Privacy

We are a company established under the laws of Wyoming (USA) and we strictly comply with all the requirements of the European GDPR and the EU-U.S. Data Privacy Framework.

GPRD - EU-U.S. Data Privacy Framework

1. General Data Protection Regulation

Below we offer you all the information on the General Data Protection Regulation, its application and detailed requirements.


1.1. What is it?. Who does it apply to?

The EU General Data Protection Regulation is enforced for European companies but also requires companies outside the European Union to protect personal data.

GDPR is a European Union data privacy law that requires organizations to keep data secure, while giving people more control over how their data is used.


1.2. What are the requirements that need to be fulfilled?

This is the compliance checklist that applies to all businesses and US businesses:


Legal basis and transparency

 Audit

We conduct an information audit to determine what information we process and who has access to it.

 Justification

We have a legal justification for data processing activities.

 Information

We provide clear information about the processing of your data and the legal justification in the privacy policy.

 Transfer

We comply with cross-border transfer laws


Data safety

 Data protection

We consider data protection at all times, from the development phase to every time we process data.

 Encryption

We encrypt, pseudonymize or anonymize personal data whenever possible.

 Internal security

We have created an internal security policy for team members and have raised awareness about data protection.

 Evaluation

We have defined when to conduct a data protection impact assessment and have a process in place for conducting it.

 Process

We have a process for notifying you in the event of a data breach.


Responsibility and governance

 Responsible

We designate one person to be responsible for ensuring GDPR compliance across the organization and with EU member states.

 Agreements

We enter into a data processing agreement between our organization and any third party that processes personal data on our behalf.


Privacy rights

 Correct

It is easy for our users to correct or update inaccurate or incomplete information.

 Delete

It is easy for our users to request the deletion of their personal data.

 Opt Out

It is easy for our users to ask us to stop processing their data.

 Copy

It is easy for our users to receive a copy of their personal data.

 Object

It is easy for our users to object to the processing of their data.

 Procedures

If we make decisions about individuals based on automated processes, we have a procedure in place to protect your rights.


2. Definitions

"Portal", "web site", "site" or "Website": The main Oneda website (oneda-group.com) as well as all subdomains.

"User", "users", "client", "clients", "customer", "customers", "you", "Contracting Party" or "Contracting person": Any individual or legal entity that contracts, accesses, browses, or uses the Service; uses contact forms, or purchasing forms.

"Contents": Any information, text, link, software, material, images, videos, documentation, etc., whose provision and access occur solely online through the Portal and by navigating through it.

"Oneda", "Services", "the platform", "the service" or "we": Services offered on our website and accessible through oneda-group.com and any of its subdomains.


3. Data

We are a company based in the United States (USA), and therefore, your data is transferred to the United States (USA). As the Controller or Processor, we are committed to respecting and complying with the obligations arising from Data Protection Laws.

The User or Client authorizes and accepts that we store their data in a computer file for internal use and to facilitate the provision of services.

The User consents to the processing of their data in the terms indicated in this document by accepting this Privacy Policy when registering as a User or Client, when contacting us by any of the means of contact provided including the website, contact forms, purchase forms among others.

The User must refrain from providing personal data of other interested parties, unless they have the relevant authorization, according to which said interested parties will have been previously and duly informed about the content of this Privacy Policy and, specifically, that they consent to your data is provided to us to be treated according to the corresponding purposes, as well as that you can exercise the rights of access, rectification, cancellation and opposition (hereinafter, jointly called ARCO) in the terms described in this same Policy.

3.1. What data do we collect? How do we collect your data?


The only information we store is the information that you voluntarily provide to us emailing us or contacting us via phone, social media, or any other means.

We do NOT collect or store sensitive information about you (banking details, economic information, health information, loans, etc.). The only information about the User that we collect and store is basic data that identifies you in order to contact you:

  • Contact person's name

  • Contact person's email

  • Contact person's alternative email

Additionally, to ensure security, comply with data protection laws, and provide technical support, we also store the following technical information:

  • Name and version of the web browser.

  • IP address.

  • Name of the operating system.

  • Device type.

All data is provided by the user themselves when contacting us through our email or social media, filling out any of the forms on the website the additional technical data is collected automatically. It is the user who expressly authorizes receiving communications from us.

We are absolutely opposed to the practice of spamming. We will only use these contact details to send the user, via email, information related to the contracted service, keep them informed about news we believe are of interest to them, or send important notifications.


3.2. How will we use your data?

The reasons for collecting and processing your personal information depend on your relationship with us and for us to:

  • Respond to your questions via email, phone or social media.

  • Address your questions when you visit the website through our contact forms.

  • Process your purchase orders and payments through our payment provider.

  • Ensure the security of the website and the platform.

  • Investigate, prevent, and manage fraud and violations of our Legal Terms.

  • Comply with data protection laws, tax laws, and legal obligations arising from your contract with us.

  • Comply with applicable laws to which we are subject.

  • Enable third parties to provide services to us.

  • Send you emails with important notifications about your contracted services.

  • Send you important emails regarding security and privacy.

  • Send you emails with information about new products and services of interest.

Your personal information is not shared with anyone, unless a Law or a community norm provides otherwise, or if it is necessary for the provision of the contracted service.

In this case, we will only communicate those essential data to manage the request and provide the contracted services, so that the assignment responds to the free and legitimate acceptance of a legal relationship existing between the interested parties and us, whose development, compliance and control necessarily imply the connection of the data and that includes the necessary transmission of the same.

In the event that a User leaves a comment or interacts socially with social networks, they must bear in mind that their data will be published in the environment in which they act, that is, they will be expressly authorizing the communication of their data -associated with the action they carry out. - to other Users who access the website or social network.

If necessary, we may share certain of your information with the following people or groups of people:

  • Subcontracted service providers. Our service providers (including IT providers) may have access to your information as part of their service to us. Our service providers are subject to strict contractual obligations to treat your personal information confidentially and to comply with data protection law at all times.


3.3. How do we store your data?

We collect, process, and securely store your personal information in the United States (USA).

We transfer personal information outside the European Economic Area (EEA) to the following service providers. For each recipient, we have identified the current legal safeguards to ensure that your information is protected:

  • Freshworks (USA). EU-US Data Privacy Framework. USA and European Data Protection Authorities.

  • Linode LLC. (USA). EU-US Data Privacy Framework.

  • Google LLC. (USA). EU-US Data Privacy Framework. USA and European Data Protection Authorities.

  • Sentry RT of FUNCTIONAL SOFTWARE, INC. (USA). EU-US Data Privacy Framework.

  • Mailgun (USA). EU-US Data Privacy Framework. USA and European Data Protection Authorities.

  • Stripe (Ireland, EU). EU-US Data Privacy Framework. USA and European Data Protection Authorities.

  • PayPal (USA - EU) EU-US Data Privacy Framework. USA and European Data Protection Authorities.

  • Government bodies and courts. If we have a legal obligation to do so, we will share your information with government agencies, regulators and/or courts.

  • Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. If a change occurs to our business, the new owners may use your personal data in the same way as set out in this privacy policy.


3.4. Disclosure of Your Personal Data

Business Transactions

If the Company is involved in a merger, acquisition or asset sale, Your Personal Data may be transferred. We will provide notice before Your Personal Data is transferred and becomes subject to a different Privacy Policy.

Law enforcement

Under certain circumstances, the Company may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

Other legal requirements

The Company may disclose Your Personal Data in the good faith belief that such action is necessary to:

  • Comply with a legal obligation

  • Protect and defend the rights or property of the Company

  • Prevent or investigate possible wrongdoing in connection with the Service

  • Protect the personal safety of Users of the Service or the public

  • Protect against legal liability


3.5. Security

The security of Your Personal Data is important to Us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While We strive to use commercially acceptable means to protect Your Personal Data, We cannot guarantee its absolute security.

Oneda, in its capacity as a Processor, has implemented the technical and organizational measures necessary to ensure the security of personal data and prevent its alteration, loss, processing, or unauthorized access, in accordance with current regulations on the protection of personal data. Oneda only provides the technical infrastructure, and its responsibility is limited to the security measures related to these functions.

Therefore, its responsibility will be limited to tasks that, by their nature, must be carried out by Oneda directly on the platform and/or servers. Oneda disclaims any responsibility for the breach of the security systems of the Contracting Party or the inviolability of information when transported through any communication network. Oneda will also not be held accountable for security incidents resulting from an attack or unauthorized access to the platform, communication networks, devices, and/or servers, making it impossible to detect or prevent even when necessary measures are taken according to the current state of technology. This also applies to the lack of diligence on the part of the User or Contracting Party regarding the safekeeping of access keys, devices, communication networks, and/or personal data.

The Contracting Party acknowledges that these measures comply with the security level applicable to the type of information processed as a result of the service provided by Oneda on behalf of the Contracting Party, in accordance with the current regulations on data protection. It is solely the responsibility of the Contracting Party to assess whether the conditions of this agreement are suitable for their needs and comply with the legal requirements to which they are obligated as the Data Controller/Processor.

3.6. Legitimation

The User who uses or contracts the service (User, Client or Contracting person), or, where appropriate, the third entity that decides on the purpose, content, use and treatment of personal data, are the solely responsible for the data that is collected and stored in the platform and/or on the servers. We treat the information hosted on its account and/or servers exclusively on behalf of the Contracting person under the terms and conditions stipulated herein.
The Contracting person, or the third party to which it is providing a service processing data for which it is responsible, state that they are the owners of files that contain legally collected personal data and that, by virtue of the services contracted to Oneda, authorizes their treatment and processing to the extent necessary for their provision.

Oneda only provides the technical infrastructure, circumscribing its responsibility to the security measures provided in relation to these functions.

The User assumes all responsibilities for the data collected and hosted in the platform and/or servers, and Oneda is expressly exonerated from all types of civil, criminal or any other type of liability that may arise from claims in relation to the contents that the User store or use.

The User or Contracting Party of Oneda, as the Data Controller, is responsible to Oneda, acting as the Processor, and agrees to indemnify Oneda for all damages, losses, interests, and claims that Oneda may incur as a result of a third-party lawsuit or claim, filed due to a breach by the User or Client of Oneda of the obligations arising from this contract. This includes, in general, the User's role as an intermediary or processor for Oneda, excluding any consequences directly resulting from Oneda's failure to meet its legal or contractual commitments.

The User is responsible for the data and must carry out the actions required by law for the processing and registration of data files with the relevant authorities. If the User violates regulations, they will be held responsible and will assume any sanctions imposed as a result of this lack of legitimacy.

Oneda will solely act as the Processor or data processor and will only process the data on behalf of the file controller, complying with the provisions of this agreement. Oneda will also handle the destruction of the data once the contracted service is completed, as stipulated in the conditions expressed in this agreement.

3.7. Obligations and subcontracting

In cases where Oneda may have access to the data, it commits not to apply, use, or disclose the processed data for purposes other than those detailed in these legal conditions. As a Processor, Oneda will only process the data contained in the user's account and/or servers to execute the services contracted on behalf of the User or Contracting Party in accordance with the provided instructions, and under no circumstances will it use them for purposes other than those agreed upon.
Oneda will not communicate or allow access to the processed data to any third party, even for storage, unless otherwise specified, or the communication is necessary for the provision of contracted services, or the transfer is mandated by a law with the force of legislation. In this regard, the contracting party expressly authorizes Oneda, when contracting any of its services, to subcontract on its behalf and at its expense any entities necessary for the proper provision of services.

The entities thus subcontracted will have the status of Controller or Processor, be subject to the same data protection and confidentiality rules as Oneda, and regulate their relationship with Oneda in accordance with data protection regulations.

In compliance with current legislation, the platform ensures the integrity, preservation, accessibility, readability, traceability, and unalterability of records.

In the event that the Contracting person acts as the person in charge of the treatment of a third entity responsible for the data, he must guarantee, before contracting any service that involves the treatment of said data, that he has the express authorization of this to proceed with the subcontracting of the services entrusted to it, it also ensures that the relationship with the third party entity responsible for the data is legally regulated in accordance with the requirements of current regulations on data protection prior to the service contracting. Otherwise, you must refrain from subcontracting with Oneda and if you breach this prohibition you will be responsible and will assume any sanction that is imposed on it as a result of this lack of legitimacy.

4. Marketing

If you have expressly requested it, we will occasionally send you information about our services, updates or service-related content that we think you may be interested in. You have the right at any time to stop us from contacting you for marketing purposes. If you no longer want us to contact you for marketing purposes, you can click on the option enabled for this purpose in all emails or by clicking here



5. Rights

We want to make sure you know all your data protection rights:

  • The right of access: you have the right to request copies of the personal data we store about you from our company.

  • The right to rectification: you have the right, in certain circumstances, to have your information rectified, blocked, deleted or destroyed if it is inaccurate.

  • The right to erasure: You have the right to request that our company erase your personal data, under certain conditions.

  • The right to restrict processing: You have the right to request that our company restrict the processing of your personal data, under certain conditions.

  • The right to object to processing: You have the right to object to the processing of your personal data by our Company, under certain conditions.

  • The right to data portability: You have the right to request that our company transfer the data we have collected about you to you, under certain conditions.

  • If you make a request, we have a month to respond. If you wish to exercise any of these rights, please contact us via our email. See Contact section below.



6. Cookies

WE DO NOT USE COOKIES

6.1. What is a Cookie and what is it for?

A Cookie is a small file that is stored on the User's device (computer, tablet, smartphone or any other) with information about browsing.

The set of cookies helps to improve the quality of websites, providing information of interest and are essential for the operation of the Internet, providing innumerable advantages in the provision of interactive services, facilitating navigation and usability of the websites.

In no case can cookies damage a device. On the contrary, if they are active, it is possible to identify and resolve errors more efficiently.

For more information, visit allaboutcookies.org.


6.2. What types of cookies are there?

According to the entity that manages it:

  • Own Cookies: : Are those that are sent to the User's device from our own domains and from which we provide the service that the User requests.

  • Third-party cookies: Are those that are sent to the User's device from a computer or domain that is not managed by us, but by another collaborating entity. For example, those used by social networks, or by external content such as Google Maps.

According to the period of time they remain activated:

  • Session cookies: These are temporary cookies that remain in the cookie file of the User's browser until they leave the web page, so none of them are recorded on the hard drive from your computer. Session cookies are considered required cookies, also known as strictly necessary cookies. They are essential for the functioning of a website. Disabling required cookies may affect website functions, such as security, accessibility, and content display. The information obtained through these cookies allows us to provide a better experience to improve the content and make it easier to use.

  • Persistent Cookies: They are stored on the hard drive and our website reads them every time the User makes a new visit. A permanent website has a certain expiration date. The cookie will stop working after that date. We use these cookies, generally, to facilitate purchase and registration services.

According to the purpose:

  • Technical cookies: These are those necessary for browsing and the proper functioning of our website. They allow, for example, to control traffic and data communication, access restricted access areas, carry out the purchase process, use security elements, store content to be able to broadcast videos or share content through social networks.

  • Personalization Cookies: These are those that allow the User to access the service with predefined characteristics based on a series of criteria, such as language, browser type through which the service is accessed, the regional configuration from where the service is accessed, etc.

  • Analysis cookies: Are those that allow the number of Users to be quantified in order to statistically measure and analyze the use made by Users of the services provided.

  • Advertising cookies:They are those that allow the management, in the most efficient way possible, of advertising spaces.

  • Behavioral advertising cookies:Behavioral advertising cookies: These cookies store information on the behavior of Users obtained through continuous observation. Thanks to them, it is possible to know Internet browsing habits and show the User advertising related to their browsing profile.

6.3. What types of cookies do we use?

WE DO NOT USE COOKIES


7. Privacy policies of other websites

Our company website contains links to other websites. Our privacy policy applies only to our website, so if you click on a link to another website, you should read their privacy policy.


8. Changes to our privacy policy

We keep our privacy policy under regular review and we will make the necessary updates on this web page. This privacy policy was last updated on January 01, 2023.

In the case of significant changes, we will send you a notification through the platform or by email.


9. Contact

9.1. How to contact us

If you have any questions about our company's privacy policy, the data we have about you, or if you wish to exercise one of your data protection rights, please do not hesitate to contact us by email or by clicking here.

ONEDA Group, LLC is a company established under the laws of Wyoming with its registered office at 30 N. Gould Street, Suite N, Sheridan, WY 82801. U.S.


9.2. How to contact the proper authorities

If you wish to file a complaint or if you believe that Our Company has not addressed your concern to your satisfaction, you may contact the Information Commissioner's Office.