PRIVACY POLICY
Last updated October 4, 2023
This Privacy Policy describes the collection and processing of information about you that may directly or indirectly identify you (“Personal Data”) by BLACKBIRD SECURE BROWSING LTD and its affiliates, authorized resellers and subsidiaries (“OCTO”, “Octo Browser”, “we”, “our” or “us”).
This Privacy Policy is designed to help you feel more confident about the privacy and security of your information when using or accessing any OCTO’s software, products and services (“Software”).
In the Privacy Policy, we explain how we collect, use and transfer information. We also let you know your rights.
Attention: By using our Software and by sharing your Personal Data with us, you acknowledge that your Personal Data will be processed in the manner described in this Privacy Policy. If you do not agree to the terms of this Privacy Policy, please do not provide us with any information and do not use the Software.
Note: This Privacy Policy does not constitute your ‘consent’ to the processing of your Personal Data. You may consent to the processing of Personal Data for one or more specific purposes, when we request such consent.
How do we collect your Personal Data?
We collect Personal Data in the following ways: if you provide it to us or automatically by electronic means, including with the help of cookies, when you use our Software.
What Personal Data we use and how?
We respect your privacy and aim to limit the Personal Data that we collect from you to the amount which is strictly necessary to fulfil the purposes of processing. Please see below what Personal Data we use and how.
| Purpose of processing | Personal Data | Legal basis for the processing | Duration of storage |
|---|---|---|---|
| Account creation and user authorization |
|
EULA and Terms of Use * Without providing this data you will not be able to use the Software |
3 months after the account is deleted; or immediately after deleting the account, if you ask for |
| Insurance of proper use of the Software, including troubleshoot |
|
EULA and Terms of Use * Without providing this data you will not be able to use the Software |
3 months after the account is deleted; or immediately after deleting the account, if you ask for |
| Users support |
|
Our legitimate interest in receiving communication from you and reacting to it and your interest in getting our response | 2 months after the issue you addressed is resolved |
| Manage and optimize users’ experience by improving our knowledge of our users |
|
Our legitimate interest in evaluating and creating statistics on the use of the Software and your interest in the Software updates which will be tailored to your needs | 3 months after the account is deleted; or immediately after deleting the account, if you ask for |
| Provide you with advertising, including that is relevant to your interests |
|
Our legitimate interest based on the balance of interests while you have absolute right to object to direct marketing | 3 months after the account is deleted; or immediately after deleting the account, if you ask for |
| Send you emails with our offers |
|
Our legitimate interest is based on the balance of interests while you have the absolute right to object to direct marketing. To unsubscribe from receiving emails, you can click the appropriate “Unsubscribe” button in the email you receive | 3 months after the account is deleted; or immediately after deleting the account, if you ask for |
| Conduct a survey |
|
Our legitimate interest based on the balance of interests while you have absolute right to object to direct marketing | 3 months after the account is deleted; or immediately after deleting the account, if you ask for |
Please note, that we do not collect any special categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offenses.
When can we share your Personal Data?
We can share your Personal Data with third parties only in the cases listed below.
When we are required by law. We may disclose your Personal Data to the extent that we are required to do so by law (which may include to government bodies and law enforcement agencies), in connection with any legal proceedings or prospective legal proceedings and in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention).
With our partners who help us support the Software. We may use third-party systems to fulfill the purposes set forth in the Privacy Policy. A list of third-party systems used by Software is below.
Payment systems. We may provide paid products and/or services. In that case, we may use third-party services for payment processing, as follows: Stripe, Coinbase, Coinspaid. We do not process your payment data; such data is processed by the relevant payment provider.
Analytics systems. We may use third-party service providers to monitor and analyze the use of our Software, as follows: Google Tag Manager, Google Analytics, Yandex Metrica.
Chat. To automate support chat, we use Talk-me.
Emailing. We use Postmark third-party services to deliver emails quickly.
Surveys. We use Alchemer to conduct surveys.
If you wish to receive more information about these third-party systems, please contact our team by email indicated in this Privacy Policy.
OCTO will only transfer Personal Data to, or allow access by, third parties when it is assured that the information will be processed legitimately and protected appropriately by the recipient.
How long do we retain your Personal Data?
We retain your Personal Data for no longer than it is necessary to fulfill the purposes specified in the section “WHAT PERSONAL DATA WE USE AND HOW”. Except for any legal obligation that sets a longer data retention period, at the end of these periods, the Personal Data processed will be deleted or anonymized.
How we protect your Personal Data?
We take precautions to protect the security of your Personal Data.
We have physical, electronic, and managerial procedures to help safeguard, prevent unauthorized access, maintain data security, and correctly use your information: encryption, pseudonymization, firewalls, limited access, use of passwords, and other relevant measures as appropriate. All supplied sensitive/credit information is transmitted via Secure Socket Layer (SSL) technology and then encrypted into our payment gateway providers database only to be accessible by those authorized with special access rights to such systems, and are required to keep the information confidential. After a transaction, your private information (credit/debit cards, financials, etc.) is never kept on file.
In addition, we limit access to your Personal Data to those employees, agents, contractors, and other third parties who have a business need to know. They will only process your Personal Data on our instructions and they are subject to a duty of confidentiality.
For the safe storage of information, we use Cloud Storage on AWS (Frankfurt, Germany). We will use all reasonable efforts to safeguard your Personal Data and for this purpose, we undertake to review our security procedures and technical and organizational measures regularly in order to account for the latest technological developments.
Links
Our Software may contain links to and from other websites and services. We are not responsible for the privacy practices or the content of any third-party sites. Please check the individual privacy policy of any such websites or services before you submit any personal information to them.
Do we use automated decision-making or refer to the automated profiling?
We neither use automated decision-making nor refer to automated profiling.
What rights do you have?
User rights (including EU residents):
- Right to access. This right enables you to receive a copy of the Personal Data we hold about you, as well as other supplementary information.
- Right to rectification. You have the right to have any incomplete or inaccurate information we hold about you corrected.
- Right to erasure (right to delete). You have the right to ask us to delete your Personal Data when there is no other legal ground for us to continue processing it.
- Right to object processing, where we are relying on a legitimate interest and there is something about your particular situation that makes you want to object to the processing on this ground. We will no longer process the Personal Data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims. You also have the right to object to use of your personal information for direct marketing purposes.
- Right to transfer. You may request the transfer of your personal information to another party.
- Right to data portability. We will provide to you, or to a third-party you have chosen, your Personal Data in a structured, commonly used, machine-readable format. Please note that this right only applies to automated information which is processed under your consent or EULA and Terms of Use. We are not able to guarantee technical compatibility with a third-party organisation’s systems.
- Right to withdraw consent. You have the right to withdraw your consent to the use of your Personal Data.
- Right to restrict processing of your Personal Data if (a) the accuracy of the Personal Data is contested by you, (b) the processing is unlawful and you oppose the erasure of the Personal Data, (c) we no longer need the Personal Data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims, and (d) you have objected to processing pending the verification whether the legitimate grounds override this.
We will address your request as early as possible and no longer that within 1 month. Please note that this period may be extended by 2 further months where necessary, taking into account the complexity and number of the requests. In this case, we will inform you of the extension within 1 month of receipt of your request and will explain you the reasons for the delay.
Rights of California residents:
-
Right to opt out. Under the CCPA each California resident can request business stops selling Personal Data to third parties.Do we actually “sell” Personal Data? We do not, and will not, provide your Personal Data in direct exchange for money. Therefore, in the literal sense, we do not sell your Personal Data.
- Other rights. You also have a right to be informed about what categories of Personal Data we are collecting: you can request us to disclose what Personal Data we have collected in the past 12 months and right to get a free copy of your Personal Data disclosed in a readily usable and readable format. You can also request us to delete the Personal Data we have collected in the past 12 months. We will not discriminate against you for exercising any of your rights granted under CCPA.
Mandatory Verification: As required by CCPA we will need to verify your identity before processing your request. In order to verify your identity, you will be asked to log in to your account or (if you do not have an account) we will try to match the information you provided with the information we handle about you. In certain circumstances, we may decline the request, mainly where we are unable to verify your identity, for example, if you have requested us to delete your Personal Data.
As required by CCPA we endeavor to respond to a verifiable request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. We will deliver our written response by email.
How to exercise any of your rights? You may exercise your rights by sending a relevant request to the email indicated in the contact details.
If you have any comments about how we process your Personal Data, please let us know and we will consider your claim. If you are not satisfied with our response to the complaint, you have the right to file a complaint with the competent authority.
Children Data
We do not knowingly collect information from children under the age of 13 (16 – in the European Economic Area) or knowingly allow such persons to use the Software. If you are under the age of 13 (or 16, where applicable), please do not provide any Personal Data to us. If you find out that the child has provided us with personal information in violation of this Privacy Policy, you can notify us at privacy@octobrowser.net.
Changes to our Privacy Policy
We may occasionally update this Privacy Policy. If we decide to do so, we will post those changes on this page and update the date at the top of the page. Your continued use of the Software after the effective date of the updated Privacy Policy will be subject to the new Privacy Policy. If we make any major changes to our Privacy Policy and will need your explicit consent for further processing of your Personal Data, we will request your consent or your renewed consent (in case it was obtained previously).
How to contact us?
In accordance with this Privacy Policy, BLACKBIRD SECURE BROWSING LTD is the “controller” or a “data controller”, i.e. the person which determines the purposes and means of the processing of your Personal Data.
If you have questions, complaints or need further information about our Privacy Policy, please contact us, using the details below:
We have appointed a representative in the EU who you can contact, if you would prefer not to contact BLACKBIRD SECURE BROWSING LTD directly: