12 minutes read
If you are the visitor or the user of a community space which uses Onebiolink’s services, then any information you submit to that venue will be indirectly collected by Onebiolink for security purposes. For more information on how the data you enter on the venue frontpage is collected by Onebiolink, we suggest you contact with the venue management.
What does this cover?
Data that we collect
When any individual visits our website and decides to sign up for our services, we collect data such as their name, email addresses, contact number, organization they belong to (if any), etc. This information can be collected by us through various other resources such as your participation in a survey conducted by the company or your prior interaction with our services in any form or method. When you register for a paid subscription or do a booking for a venue using any of the sub-domains given to our partner venue administrators, then as a result of you making the payment through a payment gateway, we collect your payment information having details such as payment card information, billing address, name, etc. This information is described as “Payment information”, going ahead in the document. Our website automatically collects the information about the nature of your interaction with our website. This is termed as “Log data”. This data helps us in understanding where different users of our services are situated, and which platform do most of our users use for accessing our website and services. We use third party services in the form of cookies on our websites to collect some of the mentioned information above.
Our partners managing the venue or venue administrators may submit personal data of their users to us for analysis purposes. We provide booking insights from that data to the venue managers. This “User data” might include information such as name, email address, contact numbers for primary key identifiers and booking information such as number of bookings, space used, time, frequency, etc. for analysis purposes. In order to know more about how the venue uses its data we recommend, if you are a user of the space provided by the venue, to contact the venue administration for more details. We will only use and disclose venue data and its user data according to the provisions set forth in this agreement.
We may be required to retain thee data you submit directly or indirectly to us in some form to satisfy the need behind collecting that data or just to meet legal obligations in some cases. We will only retain data, if it is in good interest of the services that we provide and that there are no legal clauses which would prevent us from storing such data. We store booking or audit logs for a maximum of 90 days. We store booking information such as the aggressor in the booking and the title, price and frequency for a period of 7 years. Server and other logs are stored for a maximum time of 90 days and Database backups are stored for a maximum time of 35 days before a new and fresh backup is created, discarding the older one.
How do we use collected data?
Sharing your data
We only share and use your personal data in the circumstances mentioned in this document. All other cases would be shared with the users via email or other means of communication. We may share your data with our partner third parties to enable them to provide us with the services we require to keep our service. For venue administrators, we may provide venue’s details to our associated third parties in order for us to receive essential business intelligence and services from them. All the third parties that are associated with us are required to satisfy certain criteria for improving data security and transaction handling and comply with applicable laws. We might share your data with our partners when we truly believe that sharing such information is necessary to maintain the stability of the service and improve its overall quality, or to satisfy a legal regulation or law or to administer a customer agreement. We might share your information in case we are at a threat of our privacy and also that of our users including the venue users and venue administrators. We may share your data with subsequent parties to detect any fraudulent accounts and security threats to the service. We may be required to share your payment details for verifying the transaction. In case of any merger or acquisition of Onebiolink with any other organization, your data will be transferred as well. Furthermore, in all other cases, we may share your data with anyone if we have your prior consent to do so.
Coming to aggregated information, which means that no single person can be identified individually from that information, we may share such information with our third-party partners to gather insights such as type of services most in use, age groups of our customers, geographical location, computer configurations, performance analysis, etc. If by a law, we are required to treat tis aggregated data as personally identifiable, then we shall notify the user and ask for consent before actually sharing the information.
Whenever a user buys access to our services or renews his access or makes a booking on any one of the venues using our services, it requires an online payment to confirm the booking in most of the cases. If an online payment is required and such payment is made through our service, then we collect the payment information and our payments providers use it to confirm the payment. We never receive or store your entire payment card information. All our payment services are PCI-DSS compliant. (Payment Card Industry Data Security Standard).
Disclosure of your Information
Rights and Controls
On some occasions, we might provide you with an option to opt-out of the process of sharing your information with us. The downside to this will be that you will not be able to use certain features of our services. You can also select to block cookies and other plugins we use, but if you do so some features of our services might not work properly.
If you are an EEA or Switzerland resident, you are entitled to all the subsequent rights once GDPR becomes effective in your case. Kindly not that we may require certain documents to confirm your identity and nationality. Please refer to our GDPR compliance notice for more details.
Modifications to your data
While using our services, you have complete access to your personal data. At any point in time, you may wish to delete or modify your personal information which includes data such as your name, password and other login information, your email address, your affiliation (if any), contact number, payment card information, etc. You may access, update or review your information at any time. We request you to send us an official email should you wish to perform any altercations to your account. We may decline your requests to delete or modify your data if we find the cause unreasonable. In most of the cases we will allow the information modification/deletion but if we ever have a strong legal ground to retain your information then we may wish to keep that information with us. This section would serve as the main legal framework in our defense, leading us to retaining your information.
Once your personal data is deleted, in accordance with our policies mentioned your data may still be in our servers for a period depending upon the type of your data, once it has been deleted from our main database. If as a part of provisioning the service to you, we enter into any agreement with a third-party about sharing your information then after you approach for an information deletion practice, we assure that we would make an effort from our side to the third party to delete your information that might exist on their database. Note that once you cease to use our services, you are no longer eligible to raise a concern about deleting your information from our servers. We may use your personal data to act as a support for the services that we provide and to comply with our obligations under law. The content that we receive through transactions is still under our access even if you delete your account, or have your personal information deleted from our servers.
We value the security or your data at Onebiolink. That is why, we have industry-leading, top-tier security technologies functioning to secure our on-air transactions and prevent data breaches. We limit the access to your personal information to only those personnel in our company who really need access to such data to perform their tasks. We use industry standard encryption protocols combined with our own security measures to make sure that the valuable data of our users is not compromised. Although, we assure that best measures are taken to secure your data and transaction but as it goes, Tiemtble does not completely guarantee the security of your information. As an account holder with Onebiolink, we would suggest you take preventive measures to restrain unauthorized access to your account by having a strong password and signing off every time you complete a session with us. If we do become aware that any data breach has occurred and security is compromised, we will notify you about this development at the earliest realistically possible hour in the heat of the situation.
For more details, please feel free to contact us.
8 The Green, Ste A, Dover, DE 19901, USA.