Privacy Policy

Last Updated: May 24th, 2018

1. INTRODUCTION

We are OST.com Limited of Hong Kong and our company registration number is 2570554 (“OST.com Limited”, “we” or “us”). Your privacy is important to us. We are committed to protecting the privacy, confidentiality and security of information relating to individuals (“Personal Data”) that we hold by complying with the requirements under applicable laws and regulations. We are equally committed to ensuring that all our employees, service providers and agents uphold these obligations. This policy explains how we manage Personal Data within our organisation and your rights and choices regarding our processing of your Personal Data.

2. INFORMATION WE COLLECT

2.1 The kinds of Personal Data that we collect and hold about you may include the following.

  • Identifying information, such as your name and date of birth
  • Contact information, such as your postal address, email address and telephone number
  • Blockchain identifiers, such as blockchain addresses and public keys
  • Emails and passwords that you create when registering for an account with us
  • Details of any products or services that we provide to you
  • Information about how you use the products and services we provide
  • Records of our communications with you, including any messages you send us

2.2 We collect Personal Data about you in the following ways:

  • When you register for an account or to receive emails from us
  • When you order products or services from us
  • When you submit a query or request to us
  • When you respond to a survey that we run or fill in forms on one of our websites
  • By tracking your use of our websites and mobile applications
  • From examination of public and private blockchains
  • From third parties who are entitled to disclose that information to us
  • When you apply for a job with us

2.3 In some cases we may be required by law to collect certain types of Personal Data about you.

2.4 Where we collect Personal Data from you, we will generally do so ourselves. However, in some cases we may collect Personal Data from a third party, as laid out in section 3.2.

3. USE OF PERSONAL INFORMATION

We use Personal Data that we collect about you for the following purposes:

  • When you provide us with consent to the processing of your Personal Data for one or more specific purposes, to provide you with the best service/product and the best and most secure experience.
  • When there is a legitimate interest, meaning the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your Personal Data for our legitimate interests. We do not use your Personal Data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us through the information outlined in the “Contacting Us” section below.
  • In the performance of a contract with us. This means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
  • To comply with a legal or regulatory obligation. This means processing your Personal Data where it is necessary for compliance with a legal or regulatory obligation that we are subject Managing user registrations.
  • To verify your identity when you are dealing with us
  • Handling contact and user support requests.
  • To determine your eligibility for any of our products or servicesTto determine your compliance with the terms and conditions that apply to any of our products or services and applicable law
  • To improve our website based on your information and feedback
  • To comply with our legal and regulatory obligations
  • To carry out market analysis and research
  • To monitor use of our products and services
  • To assess, maintain, upgrade and improve our products and services
  • To carry out education and training programs for our staff
  • To manage and resolve any legal or commercial complaints or issues
  • To carry out planning and forecasting activities and other internal business processes
  • To keep you informed about our activities, including by sending out newsletters when you opt in by subscribing to our newsletter updates from the dedicated sign up boxes. Upon submission of your request you will receive at the specified email address a double opt in request to confirm the consent to receive updates about us.
  • Your email address and company information when you submit your request for being contacted aboutpossible partnerships with us in the dedicated "Partners" page contact us form.
  • Your email address, company information, and token sale information when you submit your request for being contacted about OST KYC product details for a business relationship with us in the dedicated "OST KYC" page ‘contact us’ form.
  • Your email address and password that you used to register for the Simple Token Token Sale during the months on November and December 2017 through the the dedicated portal on https://sale.simpletoken.org, now only accessible for previous existing logins credentials.
  • We may from time to time use your Personal Data in order to send you marketing materials about products or services that we think you may be interested in (including in some cases products and services that are provided by a third party). We may use your following Personal Data for the purpose of direct marketing:
    • identifying information, such as your name and date of birth
    • contact information, such as your postal address, email address and telephone number
    • products and services portfolio information and demographic data held by us from time to time
4. SHARING OF PERSONAL INFORMATION

4.1 What information we share:

We may share Personal Data about you with:

  • Your representatives, advisers and others you have authorised to interact with us on your behalf
  • Our staff who need the information to discharge their duties
  • Related entities within our corporate group
  • our agents and service providers
  • Payment system operators and financial institutions
  • Prospective purchasers of all or part of our business or shares in our company or a related entity
  • Government authorities who ask us to disclose that information, or to other people as required by law

4.2 We may share your Personal Data with the additional following recipients:

Google Analytics

We use Google Analytics to analyse the use of our website. Our analytics service provider generates statistical and other information about website use by means of cookies. Google Analytics is present on the website and software through the means of Google Tag Manager which through its code snippet is delivering the Google Analytics cookie. The information generated relating to our website is used to create reports about the use of our website.

Google Analytics privacy policies are available at http://www.google.com/policies/privacy/

The information generated by the cookie about your use of our website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of our website. By using our website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.

Other Services

Amazon Web Services (AWS), which handles our infrastructure, hosted on AWS virtual servers

GSuite (Google Apps), for all email, document, forms and spreadsheet creation.

Pepo Campaigns is the email marketing platform that stores and processes the email addresses, the attributes of the subscribers, and the status updates of the subscribers.

Freshdesk is used to maintain our support center help.ost.com. It collects the information of the query or tickets submitted and the conversation details that derive from those.

Google Tag Manager (GTM), is processing data from Google Analytics and Google Adwords.

5. RETENTION OF YOUR PERSONAL DATA

We may retain your Personal Data for a period of time consistent with the original purpose of collection. We determine the appropriate retention period for Personal Data on the basis of the amount, nature, and sensitivity of your Personal Data, the potential risk of harm from unauthorized use or disclosure, and whether we can achieve the purposes of the processing through other means, as well as the applicable legal requirements (such as applicable statutes of limitation).

After expiry of the retention periods, your Personal Data will be deleted. If there is any information that we are unable, for technical reasons, to delete entirely from our systems, we will put in place appropriate measures to prevent any further use of the data.

6. WHAT DEVICE AND STORAGE DATA WE PROCESS

6.1 Cookies

We use cookies to monitor and observe your use of our websites, compile aggregate data about that use, and provide you with a more effective service (which may include customising parts of our websites based on your preferences and past activities on those websites). "Cookies" are small text files created and stored on your hard drive by your internet browser software, in order to hold relevant information about the web page you are currently viewing. Most internet browsers have a facility that will allow you to disable cookies altogether – please refer to your browser’s help menu to find out how to do this.

You typically have the ability to accept or decline cookies by modifying the settings in your browser. If you choose to disable cookies, you may still use our site; however, you may have limited access to some areas within our website. We also include web beacons in the emails we deliver for you. We use the data from those web beacons to create the reports about how your email campaign performed and what actions your Subscribers took. Reports are also available to us when we send email to you, so we may collect and review that information.

6.2 Website Cookies

We currently use in the specific the following cookies in order to ensure an easy experience on our website: - Signup/Login Cookie - auth cookie, secure auth cookie, client ID cookie. This Cookie applies to our token sale, OST KIT Signup/Login, and OST KYC Signup/Login; - UTM Cookie to identify the Universal Tracking Parameters that are used in th URLs to identify the origin of a user on the website;

If you have any specific question on the Cookies we are using please do not hesitate to contact us.

We may retain your Personal Data for a period of time consistent with the original purpose of collection. We determine the appropriate retention period for Personal Data on the basis of the amount, nature, and sensitivity of your Personal Data, the potential risk of harm from unauthorized use or disclosure, and whether we can achieve the purposes of the processing through other means, as well as the applicable legal requirements (such as applicable statutes of limitation).

After expiry of the retention periods, your Personal Data will be deleted. If there is any information that we are unable, for technical reasons, to delete entirely from our systems, we will put in place appropriate measures to prevent any further use of the data.

7. INTERNATIONAL TRANSFER OF INFORMATION COLLECTED

Your Personal Data may be collected, transferred to and stored by us in the United States and by our affiliates in other countries where we operate.

Therefore your Personal Data may be processed outside the EEA, and in countries which are not subject to an adequacy decision by the European Commission and which may not provide for the same level of data protection in the EEA. In this event, we will ensure that such recipient offers an adequate level of protection, for instance by entering into standard contractual clauses for the transfer of data as approved by the European Commission (Art. 46 GDPR), or we will ask you for your consent prior to such international data transfers.

8. YOUR RIGHTS RELATING TO YOUR PERSONAL DATA

If you want to access any of the Personal Data that we hold about you or to correct some aspect of it (e.g. because you think it is incomplete or incorrect), please contact our privacy compliance team using the contact details set out below. To protect the integrity and security of the information we hold, we may ask that you follow a defined access procedure, which may include steps to verify your identity. In certain cases we may charge you an administration fee for providing you with access to the information you have asked for, but we will inform you of this before proceeding. There may be cases where we are unable to provide the information you request, such as where it would interfere with the privacy of others or result in a breach of confidentiality. In these cases we will let you know why we cannot comply with your request.

Even if you do not request access to and/or correct your Personal Data held by us, if we are satisfied that, having regard to the reasons for which we hold your Personal Data, that Personal Data is inaccurate, incomplete, out-of-date, irrelevant or misleading, we may take reasonable steps to correct that information.

8.1 Your rights:

You have certain rights regarding your Personal Data, subject to local data protection laws. These may include the following rights:

  • To request access to Personal Data that we may process about you (right to access);
  • To require us to correct any inaccuracies in your data, free of charge. If you wish to exercise this right, you should (right to rectification);
  • To erase/delete your Personal Data to the extent permitted by other legal obligations (right to erasure; right to be forgotten);
  • To restrict our processing of your Personal Data (right to restriction of processing);
  • To transfer your Personal Data to another controller to the extent possible (right to data portability);to object to any processing of your Personal Data carried out on the basis of our legitimate interests (right to object). Where we process your Personal Data for direct marketing purposes or share it with third parties for their own direct marketing purposes, you can exercise your right to object at any time to such processing without having to provide any specific reason for such objection;
  • Not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects ("Automated Decision-Making"); Automated Decision-Making currently does not take place on our websites;
  • To the extent we base the collection, processing and sharing of your Personal Data on your consent, to withdraw your consent at any time, without affecting the lawfulness of the processing based on such consent before its withdrawal.

8.2 How to exercise your rights

To exercise your rights, please contact us in accordance with the “Contacting Us” section below. We will respond to all legitimate requests within 30 days and will contact you if we need additional information from you in order to honor your request. Occasionally it may take us longer than this, taking into account the complexity and number of requests we receive. If you are an employee of a ost.com customer, we recommend you contact your company’s system administrator for assistance in correcting or updating your information.

8.3 Your preferences for marketing communications:

You also have the right to ask us to stop processing your Personal Data for direct marketing purposes. You can do this from the Unsubscribe link present in every email or directly via email contacting us. If you wish to exercise this right via email, you should put your request in writing (an email with a header that says 'Unsubscribe' is acceptable); provide us with enough information to identify you (e.g email address); and if your objection is not to direct marketing in general, but to direct marketing by a particular channel (e.g., email or telephone), please specify the channel you are objecting to.

9. CHANGES TO THE POLICY IN THE FUTURE

Changes to this policy: We may make changes to this policy from time to time, to take into account changes to our standard practices and procedures or where necessary to comply with new laws and regulations. The latest version of this policy will always be available on our website and we will update the “effective date” at the top of this Privacy Policy.We encourage you to periodically review this Privacy Statement to stay informed about our collection, processing and sharing of your Personal Data.

10. YOUR CONSENT (OPT-OUT)

By using our site, providing Personal Data and/or using any of our products or services, you agree that:

  • You consent to this privacy policy, as updated from time to time; and
  • If you have provided Personal Data to us relating to any other person, you:
    • Have a right to provide that information;
    • Have provided a copy of this privacy policy, as updated from time to time, to that person; and
    • Each such person has agreed to those terms
11. STORAGE AND SECURITY OF PERSONAL DATA

We generally store the Personal Data that we collect in electronic databases, some of which may be held on our behalf by third party data storage providers. Sometimes we also keep hard copy records of this Personal Data in physical storage facilities. We use a range of physical and technical security processes and procedures to protect the confidentiality and security of the information that we hold, and we update these from time to time to address new and emerging security threats that you become aware of.

We also take steps to monitor access to and modification of your information by our staff, and ensure that our staff are aware of and properly trained in their obligations for managing your privacy.

12. CHILDREN

Our websites are not directed at children. We do not knowingly collect Personal Data from children under the age of 16. If you are a parent or guardian and believe your child has provided us with Personal Data without your consent, please contact us as described in the “Contacting Us” section below and we will take steps to delete such Personal Data from our systems.

13. COMPLAINTS

We try to meet the highest standards in order to protect your privacy. However, if you are concerned about the way in which we are managing your Personal Data and think we may have breached any applicable privacy laws, or any other relevant obligation, please contact our privacy compliance team using the contact details set out below. We will make a record of your complaint and refer it to our internal complaint resolution department for further investigation. We will deal with the matter as soon as we can, and keep you informed of the progress of our investigation. If we have not responded to you within a reasonable time or if you feel that your complaint has not been resolved to your satisfaction, you are entitled to make a complaint to the Hong Kong Privacy Commissioner for Personal Data.

14. CONTACTING US

If you want any further information from us on privacy matters, please contact our privacy compliance team at privacy@ost.com or mail us at

OST.com LTD of Hong Kong
13/F Gloucester Tower, The Landmark, 15 Queen's road,
Central Hong Kong
Attention: Data Protection Officer

If, however, you believe that we have not been able to assist with your complaint or concern, and you are located in the EEA, you have the right to lodge a complaint with the competent supervisory authority.

Copyright © 2018 OST.COM LTD. All Rights Reserved.