Privacy Policy

Effective Date: May 1, 2024

Privacy Notice

Please read the Oproma Privacy Notice carefully to understand what information is collected through Oproma, how this information is used, and when it may be disclosed.

In this Privacy Notice, “Oproma” refers to our website, our application, and the products and services offered through our website and application. References to “we”, “us” or “our” means Oproma.

By visiting our website and using Oproma services, you provide your consent and agree to the collection of personal data in a lawful and fair manner. We ensure that the collection and processing of personal data adhere to applicable privacy laws and regulations. If you have any questions or concerns about the data we collect and how it is used, please contact Oproma directly using the contact information provided in this privacy policy. Even if you do not read the entire Oproma Privacy Notice.

Data Controller and Data Processor

Oproma serves as the data processor for most information entered into the Oproma application, website, and supporting systems, acting on behalf of its business customers who serve as the data controllers. However, Oproma also collects certain information directly from users for security, logging, and application performance purposes, where it acts as the data controller and processor. Oproma may engage third party sub-processors (as detailed below) to support its operations. If you have any inquiries about the processing of your personal data, please contact us using the contact information provided in this privacy notice.

Types of Data Collected

Oproma strictly limits the collection of personal data to only the information that is necessary to perform and provide services or fulfill a direct business need. We adhere to the principle of data minimization, ensuring that only the minimum amount of personal data required is collected and processed.

When collecting personal data, we strive to be transparent about the purposes for which the data is being collected and how it will be used.

The Oproma application and supporting applications collect the following types of personal data: cookies, usage data, email address, phone number. Users may enter first name, last name, province, state, country, ZIP/Postal code, city, address, and company name.

Certain data may be mandatory for the use of the Oproma application, while other data may be optional. When data is mandatory, it is clearly indicated throughout the website and application. Users are free to choose not to provide optional data without any impact on the availability or functionality of the service. If you have any questions about which personal data is mandatory, please contact us using the contact information provided in this privacy notice.

Oproma applications may collect personal data that users provide voluntarily or collect usage data while using the website, web application, and supporting applications.

Furthermore, the Oproma website and its supporting applications may use cookies and other tracking technologies to enhance the user experience and provide specific functionalities. Please refer to the Cookie Policy below for more information.

Safeguards

At Oproma, we take the security of your personal data seriously. We implement robust technical and organizational measures to protect your data from unauthorized access, disclosure, alteration, or destruction.

We follow industry best practices and standards to ensure the confidentiality, integrity, and availability of your data. Our security measures include but are not limited to:

Encryption: We employ encryption techniques to safeguard your data during transmission and storage. 

Access Control: We restrict access to personal data to authorized personnel only, ensuring that it is accessible on a need-to-know basis. 

Regular Audits: We conduct regular security audits and assessments to identify and address any vulnerabilities or risks. 

Employee Training: Our employees undergo comprehensive data protection training to ensure they understand the importance of data security and privacy.

We are committed to continuously enhancing our security practices and staying up to date with the latest industry standards to provide a secure environment for your personal data.

While we strive to protect your personal data, no method of transmission or storage is 100% secure. Therefore, we cannot guarantee absolute security. If you have any concerns about the security of your data, please contact us using the contact information provided in this privacy notice.

Mode, Place, and Methods of Processing the Data

Personal data is processed using computers and technology-enabled tools in accordance with organizational policies and procedures related to the stated purposes. In certain cases, personal data may be accessible to Oproma employees involved in the operation of the Oproma website, application, and supporting applications. External parties, such as third party technical service providers, hosting providers, and IT companies, may also have access to personal data as data processors or sub-processors appointed by Oproma.

Legal Basis of Processing

Oproma may process personal data when one of the following legal bases applies: 

  • Consent: Processing is based on the user’s consent for one or more specific purposes.
  • Performance of a Contract: Processing is necessary for the performance of a contract between Oproma and the user.
  • Legal Obligation: Processing is necessary to comply with a legal obligation.
  • Legitimate Interests: Processing is necessary for the legitimate interests pursued by Oproma or a third party.

The specific legal basis for processing personal data will be provided upon request, including whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter a contract.

Place

Data is processed at Oproma’s operating offices and hosting facilities, located in Canada.

Retention Time

Personal data is retained for as long as necessary to fulfill the purposes for which it was collected unless a longer retention period is required or permitted by law.

The retention periods are as follows:

Personal data collected for the performance of a contract between Oproma and a business customer is retained until the contract is fully executed, or until the business customer requests deletion of the data.

Personal data collected for Oproma’s legitimate interests is retained as long as necessary to fulfill those purposes. For specific information about Oproma’s legitimate interests, please refer to the relevant sections of this document or contact us using the contact information provided in this privacy notice.

Personal data processed based on user consent may be retained until such consent is withdrawn, provided that it is not otherwise required or permitted by law.

Personal data may be retained for a longer period when necessary to comply with a legal obligation or a lawful order from an authority.

Once the retention period expires, personal data will be securely deleted or anonymized.

The Purposes of Processing

Oproma collects and processes personal data for the following purposes:

  • Providing Services: Personal data is collected to enable Oproma to provide its services.
  • Analytics: Personal data is used for monitoring and analyzing web traffic and user behavior on the Oproma website and application.
  • User Database Management: Personal data is managed to create user profiles, track user activities, and improve the application.
  • Managing Contacts and Sending Messages: Personal data is used to manage contact lists and send communications to users as part of the Oproma application functionality.
  • Handling Payments: Personal data is processed to facilitate payment transactions and related communications.
  • Hosting and Back-End Infrastructure: Personal data is processed and stored on hosting and back-end infrastructure to support the operation of the Oproma application.
  • Contacting the User: Personal data is processed to respond to user requests and inquiries.
  • Selling Goods and Services Online: Personal data is processed for the provision of services or goods, including payment processing and delivery.

Processing and Sharing of Personal Data

Oproma engages various services and third party processors to support its operations. The following provides detailed information on the processing of personal data, the involved services, and the third party processors: 

Analytics:

  • Google Analytics (Google Inc.) 
  • Matomo Analytics (Matomo.org) 

Handling Payments:

  • Stripe (Stripe Inc)

Cookie Policy

The Oproma website and web application use cookies to enhance the user experience and provide specific functionalities.

The Rights of Users

Users have the following rights regarding their personal data processed by Oproma:

  1. Right to Withdraw Consent: Users have the right to withdraw their consent to the processing of their personal data at any time.
  2. Right to Object: Users can object to the processing of their personal data based on legitimate interests or for direct marketing purposes.
  3. Right of Access: Users can request access to their personal data and obtain information about the processing activities.
  4. Right to Rectification: Users can request the correction or update of inaccurate or incomplete personal data.
  5. Right to Restrict Processing: Users have the right to restrict the processing of their personal data under certain circumstances.
  6. Right to Erasure: Users can request the erasure of their personal data, subject to legal obligations or overriding legitimate grounds.
  7. Right to Data Portability: Users can request to receive their personal data in a structured, commonly used, and machine-readable format, and transmit it to another data controller.
  8. Right to Lodge a Complaint: Users have the right to lodge a complaint with a data protection authority regarding the processing of their personal data.


To exercise these rights or obtain further information, users can contact Oproma using the contact details provided in this document.

Changes to This Privacy Notice

Oproma reserves the right to modify or update this privacy notice at any time. Changes will be communicated through the Oproma website, application, or other appropriate means. It is recommended to regularly review this privacy notice for the latest information.

Customer Responsibilities and Restrictions

(a) Customer will

  • prevent unauthorized access to, or use of, the Oproma Subscription Services, and notify Oproma promptly of any such unauthorized access or use,
  • comply with all applicable laws in using the Oproma Subscription Services

(b) Customer will not

  • modify, copy or create derivative works based on the Oproma Subscription Services;
  • create Internet “links” to or reproduce any content forming part of the Oproma Subscription Services, other than for its own internal business purposes;
  • disassemble, reverse engineer, or decompile the Oproma Subscription Services or part thereof, or access it in order to copy any ideas, features, content, functions or graphics of the Oproma Subscription Services;
  • interfere with or disrupt the integrity or performance of the Oproma Subscription Services;
  • send or store infringing, obscene, threatening, libelous, or otherwise unlawful or tortuous material, or send or store material in violation of any third party’s privacy rights via the Oproma Subscription Services;
  • send or store viruses or malicious code via the Oproma Subscription Services;
  • attempt to gain unauthorized access to the Oproma Subscription Services or its related software, systems, platforms or networks;
  • use any components provided with the Oproma Subscription Services separately from the Oproma Subscription Services; or
  • distribute, rent, lease, sublicense or provide the Oproma Subscription Services to any third party or use it in a service bureau, outsourcing environment, or for the processing of third party data.


Data Protection

Oproma and Customer specifically agree that when Customer is located in the European Economic Area (“EEA”) the terms “Personal Data”, “Process”, “Data Controller”, “Special Categories of Data”, “Processing”, “Data Subject”, “Third Party Processing” and “Data Processor” will have the meanings given to them in the European data protection laws. In respect of Personal Data processed under this Agreement, the parties agree that Customer and Oproma both agree that Oproma will process Personal Data in accordance with Customer’s lawful and explicit instructions, the applicable data protection laws and its Controller and Processor Binding Corporate Rules Policy (the “BCR”) with respect to compliance with data protection laws and/or regulations. The BCR policy is incorporated into a Oproma corporate wide policy, requiring all Oproma entities, employees and third party providers to comply with and respect the BCR policy which is governing the collection, use, access, storage and transfer of Personal Data among Oproma entities and third party sub-processors. Customer acknowledges that Personal Data shall be limited to contact information and/or contract identification information (such as PO number) and shall not include Special Categories of Data, i.e. data where processing or transfer of the data is prohibited according to applicable privacy laws or other data requiring the written consent of the data subject prior to processing in accordance with applicable law.

Oproma shall have no liability with regard to data content processed on behalf of Customer and/or arising from the processing of Personal Data in accordance with Customer’s instructions. Oproma shall take appropriate technical and organizational measures to adequately protect Personal Data against (i) unauthorized access, (ii) unauthorized disclosure, (iii) misuse, (iv) corruption, and (v) loss, in accordance with the requirements of European data protection laws and industry best practices. The parties agree that Oproma may subcontract the processing of Personal Data to a subcontractor (the “Subcontractor”) provided that Oproma shall remain solely responsible for the acts and omissions of such Subcontractor. Customer acknowledges and consents that Oproma Subscription Services provided require Customer Data to be transferred to a country outside of Customer’s country or the country where the Customer Data originated. Oproma will provide all requested information regarding the processing of Customer’s Data as Customer may reasonably require to enable Customer to comply with data protection laws. Oproma shall promptly inform Customer and follow up with a subsequent written notice if it becomes aware of any unauthorized or unlawful or improper processing, loss of, damage to, or destruction of any Personal Data (singly or collectively referred to as “Security Breach”).

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Notice, data deletion, accuracy, or any other privacy practices, please contact us at: info@oproma.com