On GDPR

Last updated: January 3, 2025

At OTis Co., Ltd., we are dedicated to privacy, security, and transparency. We strive to support customers in aligning with EU data protection requirements, particularly those outlined in the General Data Protection Regulation (GDPR), which has been effective since May 25, 2018.

Understanding GDPR

The GDPR replaces the EU Data Protection Directive (DPD) of 1995, broadening what constitutes as personal data, strengthening individual rights on how their personal data is collected, stored, processed, and shared, and imposing stricter obligations on organizations to ensure data protection, transparency, and accountability. Unlike its predecessor, the GDPR has a global scope, applying to organizations outside the EU that process the personal data of individuals within the EU and the European Economic Area (EEA).

To whom does the GDPR apply?

If you are a natural person located in the EU or the EEA, this applies to you.

On Data

We detail the data we collect, how and why they are used, and for how long they are stored in our Privacy Policy.

We do not needlessly collect data. We collect only the data necessary to deliver and protect our services. Additionally, we do not retain data beyond what is essential for our operations.

Neither we, nor our ‘data processors’, use your data to train any AI models.

Data Security

We provide some information on how we secure our services and data here. All data are encrypted in transit and at rest.

Rights under GDPR

For individuals (natural persons) eligible under the GDPR, your rights include:

• Right to be informed You have to right to be informed about how your personal data is being used. As much as possible, we detail the data we collect in our Privacy Policy. Please do regularly check our website for any updates.
• Right of access by the data subject Upon request, we can show you the data we store about you.
• Right to rectification You can request the correction of inaccurate or incomplete personal data we hold about you.
• Right to erasure (‘right to be forgotten’) You can request the deletion of your personal data. If this request may impact our ability to provide services to your workspace, we may ask for your cooperation in the necessary actions we will take. The scope of deletion includes your data stored by third parties, but we do not use any third-party services that store your data in the first place.
• Right to restriction of processing You can request that we limit our use of your personal data, but we may also need to ask for your cooperation in the case that it hinders our ability to provide services to you and your workspace.
• Right to data portability Upon request, we can export in CSV format the data we store about you.
• Right to object You can object to or challenge the processing of your data for certain purposes.
• Rights in relation to automated decision-making and profiling You can request not be subject to a decision based solely on automated processing, including profiling. We neither profile nor automate any decision-making involving our users.