Skip to content
Close
What We Do
Protect
Extend
Enhance
Software We Support
IBM Software
HCL Software
VMware Software
SAP Software
Partner with Origina
Register a Deal
Our Story
Our Leadership Team
Careers
Our Culture
Resources
Press Room

Customer Privacy Notice.

 

1. INTRODUCTION

A. What This Document Is

At Origina, protection of personal data of individual representatives of our customers ("you") is a particularly high priority for us, and we have implemented numerous technical and organisational measures to ensure that personal data processed is protected as fully as possible. This privacy notice describes how we collect and use the personal information before, during and after your organisation's commercial relationship with us. We also include within this notice the purposes of the processing of your data, the lawful basis that permits us to process it and ensures that you have been meaningfully informed in relation to the processing, how long we keep your data for and your rights regarding your data. Depending on your location, we are required to notify you of some or all the information contained in this privacy notice.

B. Who This Privacy Notice Applies To

This Notice in whole applies to all employees, workers and contractors of the Origina Group except, sections marked as 'Europe & UK Specific', 'US Specific' and 'Australia Specific' apply only to employees', workers and contractors residing in Europe & UK, US and Australia respectively. For the purposes of this Notice, "Group" means Origina Limited (Ireland), Origina Inc. (USA), Origina UK Limited (United Kingdom), Origina Ltd PTY (Australia), Origina GMBH (Germany) and any other affiliated entity under common control from time to time. Your data controller depends on the Origina location you reside in. Please refer to Appendix A (Location and Data Controller Details). If you have any questions about data controllers, please refer to the data protection team at [email protected]

C. Your Consent

We do not need your consent for all our processing activities relating to your personal information. In certain circumstances, such as to process special category data, we may approach you for your written consent to allow us to process certain personal information. In these circumstances, we will provide you with all to information you need to decide, and you may choose not to consent to our request or to subsequently withdraw your consent. More information is provided in Part D below.  

2. COLLECTION AND USE OF PERSONAL INFORMATION

A. What kind of information do we hold about you

"Personal Information" in this Notice, means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked with you, directly or indirectly. Personal Information does not include information that cannot be reasonably linked to you including that which has been anonymised or deidentified. We collect, store and use one or more of following types of information including Personal Information about you:
  • Identification - details found in ID documents, including name and date of birth
  • Contact details – phone number, email (work and/or personal)
  • Employment information – obfuscated data including role, responsibility, skillset and qualification position, position of direct report, years of service
  • Dependents – anonymised and non-identifiable
  • Address (work and/or personal)
  • Interests/hobbies
  • Medical information – limited to allergens

B. How do we collect your information

We collect your Personal Information in various ways. From you, including when you provide this information to us through email, phone or in person contact and through the customer onboarding process or ongoing communication regarding your organisation's commercial relationship with Origina.

C. Purposes and legal bases for using your Personal Information

We will use your Personal Information only in accordance with the law. Generally, we rely on one or more of the following legal bases when using your Personal Information:
  1. To enter into and perform the contract between your organisation and Origina.
  2. To protect your interests or the interests of others.
  3. To comply with a legal or regulatory obligation.
  4. For law enforcement requests, tax authorities' regulatory agencies, public and government authorities all of which may include requests and authorities outside of your country of residence.
  5. For substantial public interest purposes.
  6. For our legitimate interest (or those of third parties) in circumstances where your fundamental rights and interests do not override those legitimate interests.
  7. When you have given consent to the use of your Personal Information, which you may withdraw at any time.

D. Practical ways in which we use the information we have about you.

The information we collect further to 2A above (What kind of information do we hold about you) for the purposes and the on legal bases for such collection outlined in clause 2C (Purposes and legal bases for using your information) is needed to enable us to perform our obligations. The below non-exhaustive list provides some examples of those obligations:
  1. Communicating with you in order to contract into and maintain a commercial relationship between your organisation and Origina.
  2. Developing and strengthening Origina's relationship with your organisation through you as the key customer representative in order to drive revenue and enhance our service provision.
  3. To make arrangements for gifting and messaging to you as key customer representative as part of our corporate gifting programme.
Certain particularly sensitive personal information may be collected and processed. To process this type of Personal Information, we will ensure that we have the right level of protection. Such sensitive data shall be processed only in the following circumstances.
  1. Where we need to carry out a legal obligation, always in line with our data protection policy.
  2. In very limited circumstances and where your consent is needed, we will contact you and require express consent.
  3. For purposes of protecting your interests such as to prevent significant health risks to you.
  4. In very limited circumstance for purposes of legal claims, or to protect your interest (or someone else interest) where you are incapable of giving consent such as in a medical emergency.
EU & UK Specific: Your sensitive personal information under EU and UK law refers to information about health, biometric information, trade union and special category data will be used in the following practical ways. Health-related information relating to any allergies may be used to ensure your personal safety in preventing contact with certain consumable products. We do not collect or process information relating to any other special category such as political opinion, trade union membership, religious philosophies, genetic data or any other such data unless as described above.
 
EU & UK Specific

E. Automated decision making

Automated decision means a decision is made by a computer using your personal data with no human involvement, and the decision has a legal or similarly significant effect in you. You have the right to request human involvement to review an automated decision if one is made. We do not use automated decision-making of this type.
 

3. DATA SHARING

We may be required to share your data with third party service providers and other entities within our Group of companies. We require third parties to treat your information in accordance with the law. Where we transfer your Personal Information to third jurisdictions, we have in place contractual arrangements to ensure that your data has the same degree of protection as that required by the law of the country you reside in. Your Personal Information may be processed by third party service providers, as well as other entities within our Group. This is for purposes of carrying out services on the Company's behalf including delivery of gits to your address. You can find a non-exhaustive list in Appendix B (Non -exhaustive list of our third-party providers). We may also share your Personal Information with third parties, including government and public bodies, where we are required by law as necessary to administer our working relationship with you or where we have another legitimate interest to do so.  

4. DATA SECURITY

We have in place both technical and organisation measures to protect the security of your Personal Information. We update and test our security technologies on an ongoing basis and restrict access to your personal data to those who need to know that information. Additionally, we train our employees and about the importance of confidentiality and data security. Should you require more information on these technical and organizational measures, you can refer to our Acceptable Use Policy. Third parties will only process your Personal Information under our direction and instructions pursuant to a Data Protection Agreement, always subject to the duty of confidentiality and bound with our requirements on its security. Data stored on our CRM platform, Zoho CRM, is subject to access restrictions whereby only those Origina employees who are essential to the furthering the company's legitimate interest in developing and enhancing good customer relationships will have access to the personal information stored on Zoho CRM. We have in place systems to address any suspected data security breaches, we will notify you, and any relevant regulator where we are legally required to so notify. Should you require more information on how we address data security breaches, you can refer to our Data Breach Policy and Training or send a query to our data protection/privacy officer at [email protected].  

5. DATA RETENTION

We will only retain your Personal Information for the period needed to fulfil the purpose for which we collected. We decide how long to keep it on a case-by-case basis. Some of the reasons we consider when making this decision include ensuring we can fulfil certain business development objectives or you ceasing to be our key customer contact for your organisation. If you would like more details on how long we retain different aspects of your Personal Information, please contact our Data Protection Officer using the details provided at section 4 above. We may anonymise your Personal Information where circumstances permit, in which case we may use such information without any reference or notification to you. Upon termination of our relationship with your organisation we will retain and securely destroy your Personal Information in accordance with our privacy policy.  
EU & UK Specific

6. DATA SUBJECT RIGHTS

It is important that the Personal Information we hold about you is accurate and current. Please notify us of any changes as they occur and where you notice an inaccuracy. You have the following rights in connection with the personal data we hold about you.
  1. Right of access where you seek to know what personal data we have processed about you.
  2. Right to rectification/correction, where you request the rectification of inaccurate information.
  3. Right to erasure commonly referred to as the right to be forgotten.
  4. Right to restrict processing
  5. Right to data portability where you can request that we transfer your data to another person
  6. Right to object to further processing or opt out of any further processing of your Personal Information
  7. Rights in relation to automatic decision making and profiling.
  8. Right to complain to Origina or the Data Protection Commissioner if you think your data rights have been breached.
If you wish to exercise any of the above rights, please contact us at [email protected]. We will respond to any valid request within one month unless it is particularly complex or you have made multiple requests, in which case we will respond within three months at the latest. We will inform you of any such extension within one month of receipt of your complaint You should be aware that the above rights are not absolute, and we may have a reason not to comply with your request. Some examples of why we may not comply with your request include where required to protect the rights and freedoms of others, where there is an overarching legal obligation, to establish or for the exercise of the company's legal claims or defences, where your request is excessive. Where we are unable to honour your rights, we shall provide you with the reason within the time frame required by law. Should you wish to, you can lodge a complaint with the data protection or privacy regulator in the jurisdiction where you reside. While you typically do not need to pay a fee to access your personal information or exercise other rights, we may charge you a reasonable fee if your request is manifestly unfounded or excessive. Additionally, we reserve the right to refuse to comply with your request. To protect your Personal Information, we may need to verify your identify and that of an agent you have directed to exercise your rights above before processing any request. This many include collecting additional information such as government issued identification.
 

7. DATA PROTECTION AND PRIVACY OFFICER

We have a data protection/privacy officer to oversee compliance with this Notice. If you have any questions, you can reach out to the officer at [email protected].  

8. COMPLAINTS

Please remember that while we are confident that we can address any concerns you may have, you can always directly contact your regulator in the country that you reside. You may also seek recourse through the appropriate judicial authorities in the country that you reside.  

9. CHANGE TO THIS PRIVACY NOTICE

We can update this Notice at any time. Where we make substantial updates, we will notify you of the same though the Company's communication mechanisms. The most recent version of this Notice will be available on the intranet.  
US Specific

10. US REGION PRIVACY NOTICE

This United States of America Privacy Notice (" USA Notice") applies to all key customer contacts in United States and is to be read with Origina Privacy Policy and supplements specific sections of the EU UK Privacy Notice above. This USA Notice explains how we collect, use and disclose your Personal Information. It also describes how to exercise your rights under the California Consumer Privacy Act, the Colorado Privacy Act, the Connecticut Act Concerning Personal Data Privacy and Online Monitoring, the Utah Consumer Privacy Act and the Virginia Consumer Data Protection Act, collectively the "US Privacy Laws". Subject to our privacy policy, we may disclose your Personal Information for business purposes as outlined in this USA Notice. We may also disclose it at your direction or in other ways that are in accordance with the US Privacy Laws.

A. Sensitive Personal Information

Social Security, driver's license, state identification card, or passport number; racial or ethnic origin, religious or philosophical beliefs; work permit or visa information; and health-related information, including physical or mental disability, Sensitive data does not include data that is publicly available or that has been de-identified.

B. Practical ways we use information defined as Sensitive Personal Information

We may use your Sensitive Personal Information in the following ways where we collect it: Health-related information relating to any allergens may be used to ensure your personal safety in preventing contact with certain consumable products.

C. Your Rights

The information we collect, use and disclose about you will vary depending on where you reside and subject to certain exceptions, you may have some or all of the following rights:
  1. Right to Correct: You have the right to request the correction of any inaccurate personal information that we maintain about you, considering the nature of the personal information and the purposes of the processing of the personal information. We will use commercially reasonable efforts to correct the inaccurate personal information as you may direct.
  2. Right to Know: The right to request that we disclose to you the Personal Information we collect, use, or disclose, and information about our data practices.
  3. Right to Request Deletion: The right to request that we delete your Personal Information that we have collected from or about you.
  4. Right to Opt Out: The right to opt out of the processing of your Personal Information that have obtained from or about you.
  5. Right to Non-Discrimination: The right not to receive discriminatory treatment for exercising your privacy rights.
Under certain US Privacy Laws, you may designate an authorised agent to exercise your rights. If you use an authorised agent to submit a request, we may need to collect additional information, such as a government-issued ID, to verify your and their identity before processing your request to protect your information.

D. California Specific Workers

We do not sell, rent, or lease your Personal Information to third parties for monetary or other valuable consideration. To that end, we do not offer the right to opt out of such a sale. Additionally, we don't "share" your Personal Information, as defined in the California Consumer Privacy Act ("CCPA"). For categories of Sensitive Personal Information that we collect, process or disclose, we will only use or disclose it as described in this Notice, our privacy policy and for specific enumerated business purposes under section 7027(m) of the CCPA. Examples are in table 2A above. As our use of this information is within the bounds of section 7027(m), we do not offer the right to limit the use of Sensitive Personal Information.
 

11. AUSTRALIA PRIVACY NOTICE

This Australia Privacy Notice ("Australia Notice") applies to all key customer contacts in Australia and supplements specific sections of the Notice. This Australia Notice explains how we collect, use and disclose your Personal Information. It also describes how to exercise your rights under the Privacy Act 1988 and Australian Privacy Principles collectively the "Australia Privacy Laws". Subject to our privacy policy, we may disclose your Personal Information only for business purposes as outlined in this Australia Notice. We may also disclose it at your direction or in other ways that are in accordance with the Australia Privacy Laws. The Company handles all personal information responsibly and in accordance with applicable law.

A. Sensitive Personal Information

This is defined as information or an opinion about and individuals racial or ethnic origin, political opinions, membership of a political association, religious beliefs, philosophical beliefs, membership pf trade union, sexual orientation or practices criminal record, health information, genetic information that is not otherwise health information, biometric information that is to be used for purposes of automated biometric verification or biometric identification or biometric templates

B. Practical ways we use information defined as Sensitive Personal Information.

We may use your Sensitive Personal Information in the following ways where we collect it: Health-related information relating to any allergens may be used to ensure your personal safety in preventing contact with certain consumable products.

C. Your Rights

You have the following rights on the information:
  1. Right to Information: The right to request that we disclose to you the Personal Information we hold about you.
  2. Right to Access: You have the right to request access to the Personal Information we hold about you.
  3. Right to correct information. If the Personal Information we hold about you is inaccurate, out-of-date, incomplete, irrelevant, or misleading, you have the right to request that it be corrected.
  4. Right to opt out- You have the right to stop receiving unwanted direct marketing.
  5. Right to Anonymity and Pseudonymity: You have the right to interact with us anonymously or by using a pseudonym, unless it is impractical for the purposes of our worship relationship.
 

12. APPENDICES

Appendix A (Location and Data Controller Details)

Origina Location Data Controller
Ireland Origina Ltd
UK Origina Ltd Uk
Australia Origina Ltd PTY
United States Origina Inc
Germany Origina GMBH
 

Appendix B- Non - Exhaustive list of our third-party providers

Third Party Provider Service Provided
Zoho CRM CRM Platform, information storage