Privacy Policy

1. Privacy and Your Information

Odessa Technologies, Inc. its affiliates and subsidiaries (collectively “Odessa,” “we”, “our” or “us”) knows, you care about how your Personal Information is used and shared, and we take your privacy seriously. This Data Privacy Policy (“Policy”) describes how we leverage your Personal Information and respect your privacy rights.

Please note, Odessa may act either as a controller or a processor of Personal Information, depending on the context in which we receive and handle your data. This Policy covers both roles and clearly indicates when each applies throughout the policy.

1.1 Definitions

For the purposes of this Policy:

Term	Definition
Customer	An entity or organization that has entered into a contractual agreement with Odessa to use the Odessa Solution for its business operations.
User	An individual authorized by a Customer to access and use the Odessa Solution on behalf of the Customer, such as employees or contractors.
Third Party	Any individual or organization that is not the Data Subject, Customer, User, or Odessa, but who may receive personal information under a contract.
Service Provider	A third-party entity engaged by Odessa to perform services on its behalf, such as hosting, analytics, legal, or customer support.
Submitted Data	Personal information that a Customer submits to Odessa through use of the Odessa Solution, which may relate to their own users or customers.
Odessa Solution	The suite of software products, platforms, or services offered by Odessa, whether cloud-based or on-premises, including related applications.
Personal Information	Any information relating to an identified or identifiable natural person, including name, contact details, account data, and user activity. This includes information also referred to as “personal data” under laws such as the EU General Data Protection Regulation (GDPR).
Processing	Any operation performed on personal information, whether by automated means or not, such as collection, storage, use, disclosure, or deletion.
Applicable Laws	Refers to all privacy and data protection laws and regulations that apply to Odessa’s processing of Personal Information. This includes, without limitation, the General Data Protection Regulation (GDPR), the UK GDPR, the Data Protection Act 2018 (UK), the Indian Digital Personal Data Protection Act, 2023 (DPDP Act), Serbian Personal Data Protection Law, the Australia Privacy Act 1988 (as amended), as well as relevant U.S. federal and state privacy laws (such as the California Consumer Privacy Act (CCPA), as amended by the CPRA), and any other applicable data protection legislation in jurisdictions where Odessa operates or where Personal Information is processed.

2. Personal Information We Collect

Odessa as a Data Controller
When Odessa determines the purposes and means of processing Personal Information such as data collected through its website, for marketing, product improvement, legal compliance, candidates applying for job or direct customer engagement, acts as a Data Controller. This includes:

Collecting Personal Information when you interact with our website or contact us directly.
Using cookies and embedded product technologies on our website and services to analyze usage and improve performance.
Receiving Personal Information from third parties to enhance our services or business operations.
Gathering technical data such as your IP address, MAC address, device type, operating system, browser, and usage patterns for security, diagnostics, and service improvement purposes.

Odessa as a Data Processor
When Odessa processes Personal Information on behalf of its Customers under contract particularly when you are an end user (e.g., employee, contractor, or representative) of an Odessa Customer using the Odessa Software or Solution Odessa acts as a Data Processor. This includes:

Collecting and processing user account information provided during registration or use of the Odessa Solution as authorized by the Customer.
Processing technical and usage information (e.g., URI, hostname, usernames, connection details) as required to deliver, maintain, or support the Odessa Software or Solution under the Customer’s instructions.

Further details of the data we collect are categorized below:

Identity Data includes first name, last name, title, and/or role at an organization.
Contact Data includes business address, delivery address, business email address, and business telephone numbers.
Interaction Data includes data collected when you interact with us by phone, email, or in person, and may include your preferences, opinions, feedback, and survey responses.
Technical Data includes internet protocol (IP) address, your login data, language, access times, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website.
Usage Data includes information about how you use our website, products and services, and web beacons, customized links or similar technologies to determine whether an e-mail has been opened and which links you click on in order to provide you with more focused e-mail communications or other information.
Marketing and Communications Data includes your preferences for receiving marketing from us, and your communication preferences.
Aggregated Data, such as statistical or demographic data. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data, which will be used in accordance with this Policy.

3. How Odessa Collects Your Information

Direct interactions –You may give us your Identity, Contact, Interaction, Marketing, candidates applying for job and Communications Data by filling in forms or by corresponding with us by post, phone, email, or otherwise:
Applying for information on our products or services on behalf of an organization you are affiliated with.
Request marketing materials and communications to be sent to you.
Providing us with feedback or contacting us.
Form fills or enquiries made on the Odessa website.
Conferences, webinars conducted by Odessa.

Automated technologies or interactions – As you interact with our website, we would automatically collect Technical Data about your equipment, browsing actions, and patterns. We collect this personal data using cookies, server logs, and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies. Please see the Odessa’s Cookie Policy, for further details.

Third parties or publicly available sources – We would receive Personal Information about you from various third parties and public sources as set out below:
Technical Data from Analytics providers such as Google
Advertising networks like Google Adwords
Search information providers such as Zoominfo
Identity and Contact Data from data brokers or aggregators
Identity and Contact Data from publicly available sources such as Companies House

As part of using our Odessa Solution, Odessa’s Customers may submit electronic data or information (“Submitted Data”) to Odessa that constitutes Personal Information of individuals. This data may include, but is not limited to, name, email address, phone number or any other data the Customer chooses to submit.

Odessa collects and processes Submitted Data strictly on behalf of and under the instructions of our Customers. In these instances, Odessa acts as a processor, and the Customer is the controller of the data. The Odessa Solution may collect certain data from Customer environments to provide functionality, support, and analytics services. Odessa typically does not have a direct relationship with the individuals whose data is included in Submitted Data. All such processing is governed by the applicable agreement between Odessa and the Customer (such as our Terms and Conditions or a dedicated data processing agreement), which sets out our obligations and limitations with respect to Submitted Data.

4. How Odessa Uses Your Information

We use information that we collect for lawful purposes associated with the growth, maintenance, and management of our business while also respecting your privacy. These uses include our internal operations and administration, communicating with you and fulfilling your service requests and to improve, develop, enhance, and otherwise provide Odessa Solution.

More specifically, we use your data to:

Provide access to the Odessa Solution.
Personalize, customize, measure, and improve Odessa’s products, services, content, and advertising.
Prevent, detect, and investigate potentially prohibited or illegal activities or a breach of the applicable agreement(s) between you and Odessa.
Analyze the accuracy, effectiveness, and usability of the Odessa Solution or the Odessa Software.
Contact you with information, including promotional, marketing, and advertising information and recommendations that Odessa believes may be of interest to you.
Use as reference (only once permitted by you) in our pursuits.
Jira instances hosted by Odessa.
Run campaigns on marketing automation tools like Pardot.

When acting as a processor, Odessa uses Personal Information solely to deliver services to its Customers, in accordance with their instructions and applicable agreements. This includes:

Generate and review reports based on Submitted Data.
Compile aggregate data for internal and external business purposes.
Resolve and troubleshoot technical problems with the Odessa Solution.
Hosting and managing customer-specific environments, including Jira instances, under customer direction

Odessa may share your Personal Information with trusted third parties only as necessary for the purposes described in this Policy and in accordance with applicable data protection laws. These parties include:

Users of the Odessa Solution

When you share information with us via the Odessa Solution, Odessa may share your information to other users, in accordance with the privacy settings you or the respective Customer has chosen for your account or that are applicable to that information. To the extent you share any information to a public audience or via a publicly accessible portion of the Odessa Solution such as an online customer community or forum, that information may be available to anyone who has access to that customer community or forum.

Service Providers & Third Parties

Odessa engages trusted third-party service providers who support our operations, such as hosting providers, analytics services, customer support platforms, marketing automation tools, and professional advisors (e.g., auditors and legal counsel). These providers are contractually required to protect the confidentiality and security of your Personal Information and to use it only for the purposes for which it was shared.

Currently, Odessa uses Microsoft Azure as its cloud hosting provider.

Odessa’s Affiliates & Subsidiaries

Odessa may share some or all your information with Odessa’s parent company, corporate affiliates and subsidiaries, where such sharing is necessary to provide the Odessa Solution or support internal operations.

Odessa Customers

Where Odessa acts as a processor, we may share Submitted Data with the customer who controls such data, in accordance with our contractual obligations.

Legal, Regulatory, or Government Authorities

Odessa may disclose your information if required by law, regulation, legal process, or in response to valid requests by public authorities (e.g., law enforcement or tax authorities).

Odessa does not sell your Personal Information. We also do not share it for cross-context behavioral advertising unless permitted by law and with appropriate opt-out options where required.

6. Your Choices & Rights

Odessa respects your rights in how your Personal Information is used and shared. Depending on Odessa’s role, you have different avenues for exercising those rights

Where Odessa acts as a controller

If Odessa collects and processes your Personal Information directly, for example, through the Odessa website, events, or direct marketing, you have the following rights:

Access, Correction, and Deletion
Data Portability
Objection and Restriction
Marketing Preferences

Note: When you update or delete your data, we may retain a copy for compliance, audit, or legal retention purposes. We may also retain de-identified, aggregated data for internal reporting and analysis that does not personally identify you.

You have the right to request access to any Personal Information which Odessa may have about you by contacting notices@Odessainc.com. The information will be provided in a machine-readable format.

When Odessa acts as a processor

a. If your Personal Information has been submitted to Odessa by one of our Customers (e.g., your employer or service provider), Odessa processes that data solely on behalf of the customer. In this case:

You should first direct any request to access, correct, amend, or delete your data to the relevant Odessa Customer (the data controller).
Odessa will cooperate with the Customer to fulfill verified data subject requests as required under applicable law.

b. Customers: you may update or change your account information through your account settings using the Customer account page included in the Odessa Solution. To access your Odessa account page, you will require your Odessa Solution username and password or any other supported authentication mechanism

You have the right to request access to any Personal Information which Odessa may have about you by contacting notices@Odessainc.com. The information will be provided in a machine-readable format.
You may also ask that we transfer the Personal Information to a third-party, which we will do if technically feasible

The Customer’s administrator of the Odessa Solution can retrieve or delete the data from the Odessa Solution

You also have the right to review, add and update your Personal Information.

7. Supplemental Notice for the EEA, UK, and Switzerland

This section provides additional details for when Odessa processes Personal Information, in its capacity as a Data Controller, for individuals located in the European Economic Area (EEA), the United Kingdom (UK), and Switzerland in accordance with the General Data Protection Regulation (GDPR) and UK GDPR.

Your Rights Subject to applicable law, you have the following rights with respect to your personal data.

Right of access.You have the right to access your personal data that we hold and receive it in a portable way.
Right to update.You have the right to request that we update your personal data.
Right to delete.You have the right to have your personal data deleted.
Right to restrict processing.You have the right to request us to restrict or suppress the processing of your personal data where our processing is inappropriate.
Right to object.You have the right to object to the processing of your personal data.
Right to withdraw consent.You have the right to withdraw your consent at any time where we are processing your personal data based on your prior consent.

You can exercise these rights by making a written request at notices@Odessainc.com. Please note that we may ask you to provide us with additional information to confirm your identity.

Legal Bases for Processing Personal data

We process your personal data on one of the following legal bases:

Performance of a contract: where necessary to enter into or perform under a contract with you, including providing Odessa Products.
Legal obligation: where necessary for us to comply with a legal obligation.
Legitimate interests: as outlined in this Policy; or
Consent.

8. Supplemental Notice for the United States

This section provides additional details for when Odessa processes Personal Information, in its capacity as a Data Controller, we collect about individuals and the rights afforded to them under various applicable U.S. state data-protection and privacy laws including CCPA.

Your Rights Subject to applicable law, you have the following rights with respect to your personal data.

Right to access.You have the right to request that we disclose to you in a portable format the personal data we collect, use, disclose, share, and sell about you.
Right to correct.You have the right to correct errors in your personal data.
Right to delete.You have the right to request that we delete the personal data that we’ve collected.
Right to update.You have the right to request that the inaccurate personal data we hold about you be corrected.
Right to opt out.You have the right to opt out of behavioral or targeted advertising, automated profiling, and sales of personal data.
Right to restrict the use and disclosure of your sensitive information.You have the right to request that we limit our use and disclosure of your sensitive personal data.
Right to nondiscrimination.You have the right not to receive discriminatory treatment because you’ve exercised any of your above rights.

9. Supplemental Notices for India

This section provides additional details for when Odessa processes Personal Information, in its capacity as a Data Controller, If you are located in India, the following applies to your Personal Information in accordance with Digital Personal Data Protection Act, 2023 (DPDP Act):

This Policy is intended to serve as a notice under Sections 5 and 6 of the DPDP Act, 2023.
Where we rely on your consent, you may withdraw your consent at any time by contacting us at notices@Odessainc.com. Such withdrawal will not affect the lawfulness of processing carried out before the withdrawal.
We may collaborate with registered Consent Managers, where applicable, to manage and honor your preferences and consents.
If we process children’s Personal Data or data of persons with disabilities requiring guardianship, we will obtain verifiable consent from the parent or lawful guardian, in accordance with Section 9 of the DPDP Act.
You may contact our Grievance Officer at privacy@odessainc.com to raise any concerns or exercise your rights under Section 11 of the DPDP Act.
In accordance with Section 8, we implement reasonable security safeguards to protect your Personal Information and have mechanisms in place to report personal data breaches to the Data Protection Board of India, where applicable.

10. Supplemental Notice for Australia

This section provides additional details for when Odessa processes Personal Information, in its capacity as a Data Controller, If you are located in Australia, the following applies to your personal information:

This Policy is intended to comply with the Australian Privacy Principles (APPs) as set out in the Privacy Act 1988.
You may request access to, or correction of, the personal information we hold about you by contacting notices@Odessainc.com.
If we transfer your personal information outside of Australia, we take reasonable steps to ensure the recipient complies with the APPs or is subject to a law or binding scheme that offers substantially similar protection.
If you are dissatisfied with how we manage your personal information, you may lodge a complaint with us at notices@Odessainc.com. If unresolved, you may escalate it to the Office of the Australian Information Commissioner (OAIC) via https://www.oaic.gov.au

11. Other Privacy Related Information

Data Security

Odessa implements reasonable and appropriate administrative, technical, and organizational safeguards to protect Personal Information from risks such as accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. We also require our third-party service providers and vendors to maintain similar protection when handling Personal Information on our behalf.

Security is a shared responsibility. Users of our services must also take steps to safeguard the data, systems, and credentials they access or use. While we strive to protect your Personal Information, no method of transmission over the Internet or method of electronic storage is completely secure. If you believe your interaction with us is no longer secure, please contact us immediately at notices@Odessainc.com.

Retention of Your Information

Odessa retains Personal Information only for as long as it is necessary and relevant for the purposes for which it was collected, including providing our services, meeting legal or contractual obligations, resolving disputes, enforcing our agreements, or supporting legitimate business operations. When Personal Information is no longer needed, we securely dispose of it in accordance with applicable laws and internal policies. In certain cases, we may also retain information to comply with legal requirements, prevent fraud, support investigations, or troubleshoot issues.

Appropriate safeguards where Personal Information is Transferred to a Third Country or to an International Organization

Odessa implements appropriate safeguards to protect Personal Information when it is transferred across borders, including outside of the United Kingdom, Switzerland, or the European Economic Area (EEA). Where such transfers are made to countries that do not have an adequacy decision from the relevant authorities, we rely on legally recognized mechanisms such as Standard Contractual Clauses or other appropriate contractual safeguards to ensure that your information remains protected in accordance with applicable data protection laws.

Linked Sites and Odessa Solution

Odessa’s website or application may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

12. Changes to this Policy

Odessa may make changes to this Policy. The most current version of the Policy would govern Odessa’s use of information about you and will be located at https://www.odessainc.com/privacy-policy Any changes will become effective when we post the revised Policy on this page.

13. How to Contact Us

If you have questions or concerns regarding this Policy or practices, contact notices@Odessainc.com

Participation in the Data Privacy Frameworks

Odessa Technologies, Inc. complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.

Odessa has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. DPF Principles with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Odessa has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. DPF Principles with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.

If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the DPF Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

Accountability for Onward Transfer:

Odessa remains responsible for the processing of personal data it receives under the DPF and subsequently transfers to a third party acting as an agent on its behalf. Odessa complies with the DPF Principles for all onward transfers of personal data from the EU, UK, and Switzerland, including the onward transfer liability provisions.

Complaints and Dispute Resolution:

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Odessa commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF.

In compliance with the DPF Principles, Odessa commits to resolving complaints about our collection or use of your personal data. EU, UK, and Swiss individuals with inquiries or complaints should first contact Odessa at:

Email: notices@Odessainc.com
Mailing Address:
Two Liberty Place
50 South 16^th Street
Suite 1900
Philadelphia, PA 19102
Attention: Data Protection Officer

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Odessa commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to International Centre for Dispute Resolution/American Arbitration Association (ICDR/AAA), an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://go.adr.org/dpf_irm.html for more information or to file a complaint. The services of ICDR/AAA are provided at no cost to you.

When acting as a data controller, Odessa addresses complaints directly and through its independent recourse mechanism, ICDR AAA, at no cost to individuals. When acting as a data processor, Odessa processes personal data only on behalf of and under the instructions of its customers, who are responsible for handling data subject requests and complaints.

Binding Arbitration
Under certain conditions, you may be entitled to invoke binding arbitration for complaints regarding Odessa’s compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), and the UK Extension to the EU-U.S. DPF.

This option is available only as a final recourse when other dispute resolution mechanisms have been exhausted. Odessa is obligated to arbitrate claims and follow the terms set forth in Annex I of the DPF Principles, provided that an individual has invoked binding arbitration by delivering notice to Odessa and following the procedures and conditions detailed in Annex I. For more information about this process, please refer to the official DPF resources Arbitration Procedures

For the Swiss-U.S. DPF, please refer to Available Remedies (Swiss-U.S. DPF)

U.S. Federal Trade Commission Enforcement:

For purposes of DPF compliance, Odessa is subject to the investigatory and enforcement powers of the United States Federal Trade Commission (FTC). Where required, we will make public any DPF-related compliance or assessment findings issued by the FTC or a competent court, subject to applicable confidentiality obligations.