First, we will start with some definitions:
. Data controller
. Data processor
GDPR recognises two types of agents: Data controllers which are the staff at onit.mt and processors which are companies we work with to offer a better service. We can also be at the same time a data processor because we use your data to install your software and to look up for something of your history to help you with technical problems.
What data is being collected and where?
We collect different information from you already when you are visiting us and when you contact us over our contact forms, live chat or use any of our pop-ups that offer sales assistance.
We collect the following information from you with cookies as a lead, when we do not have your email and we cannot match any data yet, we use intercom to get this:
. Operating system
. The source of your visit
. Browser language
. Number of previous visits
. Pages visited in the past
. Twitter profile (if we have your email)
. Facebook profile (if we have your email)
Then through our contact forms, live chat, and pop-ups on our website for sales assistance, we ask for:
. Mobile number
. Items you would like to purchase
All of this information is saved on Facebook Messenger. You can read about how Facebook deal with the GDPR here: https://www.facebook.com/business/gdpr
When you sign up for an account with us, we ask for similar information:
. Store name
When placing an order we ask for the following information
. Your contact details including: your name, address, email address
. Your bank account details or PayPal email
. The details required to buy each specific product
. Information to take payment from or give you a refund
. Information to help us ensure that our customers are genuine and to prevent fraud
. Additional information to send personalised offers
This information is placed on our Dreamhost servers. We have different instances for this. We use a location in the USA and Europe. You can check read more information on Dreamhost here: https://www.dreamhost.com/legal/
We also use another third party App called AddRoll we use this for re-targeting. That means you see our advertisement on other sites if you have visited us previously. For this, we collect your IP.
Your email and e-mail address are also collected by MailChimp:
. Opened emails
You can read about MailChimp.s GDPR compliance here:
Who is collecting your information?
. Google Analytics
How is your data collected?
Why is your data being collected?
We collect the information of our leads to offer personal sales assistance per e-mail, SMS, WhatsApp, Skype, Viber, Google duo, live chat, Mailchimp and phone. This way we can contact each of our leads personally to solve questions about our products. Also, we collect this information so we can track the information of our customers and help them.
We use the data of our visitors to track the success of our advertisement and to evaluate the different resources of traffic that we are paying.
How will your data be shared and who has access to it?
We do not share your data with any other companies, the data that we send to other third-party apps are administered by ourselves.
Only in the case that we need technical support ourselves, a technician of our third-party apps could have access to the data. The GDPR compliance of this third-party app protects your data from being shared.
The normality of the process that we use and our explanation.
The third-party Apps that we have chosen are Apps that help us grow regarding revenue and quality in service. None of the Apps that we have chosen are meant to harm your privacy or your data nor human rights. The tools that we are using help us understand more about our potential customer, statistics about traffic and how our advertisement is affecting our sales. They are standard practices for a SAAS company like us
Your data rights and freedom.
We respect your rights as the owner of your data, we can help you any time with the data collected. You have the right to access your data anytime you request without being abusive to our service.
You have the right to be forgotten, to prevent profiling, the right to object to processing, rectification, and erasure. We can delete your data and reply to any question within 72 hours. Submit delete request to hello[at]onit.mt
Data protection officer.
Amy Sargent (hello[at]onit.mt) We will answer any of your request about our GDPR compliance personally within 72 hours.
How are we protecting that data from breaches?
We are using the highest technology for security at Dreamhost. As you can see here, we have chosen what it is available for us, as a SAAS: https://www.dreamhost.com/security/
In the unfortunate event there is a data breach, we will inform your per email within 72 hours. We will start all investigations immediately, report the authorities and we will take the measurements internally to get rid of the risk. We will give all information to the authorities that they require. Also, we will correct the failure in the system so this does not happen again and give you a clear summary of this.
Restriction on children
We restrict access to our service to European children and all other countries under the age of 16 (some EU states may lower the permissible age to 13, but that is out of our control).