Skip links
Calculate Shipping Prices

Get the OTO App

PRIVACY POLICY

Last modified: December 15, 2024

At TRYOTO.COM (“we”; “us”; “our”), protecting your privacy is a top priority. This policy outlines how we collect, use, process, share, and store your Personal Data. By using our site https://tryoto.com (“Website”), you consent to this policy.  

Introduction

1) Our privacy policy describes the ways in which we collect, store, use, transfer and protect your personal data and it is important for you to review this privacy policy. By “Personal Data” we mean any data, regardless of its source or form, that may lead to identifying an individual specifically, or that may directly or indirectly make it possible to identify an individual, including name, personal identification number, addresses, contact numbers, licence numbers, records, personal assets, bank and credit card numbers, photos and videos of an individual, and any other data of personal nature.

2) We do not consider anonymized information to constitute Personal Data as it cannot be used to identify a specific person. We collect Personal Data from you when you use our Website (including, without limitation, when you call or email our customer support team). By providing us with your Personal Data you expressly consent to us processing your Personal Data in accordance with the terms of our privacy policy.

3) We may amend our privacy policy at any time by posting a revised version on the Website. The revised version will be effective at the time we post it and, following such posting, your continued use of the Website will constitute your express consent to us continuing to process your Personal Data in accordance with the terms of our revised privacy policy.

4) We would encourage you to check the Website regularly for the announcement of any amendments to our privacy policy.

I. Collection of Information

A. Information You Provide to Us  

We collect information you provide directly, including:  

  1. Personal details: Name, email address, phone number, and order address.  
  2. Financial information: Bank name, IBAN, client address, CR number, VAT number.  
  3. Credentials: SMS gateway, sales channels, delivery company, email, ERP, WMS, refresh tokens.  

B. Information About You  

We may collect additional Personal Data, such as:  

  1. Data provided during registration or when verifying your identity (e.g., passport, ID), as required for specific services or to comply with legal obligations.
  2. Feedback, surveys, or communications with customer support.  

C. Information We Collect Through Automated Means  

Automatically collected data includes:  

  1. Log files: IP address, browser type, ISP, date and time, and navigation details.  
  2. Cookies: small files stored on your device, to improve your experience on our website. These cookies help us analyze website traffic, personalize content, and remember preferences. You can manage your cookie settings at any time by adjusting your browser settings

D. Information We Collect from Social Media and Other Content Platforms  

We may collect publicly available information when you interact with our content on social media or other platforms.  

II. Use of Information  

We use the information collected for the following purposes:  

A. To complete transactions and provide services, ensuring smooth processing of transactions, effective delivery of services, and proper account management.  

B. To respond to inquiries and provide customer service, assisting users with any issues, questions, or concerns they may have.  

C. To provide updates about services and events, keeping users informed about workshops, updates, and upcoming events of interest.  

D. To send marketing communications, including promotional materials and offers, but only where the user has provided explicit consent to receive them.  You can opt-out of receiving these communications at any time by clicking the unsubscribe link in any email or by contacting us directly.

E. To improve services by analyzing data to enhance and customize the user experience, ensuring that offerings are tailored to their needs.  

F. To ensure security and legal compliance, protecting against fraud, safeguarding user information, and adhering to legal and regulatory obligations.

III. Processing of Information

A. Principles

 

We process personal data in compliance with the General Principles of GDPR and the Personal Data Protection Law (“PDPL”). 

This means that OTO processes Personal Data pursuant to the following principles of personal data processing:  

  • Lawfulness, fairness, and transparency: OTO ensures that it processes and discloses Personal Data only after having an appropriate lawful basis for such processing; OTO processes Personal Data only in ways that data subject would reasonably expect; OTO is open and clear towards data subjects when processing Personal Data. 
  • Purpose limitation: OTO has a specific purpose for processing the Personal Data it collects.
  • Data minimization: OTO only collects and processes the minimum amount of Personal Data that is relevant, necessary, and adequate to fulfill the purposes for which it is processed. 
  • Storage Limitation: OTO processes Personal Data no longer than is necessary for the purposes for which the personal data has been collected, unless processing (storing) for a longer time is required by the applicable laws.
  • Accuracy: OTO will take reasonable measures to ensure that Personal Data is accurate and up to date and will always provide an opportunity to individuals to correct and update their personal data, where necessary. 
  • Integrity and Confidentiality: OTO has in place appropriate technical and organisational measures to ensure security of personal data. Such measures protect the confidentiality, integrity and availability of Personal Data. 
  • Accountability: OTO has put in place appropriate measures and records in place to be able to demonstrate compliance with the PDPL and pursuant to the general principles of GDPR. 

B. Anonymization

Any information gathered through your use of the Services may be aggregated and/or anonymized so that it can no longer identify you, or be attributed to you or your device. We may use this information for any purpose, including but not limited to research, analytics and marketing, and we may share it with third parties such as advertisers, promotional partners, and sponsors. If you wish to opt out of your data being anonymized for specific purposes, please contact us.

C. Obligations

OTO processes personal data in compliance with its obligations under the PDPL, acting in both the capacities of a data controller and a data processor. This means that OTO determines the purposes and means of processing personal data while also processing data on behalf of third parties when required.  

To ensure lawful, fair, and transparent data processing, OTO adheres to the following obligations:  

  • OTO processes personal data based on a clear and documented lawful basis.  
  • OTO implements appropriate organizational, administrative, and technical measures to protect the personal data being processed, safeguarding its confidentiality, integrity, and security.  
  • In cases where sub-processors (such as delivery companies and payment processors) are engaged, OTO ensures that contracts with sub-processors uphold the level of protection required under the PDPL and its associated regulations and that such sub-processors provide sufficient guarantees to comply with the PDPL and related obligations.  

IV. How Your Information is Shared  

We will share your information in the following ways:

A. Subsidiaries and affiliates. We may share the information we gather within the company group in order to provide you with products and services, maintain a consistent level of service, and improve our products, services, and your overall customer experience.

B. Service Providers. Our third-party service providers who execute services on our behalf have access to or share your information with us. They have access to execute these services, but they are not allowed to use your data for any other purpose. Billing, sales, marketing, product content and features, advertising, analytics, research, customer care, data storage, security, fraud prevention, payment processing, and legal services are among the services they provide to us.

C. Legal Compliance. We may access, retain, and disclose the information we collect and maintain about you if required to do so by law or in the good faith belief that such access, retention, or disclosure is reasonably necessary to: (a) comply with legal process (e.g., a subpoena or court order); (b) enforce our Terms of Service, this Privacy Policy, or other contracts with you, including investigating potential violations thereof; (c) rescind our Terms of Service. This includes sharing data with other businesses and organizations for fraud prevention, spam/malware prevention, and other similar purposes.

D. Transfer of Information in Business Transactions. In the course of expanding our business, we may engage in mergers, acquisitions, or partnerships with other entities. In such instances, user information may be transferred as part of the assets involved in these transactions. Customer information, including email addresses, could be among the assets transferred if a portion or all of our assets are sold or transferred to a third party. We will take steps to ensure that the receiving party respects your privacy and continues to protect your data in accordance with this privacy policy. Any such transfer will adhere to applicable legislation, including any additional mandatory limits imposed by law.

E. Public Forum Disclosure. Certain elements of our Services allow you to openly share comments with other users. Any information you provide through these services is not private, and we may use it for any reason (including in testimonials or other marketing materials). Any information you make public in these methods will be available to the general public and may be searchable by third-party search engines. As a result, please exercise caution when using these features.

F. Sharing of Aggregated or Anonymized Information. We may share aggregate/anonymous information on how users use the Services from time to time, for example, by issuing a report on usage trends. 

V. Storage of Information  

Data is stored on the Google Cloud Platform (GCP) in Belgium, Europe, where it is encrypted and secured. Only authorized personnel have access to personal data.  

To ensure that such international data transfers comply with applicable laws and regulations, including KSA data protection requirements, OTO implements safeguards such as standard contractual clauses as the legal mechanism to ensure that your personal data is afforded an adequate level of protection during its transfer and processing outside of the KSA; Furthermore, OTO has entered into agreements and adopted measures to ensure compliance with all applicable KSA data protection regulations. These include ensuring that third-party service providers meet the standards required by the applicable law.

We only store your information for as long as it is required for the purposes for which it is processed. The amount of time we keep information is determined by the purposes for which it was gathered and utilized, as well as any legal requirements.

VI. Miscellaneous  

 

A. Cookies and Similar Technologies  

We use cookies to enhance user experience and analyze site performance.  

B. Online Data Analytics and Advertising Analysis  

We utilize analytical tools to improve marketing strategies and website functionality.  

C. Protection of Your Information  

To safeguard the information given through the Services from loss, misuse, and unauthorized access, disclosure, modification, or destruction, OTO employs technical and organizational security measures.   

In the event of a data breach, affected users will be notified as required by law.

D. Data Subject Rights and Choices  

1. Your Consent to the Collection, Use, Disclosure and Storage of Personal Data:

By using the website, mobile application, or any other online or mobile service provided by OTO, you acknowledge that we may collect, use, disclose, transfer, and store your information as outlined in this Privacy Policy. We are committed to protecting your privacy and ensuring that your information is processed lawfully, transparently, and for legitimate purposes.

The collection, use, disclosure and storage of your information is contingent upon your explicit consent. By visiting the website or creating an account, you explicitly consent to the collection, use, disclosure and storage of your information as outlined in this Privacy Policy. You have the right to withdraw your consent at any time. To withdraw consent, please contact us using the information provided in the “Contact Us” section below. We will process your request promptly, and you will receive confirmation once the consent is withdrawn.

It is essential to us that you understand and consent to the processing of your Personal Data in accordance with applicable data protection laws.

2. Your Privacy Rights:

a. Access to Your Information: You have the right to request access to the Personal Data we hold about you. If you would like to review, verify, correct, or request a copy of your information, please contact us using the contact information provided at the end of this Privacy Policy.

b. Correction of Your Information: You have the right to have any inaccuracies in your Personal Data corrected. If you believe that any of the information we hold is inaccurate or incomplete, please contact us, and we will promptly take corrective action.

c. Deletion of Your Information: You have the right to request the deletion of your Personal Data, subject to applicable legal requirements. If you wish to have your information deleted, please contact us, and we will assess your request in accordance with applicable laws.

d. Data Portability: You have the right to request a copy of your information in a structured, commonly used, and machine-readable format for the purpose of transferring it to another organization. If you would like to exercise this right, please contact us.

e. Objection to Processing: You have the right to object to the processing of your Personal Data under certain circumstances, such as when we are relying on our legitimate interests as the legal basis for processing. If you wish to object to the processing of your information, please contact us, and we will review your request in accordance with applicable laws.

f. Withdrawal of Consent: If you have provided your consent for the processing of your information, you have the right to withdraw your consent at any time. To withdraw your consent, please contact us. Please note that the withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

E. Amendments to Our Privacy Policy  

We retain the right to make modifications to this Privacy Policy at any time in order to reflect changes in the legislation, our data collecting and use policies, the features of our Services, or technological advancements. You should examine the amended Privacy Policy on a regular basis because it will be accessible through the Services. Check the ” Last Update” date at the beginning of the document to see if the Privacy Policy has changed since the last time you saw it. If we make a major modification to the Policy, we will provide you with adequate notice in line with the law. 

F. Contact Us  

For questions or concerns, please contact us via [email protected] or via our support channels.