Privacy Policy

At Osiris Systems, Inc. (together with its affiliates, “Osiris Systems”, “we”, “us”, and/or “our”), keeping your information safe is one of our top priorities. First and foremost, we want to be clear that Osiris Systems is not in the business of selling your information.

Osiris Systems respects your preferences concerning the collection and use of your Personal Information. The following privacy policies are tailored for the different ways your Personal Information is collected by different Osiris lines of business and offerings.

The Channels may provide links to or the ability to connect with third party services, social networks or applications. Clicking on those links or enabling those connections may allow the third party to collect or share information about you. Those third-party websites or services are beyond our control. We encourage you to check the privacy policies and terms of use of any third party services before providing your Personal Information to them.

We have developed this privacy policy (the “Privacy Policy”) so that you may easily understand the way in which we use and protect the information that is collected from visitors to the BeeCanvas website (the “Site”) and users of our service BeeCanvas (together with the Site, the “Service(s)”). The Privacy Policy is open to the public at all times so you may read the full text of the Privacy Policy whenever you need to do so. Any changes to the Privacy Policy will be notified to you to ensure that you understand the details of and reasons for such changes.

BeeCanvas Privacy (Osiris Systems, Inc) policy are comply with the General Data Protection Regulation 2016/679 GDPR

Regulation (EU) 2016/679 (General Data Protection Regulation) replaces Data Protection Directive 95/46. It has direct effect and implies a change in the legislation of the Member States in the field of personal data protection. Its purpose is to protect the "rights and freedoms" of individuals and to ensure that personal data are not processed without their knowledge and, where possible, processed with their consent.

Scope

Material scope (GDPR Article 2) - this Regulation applies to the processing of personal data wholly or in part by automatic means and to the processing of personal data (for example, manually and on paper) by other means, which are part of a personal data record or which are intended to form part of a personal data record.

Territorial scope (GDPR Article 3) - The rules of the GDPR will apply to all data controllers established in the EU who process personal data of individuals in the context of their activities. It will also apply to non-EU administrators who process personal data in order to offer goods and services or observe the behavior of data subjects who are resident in the EU.

Definition:

Personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

Special categories of personal data means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or membership of trade unions and the processing of genetic data, biometrics for unique identifying an individual, data concerning health or data on the sexual life of an individual or sexual orientation.

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

Data subject means any natural person who is the subject of personal data stored by the Controller (Administrator).

Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements;

Personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed;

Main place of establishment - the EU controller's headquarters will be the place where he takes the basic decisions about the purpose and means of his data processing activities. For personal data processors, its main place of establishment in the EU will be its administrative center.

If the controller is based outside the EU, he must appoint a representative in the jurisdiction where the administrator works to act on behalf of the controller and deal with supervisors. (Article 4 (16) of the GDPR)

Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;

Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data;

Principles of data protection

All processing of personal data are in accordance with the data protection principles referred to in Article 5 of GDRP (EU) 2016/679. The policies and procedures of BeeCanvas aim to ensure compliance with these principles.

Personal data be processed lawfully, in good faith and transparently

Lawfulness - Identify a legal basis before it can process personal data. They are often referred to as "grounds for processing", such as "consent".

Fairness - in order for the processing to be in good faith, the data controller must provide certain information to the data subjects as far as is practicable. This applies irrespective of whether personal data is obtained directly from data subjects or from other sources.

Regulation (EU) 2016/679 increases the requirements for what information should be available to data subjects that are covered by the "transparency" requirement.

Transparency - The GDPR includes rules on the provision of confidential information to data subjects in Articles 12, 13 and 14 of the GDPR. They are detailed and specific, emphasizing that privacy notices are understandable and accessible. Information must be communicated to the data subject in comprehensible form using clear and comprehensible language.

Personal data may only be collected for specific, explicit and legitimate purposes

Data obtained for specific purposes should not be used for a purpose that differs from those officially announced to the supervisory body as part of the BeeCanvas Data Processing (Article 30 GDPR).

Personal data must be adequate, relevant, limited to what is necessary for their processing for the purpose. (principle of minimum necessary)

  • Data Protection Officer (DPO) is responsible for ensuring that BeeCanvas does not collect information that is not strictly necessary for the purpose for which it was received.
  • The Data Protection Officer (DPO) will ensure that on an annual basis all data collection methods are reviewed by (internal audit / external experts) to ensure that the collected data continues to be adequate , relevant, are not excessive.

Personal data must be accurate and up-to-date at all times, and the necessary efforts are made to enable deletion or correction immediately (within the framework of possible technical solutions)

  • The data stored by the data controller should be reviewed and updated as necessary. Data should not be stored in cases where it is unlikely to be accurate.
  • The Data Protection Officer is responsible for ensuring that all staff are trained in the importance of accurate data collection and maintenance.

  • It is also the duty of the data subject to declare that the data he transmits for storage by BeeCanvas are accurate and up-to-date. Completing a form from the data subject to the administrator will include a statement that the data contained therein is accurate at the filing date.
  • Employees / employees (clients / others) should be required to notify BeeCanvas of any change in circumstances in order to update the records of personal data. Instructions and rules for updating the records are contained (here). The responsibility of BeeCanvas is to ensure that any change of circumstances notification is recorded and action is taken.
  • The Data Protection Officer is responsible for ensuring that appropriate procedures and policies are in place to maintain the accuracy and timeliness of personal data, taking into account the volume of data collected, the speed at which it can change, other relevant factors .
  • At least annually, the Data Protection Officer will review the storage times of all personal data handled by BeeCanvas, referring to the inventory of the data and will identify all data that are no longer required in the context of the registered objective. These data will be reliably destroyed in accordance with the administrator's procedures and rules.
  • The Data Protection Officer (DPO) is responsible for complying with data r requests within one month, which can be extended by a further two months If the BeeCanvas decides not to comply with the request, the Data Protection Officer must respond to the data subject in order to explain his / her reasons and to inform him / her of the right to complain and the supervisory authority and to seek redress.
  • The Data Protection Officer is responsible for taking appropriate measures in cases where third party organizations have inaccurate or outdated personal data to inform them that the information is inaccurate or obsolete and is not used to make decisions about individuals to inform the parties concerned; and to forward any correction of personal data to third countries where necessary.

Personal data must be stored in such a form that the data subject can only be identified for as long as is necessary for the processing.

  • When personal data is retained after the processing date, it will be stored appropriately (minimized, encrypted, aliased) to protect the identity of the data subject in case of data breaches.

Personal data are processed in a way that ensures appropriate security (Article 24, Article 32 of the GDPR)

The Data Protection Officer will carry out an impact assessment (risk assessment) taking into account all circumstances related to data management or processing operations by BeeCanvas.

In determining the suitability of the processing, the Data Protection Officer should also examine the extent of any damage or loss that may be caused to individuals (eg staff or customers) if a security breach occurs, as is the case and any likely damage to the reputation of the controller, including a possible loss of customer confidence.

When assessing appropriate technical measures, the Data Protection Officer will consider the following:

  • Password protection;
  • Automatic locking of idle workstations in the network;
  • Removing access rights for USB and other removable storage media;
  • Antivirus software and firewalls;
  • Access rights based on roles, including those of assigned temporary staff
  • Protect devices that leave the organization's premises, such as laptops or others;
  • Security of local and wide-area networks;
  • Enhanced privacy practices such as pseudonymization and anonymization
  • Identification of appropriate international security standards appropriate for BeeCanvas

When assessing the appropriate organizational measures, the Data Protection Officer will consider the following:

  • Levels of appropriate training in BeeCanvas
  • Measures that take into account staff reliability (for example, appraisal assessments, recommendations, etc.);
  • Inclusion of data protection in employment contracts;
  • Identification of disciplinary measures for violations with regard to data processing;
  • Regularly inspect staff for compliance with relevant security standards;
  • Control of physical access to electronic and paper-based records;
  • Store the database paper in lockable wall cabinets;
  • Restricting the use of portable electronic devices outside the workplace;
  • Limiting employee use of personal devices in the workplace;
  • Accepting clear rules for creating and using passwords;
  • Regular backup of personal data and physical storage of media with copies outside the office;
  • Imposition of contractual obligations on counterparty organizations to take appropriate security measures when transferring data outside the EU.

These controls are selected based on the identified personal data risks as well as the potential for damage to the data subjects who are being processed.

Compliance with the principle of accountability

Regulation (EU) 2016/679 includes provisions that promote accountability and manageability and complement transparency requirements. The principle of accountability in Art. 5, par. 2 requires the controller to prove that he adheres to the other principles in the GDPR and explicitly states that this is his responsibility.

Rights of data subjects

Data subjects have the following rights in respect of the processing of data and the data recorded for them:

  • Make requests to verify that personal data associated with it is being processed and, if so, to access the data, as well as information on who the recipients of that data are.
  • Request a copy of their personal data from the controller (administrator);
  • Ask the controller (administrator) to correct personal data when they are inaccurate and when they are no longer up to date;
  • Require the controller (administrator) to delete personal data (right to be forgotten);
  • Ask the controller (administrator) to limit the processing of personal data, in which case the data will be stored but not processed;
  • To object to the processing of his or her personal data;
  • To object to the processing of personal data relating to him / her for direct marketing purposes.
  • Appeal to a supervisor if he / she believes that any of the GDPR provisions is violated;
  • Request and be given personal data in a structured, widely used and machine-readable format (data portability);
  • Withdraw your consent to the processing of personal data at any time with a separate request addressed to the administrator;
  • Not subject to automated decisions affecting him to a significant extent without human interference;
  • Oppose automated profiling, which happens without its consent;

Consent

1. Under consent, BeeCanvas understand any free expression, specific, informed and unambiguous indication of the will of the data subject, by means of a statement or a clear confirmation action, which expresses its consent to the processing of the related personal data. The data subject may withdraw his / her consent at any time.

2. BeeCanvas understands "consent" only in cases where the data subject has been fully informed of the planned processing and has expressed his / her consent and without exerting pressure on it. Consent obtained under pressure or on the basis of misleading information will not be a valid basis for the processing of personal data.

3. Consent cannot be inferred from the absence of a reply to a message to the data subject. There must be active communication between the controller and the subject for consent. The administrator must be able to demonstrate that consent has been received for the processing operations.

4. For specific categories of data, explicit consent in writing to obtain consent to the processing of personal data of data subjects shall be obtained unless there is an alternative legal basis for processing.

5. In most cases, the consent for the processing of personal and special categories of data is routinely obtained from BeeCanvas, using standard documents for consent (please specify) when a new client signs a contract or when recruiting new staff, etc.

6. When BeeCanvas processes personal data of children, permission must be obtained from parents exercising parenting rights (parents, guardians, etc.). This requirement applies to children under the age of 16 (unless the Member State has provided for a lower age limit, which may not be less than 13 years).

Data security

1. All employees are responsible for ensuring the security in the storage of the data they are responsible for and which BeeCanvas, holds and that the data are safely stored and not disclosed under any circumstances of third parties, unless the BeeCanvas has given such rights to that third party by entering into a contract / confidentiality clause (please indicate here if you have any such).

2. All personal data must be accessible only to those who need it and access can only be granted in accordance with established access control rules. All personal data must be treated with the utmost certainty and must be kept:

  • in a self-contained room with controlled access; and / or in a locked cabinet or in the filing cabinet; and / or
  • if computerized, password protected in accordance with internal requirements set out in organizational and technical measures to control access to information (eg access control rules); and / or
  • stored on portable computer media that are protected in accordance with organizational and technical measures to control access to information.

3. Establish an organization to ensure that computer screens and terminals cannot be viewed by anyone other than the authorized employees of BeeCanvas. All employees are required to be trained and accept the relevant contractual clauses / declaration of compliance with the organizational and technical measures of access as well as the rules for the locking of workstations before being given access to information of any kind.

4. Paper-based records should not be left where they can be accessed by unauthorized persons and cannot be removed from the designated office premises without explicit permission. As soon as paper documents are no longer required for ongoing customer support work, they must be destroyed in accordance with the established procedure / rules and the relevant protocol.

6. The processing of personal data "outside the office" represents a potentially greater risk of loss, theft or violation of personal data. The staff must be specifically authorized to process data outside the controller's premises.

Osiris Systems will collect your Information to make better software.

In order to provide the basic features and other specialized functionalities of the Services pursuant to the Terms of Service by which you are bound by accessing or using the Services, it may be necessary for Osiris Systems to collect certain information from you as outlined below (collectively the “Information”).

Personal Information: In order to provide our Service to you, we require and collect certain Personal Information from you, such as your name, telephone number, email address, password, and company name. You may also provide us with additional information, such as your profile photo, in order to fully enjoy some of the features in our Service. In addition, when you use our Services, we automatically collect information on the type of device you use, operating system version, and device-specific identifiers. We may also collect your credit card information, carrier information, promotional code or gift certificate numbers, or other information required for payment processing when you use paid Services.

Non-Identifiable Information: When you interact with Osiris Systems through the Services, we receive and store certain personally Non-Identifiable Information. Such information, which is collected passively using various technologies, will not be used to specifically identify you. Osiris Systems may store such information itself or such information may be included in databases owned and maintained by Osiris Systems affiliates, agents, or service providers. The Services may use Non-Identifiable Information and pool it with other information to track, for example, the total number of users of our Services, the aspects of the Services being used, the domain names of our visitors' Internet service providers, and the like.

Aggregated Information: In an ongoing effort to better understand and serve the users of the Services, Osiris Systems often conducts research on its customer demographics, interests, and behavior based on the Personal Information and other Information provided to us. This research may be compiled and analyzed on an aggregate basis, and Osiris Systems may share this aggregate data with its affiliates, agents, and business partners. This Aggregated Information does not identify you personally. Osiris Systems may also disclose aggregated user statistics in order to describe our services to current and prospective business partners, customers, and other third parties for other lawful purposes.

Cookies: In order to provide you with customized Services, Osiris Systems uses Cookies, which are saved on your personal computer (“PC”) and retrieved whenever required for any PC-based Services. Cookies are small text files of information sent to your browser by the website operating server, which are then stored on the hard drive of your PC. When you visit a website, Cookies are accessed by the server to ensure that your preferences are maintained, which helps you be more efficient. Moreover, Cookies tell us how often your visit the website, how you use the website, and what information interests you. In this way, we can provide the Services optimized for your needs. You have an option to enable or disable Cookies. You may configure your browser to accept all Cookies, get a prompt before accepting Cookies, or disable all Cookies. Please bear in mind that you will not be able to access some of the Services requiring a login process if you disable Cookies.

Mobile Analytics: We use mobile analytics software to allow us to better understand the functionality of our application on your phone. This software may record information such as how often you use the application, the events that occur within the application, aggregated usage, performance data, and where the application was downloaded from.

Your Information will be used by Osiris Systems to provide better services.

Your Personal Information may be used to search, register, or notify other users who are on your contact list or who may be your team members. Furthermore, your Information may also be used to give any individual notifications, deal with any inquiries or disputes arising in connection with your use of the Services, send content for paid services, or process payment. In addition, your Information may be used to perform statistical analysis for new customized services, provide event and advertising information, comply with obligations required under applicable laws and regulations, and prevent any improper use of your Information that may cause harm to you in violation of applicable laws or the Terms of Service.

Osiris Systems will never disclose your Personal Information to a third party not provided herein, unless consented by you or otherwise required by applicable laws.

We will display your Personal Information on the Services (e.g. profile page) according to the preferences you set in your account. Please consider carefully what information you disclose in connection with the Services, how you select your preferences, and your desired level of privacy. Through certain features of the Services, you may also have the ability to make some of your messages, files, or other information available to third parties or the public. Always remember that when you share any type of information with others, such information may be broadly and quickly disseminated.

Osiris Systems may use third parties to perform business-related functions, such as mailing information, hosting servers, providing data center services, maintaining databases, and processing payments. When we use such third parties, we only provide them with the Information that they need to perform their specific function. These companies are authorized to use your Information only as necessary to provide these services to us. Similarly, some Services may be linked to a third-party service including application providers. Osiris Systems may provide your Information to such third parties with your consent within the scope necessary for your use of those Services. To view the list of the linked Services you are currently using and the third parties authorized to use the Information, please go to the Settings menu.

Osiris Systems may disclose your Personal Information if required to do so by applicable laws or in the good faith belief that such action is necessary to (i) comply with a legal obligation, (ii) protect and defend the rights or property of Osiris Systems or third parties, (iii) act in urgent circumstances to protect the personal safety of users of the Services or the public, or (iv) protect against legal liability.

Information is processed and stored on database servers managed by Amazon Web Services (AWS).

Information and other content and communication on the Services are transmitted through, processed in, and stored on database servers managed by AWS that may be located outside of the country in which you reside.

Exclusions from our Privacy Policy

This Privacy Policy shall not apply to any service feedback or unsolicited information you provide to Osiris Systems through the Services or through any other means. This includes, but is not limited to any ideas for new products or services or modifications to existing products or services, and other unsolicited submissions (collectively, “Feedback and Unsolicited Information”). All Feedback and Unsolicited Information shall be deemed to be non-confidential and non-proprietary and Osiris Systems shall be permanently free to store, reproduce, use, modify, disclose, distribute, display, create any derivate works from, and commercialize such Feedback and Unsolicited Information without limitation or attribution.

Changes to our Privacy Policy

Osiris Systems may from time to time amend this Privacy Policy to, for example, reflect changes to the Services or applicable law. We will post a notice about any Privacy Policy changes, and the updated Privacy Policy will become effective 7 days from the day on which the notice is posted. However, if changes to our Privacy Policy will materially and adversely affect your rights, the updated Privacy Policy will become effective 14 days from the day on which the notice is posted. If you do not agree with the updated Privacy Policy, you may cease using the Services. If you continue to use the Services after the effective date of the updated Privacy Policy, you will be deemed to have agreed to such policy.

Contact Information

Please contact our Security team for all your complaints, inquiries, comments or requests concerning your information in connection with our Service. We will endeavor to provide you with a timely and satisfactory response.

Controller: Osiris Systems Inc. ID:113-86-86574

Address : Seoul Gangnam-gu Dosan-daero 16-gil 12, South Korea

Manager : GYEONG BYEONG HYEON

E-mail : support@beecanvas.com

Telephone : +82 10 4849 1061

Internet site : https://beecanvas.com/en

Response person for GDPR (DPO): Gyeong Byeong Hyeon

Security team

Contact: support@beecanvas.com