Controller

Opia Limited (collectively referred to as “Opia Limited”, "we", "us" or "our" in this privacy policy), is the controller and responsible for your personal data collected via this website.

We ask that you read this website privacy policy carefully, as it contains important information on who we are, how and why we collect, store, use and share your personal information, your rights in relation to your personal information and on how to contact us and supervisory authorities in the event you have a complaint or would like further information on any of the above.

How to Contact Us

You can contact us in relation to this privacy policy in one of the following ways:

1. using our online form at www.opia.com/contact-us;
2. via email at: security@opia.com;
3. via telephone at: +44 (0)333 888 4020; or
4. via post at: 184 Shepherds Bush Road, W6 7NL, London, UK.

Application of this Policy

This privacy policy relates to your use of our website.

Where we provide links to websites of other organisations, this privacy notice does not cover how that organisation processes personal information. We encourage you to read the privacy notices on the other websites you visit.

What is Personal Information?

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

The Data we Collect about You

We collect personal information, about you when you access our website, contact us, send us feedback, or when you apply for a job with us.

We collect this personal information from you either directly, such as when you contact us through the website or indirectly, such as your browsing activity while on our website (see ‘Cookies’ below).

We use this personal information to:

• customise our website and its content to your preferences
• notify you of any changes to our website or to our services that may affect you
• improve our services

This website is not intended for use by children and we do not knowingly collect or use personal information relating to children.

Our Legal Basis for Processing your Personal Information

When we collect and/or use your personal information, we are required to have a legal basis for doing so. There are various legal bases upon which we may rely, dependant on what personal information is being processed and why.

The legal bases we may rely on include:

• Consent: where you have given us clear consent for us to process your personal information for a specific purpose. Generally, we will not rely on consent as a legal basis for processing your personal information although we will get obtain consent before sending direct marketing communications to you via email or other medium You have the right to withdraw consent to marketing at any time by contacting us via one of the methods listed above.
• Legal Obligations: where our use of your personal information is necessary for us to comply with the law
• Legitimate Interests: where our use of your personal information is necessary for our legitimate interests or the legitimate interests of a third party. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.

Sharing your Information

We routinely share your personal information with third parties. These third parties process data on behalf of Opia for us to in turn provide services to you in the form of our website. As per our agreements with such sub processors they shall process your data in full accordance with this Privacy Policy.

Some of those third-party recipients may be based outside the European Economic Area - for further information including on how we safeguard your personal data when this occurs, see ‘Transfer of your information out of the EEA’.

We will share personal information with law enforcement or other authorities if required by applicable law.

We will not share your personal information with any other third party not mentioned above.

Transfer of your Information out of the EEA

We will not routinely share your personal information with parties located outside the European Economic Area (EEA). If we do so, we will always rely upon a European Commission adequacy decision, as set in art.45 of the General Data Protection regulation or to appropriate safeguards, as set n art.46 of the GDPR.

If you would like further information, please contact our Data Protection Officer at security@opia.com.

We will not otherwise transfer your personal data outside of the EEA.

Cookies and Similar Technologies

A cookie is a small text file which is placed onto your device when you use our website. We use cookies and other similar tracking technologies on our website. These help us recognise you and your device and store some information about your preferences or past actions.

For further information specifically relating to Opia’s use of cookies, please see our Cookie Policy.

For further information on cookies generally, please visit www.aboutcookies.org or www.allaboutcookies.org.

Marketing

We would like to send you information relating to our services which may be of interest to you. Where we have your consent, or it is in our legitimate interests to do so, we may email you to send such information.

If you no longer wish to be contacted in such way, you can unsubscribe at any time by:

• contacting us at marketing@opia.com
• using the 'unsubscribe' link in emails.

For more information on your rights in relation to marketing, see 'Your Rights’ below.

Your Rights

Under data protection law, you may have certain rights dependant on the circumstance. Those include rights to the following:

1. Request access to your personal data;
2. Request correction of your personal data;
3. Request erasure of your personal data;
4. Object to processing of your personal data;
5. Right to withdraw consent.

For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation.

If you would like to exercise any of those rights, please:

• Email, call or write to us or contact our Data Protection Officer at security@opia.com.
• We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
• We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made several requests. In this case, we will notify you and keep you updated.

Keeping your Personal Information Secure

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

How to Complain

We hope that our Data Protection Officer can resolve any query or concern you raise about our use of your information.

The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/.

Changes to this Privacy Policy

This website privacy policy was published on 21st October 2020 and last updated on the 20th October 2020.

We may change this website privacy policy from time to time, when we do, we will inform you via email.