Data Privacy Framework Policy


Effective date: 17 June 2024
Last updated: 17 June 2024

Ortto, Inc. complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Ortto has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of Personal Data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Ortto has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles, together with the EU-U.S. DPF Principles referred to as the Principles) with regard to the processing of Personal Data received from Switzerland in reliance on the Swiss-U.S. DPF.

If there is any conflict between the terms in this Data Privacy Framework policy and the Principles, the Principles shall govern. To learn more about the DPF program and to view our certification, please visit https://www.dataprivacyframework.gov/s.

With respect to Personal Data received or transferred pursuant to the DPF, Ortto is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.

Please also see our Privacy Policy (https://ortto.com/privacy/) for more information regarding our data handling practices. With respect to Personal Data subject to the DPF, this Data Privacy Framework policy (DPF Notice) shall govern in the event of a conflict with any other policy or notice.

PURPOSE OF DATA COLLECTION

Generally, we collect Personal Data for customer service-related purposes (such as providing our products and services and responding to customer requests or inquiries), as well as to understand how customers use our services. For more information about how we use Personal Data, see our Privacy Policy at ortto.com/privacy.

Personal Data We Process

From customers (i.e., users of www.Ortto.com and subscribers to Ortto software and services), we collect the categories of information, which may include Personal Data, described in our privacy policy https://ortto.com/privacy. We process such information for the purposes described in the “How do we process your Personal Data” section of our Privacy Policy. From consumers (i.e., users of a website developed and operated by an Ortto customer), we may collect information such as name, contact information, IP address, purchase information, and transaction data.

Accessing Personal Data

A data subject whose Personal Data is covered by this DPF Notice has the right to access their Personal Data and to review, correct, amend, or delete their Personal Data. Customers who would like to access their Personal Data may do so by logging into the Ortto user interface or emailing us at privacy@ortto.com. Consumers who would like to access their Personal Data should request access from the Ortto customer whose website they use.

Transfers to Third Parties (Onward Transfer Principles) and Your Choices

We may disclose and transfer customer and consumer Personal Data to third parties, including to our contractors or service providers who provide services or perform functions on our behalf, in response to a subpoena or other legal process by a governmental entity or third party, or if otherwise required by law, to protect or enforce our rights or property, including as evidence in litigation in which we are involved, in the event of the sale or dissolution (bankruptcy) of assets, in whole or in part, of Ortto or any of its affiliates, and to our affiliates and subsidiaries, for purposes consistent with our Privacy Policy and this DPF Notice. We contractually require those third parties to provide the same level of protections to Personal Data as required under the Principles. Ortto will remain liable under the Principles if a third party processes Personal Data in a manner inconsistent with the Principles, unless Ortto proves that it is not responsible for the event giving rise to the damage. In accordance with our legal obligations, we may also transfer, subject to a lawful request, Personal Data to public authorities for law enforcement or national security purposes. Please note that the information we collect or receive may be transferred to and processed in the United States and in Australia. By using our Site and Services, you consent to the transfer and processing of your Personal Information in the United States and Australia, jurisdictions which may not provide the same level of protection that exists in other countries such as those in the European Economic Area. Your consent is voluntary. If, however, you do not consent, we may not be able to provide you with our Services. You have the right to choose (opt out) whether your Personal Data is (i) to be disclosed to a third party or (ii) to be used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by you. If you wish to opt out, please email us at privacy@ortto.com Applicable law allows certain exceptions to your ability to opt out, such as where we are parties to a contract that is still being performed, where law requires us to maintain information to warranty claims, or otherwise. Where applicable law permits us to retain and continue to use such information and we do so, we will do so only to the extent permitted or required by law. If you contact us to opt out, we will explain the options available and comply with your request as required by the Principles and applicable law.

Contacting Us, Complaints and Dispute Resolution

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Ortto, Inc. commits to resolve complaints about your privacy and our collection or use of your Personal Data. EU and Swiss individuals with inquiries or complaints regarding our DPF Notice should first contact Ortto, Inc. at:

Ortto, Inc.
1390 Market Street, Suite 200 San Francisco, CA 94102
privacy@ortto.com

Ortto, Inc. has further committed to refer unresolved complaints concerning our handling of Personal Data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to ICDR/AAA EU-U.S. Data Privacy Framework and Swiss-U.S. Data Privacy Framework Program, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit: https://go.adr.org/dpf_irm and “click here to file” for more information or to file a complaint. The services of ICDR/AAA Data Privacy Framework Program are provided at no cost to you. If you are an EU, UK or Swiss individual and unable to resolve any complaints through any of the above methods, under certain conditions, you may be able to invoke binding arbitration for some residual claims not resolved by other redress mechanisms.

See https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2.

🍪 We use cookies to improve your experience on our website. You can find out more in our policy. Accept all cookies