Privacy Policy
Last Updated: November 6, 2023
Our Privacy Policy is critical to establishing and maintaining trust with you and our customers. At Opal, we believe you should know what data we collect, how we use it, and have meaningful control over both.
This Privacy Policy describes how we collect and use your Personal Data when you visit our website (the “Site”) or use the Opal Platform as a licensed subscriber. By “Personal Data,” we mean data that relates to you as an identified or identifiable natural person. For example, Personal Data may include your name, your address, your telephone number, or your email address. By “Opal Platform,” we mean the cloud-hosted Software-as-a-Service (SaaS) software platform offered by Opal, including all desktop and mobile applications, Opal adapters, API, SDK, or any other application we license to you.
Who We Are
As used in this Privacy Policy, “we,” “us” or “our” means Opal Labs Inc., an Oregon corporation with principal offices located at 555 SE Martin Luther King Jr. Blvd. Suite 105, Portland, OR 97214.
Data protection laws in certain jurisdictions differentiate between a “controller” and “processor” of Personal Data. In general, the company you work for is the controller of your Personal Data, and we are the processor of your Personal Data relating to your use of the Opal Platform.
If you have questions or complaints regarding our Privacy Policy or practices, please contact us at legal@workwithopal.com or by mail to Opal Labs Inc., ATTN: Legal, 555 SE Martin Luther King Jr. Blvd. Suite 105, Portland, OR 97214. We will respond to your questions or complaints within 30 days or as otherwise required by law. Following receipt of a complaint, if necessary, we will investigate the issue and provide you with information regarding investigation and the resolution of the complaint.
You may contact our Data Protection Officer at dpo@workwithopal.com.
Our EU Representative pursuant to Art. 27 of the General Data Protection Regulation (the “GDPR”) is:
RIVACY GmbH
Mexikoring 33
22297 Hamburg
Germany
info@rivacy.eu
https://www.rivacy.net/en/
Under GDPR, you may register a complaint with the relevant data protection authority. The name and contact details of the Data Protection Authorities in the European Union can be found here: http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.
Personal Data We Collect
We collect Personal Data on the Site and within the Opal Platform as further described below.
THE SITE
We may use tracking technologies like cookies, clear gifs, web beacons, web bugs, or similar technologies. Cookies are used to identify which areas of the Site you visited and your actions on the Site. Clear gifs are tiny graphics with a unique identifier, similar in function to cookies, and are used to track the online movements of web users. In contrast to cookies, which are stored on a user’s computer hard drive, clear gifs are embedded invisibly on web pages or emails.
You may find a list of the cookies used and their respective purposes at workwithopal.com/cookies.
As is true of most web sites, we gather certain Personal Data automatically and store it in log files. This Personal Data may include internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data. We may combine this automatically collected log Personal Data with other Personal Data we collect about you.
The legal basis for this processing of Personal Data is our legitimate interest (Art. 6(1)(f) of the GDPR) to provide you with our services and keep our website running safely.
If you apply for employment with us via the Site, we will collect your name, email address, location, phone number, work experience, and qualifications, as well as gender, race/ethnicity, and veteran/disability status.
The legal basis for this processing of Personal Data is our legitimate interest (Art. 6(1)(f) of the GDPR) to solicit employment applications through our Site and to comply with related legal obligations.
Opal does not require that you provide Personal Data through our Site. If you do not wish to provide the Personal Data requested, we may not be able to service you properly or provide the benefit for which the Personal Data is requested.
You may control cookies by configuring the privacy settings within your browser (please refer to your browser’s help function to learn more about cookie controls). Setting your cookie settings within our Site will not alter the cookies used by third parties. The use of cookies by third parties is not covered by this Privacy Policy. We do not have access to or control over third party cookies. Various browsers may offer their own management tools for removing HTML5 LSOs. To manage Flash LSOs please click here: http://www.macromedia.com.
THE OPAL PLATFORM
The Opal Platform allows our users to upload digital assets and other data and interact with this data and other users. Content may include photos and images, videos, gifs, sketches, retail site diagrams, designs, logos, or channel data, and copy for emails, texts, websites, social media messages or posts, and other forms of data or electronic communications (“Customer Data”). Customer Data includes data about our Customers, and the third parties they correspond with.
We also collect information about individuals involved in our Customers’ marketing creation process, including employees, agents and contractors, and those outside of their organizations (“User Information”). User Information may include Personal Data related to the individual’s department, name, job title, job duties, profile photograph, work location, work email address, work phone number, personal phone number, personal social media account, or similar kinds of information.
SMS communications are sent with your affirmative consent. Prior to our use of SMS communications, recipients will have knowingly provided their mobile phone number by entering it into the contact information section of their user profile. This section notifies the user that by entering his or her mobile phone number, he or she consents to receive SMS communications from other users within his or her organization. While we will obtain your consent prior to using SMS communications, our legal basis may also be inferred from our contractual relationship as noted below.
The legal basis for this processing of Personal Data is our legitimate interest (Art. 6(1)(f) of the GDPR) to perform under our contract with our respective Customer.
We collect Personal Data automatically about how our users interact with the Opal Platform, including username, password, IP address, device and browser information, and access location (“Automatically Collected Information”). We do this via data collection technologies such as cookies, web beacons, gifs, or other tracking technologies. We collect this information to monitor, support, and improve the Opal Platform or to provide our Customers and end users with certain tools or features. We may use Automatically Collected Information to tell us how you interact with the Opal Platform, to improve the Opal Platform, or to develop new products, services, or features. We may combine this information with other information we collect.
The legal basis for this processing of Personal Data is our legitimate interest (Art. 6(1)(f) of the GDPR) to develop our product and enable us to enhance your user experience.
Where We Collect Personal Data
For Customers or users located in the European Economic Area (the “EEA”), we process your Personal Data in accordance with the privacy rights and regulations under the GDPR. We will take steps to ensure that your Personal Data receives an adequate level of protection in the jurisdictions in which we process it. We provide adequate protection for the transfer of your Personal Data to countries outside of the EEA through agreements based on the Standard Contractual Clauses authorized under the EU Data Protection Directive 95/46/EC and the GDPR.
A list of third parties to which we transfer Personal Data can be found here: workwithopal.com/sub-processors.
To request a copy of the respective safeguards, please contact us at: dpo@workwithopal.com.
How Long We Keep Personal Data
We will retain Personal Data we process on behalf of our Customers for as long as permitted by law, or for the period of time requested by a particular Customer.
We will retain the Personal Data which is processed by us as a controller for as long as it is necessary in relation to the purposes for which it was collected or otherwise processed.
How We Use Personal Data We Collect
In general, we process Personal Data only when you consent to the processing of your Personal Data for one or more specific purposes, for the performance of a contract with our Customer, when processing is necessary for compliance with a legal obligation to which we are subject, or based on our legitimate interests, except where such interests are overridden by the interests or fundamental rights and freedoms of you which require the protection of your Personal Data.
We do not use automated decision-making, including profiling.
THE SITE
We may use tracking technologies like cookies, clear gifs, web beacons, web bugs, or similar technologies. Cookies are used to identify which areas of the Site you visited and your actions on the Site. Clear gifs are tiny graphics with a unique identifier, similar in function to cookies, and are used to track the online movements of web users. In contrast to cookies, which are stored on a user’s computer hard drive, clear gifs are embedded invisibly on web pages or emails.
As is true of most web sites, we gather certain Personal Data automatically and store it in log files. This Personal Data may include internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data. We may combine this automatically collected log information with other Personal Data we collect about you.
We use clear gifs to determine whether our education, outreach, or marketing campaigns are successful, such as to see whether you opened an email we sent or if you clicked on a link within the email we sent. Generally, we use these technologies to manage content, analyze trends, monitor page visits and content downloads, administer the Site, track users’ activities around the Site, and to gather demographic information about our Site user base as a whole. We may receive reports based on the use of these technologies on an individual as well as aggregated basis.
The legal basis for this processing of Personal Data is to our legitimate interest (Art. 6(1)(f) of the GDPR) to develop our product and enable us to enhance your user experience.
We use Personal Data collected on the Site in the following ways:
- To present, operate, or improve the Site, including analysis of Site activity;
- To respond to technical problems;
- To respond to, process, and deliver your communications or requests;
- To communicate with you about upcoming events, trade shows, or conferences, changes to the Site or our products or services, or to deliver other news about products and services;
- To process job applications;
- To customize or personalize your online experience, for example to pre- populate forms, or to display or provide you with relevant content or communications;
- To enforce or protect any right;
- To investigate or deter against fraudulent, unauthorized, or illegal activity; or
- To otherwise fulfill the purpose for which the Personal Data was provided.
We may link, combine, or supplement the Personal Data you provide us with other Personal Data we obtain from cookies. We do this to help understand your needs and provide you with better products and services, to identify you when you return to our Site, or to pre-populate forms.
The legal basis for this processing of Personal Data is our legitimate interest (Art. 6(1)(f) of the GDPR) to develop our product and enable us to enhance your user experience.
We may use anonymous, aggregate personal information for different purposes, like market analysis, traffic flow analysis and reporting, or information based on clickstream data. We use this information for a variety of purposes to examine our traffic in aggregate, to investigate misuse of our network or its users, or to cooperate with law enforcement. Unless you opt out, you may receive educational or general update emails and other business-related communications, such as emails about your accounts, product notices, or our ongoing business relations. You may opt out by following the instructions in those emails.
THE OPAL PLATFORM
We do not control or monitor the information our Customers collect, upload, store, or share through the Opal Platform, or their privacy practices or policies. Unless otherwise required by law, it is our Customer’s obligation to obtain all necessary consents and to comply with all applicable laws with respect to the Customer’s communications and use of the Opal Platform. Our Customer’s privacy policies or practices apply to Customer Data, the purposes for which the Customer collects Customer Data, how the Customer may use Customer Data and what choices the individual user may have with respect to Customer Data. Unless otherwise required by law, individuals must contact their employer (our Customer) in order to correct, amend, or delete their information, or to opt out of any collection, uses, or disclosure of their information by our Customer.
We use User Information to support the Customer account, maintain our business relationship with our Customer, respond to Customer inquiries, or perform accounting functions. Unless you opt out, you may receive educational or general update emails and other business-related communications, such as emails about your accounts, product notices, or our ongoing business relations. You may opt out by following the instructions in those emails. Users may update personal information and password by logging into the Opal Platform and updating the user account. Our Customer may contact the designated Customer Experience Manager for the account (or Opal Support (+1 (844) OUR-OPAL)) to request deletion of personal data. In some cases, we may not be able to delete User Information, and in such cases we will provide an explanation.
For Customers or users located in the European Economic Area (the “EEA”), we process your information in accordance with the privacy rights and regulations under the General Data Protection Regulation (the “GDPR”). Under the GDPR, we may only collect and process your information if we have a legal basis for doing so. The following are examples of legal bases:
- Processing is necessary for us to provide products and services to you;
- Processing is necessary for a legitimate interest;
- Processing is necessary to comply with a legal obligation; or
- Processing is based on and within the scope of your consent. If our legal basis for collecting and processing your information is your consent, you may withdraw your consent at any time, but our legal basis for collecting and processing your information will apply to processing prior to the date of your withdrawal. Sharing Information with Others Unless prohibited by applicable law, we may share your information as follows:
- In connection with a divestiture, merger, acquisition, sale, or similar transaction;
- To protect our property or enforce our rights, or the rights of our affiliates, channel partners, agents, subcontractors, representatives, or services providers;
- In response to a court order, subpoena, or warrant, or to comply with a legal requirement or cooperate with an investigation;
- To identify persons who may be violating the law, our Terms of Service, the rights of third parties, or persons who may be otherwise misusing the Site or its related properties; or
- With your consent, or to fulfill the purpose for which you provided the information.
We may use third party service providers such as an email service provider to send out emails on our behalf or a chat widget that allows us to communicate with you. We may share your information with these service providers, and others, as necessary for them to perform their functions. These third-party providers are required to keep your information confidential per our agreements with the providers, with limited exceptions.
We do not sell, rent, or lease the information we collect to third parties.
The Site may contain links to websites or content sponsored or provided by third parties. These sites and services may use their own cookies or data tracking technologies to collect data or information from you. Opal does not control the practices of these third parties or their websites or content. Opal is not responsible for the privacy practices or the content of these third parties. Opal does not share the information that you provide us with these third parties. However, these third parties may obtain information about you if you click on a third-party link.
We treat Customer Data and User Information as the confidential and proprietary information of you or our Customers, as the case may be, subject to the terms of the software license agreement between Opal and the Customer. We do not share Customer Data, User Information, or Automatically Collected Information with third parties unless directed to do so by you, our Customer or as may be necessary to provide services to the Customer, to you, to our advisors, channel partners, affiliates, representatives, agents, service providers, in connection with a business transaction (such as a merger or sale), as allowed under applicable law, the terms of our agreement with our Customer, or in response to a court order, subpoena, or warrant or to comply with a legal requirement or to cooperate with an investigation. Unless otherwise prohibited by law, we may disclose Automatically Collected Information or Customer Data for the aforementioned reasons, or in order to protect our rights or the rights of our affiliates, Customers, channel partners, or service providers. Additionally, we may disclose Automatically Collected Information in an anonymized or aggregate format for our marketing purposes. Third party providers are required to keep your information confidential per our agreements with the providers, with limited exceptions.
Information Security
We understand the need for user privacy, and we maintain reasonable and appropriate security procedures to protect your information from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into due account the risks involved in the processing and the nature of the Personal Data. Access to user data is strictly limited to specific individuals who are trained to respect user privacy. The access given to these employees is restricted to their need for such information for business purposes. A log of those who accessed the data is maintained and monitored to prevent security breaches.
Third Parties
We may share Personal Data with vendors or agents working on our behalf for the purposes described in this Policy. For example, we may hire companies to assist with protecting and securing our systems or services. The vendors and agents that we retain must comply with our data privacy and security requirements and they are not allowed to use Personal Data they receive from us for any other purpose. Like us, they will never barter, trade, or sell access to your Personal Data. We remain responsible and liable under data protection laws if third-party agents we engage to process Personal Data on our behalf do so in a manner inconsistent with the applicable data protection laws, unless we prove that we are not responsible for the event giving rise to the damage.
You may find a list of third parties at workwithopal.com/sub-processors.
Children
The Opal Platform and Site are not intended, designed for, or directed to children under the age of 18, and we will not intentionally collect or maintain information about anyone under the age of 18. If it comes to our attention that we have received personal information about anyone under the age of 18, such information will be immediately deleted from our records.
Your Rights
You have the right to access your Personal Data that we hold about you and to correct, update, amend, suppress, delete or otherwise modify any Personal Data where it is inaccurate, or has been processed in violation of the applicable data protection regulations, unless we have to keep the Personal Data for legitimate business or legal purposes. When updating your Personal Data, we may ask you to verify your identity before we can act upon your request.
You may object to the use or processing of your Personal Data or withdraw consent to use your Personal Data at any time.
You have the following rights:
- The right to request proper rectification, removal or restriction of your Personal Data;
- Where processing of your Personal Data is based on legitimate interests according to Article 6(1)(f) of the GDPR, the right to object on grounds relating to your particular situation at any time. If you object, we will no longer process your Personal Data unless there are compelling and prevailing legitimate grounds for the processing or the data is necessary for the establishment, exercise, or defense of legal claims;
- Where processing of your Personal Data is either based on your consent or necessary for the performance of a contract with you and processing is carried out by automated means, the right to receive the Personal Data concerning you in a structured, commonly used, and machine-readable format or to have your Personal Data transmitted directly to another company, where technically feasible (data portability);
- Where the processing of your Personal Data is based on your consent, the right to withdraw your consent at any time without impact to data processing activities that have taken place before such withdrawal or to any other existing legal justification of the processing activity in question; and
- The right not to be subject to any automatic individual decisions which produces legal effects on you or similarly significantly affects you.
To exercise the rights referred to above, please contact us dpo@workwithopal.com. You have the right to take legal actions in relation to any breach of your rights regarding the processing of the Personal Data, as well as to lodge complaints before the competent data protection regulators.
Changes to this Policy
From time to time, we may change this policy to conform with changes to our business or as the law requires. We reserve the right to change this Privacy Policy at any time with notice to you, which notice requirement may be satisfied with a popup upon your login or other industry-standard form of notice, unless otherwise required by law.