O’Neil complies with the U.S.–E.U. Safe Harbor framework and the U.S.–Swiss Safe Harbor framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data from European Union member countries and Switzerland. O'Neil Software Inc. has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view O'Neil Software Inc.’s certification, please visit http://www.export.gov/safeharbor/.
Personal Information means any information that may be used to identify an individual, including, but not limited to, a first and last name, a home or other physical address and an email address or other contact information, whether at work or at home. In general, you can visit O’Neil’s Web pages without telling us who you are or revealing any Personal Information about yourself.
O’Neil generally only collects Personal Information on the web for current O’Neil clients, or, those who have an interest in our products and services. We use personal information to establish an account or to contact you in regards to your interest of our product.
We may also disclose your personal information as required by law, such as to comply with a subpoena, or similar legal process and when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
If O’Neil is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our Web site of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.
If you choose to have a relationship with O’Neil, such as a contractual or other business relationship or partnership, we will naturally continue to contact you in connection with that business relationship.
Third Party Services
Third parties may provide certain services available on any of the O’Neil web sites on O’Neil’s behalf. O’Neil may provide information, including Personal Information that O’Neil collects on the Web to third-party service providers to help us deliver programs, products, information, surveys or other services. Service providers are also an important means by which O’Neil maintains our Web site and mailing lists. O’Neil will take reasonable steps to ensure that these third-party service providers are obligated to protect Personal Information on O’Neil’s behalf and will use these shared personal information only as necessary to provide these services to us.
In the specific case of our forms supported by Formstack (formstack.com), any data entered into these forms is encrypted. Formstack’s policy is to not distribute or sell any data, to 3rd party companies.
We seek to maintain reasonable security measures in order to attempt to protect against the loss or misuse of personally identifying information under our control. When you login into our platform, we encrypt the transmission of that information using secure socket layer technology (SSL). We follow generally accepted standards to protect information submitted to us, both during transmission and once we receive it. Unfortunately, there is no such thing as perfect security. As a result, although we strive to protect personally identifying information, we cannot ensure or warrant the security of any information transmitted to us through or in connection with our website, the oneilCloud platform, or that we store on our systems or that is stored on our service providers’ systems.
Technologies such as: cookies, beacons, tags and scripts are used by O'Neil and our partners (e.g. marketing partners), affiliates, or analytics or service providers (e.g. Google Analytics etc]. These technologies are used in analyzing trends, administering the site, tracking users’ movements around the site and to gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies by these companies on an individual as well as aggregated basis.
As is true of most web sites, we gather certain information automatically and store it in log files. This information includes internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and clickstream data. We do not link this automatically collected data to other information we collect about you. Any information via tracking technologies is used to improve the services we offer you, to improve marketing, analytics, or site functionality.
We partner with a third party to either display advertising on our Web site, or, to manage our advertising on other sites. Our third party partner may use technologies such as cookies to gather information about your activities on this site and other sides in order to provide you advertising based upon your browsing activities and interests. If you wish to not have this information used for the purpose of service you interest-based ad, you may opt-out by clicking http://preferences-mgr.truste.com/ (or if located in the European Union click http://www.youronlinechoices.eu/ ). Please note this does not opt you out of being served ads. You will continue to receive generic ads.
We will retain your information for as long as your account is active or as needed to provide you services. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Social Media Features and Widgets
Links to Other Web Sites
O’Neil and its affiliates are not structured to attract children. Accordingly, we do not intend to collect Personal Information from anyone we know to be under 13 years of age.
We are committed to privacy and as protecting your privacy online is an evolving area; O’Neil’s Web sites are constantly evolving to meet these demands.
At O’Neil we are dedicated to conducting our business in a manner that complies with the EU Safe Harbor Principles published by the U.S. Department of Commerce. The Safe Harbor Principles were developed to aid U.S. businesses in addressing and assessing their privacy policies and practices as they may relate to the European Union’s Directive 95/46/EC on data privacy for “personal data” (including any EU member state’s rules, regulations or laws enabling such Directive, herein the “Directive”). Personal data is information relating to an identified or identifiable natural person. It includes personal information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union memberships and information concerning the personal activities, undertakings, traits or habits of a particular individual. An identifiable person is one who can be identified, directly or indirectly, by reference to an identification number or to one or more factors specific to the person’s physical, physiological, mental, economic, cultural or social identity. Personal data may be considered transferred outside the EU under the Directive if it falls under one of two situations that are described below. For the Directive to apply, the personal data must be processed, wholly or partly, by automatic means or if not processed to any extent by automatic means, it forms (or is intended to form) part of a filing system.
Processor on Behalf
O’Neil provides cloud based web services, which includes the storage of data, in an online repository known as the oneilCloud. These services are designed to help companies manage their off-site records stored at commercial record centers utilizing O’Neil Software Inc’s RS-SQL® software. O’Neil provides this cloud based service though its’ customers comprising a large geographic coverage of more than 80 countries worldwide. We collect information under the direction of our clients, and we have no direct relationship with the data we process. If you are a customer of one of our Clients and would no longer like to be contacted by one of our clients that use our service, please contact the client that you interact with directly. O’Neil does not own or control any of the information stored or processed by any customer, including by or on behalf of any customer’s client(s). Only our customers and their clients are entitled to process, store, access, and retrieve such information. O’Neil has no direct relationship with the individuals whose personal data it processes. An individual who seeks access, who seeks to correct, amend, delete inaccurate data or withdraw consent to further contact should direct his/her query to the O’Neil Client (the data controller). If the Client requests O’Neil to remove the data, we will respond to their request within 30 days.
O’Neil will retain personal data we process on behalf of our Clients for as long as needed to provide services to our Client. O’Neil will retain and use this personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Through careful analysis of specific business requirements, O’Neil’s customers may recommend that their clients are better served by utilizing the oneilCloud web services. O’Neil customers recommending this service to their clients must clearly explain that the client(s) information that originates in the EU will be stored on an Amazon server located in the U.S. and which is accessible over the Internet only by our customer or our customer’s client(s).
O’Neil does not own or otherwise disclose or make available to third parties the data that is stored through use of its oneilCloud web service by our customers or our customer’s client(s), and such data is considered owned or controlled only by that customer’s client(s) or our customer, including if acting on behalf of the customer or the customer’s client. O’Neil does not actively process the data stored on its server under the oneilCloud web service. Furthermore, under no circumstances may O’Neil independently cause our customer’s data or our customer’s client(s) data to be transferred to any third party, such action being limited to either our customer or our customer’s client(s). Also, O’Neil’s standard operating policy in this case is not to directly cause a transfer of any such data other than to return it to the applicable customer. In this capacity, O’Neil should be considered only as a processor in behalf as to any personal data that may be considered transferred from the EU to the U.S. subject to the requirements of the Directive. As such, either our customer or, more particularly, our customer’s client(s) is (are) the Data Controller as they or one of them have the actual control over the way any personal data is collected and used as well as the determination of the purposes and means of the processing of such data. O’Neil is not responsible for the content of the information stored on its server by our customers or our customer’s client(s) nor is O’Neil responsible for the way our customers or our customer’s client(s) treat such information.
The Safe Harbor Principles require that those who collect and determine the purposes and the means of the processing of personal data to fulfill very specific requirements related to compliance with the Directive. The specific functions of a Data Controller will depend on the specific laws of each EU member state. However, since O’Neil is not the collector or in control of any personal data, because it, neither alone nor jointly with others, will determine the purposes and means of collecting and the processing and uses of such data, it should not be considered as acting in the capacity of Data Controller with attendant responsibilities under the Directive or the Safe Harbor Principles. Although O’Neil, without its actual knowledge, may be provided data or information subject to the Directive by customers by means other than use of the oneilCloud web services in order to aid in the resolution of a technical issue, it should not be considered a data collector or Data Controller as to such data. Furthermore, O’Neil strongly recommends that our customers and our customer’s clients(s) do not include personal data in such transmittal to it, and it may reject and return such data to the sender if it becomes aware that such data is not in compliance with such requirement.
Web Services License Agreement
O’Neil and our customers enter into a contract with regards to the oneilCloud web service and this includes that each party understands its role in complying with the Directive and the Safe Harbor Principles. Any data considered processed or stored by O’Neil on behalf of our customer or any customer’s client(s) will not be further disclosed to third parties, except as directed or required by our customer or customer’s client(s), each acting only in compliance with the Directive. If in the unlikely event, any information which is identified as sensitive personal information must be treated accordingly.
The contract with our customer also will specify that our customer is responsible for implementing and maintaining reasonable security measures relating to our customer or customer’s client(s) access to the data stored within the O’Neil oneilCloud, including assignment and administration of all identification codes and passwords authorizing such access. Our customer or our customer’s client(s), as applicable, is responsible for all security measures relating to such identification codes and passwords. O’Neil has in place commercially reasonable measures to protect data on its network from loss, misuse, unauthorized access, disclosure and alteration and destruction.
As merely a processor on behalf of our customer or our customer’s client(s) (who is considered the EU Data Controller), O’Neil is not required to apply other Safe Harbor Principles to personal information subject to the Directive and considered received for processing (i.e., storage) from our customers or customer’s client(s).
O’Neil requests that our customers comply with their respective obligations under the Directive and our customers understand that O’Neil recommends that any data being managed under our oneilCloud is non-confidential, nor do we recommend the use of our web services for the management of Personal Information.
O’Neil is entirely dependent on our customer’s compliance with the Directive in connection with any authorization for access to such customer’s or customer’s client(s) data in the oneilCloud as well as its nature and content. O’Neil has no requirement to access data located on its oneilCloud other than as expressly permitted or directed by our customers and, in no case, will O’Neil be involved in the further processing or manipulation of such data. O’Neil takes reasonable steps to assure that any data that is considered transferred from the EU to the U.S. is maintained in a reliable, accurate and complete state, subject always to any deficiencies in the state in which it was received that may have been caused by others. The steps O’Neil undertakes to assure data integrity is provided to take into consideration the Safe Harbor Principles.
As noted above, the control of access to data stored on the oneilCloud web services is under the direct and primary control of and subject to the security measures undertaken by the O’Neil customer base. O’Neil has made provisions that all data “at rest” and stored in the oneilCloud system is encrypted to better assure the protection and confidentiality of such data. O’Neil has in place security procedures and commercially reasonable security measures to protect all information stored on the utilized servers from loss, misuse, unauthorized access, dis1closure, alteration and destruction.
O’Neil’s customers will be notified of any breach of the security measures implemented by O’Neil that O’Neil becomes aware of, and our customer is responsible for notifying our customer’s customer(s) of such breach. Any measures or actions required to be undertaken by our customers or customer’s client(s) in connection with such breach are solely the responsibility of our customers, as applicable. If O’Neil receives a request to download data stored in the oneilCloud by our customer onto archival media, O’Neil will do so only upon receipt of a written request and directions (including by email) therefore from the requesting customer, as applicable, and such media will be sent via a reliable carrier or courier, as authorized by the customer. Upon its delivery to such carrier or courier, O’Neil shall have no further obligation thereafter for the security or safety of the data included on such media.
Any compromise of security or potential compromise of security and any inquiries concerning security should be reported or directed to O’Neil. Contact information is provided below.
oneilCloud VP of Marketing
O’Neil Software Inc.
11 Cushing, Suite 100
Irvine, CA 92618-4220
Federal Trade Commission
Attn: Consumer Response Center
600 Pennsylvania Avenue NW
Washington, D.C. 20580
Limitation on Application of the Safe Harbor Principles
O’Neil’s adherence to the Safe Harbor Principles may be limited to the extent expressly permitted by applicable law, rule or regulation.
V.4.0 – February 19, 2015