Updated: November 3, 2023
Collection and Use of Personal Information
Origami Risk Website
Personal information collected from you on our Website will be used to carry out the actions you have requested or authorized. Additionally, we may use your personal information to provide you with information about our Services.
Our Website may collect certain information about your visit, such as the name of your Internet service provider and the Internet Protocol (IP) address through which you access the Internet; the browser you are using; the date and time you access our Website; the pages that you access while at our Website and the Internet address of the Website from which you linked directly to our Website. This information is used to help improve our Website, analyze trends, and administer our Website.
From time to time, we may engage Google Analytics or other third-party providers of marketing services to assist us with the purposes set forth above. We maintain contracts with each of these third parties restricting their access, use and disclosure of personal data. For more information on how Google Analytics collects and processes data, please visit “How Google uses information from sites or apps that use our services” linked here. We otherwise do not disclose personal information collected from our Website to non-agent third parties without authorization from the individual that submitted such information to us.
We provide the opportunity for individuals to “opt-out” of having their personal information (as collected from our Website) used for the purposes set forth above, and we provide the right to be “forgotten” (i.e., we will remove all of your personal information from our records). If you do not wish your personal information (as collected from our Website) to be stored on our systems, or provided to third parties, we will remove your information from these systems. Simply email firstname.lastname@example.org with the details of your request and we will respond promptly.
Origami Risk Services
As part of our Services, we provide a web-based system to our customers (primarily companies and governmental entities) and their designated third party users (collectively, our “Users”) that tracks information related to insurance and risk in order to help our Users manage insurance claims, improve safety and reduce costs. In providing the Services to our Users, we store and process data that our Users submit to us or instruct us to process. We use such information in order to provide the Services to our Users pursuant to the terms of the written agreement between us and our customer, and we do not use this information for any other purpose.
While our Users decide what data to submit, it typically includes insurance-related information such as claims, incidents, and policies, as well as related supporting documentation and analysis. This information may include personally identifiable information. When we provide our Services to our Users, in some instances we process personal information about third parties that is provided by our Users.
We use a limited number of third-party service providers to assist us in providing our Services to our Users. These service providers fall into one of the following categories:
- Hosting providers (we currently use Amazon Web Services)
- Providers of additional functionality for our Services (as set forth in the written agreement between us and our customer)
These third parties may access, process, or store personal data in the course of providing their services. We will only provide personal information to these third parties for the purpose of providing our Services to our Users. We maintain contracts with each of these third parties restricting their access, use and disclosure of personal data. Our customers and Users generally will not have the opportunity to opt out of having their personal information shared with these third-party service providers for these purposes while receiving our Services. We otherwise do not disclose personal information to non-agent third parties except as may be contemplated by a written agreement with our customer or otherwise as directed by our Users.
Disclosure Required by Law
In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
We reserve the right to disclose personal information as required by law and when we believe that disclosure is necessary to protect our legal rights and/or to comply with a judicial proceeding, court order, or legal process.
Access to Personal Information
We acknowledge the right of individuals to access their personal data as collected through our Website. Individuals wishing to review, edit, supplement or delete their personal data as collected through our Website may do so by contacting us at email@example.com, and we will promptly respond to any such request.
Individuals wishing to review, edit, supplement or delete their personal data as provided to us by our Users for use with our Services should contact the applicable User that provided this data to us. Alternatively, such an individual can contact us at firstname.lastname@example.org and we will work with our User to respond to the request. However, note that we are contractually bound to our customers to maintain the confidentiality and integrity of the personal information that we store as part of our Services, and any such request from an individual that is not our customer would need to be approved by our customer except as otherwise required by law.
Security of your Personal Information
We are committed to protecting the security of your personal information. While no computer system is completely secure, we have put in place appropriate physical, electronic, and managerial procedures to safeguard and secure your personal information.
Cross-Border Transfers of Personal Information
To the extent that our processing of personal data as part of the Services is subject to the EU or UK General Data Protection Regulation (GDPR), we will work with our customers to ensure that an adequate transfer mechanism exists for any such cross-border transfers of such data to the extent required by applicable law.
EU-U.S. Data Protection Framework (DPF), Swiss-U.S. DPF, and the United Kingdom Extension to the EU-U.S. DPF
In compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF), Origami Risk commits to resolve complaints about our collection or use of your personal information transferred to the U.S. pursuant to the EU-U.S. DPF, the UK extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. EU, UK, and Swiss individuals with inquiries or complaints should first contact Origami Risk.
Origami Risk has further committed to refer unresolved DPF Principles-related complaints to a U.S.-based independent dispute resolution mechanism, BBB NATIONAL PROGRAMS. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbbprograms.org/dpf-complaints for more information and to file a complaint. This service is provided free of charge to you.
If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf
Origami Risk is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC) with respect to EU-U.S. and Swiss-U.S. Privacy Shield compliance.
In cases of onward transfer to third parties of data of EU or Swiss individuals received pursuant to the EU-U.S. or Swiss-U.S. Privacy Shield, Origami Risk is potentially liable.
Individuals located in certain countries have certain statutory rights in relation to their personal data. Subject to any exemptions provided by law, you may have the right to request access to information, as well as to seek to update, delete or correct this information. If you are an Origami client, you can usually do this using the settings and tools provided in your account. If you cannot use the settings and tools, please contact us (at the contact information set forth below) for assistance.
To the extent that our processing of your personal data is subject to the GDPR, we only collect, use, and process personal data where we have lawful grounds to do so, which may include, without limitation: (i) in order to provide the requested Services, (ii) in connection with our legitimate interests, (iii) in connection with our fulfillment of legal obligations, or (iv) as otherwise consented to by you. For the avoidance of doubt, we may process personal data for direct marketing purposes as set forth above and you have a right to object to our use of your personal data for this purpose at any time.
Data Protection Officer
To communicate with our Data Protection Officer, please email email@example.com.
UK and EU Representative and Data Protection Authority
Our representative in the United Kingdom is Origami Risk Ltd. You can contact this representative as follows:
Origami Risk Ltd. | 150 Minories | London, EC3N 1LS | United Kingdom
If you are in the EU, you may address privacy-related inquiries to our EU representative pursuant to Article 27 of GDPR as follows:
EU-REP.Global GmbH | Attn: Origamirisk | Hopfenstr. 1d | 24114 Kiel | Germany firstname.lastname@example.org
If you are a resident of the United Kingdom and believe we maintain your personal data within the scope of the UK GDPR, while we request that you attempt to resolve any issues with us first, you may direct concerns or complaints to the UK’s Information Commissioner’s Office, our lead supervisory authority, at any time as noted below:
Information Commissioner’s Office | Wycliffe House, Water Lane | Wilmslow, Cheshire, SK9 5AF | United Kingdom | Phone: 0303 123 1113
If you are a resident of the European Economic Area and believe we maintain your personal data within the scope of the EU GDPR, while we request that you attempt to resolve any issues with us first, you may direct concerns or complaints to your supervisory authority in the region in which you live by contacting the applicable supervisory authority set forth here.
California Privacy Rights
If you are a resident of California, this section provides additional details about the personal information we collect about you, and your rights under the California Consumer Privacy Act (“CCPA”) and California Privacy Rights Act ("CPRA").
We may collect, transmit and store various categories of your personal information. Over the last 12 months, we have collected the following categories of personal information:
|Identifiers||First name, last name, email address|
|Commercial Information||Records of software products and/or services purchased, obtained or considered|
|Internet or other electronic network or device activity information||Search history, information on interactions with a website application or advertisement|
|Geolocation Data||Approximate physical location (derived from an IP address)|
|Professional or employment information||Current or past employment, job title, employer name|
|Inferences||Activity on the site to infer interest in certain products and categories|
|Sensitive personal information||Account login and password information|
Subject to certain limitations, the CCPA and CPRA provide you the right to request:
- That we provide you access to details on the categories or specific pieces of personal information we collect and/or sell (including how we use and disclose this information, to whom we may sell it);
- That we delete any of your personal information;
- That we correct any inaccuracies in your personal information;
- To opt out of any “sale” or "sharing" of your personal information that may occur, including sensitive personal information; and
- To not be discriminated against for exercising any of the above rights.
If you would like to submit a request to exercise your California privacy rights, you may do so by emailing email@example.com with your request. We will verify your request using information associated with your account, including your email. Further identification may be required. You may also designate an authorized agent to act on your behalf.
Please note that Origami Risk may retain a record of your request to delete your personal information.
This section does not cover the Personal Information we process as a ‘service provider’ in connection with the Service provided to our business customers, such as your organization. Our commitments as a service provider are set forth in the applicable agreement between Origami Risk and our business customer.
Choice of Future Communications
From time to time, we may send you information about our Services that may be of interest to you. At such a time, you will be given an opportunity to opt out of future communications.
Cookies and Tracking
We may use technology, such as Google Analytics, to track the patterns of behavior of visitors to our Website. This can include using a “cookie,” a text file sent by a web server to a web browser and stored by the browser for record-keeping purposes. As a result, it is possible to speed up your future activities on our Website and allow us to provide you with a personalized browsing experience.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the features of our Website.
Our Website does not process or respond to web browsers’ “do not track” signals or other similar transmissions that indicate a request to disable online tracking of users who visit our Website.
Links to Third-Party Websites
Our Website and our Services may provide links to unaffiliated third-party websites. As we do not control these websites, we encourage you to review the policies of these third-party sites.
Contact and Enforcement Information