Privacy Policy

1. Scope of this Privacy Policy

This Privacy Policy explains how Opus 2 International Limited and the Opus 2 group of companies (referred to together as “Opus 2”, “we”, “us”, or “our”) collect, use, and share your personal data in connection this website (“Website”), use Opus 2 software (but except where this is under a Customer Agreement between Opus 2 and the Customer organisation - see below for more details) or when you otherwise engage with us (for example attending an event, or applying for a role with Opus 2, ). This Privacy Policy should be read in conjunction with our Cookies Policy, which provides details of how Opus 2 uses cookies and similar technologies on the Website. 

This Privacy Policy does not apply to:

• individuals who are using Opus 2's software under a Customer Agreement between Opus 2 and the Customer organisation (see "End User Privacy Statement" below);
• employees and independent contractors engaged by Opus 2 (the provisions of the separate data privacy policy supplied to you apply instead); and
• any website, application, product, software, service, or content that is offered by third parties which links to their own privacy statement, privacy policy, or privacy notice.

End-User Privacy Statement

2. About Opus 2 and Contact details

Opus 2 International Limited is a company registered in England with its registered office at 5 New Street Square, London EC4A 3BF. Our company number is 05907841. The Opus 2 group of companies is made up of multiple legal entities and details can be found here.

3. Opus 2 Information collected and used by Opus 2

This Privacy Policy covers personal data Opus 2 collects and processes as a “data controller” (“Opus 2 Information”) when you use the Website or otherwise engage with Opus 2. If you are an End User, this Privacy Notice does not apply to you and instead, you should refer to the End User Privacy Statement. 

Opus 2 may collect, receive and/or generate other personal data via your interaction with the Website or from your communications and relationship with Opus 2, for example where you contact Opus 2 to enquire about Opus 2’s products and services, contract with Opus 2 for the supply of Opus 2’s products and services if you are an account contact or billing contact for the customer under its contract with Opus 2, when you apply for a role at Opus 2, sign up to receive communications from us, or when you interact with Opus 2 for another reason.

Opus 2 Information we collect:

• Contact Information: may include first name, last name, name of your employer or chambers, job title, email address, telephone number, and similar information.
• Profile Information: your preferences in receiving marketing from Opus 2 and your communication channel preferences, interests you communicate to Opus 2 about key topics you are interested in, and feedback you provide to Opus 2 on any aspect of Opus 2’s business.
• Recruitment Information: information you submit to Opus 2 regarding your interest in or application for a vacancy, such as your curriculum vitae.
• Pre-Release Software/Other software: If you agree to take part in testing any testing of Opus 2’s beta or other pre-release software or other software links to this Privacy Policy to which is otherwise stated as being covered by this Privacy Policy, Opus 2 may (a) generate or automatically collect metadata or other technical information collected via your use and testing of the pre-release software, (b) collect any feedback you provide on features, performance, ease of use, bugs, interactions with other hardware and software, and other relates activities.
• Other Information: other personal data which you submit to Opus 2, which is generated by Opus 2, or which Opus 2 obtains through publicly available sources.

Cookies: The Websites use both technically necessary (for the functioning and security of the Website) and non-technically necessary Cookies for advertising and analytics purposes. A more detailed explanation of the Cookies used and how to opt-out from the non-technically necessary Cookies can be found in the Cookies policy.

Opus 2 may use Opus 2 Information for the following purposes:  

• To manage Opus 2’s relationship with you: to respond to communications from you, to notify you about changes to this Privacy Policy, to ask for your feedback.
• Invoicing and billing: to issue invoices, to keep track of billing and payments, to collect and recover money owed.
• Legal and regulatory purposes: as necessary for Opus 2 to comply with its legal and regulatory obligations.
• Events: to administer events that you have signed up to attend and to provide any post-event support and materials.
• Marketing: to send you emails about new product features, promotional communications, or other news about where you have requested to receive such communications or where there is another legal basis to send you such communications.  These are marketing messages, and you can opt-out of them, either by following the unsubscribe link in the email or by contacting us at privacy@opus2.com.
• Recruitment: to conduct and communicate with you regarding recruiting and human resources administration.
• Pre-Release Software/Other software: if you agree to take part in testing of Opus 2’s beta or other pre-release software, or use other Opus 2 software which is stated as being covered by this Privacy Policy (and not the End-User Privacy Statement), Opus 2 may use your personal data to provide, deliver, analyse, and administer the software, to improve, test, and enhance the features and functions of the software, to investigate and address any violations or abuse of the software or to detect, prevent and remediate any security issues.
• Internal Development: to update and improve Opus 2’s products and services; to develop new products and services.
• Other business purposes: as otherwise required to perform or support Opus 2’s day-to-day business activities where such use is in Opus’s legitimate interests and provide such interests do not override your fundamental rights.

4. Aggregate/De-Identified Information

Opus 2 may aggregate and/or de-identify Opus 2 Information so that it can no longer reasonably be used to identify an individual (“Aggregate/De-Identified Information”). Opus 2 may use Aggregate/De-Identified Information for Opus 2’s own business purposes and may also share such information with any third parties.

5. Sharing Opus 2 Information

Opus 2 may share Opus 2 Information with third parties as necessary to support and fulfil the purposes (as set out in this Privacy Policy) for which the Opus 2 Information is collected and processed.

• Affiliates and Subsidiaries: Opus 2 may share Opus 2 Information within the Opus 2 group of companies.
• Service Providers: Opus 2 utilises trusted third-party providers to help support us in providing, updating and protecting our Services, Websites, and business. On occasion, we may need to share the Opus 2 Information with these third parties. These third parties provide a variety of services to Opus 2, including but not limited to sales, marketing, provision of content and features, analytics, data storage, security, fraud prevention, and other services.
• Business Transactions: If the ownership of Opus 2’s business changes, Opus 2 may transfer the Opus 2 Information to the new owner. If such transfer is subject to additional mandatory restrictions under applicable laws, Opus 2 will comply with such restrictions.
• Legal obligation and protection of rights: Opus 2 may share Opus 2 Information where Opus 2 is under a duty to disclose it in order to comply with any legal obligation or to respond to any claims, as may be needed to protect Opus 2’s rights or the rights of a third party.
• Other business purposes: Opus 2 may share Opus 2 Information where it is in Opus 2’s legitimate interests to do so to support the purposes (as set out in this Privacy Policy) for which the Opus 2 Information is collected and processed.

Opus 2 may share Customer Data (as defined in the End User Privacy Statement) with Subprocessors as authorised by the Customer and in accordance with the Customer Agreement (as defined in the End User Privacy Statement) Details of the Subprocessors appointed by Opus 2 is here List of Subprocessors. If you have any questions about the Subprocessors appointed by Opus 2, please contact the Customer.

6. Security

Taking into account the state of the art, the costs of implementation and the nature, scope, context, and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Opus 2 implements appropriate technical and organisational measures to ensure a level of security appropriate to the risk of processing. Details of the security measures we have in place can be found here at the Opus 2 Security page available here https://www.opus2.com/security.

7. Legal bases for processing Opus 2 Information

Opus 2 only uses your personal data when we have a legal basis for processing. Below are the legal bases that Opus 2 relies on when processing Opus 2 Information as a “data controller”.

• Performance of a contract: where we need to perform a contract (including a contract between Opus 2 and its customer) which Opus 2 has entered into.
• Legal or regulatory obligation: where Opus 2 needs to comply with a legal or regulatory obligation to which it is subject.
• Legitimate interests: where necessary for Opus 2’s interests (or those of a third party), provided that Opus 2’s interests do not override your fundamental rights.
• Consent: where you have provided Opus 2 with your consent to the processing.

Opus 2 does not typically rely on Consent as a legal basis for processing. Where we rely on Consent (e.g. to send you marketing emails), you have the right to withdraw your consent and opt-out at any time. If you wish to opt-out, you can do so either by using the unsubscribe link in the email or by contacting us at privacy@opus2.com.

8. Where does Opus 2 store the Opus 2 Information

The location of the storage of Opus 2 Information typically depends on where the Opus 2 entity with whom you are engaging is based.

Opus 2 may transfer Opus 2 Information to third parties and companies within the Opus 2 group who are located in countries other than the one in which you live. To the extent that Opus 2 Information is transferred abroad, Opus 2 will ensure compliance with the requirements of the applicable laws in the respective jurisdiction in line with Opus 2’s obligations.

9. Data retention

Opus 2 keeps Opus 2 Information for no longer than is necessary for the purposes for which it is to be used. The length of time Opus 2 retains particular Opus 2 Information depends on the purposes for which we collect and use it.

10. Your legal rights

Data privacy laws across the world give individuals certain legal rights in respect of their personal data. These rights may include:

• the right to ask Opus 2 provides you with confirmation that Opus 2 processes your personal data, and the right to access the personal data Opus 2 holds about you.
• the right to request erasure sometimes referred to as the right to be forgotten;
• the right to request that Opus 2 rectifies inaccurate personal data concerning you and, depending on the purposes of the processing, you may have the right to have incomplete personal data completed.
• the right to object on legitimate grounds to the processing of your personal data.
• withdrawal of consent – when personal data is processed on the basis of consent you may withdraw consent at any time. If you no longer want to receive any marketing material from Opus 2, please use the unsubscribe link which is in all our marketing emails, or email us at privacy@opus2.com.
• you may have the right to lodge a complaint to an applicable supervisory authority or another regulator if you are not satisfied with our responses to your requests or how we manage your personal data. Opus 2 encourages you to first also reach out directly (via privacy@opus2.com) so that Opus 2 may have an opportunity to address your concerns directly.

If you are resident in California, the CCPA provides you with the following additional rights:

• Right to Know: California residents may request disclosure of the specific pieces and/or categories of personal data that the business has collected about them, the categories of sources for that personal data, the business or commercial purposes for collecting the information, the categories of personal data that we have disclosed, and the categories of third parties with which the information was shared.
• Right to Opt-Out: Opus 2 does not sell your personal data to third parties for monetary value. However, the term “sale” is defined broadly under the CC To the extent that “sale” under the CCPA is interpreted to include the purposes of use specified in this Privacy Policy, Opus 2 will comply with applicable law as to those activities. To the extent that Opus 2 “sells” personal data (as that term is defined under the CCPA), California residents are entitled to opt-out of the “sale” of data at any time. You can opt-out by contacting us at privacy@opus2.com.
• Opus 2 does not share any Opus 2 Information with third parties for their own direct marketing purposes. However, as companies within the Opus 2 group are separate legal entities, these could be classed as third parties under the CCPA. Any transfer of your personal data to companies within the Opus 2 group and their use of your data will always be in accordance with this Privacy Policy and applicable laws.

The above rights are not an exhaustive list and you may have additional rights depending on the data privacy laws that apply to you. Please consult the data protection laws that apply to you to determine what rights may be available to you and any exemptions.

Please keep in mind all of the above rights are not absolutely guaranteed. Again, please consult the data protection laws that apply to you to determine what rights may be available to you and any exemptions. While Opus 2 will always try to respond to your satisfaction, there are exemptions and situations where Opus 2 may not be able, or under an obligation, to fulfil your request. 

11. How to exercise your rights

If you want to exercise any of your legal rights in respect of the personal data Opus 2 processes about you please send an email to privacy@opus2.com. Please keep in mind that the rights are not absolutely guaranteed. Whilst Opus 2 will always try to respond to your satisfaction, there are exemptions and situations where Opus 2 may not be able, or under an obligation, to fulfill your request. Please consult the data protection laws that apply to you to determine what rights may be available to you and any exemptions.  

Opus 2 may need to request specific information from you to help Opus 2 to verify your identity before we disclose personal data to you or fulfill another of your requests in respect of your personal data. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. Opus 2 may also contact you to ask you for further information in relation to your request to speed up our response. You can help Opus 2 to respond to you and fulfill your requests more quickly by (a) providing sufficient information to help Opus 2 verify your identity when you submit your request, (b) letting Opus 2 know which legal right you are wanting to exercise, and (c) giving information about your relationship with Opus 2, for example, are you a candidate for a role, former employee, etc. Opus 2 may share your information with third-party service providers where this is needed to fulfill your request.

12. Opus 2 Data Protection Officer and contact details

If you wish to exercise your legal rights, have any queries, concerns or complaints about this Privacy Policy about Opus 2’s processing your personal data, or you wish to contact Opus 2’s Data Protection Officer, please email privacy@opus2.com.

You may have the right to lodge a complaint to the applicable supervisory authority or another regulator if you are not satisfied with Opus 2's response to your request or how Opus 2 manages your personal data. Opus 2 would always encourage you to first contact Opus 2, as Opus 2 aims to resolve all concerns and complaints you have in respect of Opus 2's use of your data in an efficient manner.

Opus 2 has appointed EDPO as its representative in the EU.  EDPO can be contacted using the online form at https://edpo.com/gdpr-data-request/ or by post at Avenue Huart Hamoir 71, 1030 Brussels, Belgium. 

13. Changes to this Policy

Opus 2 reserves the right to make changes to this Privacy Policy. If there are any material changes, we will notify you. Whilst Opus 2 does not intend to make changes to this Privacy Policy often, you are encouraged to review Privacy Policy regularly.

Opus 2 group of companies

Opus 2 International Limited incorporated and registered in England and Wales. Registered address is 5 New Street Square, London EC4A 3BF. Company Number: 05907841. Information Commissioner’s Office (ICO) Registration No: Z1361097.

Opus 2 Singapore PTE Limited incorporated and registered in Singapore. Registered address is 101C Telok Ayer Street, Singapore 068574 and principal place of business at 28 Maxwell Rd, #04-12/13 Maxwell Chambers Suites, Singapore 06912.

Opus 2 International Inc. incorporated and registered in the USA. Registered address is 100 Pine Street, Suite 775, San Francisco, CA 9411, USA

Opus 2 Lex Limited: incorporated and registered in England and Wales. Registered address is 5 New Street Square, London EC4A 3BF. Company Number: 05907841. Information Commissioner’s Office (ICO) Registration No: Z1361097.

Bar Squared Pty Limited: incorporated and registered in Australia. Registered address is C/-Logicca Pty Limited, Level 6 151 Macquarie Street, Sydney, NSW 2000. ABN: 37154822090

 

Opus 2 Cookies Policy

Overview

Cookies are small text files that our Website asks to place on your computer or other internet enabled devices, such as tablets or smartphones. If your browser is set to accept Cookies, then your browser adds the text in a small file.

Except as indicated otherwise in this Cookie Policy, the Cookies used by us are essential for the functioning and performance of our Website, such as by making our Website work more efficiently and facilitating your use of the functionalities and services provided; these functionality and/or performance Cookies will be deleted from your device once your browser-session has ended (session Cookies). We will not use the information stored in essential Cookies for any other purpose than as strictly necessary to provide you with the services and functionalities requested. Cookies will not be used by us to contact you for marketing purposes.

Cookie Consent & personalised tracking

When you access our Website, if applicable, we will ask for your consent to place additional Cookies on your device by displaying a Cookie banner ("Cookie Consent"). These Cookies will not be strictly necessary for the functioning and performance of our Website but will help us to collect some of your personal data relating to your Website usage behaviour in order to improve our Website offering and services and/or to provide you with more personalized information and services. The Cookie banner informs you about the main purposes of the additional Cookies and provides you with information about your choices and where you may access further information. Your continued use of our Website after having been displayed with the Cookie banner will signify your consent to the described practices.

At all times, you have the right to withdraw your Cookie Consent and individually opt-out from the placement of Cookies and any collection of your information for the different purposes at any time with effect for the future. You can do so in your browser settings. You will need to do this for each device on which you access the Website.

More information on the Cookies we use

Necessary cookies: Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.  If you do not accept the Cookie Consent (or later change your Cookie preferences), and you continue to use the Website, only these necessary Cookies will be used.

Analytics cookies: Analytics cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously. 

Functionality cookies: Functionality cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in.

Advertising cookies: Advertising cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third-party advertisers.

Use of Google Analytics and Hubspot

Any information generated by the cookie about your use of our Website will be transmitted to and stored by Google and HubSpot on its servers. For more information about the information gathered using Google Analytics and HubSpot please visit http://www.google.com/intl/en/analytics/privacyoverview.html and https://legal.hubspot.com/data-privacy.

You can block these cookies by activating the setting on your browser as explained below. To opt-out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout.

Managing your cookie settings

If you prefer, you can change your settings to generally refuse cookies, to delete cookies that have already been placed on your device, or to warn you before a cookie is placed. Please refer to your browser instructions to learn more about how to adjust or modify your browser settings. If you choose not to accept cookies, and you still use the Website, only the necessary Cookies will be collected. Your opt-ing out of Analytics Cookies may impair the certain usability of the Website and you may not be able to take advantage of some of our features and services offered.

If you use different devices to access our Website (e.g., smartphone, tablet, computer, etc.) you will need to ensure that each browser on each device is adjusted to reflect your Cookie preferences.

You can block Google Analytics Cookies by activating the setting on your browser as explained below. To opt-out of being tracked by Google Analytics across the Website visit http://tools.google.com/dlpage/gaoptout.

You can block HubSpot Analytics Cookies by activating the setting on your browser as explained below. To opt-out of being tracked by HubSpot across the Website please declare this using our Cookie notification banner when you visit our website.

Changes to this Cookies Policy

We reserve the right to make changes to this Cookies Policy at any time with effect for the future. The then-current version of this Cookies Policy will be made available on the Website. While we do not intend to make changes to this Cookies Policy very often, we would encourage you to review our most current policy when you visit us to be sure that you have read and agree with what information we collect, how we use it and under what circumstances we disclose it.

Cookie Policy last modified: January 2021

 

End User Privacy Statement

1. Scope of this End User Privacy Statement

This End User Privacy Statement (“Privacy Statement”) applies to personal data which is submitted to or generated from an individual ("End User") who uses Opus 2 software (“Software Services”) pursuant to a Customer Agreement (as described below) and which links to this Privacy Statement.

This End User Privacy Statement does not apply:

• to visitors of the Opus 2 website (opus2.com) or individuals who otherwise interact with Opus 2 other than solely as a user of the Software Services (the Opus 2 Privacy Policy - https://www.opus2.com/privacy-policy applies instead).
• employees and independent contractors engaged by Opus 2 (the provisions of the separate data privacy policy supplied to you apply instead).
• to any website, application, product, software, service, or content that is offered by third parties or which links to their own privacy statement, privacy policy, or privacy notice.
• to Opus 2 software (other than Opus 2 Lex software) which is being hosted by Customer in the Customer's own environment. 
• to Customer Data (as defined below) or to the Customer’s use of Usage Information (as defined below), instead, the Customer's own privacy practices and notices shall apply.
  
  

2.  About Opus 2 and Contact details

Opus 2 International Limited is a company registered in England with its registered office at 5 New Street Square, London EC4A 3BF. Our company number is 05907841. The Opus 2 group of companies is made up of multiple legal entities and details can be found here. Reference to Opus 2 in this End User Privacy Statement means the Opus 2 entity which has entered into the Customer Agreement.

3. Customer Agreements and Opus 2 as a “data processor” of Customer Data  

Opus 2 enters into separate agreements (each a “Customer Agreement”) for the supply of Software Services to its Customers. The organisation (e.g. your employer, your legal advisors, or another entity) which has entered into the Customer Agreement with Opus 2 is the “Customer”.

If you are using the Software Services pursuant to an agreement between Opus 2 and the Customer, you are an “End User” of the Customer.

• Opus 2 processes personal data within content, data or other information submitted to the Software Services (“Content”) as is necessary to perform the Services pursuant to the Customer Agreement.
• Opus 2 also collects and processes certain information about End Users which is submitted to the Software Services (“End User Information”) as is necessary to perform the Software Services pursuant to the Customer Agreement.

(collectively the “Customer Data”).

Opus 2 is a “data processor” of the Customer for the Customer Data which is processed by Opus 2. Opus 2 processes the Customer Data on the instructions of the Customer in accordance with the terms of the Customer Agreement. Depending on the Software Services being supplied, the Customer may be able to:

• access, retain, export or delete personal data or other information about an End User which is submitted to or generated via the Software Services and/or other information associated with an End User’s account; and
• grant, restrict, suspend, or terminate an End User’s access to the Software Services.
• access, retain, export or delete Content submitted to the Software Services by End Users.

The Customer’s own privacy practices and notices apply to the Customer’s collection and use of the Customer Data. Please contact the Customer if you have any questions about the Customer’s privacy practices. If you are an End User and you have any questions about the Software Services or the Customer Data processed by Opus 2, please contact the Customer. If you have received an invite to access the Software Services and have any questions or encounter any problems in setting up an account or logging in to your account, please contact the Customer.

Opus 2 may share Customer Data with Subprocessors as authorised by the Customer and in accordance with the Customer Agreement. Details of the Subprocessors appointed by Opus 2 is here List of Subprocessors. If you have any questions about the Subprocessors appointed by Opus 2, please contact the Customer.

4. Opus 2 as an independent “data controller” of Usage Information

When an End User uses the Software Services, Opus 2’s servers automatically generate certain Activity Metadata and Technical Information and records it in log files.

Read more

• Activity Metadata: When an End User interacts with the Software Services, activity metadata is generated regarding the way in which the End User uses the Software Services. This may include usage metrics (such as usage rates, occurrences of technical errors, diagnostic reports, settings preferences, interactions with third-party integrations which may be enabled by the Customer), content interactions (such as searches, views, downloads, prints, shares) and user journey history (such page navigation, timestamps, page response times, page interaction information).
• Technical Information: As with most technology services delivered over the internet, Opus 2’s servers automatically collect certain technical information when an End User access or uses the Software Services. This may include: IP address, login information, browser type and version, time zone setting, browser plug-in types, geolocation information, operating system and version, and similar data.

Activity Metadata and Technical Information is, by default, not associated with an End User. It is held against a unique user ID, rather than the email address the End User uses to access and use the Software Services. However, Opus 2 may, for the purposes set out below, identify the End User email address associated with the Activity Metadata and Technical Information. Where Activity Metadata and Technical Information includes personal data or can be used to identify an EndUser this constitutes “Usage Information” and is within the scope of this End User Privacy Notice.

Opus 2 use of Usage Information for the Opus 2 own purposes as set out below:

• Protection of Software Services

Read more

to investigate and address, in good faith, any violations of the Acceptable Use Policy or the Customer Agreement; to detect, prevent and remediate any security issues; to exercise Opus 2’s rights under the Customer Agreement.

• Compliance with laws

Read more

as required for Opus 2 to comply with applicable laws, regulations and legal processes.

Opus 2 use of non-identifiable Activity Metadata and Technical Information

Activity Metadata and Technical Information which does contain any personal data, which is not associated with an individual End User may be used by Opus 2 for Opus 2's own legitimate business purposes. 

Read more

Opus 2 may use non-identifiable Activity Metadata and Technical Information for its own business purposes, such as to maintain and preserve the integrity of the Software Services or to support the further development of the Opus 2 software. Any such use will not identify or be attributed to an End User, the Customer or the Customer’s end clients, and shall be subject to any additional restrictions and terms set out in the Customer Agreement.

5. Why Opus 2 is a “data controller” of Usage Information

Even though Usage Information is generated as a result of the supply of Software Services to a Customer under the Customer Agreement (and may also be used by Opus 2 for purposes which benefit the Customer), where Opus 2 is processing Usage Information for its own purposes, Opus 2 is, by law, a “data controller” in respect of such processing. Since this “data controller” status is assigned to Opus 2 by law, Opus 2 cannot “opt-out” of it, or change its status (including by agreement of the Customer). Being an independent “data controller” of Usage Information does not allow Opus 2 to use it without restriction or for any purpose. Opus 2 only uses the Usage Information in accordance with the terms of this Privacy Statement and in compliance with data protection laws. Opus 2 never sells or rents Usage Information.

Read more

Data protection laws and privacy laws in certain jurisdictions, including but not limited to the UK, European Economic Area (EEA) and certain U.S. states differentiate between “data controllers” and “data processors” of personal data. A controller decides why and how to process personal data.

• A “data controller” is an entity that determines the purposes and the means of the processing. The data controller decides why and how to process personal data, including what personal data to collect, how and why to use that personal data, who the personal data can be shared with, how long to keep the personal data and other decisions about the personal data.
• A “data processor” is an entity that only processes, or uses, stores, transmits, etc, personal data in accordance with the instructions of a controller.

6. Sharing Usage Information with Third Parties

Opus 2 may share Usage Information with third parties as necessary for the purpose, as set out in this Privacy Statement, for which the Usage Information is collected and processed.

• Customers: The Customer may independently access certain Usage Information through the Software Services. Since an End User uses Software Services pursuant to a Customer Agreement and the Customer is responsible for the activities of the End User, Opus 2 may, in accordance with data protection laws, share Usage Information with the Customer. The Customer’s own privacy practices and notices apply to the Customer’s use of Usage Information.
• Affiliates and Subsidiaries: Opus 2 may share Usage Information within the Opus 2 group of companies as is necessary for the purposes (as set out above in this Privacy Statement) for which it is collected and processed.
• Legal obligation and protection of rights: Opus 2 may share Usage Information with third parties as is necessary for the purposes (as set out above in this Privacy Statement) for which it is collected and processed.
• Business Transactions: If the ownership of Opus 2’s business changes, Opus 2 may transfer Usage Information to the new owner. If such transfer is subject to additional mandatory restrictions under applicable laws, Opus 2 will comply with such restrictions.

7. Security

Taking into account the state of the art, the costs of implementation and the nature, scope, context, and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Opus 2 implements appropriate technical and organisational measures to ensure a level of security appropriate to the risk of processing. Details of Opus 2’s current security measures are here https://www.opus2.com/security. In addition, Opus 2 shall comply with security-related terms in the Customer Agreement shall apply. If the Customer Agreement and the information on the Opus 2 Security Page is different, the terms of the Customer Agreement shall apply.

8. Legal bases for processing Usage Information

Opus 2 only uses Usage Information where there is a legal basis to do so. Below is information on the legal bases that Opus 2 relies on when processing Usage Information as an independent “data controller”.  

• Performance of a contract: to perform Opus 2’s obligations under a Customer Agreement.
• Legal or regulatory obligation: where Opus 2 needs to comply with a legal or regulatory obligation to which it is subject.
• Legitimate Interests: where necessary for Opus 2’s interests (or those of a third party), provided that Opus 2’s interests do not override your fundamental rights.

9. Where does Opus 2 store Usage Information

The location of where the Usage Information is stored typically depends on where the Opus 2 contracting entity under the Customer Agreement is based and, in respect of Usage Information shared with the third parties listed above, where the third party is based.

To the extent that Opus 2 Information is transferred to another country from the one in which it is collected, Opus 2 will ensure compliance with the requirements of the applicable laws in the respective jurisdiction in line with Opus 2’s obligations. Opus 2 shall comply with the terms of any additional or alternative terms within the Customer Agreement regarding international transfers that may apply to the transfer.

10. Retention of Usage Information 

Opus 2 keeps Usage Information for no longer than is necessary for the purposes for which it is to be used. 

11. Legal rights which may be available to End Users

Rights that may be available to you: Data privacy laws across the world give individuals certain legal rights in respect of their personal data.

Read more

• the right to ask Opus 2 to provide you with confirmation that Opus 2 processes your personal data and the right to access the personal data Opus 2 holds about you.
• the right to request erasure sometimes referred to as the right to be forgotten;
• the right to request that Opus 2 rectifies inaccurate personal data concerning you and, depending on the purposes of the processing, you may have the right to have incomplete personal data completed.
• the right to object on legitimate grounds to the processing of your personal data.
• withdrawal of consent – when personal data is processed on the basis of consent you may withdraw consent at any time.
• you may have the right to lodge a complaint to an applicable supervisory authority or another regulator.

Not all of the rights above may be available to you, please consult the data protection laws that apply to you to determine what rights may be available to you and any exemptions.

Additional California Consumer Privacy Act (CCPA) provisions: If you are resident in California, the CCPA provides you with additional rights.

Read more

Right to Know: California residents may request disclosure of the specific pieces and/or categories of personal data that the business has collected about them, the categories of sources for that personal data, the business or commercial purposes for collecting the information, the categories of personal data that we have disclosed, and the categories of third parties with which the information was shared.

Opus 2 does not sell or share any Usage Information with third parties for their own direct marketing purposes. Any changes to this will be notified to you and you will have the right to opt-out of any such sale. 

The above rights are not an exhaustive list and you may have additional rights depending on the data privacy laws that apply to you. Please consult the data protection laws that apply to you to determine what rights may be available to you and any exemptions. Please keep in mind all of the above rights are not absolutely guaranteed. Again, please consult the data protection laws that apply to you to determine what rights may be available to you and any exemptions. While Opus 2 will always try to respond to your satisfaction, there are exemptions and situations where Opus 2 may not be able, or under an obligation, to fulfil your request. 

12. How an End User may exercise their legal rights

 Opus 2 can only fulfil requests from End Users in respect of their personal data for which Opus 2 is a “data controller”. For Customer Data (which may include personal data of End Users collected via or submitted to the Services), the Customer is responsible for managing and fulfilling requests. For any requests concerning or relating to the Customer Data, Opus 2 shall send the request to the Customer. Opus 2 shall provide reasonable assistance to the Customer to help respond to the request.  

Please keep in mind that the rights are not absolutely guaranteed. Whilst Opus 2 will always try to respond to your satisfaction, there are exemptions and situations where Opus 2 may not be able, or may not be under a legal obligation, to fulfil your request. Please consult the data protection laws that apply to you to determine what rights may be available to you and any exemptions.

If you want to exercise any of your legal rights in respect of the personal data Opus 2 processes about you please send an email to privacy@opus2.com. Please keep in mind that the rights are not absolutely guaranteed. Whilst Opus 2 will always try to respond to your satisfaction, there are exemptions and situations where Opus 2 may not be able, or under an obligation, to fulfil your request. Please consult the data protection laws that apply to you to determine what rights may be available to you and any exemptions.

Opus 2 may need to request specific information from you to help Opus 2 to verify your identity before we disclose personal data to you or fulfil another of your requests in respect of your personal data.

Read more

Requests for additional information to help Opus 2 verify your identity is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. Opus 2 may also contact you to ask you for further information in relation to your request to speed up the response. You can help Opus 2 to respond to you and fulfill your requests more quickly by (a) providing sufficient information to help Opus 2  verify your identity when you submit your request, (b) letting Opus 2 know which legal right you are wanting to exercise, and (c) giving information about your relationship with Opus 2, for example, the fact that you are an End User and the name of the Customer through which you use the Software Services. Opus 2 may share your information with third-party service providers where this is needed to fulfill your request.

13. Opus 2 Data Protection Officer and contact details 

If you have any queries, concerns, or complaints about this Privacy Statement about Opus 2’s processing of Usage Information or if you wish to contact Opus 2’s Data Protection Officer then please email privacy@opus2.com.

You may have the right to lodge a complaint to the applicable supervisory authority or another regulator if you are not satisfied with Opus 2's response to your request or how Opus 2 manages your personal data. Opus 2 would always encourage you to first contact Opus 2, as Opus 2 aims to resolve all concerns and complaints you have in respect of Opus 2's use of your data in an efficient manner.

Opus 2 has appointed EDPO as its representative in the EU.  EDPO can be contacted using the online form at https://edpo.com/gdpr-data-request/ or by post at Avenue Huart Hamoir 71, 1030 Brussels, Belgium. 

14. Changes to this Privacy Statement 

Opus 2 reserves the right to make changes to this Privacy Statement. If there are any material changes, End Users will be notified on the next log-in to the Opus 2 software. Whilst Opus 2 does not intend to make changes to this Privacy Statement often, End Users are encouraged to review Privacy Statement regularly.

List of Subprocessors