OpenWay Personal Data Protection Policy

1. WHO IS RESPONSIBLE FOR DATA PROCESSING OPERATIONS?

The legal entities of the OpenWay group to which this personal data protection policy applies are: 

OpenWay Europe SA, with registered office at AXISPARC Business Centre, Rue Emile Francqui 3, 1435 Mont-Saint-Guibert, Belgium, company number BE0475.304.156.

OpenWay Technologies Ltd, a limited liability company incorporated in Cyprus, company registration number 134653, with its registered office at 9 Archbishop Makarios III Avenue, Severis Building, 6th Floor, 1065 Nicosia, Cyprus.

OpenWay Systems Ltd, Level 5, Suite 2, Portomaso Business Tower, St. Julians, STJ 4011, Malta.

OpenWay Holding Ltd, Level 5, Suite 2, Portomaso Business Tower, St. Julians, STJ 4011, Malta.

OpenWay Italy Srl, Via Ceresio 7 – 20154 Milano, Italy.

2. APPLICATION SCOPE OF THIS PRIVACY POLICY?

This Privacy Policy applies to the processing of personal data by OpenWay of

  •  customers and prospective customers and their representatives;

  • visitors and users of the OpenWay website, applications and social media pages;

  • attendees of OpenWay events;

  • subscribers to OpenWay publications, newsletters and webinars;

  • visitors to OpenWay facilities; 

  • candidates; and

  • suppliers and business partners and their representatives.

 3. HOW DOES OPENWAY COLLECT PERSONAL DATA?

OpenWay collects your personal data in the following cases, including:

  • when you contact us directly, either verbally, by telephone via customer service, in writing via order forms, e-mail or text message, digitally via e-forms or via our website, or when you use social media to contact us;

  •  when you order an OpenWay product or service;

  • when you sign up for one of our newsletters or webinars, when you reply to our marketing campaigns, participate in a survey, test or competition, or simply ask us for information;

  • when you express an interest in, sign up for, or attend an OpenWay event;

  • when you visit our websites or social media pages;

  • when you give us your business card (e.g. at an event, during a meeting); or

  • when we receive your personal data through other sources, such as from the organization where you work, third party referrals including from within the OpenWay group; social media sites and other public internet sites, such as Linkedin; and public sources such as telephone directories, newspapers, internet sites, commercially available marketing lists, registries or public records.

 4. WHICH PERSONAL DATA ABOUT YOU CAN BE COLLECTED?

Specific pieces of information about you that OpenWay may collect and process depending on your interaction with OpenWay, include:

  • name and physical address, email addresses, and telephone numbers;

  • photographs or video that identify you and testimonials;

  • company data such as the name, size and location of the company you work for and your role within the company as well as publicly available company information and activity associated with company data;

  • where you have an online or member account, log-in and similar credentials and information about use;

  • when you link your OpenWay account with your LinkedIn or Facebook profile, we collect information from your profile, including your profile photograph;

  • publicly available information, such as social media posts;

  • call recording and chat transcript data from sales and customer support calls and live chat sessions or interviews;

  • recording of events (photograph, video, audio);

5. FOR WHAT PURPOSES DO WE USE YOUR PERSONAL DATA?

  • Your personal data may be used for different purposes, including for:

  • delivering the requested information;

  • engaging in transactions with customers, suppliers and business partners and processing orders for OpenWay products and services;

  • communicating with you, for example, to communicate about details of events or webinars;

  • analysis, research and conducting surveys to help us improve our websites, apps, products and services;

  • sending marketing material regarding our services and products which may be of interest, and to promote our business and brand;

  • technically and functionally managing our website and app, investigating any complaints and providing better, more personalized experience of our website and apps;

  • managing the security and operation of our websites, apps, facilities, and systems;

  • enabling you to attend our events or any other marketing projects;

  • marketing through the use of photograph, video and other content;

  • providing recordings of certain sessions to interested business contacts, attendees and online through our website or OpenWay social media sites;

  • enabling you to access your online OpenWay accounts across devices;

  • administering subscriptions of OpenWay publications, newsletters and webinars.

 

6. WHAT IS THE LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA?

We only process your personal data if there is a legal basis for doing so, including if:

  • we need your personal data to enter into and perform our contract with you or the company you work for, and deliver the product and services to you or to the company you work for;
  • we have your consent. Where we rely on your consent, you have the right to withdraw consent at any time with effect for the future by contacting us.
  • it is necessary for compliance with any legal or regulatory obligations that we are subject to;
  • we process your personal data for our own legitimate interest or that of a third party, where this is in balance with your right to privacy. We i.a. have a legitimate business interest to:
    • manage and promote our business and brand;
    • provide and improve our products and services, websites, apps;
    • operate our business;
    • monitor, investigate and report any attempts to breach the security of our IT-systems and website;
    • share some of your personal data with other companies within the OpenWay group;
    • draw up anonymous, aggregated reports for internal and external use;
    • guarantee safety of activities and meetings.

7. DATA TRANSFER WITHIN THE OPENWAY GROUP AND TO THIRD PARTIES

Data are forwarded to the following companies, among others, if and to the extent that the requirements in compliance with data protection legislation necessary for this are met:

  • to OpenWay group companies in order to process the data for the above mentioned purposes;

  • when we have your consent or authorization to do so;

  • to third parties who work on our behalf to service or maintain business contact databases and other IT systems, such as suppliers of the IT systems which we use to process personal information;

  • to third parties providing services to us who have a need to access your information, such as our professional advisors (e.g. auditors and lawyers) or third parties organizing our events (e.g. travel and accommodation);

  • to respond to lawful requests from public authorities;

  • subject to applicable law, in the event that OpenWay is merged, sold, or in the event of a transfer of some or all of our assets (including in bankruptcy), or in the event of another corporate change, in connection with such a transaction, or for pre-transaction review in relation to such transactions.

8. HOW DO WE PROTECT YOUR PERSONAL DATA?

We employ various security measures such as encryption and authentication tools in line with the current state of the art to protect and maintain the security, integrity, and availability of your data.

100% protection against unauthorized access in the case of data transfers across the Internet or a website cannot be guaranteed, but we and our service providers and business partners do our utmost to protect your personal data in line with the prevailing data protection regulations by means of physical, electronic, and process-oriented security precautions in line with the current state of the art. Among other things, we use the following measures:

  • Physical access control: technical and organizational measures to prevent unauthorized persons from gaining access to the data processing systems available at premises and facilities (including databases, application servers and related hardware), where personal data are processed; 

  • Virtual access control: technical and organizational measures to prevent data processing systems from being used by unauthorized persons; 

  • Data access control: technical and organizational measures to ensure that persons entitled to use a data processing system gain access only to such personal data in accordance with their access rights, and that personal data cannot be read, copied, modified or deleted without authorization; 

  • Disclosure control: technical and organizational measures to ensure that personal data cannot be read, copied, modified or deleted without authorization during electronic transmission, transport or storage on storage media (manual or electronic), and that it can be verified to which companies or other legal entities personal data are disclosed; 

  • Entry control: technical and organizational measures to monitor whether data have been entered, changed or removed (deleted), and by whom, from data processing systems; 

  • Availability control: technical and organizational measures to ensure that personal data are protected against accidental destruction or loss (physical/logical).

9. HOW LONG DO WE KEEP YOUR PERSONAL DATA?

We will retain your personal information for as long as required to perform the purposes for which the data were collected, depending on the legal basis for which those data were obtained and/or whether additional legal/regulatory obligations mandate that we retain your personal information.   

In general terms, this will mean that your personal data will be kept for the duration of our relationship with you and:

  • the period required by tax and company laws and regulations; and

  • use for compliance with a contract: to comply with contractual obligations, data acquired from you can be kept for as long as the contract is in force and - depending on the nature and scope of the contract - for 10 years beyond this point in order to comply with legal requirements for record keeping and to ensure clarification of any queries or claims after the end of the contract; and

  • use for the assessment of claims: data that in our opinion will be necessary to assess and avert claims against us or to initiate or assert claims against you, us or third parties can be kept by us for as long as corresponding proceedings could be initiated. This will generally be the length of the relationship plus the length of any applicable statutory limitation period under local laws.

10. TO WHOM DO WE GRANT INTERNATIONAL ACCESS TO YOUR PERSONAL DATA AND HOW DO WE ENSURE PROTECTION?

OpenWay is a company that operates globally. We may transfer personal data to other OpenWay group companies or service providers we have commissioned, outside your country. OpenWay will take all reasonable steps to ensure that personal data are protected, and any such transfers comply with applicable law.

If personal data are processed in countries outside of the European Economic Area, OpenWay uses the EU standard contractual clauses, including suitable technical and organisational measures in order to ensure that your personal data are processed according to the same standards as European data protection.

11. RIGHTS OF PERSONS AFFECTED

The following summarizes the rights you have in certain circumstances in relation to your personal data. 

Where we receive a request to exercise one of these rights, we shall provide information on the action we take on the request without undue delay and in any event within one month of receipt of the request. This may be extended by a further two months in certain circumstances, for example where requests are complex or numerous.

The information will be provided free of charge, except where requests are manifestly unfounded or excessive, in particular because of their repetitive character. In these circumstances we may charge a reasonable fee or may refuse to act on the request. We will advise you of any fees prior to proceeding with a request.

A request should include appropriate identity verification information (such as your name, address, email address or other information reasonably required). We may ask for additional information to verify your identity before carrying out a request.

Where we do not carry out a request, we shall inform you without delay and within one month of receipt of the request, providing our reasons for not taking the action requested.

Right to information: 
You can ask us for information regarding any data of yours that we keep at any time. This information concerns, among other things, the data categories we process, for which purposes we process them, the origin of the data if we did not acquire them directly from you and, if applicable, the recipients to whom we have sent your data. You can obtain a copy of your data from us free of charge. If you are interested in additional copies, we reserve the right to charge for the additional copies.

Right to correction:
You can request that we correct your data. We will initiate appropriate measures to keep the data of yours that we continuously process correct, complete, and up to date, based on the latest information available to us.

Right to deletion: 
You can request that we delete your data provided the legal requirements have been met. This can be the case if

  • the data are no longer required for the purposes for which they were acquired or otherwise processed;

  • you revoke your consent to processing or transfer of your personal data based on consent (however, this will not affect the lawfulness of earlier processing activities), and there is no other legal basis for the processing;

  • you object to the processing of your data and there are no legitimate reasons for the processing or you object to data processing for the purposes of direct marketing;

  • the data have been unlawfully processed.

There are also certain exceptions where we may refuse a request for deletion, for example, where the personal data is required to comply with a legal obligation or for the establishment, exercise or defence of legal claims.

Right to restriction of processing: 
You can request that we restrict the processing of your data if

  • you dispute the correctness of the data - for the period of time we need to check the correctness of the data;

  • the processing is illegal but you do not wish to have your data deleted and request a restriction of use instead;

  • we no longer need your data, but you need the data to assert, exercise or defend against legal claims;

  • you have filed an objection to the processing, though it has not yet been decided whether our legitimate grounds outweigh yours.

Right to data portability: 
At your request, we will transfer your data that you provided to us – where technically possible – to another responsible entity. However, this right only applies if the data processing is based on your consent or is required to fulfil a contract. Instead of receiving a copy of your data, you can ask us to send the data directly to another responsible entity that you specify.

Right to objection: 
You can object to the processing of your data at any time for reasons that arise from your special situation provided the data processing is based on your consent or our legitimate interest or that of a third party. In this case, we will no longer process your data. The latter does not apply if we are able to prove there are compelling, defensible reasons for the processing that outweigh your interests or we require your data to assert, exercise or defend against legal claims.

Complaints to supervisory authorities
OpenWay takes your reservations and rights very seriously. However, if you are of the opinion that we have not dealt with your complaints or reservations adequately, you have the right to submit a complaint to the responsible data protection authorities.

 If you have any questions regarding the use of your personal data, or if you wish to exercise any of the above rights, you can contact us at:

OpenWay Europe SA

AXISPARC Business Centre

Rue Emile Francqui 3

1435 Mont-Saint-Guibert, Belgium

Tel: +32 10 800 100

OpenWay Technologies Ltd

9 Archbishop Makarios III Avenue

Severis Building, 6th Floor

1065 Nicosia, Cyprus

Tel: + 357 22512255

OpenWay Systems Ltd

Level 5, Suite 2

Portomaso Business Tower

St. Julians, STJ 4011, Malta.

Tel: + 356 2137 18 68

OpenWay Holding Ltd

Level 5, Suite 2

Portomaso Business Tower

St. Julians, STJ 4011, Malta.

Tel: + 356 2137 18 68