Oniqua Privacy and Security Notice
Updated May 24th, 2018
What this Notice Covers
Your privacy is important to us, and so is being transparent about how we collect, use, and share information about you. This notice is intended to help you understand:
- What information we collect about you
- How we use the information we collect
- How we share information we collect
- How we store and secure the information we collect
- How to access and control your information
- How we transfer information we collect internationally
- Changes to our privacy and security notice
- Other important privacy information
- Contact us
- Have any questions?
This Privacy Notice covers the information we collect about you when you use our products or services, or otherwise interact with us (for example, by attending our events), unless a different notice is displayed. Oniqua, we and us refer to Oniqua Pty Ltd, Oniqua Europe Limited, Oniqua, Inc. and any of our corporate affiliates. We offer a wide range of products and services which you can find on our Services page. We refer to all of these products, together with our other Services and Website as “Services” in this notice.
This notice also explains your choices about how we use information about you. Your choices include how you can object to certain uses of information about you and how you can access and update certain information about you. Oniqua is unable to provide you with access to our products and services without your business contact information. If you do not agree with this notice, do not access or use our IQ Platform or interact with any other aspect of our business.
Where we provide the Services under contract with an organization (for example your employer) that organization controls the information processed by the Services. For more information, please see Notice to End Users below.
Your information is controlled by Oniqua Pty Ltd, Oniqua Europe Ltd, and Oniqua, Inc.
If you have any questions or requests relating to how Oniqua uses your data to provide our services please contact our data protection manager, or, if you are a resident of the European Economic Area, please contact our EU representative:
Data Protection Manager
Oniqua Pty Ltd
Phone: +61 7 3369 5506
Oniqua Europe Limited
Phone: +44 (0)1224 580396
Further contact details and office locations are available under contact us
What Information We Collect About You
We collect information about you when you provide it to us, when you use our Services, and when other sources provide it to us, as further described below.
The types of data that Oniqua may hold and process depend on what services are being provided by or for Oniqua.
Below is an example of the types of data Oniqua may hold and process
Why Oniqua holds and processes this data
Your business contact details including:
To provide you with access to Oniqua cloud applications
To provide you with support and customer service for Oniqua cloud applications
To contact you in the event of system outages, product changes or data security incidents
To contact you with marketing or training material
For invoicing, billing and other financial transactions
Your organisation’s banking and financial details.
For invoicing, billing and other financial transactions
Your internet IP address
The country your PC is connecting to our services from
The hostname of your PC
The internal IP address of your PC.
Access to Oniqua products and services is usually across the internet. This metadata is sent across the internet when you log into our services.
The information you provide to us
We collect information about you when you input it into a form on our website, subscribe to our IQ Platform, or otherwise provide it directly to us.
Account and Profile Information: We collect information about you when an account is created for you or we create or modify your profile, set preferences, and set you up as a user after subscribing to our IQ Platform. For example, you provide your contact information and, in some cases, billing information when you subscribe to our IQ Platform. The information can include a username, password (encrypted, first and last name, email address and solution preferences, such as language. We keep track of your preferences when you modify settings within the IQ Platform.
The content you provide through our software products: Our products include the modules within the IQ Platform you use where we collect and store content that you enter into our solution. This content includes any information about you that you may choose to include. The content we collect is related to MRO inventory optimization.
The content you provide through our websites: Content you may choose to provide also includes our website which is owned or operated by us and hosted by GoDaddy. We collect other content that you may choose to submit to third-party websites e.g. our LinkedIn company page, which includes social media or social networking pages. For example, you provide content to us when you download a white paper, provide feedback, participate in any interactive features, surveys, contests, promotions, activities or events.
The Information you provide to our support team: Content also includes our customer support where you may choose to submit information regarding a problem you are experiencing with our IQ Platform. Whether you designate yourself as a technical contact, open a support ticket, speak to one of our representatives directly or otherwise engage with our support team, you will be asked to provide contact information, a summary of the problem you are experiencing, and any other documentation, screenshots or information that would be helpful in resolving the issue.
Billing and Payment Information: We collect certain payment and billing information when you sign a contract to utilize our IQ Platform. For example, we ask you to designate a billing representative, including name and contact information, upon contract signing. You might also provide payment information, such as payment card details, bank remittance advice, which we collect via secure payment processing services.
Information we collect automatically when you use our IQ Platform:
We collect information about you when you use our IQ Platform, including browsing our websites and taking certain actions within the IQ Platform.
Your use of the Services: We keep track of certain information about you when you visit and interact with our Website and IQ Platform. This information includes the features you use; the links you click on; the type, size and filenames of attachments you upload to the Services; frequently used search terms; and how you interact with others on the Services. This is accomplished through Google Analytics and custom tracking services we have added to our software to measure how often our solution is being used for performance tuning and to ensure we are meeting our service level agreements.
Device and Connection Information: Google Analytics collects information about your computer, phone, tablet, or other devices you use to access the Services. This device information includes your connection type and settings when you install, access, update or use our Services. We also collect information through your device about your operating system, browser type, IP address, URLs of referring/exit pages, device identifiers, and crash data. We use your IP address and/or country preference in order to approximate your location to provide you with a better Service experience. How much of this information we collect depends on the type and settings of the device you use to access our website and IQ Platform.
Information We Receive from Other Sources
We receive email, company name, first/last name, and telephone number information about you from third-party marketing services, from our related companies, and from our business and channel partners. When contacting you, we provide the ability to Opt In/Out of receiving our communications. If you have any issues with our Opt-In or Opt-out process, please contact us and we will remedy it immediately.
Other users of the Services: Other users of our Services may provide information about you when they submit content through our Services. For example, you may be mentioned in a support ticket opened by someone else at your company. Similarly, someone else at your company may provide your contact information when they designate you as the billing or technical contact on your company’s account.
Other services you link to your account: We receive information about you from your company when your company uses third-party authentication services to provide single-sign-on to our IQ Platform.
Our Companies: We receive information about you from companies that are owned or that we operated by, in accordance with their terms and policies.
Oniqua Partners: We work with a global network of partners who provide consulting, implementation, training and other services around our Services. Some of these partners also help us to market and promote our Services, generate leads for us, and resell our products. We receive information from these partners, such as billing information, billing and technical contact information, company name, what Oniqua Services you have purchased or may be interested in, evaluation information you have provided, what events you have attended, and what country you are in.
Other Partners: We receive information about you and your activities on and off the Services from third-party partners, such as advertising and market research partners who provide us with information about your interest in and engagement with, our Services and online advertisements.
How We Use Information We Collect
How we use the information we collect depends in part on which Services you use, how you use them, and any preferences you have communicated to us. Below are the specific purposes for which we use the information we collect about you.
To provide the Services and personalize your experience: We use information about you to provide the Services to you, including to process transactions with you, authenticate you when you log in, provide customer support, and operate and maintain the Services. For example, we use the username, first name, last name and email you or your company provided to us to create your account to identify you to other Service users. Our Services also include tailored features that personalize your experience, enhance your productivity, and improve your ability to utilize our Services. For example, we may use your stated job title and activity to return search results we think are relevant to your job function. We also use information about you to connect you with our company’s team members who can share with you content or their subject matter expertise. We may use your email domain to infer your affiliation with a particular organization or industry to personalize the content and experience you receive on our websites. Where you use multiple Services, we combine information about you and your activities to provide an integrated experience, such as to allow you to find information from one Service while searching from another or to present relevant product information as you travel across our websites.
For research and development: We are always looking for ways to make our Services smarter, faster, secure, integrated, and useful to you. We use collective learnings about how people use our Services and feedback provided directly to us to troubleshoot and to identify trends, usage, activity patterns and areas for integration and improvement of the Services. In some cases, we apply these learnings across our Services to improve and develop similar features or to better integrate the services you use. We also test and analyze certain new features with some users before rolling the feature out to all users.
To communicate with you about the Services: We use your contact information to send communications via email and within the Services, including confirming your purchases, reminding you of subscription expirations, responding to your comments, feature requests, support questions and requests, providing customer support, and sending you technical notices, updates, security alerts, and administrative messages. We send to you email notifications when you or others interact with you on the Services, for example, when you are part of an approval workflow and a user assigns one or more items for you to approve. We also provide tailored communications based on your activity and interactions with us. For example, certain actions you take in the Services may automatically trigger a feature or third-party app suggestion within the Services that would make that task easier such as tracking your support request that you have submitted. We also send you communications as you onboard or need to use a particular Service. These communications are a required part of the Services and in most cases, you cannot opt out of them. If an opt-out is available, you will find that option within the communication itself or in your account settings.
To market, promote and drive engagement with the Services: We use your contact information and information about how you use the Services to send promotional communications that may be of specific interest to you, including by email and by displaying our ads on other companies’ websites and applications, as well as on platforms like Facebook and Google. These communications are aimed at driving engagement and maximizing what you get out of the Services, including information about new features, survey requests, newsletters, and events we think may be of interest to you. We also communicate with you about new product offers and promotions. After opting-in to one of our marketing-related communications, you can control whether you receive these communications as described below under “Opt-out of Communications.”
Customer support: We use your information to resolve technical issues you encounter, to respond to your requests for support, to analyze crash information, and to improve the Services.
For safety and security: We use information about you and your Service use to verify your account and activity meets the terms of our service, to monitor suspicious or fraudulent activity and to identify violations of Service policies.
To protect our legitimate business interests and legal rights: Where required by law or where we believe it is necessary to protect our legal rights regarding intellectual property or other matters, the interests and the interests of others. We may use information about you in connection with legal claims, compliance, regulatory, and audit functions, and disclosures in connection with the acquisition, merger or sale of a business.
With your consent: We use information about you where you have given us consent to do so for a specific purpose not listed above. For example, we may publish testimonials or featured customer stories to promote the Services, with your permission.
Legal basis for processing (for EEA users):
If you are an individual in the European Economic Area (EEA), we collect and process information about you only where we have a legal basis for doing so under applicable EU laws. The legal basis depends on the Services you use and how you use them. This means we collect and use your information only where:
- We need it to provide you the Services, including to operate our Services, provide customer support and personalized features and to protect the safety and security of the Services;
- It satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to market and promote the Services (where you have opted in to receiving marketing information) and to protect our legal rights and interests;
- You give us consent to do so for a specific purpose; or
- We need to process your data to comply with an obligation as agreed once you purchased one of our Services.
If you have consented to our use of information about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place. Where we are using your information because we or a third party (e.g. your employer) have a legitimate interest in doing so, you have the right to object to that use though, in some cases, this will most likely mean you no longer will be able to use our Services.
How We Share the Information We Collect
We make optimization tools designed to improve your business. This means sharing information through the Services and with certain third parties. We share information we collect about you in the ways discussed below as a means to operate our business and improve the Services we provide to you. We are not in the business of selling information about you to advertisers or other third parties.
Oniqua works with the following third parties to deliver our services to you. Oniqua is careful to ensure that these third parties handle your data as carefully as we do. Oniqua ensures where necessary, that third parties your information is shared with are meeting all data privacy obligations required by law.
Oniqua uses services from Freshdesk for provide support for our products
Your business contact details
Oniqua uses HubSpot as a CRM system
Your business contact details
Microsoft office 365
Oniqua uses Office 365 for email communication
Your business contact details
Oniqua uses Rapid 7 to process logs and system events for our products.
Your login credentials for Oniqua systems, your email address
Oniqua users Atlassian Jira for internal ticketing. Customer tickets can be escalated to the Operations team using this system
Your business contact details
Oniqua utilises Dropbox for document record keeping
Your business contact details. Your organisations banking details.
Oniqua’s cloud products are hosted on AWS Infrastructure As A Service. AWS does not have access to your data.
Your login credentials for Oniqua systems, your email address
Oniqua’s utilises Google cloud storage for backup and DR. Google does not have access to this data as it is stored encrypted.
Your login credentials for Oniqua systems, your email address
Sharing with other Service users
When you use the Services, we share certain information about you with other Service users.
For collaboration: A user of our software can create content such as a report or via an Excel spreadsheet download, which may contain information about you, and grant permission to others to see, share, edit, copy and download that content based on settings you or your administrator (if applicable) select. Some of the collaboration features of the Services display some or all of your profile information to other Service users when you share or interact with specific content. For example, when you add a note or make changes to an item, we display your name next to your note so that other users with access to the page or issue understand who made the note. This information is not made publicly available by our software.
Managed accounts and administrators: If you register or access the Services using an email address with a domain that is owned by your employer or organization, and such organization wishes to establish an account or site, certain information about you including your name, contact info, content and past use of your account may become accessible to that organization’s or our companies administrators and other Service users sharing the same domain. If you are an administrator for a particular site or group of users within the Services, we may share your contact information with current or past Service users, for the purpose of facilitating Service-related requests.
Community Forums: Our websites offer publicly accessible blogs, forums, issue trackers, and to log support and feature requests. You should be aware that any information you provide on these websites, including profile information associated with the account you use to post the information may be read, collected, and used by any member of the public who accesses these websites. Your posts and certain profile information may remain even after you terminate your account. We urge you to consider the sensitivity of any information you input into these Services. To request removal of your information from publicly accessible websites operated by us, please contact us as provided below. In some cases, for example, support requests logged, we may not be able to remove your information as we need to keep a record of how our support is utilized, in which case we will let you know if we are unable to and why.
Sharing with third parties
We may share information with third parties that help us operate, provide, improve, integrate, customize, support and market our Services including GoDaddy for our Website and Amazon Web Services (AWS) for our IQ Platform. If the information they access is sensitive or confidential, we require the third party to be under Non-Disclosure Agreement.
Service Providers: We work with third-party service providers to provide website and application development, hosting, maintenance, backup, storage, virtual infrastructure, payment processing, analysis and other services for us, which may require them to access or use information about you. If a service provider needs to access information about you to perform services on our behalf, they do so under close instruction from us, including policies and procedures designed to protect your information.
Oniqua Partners: We work with third parties who provide consulting, sales, and technical services to deliver and implement customer solutions around the Services. We may share your information with these third parties in connection with their services, such as to assist with billing and collections, to provide localized support, and to provide customizations. We may also share information with these third parties where you have agreed to that sharing.
Third Party Apps: We may choose to add new functionality or change the behaviour of the Services by installing third-party apps within the Services. Doing so may give third-party apps access to your account and information about you like your name and email address, and any content you choose to use in connection with those apps. Third-party application policies and procedures are not controlled by us, and this privacy notice does not cover how third-party apps use your information.
Links to Third Party Sites: The Services may include links that direct you to other websites or services whose privacy practices may differ from ours. If you submit information to any of those third-party sites, your information is governed by their privacy policies, not this one. We encourage you to carefully read the privacy notices of any website you visit.
Social Media Widgets: The Services may include links that direct you to other websites or services whose privacy practices may differ from ours. Your use of and any information you submit to any of those third-party sites is governed by their privacy policies, not this one
With your consent: We share information about you with third parties when you give us consent to do so. For example, we often display personal testimonials of satisfied customers on our public websites. With your consent, we may post your name alongside the testimonial.
Compliance with Enforcement Requests and Applicable Laws; Enforcement of Our Rights: In exceptional circumstances, we may share information about you with a third party if we believe that sharing is reasonably necessary to (a) comply with any applicable law, regulation, legal process or governmental request, including to meet national security requirements, (b) enforce our agreements, policies and terms of service, (c) protect the security or integrity of our products and services, (d) protect Oniqua, our customers or the public from harm or illegal activities, or (e) respond to an emergency which we believe in good faith requires us to disclose information to assist in preventing the death or serious bodily injury of any person.
Sharing with Oniqua affiliated companies
We share information we collect with affiliated companies and, in some cases, with prospective affiliates. Affiliated companies are companies owned or operated by us. The protections of this privacy notice apply to the information we share in these circumstances.
Business Transfers: We may share or transfer information we collect under this privacy notice in connection with any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company. You will be notified via email and/or a prominent notice on the Services if a transaction takes place, as well as any choices you may have regarding your information.
How We Store and Secure Information We Collect
Information storage and security
We use data hosting service providers in the United States via Amazon Web Services (AWS) to host the information we collect, and we use technical measures to secure your data.
While we implement significant safeguards designed to protect your information, no security system is 100% impenetrable and due to the inherent nature of the computers and networks, we cannot 100% guarantee that data, during transmission through the Internet or while stored on our systems or otherwise in our care, is absolutely safe from intrusion by others. We employ monitoring software and conduct periodic cyber-security testing to ensure your data is safe.
Oniqua’s approach and commitment to application security on our Services begin in the design phase and continues through to the continuous delivery of applications, versions, and features. All stages of development, deployment, and maintenance have processes and checks to ensure the security of our application and our customer’s data. Application security is regularly tested and penetration tests are conducted by outside firms.
How long we keep information
Oniqua holds on to Private Data for the period of the contract and then afterwards if so required by law (e.g. tax law), unless there is a request to remove data from our systems or there is a discontinuation in the use of our Service. After such time, we will either delete or anonymize your information if there is a legal requirement to retain data, or, if this is not possible (for example, because the information has been stored in backup archives), then we will securely store your information and isolate it from any further use until deletion is possible.
Analytics Data: Data transferred from a customer to Oniqua and stored for analytics and enrichment is secured using best practice measures.
Data in transit across the internet can be secured by a number of methods. Protocols, encryption, and methods are agreed upon by ISMS staff at Oniqua and our customer. Common and supported transport methods are using SSL encrypted FTP traffic, sharing public keys for encryption/decryption both in transit or file based (e.g. PGP). Customers can also transfer data via HTTPS signed with an SHA256 certificate. Oniqua can also provide a secure HTTPS API for data transport.
Account information: We retain your account information for as long as your account is active and a reasonable period thereafter in case you decide to re-activate the Services. We also retain some of your information as necessary to comply with our legal obligations, to resolve disputes, to enforce our agreements, to support business operations, and to continue to develop and improve our Services. Where we retain information for Service improvement and development, we take steps to eliminate information that directly identifies you, and we only use the information to uncover collective insights about the use of our Services, not to specifically analyze personal characteristics about you.
The information you share on the Services: If your account is deactivated or disabled, some of your information and the content you have provided will remain in order to allow your team members or other users to make full use of the Services. For example, we continue to display notes on items so other users can continue to display the content you provided.
How We Physically Secure the Data We Collect: Our IQ Platform Services are hosted by Amazon Web Services (AWS), a leader in cloud infrastructure as a service. AWS data centers and network architecture are built to meet the requirements of the world’s most security-sensitive organizations. Customer data is stored on AWS encrypted data volumes on a Microsoft SQL server with per database security. The data volume encryption key is only known to Oniqua operations staff. This data is backed up for archiving and disaster recovery purposes and kept indefinitely. All data backups are stored using AES256 bit encryption. Oniqua have an RPO of 15 minutes for production data. Leveraging the power of the AWS cloud allows Oniqua to scale on demand to meet the big data requirements of any customer. Further information on AWS data center physical and network security can be found in the AWS Security Whitepaper. AWS SOC compliance reports and information can be found on the AWS SOC Compliance FAQ.
Data Encryption: Oniqua employs data encryption on our laptops company-wide. All shared files, email data, and data at rest is encrypted.
Data Ownership: Unless otherwise agreed, the customer owns their data always. Oniqua can provide an export of all stored customer data within seven days of a support request being submitted.
Personal Data: The only personal data held by IQ Platform Services is the user’s full name and email address. This information is required to provide login credentials and support services. Oniqua does not share this information with any other party or customer except at the request of the user. This information is only accessible by Oniqua Operations, Support and Customer Success staff.
Logging and Access Data: Access to system and user logs is restricted to Oniqua operations staff. These logs are backed up using AES256 bit encryption and kept indefinitely.
Our Offices: Our company has offices located in Brisbane Australia and Denver USA. Access to Oniqua offices is restricted via smart card access logged indefinitely. Physical premises security procedures exist for both office locations.
Managed accounts: If the Services are made available to you through an organization (e.g., your employer), we retain your information as long as required by the administrator of your account. For more information, see “Managed accounts and administrators” above.
Marketing information: If you have elected to receive marketing emails from us, we retain information about your marketing preferences for a reasonable period of time from the date you last expressed interest in our Services, such as when you last opened an email from us or ceased using our Services. We retain information derived from cookies and other tracking technologies for a reasonable period of time from the date such information was created.
Access and Credential Management: Our IQ Platform Services can be accessed via a username and password, known only to the user, or via Single Sign-On (SSO) using SAML. Oniqua recommends using SSO via SAML token as this allows our customers to use their in-house credentials as well as apply any further authentication mechanisms such as Multi-Factor Authentication (MFA) via their Identity Provider server such as ADFS. Where user credentials are managed by Oniqua, these credentials are stored using Microsoft Active Directory in an encrypted hash and are known only to the user. Password complexity requirements and expiration dates are in place to ensure security best practices.
Firewall and Data Segregation: Application endpoints are secured using Web Application Firewall (WAF) technology from AWS as well as port blocking, traffic monitoring, and logging tools within Oniqua IQ. This combination of technologies protects Oniqua’s services against malicious attacks including DDoS, SQL injection, cross-site scripting or any attempt to exploit security vulnerabilities in application software. All connections to Oniqua cloud are logged. All HTTP internet traffic is secured using SHA256 encryption. Our IQ platform application architecture has been designed to be multi-tiered with all communication between tiers encrypted using SSL and ACL’s. Each customer’s (tenant’s) data is stored in individually secured databases. Using individually stored tenant data with tenant-specific ID’s and credentials provide a secure barrier between all of our customers’ data.
How to Access and Control your Information
You have certain choices available to you when it comes to your information. Below is a summary of those choices, how to exercise them and any limitations.
You have the right to request a copy of your information, to object to our use of your information (including for marketing purposes), to request the deletion or restriction of your information, request rectification of your data, request the transfer of your data (portability) or to request your information in a structured, electronic format. Below, we describe the processes for making this type of requests. You can exercise some of the choices by logging into the Services and using settings available within the Services or your account. Where the Services are administered on your behalf by an administrator (see “Notice to End Users” below), you may need to contact your administrator to assist with your requests first. For requests to access or remove privacy data submit a data privacy request here: https://www.oniqua.com/dpo/. For all other requests, you may Contact Us via our website or via the Contact Us section below to request assistance.
Your request and choices may be limited in certain cases: for example, if fulfilling your request would reveal information about another person, or if you ask to delete information which we or your administrator are permitted by law or have compelling legitimate interests to keep. Where you have asked us to share data with third parties, for example, by installing third-party apps, you will need to contact those third-party service providers directly to have your information deleted or otherwise restricted. If you have unresolved concerns, you may have the right to complain to a data protection authority in the country where you live, where you work or where you feel your rights were infringed.
Access and update your information: Our Services may give you the ability to access and update certain information about you from within the Service. For example, you can access your profile information from your account and search for content containing information about you using keyword searches and filters in the Service. You can update your profile information within your profile settings and modify content that contains information about you using the editing tools associated with that content.
Rectification and changes to your data: Where a system does not exist or is not accessible for you to access and update your own information, you can request that Oniqua rectifies your data. Requests for data rectification can be made verbally using the contact numbers on this page, via email using the email@example.com address or via mail to one of the addresses in the contact details on this page.
Portability of your data: You can request Oniqua make your data available in a structured commonly used format for your retrieval or transit to another data controller. You can request that Oniqua transmit your data in this format to another controller where technically feasible to do so.
Deactivate your account: If you no longer wish to use our Services, you or your administrator may be able to deactivate your Services account. If you can deactivate your own account, that setting is available to you in your account settings. Otherwise, please contact your administrator. If you are an administrator and are unable to deactivate an account through your administrator settings, please contact our support at https//support.oniqua.com. Please be aware that deactivating your account does not delete your information; your information remains visible to other Service users based on your past participation in the Services. For more information on how to delete your information, see below.
Delete your information: Our Services and subscription agreement gives you the ability to delete certain information about you from within the Service. Please note, however, that we may need to retain certain information for record keeping purposes, to complete transactions or to comply with our legal obligations.
Request that we stop using your information: In some cases, you may ask us to stop accessing, storing, using and otherwise processing your information where you believe we don’t have the appropriate rights to do so. For example, if you believe a Services account was created for you without your permission or you are no longer an active user, you can request that we delete your account as provided in this notice. Where you gave us consent to use your information for a limited purpose, you can contact us to withdraw that consent, but this will not affect any processing that has already taken place at the time. You can also opt-out of our use of your information for marketing purposes by contacting us, as provided below. When you make such requests, we may need time to investigate and facilitate your request. If there is delay or dispute as to whether we have the right to continue using your information, we will restrict any further use of your information until the request is honoured or the dispute is resolved, provided your administrator does not object (where applicable).
Opt out of communications: You may opt out of receiving promotional communications from us by using the unsubscribe link within each email. Even after you opt out from receiving promotional messages from us, you may continue to receive messages from us regarding our IQ Platform Services. If you are a resident of the European Economic Area, you will not be contacted for R&D or Marketing purposes unless you have opted in on these types of communications.
Turn off Cookie Controls: Relevant browser-based cookie controls are described in documentation provided by your browser.
Lodge a complaint to a relevant supervisory authority: If you believe that the use or processing of your personal data by Oniqua infringes your rights you can lodge a complaint to the relevant supervisory authority. If you are a resident of the European Economic area, complaints can be lodged to:
The Information Commissioner’s Office
Water Lane, Wycliffe House
Wilmslow – Cheshire SK9 5AF
Tel. +44 1625 545 745
Ms Elizabeth DENHAM, Information Commissioner
Mr Steve WOOD, Deputy Commissioner
How We Transfer Information We Collect Internationally
International transfers of information we collect
We collect information globally and primarily store that information in the United States. We transfer, process and store your information outside of your country of residence, to wherever we or our third-party service providers operate for the purpose of providing you the Services. Whenever we transfer your information, we take steps to protect it.
International transfers to third parties: Some of the third parties described in this privacy notice, which provide services to us under contract, are based in other countries that may not have equivalent privacy and data protection laws to the country in which you reside. When we share information of customers in the European Economic Area or Switzerland, we make use of the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks, European Commission-approved standard contractual data protection clauses, or other appropriate legal mechanisms to safeguard the transfer.
Oniqua operates an Information Security Management System (ISMS) which meets the requirements of ISO/IEC 27001 standard for the marketing, sale, development, implementation services and support of cloud-based analytical software. The Oniqua ISMS is internally audited on a quarterly basis and achieved full external certification by SAI GLOBAL in October 2016.
The scope of the ISO27001 system covers all aspects of ISMS policy, procedure, physical and cloud security. Oniqua commits to operate and constantly improve our operations in accordance with the guidelines and directions for this certification. Please contact Oniqua if you would like would like more information about our operational security policies and processes.
Security is a shared responsibility
Oniqua makes all possible effort to secure our customer’s data and delivering security best practice through enforcing password requirements and making technologies like SSO via SAML available for our customers. If a user’s password is compromised through their actions, accidental or otherwise Oniqua support can lock the account or reset the password. Oniqua recommends that our customers take advantage of their internal security infrastructure where available and use SSO.
You can submit any questions, concerns, bugs, or potential vulnerabilities to our Oniqua support team at support.oniqua.com or through your account manager. Any security-related issues are treated as the highest priority and will be addressed via our incident management process.
Our policy towards children: The Services are not directed to individuals under 16. We do not knowingly collect personal information from children under 16. If we become aware that a child under 16 has provided us with personal information, we will take steps to delete such information. If you become aware that a child has provided us with personal information, please contact support.oniqua.com.
Employees: New employees are background checked and must be approved by senior management. All new hires must also undergo mandatory training in our ISMS practices during recruitment. All Oniqua employees receive refresher training on ISMS practices yearly. Oniqua staff will be given access to customer data only in the event it is required to perform their job function. In this event, the staff member receives further training on customer data security.
Third-Parties: Oniqua will occasionally engage a third-party consultancy or service for security testing or infrastructure and application improvements. In this case, where possible, the work will be done on systems or areas of the systems with no access to customer data. Where a third-party requires access to customer data to perform a service, the third-party is required to sign a confidentiality agreement.
Network Security: Oniqua maintains dedicated network segmentation between office locations, production region/s, and development region/s. This network segmentation allows strict controls of traffic and services between network. Access between networks enforces a policy of denied access to all services until explicitly allowed after a review by Oniqua ISMS staff and senior operations staff. All traffic to network segments containing customer data is restricted to encrypted connections and further restricted by using network access control lists (ACL’s). Access to control ACL’s and firewalls between network segments is restricted to ISMS staff and senior operations staff. All access to network segments and systems containing customer data is further secured by requiring multi-factor authentication by all ISMS and operations staff.
Other Important Privacy Information
Notice to End Users
Many of our products are intended for use by organizations. Where the Services are made available to you through an organization (e.g. your employer), that organization will have a designated support contact and administrator of the Services and is responsible for the accounts and/or Service sites over which it has control. If this is the case, please additionally direct your data privacy questions to your administrator, as your use of the Services is subject to that organization’s policies. We are not responsible for the privacy or security practices of an administrator’s organization, which may be different than this policy.
Administrators are able to (either directly or via our support):
- require you to reset your account password;
- restrict, suspend or terminate your access to the Services;
- access information in and about your account;
- access or retain information stored as part of your account;
- install or uninstall third-party apps or other integrations. In some cases, administrators can also (either directly or via our support):
- restrict, suspend or terminate your account access;
- change the email address associated with your account;
- change your information, including profile information;
- restrict your ability to edit, restrict, modify or delete information
Please contact your organization or refer to your administrator’s organizational policies for more information.
Changes to our Privacy and Security Notice
We may change this privacy notice from time to time. We will post any privacy notice changes on this page and, if the changes are significant, we will provide a more prominent notice by adding a notice on the Services homepages, login screens, or by sending you an email notification. We will also keep prior versions of this Privacy notice in an archive for your review. We encourage you to review our privacy notice whenever you use the Services to stay informed about our information practices and the ways you can help protect your privacy.
If you disagree with any changes to this privacy notice, you will need to stop using the Services and deactivate your account(s), as outlined above.
Your information is controlled by Oniqua Pty Ltd, Oniqua Europe Ltd, and Oniqua, Inc. If you have questions or concerns about how your information is handled, please direct your inquiry to Oniqua Pty Ltd, which we have appointed to be responsible for facilitating such inquiries or, if you are a resident of the European Economic Area, please contact our EU Representative.
Level 5, 16 Marie Street
P.O. Box 1119 Milton
Brisbane Queensland 4064
Phone: +61 7 3369 5506
Americas – Denver, USA
7900 E. Union Avenue, Suite 920
Denver, Colorado 80237 USA
Phone: 1 303 222 1100
GDPR European Representative:
Oniqua Europe Limited
11 Harvest Avenue, D2 Business Park,
Phone: 44 1224580396
For requests to access or remove privacy data submit a data privacy request here: https://www.oniqua.com/dpo/ to contact Oniqua Data Privacy Manager.
Have any questions?
Oniqua ISMS and operations staff are always happy to discuss our security practices and measures (sometimes it is hard to stop them). Send an email contact us or get in touch with an Oniqua account manager.