UseOATS.com Privacy Policy

UseOATS.com ("OATS,", "Omni Ad Tracking Server", "we," "us," or "our") provides a server-side tracking and data delivery solution (the "Service"). We are committed to protecting the privacy of our website visitors, customers, and the data we process on behalf of our customers.

As a European-based company, this policy is written to comply with the General Data Protection Regulation (GDPR) and related EU data protection laws.

This policy addresses how we handle two distinct types of data:

Website Data: Data collected from visitors to **UseOATS.com** (Controller Role).
Service Data: Data processed by us when our **customers** use the OATS server-side tracking solution (Processor Role).

1. Our Role: Controller vs. Processor

1.1. Data Controller (UseOATS.com Website)

We act as a Data Controller when we determine the purposes and means of processing personal data relating to:

Visitors to our website (UseOATS.com).
Our prospective and existing customers (e.g., account details, billing, communication data).

1.2. Data Processor (OATS Service)

We act as a Data Processor when we process personal data on behalf of our customers through the OATS tracking solution. In this context, our customer is the Data Controller, and they are responsible for:

Determining the legal basis for collecting the data.
The content and accuracy of the data sent to OATS.
Entering into a Data Processing Agreement (DPA) with us (required for all customers).

2. Personal Data We Collect (Controller Role)

We collect and process the following categories of personal data when you visit our website or interact with us as a customer:

Category of Data	Purpose of Processing	Legal Basis (GDPR)
Contact Data (Name, Email, Phone, Company)	Account creation, billing, customer support, and direct marketing communications.	Performance of a contract or legitimate interest (for existing customer marketing).
Usage Data (IP address, browser type, pages visited, time spent)	Website analytics, improving website functionality, and security monitoring.	Legitimate interest (improving our service and website security).
Payment Data (Billing address, transaction details)	Processing payments and managing subscriptions.	Performance of a contract and compliance with legal obligations (tax laws).
Communication Data (Support tickets, chat history)	Providing customer support and resolving technical issues.	Performance of a contract.

3. Data Processed through the OATS Service (Processor Role)

When our customers use the OATS server-side tracking Service, we process data they send to us. This data may include personal data, such as:

User Identifiers: Hashed or encrypted email addresses, customer IDs, session IDs, device IDs.
Event Data: Actions taken by the end-user (e.g., product views, purchases, sign-ups).
Technical Data: Limited IP information, user agent strings, and timestamps used to route and process the event.

3.1. Data Processing Agreement (DPA)

All customers who use the OATS Service to process personal data must agree to our Data Processing Agreement (DPA). The DPA governs our role as a Processor and outlines our mutual obligations regarding security, data subject rights, and data transfer mechanisms.

3.2. Data Minimisation

We encourage all customers to adhere to data minimisation principles and only send data necessary for their intended tracking purposes. We do not enrich or combine Service Data with data from other customers.

4. Data Sharing and Transfers

4.1. Service Providers (Sub-Processors) and Cloud Infrastructure

We use third-party service providers (sub-processors) to help us operate our business, such as payment processing and support platforms. Crucially, the OATS Service relies on cloud infrastructure and data routing providers, including but not limited to **Google Cloud, Amazon AWS, Microsoft Azure, and Stape.io**, for the storage and processing of Service Data and Website Data.

We only share data necessary for them to perform their functions and require contractual adherence to security standards. However, please be aware that the storage and handling of data by these primary infrastructure providers may also be governed by their own respective privacy policies.

4.2. International Data Transfers

As we operate in Europe, we primarily host data within the European Economic Area (EEA). If we transfer personal data outside the EEA, we ensure appropriate safeguards are in place, such as:

Standard Contractual Clauses (SCCs) approved by the European Commission.
Ensuring the recipient is located in a country deemed to have adequate protection by the European Commission.

4.3. Legal Requirement

We may disclose your personal data if required to do so by law or in response to valid requests by public authorities (e.g., a court order or government agency).

5. Data Security and Retention

5.1. Security

We implement robust technical and organizational security measures to protect the personal data we control and process. These measures include encryption, access control, regular security audits, and staff training on data protection.

5.2. Data Retention (Controller Role)

We retain your Contact and Payment Data for as long as your account is active, and for a period thereafter as required to comply with our legal and tax obligations (typically 6 years in our jurisdiction) or to resolve disputes.

5.3. Data Retention (Processor Role)

Service Data is retained according to the terms specified in the DPA and as configured by our customers. Customers have control over the deletion of their Service Data.

6. Your Data Protection Rights (Controller Role)

Under the GDPR, you have the following rights regarding the personal data we control about you (Website Data and Customer Account Data). You can exercise these rights by contacting us at the details provided below.

1. The Right to Access: Request copies of your personal data.
2. The Right to Rectification: Request correction of inaccurate or incomplete data.
3. The Right to Erasure ('Right to be Forgotten'): Request that we erase your personal data under certain conditions.
4. The Right to Restriction of Processing: Request that we restrict the processing of your data under certain conditions.
5. The Right to Data Portability: Request that we transfer the data we have collected to another organization, or directly to you, under certain conditions.
6. The Right to Object: Object to our processing of your personal data, particularly when based on legitimate interests.
7. The Right to Lodge a Complaint: Lodge a complaint with a supervisory authority in your country of residence if you believe our processing violates the GDPR.

7. Contact Information

If you have any questions about this Privacy Policy, our data practices, or if you wish to exercise any of your data protection rights, please contact us:

UseOATS.com

Attention: Data Protection Officer

Email: [email protected]

Address: 37 Nicolae Titulescu, Craiova, Romania

Privacy Policy for UseOATS.com