GENERAL DATA PROTECTION REGULATION EU 2016/697 COMPLIANCE STATEMENT
This policy applies to all Octobox employees and collaborators. Furthermore, it applies to Octobox.co service which can be accessed via www.Octobox.co.
I. All definitions, as processing, controller, processor, data, sensitive data, used in this Commitment shall have its regular meaning as set forth by the General Data Protection Regulation.
II. Sub-processor means any person, or a third party appointed by or on behalf of Processor to conduct actions on personal data.
III. Service means software Octobox.co.
IV. User and customer mean respectively any person who uses Octobox.co service with the access to an active account regardless of version (trial or premium).
I. This Data Protection Statement is unilaterally binding upon Octobox.co and shall be understood as a policy applicable to the enterprise.
II. Octobox.co declares that it is aware of internal risks arising out of data processing and shall devote its time and resources to minimize any risk concerning data entered into the system.
III. This Data Protection Commitment amounts to be a proof of Octobox.co being GDPR compliant.
IV. Agreement between Octobox.co and customer means Terms of Service.
4. Opening statements
Prospectr Ltd T/A Octobox, registered in England & Wales. Octobox is aware of responsibilities arising from General Data Protection Regulation and dedicates itself to accomplish goals set forth in the regulation.
The Octobox Team, represented by CEO & Founder Scott Morgan, undertook steps to comply with the requirements and hereby by this document expresses its affirmation to the abovementioned principles which becomes binding on us by a unilateral declaration.
I. Managing user’s data in a mutually agreed manner;
II. Managing user’s data shall be transparent;
III. Ensuring information assets and processing facilities are protected against unauthorized access or misuse;
IV. Ensuring that all crucial security-related legal obligations shall be fulfilled;
V. Creation of procedures adjusting data protection reporting;
VI. An obligation to investigate all known breaches of data security unconditionally if it is factual or suspected;
VII. Conducting risk assessment and employing potential techniques to minimize the occurrence of data protection breach;
VIII. Ensuring that all relevant security communications are made both internally and externally to inform, advise, and encourage best practices in data protection;
IX. Develop, adjust, and constantly improve data protection to address newly arising concerns of our users;
X. Provide transparent Terms of Service complaint with General Data Protection Policy;
XI. Provide transparent Safety and Security which explains data storage and security policy compliant with General Data Protection Regulation
XII. Provide guidelines for our customers in conducting a risk assessment.
5. Data Protection Policy
I. Octobox.co acts as both, data controller and processor. In case of data of customers or users, Octobox.co acts as a data controller with the ability to define aim and purpose of processing. In case of any other data entered to the system by an end user or our customer, with a special focus on prospects database, IMAP server data, campaign, Octobox.co acts as a processor which takes actions on data on behalf of a controller, by providing automation service.
II. Octobox.co acting as a controller declares that data of EU citizens shall be stored on EU located servers.
III. Octobox.co acting as a processor declares that it will not transfer data of the customer to any third country which does not fulfil security standards.
IV. The main aim of data collection is to establish subscription agreement, enable account functioning, provide technical support and maintenance, monitor activities what raises protection security, ensure proper account functioning, maintain access via API standard method or provide invoices.
V. Octobox.co indicated that in case of any complaint or doubt concerning data security, it is willing to reply to every concern. Any complaint, data deletion request, data modification request, data return request shall be sent to Octobox.co via support@Octobox.co,
VI. Due to technical inability, Octobox.co as a processor, shall not be responsible for data in the content of conversations apart from its full dedication to ensure adequate technical security measures.
VII. To ensure data confidentiality, Octobox.co declares that is will not lease, sell, or exchange any data concerning customers or end-users with any third party, with the exclusion of processors and sub-processors employed by Octobox.co, or if otherwise required by law.
VIII. To limit data access or request additional information, user or client shall submit a written request via support@Octobox.co.
IX. Data processing of customers or users’ data is based upon consent.
X. Data processing of content, prospects’ database, and campaigns is based upon the agreement between Octobox.co (processor) and a customer or user (controller).
XI. As a company dedicated to data security, relevant data protection security training sessions were conducted internally.
XII. All staff of Octobox.co has Non-disclosure agreements signed and can process data only to the extent which is necessary to ensure maintenance and support for customers.
6. Dispute solving
I. Octobox.co is willing to participate in amicable dispute settlement or mediation in case of a dispute.
II. If such a solution is not possible, Octobox.co as a company registered in the United Kingdom is obliged to solve disputes on the grounds of British jurisdiction.