ORIGIX® Privacy Policy

Summary of Key Points

• ORIGIX® is committed to protecting your privacy and follows a No-Cookie Policy
• We collect personal information from free users necessary for account access, and organisation-related information from business customers for our monitoring services
• Personal data is limited to what's required for account access and communications
• Our monitoring bot, Robi (Reliable Online Business Infrastructure), collects technical website data
• We do not sell or share your data with third parties for marketing purposes
• Data is processed securely and in compliance with applicable regulations
• You can access, correct, or delete your personal data by contacting us

1. Introduction

At ORIGIX®, we respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, process, and safeguard information when you use our website monitoring platform and related services.

This policy applies to all data collected through origix.com, our web monitoring services, and any related applications, services, or communications (collectively referred to as "Services").

ORIGIX® offers free tools for individuals and comprehensive monitoring services for organisations. While our domain monitoring services are exclusively for organisations, individuals aged 18 and over may register for free accounts to access our basic tools. This Privacy Policy addresses how we handle data for both individual users and organisations.

2. Data Controller Information

ORIGIX® is the data controller for information collected through our Services:

Origix ApS
Company Registration Number: 45117049
A subsidiary of Origix Holding ApS (Company Registration Number: 44937735)
Tybrindvej 10, 5592 Ejby, Denmark
Email: legal@origix.com
Telephone: +45 70 60 88 77

For complete company information, please refer to our Impressum.

3. No-Cookie Policy

ORIGIX® implements a strict No-Cookie Policy as detailed in our separate No-Cookie Policy. We do not use tracking or marketing cookies, including third-party cookies. Instead, we utilize sessionStorage for necessary functionality. This approach demonstrates our commitment to respecting user privacy and minimizing data collection.

4. Information We Collect

We collect and process the following types of information:

4.1 Organisation Account Information

• Organisation name
• VAT/GST number or organisation number
• Business address
• Domain name

4.1.1 Free User Information

• First and last name
• Email address
• Age verification status (confirmation that you are 18 or older)
• IP address and basic device information for security purposes
• Usage data related to our free tools

4.2 User Information

• First and last name
• Business email address
• Job title (optional)
• Mobile phone number (only if SMS alerts are enabled)
• IP address and basic device information for security purposes
• Usage data related to our free tools

4.3 Website Monitoring Data

• Technical information about monitored websites collected by our monitoring bot, Robi
• Performance metrics, error logs, and availability statistics
• Domain configuration data
• Website content accessed by our monitoring crawler

4.4 Usage Data

• Information about how you interact with our platform
• Features and tools used
• Subscription and service preferences

4.5 Communication Data

• Support requests and correspondence
• Feedback and survey responses
• Service-related notifications and alerts

5. How We Collect Information

We collect information through various channels:

5.1 Direct Collection

Information you provide when:

• Registering for an account
• Configuring website monitoring
• Purchasing services
• Contacting our support team
• Adding users to your organisation account

5.2 Automated Collection

Information collected automatically when:

• Our crawler (Robi) monitors your websites as described in the Robi page
• You use our Services
• You receive notifications and alerts

5.3 Third-Party Sources

We may receive information from:

• Service providers necessary for delivering our Services
• Publicly available sources to verify organisation information

6. Legal Basis for Processing

We process your data based on the following legal grounds:

6.1 Contract Performance

Processing necessary to fulfill our contractual obligations to provide website monitoring and related services.

6.2 Legitimate Interests

Processing necessary for our legitimate interests, including:

• Improving and developing our Services
• Ensuring the security and proper functioning of our platform
• Managing our business operations efficiently

6.3 Legal Compliance

Processing necessary to comply with legal obligations, including:

• Tax and accounting requirements
• Data protection regulations
• Other applicable laws and regulations

6.4 Consent

Where required by law, we process data based on your explicit consent, which you can withdraw at any time.

7. How We Use Your Information

We use your information for the following purposes:

7.1 Service Provision

• Creating and managing your organisation account
• Authenticating users and providing secure access
• Monitoring websites as configured in your account
• Generating alerts and notifications about website issues
• Processing payments and managing subscriptions

7.2 Service Improvement

• Developing new features and tools
• Enhancing existing functionality
• Fixing bugs and resolving technical issues
• Analyzing usage patterns to improve user experience

7.3 Communications

• Sending service-related notifications and alerts
• Responding to support requests
• Providing important updates about our Services
• Sharing educational content about website monitoring

7.4 Business Operations

• Preventing fraud and unauthorized access
• Maintaining business records
• Enforcing our Terms of Service
• Complying with legal obligations

8. Data Sharing and Disclosure

We share your information with:

8.1 Your Organisation

Information is shared within your organisation according to the access permissions configured by your organisation's administrators.

8.2 Service Providers

We work with trusted third-party service providers who perform services on our behalf, including:

• Clickatell (for SMS alert delivery)
• Hetzner (hosting infrastructure partner)
• Payment processors for subscription management (Stripe and local banking partners)

These providers access only the information necessary to perform their functions and are contractually bound to protect your data.

8.3 Legal Requirements

We may disclose information when required by law, such as:

• In response to a valid legal process
• To protect our rights, privacy, safety, or property
• To investigate and prevent fraud or security threats
• To comply with regulatory requirements

8.4 Business Transfers

If ORIGIX® is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction, subject to the same protections described in this Privacy Policy.

9. International Data Transfers

ORIGIX® is based in Denmark, and our primary data processing activities occur within the European Economic Area (EEA). When we transfer data outside the EEA, we implement appropriate safeguards including:

• Standard Contractual Clauses approved by the European Commission
• Data Processing Agreements with appropriate security measures
• Selection of partners in countries with adequate data protection laws

10. Data Security

We implement appropriate technical and organizational measures to protect your information, including:

10.1 Technical Safeguards

• Encryption of data in transit and at rest
• Access controls and authentication systems
• Regular security assessments and penetration testing
• Continuous monitoring for unauthorized access
• RAID technology for data redundancy and protection
• Failover IP systems for server switching in case of hardware failure
• Redundant backup systems stored both locally and at physically separate datacenters

10.2 Organizational Measures

• Staff training on data protection
• Access limited to authorized personnel
• Documented security policies and procedures
• Regular security audits and compliance checks

10.3 Breach Response

In the event of a personal data breach, we will:

• Notify affected parties without undue delay, typically within 72 hours
• Provide information about the nature of the breach
• Recommend measures to mitigate potential adverse effects
• Work to address the breach and prevent future occurrences

11. Data Retention

We retain your information for as long as necessary to provide our Services and fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law.

11.1 Specific Retention Periods

• Account information: For the duration of your active subscription and a reasonable period afterward to allow for service resumption
• Monitoring data: 30 days for free plan users; for the duration of active subscription for paid plans
• Communication records: Up to 5 years after the last interaction
• Financial records: As required by tax regulations, typically 5-7 years

When information is no longer needed, we securely delete or anonymize it.

11.1.1 Free User Data Retention

• Account information: For the duration of your active free account and up to 30 days after account closure
• Tool usage data: For the duration of your active free account and up to 30 days after account closure
• If you upgrade to an organisation account, your free user data will be incorporated into your organisation profile

11.2 Data Retention After Account Termination

Upon termination of your account, as described in Section 21 of our Terms of Service, we will:

• Delete all account-related data and user access relations
• Stop monitoring all associated domains
• Retain invoices and financial records for the legally required period
• Securely dispose of personal data that is no longer necessary for legitimate business or legal purposes

12. Your Rights

Depending on your location, you may have certain rights regarding your personal data:

12.1 Access and Information

You have the right to know what personal data we process about you and to receive a copy of this data.

12.2 Rectification

You have the right to have inaccurate personal data corrected and incomplete data completed.

12.3 Erasure

You have the right to request deletion of your personal data under certain circumstances.

12.4 Restriction of Processing

You have the right to request restriction of processing your personal data in specific situations.

12.5 Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format.

12.6 Objection

You have the right to object to processing based on legitimate interests, including profiling, and for direct marketing purposes.

12.7 Automated Decisions

You have the right not to be subject to decisions based solely on automated processing that produce legal effects or similarly significantly affect you.

12.8 Withdrawal of Consent

You have the right to withdraw consent at any time, where processing is based on your consent.

To exercise any of these rights, please contact us at legal@origix.com.

13. Children's Privacy

Our Services are not directed to children under the age of 18, and we do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately at legal@origix.com, and we will promptly remove the information.

14. Third-Party Links

Our Services may contain links to third-party websites or services that are not owned or controlled by ORIGIX®. We are not responsible for the privacy practices or content of these third-party services. We encourage you to review the privacy policies of any third-party services you visit.

15. Supervisory Authority

If you are located in the European Economic Area and believe we are processing your personal data in violation of applicable law, you have the right to lodge a complaint with the Danish Data Protection Agency (Datatilsynet) or the supervisory authority in your country of residence or workplace.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. When we make material changes, we will notify you by:

• Posting a notice on our website
• Sending an email to the address associated with your account
• Providing a notification when you log in to our Services

The revised policy will take effect 30 days after such notice. Your continued use of our Services after the effective date constitutes your acceptance of the revised Privacy Policy.

17. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: legal@origix.com
Telephone: +45 70 60 88 77
Postal Address: Tybrindvej 10, 5592 Ejby, Denmark

For Data Protection Officer inquiries:
Email: legal@origix.com

We will respond to your request within 30 days.

18. Relationship to Other Policies

This Privacy Policy should be read in conjunction with our other policies:

• Terms of Service: Outlines the conditions for using our services
• No-Cookie Policy: Details our approach to browser cookies and web storage
• Robi Information: Explains how our monitoring bot works and collects data

Together, these policies provide a comprehensive understanding of how we operate and protect your data.

Document History

Effective Date: September 18, 2024 Last Updated: September 18, 2024