Origami Risk Privacy Policy

Updated: March 31, 2023

Origami Risk LLC (together with its subsidiaries, “Origami Risk,” “we,” “our,” or “us”) respects your privacy and is committed to protecting it through our compliance with this Privacy Policy. This Privacy Policy describes (1) the types of personal information we may collect from you or that you may provide when you visit our website located at www.origamirisk.com or www.origamirisk.co.uk (our “Website”), and (2) our practices for collecting, using, protecting and disclosing that information. This Privacy Policy also describes how we collect and use data in connection with our software-as-a-service offering and related professional services that we provide pursuant to written agreements with our customers (herein referred to as the “Services”).

Collection and Use of Personal Information

 

Origami Risk Website

Personal information collected from you on our Website will be used to carry out the actions you have requested or authorized. Additionally, we may use your personal information to provide you with information about our Services.

Our Website may collect certain information about your visit, such as the name of your Internet service provider and the Internet Protocol (IP) address through which you access the Internet; the browser you are using; the date and time you access our Website; the pages that you access while at our Website and the Internet address of the Website from which you linked directly to our Website. This information is used to help improve our Website, analyze trends, and administer our Website.

From time to time, we may engage Google Analytics or other third-party providers of marketing services to assist us with the purposes set forth above. We maintain contracts with each of these third parties restricting their access, use and disclosure of personal data. For more information on how Google Analytics collects and processes data, please visit “How Google uses information from sites or apps that use our services” linked here. We otherwise do not disclose personal information collected from our Website to non-agent third parties without authorization from the individual that submitted such information to us.

Notwithstanding the foregoing, for those individuals visiting our www.origamirisk.co.uk website, or those users visiting our website from a UK or EU-based IP address, we provide an “opt-in” approach to the use of cookies and storage of personal information.

We provide the opportunity for individuals to “opt-out” of having their personal information (as collected from our Website) used for the purposes set forth above, and we provide the right to be “forgotten” (i.e., we will remove all of your personal information from our records). If you do not wish your personal information (as collected from our Website) to be stored on our systems, or provided to third parties, we will remove your information from these systems. Simply email legal@origamirisk.com with the details of your request and we will respond promptly.

Origami Risk Services

As part of our Services, we provide a web-based system to our customers (primarily companies and governmental entities) and their designated third party users (collectively, our “Users”) that tracks information related to insurance and risk in order to help our Users manage insurance claims, improve safety and reduce costs. In providing the Services to our Users, we store and process data that our Users submit to us or instruct us to process. We use such information in order to provide the Services to our Users pursuant to the terms of the written agreement between us and our customer, and we do not use this information for any other purpose.

While our Users decide what data to submit, it typically includes insurance-related information such as claims, incidents, and policies, as well as related supporting documentation and analysis. This information may include personally identifiable information. When we provide our Services to our Users, in some instances we process personal information about third parties that is provided by our Users.

We use a limited number of third-party service providers to assist us in providing our Services to our Users. These service providers fall into one of the following categories:

• Hosting providers (we currently use Amazon Web Services)
• Providers of additional functionality for our Services (as set forth in the written agreement between us and our customer)

These third parties may access, process, or store personal data in the course of providing their services. We will only provide personal information to these third parties for the purpose of providing our Services to our Users. We maintain contracts with each of these third parties restricting their access, use and disclosure of personal data. Our customers and Users generally will not have the opportunity to opt out of having their personal information shared with these third-party service providers for these purposes while receiving our Services. We otherwise do not disclose personal information to non-agent third parties except as may be contemplated by a written agreement with our customer or otherwise as directed by our Users.

Disclosure Required by Law

In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

We reserve the right to disclose personal information as required by law and when we believe that disclosure is necessary to protect our legal rights and/or to comply with a judicial proceeding, court order, or legal process.

Access to Personal Information

We acknowledge the right of individuals to access their personal data as collected through our Website. Individuals wishing to review, edit, supplement or delete their personal data as collected through our Website may do so by contacting us at legal@origamirisk.com, and we will promptly respond to any such request.

Individuals wishing to review, edit, supplement or delete their personal data as provided to us by our Users for use with our Services should contact the applicable User that provided this data to us. Alternatively, such an individual can contact us at legal@origamirisk.com and we will work with our User to respond to the request. However, note that we are contractually bound to our customers to maintain the confidentiality and integrity of the personal information that we store as part of our Services, and any such request from an individual that is not our customer would need to be approved by our customer except as otherwise required by law.

Security of your Personal Information

We are committed to protecting the security of your personal information. While no computer system is completely secure, we have put in place appropriate physical, electronic, and managerial procedures to safeguard and secure your personal information.

Cross-Border Transfers of Personal Information

To the extent that our processing of personal data as part of the Services is subject to the EU or UK General Data Protection Regulation (GDPR), we will work with our customers to ensure that an adequate transfer mechanism exists for any such cross-border transfers of such data to the extent required by applicable law.

Your Rights

Individuals located in certain countries have certain statutory rights in relation to their personal data. Subject to any exemptions provided by law, you may have the right to request access to information, as well as to seek to update, delete or correct this information. If you are an Origami client, you can usually do this using the settings and tools provided in your account. If you cannot use the settings and tools, please contact us (at the contact information set forth below) for assistance.

To the extent that our processing of your personal data is subject to the GDPR, we only collect, use, and process personal data where we have lawful grounds to do so, which may include, without limitation: (i) in order to provide the requested Services, (ii) in connection with our legitimate interests, (iii) in connection with our fulfillment of legal obligations, or (iv) as otherwise consented to by you. For the avoidance of doubt, we may process personal data for direct marketing purposes as set forth above and you have a right to object to our use of your personal data for this purpose at any time.

Data Protection Officer

To communicate with our Data Protection Officer, please email dpo@origamirisk.com.

UK and EU Representative and Data Protection Authority

Our representative in the United Kingdom is Origami Risk Ltd. You can contact this representative as follows:

Origami Risk Ltd. | 150 Minories | London, EC3N 1LS | United Kingdom

Email: legal@origamirisk.com

If you are in the EU, you may address privacy-related inquiries to our EU representative pursuant to Article 27 of GDPR as follows:

EU-REP.Global GmbH | Attn: Origamirisk | Hopfenstr. 1d | 24114 Kiel | Germany  origamirisk@eu-rep.global www.eu-rep.global

If you are a resident of the United Kingdom and believe we maintain your personal data within the scope of the UK GDPR, while we request that you attempt to resolve any issues with us first, you may direct concerns or complaints to the UK’s Information Commissioner’s Office, our lead supervisory authority, at any time as noted below:

www.ico.org.uk

Information Commissioner’s Office | Wycliffe House, Water Lane | Wilmslow, Cheshire, SK9 5AF | United Kingdom | Phone: 0303 123 1113

If you are a resident of the European Economic Area and believe we maintain your personal data within the scope of the EU GDPR, while we request that you attempt to resolve any issues with us first, you may direct concerns or complaints to your supervisory authority in the region in which you live by contacting the applicable supervisory authority set forth here.

California Privacy Rights

If you are a resident of California, this section provides additional details about the personal information we collect about you, and your rights under the California Consumer Privacy Act (“CCPA”) and California Privacy Rights Act ("CPRA").

We may collect, transmit and store various categories of your personal information. Over the last 12 months, we have collected the following categories of personal information:

CATEGORY

EXAMPLES

Identifiers

First name, last name, email address

Commercial Information

Records of software products and/or services purchased, obtained or considered

Internet or other electronic network or device activity information

Search history, information on interactions with a website, application, or advertisement

Geolocation Data

Approximate physical location (derived from an IP address)

Professional or employment information

Current or past employment, job title, employer name

Inferences

Activity on the Site to infer interest in certain products and categories

Sensitive personal information

Account login and password information

Subject to certain limitations, the CCPA and CPRA provide you the right to request:

• That we provide you access to details on the categories or specific pieces of personal information we collect and/or sell (including how we use and disclose this information, to whom we may sell it);
• That we delete any of your personal information;
• That we correct any inaccuracies in your personal information;
• To opt out of any “sale” or "sharing" of your personal information that may occur, including sensitive personal information; and
• To not be discriminated against for exercising any of the above rights.

If you would like to submit a request to exercise your California privacy rights, you may do so by emailing legal@origamirisk.com with your request. We will verify your request using information associated with your account, including your email. Further identification may be required. You may also designate an authorized agent to act on your behalf.

Please note that Origami Risk may retain a record of your request to delete your personal information.

This section does not cover the Personal Information we process as a ‘service provider’ in connection with the Service provided to our business customers, such as your organization. Our commitments as a service provider are set forth in the applicable agreement between Origami Risk and our business customer.

Choice of Future Communications

From time to time, we may send you information about our Services that may be of interest to you. At such a time, you will be given an opportunity to opt out of future communications.

Cookies and Tracking

We may use technology, such as Google Analytics, to track the patterns of behavior of visitors to our Website. This can include using a “cookie,” a text file sent by a web server to a web browser and stored by the browser for record-keeping purposes. As a result, it is possible to speed up your future activities on our Website and allow us to provide you with a personalized browsing experience.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the features of our Website.

Our Website does not process or respond to web browsers’ “do not track” signals or other similar transmissions that indicate a request to disable online tracking of users who visit our Website.

Notwithstanding the foregoing, for those individuals visiting our www.origamirisk.co.uk website, or those users visiting our website from a UK or EU-based IP address, we provide an “opt-in” approach to the use of cookies and storage of personal information.

Links to Third-Party Websites

Our Website and our Services may provide links to unaffiliated third-party websites. As we do not control these websites, we encourage you to review the policies of these third-party sites.

Changes to this Privacy Policy

We may occasionally update this Privacy Policy. When we do, we will also revise the “Updated” date at the top of this Privacy Policy. If we make material changes to this Privacy Policy, we will notify you by prominently posting a notice of such changes. We encourage you to periodically review this Privacy Policy to stay informed about how we are helping to protect the personal information we collect. Your continued use of our Website or Services constitutes your agreement to this Privacy Policy and any updates.

Contact and Enforcement Information

If you have any questions regarding this Privacy Policy, please contact us at legal@origamirisk.com. If you believe that we have not adhered to this Privacy Policy, please contact us at legal@origamirisk.com, and we will attempt to promptly determine and remedy the problem. You can also contact our Data Protection Officer at any time at dpo@origamirisk.com.