• Information that you voluntarily provide us
  

• Information that we receive automatically from you or from third parties

• Cookies and similar technologies

• Our affiliates, partners and employees
  

• Third-party service providers or consultants

• Other third parties

• Right of access
  

• Right to withdraw consent

• Right to rectification, erasure and restriction

• Right to data portability

• Right not to be subject to an automated decision

• Right to lodge a complaint

• What Personal Data we collect when you use our services, either via website (oxygean.com) or via any related software or mobile application;

• How we may use and protect your Personal Data.

Please, note that “Personal Data” means any information relating to an identified or identifiable natural person; an “identifiable natural person” is one who can be identified, either directly or indirectly, in particular by means of a name, an identification number, a location data, etc.

We are Ellorem Ireland Limited (with registered office at 2nd Floor, 2-4 Ely Place, D02 FR58 Dublin, Ireland) and we are the “DataController” of your Personal Data.

“Data Controller” means that we are the organisation that directs the reason why your Personal Data is processed inthe first place and that first receives your Personal Data and is responsible for it.

As Data Controller, we are strongly committed to fullycomply with the European Regulation no.2016/679 (the “GDPR”) and,therefore:

• We have configured our services so that the processing of your Personal Data is kept to the minimum necessary;

• We have adopted safeguards and technicalmeasures in order to protect your privacy rights;

• We ensure that, by default, only Personal Datawhich is necessary for each specific purpose will be processed.

When you access or use our Oxygean platform (either via our website oxygean.com or via any related software or mobile application), we may collect the following Personal Data:

Information that you voluntarily provide us.

You may, through various means (e.g., e-mail, website contact form, sign-on through our services, etc.), voluntarily provide us your Personal Data. In particular, the said Personal Data may include:

• Contact Data that you provide us in case you send us a contact request (such as, name, e-mail, etc.);

• Account Data that you provide us when you register an account for the use of our services (such as: email address, first name, last name, profile photo, date of birth and location);

• Content Data that you submit, transmit, create or convey through our services, such as information, text, message, picture, video, music and any other information, data or material (and their tags, such as any metatag, hashtag and geotag); the said Content Data can be created by you in several ways, including via profile creation, feedback, comments, likes, surveys, forms, chat service, email SMTP service, etc.

Please, note that we will process the abovePersonal Data on the assumption that they refer to you or to third parties whohave expressly authorized you to provide them to us.

We may also collect the following Personal Data:

When you access or use our Oxygean platform (either via our website oxygean.com or via any related software or mobile application), we may collect the following Personal Data:

• Social Login Information that we may receive from you in case you register to join our Oxygean platform by logging into your account with a third-party social networking service (e.g., Facebook, LinkedIn and other third party services that let you sign in using your existing credentials with those services).

Please, note that if you choose to register via socialnetworking service, we will use the information you have provided thereto (suchas, your Contact Data, your Account Data and other information you makepublicly available via the same social networking service) to create youraccount; the information we collect from and through a social networkingservice may depend on the privacy settings you have set therewith.

• Technical Data that we automatically collect when you use our services, such as: (i) information on how you use our services (e.g., your visits and use of the OX platform, your interaction with content thereof, your user status, etc.) (ii) information about Your IP address, proxy server, operating system, web browser and add-ons, device identifier and features, number of sessions, language and location.

• Cookies and similar technologies: We may collect Personal Data using cookies. Here [0 COOKIE POLICY] you find further information on our use of cookies and similar technologies

Your Personal Data Above will be processed by us for at least one of the following purposes:

• to carry out our obligations arising from a contract entered into between you and us

• to provide you with the services that you requested from us (e.g., create and manage your account, provide access to our Oxygean platform, provide custom, personalized content and information, etc.)

• to communicate with you for informational and operational purposes (e.g., account verification, account management, customer service, system maintenance, etc.), including by periodically emailing you services-related announcements

• to give you access to our support and customer care services and to enable you to communicate with our team

• to carry on statistical research/ analys is, as well as to report, measure and evaluate our services’ operation, usability, effectiveness, features and performance (e.g., monitor metrics such as total number of visitors, traffic, usage, diagnose or fix technology problems, etc.)

• for marketing purposes

• to ensure compliance with any applicable law (including the GDPR), our terms and conditions, and our Privacy Policy

Our processing of your Personal Data has the following legal basis:

• the processing is necessary for the performance of a contract (such as, when you provide access to our services)

• the processing is carried out with your consent (such as, when you subscribe our newsletter)

• the processing is based on a legitimate interest pursued by us (such as, when we use the Personal Data To evaluate and report our services’ operation)

• the processing is necessary for the establishment, exercise or defence of legal claims (such as, when we are asked by an authority to disclose your Personal Data).

The provision of your Personal Data for the above-mentioned purposes is voluntary and not mandatory. However, any refusal to provide any of such data may not allow us to provide our services or tofulfill your requests.

Although we use computers to process your Personal Data, big decisions that may impact you are not taken by our computers. When we might do this, we will previously explain why it happens and the effects.

Personal Data collected by us will be processed for the time strictly necessary to achieve the related purposes.

In particular:

• your Personal Data needed for the provision of our services will be processed as long as it is necessary for providing you with the requested services or until you stop using our services; accordingly, we will delete your Personal Data from our systems:

  • after 48 (forty eight) hours after your account closure request;

  • in case you do not access the Oxygean platform for a period of 12 (twelve) months from the last login thereto.

  • your Personal Data needed for the provision of our newsletter service will be processed until you decide to unsubscribe.

  • your Personal Data that we have to keep under the applicable laws (e.g., tax laws, bookkeeping, etc.) will be retained for a period necessary or permitted to comply with such laws.

We warrant to maintain(and continue to maintain) adequate measures to protect your Personal Data against accidental or unlawful destruction or accidental loss, damage or unauthorised disclosure or access.

Please be aware that no security measures are perfector impenetrable, so we cannot guarantee that unauthorised access, hacking, data loss or a data breach will never occur.

In any case, we operate with the aim of mitigating such risks through several measures, including:

• adoption of a data minimisation approach, as we process only Personal Data that is essential to carry out our services;

• use of encryption methods (e.g., Secure Sockets Layer – SSL);

• use of company-wide restriction methods for restricting access into the foundation of our processes, systems and structure, so that only those with authorisation and/or a relevant purpose may access Personal Data and always with their private keys;

• appoint third-party service providers who put in place an adequate level of protection of Personal Data When they carry on their processing activities on our behalf.

We share your Personal Data to the extent necessary to provide you with our services. Any transfer of Personal Data occurs only inconsistency with the purposes and legal basis mentioned in this Privacy Policy.

Our affiliates, partners and employees.

We may share your Personal Data with any entity controlled by, or under common control with, Ellorem Ireland Ltd. (including their employees and partners), to whom it is reasonably necessary or desirable for us to process your Personal Data for the purposes described in this Privacy Policy.

Third-party service providers or consultants.

We engage trusted third parties to perform functions and provide services to us (such as, hosting and maintenance, e-mail, web analytics, database storage and management, operations, customer relationship, advertising operations. etc.), requiring them to ensure an adequate level of protection of your Personal Data [link to section WHERE YOUR PERSONAL DATA MAYBE TRANSFERRED].

Here is a list of service providers involved: [Third Party Providers].

Other third parties.

We may also disclose your Personal Data to third party in two cases:

if we believe that disclosure is reasonably necessary to comply with any applicable law or administrative order;

if we need to to protect ourselves, Our customers, or the public from harm or illegal activities.

We are based in Ireland and Your Personal Data may be further transferred to, and stored at, any of our affiliates, partners or service providers mentioned above.

We will ensure that the jurisdiction in which the recipient third party is located ensures an adequate level of protection of your Personal Data; if it is not the case(i.e., if a recipient is located in a jurisdiction other than a jurisdiction in the European Commission-approved countries providing “adequate” data protection), our service providers shall be signatories of a data transfer agreement which shall include the “Standard Contractual Clauses for data transfers between EU and non-EU countries” adopted by the European Commission And/or any other substantially similar provision.

GDPR grants you several rights, whose exercise can be requested by sending us an e-mail to mark.mcevoy@oxygean.com or by post to Ellorem Ireland Limited, 2ndFloor, 2-4 Ely Place, D02 FR58Dublin, Ireland. Any access request is always replied within one (1) month.

 Here you are your rights:

• Right of access. You Are entitled to receive confirmation as to whether your Personal Data is being processed or not and, where that is the case, access and receive a full copy of such Personal Data in an intelligible form, as well as any related information (such as, the purposes of the processing, the recipients of the Personal Data, the source of Personal Data, etc.).

• Right to withdraw consent. You are entitled to withdraw, at any time, your consent to the processing of your Personal Data.

• Right to rectification, erasure and restriction. You are entitled to obtain from us the rectification of your Personal Data that is inaccurate or incomplete, as well as the erasure thereof and the restriction of processing in case the latter is not lawful.

• Right to data portability. You have the right to receive your Personal Data in a structured, commonly used and machine-readable format, as well as the right to transmit those data to another controller, where technically possible.

• Right not to be subject to an automated decision. We may use automated decision-making only if it is authorized by the applicable law and if you have provided us with an explicit consent or if it is necessary for the performance of a contract. In any case, you can always request us a manual decision-making process instead.

• Right to lodge a complaint. You have the right to lodge a complaint before the Supervisory Authority, if you believe that the processing of your Personal Data is against the GDPR. Such relevant Supervisory Authority is the Irish Data Protection Commission, 21Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland, email dpcaccessofficer@dataprotection.ie

This Privacy Policy came into force on the “Effective Date” specified above.

We may amend or to update its content following changes in the legal and regulatory obligations regarding data protection. In this case, we will inform you about such amendments and updates through their publication on our website as soon as they are adopted, and they will be binding from the moment of their publication.

Therefore, we invite you to visit this page of our website regularly, in order to be aware of the most recent and updated version thereof, so that you are always updated on the processing activities that we carry out.