We and our partners use cookies and similar technologies on our
website to help collect information and operate the site. We use
cookies to remember users and make your user experience easier;
customize our services, content and advertising; help you ensure that
your account security is not compromised, mitigate risk and prevent
fraud; and to promote trust and safety on our website. Cookies are
small text files placed by a website and stored by your browser on
your device.
Our cookies hold a unique random reference to you so that once you
visit the site we can recognise who you are and provide certain
content to you.
Most web browsers are set to accept cookies by default. If you prefer,
you can go to your browser settings to learn how to delete or reject
cookies. If you choose to delete or reject cookies, this may impact
your experience using our website.
Organogram shall establish adequate controls in order to protect the
integrity and confidentiality of personal data, both in digital and
physical format and to prevent personal data from being accidentally
or deliberately compromised.
Organogram is committed to managing your personal data in line with
best practices. We protect your personal data using physical,
technical, and administrative security measures to reduce the risks of
loss, misuse, unauthorized access, disclosure and alteration, we also
use industry recommended security protocols to safeguard your personal
data. Other security safeguards include but are not limited to data
encryption, firewalls, and physical access controls to our building
and files, and only granting access to personal data to employees who
require it to fulfill their job responsibilities. Employees may have
access to personal data only as is appropriate for the type and scope
of the task in question and are contractually forbidden to use
personal data for their own private or commercial purposes or to
disclose them to unauthorized persons, or to make them available in
any other way.
Two factor authentication (“2FA”) is an additional layer of security
we have added to your account. When 2FA is enabled, you will be
required to enter a One Time Password (OTP) (which is a verification
code we have sent to you for authentication purposes), at different
points in your interactions with the Organogram platform. While we
encourage you to enable this feature on every transaction, you may
choose to disable the 2FA feature after your initial enrolment by
clicking on the toggle button to disable. However, if you choose to
disable this feature, you agree that Organogram shall not be liable
for any loss or damages incurred as a result of your action.
Organogram also maintains a data breach procedure in order to deal
with incidents concerning personal data or practices leading to the
accidental or unlawful destruction, loss, alteration, unauthorized
disclosure of, or access to, personal data transmitted, stored or
otherwise processed. You may contact our Data Protection Officer (DPO)
at dataoffice@organogram.ltd upon becoming aware of any breach of
personal data or if your access credentials have been compromised, to
enable us to take the necessary steps towards ensuring the security of
your personal data or account. We will report any breaches that will
compromise your rights and freedoms to the Relevant Authority within
72 hours of discovery.
We will retain your information for the following periods:
- As long as reasonably necessary for the purpose of providing our services to you
- For the duration your account is active and we have your consent
- For the period needed to comply with our legal and statutory obligations
- As needed to verify your information with a financial institution
- Organogram is statutorily obliged to retain the data you provide in order to process transactions, ensure settlements, make refunds, identify fraud and to comply with applicable laws and regulatory guidelines.
As part of our service provision, we may rely on third-party servers,
databases co-located with hosting providers, resident in foreign
jurisdictions, which constitutes the transfer of your personal data to
computers or servers in foreign countries. We take steps designed to
ensure that the data we collect under this Privacy Policy is processed
and protected according to the provisions of this Policy and
applicable law wherever the data is located.
Where personal data is to be transferred to a country outside your
indicated operating country, Organogram shall put adequate measures in
place to ensure the security of such personal data. Any transfer of
personal data out of your operating country will be in accordance with
the provisions of relevant data protection regulations. In particular,
Organogram shall, among other things, use contractual terms to ensure
protection of the data or ensure the country has adequate data
protection laws.
Processing of Personal Information by Organogram shall be lawful if at least one of the following applies: the Data Subject has given consent to the processing of his/her Personal Information for one or more specific purposes; the processing is necessary for the performance of a contract to which the Data Subject is party or in order to take steps at the request of the Data Subject prior to entering into a contract; processing is necessary for compliance with a legal obligation to which Organogram is subject; processing is necessary in order to protect the vital interests of the Data Subject or of another natural person; and processing is necessary for the performance of a task carried out in the public interest or in exercise of official public mandate vested in Organogram.
Organizations who have Personal Information of their members held by Organogram are entitled to reach out to Organogram to exercise the following rights:
- Right to request for and access any Personal Information collected and stored by Organogram;
- Right to be informed regarding their Personal Information;
- Right to be informed about appropriate safeguards in place where data is transferred abroad;
- Right to object to automated decision making and processing;
- Right to request rectification and modification of Personal Information which Organogram keeps;
- Right to request the deletion of their data;
- Right to request the movement of data from Organogram to a third party - this is the right to the portability of data;
- Right to revoke consent;
- Right to object to direct marketing, and to request that Organogram restricts the processing of their information; and
- Right to submit a complaint to the data governing board in their operating country.
Note that your request will be reviewed and answered by Organogram’s Data Protection Officer within a 30-day period.
We may need to update, modify or amend our Privacy Policy as our technology evolves and as required by law. If we materially change the ways in which we use or share personal data previously collected from you through our Services, we will provide notice or obtain consent regarding such changes as may be required by law. The Privacy Policy will apply from the effective date provided on our website.
Any violation of this Privacy Policy should be brought to the attention of the Data Protection Officer (details below) for appropriate sanctioning and treatment.
If you have any questions relating to this Privacy Policy or would like to find out more about exercising your data protection rights, please reach out to our DPO via email at dataoffice@organogram.ltd.