Last Updated: February 25, 2025*
1. INTRODUCTION
Thank you for visiting Osec ("Company", "we", "us", or "our"). We are committed to protecting your personal information and your right to privacy. This privacy policy applies to all information collected through our website [www.osec.com] (the "Website").
This privacy policy describes our policies and procedures on the collection, use, disclosure, and safeguarding of your information when you visit our Website. This policy is designed to comply with regulations in multiple jurisdictions, including the European Union General Data Protection Regulation (GDPR), the UK Data Protection Act 2018, and applicable US laws including the California Consumer Privacy Act (CCPA) where relevant.
If you have any questions or concerns about this privacy policy or our practices with regard to your personal information, please contact us at privacy@osec.com.
1.1 Data Controller
For the purposes of applicable data protection laws, [Company Name] is the data controller of your personal information. Our contact details are:
OccamSec (DBA OSec)
122 East 42nd Street, Ste 3605
New York, NY, 10168
USA
Email: privacy@osec.com
2. INFORMATION WE COLLECT
2.1. Information Automatically Collected
As you navigate through and interact with our Website, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including:
- Usage Data: Details of your visits to our Website, including traffic data, location data, logs, and other communication data and the resources that you access and use on the Website.
- Technical Data: Information about your computer and internet connection, including your IP address, operating system, and browser type.
- Cookies and Similar Technologies: We may use cookies, web beacons, pixel tags, and other similar technologies to track user actions and collect data about the use of our Website.
2.2. Information You Voluntarily Provide
We may collect information that you voluntarily provide to us when you contact us via email, contact forms, or other interactive features on our Website. This may include:
- Contact Information: Such as your name and email address when you contact us.
- Communication Content: Any messages, feedback, or other content you share with us.
2.3 Legal Basis for Processing (EU/UK Users)
For users in the European Union and United Kingdom, we process your personal data on the following legal bases:
- Legitimate Interests: To operate and improve our Website, analyze its use, and ensure its security.
- Consent: Where you have given clear consent for us to process your personal data for a specific purpose.
- Contractual Necessity: Where processing is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into a contract.
- Legal Obligation: Where processing is necessary for compliance with a legal obligation to which we are subject.
3. HOW WE USE YOUR INFORMATION
We use the information we collect or receive:
- To provide, operate, and maintain our Website.
- To improve, personalize, and expand our Website.
- To understand and analyze how you use our Website.
- To develop new products, services, features, and functionality.
- To communicate with you directly or through one of our partners, including for customer service.
- To send you information you request from us.
- To comply with applicable laws and regulations.
- To protect our Website from unauthorized access or potential misuse.
4. HOW LONG WE KEEP YOUR INFORMATION
We will retain your personal information only for as long as is necessary for the purposes set out in this privacy policy, or for as long as we have your permission to keep it. In certain circumstances, we may retain your personal information for longer periods as required or permitted by law, for legal, tax, or regulatory reasons, or legitimate and lawful business purposes.
5. DISCLOSURE OF YOUR INFORMATION
We may share information we have collected about you in certain situations. Your information may be disclosed as follows:
5.1. By Law or to Protect Rights
If we believe the release of information about you is necessary to respond to legal process, to investigate or remedy potential violations of our policies, or to protect the rights, property, and safety of others, we may share your information as permitted or required by any applicable law, rule, or regulation.
5.2. Third-Party Service Providers
We may share your information with third parties that perform services for us or on our behalf, including data analysis, email delivery, hosting services, customer service, and technical support. These third parties are contractually obligated to keep personal information confidential, use it only for the purposes for which we disclose it to them, and to process the personal information with the same standards set out in this policy.
5.3. Business Transfers
We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company. We will notify you of such a change in ownership or transfer of assets by posting a notice on our Website.
5.4. International Transfers
Your information, including personal information, may be transferred to and maintained on servers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction.
If you are located in the European Union or the United Kingdom, we will ensure that any transfer of your personal data to countries outside the EU/UK will be subject to appropriate safeguards, such as standard contractual clauses approved by the European Commission or the UK Information Commissioner's Office, or other suitable safeguards as required by data protection laws.
6. COOKIES AND OTHER TRACKING TECHNOLOGIES
6.1. What Are Cookies
Cookies are small data files that are placed on your computer or mobile device when you visit a website. Cookies are widely used by website owners in order to make their websites work, or to work more efficiently, as well as to provide reporting information.
6.2. Types of Cookies We Use
- Essential Cookies: Necessary for the Website to function properly. These cookies enable basic functions like page navigation and access to secure areas of the Website. The Website cannot function properly without these cookies.
- Analytical/Performance Cookies: Allow us to recognize and count the number of visitors and see how visitors move around our Website. This helps us to improve the way our Website works.
- Functionality Cookies: Enable the Website to provide enhanced functionality and personalization. They may be set by us or by third-party providers whose services we have added to our pages.
6.3. Your Choices Regarding Cookies
Most web browsers are set to accept cookies by default. You can usually choose to set your browser to remove or reject cookies. Instructions for managing cookies in popular browsers are available at:
- [Chrome](https://support.google.com/chrome/answer/95647)
- [Edge](https://support.microsoft.com/en-us/help/4468242/microsoft-edge-browsing-data-and-privacy)
- [Firefox](https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences)
- [Safari](https://support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471/mac)
- [Opera](https://blogs.opera.com/news/2015/08/how-to-manage-cookies-in-opera/)
Please note that removing or rejecting cookies could affect the functionality of our Website.
6.4. Cookie Consent (EU/UK Users)
For users in the European Union and United Kingdom, we obtain explicit consent for non-essential cookies in accordance with the ePrivacy Directive and GDPR. You will be presented with a cookie consent banner when you first visit our Website, allowing you to accept or decline non-essential cookies.
7. THIRD-PARTY WEBSITES
Our Website may contain links to third-party websites and applications that are not affiliated with us. We are not responsible for the privacy practices or the content of these third-party sites. Once you have used these links to leave our Website, any information you provide to these third parties is not covered by this Privacy Policy. We encourage you to read the privacy policies of other websites before submitting any information to them.
8. SECURITY OF YOUR INFORMATION
We have implemented appropriate technical and organizational security measures designed to protect the security of any personal information we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure. We regularly review our security procedures to consider appropriate new technology and methods.
9. CHILDREN'S PRIVACY
Our Website is not intended for children under the age of 16 in the EU/UK or under 13 in the US. We do not knowingly collect personal information from children under these ages. If we learn we have collected or received personal information from a child without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under these ages, please contact us using the information provided below.
10. YOUR PRIVACY RIGHTS
10.1. EU/UK Data Subject Rights
If you are a resident of the European Union or the United Kingdom, you have the following rights under the GDPR and UK Data Protection Act:
- Right to Access: You have the right to request copies of your personal information.
- Right to Rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
- Right to Erasure: You have the right to request that we erase your personal information, under certain conditions.
- Right to Restrict Processing: You have the right to request that we restrict the processing of your personal information, under certain conditions.
- Right to Object to Processing: You have the right to object to our processing of your personal information, under certain conditions.
- Right to Data Portability: You have the right to request that we transfer the data we have collected to another organization, or directly to you, under certain conditions.
- Right to Not Be Subject to Automated Decision-Making: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal or similarly significant effects concerning you.
10.2. California Privacy Rights
If you are a California resident, the California Consumer Privacy Act (CCPA) grants you certain rights:
- Right to Know: You have the right to request disclosure of the categories and specific pieces of personal information we collect, the sources from which it was collected, our purpose for collecting it, and the types of third parties with whom we share it.
- Right to Delete: You have the right to request deletion of personal information that we collect and maintain about you, subject to certain exceptions.
- Right to Opt-Out: If we sell personal information, you have the right to opt-out of that sale.
- Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.
California Civil Code Section 1798.83 (the "Shine the Light" law) permits users who are California residents to request certain information regarding disclosure of personal information to third parties for their direct marketing purposes. We do not share personal information with third parties for their direct marketing purposes.
10.3. How to Exercise Your Rights
To exercise any of these rights, please contact us at privacy@osec.com or via the contact details provided in Section 1.1.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data or exercise any of your other rights. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
11. DO NOT TRACK FEATURES
Most web browsers and some mobile operating systems include a Do-Not-Track ("DNT") feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage, no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online.
12. CHANGES TO THIS PRIVACY POLICY
We may update this privacy policy from time to time to reflect changes to our practices or for other operational, legal, or regulatory reasons. The updated version will be indicated by an updated "Last Updated" date and the updated version will be effective as soon as it is accessible.
We will notify you of any material changes by prominently posting the updated Privacy Policy on the Website. We encourage you to review this privacy policy frequently to be informed of how we are protecting your information.
13. CONTACT US
If you have questions or comments about this privacy policy or wish to exercise your rights regarding your personal information, you may contact us at:
OccamSec (DBA OSec)
122 East 42nd Street, Ste 3605
New York, NY, 10168
USA
Email: privacy@osec.com
13.1. Data Protection Complaints
If you have a complaint about our use of your personal information, you have the right to lodge a complaint with your local data protection authority:
- EU residents can find their data protection authority at: [European Data Protection Board](https://edpb.europa.eu/about-edpb/board/members_en)
- UK residents can contact the Information Commissioner's Office at: [ICO](https://ico.org.uk/)