This policy applies to the affiliated companies that are part of Own Solutions AC Ltd. (including Own Solutions d.o.o).
Moreover, this Privacy Policy applies to the following websites operated by Own Solutions:
It also applies to all related services and products provided through these websites, including the Own.Assistant platform and e-Service Platform (hereinafter: ESP).
Together these are all referred to in this notice as “Services”.
The reference to Own Solutions (including “we”, “us” or “our”) includes those companies and all relevant group affiliates.
References to “you” in this notice are to the individual who is accessing or applying to use the Services (as defined below) either on your own account or on behalf of a business.
At Own Solutions, we take the protection of Personal Data seriously. We understand that your privacy is important to you, and we are committed to collecting, using, and protecting your Personal Data in accordance with the EU General Data Protection Regulation (GDPR). This Privacy Policy explains how we collect, use, and protect your Personal Data. It also explains your rights under the GDPR, and how you can exercise those rights. If you have any questions or concerns about this policy, please do not hesitate to contact us.
Please note that Own Solutions provides services to both individual consumers and businesses and this Privacy Policy applies to both and should be read and interpreted accordingly.
Own Solutions AC Ltd, Marina House, Marina Village, Malahide, Co. Dublin K36 N702, Ireland is the Controller for the Personal Data we process, unless stated otherwise.
Depending on the context of data processing, Own Solutions may act either as a Data Controller or as a Data Processor within the meaning of the GDPR.
In particular:
In such cases, the client acts as the Data Controller, and the processing is governed by a separate Data Processing Agreement.
You can address your data protection concerns to: Own Solutions AC Ltd, Marina House, Marina Village, Malahide, Co. Dublin K36 N702, Ireland at e-mail address GDPR@own.solutions
We collect and process personal and non-personal information relating to you.
Personal Data is any information that relates to an identified or identifiable individual, also known as a data subject, and it is information that can be used to uniquely identify a single person, either directly or indirectly. This includes information such as (but not limited to) a person’s name, address, e-mail address, or IP address, as well as any other information that can be used to identify a person. Under GDPR, organizations like Own Solutions are responsible for ensuring that Personal Data is collected, processed, and stored in a manner that is compliant with data protection regulations.
We may also collect and process non-personal information or may anonymize personal information in order to make it non-personal. Non-personal information is information that does not enable a specific individual to be identified, either directly or indirectly.
Our services are not directed at individuals under the age of 16, and we do not knowingly collect Personal Data from minors.
When you visit our websites without registering, submitting a form or otherwise actively providing information, we process certain technical data transmitted by your browser or device in order to display the websites, ensure their stability and security, and maintain website functionality.
The legal basis for this processing is our legitimate interest in operating secure and functional websites (Article 6(1)(f) GDPR).
This may include:
When you use Own Solutions websites to be in contact with our team, submit a form, register for our newsletter or download content, such as a whitepaper or contact us through AI-powered chatbot, Personal Data can be collected and stored in our Customer Management Systems, such as but not limited, to HubSpot, Bamboo in order to follow up with your request, which constitutes our legitimate interest as a legal basis for data processing in accordance with GDPR. We will use the data for the sole purpose of processing your request and on top of our legitimate basis, where required, we may rely on your consent as an additional legal basis.
Under GDPR, both consent of the data subject and the controller’s legitimate interest can each independently constitute a sufficient legal basis for the lawful processing of Personal Data, provided that the applicable conditions for their use are met.
We also may collect and process:
We typically use “cookies” and similar tracking technologies on our websites to identify your browser, device and tracks the activity on our websites and store certain information. Tracking technologies used are beacons, tags, and scripts to collect and track information and to improve and analyse our service. Throughout this policy, when referring to “cookies”, we implicitly also refer to similar tracking technologies such as “web beacons”. The technologies we use may include:
For a detailed overview of all cookie categories we use, their purpose, duration, and the third parties involved, please refer to our Cookie Policy, which forms a separate and integral part of this Privacy Policy.
We may occasionally run promotions. Your data (first name, last name and e-mail address) will be processed and stored by a Data Processor on our behalf or by ourselves for the purpose of the promotion. The Personal Data will be deleted if they are no longer needed for the purpose for which they were collected, which is to evaluate the success of the promotion.
We may use your data for marketing purposes solely on the basis of your prior explicit consent (Article 6(1)(a) GDPR). You may withdraw this consent at any time.
We are happy to inform you about current topics concerning Own Solutions and our products via our newsletter. Your data will only be used and stored by us for the purpose of sending the newsletter.
You can unsubscribe from the newsletter at any time and thus object to the further use of your data. You can unsubscribe from the mailing list at the end of a newsletter.
To send our newsletters, we use the application such as “HubSpot”, a service of HubSpot, Inc., Cambridge, MA 02141, United State. Further information of their data protection and compliance can be found by clicking the following links: HubSpot Private Policy and GDPR Compliance.
The legal basis for processing your Personal Data for newsletter purposes is your explicit consent (Article 6(1)(a) GDPR). We collect your consent through a subscription form and, where applicable, via a double opt-in confirmation mechanism. You may withdraw your consent at any time by clicking the unsubscribe link in any newsletter.
If you fill out a contact form or send us an e-mail or other electronic message, your details will only be stored for the purpose of processing the enquiry, possible related further questions and will only be used within the scope of the enquiry.
For career-related inquiries, please refer to Section 13.
To collect your Personal Data, we use the application such as Bamboo, a service of Bamboo HR LLC. Further information of their data protection and compliance can be found by clicking the following links: Bamboo Private Policy and Data processing Agreement.
When you interact with our AI‑powered chatbot integrated in our website, we may collect and process the Personal Data you choose to provide voluntary during the conversation. This may include your name, contact details, and any information necessary to address your inquiry. The data is processed exclusively for the purpose of responding to your request, improving the quality and accuracy of the chatbot, and ensuring the proper functioning and security of the service.
The chatbot is operated through the Own.Assistant platform, which facilitates and manages conversations between you and our company.
Your interactions with the chatbot may be logged to support these purposes; however, the data will not be used for profiling unrelated to the inquiry, nor shared with third parties except where required to deliver the service or comply with legal obligations.
Important: Please note that the AI-powered chatbot generates automated responses that may not always be fully accurate or up to date. These responses do not constitute professional or legally binding information. Users should verify important information with our team before relying on it.
The chatbot does not make automated decisions producing legal effects concerning users within the meaning of Article 22 GDPR.
The legal basis for this processing is our legitimate interest (Article 6(1)(f) GDPR) in responding to user inquiries, maintaining and improving the quality of the chatbot service, and ensuring the security and proper functioning of our systems.
The categories of Personal Data collected through Own.Assistant may differ from those collected through the main website and are described separately in this section to ensure transparency in accordance with Articles 13 and 14 GDPR.
Own.Assistant collects various categories of personal information that you voluntarily provide to us during your interaction with the OWN.Assistant AI chatbot platform, whether as a User, a Customer, or a Customer’s End User. The personal information we collect depends on the context of your interactions with us, the choices you make, and your use of the Service. Anonymous or anonymized information does not fall into the category of Personal Data.
In summary, we collect the following data and information that you voluntarily disclose to us:
Personal Data may be freely provided by the User or, in the case of Usage Data, collected automatically when using Own.Assistant. Unless specified otherwise, all Data requested by Own.Assistant is mandatory, and failure to provide such Data may make it impossible for Own.Assistant to provide its services.
Where Own.Assistant explicitly states that certain Data is not mandatory, Users may choose not to provide it without consequences to the availability or functionality of the Service. Users who are uncertain about which Personal Data is mandatory may contact the Owner.
Any use of Cookies or other tracking tools by Own.Assistant, or by third-party services used by Own.Assistant, serves the purpose of providing the Service requested by the User, in addition to other purposes described in this document and in the Cookie Policy. Users are responsible for any third-party Personal Data obtained, published, or shared through Own.Assistant.
Legal Basis for Processing
Personal Data collected in connection with the registration and use of the Own.Assistant product is processed on the basis of our legitimate interest (Article 6(1)(f) GDPR) in providing, maintaining, and securing the service, as well as fulfilling our contractual obligations towards registered users and clients. This includes data necessary to activate the service, manage user accounts, and process payments. Where processing is required to perform a contract to which the data subject is party, or to take steps prior to entering into such a contract, the legal basis is Article 6(1)(b) GDPR.
ESP is a back-office transactional platform that provides Digital Products for sale in retail stores. The ESP manages the digital product catalogue, pricing and ranging of digital products, activation with the supplier, generation of vouchers, and overall sales reporting and settlement, containing a portfolio of Digital Products. To provide this service and for legal and regulatory purposes, Own Solutions may need to collect specific Personal Data as follows:
For identification purposes during account creation:
We may use your first name, middle name, last name, telephone number and e-mail address for marketing purposes solely on the basis of your prior explicit consent (Article 6(1)(a) GDPR). You may withdraw this consent at any time.
We will use the above information for regulatory purposes, store management, access and security purposes.
The above Personal Data are collected and processed on the basis of our legitimate interest in providing and managing the eService Platform and complying with legal and regulatory obligations, as well as, where required, on the basis of your consent.
We will always seek to notify you and obtain your consent if it is our intention to make use of this information for any other purposes than the above indicated.
When you apply for a position at Own Solutions, we collect the following information: your first name, last name, e-mail address, details from your resume (including education, professional training, work experience, skills, and specific knowledge), phone number, Address, and the URLs of any social media profiles (such as LinkedIn, Facebook, GitHub, or any other relevant links).
This information is gathered and processed based on our legitimate interest in identifying, selecting, and hiring qualified candidates to meet our business needs. Our goal is to find the most suitable candidate for the advertised role and to build a pool of potential candidates for future openings, thereby enhancing the interest of skilled professionals in working with us.
For the candidate who accepts our job offer, we will process the data as necessary to take the required steps before finalizing an employment contract. This ensures we can establish an employment relationship and complete the contractual process.
Providing Personal Data is optional. However, if you wish to apply for the advertised position, you must fill out the application form, enabling us to collect your Personal Data throughout the application and selection process. Without this data, you will be unable to apply for the position.
Data processing is carried out in particular to analyse the internet traffic on our services, to maintain and monitor the performance of our services, to improve the functionality of our services and for advertising purposes. We may also use your personal information to contact you, to provide you with a service or to keep you up to date about our services and promotions, as per your request.
The lawful basis we rely on for processing of your data depends upon the relevant data gathered and processing purpose.
| Purpose | Lawful Basis |
|---|---|
| Collection of data during informational use of Own Solutions website | Consent/Legitimate interest |
| Collection of Personal Data during use of Own Solutions’ services (including Own Solutions websites: newsletter, downloads, contact form, marketing campaigns and promotions, etc.) | Consent/Legitimate interest |
| Collection of Personal Data during use of Own Solutions eService Platform (or ESP) including CloudPOS and/or any other integral part of ESP | Legitimate interest/As necessary to process transactions, manage and control access to ESP and/or any other integral part of ESP including but not limited to any device connected to ESP (POS device, terminal device…) |
| Collection of Personal Data during recruitment process | Consent/Legitimate interest |
If you have given us your consent to process your Personal Data for specific purposes (for example, marketing promotions, informational purposes about new releases, improvements, service availability, maintenance windows), we will process your Personal Data within the scope of and based on this consent, unless we have another legal basis and do not require such a basis. A given consent can be revoked at any time, but this has no effect on data processing that has already taken place.
We process the data that is generated when you use our websites and services, or that is provided directly by you. The table below sets out the categories of Personal Data we process, their origin, and the context in which they are collected.
| Processing Context | Categories of Personal Data | Source |
|---|---|---|
| Informational use of website | Technical identifiers: IP address, browser type and version, operating system, date and time of request, pages visited | Automatically collected |
| Contact forms, downloads, newsletter, marketing communications | Identification data: first name, last name, company e-mail address, company phone number | Provided by the data subject |
| AI‑powered chatbot on website | Identification and communication data: name, contact details, content of conversation | Provided by the data subject |
| Own.Assistant product (registration and use) | Registration data: full name, e-mail address, authentication information; Electronic identifiers: IP address, browser, operating system; Usage data: interaction logs, click-flow data |
Provided by the data subject / Automatically collected |
| eService Platform (ESP) | Identification data: first name, middle name, last name, email address, mobile phone number | Provided by the data subject |
| Recruitment process | Identification and professional data: first name, last name, email address, phone number, address, CV (education, work experience, skills), social media profile URLs | Provided by the data subject |
| Marketing promotions | Identification data: first name, last name, email address | Provided by the data subject |
Where Personal Data is collected automatically, this occurs as a result of your interaction with our websites or services and does not require active input from you. Where Personal Data is provided directly by you, the provision of certain data may be mandatory in order to deliver the relevant service, as indicated at the point of collection.
In the course of our business activities and purposes, we also disclose Personal Data to third parties where permitted, and necessary for your proper use of the services and/or required by law. This concerns in particular the following data recipients:
Under no circumstances do we sell any data to third parties or share it for the purposes of direct marketing.
Access to your Personal Data is limited to the Company’s authorized personnel and its partners, all of whom are bound by appropriate contractual obligations ensuring a level of data protection consistent with this Policy.
Where necessary, we engage third-party service providers to support the provision of our services, including but not limited to:
All such service providers act as processors on our behalf and are subject to contractual obligations that ensure appropriate safeguards for your Personal Data.
The Company performs the majority of data processing activities using its own resources and personnel. Third-party providers are used only where necessary for the proper functioning, maintenance and improvement of our services.
We do not intend to transfer Personal Data to countries outside the EU/EEA. However, due to the global nature of certain technology providers we work with, your Personal Data may be transferred to or accessed from jurisdictions outside the EU/EEA.
Where such transfers occur, they are carried out on the basis of appropriate safeguards in accordance with Chapter V of the GDPR. The legal basis for each transfer is set out below for each recipient.
HubSpot, Inc. (USA) - CRM and marketing automation platform
Transfer mechanism: EU-US Data Privacy Framework (adequacy decision of the European Commission of 10 July 2023, Article 45 GDPR); Standard Contractual Clauses (Article 46 GDPR) apply as a fallback where the DPF does not cover the transfer or is otherwise unavailable.
Privacy Policy: https://legal.hubspot.com/privacy-policy
Data Processing Agreement: https://legal.hubspot.com/dpa
BambooHR LLC (USA) - HR and recruitment management platform
Transfer mechanism: EU-US Data Privacy Framework (adequacy decision of the European Commission of 10 July 2023, Article 45 GDPR); Standard Contractual Clauses (Article 46 GDPR) apply as a fallback.
Privacy Policy: https://www.bamboohr.com/legal/privacy-policy
Data Processing Agreement: https://www.bamboohr.com/legal/data-processing-agreement
Amazon Web Services, Inc. - AWS (USA/EU) - cloud infrastructure and storage
Transfer mechanism: EU–US Data Privacy Framework (adequacy decision of the European Commission of 10 July 2023, Article 45 GDPR) and Standard Contractual Clauses (Article 46 GDPR), which are automatically incorporated into the AWS Data Processing Addendum. Where possible, data is processed within EU/EEA regions (e.g. Frankfurt, Ireland).
Privacy Policy: https://aws.amazon.com/privacy/
GDPR Centre: https://aws.amazon.com/compliance/gdpr-center/
Google LLC (USA) - analytics and advertising platform (Google Analytics, Google Ads)
Transfer mechanism: EU-US Data Privacy Framework (adequacy decision of the European Commission of 10 July 2023, Article 45 GDPR); Standard Contractual Clauses (Article 46 GDPR) apply as a fallback where the DPF does not cover the transfer or is otherwise unavailable.
Privacy Policy: https://policies.google.com/privacy
Data Processing Terms: https://business.safety.google/dataprocessingterms/
Meta Platforms, Inc. (USA) - advertising and analytics platform (Meta Pixel, Meta Ads)
Transfer mechanism: EU-US Data Privacy Framework (adequacy decision of the European Commission of 10 July 2023, Article 45 GDPR); Standard Contractual Clauses (Article 46 GDPR) apply as a fallback where the DPF does not cover the transfer or is otherwise unavailable.
Privacy Policy: https://www.facebook.com/privacy/policy/
Data Transfer Mechanisms: https://www.facebook.com/legal/EU_data_transfer_addendum
OpenAI Ireland Limited / OpenAI, LLC (Ireland/USA) - AI model provider
OpenAI Ireland Limited acts as the primary contracting entity for EEA users as of February 2024. To the extent that Personal Data is transferred from OpenAI Ireland to OpenAI entities outside the EEA, such transfers are carried out on the basis of Standard Contractual Clauses adopted by the European Commission (Article 46 GDPR), as incorporated into OpenAI's Data Processing Addendum.
Privacy Policy: https://openai.com/policies/privacy-policy
Data Processing Addendum: https://openai.com/policies/data-processing-addendum/
Where applicable, we assess the level of data protection in recipient countries and put in place additional safeguards as necessary, taking into account the requirements set out by the Court of Justice of the European Union in its judgment of 16 July 2020 (Schrems II, C-311/18).
For more information on Standard Contractual Clauses, please visit:
https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en
In the event of any conflict between the policies of third-party providers and this Policy, this Policy shall prevail.
Unless otherwise stated, we store usage data or other Personal Data for as long as we deem it necessary or appropriate to comply with applicable laws, or for as long as we deem it necessary for the purposes for which it is processed. We delete your Personal Data as soon as they are no longer needed.
Unless specified otherwise in this document, Personal Data shall be processed and stored for as long as required by the purpose they have been collected for and may be retained for longer due to applicable legal obligation or based on the Users’ consent. Therefore:
We delete your Personal Data as soon as they are no longer needed for the purposes for which they were collected.
As a general guideline, Personal Data is retained in accordance with the purpose of processing and applicable legal obligations. In particular:
In addition:
Where exact retention periods cannot be determined in advance, Personal Data will be retained based on criteria such as the duration of the contractual relationship, applicable limitation periods, and legal or regulatory obligations. The Owner may be allowed to retain Personal Data for a longer period whenever the User has given consent to such processing, as long as such consent is not withdrawn. Furthermore, the Owner may be obliged to retain Personal Data for a longer period whenever required to fulfil a legal obligation or upon order of an authority. Once the retention period expires, Personal Data shall be deleted. Therefore, the right of access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after expiration of the retention period.
We have technical and organizational security procedures in place to maintain the security of your Personal Data and to protect your session data and Personal Data against unauthorized or unlawful processing and/or against accidental loss, alteration, disclosure or access. These are adapted to the current state of the art. However, you should always be aware that there are inherent security risks in transmitting information via the Internet and other electronic means, and that we cannot guarantee the security of any information transmitted in this way.
You are entitled to the following rights, depending upon our reason for processing your information:
Furthermore, you have the right to object at any time to the processing based on your consent or our legitimate interests.
You have the right to object to data processing for purposes of direct marketing, after which we are no longer permitted to process your data for those purposes.
You also have the right to pursue your claims through the courts or to lodge a complaint with the competent data protection authority. According to Article 77 of the GDPR, you can lodge a complaint to the supervisory authority, in particular in the Member State of your residence, place of work or of an alleged infringement of the GDPR. For a list of supervisory authorities, click here.
Please note, however, that we reserve the right to assert the restrictions provided for by law, for example if we are obliged to store or process certain data, if we have an overriding interest in doing so (insofar as we are entitled to invoke this) or if we need them for the assertion of claims.
The exercise of such rights usually requires that you clearly prove your identity, where your identity is otherwise not clear or cannot be verified (e.g., by means of a copy of your identity card). To assert your rights, you can contact us at: GDPR@own.solutions
From time to time, we may change this Privacy Policy at any time without prior notice. Any updates will be published on our website, and the current version published there will apply. We encourage you to periodically review this Privacy Policy to stay informed about any updates.