OGY Docs Inc. (“OGY”, “we”, “us”, “our”) is committed to maintaining the privacy of its users (“user”, “you”). The following information describes how OGY collects and processes information about you when you use our Services (as defined below).
- What information we collect and why we collect it.
- How we use that information.
- Your rights with regard to the collection of such information.
OGY owns and develops the WAVEBL IP and operates the WAVEBL Application Network (“WAVEBL”) which is a digital peer-to-peer network that enables its users with the ability to transfer originally issued documents, in an encrypted, direct peer to peer transmission using the WAVEBL application. All data in WAVEBL system is encrypted in at rest and in transit, using tools supplied by leading cloud security solutions according to market best practices.
In addition, OGY also allows users with the ability to establish, host and manage their WAVEBL application on OGY’s online cloud based SaaS platform (“Platform”).
OGY also provides information on WAVEBL and the Platform on a designated website (“Website”) (WAVEBL, the Website and the Platform shall be collectively referred to as the “Services”).
Information from which you can be personally identified may also be collected, including but not limited to your name, organization you are attributed to and the location of the computer through which you used the Services (hereinafter: “Personal Information”). Personal Information shall be collected only if received voluntarily from you, including, without limitation, by registering to use our Platform, or if you use our Website. Information not to be collected and or mined will be the log of communications and the contents of the communications. All system logs are stored in secure dedicated areas with very limited permissions and active backups, preventing the possibility to edit or delete logs.
We will also collect the information uploaded on the Platform, as it enables you to manage documents you wish to issue and exchange. We will also collect your contact list which includes details on organizations you wish to exchange documents with. Please note that any Personal Information uploaded to the Platform by you, will be collected by OGY though it will not be used for any other purpose than providing you with our Services.
Furthermore your payment information may be collected when you wish to use our Services. Such information may include your bank account information, date of birth, passport or national ID card, bank card statements and other information required to charge the applicable fees from you.
How We Store and Transfer Information
In order to provide our Services, manage and operate our business, we use third parties cloud services such as:
- Amazon Cloud Services which comply with the GDPR and is ISO 27001, 27017,27018 certified (for AWS full statement see https://aws.amazon.com/blogs/security/all-aws-services-gdpr-ready/). AllCloud stores some of its Information, which may contain Personal Data, at AWS cloud services in Ireland region (eu-west-1).
- Google WorkSpace services which are committed to GDPR compliance. (For Google Cloud full statement see https://cloud.google.com/security/gdpr/) .
- Salesforce cloud services which will comply with the GDPR in the delivery of their services and is ISO 27001, 27017,27018 certified (for a Salesforce full statement see https://www.salesforce.com/eu/campaign/gdpr/).
- In order to deliver our services and/or operate our business, Information, which may include Personal Data, may be processed by our third parties service providers (“Suppliers”). We transfer only the minimum data that is necessary for conducting our services. The data is transferred only to suppliers approved by us that allow compliance with GDPR.
- We may transfer Personal data to the countries of: Israel and Germany where we maintain our facilities and/or provide our services. Israel is considered by the EU as having adequate data protection laws.
Information Security Efforts
WAVE BL invests significantly to protect the company and clients from malicious activity. This includes (but is not limited to) hardening operating systems according to best practices, endpoint protection, advanced network security including logging and detection capabilities, backup/ restore including high availability, encryption at rest and in transit, patch & vulnerability management, secure-software development lifecycle, automatic and manual security scans, incident response, compliance testing, secure deletion of information upon termination, secure identity and access management.
How do we secure our software development process?
WAVE BL development process includes information security training alongside manual and automatic activity to identify and prevent information security vulnerabilities as early in the process as possible.
Safeguarding services provided by peer cloud service provider
The Service provider ensures the level of security provided by the peer cloud service provider at all time.
The WAVE BL User’s termination process includes a short reversible retention period alongside performing secure deletion of the assets, the databases and the files dedicated to that customer. WAVE BL customers can extract and backup their information including the logs regarding the activity in the system at any moment using the system.
Use of Information
We use the Personal Information we collect from you for a range of different business purposes according to different legal bases of processing. We may use or process your Personal Information for the following purposes. One or more purposes may apply simultaneously.
1. Providing the Requested Services
- We collect Personal Information to provide you with the Services you contracted to receive when you wish to use our cloud-based Platform.
- Such collection of information will enable us to provide you with technical and professional assistance, with regard to the Services you use or intend to use.
We process the Personal Information where it is necessary for the adequate performance of the contract regarding the requested Services.
2. Improvement and Development of the Services
- We collect Personal Information to improve and develop our Services and understand feedback on OGY’s Services and to help provide more information on the use of those Services quickly and easily.
- We collect Personal Information for ongoing review and improvement of the information provided on our Website to ensure it is user friendly.
- We collect Personal Information to improve the management and administration of our business and maintain compliancy with our internal policies and procedures.
- We conduct surveys and research, test features in development, and analyze the information we have to evaluate and improve our Services, develop new features, and conduct audits and troubleshooting activities.
We process this information in light of our legitimate interest in improving the Services, to allow our users to have the best experience.
3. Maintain a Safe and Secure Environment
We may use your information to detect and prevent fraud, abuse and security incidents in the following ways;
- Verify and authenticate your identity and prevent unauthorized or illegal activity;
- Enhance the safety and security of our Services;
- Conduct security investigations and risk assessments;
- Prevent or take action against activities that are, or may be, in breach of our terms of service or applicable law.
We process this information in light of our legitimate interest in improving our Services and enabling our users to browse in a secure environment.
4. Personalize Content, Advertising and Marketing
- If you have used OGY’s Services in the past, we have a legitimate business interest for matching the data we collect with other data we had already collected.
- This enables us to understand your needs and interests, optimize the content we send you and make it more suitable and relevant to your needs.
- This also enables us to improve your experience on the Services by providing you with personalized content, recommendations, and features.
We process this information in light of our legitimate interest to personalize your experience and customize our content.
Disclosure of Information and Transfer of Data
In order to perform our contractual and other legal responsibilities or purposes, we may, from time to time, need to share your Personal Information with third parties. We may as well share your Personal Information with our affiliates, subsidiaries or any third party service providers and individuals to facilitate our Services or any portion thereof, such as marketing, data management or storage services. We may also share your information with analytics service providers for analytics services. Such analytics service providers set their own cookies or other identifiers on your computer, through which they can collect information about your usage of our Website. This helps us compile aggregated statistics about the effectiveness of our Services.
We may also transfer your information, including Personal Information, in connection with a corporate merger, consolidation, the sale of related assets or corporate division or other fundamental corporate changes. Furthermore, information about you may also be released in order to comply with any valid legal obligation or inquiry or process such as a search warrant, subpoena, statute or court order. We will also release specific information in special cases, such as if you use the Services to perform an unlawful act or omission or take any act or omission that may damage OGY, its property and goodwill, or if there is an attempted breach of the security of the Services or a physical or property threat to you or others. You have the right to file a complaint to the relevant supervisory authority regarding any claim that may arise due to our data protection and privacy practices.
You have the right at any time to request to access or modify your information. To exercise these options, please contact us at firstname.lastname@example.org.
In some jurisdictions, in particular those located within the European Union (the “EU“) or within the European Economic Area (the “EEA“), you may be afforded specific rights regarding your Personal Information. Subject to such eligibility, you may have the following rights to:
- Request a rectification of your Personal Information where the information we hold about you is incorrect or incomplete.
- Object to the processing of your Personal Information for direct marketing purposes.
- Object to the processing of your Personal Information where our legal basis for that processing is that such processing is necessary for our legitimate interests.
- Object to an automated decision-making (including profiling) in certain circumstances.
- Request the erasure of your Personal Information in certain circumstances, such as where processing is no longer necessary for the purpose it was originally collected for, and there is no compelling reason for us to continue to process or store it;
- Receive your Personal Information, or ask us to transfer it to another organization that you have provided to us, which we process by automated means, where our processing is either based on your consent or is necessary for the performance of a contract with you.
Generally, with regard to information collected on our Website, OGY is a “Data Controller”. Therefore, if you wish to exercise the above mentioned rights, please contact us, and we will make our best efforts to fulfill your request.
With respect to information collected via the Platform, OGY is a “Data Processor” and therefore if you wish to exercise the above mentioned rights, please contact the organization you are attributed to, and we will make our best efforts to assist in facilitating your request.
If you wish to file a request regarding any of the above, you may contact us at: email@example.com.
California Online Privacy Protection Act
According to CalOPPA, OGY agrees to the following:
- You can request to change your Personal Information by emailing us at: firstname.lastname@example.org.
California Privacy Rights
The California Consumer Privacy Act of 2018 (“CCPA”) permits users who are California residents to request to exercise certain rights. Subject to its applicability on OGY, and if you are a California resident, the CCPA grants you the right to request certain information about our practices with respect to your Personal Information. In particular, you can request to receive information on the following:
- The categories and specific pieces of your Personal Information that we have collected.
- The categories of sources from which we collected your Personal Information.
- The business or commercial purposes for which we collected your Personal Information.
- The categories of third parties with which we shared your Personal Information.
You can be rest assured that we do not sell your Personal Information. If you choose to exercise your rights, we will not charge you different prices or provide different quality of our Services, unless those differences are related to your provision of your Personal Information.
Please note that you must verify your identity and request before further action is taken. As a part of this process, government identification may be required. Moreover, you may designate an authorized agent to make a request on your behalf.
We endeavor to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. Any disclosures we provide, will only cover the 12 month period preceding your verifiable request’s receipt. If, for some reason, we cannot reply within such time frame, our response will include an explanation for our inability to comply. If you wish to exercise your CCPA rights, please contact us at: email@example.com.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you with a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
CAN SPAM Act
The CAN-SPAM Act is a Federal US law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out strict penalties for violations.
To be in accordance with CANSPAM, OGY agrees to the following:
- Not use false or misleading subjects or email addresses.
- Identify the commercial message sent to you as an advertisement when required.
- Include the physical address of our business or site headquarters.
- Monitor third-party email marketing services for compliance, if one is used.
- Honor opt-out/unsubscribe requests quickly.
- Allow users to unsubscribe by using the link at the bottom of each email.
If at any time you would like to unsubscribe from receiving future emails, you can email us at firstname.lastname@example.org and we will promptly remove you from ALL correspondence.
We may use “cookies” and/or other technologies or files (collectively, “cookies”) to identify how users make use of our Services. This aggregated tracking information may be used to help us improve and enhance the Services’ experience for all of our users. In addition, cookies are used for adjusting the Services to your personal preferences. Cookies contain information such as the pages you visited, the length of time you stayed on the Services, the location from which you accessed the Services and more. If you would prefer not to have cookies stored on your computer, you may modify your browser settings to reject most cookies, or manually remove cookies that have been placed on your computer. However, by rejecting the cookies, you may be unable to fully access the offerings on our Services. To find out more about cookies, visit www.allaboutcookies.org.
For more information about the cookies we use and your choices regarding cookies, please visit our Cookies Policy.
Opt In or Opt Out
You are always in control of your data, and if you choose to receive information from us, or others, you can change your mind later. If, at any time, you would like to stop receiving such information or opt out of a feature, you may notify us by writing to email@example.com. You should be aware, however, that it is not always possible to completely remove or modify information in our databases and servers, although we will always make reasonable efforts to do so upon your request.
Links to Other Websites
We deploy industry standard measures to ensure the security, confidentiality, integrity and availability of the Personal Information we process. We maintain physical, technical and administrative safeguards, and test and update these periodically. We endeavor to restrict access to Personal Information on a ‘need to know’ basis for the provision of Services to you. No such measures are perfect or impenetrable. In the event of a security breach, we will take all reasonable action to minimize any harm. Although we will do our best to protect Personal Information, we cannot guarantee the security of data transmitted to our Services and transmission is at the users own risk.
User credentials is encrypted using one way hashing functions and is managed on the AWS region EU-WEST -1.
The Platforms time zone is UTC.
Generally, OGY does not retain information longer than necessary to provide its Services and for its reasonable business and lawful needs. If you withdraw your consent to us processing your Personal Information, we will erase your Personal Information from our systems, unless the Personal Information is required for OGY to establish, exercise or defend against legal claims or it is necessary for the performance of the requested Services.
The Service is not intended for children under the age of 16. We do not, knowingly or intentionally, collect information about children who are under 16 years of age.
IF YOU ARE UNDER THE AGE OF 16 YOU MAY NOT USE THE SERVICE, UNLESS PARENTAL CONSENT IS PROVIDED ACCORDINGLY
Governing Law and Jurisdiction
This page was updated on 1st of January 2022.