cover or claims made by a Beneficiary.	Identity Contact Financial Profile Insurance Data Special category data	Performance of a contract with you (as a Beneficiary who has signed up to our terms of use) Legitimate interests (being efficient about how we deliver our services and fulfil our obligations including managing and maintaining insurance policies including claims and complaints.) Necessary to comply with a legal obligation Necessary to establish, exercise or defend legal rights. In the UK, we rely on the substantial public interest condition that processing of Beneficiary's Special category data is necessary for an insurance purpose In France, we rely on explicit consent for the processing of special category data. In Austria, we rely on Section 11a Austrian Insurance Contract Act (VersVG) for the processing of special category data insofar as the processing is indispensable (i) to assess whether and under which conditions an insurance contract is concluded or amended, (ii) for the administration of existing insurance contracts or (iii) for the assessment and fulfilment of claims arising from an insurance contract. Otherwise, we rely on explicit consent for the processing of special category data.
To provide our wellbeing services	Identity Contact Profile Wellbeing Data Special category data	Performance of a contract with you Legitimate interests (being efficient about how we deliver our services and fulfil our obligations) Necessary to comply with a legal obligation Explicit consent
To pay earnings to you, to inform a Customer about the earnings you have received and to enable the Customer to step-in to pay earnings to you	Identity Contact Earnings Financial	Performance of a contract with you Legitimate interest Necessary to comply with a legal obligation
To carry out necessary compliance and fraud checks	Identity Contact Transaction Usage Proof of Identity	Necessary to comply with a legal obligation Legitimate interests (to determine whether a Customer falls within our acceptable risk profile and to assist with the prevention of fraud)
To manage our relationship with you which may include: Corresponding with you by phone, email or live chat Notifying you about changes to our terms or privacy policy	Identity Contact Profile Marketing and Communications	Performance of a contract with you (this will be the relevant lawful basis in Italy) Necessary to comply with a legal obligation Necessary to establish, exercise or defend legal rights. Legitimate interests (to manage our relationship with you as an individual working at one of our Customers and to optimise and improve our business and our services) – this will be the relevant lawful basis in Hungary, UK, Cyprus, Iceland and France.
To manage our relationship with you which may include asking you to leave a review, take a survey, enter a prize draw/competition or provide other feedback	Identity Contact Profile Marketing and Communications	Legitimate interests (to manage our relationship with you and to optimise and improve our business and our services) Consent – this is the relevant lawful basis relied on in Austria, Hungary, Cyprus, Italy and France
To administer and protect our business and our Sites	Transaction Technical Usage	Legitimate interests (business operations, provision of administration and IT services, network security, and improvement of the Sites)
To send you (as an individual working for one of our Customers) information which we think may be of interest to you, such as newsletters, publications, information about other products and services we offer	Identity Contact Marketing and communications Profile	Consent (for example where you have requested such information) - this will be the relevant lawful basis in Austria, Slovenia, Croatia, Hungary, Cyprus and France Legitimate interests (to develop and inform our marketing strategies) - in some jurisdictions such as the UK we are entitled to, in certain circumstances, send you marketing information in relation to our services Soft opt-in where permitted
To deliver relevant content and advertisements to you as a Website User on the Sites and measure or understand the effectiveness of advertising we serve you.	Identity Contact Marketing and communications Profile Usage	Consent (for example where you have requested such information) - this will be the relevant lawful basis in Austria, Hungary, Cyprus, Iceland and France Legitimate interests (to study how customers use our services, to develop them, to grow our business and to inform our marketing strategy)
To communicate with you	Identity Contact Marketing and communications Profile Transaction	Performance of a contract with you (as a Beneficiary who has signed up to our terms of use) Legitimate interests (to consider and respond to communications that you send to us and inform you of relevant information in relation to your account or the Sites) Necessary to establish, exercise or defend legal rights. Consent (for example where you are not a customer, but you have voluntarily made an enquiry about our products and services)
To use data analytics to improve the Sites products / services, marketing, customer relationships and experiences	Profile Technical Usage	Legitimate interests (to define types of customers for our services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy) Consent - this will be the relevant lawful basis in Hungary, Cyprus, Iceland and Italy
To make suggestions and recommendations to you (as an individual working for one of our Customers) about services that may be of interest to you, including promotional offers.	Identity Contact Marketing and communications Profile Technical Usage	Consent - this will be the relevant lawful basis in Austria, Slovenia, Croatia, Hungary, Cyprus, Iceland and France. Legitimate interests (to develop our services and grow our business)
To confirm that you (as a Beneficiary) work with a particular Customer	Identity Contact	Performance of a contract with you (as a Beneficiary who has signed up to our terms of use) Legitimate interests (verification)
For our own business operations such as establishing or defending any legal claim, obtaining or maintaining our own insurance cover, obtaining professional advice, otherwise managing business risks.	Identity Contact Financial Data Transaction Data Insurance Data Wellbeing Data Halo Data Marketing and communications Profile Technical Usage	Legitimate interests (to effectively operate our business) Necessary to establish, exercise or defend legal rights. Necessary for a legal obligation
To make changes to our business e.g., the sale of our business or part of it or reorganisation	Identity Contact Financial Data Transaction Data Insurance Data Wellbeing Data Halo Data Marketing and communications Profile Technical Usage	Legitimate interests (to make changes to our business) Explicit consent

Please note that in Italy, the collection of usage data, data analytics and any other data to improve our website, products / services, marketing, customer relationships and experiences is based on your free consent.

Do we share your Personal Data with anyone else?

We may share your Personal Data with:

Customers: where you are an individual or Beneficiary, we share your Personal Data with them to provide them and you with our platform and services.
Partners: where you are a Beneficiary to provide elements of our, or ancillary, services.
Our banking and payment processing partner, Adyen
third-party service providers such as software developers, insurance partners, underwriters, claims management providers, appointed payment providers and third parties to carry out surveys and user analysis
any legal or regulatory authority
payment providers
our banks, professional advisers, debt collectors, insurers and brokers, credit reference agencies and auditors to manage and administer our business

We will only share your Personal Data with the above parties for the following reasons:

As is necessary in order to provide our Services
To better understand your needs and preferences.
If you specifically request this, such as when you submit information to enquire about our products or services or to make a claim.
With payment providers, where this is done through an API to our payment providers websites where you are a Beneficiary.
When we are required to do so to comply with a contractual obligation or legal requirement or with the directions of the courts or other authorities.
To prevent illegal activity or to protect our interests.
Where it is needed to help our trusted third-party services to provide and improve our services to you. We contractually require these service providers to keep your Personal Data safe and secure and to treat it in accordance with the law. These trusted parties would only be permitted to use your Personal Data for the purposes we specify.
As necessary to defend or protect our legal rights.

Where we share your Personal Data with third-parties we require them to respect the security of your Personal Data and to treat it in accordance with the law. We do not allow our third-party service providers to use your Personal Data for their own purposes and only permit them to process your Personal Data for specified purposes and in accordance with our instructions.

The Sites may include links to third party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy notices and privacy policies. When you leave our website, we encourage you to grab another cup of coffee or tea (and a biscuit if you have not already done so) and read the privacy notices and policies of every third-party website you visit.

Marketing and Opting Out

As we've said above, we will only send you information which we think you will be interested in or which you may have requested. We ensure that our marketing activities comply with all legal requirements and in some cases and in some jurisdictions, this means that we obtain your consent before sending you marketing information. If you didn't opt-out but have now changed your mind, please feel free to opt-out at any time. We understand that you do not want your inbox full of unwanted messages. We will get your express opt-in consent before we share your Personal Data with any other company for the purposes of third-party marketing. You can ask us or third parties to stop sending you marketing messages at any time by contacting us through the details set out in the 'Get in touch' section below or by using the opt-out tool provided in each marketing communication. Where you opt-out of receiving marketing messages, this will not apply to Personal Data provided to us as a result of a product/service purchase, claims processing or any other transaction.

Use of Cookies

No not the biscuit you're currently eating. We use cookies in accordance with our cookie policy, if you want to learn more about them click here.

Now we have your Personal Data, how do we look after it?

We have put in place security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. These measures include using bank-grade encryption to protect your data when we store it and we ensure that, if we are sending it across the internet, it is encrypted. We also limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to access it.

Where we have given you (or you have chosen) a password, you are responsible for keeping this password confidential. Please do not share your password with anyone.

And how long do we keep your data for?

We have a retention policy which sets out how long we keep information for. We only keep your personal information for as long as reasonably necessary to fulfil the purposes set out in this Privacy Notice and to comply with our legal and regulatory obligations

The exact period will depend on your relationship with us and the type of Personal Data we hold and process, for example:

As a Beneficiary, we keep Personal Data from your insurance claims as well as from fraud detection in accordance with the applicable statute of limitation in order to document our performance towards our Partners and Customers.
In the UK, we keep certain data, such as information to an insurance contract we have placed, and complaints, on record for seven years to ensure we meet the FCA's (our UK's regulator) requirements.
In Spain, in compliance with legal requirements, before fully erasing your Personal Data we will keep it duly blocked for the statute of limitations of potential claims that may arise as a consequence of its processing. Once said period has elapsed, we will fully erase your Personal Data.
In Austria, we will erase special category data immediately as soon as it is no longer kept for a legally permissible purpose.
Personal Data about your use of the website will be deleted at the latest, in accordance with our cookie policy. You can read more by clicking here.
If you have signed up for our newsletters or other marketing material, like prize draws, we will keep your Personal Data for as long as you wish to receive this material from us. We retain documentation on your consent in accordance with the applicable statute of limitation.
Any feedback or survey responses you provide will be anonymised after a period of 3 months.

We may retain your Personal Data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

How do we protect your Personal Data when sending it outside the UK and/or Europe?

Countries outside the UK and/or the European Economic Area (which means all the European Union (EU) countries plus Norway, Iceland and Liechtenstein, together "EEA") may have a lower standard of protection for Personal Data than that required by UK and/or EEA data protection laws. The information we collect from you may be transferred to and stored outside the UK and/or EEA (including for example the United States of America) and will also be processed by people operating outside the UK and/or EEA who work for us or one of our suppliers.

If we need to transfer your data to a company based outside the UK and/or EEA (e.g. to provide technology for email, subscription and payment support), we will take steps to make sure your personal data is handled in line with UK and/or European data protection law by implementing appropriate safeguards, such as entering into the UK's International Data Transfer Agreement (for transfers of personal data from the UK) or the approved EU Standard Contractual Clauses (for transfers of personal data from the EEA). If you would like any more detail on the specific mechanism used by us to transfer your Personal Data outside the UK and/or EEA, please get in contact with us through the details set out in the 'Get in touch' section below.

A summary of our regular data transfers is set out below:

Country/jurisdiction to where we transfer personal data	Purpose for the transfer	Safeguard used to protect your personal data
UK	Hosting provider SaaS tools to administer our business	AES 256 Encryption / ISO 27001
European Union	SaaS tools to administer our business	AES 256 Encryption / ISO 27001
USA	SaaS tools to administer our business	AES 256 Encryption / ISO 27001

What are your rights?

You have the right to stop using the Sites at any time. Please note that, in these circumstances, we may keep your data for the reasons set out in the 'And how long do we keep your data for?' section above.

You also have the following rights when it comes to our handling of your Personal Data:

Right of access – you have the right to request a copy of your Personal Data and to request supporting information explaining how your Personal Data is used. You are entitled to know whether or not we process your Personal Data; the purpose for which we process your Personal Data; the categories of your Personal Data we process; details about who we share your Personal Data with and if it's transferred outside the UK and/or EEA; if you didn't provide your Personal Data to us, details of where we got it; the criteria for determining our retention periods.

Please note that sometimes we may ask you to provide proof of identity before we show you your Personal Data - so we can prevent unauthorized access and ensure we are complying with the data protection laws.

Right of rectification – you have the right to request that we rectify any inaccurate or incomplete Personal Data
Right of erasure – you have the right to request that we erase all of your Personal Data (please note that we may be able to reject or restrict the request in some circumstances, depending on the information we hold and our lawful reason to keep it).
Right to restrict processing – in some situations, you have the right to request that we do not use the Personal Data you have provided (e.g. if you believe it to be inaccurate or if you have object to us processing on the grounds of legitimate interest).
Right to object, including to direct marketing – you have the right to object to certain processing by us of your Personal Data (unless we have overriding compelling grounds to continue processing) and the right to object to direct marketing by us.
Right to withdraw consent – you have the right to withdraw consent at any time where we are relying on consent to process your Personal Data.
Right to data portability – you have the right to receive the Personal Data provided to us in electronic format or request that we provide that information to a third party if such data is processed by us on the basis of consent or performance of a contract.
Rights related to automated decision making – you have the right not to be subject to automated decisions where the decision produces a legal effect or a similarly significant effect on you. However, please note that we do not undertake any automated decision making; if this changes, we will let you know.
Right to raise a complaint with the relevant supervisory authority – you have the right to raise a complaint with the relevant supervisory authority outlined in the table below. We would, however, appreciate the chance to deal with your concerns before you approach the relevant supervisory authority, so please contact us in the first instance.

Jurisdiction	Supervisory authority	Contact details
UK	Information Commissioner's Office (ICO)	Address: Water Lane, Wycliffe House, Wilmslow - Cheshire SK9 5AF Tel: 0303 123 1113 Email: international.team@ico.org.uk Website: https://ico.org.uk
Austria	Datenschutzbehörde	Address: Barichgasse 40-42, 1030 Wien Tel: +43 1 52 152 0 Email: dsb@dsb.gv.at Website: https://www.dsb.gv.at
Belgium	Belgium Data Protection Authority	Address: Rue de la Presse 35, Drukpersstraat 35 1000, Bruxelles, Belgium Tel: +32 2 274 4800 Email: contact@apd-gba.be Website: dataprotectionauthority.be
Croatia	Croatian Personal Data Protection Agency	Address: Martićeva 14, 10000 Zagreb Tel: +385 1 4609 000 Email: azop@azop.hr or info@azop.hr Website: http://www.azop.hr/
Cyprus	Commissioner for Personal Data Protection	Address: P.O. Box 23378, CY-1682 Nicosia Tel: +357 22 818 456 Email: commissioner@dataprotection.gov.cy Website: http://www.dataprotection.gov.cy/
France	CNIL - Commission nationale de l'informatique et des libertés	Address: 3 Place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07 Tel: +33 (0)1 53 73 22 22 Email: N/A Website: https://www.cnil.fr/
Hungary	National Authority for Data Protection and Freedom of Information	Address: 1363 Budapest, Pf.: 9. Tel: +36 (1) 391 1400 Email: ugyfelszolgalat@naih.hu Website: https://naih.hu/
Iceland	The Icelandic Data Protection Authority (Persónuvernd)	Address: Rauðarárstígur 10, 105 Reykjavík, Iceland Tel: +354 5109600 E-mail: personuvernd@personuvernd.is Website: https://www.personuvernd.is/
Italy	Garante per la protezione dei dati personali	Address: Piazza di Monte Citorio, 121, 00186 Roma Tel: +39 06 69677 1 Email: garante@garanteprivacy.it Website: http://www.garanteprivacy.it/
Netherlands	Autoriteit Persoonsgegevens	Address: Prins Clauslaan 60, P.O. Box 93374, 2509 AJ Den Haag/The Hague Tel: +31 70 888 8500 Email: info@autoriteitpersoonsgegevens.nl Website: https://autoriteitpersoonsgegevens.nl/nl
Poland	The Bureau of the Inspector General for the Protection of Personal Data - GIODO	Address: ul. Stawki 2, 00-193 Warsaw Tel: +48 22 53 10 440 Email: kancelaria@giodo.gov.pl; desiwm@giodo.gov.pl Website: http://www.giodo.gov.pl/
Portugal	Comissão Nacional de Protecção de Dados - CNPD	Address: R. de São. Bento, 148-3°, 1200-821 Lisboa Tel: +351 21 392 84 00 Email: geral@cnpd.pt Website: http://www.cnpd.pt/
Slovenia	Information Commissioner	Address: Zaloška 59, 1000 Ljubljana Tel: +386 1 230 9730 Email: gp.ip@ip-rs.si Website: https://www.ip-rs.si/
Spain	Agencia de Protección de Datos	Address: C/Jorge Juan, 6, 28001 Madrid Tel: +34 91399 6200 Email: internacional@agpd.es Website: https://www.agpd.es/

Get in touch

We understand you may have questions, requests, comments and complaints arising from this Privacy Policy. If so, just get in touch with us through the following details:

Onsi
101 New Cavendish Street
1st Floor South
London W1W 6XH

help@onsi.com

Congratulations on reading all of this – we hope you enjoyed that cup of coffee or tea and go on, treat yourself to a biscuit. We love a custard cream.

Updates to this privacy policy

From time to time we may need to make changes to this Privacy Policy, for example, as the result of changes to applicable law, technologies, our services, or other developments. We will provide you with the most up-to-date Privacy Policy and you can check our website (www.onsi.com) periodically to view it.

This privacy policy was last updated in July 2024.

ADDENDUMS

Addendum for Israel:

You are not legally obligated to provide us with any Personal Data about you, but rather the provision thereof is subject to your consent and free will. However, where we need to collect Personal Data by law or under the terms of a contract we have with you or one of our Customers or Partners and you do not provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case.

You have the right to raise a complaint with Israel's Privacy Protection Authority (details below). We would, however, appreciate the chance to deal with your concerns before you approach it, so please contact us in the first instance.

Privacy Protection Authority
Address: Privacy Protection Authority, Tel Aviv Government Complex, P.O. BOX 7360, Tel-Aviv 6107202
Tel: +972 073-3928555
Email: ppa@justice.gov.il
Website: https://forms.gov.il/globalData/GetSequence/getHtmlForm.aspx?formType=Ashrai3%40justice.gov.il

Addendum for Australia:

Where you are based in Australia, there is the potential for personal data to be shared outside of your country, including where you are using our services to communicate and share content with persons outside of your country. Your personal data may be stored or otherwise processed in the locations set out in the table below. It is not practicable for us to specify in advance the location of every third party provider/vendor or user with whom we deal with. In each of these circumstances, we take steps to ensure that your personal data is adequately protected and in compliance with Australian data protection laws.

Country/jurisdiction to where we transfer personal data	Purpose for the transfer	Safeguard used to protect your personal data
UK	Hosting provider SaaS tools to administer our business	AES 256 Encryption / ISO 27001
European Union	SaaS tools to administer our business	AES 256 Encryption / ISO 27001
USA	SaaS tools to administer our business	AES 256 Encryption / ISO 27001

Your rights under data protection laws in Australia are:

the right to access your personal data (as described above);
the right to rectification: referred to as a right to 'correction' of personal data in Australia (as described above);
the right to withdraw consent: (as described above); and
the right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC), you can find out more information at the OAIC's website: https://www.oaic.gov.au. or details below. Please note that lodging a complaint will not affect any other legal rights or remedies that you have.

OAIC:
Address: GPO Box 5288, Sydney NSW 2001
Tel: +61 1300 363 992
Email: enquiries@oaic.gov.au
Website: https://www.oaic.gov.au/

Addendum for Singapore:

Where you are based in Singapore, we require your consent to our collection, use and disclosure of your personal data for the purposes as described above.

You have certain rights under Singapore data protection laws, which include:

the right to access your personal data (as described above);
the right to withdraw consent (as described above). We will endeavour to process your withdrawal request within 10 business days of receipt, and will inform you if we require more time to do so. Depending on the nature and scope of your withdrawal request, we may not be able to continue providing our products or services to you and we shall, in such circumstances, notify you before completing the processing of your request.;
the right to rectify your personal data. We will correct your personal data within 30 days from the time your request is made, and if we are unable to do so, we will inform you in writing within 30 days of the time by which we will be able to correct your personal data. We will also ensure that anyone we may have shared your personal data in accordance with this Privacy Policy will correct that personal data in its possession; and
the right to lodge a complaint with the Personal Data Protection Commission of Singapore (PDPC) at the following link: https://www.pdpc.gov.sg/complaints-and-reviews. We would, however, appreciate the chance to deal with your concerns before you approach the PDPC, so please contact us in the first instance.

We will make a reasonable effort to ensure that personal data collected by or on behalf of us is accurate and complete.

If we transfer any of your personal data outside of Singapore, we will ensure that the recipient protects that personal data to a standard comparable with the requirements under Singapore data protection laws.

We are subject to data breach notification requirements under Singapore data protection laws, and to the extent that we have determined a breach to be notifiable, we will notify the affected individuals and/or the PDPC as required.

Should you have questions, requests, comments and complaints arising from this Privacy Policy relating to Singapore data protection laws, do get in touch with us through the following details:

Onsi
101 New Cavendish Street
1st Floor South
London W1W 6XH

help@onsi.com

Global Privacy Policy