Persons younger than 18 years may not submit any personal data through the Data Controller software application Outgrid and Website. If you are a person younger than 18, before submitting personal information, you must obtain the consent of your parents or other lawful guardians.
Personal data – any information relating to an identified or identifiable natural person ('Data subject'); an identifiable natural person can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, an online identifier or to one or more factors specific to the physical, physiological, genetic, religious, economic, cultural or social identity of that natural person.
Representative – a person representing Clients, the Data Controller's Partners, and both natural and legal persons.
Data Subject's consent – any freely given, specific, informed and unambiguous indication of the Data Subject's wishes by which they, by a statement or by clear affirmative action, signifies agreement to the processing of personal data relating to them.
Outgrid App software – the Outgrid solution downloaded by Users enabling messaging, audio messages, creating and managing content according to functionality and rights granted to individual Users.
App user – a natural person who has the User account in the App, a person who concludes the agreement (including online) with the Data Controller to use the App.
Service Provider – a natural or legal person who can offer goods, services or works to the Data Controller and who cooperates with the Data Controller or has concluded an agreement with the latter on the sale of goods and services or works.
Personal data processing – any operation or set of operations that are performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
The Data Controller shall collect personal data in accordance with requirements of applicable legal acts of the European Union and the United Kingdom and instructions of controlling authorities. All reasonable technical and administrative measures shall be applied to protect data collected on Data Subjects against loss, unauthorised use, or alterations.
WHAT INFORMATION WE COLLECT ABOUT YOU
- The information directly provided by you.
- The information about how you use our Website.
If you visit our Website, we also collect the information that discloses the specifics of the services provided by us or automatically generated statistics on visits. More information is provided in the 'Cookies Policy.'
- Information from sources of third parties
We can obtain information about you from public and commercial sources (to the extent permitted by applicable legal acts) and link it with other information we receive from or about you. In addition, we can obtain information about you from third parties' social network services when you connect to them.
- Other information collected by us
We can also collect other information about you, your device, or your website's content with your consent.
You may decide not to provide certain information to us; however, in such a case, you may be denied access to our service.
PERSONAL DATA PROCESSING FOR THE PURPOSE OF USE OF THE APP
Processing of personal data of Users of the App. The Data Controller shall process the following personal data of Users of the App if provided:
- Phone number (mandatory);
- E-mail address;
- Date and time of App use;
- Other information on the software use and maintenance services.
Data are obtained directly from Users when rendering services. The contents of private messages and private groups are encrypted and are not accessible to anyone except its parties.
We undertake not to transfer your personal data to any unrelated parties, except for the following cases:
- Having obtained the User's consent for personal data disclosure;
- In implementing the legitimate interests of the Data Controller (e.g., in the case of debt collection);
- Disclosure of the data to authorised bodies according to the procedure established by legal acts.
The Data Controller may transfer personal data of Users and other Data Subjects to Data Processors not specified in this Policy who provide services (carry out works) to the Data Controller and process personal data of Users and Data Subjects on behalf of the Data Controller (e.g., companies providing accounting services). Data Processors may process personal data only according to the Data Controller's instructions and only to the extent necessary to properly fulfil contractual obligations. If the Data Controller involves data processors, the Data Controller shall take all measures required to ensure that the data processors have appropriate organisational and technical security measures and maintain the secrecy of personal data.
Personal data processed based on the Data Subject's consent expressed when submitting personal data and/or performance of the agreement concluded with the Data Subject.
PERSONAL DATA PROCESSING FOR THE PURPOSES OF CONSULTATION OR FULFILMENT OF A QUERY
Processing of personal data of any person who addresses us for a consultation, submission of a query, and/or other purposes. The Data Controller shall process the following personal data of such persons, including Persons calling by phone:
- Forename (if provided);
- Surname (if provided);
- Phone number (if provided);
- E-mail address (if provided);
- Other information is provided to process the query.
Personal data of such applicants shall not be communicated to third parties.
Personal data for a consultation and submission of a query shall be processed based on consent expressed when submitting personal data.
PERSONAL DATA PROCESSING FOR THE PURPOSE OF DIRECT MARKETING
The following personal data of Clients and other Data Subjects may be processed for direct marketing:
- Forename (if provided);
- Surname (if provided);
- E-mail address.
Having sent a newsletter, the Data Controller may collect statistics on the Data Subject's behaviour related to the use and content of the newsletter (e.g., whether the newsletter was read, what links were opened by the Data Subject).
Personal data will be obtained directly from Data Subjects. The Data Controller may transfer Personal data only to third parties who provide specialised services to send e-messages and adapt the type of advertising ordered through advertising platforms.
Personal data of Users and other Data Subjects processed based on consent expressed when submitting personal data and agreeing with their processing for direct marketing or based on the Data Controller's legitimate interest.
Please be informed that the Data Subject shall have the right to disagree or withdraw the consent to process his (her) personal data for direct marketing purposes at any time without specifying the motives of the disagreement, notified by e-mail: email@example.com.
The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
WHAT WE DO TO PROTECT YOUR INFORMATION
Personal data shall be protected against loss, unauthorised use, and changes. We have implemented organisational and technical measures to protect all information collected by us to provide services. Please be reminded that despite our appropriate actions to protect your information, no website, online transaction, computer system, or wireless communication is completely secure.
The Data Controller shall apply different periods of personal data stored in observance of legal acts' requirements and according to personal data processing purposes.
Personal data storage period:
Personal data processing purpose
Period of storage
Processing of Data Subjects' personal data for the purposes of consultation, fulfillment of a query
1 (one) year from the day of the consultation, fulfilment of the query, except where the Data Subject applies for the provision of the Data Controller's services. The general time limit of 10 (ten) years shall apply in such a case.
Processing of personal data of Users
The term of validity of the agreement and 10 (ten) years after its expiration.
Processing of personal data of Data Subjects for direct marketing purposes
5 (five) years from the day on which the consent is given, unless the Data Subject requests the extension of this time limit.
When the Data Subject's personal data are processed for the direct marketing purpose on the basis of consent or legitimate interest of the Data Controller, the Data Controller shall stop processing the Data Subject's personal data for the direct marketing purpose (shall immediately destroy them) as soon as the Data Subject objects the processing of personal data for such purpose.
Exemptions from the periods of storage may be applied to the extent they do not infringe the rights of Data Subjects and comply with legal requirements.
On the expiration of the established time limits, the data shall be destroyed unless they have been extended, preventing them from being recovered.
The Data Subject whose data are processed in the Data Controller's activities shall have the following rights:
- The right to know (be informed) about the processing of his (her) data;
- Right to access own data and know how they are processed;
- Right to rectification of personal data or to supplement incomplete personal data having regard to the purposes of their processing;
- Right to erasure ('right to be forgotten), i.e., to stop actions of processing of own data (except for storage);
- Right to restriction of processing of personal data under a valid reason;
- Right to data portability, where the Data Subject has provided his (her) personal data to the Data Controller in a structured, commonly used, and machine-readable format;
- Right to object to the processing of personal data when they are processed or intended to be processed for direct marketing purposes, including profiling to the extent related to such direct marketing;
- Right to lodge a complaint with the Information Commissioner's Office or the respective data protection authority in any EU country.
The Data Subject shall have the right to submit to the Data Controller in writing any request or order concerning the processing of personal data in one of the following ways: deliver directly or send per post to the address: Outgrid Limited, 7 Bell Yard, London WC2A 2JR, UK or by e-mail: firstname.lastname@example.org.
Having received such a request or order, the Data Controller shall, not later than within one month from the date of request, submit the answer and carry out or refuse to carry out the actions specified in the request. Where appropriate, the specified time limit may be extended for two more months, considering the complexity and number of requests. In such a case, the Data Controller shall notify the Data Subject about such extension within one month from the date of request, specifying the reasons for the refusal.
The Data Controller may refuse to enable data subjects to implement the above-specified rights, except for disagreement with personal data processing for direct marketing purposes when in the cases established by laws, it is necessary to ensure the prevention, investigation, and identification of crimes, infringements of business or professional ethics, and the protection of rights and freedoms of the Data Subject or other persons.
- E-mail: email@example.com
- Post: Outgrid Limited, 7 Bell Yard, London, WC2A 2JR, UK
Updated on 12 May 2022