Privacy Policy

Open Connectivity Foundation

Privacy Policy

Last Updated: November 4, 2024

Open Connectivity Foundation, Inc., respects your privacy and is committed to protecting it in accordance with this policy.

This policy outline describes our policies and procedures about the collection, use, disclosure and sharing, or other processing of your personal data when you use our website, www.openconnectivity.org (the “Website”), or otherwise provided by or about individuals (“you”, “your”) in the course of you participating in, joining, or receiving the services under our membership program, attending our events, programs, subscribing to our mailing list, and our other services and offerings (our “Services”).

This policy explains:

• What personal data we collect about you in the course of your engagement with our Services, why we collect it, who it goes to and how long we keep it for;
• How we use your personal data;
• How we protect your personal data; and
• Your legal rights in respect of your personal data, including how to access and update the information we hold about you.

Please note that some of the provisions here will only apply if you are based in the EU.

You can navigate to the relevant sections of the policy by clicking the links below:

• About us
• What information do we collect about you?
• Why do we collect your personal data and on what grounds?
• Marketing communications
• Who do we share your information with?
• Will my data be sent abroad?
• How long do you keep my personal data?
• Your rights in respect to your personal data
• Cookies and other technologies
• Third-party links on the Website
• Changes to this policy
• Contact us

Please read this Privacy Policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, your choice is not to use our Website or Services.

About us

For the purposes of applicable data protection laws, Open Connectivity Foundation, Inc., with its registered address at 3855 SW 153^rd Drive, Beaverton, Oregon 97003 (“OCF”, “we”, “us” or “our”), is the controller of your personal data.  In this Privacy Policy, “personal information” includes references to “personal data” as defined under applicable laws.

Important: Working Groups and Task Groups

Although we are headquartered in the US, OCF is a global membership organization operated through various Working Groups, Task Groups and Steering Committees (as described in our Bylaws and website) which are run by our Members through their nominated representatives (“Members”). The Working Groups, Task Groups and Steering Committees collaborate by using collaboration tools and email and also engage in various online and offline group activities in furtherance of OCF’s mission.  This means some of your personal data (primarily your member profile and the data you have provided) may be shared with the OCF community.

What information do we collect about you?

We collect several types of personal information from and about our Members, Website users, and email subscribers, including:

Personal data we collect directly from you:

• Information when you sign up for and necessary to administer an OCF membership application, e.g. company representative name, address, phone number, email address, web page URL.
• Information when you sign up for and necessary to administer an OCF member account on our Website (including for publication on our online member directory, if you have opted-in to this), e.g. name, contact details, company name, job title, affiliated contact name.
• Information when you sign up for and necessary to administer the OCF Certification Management System, e.g. name, email, job title, contact details, certified product details, and affiliated company.
• Information you provided to us when you contact us or make an inquiry, including through emails, calls and the “Contact Us” form and “Report an Issue” form on our Website, e.g. names, e-mail addresses, contact details and any other information contained in records and copies of your correspondence.
• Information we receive from you when you sign up for one of our OCF conferences and events to participate as an attendee, a speaker or a sponsor, including name, contact details, membership level We may also collect other optional personal information such as special attendee requirements (e.g. dietary restrictions, and if you provide it, we may collect personal information about accessibility requirements, disabilities, medical conditions and allergies in order to provide appropriate accommodations for attendee).
• Information you provide us when you communicate with us via social media platforms, including LinkedIn, Twitter, YouTube and WeChat (“Social Media Platforms”), and a record of such communication.
• Information you provide us when you register to receive access to various resources provided by OCF, such as our mailing list. This includes providing us with personal information such as your email address and name to receive newsletters, mailing list postings and social media postings, to view webinars, and to access other resources made available by OCF.

Information received from other sources:

• As you navigate through and interact with our Website, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns including, but not limited to, traffic data, location data, weblogs and other communication data, and information about your computer and internet connection, including your IP address, operating system, and browser type.
• Information that another representative has provided about you in connection with a membership application (e.g. as an alternate contact for your organization), membership agreement, or membership profile or status, such as your contact information.
• Any relevant personal data that you may have submitted to our service providers (including Vital Technical Marketing Group (“VTM”)) in the course of them providing the Services on our behalf.

You may also provide information to be published or displayed (hereinafter, “posted”) on areas of the Website, including the externally hosted OCF Workspace and Social Media Platforms that are visible to other Website users, Members, or other participants in Work Groups, Task Groups and Steering Committees that you participate in (collectively, “User Contributions”). Your User Contributions are posted on and transmitted to others at your own risk. Although we limit access to certain pages, please be aware that no security measures are perfect or impenetrable. Additionally, although our Members are bound by confidentiality provisions, we cannot control the actions of our Members, Website users or other recipients with whom you may choose to share your User Contributions. Therefore, we cannot and do not guarantee that your User Contributions will not be viewed by unauthorized persons.

Why do we collect your personal data and on what grounds?

We use your personal data for our legitimate business interests, which include the following purposes:

• To provide our Website and performing our Services.
• To provide members with their membership benefits.
• To process your communications, your membership of and subscription to the Website and to enable your use of the Website and the Services.
• To provide you with information, products, or services that you request from us.
• To fulfil any other purpose for which you provide it.
• To provide you with notices about your membership, including expiration and renewal notices.
• To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection.
• To notify you about changes to our Website or any Services we offer or provide though it.
• For market research and analytical purposes, e.g. to improve our understanding of membership and event attendance trends and profiles.
• For improving existing Services and developing new products and Services.
• To generally run the Website and for internal operations, in order to provide you with an up to date, efficient and reliable service.
• To make important communications about your membership.
• To maintain our membership database.
• To allow you to participate in interactive features on our Website.
• To keep you informed of the latest OCF news and events (see “Marketing Communications” below).
• To publish your profile on our online member-only directory (which will contain details of your personal contact information from the company roster on the “My Account” page of the member portal).
• In any other way we may describe when you provide the information.

• For any other purpose with your

Disclosure of Your Information

We may disclose aggregated information about our users, and information that does not identify any individual, without restriction.

We may disclose personal information that we collect or you provide as described in this privacy policy:

• To our subsidiaries and affiliates.
• To contractors, service providers, and other third-parties we use to support our business  who are bound by contractual obligations to keep personal data confidential and use it only for the purposes for which we disclose it to them, including VTM.
• To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of OCF's assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by OCF about our Website users is among the assets transferred.
• To fulfill the purpose for which you provide it.
• For any other purpose disclosed by us when you provide the information.
• With your consent.

We may also disclose your personal information:

• To comply with any court order, law, or legal process, including to respond to any government or regulatory request.
• To enforce or apply our terms of use.
• If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of OCF, our customers, or others.

OCF has not in the past, and does not now, sell personal data to third-parties, nor does it disclose personal data to third-parties for their marketing purposes.

Marketing communications

If you have signed-up for our eNews emails or opted to subscribe to the Members email list when signing up for a member account on the Website, we will send you messages by email regarding information about the latest news and events from OCF. You can change your communication preferences at any time by adjusting your preferences in your Website account (as a Member representative) or emailing staff@openconnectivity.org. You may opt out of or withdraw your consent to receive direct marketing emails from us by using the unsubscribe or opt out mechanisms included in our marketing emails or by emailing staff@openconnectivity.org. Please note that you may still receive service messages related to your membership or the operation of the Website (e.g. server issues with the Website or important communications about your membership status).

OCF has not in the past, and does not now, sell personal data to third-parties, nor does it disclose personal data to third-parties for their marketing purposes.

Will my data be sent abroad?

Yes. As our contacts database is based and hosted in the US, any personal data you submit to us will be held there. Additionally, OCF members are based in multiple different countries and may be affiliated with multiple, cross-border Work Groups, Task Groups and Steering Committees.

If you are based in the EU, this means your personal data may be transferred outside of the European Economic Area to another jurisdiction. Where this is the case and we are responsible for making such a transfer, we will ensure that these are made subject to appropriate safeguards as required by applicable data protection laws, to ensure that a similar degree of protection is afforded to your personal data. These will include the use of recipients certified under the Privacy Shield regime, or the use of EU Commission approved standard contractual clauses, or transfers to countries deemed to provide an adequate level of protection for personal data by the European Commission.  You can obtain further information about the safeguards in place for your international transfers of personal data by contacting us at https://openconnectivity.org/contact-us.

How long do you keep my personal data?

We generally keep personal data only for as long as required to fulfil the purposes for which it was collected. However, in some circumstances, we may retain personal information for other periods of time, for instance where we are required to do so in accordance with legal, tax and accounting requirements, or if required to do so by a legal process, legal authority, or other governmental entity having authority to make the request, for so long as required.  In specific circumstances, we may also retain your personal information for longer periods of time corresponding to a statute of limitation, so that we have an accurate record of your dealings with us in the event of any complaints or challenges. To determine the appropriate length of time for holding your data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm, from unauthorised use or disclosure of your personal data, the purpose for which we process your data and whether we can achieve those purposes through other means, along with the applicable legal requirements.

Details of our retention practices for specific categories of data are available on request by Contacting Us.

In some circumstances you can ask us to delete your data: see “Your rights in respect of your personal data” below for further information.

In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

Your rights in respect of your personal data

The following section applies only if you are based in a jurisdiction with a data protection law that is applicable to OCF and provides individuals with certain rights with respect to their personal data.

In certain circumstances you may have rights under data protection laws in relation to the personal data we hold about you. Depending on the jurisdiction in which you are based, you may have the right to request to:

• access information held about you.
• rectify any incorrect or incomplete data we hold about you. It is both in our interest and yours that any personal data we hold about you is accurate, complete and current. If the data we hold about you is inaccurate in any way, please contact us to have your personal data corrected.
• delete, restrict or remove the data we hold about you.
• transfer the data we hold about you to another party.
• object to any further processing of your data.

You can make all such requests via email to admin@openconnectivity.org.

We will respond to your request within the applicable timeframes set out by law. Please note that in respect of all these rights, we reserve the right to:

• refuse your request based on the exemptions set out in the applicable data protection laws.
• request for proof of your ID to process the request or request further information.
• charge you a reasonable administrative fee where permitted by law for any repetitive, manifestly unfounded or excessive requests.

If we refuse your request to exercise these rights, we will give reasons for our refusal and allow you to challenge our decision.

If you have any concerns about how we handle your data, please contact us. If you are not satisfied after we’ve tried to resolve your issue, you’ll be entitled to lodge a complaint with the data protection regulator for your country of residence.

Security of your data

We have put in place commercially reasonable security measures to prevent your personal data from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. In addition, we limit access to your personal data to those employees, agents, contractors and other third-parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our Website. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Website.  We ask you to promptly notify us if you become aware that any information provided by or submitted to our Sites or through our Services is lost, stolen, or used without permission at admin@openconnectivity.org.

Cookies and other technologies

We and our third-party providers use cookies, clear GIFs/pixel tags, JavaScript, local storage, log files, and other mechanisms to automatically collect and record information about your usage and browsing activities on our Website and across third-party sites or online services.   A cookie is a small data file that our server sends to your browser when you visit the site. The use of cookies helps us to distinguish you from other users of the Website and assist your use of certain aspects of the site. Some cookies and other technologies may serve to recall personal information previously indicated by a visitor to the site.

Most browsers allow you to control cookies, including whether or not to accept them and how to remove them. You may set most browsers to notify you if you receive a cookie, or you may choose to block cookies with your browser. You can obtain information about how to manage cookies by clicking “help” on your browser’s menu or visiting www.aboutcookies.org.  If you disable or refuse cookies, please note that some parts of this Website may then be inaccessible or not function properly. Please note that if you choose to erase or block your cookies, you will need to re-enter your original user ID and password to gain access to certain parts of the Website.

Our Use of Google Analytics

When you visit the Website, Google Analytics automatically collects ‎information from you through the use of Google’s analytics IDs, and Google provides some of this information to us. An analytics ID is a specific string of numbers and letters (often called a “character string”) that is assigned to your computer or device but does not name you. The analytics ID allows Google to track usage data of the Website, such as date and time of visit, duration of visit, Website traffic patterns, “clickstreams,” other similar ‎information about your use of the Website, ‎the type of web browser used, the operating ‎system/platform you are using, your IP address, the ‎websites that referred or linked you to our ‎Website, and your CPU speed.‎ Google Analytics does not share the analytics ID assigned to your computer or device that you use to access and use the Website. Google Analytics provides information about the use of our Website to us in aggregate form (i.e., data about many Website users combined and not just about you). Some of this data might include the geographic region of groups of Website users, but again, this data will be in aggregate form. We rely on this aggregate data to inform us how users are using the ‎Website to help us improve the Website.

Types of Cookies
There are four general categories of cookies. A description of each category of cookie is below, followed by a table describing the categories of cookies used on the Website.

• Strictly necessary cookies. These cookies are essential to enable you to move around a website and use its features. Without these cookies, services you have asked for, like logging into a secure area of our Website, cannot be provided.
• Performance / analytical. These cookies collect information about how visitors use a website. The information collected by these cookies is performance and usage data such as that collected by Google Analytics as described throughout this Privacy Statement.
• Functionality cookies. These cookies allow a website to remember choices you make (such as your username or ID, language preference, or the area or region you are in) and provide enhanced, more personal features. They may also be used to provide services you have asked for. The information these cookies collect may be anonymized, and they cannot track your browsing activity on other websites.
• Targeting and advertising cookies. These cookies track browsing habits and are used to deliver targeted (interest-based) advertising. They are also used to limit the number of times you see an ad and to measure the effectiveness of advertising campaigns. They are usually placed by advertising networks with the website operator’s permission. They remember that you have visited a website and this information is shared with other organizations, such as advertisers.

We use the following categories of cookies for the reasons described below:

Category	Do we use?	Purpose and Description
Strictly Necessary	Yes	We use these cookies to enable you to navigate the Website and use certain features, including logging in to and using the member portal.
Performance	Yes	We use these cookies to improve the performance of our Website and enhance your experience. Google Analytics automatically collects certain usage and performance data from our Website users. The information these cookies collect is aggregated and anonymous information, and we are never provided with your personal information from these cookies.
Functionality	Yes	Functionality cookies enable the Website to temporarily remember choices you make on the Website, and to provide a more personalized experience. You can customize or disable these cookies through your browser settings. A link to cookie management resources for commonly used browsers is above.
Advertising	No	We do not use any advertising, targeting, or marketing cookies on our Website.

 

The Website does not track your online activities over time and across third-party web sites or online services, and so does not respond to browser “Do Not Track” signals. Please note that third-parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies, over which we have no control. These cookies are likely to be analytical/performance cookies or targeting cookies.

Except for essential cookies, all cookies will expire after 12 months.

Third-party links on the Website

The Website may contain links to other websites not owned and operated by OCF, for example, Social Media Platforms and websites hosted by our third-party suppliers to provide certain Services.  We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

Children’s Privacy

We do not knowingly collect personal data from children under the age of 16, or knowingly allow such persons to register. If we learn ‎that we are in possession personal data on a child under the age of 16, we will immediately delete that information ‎from our systems.‎

Changes to this policy

This Policy is current as of the effective date set forth above. We may from time to time review and amend this Privacy Policy. We will post any changes to this Privacy Policy on the Website from time to time and, where appropriate, notify you by e-mail. Please periodically review this Privacy Policy before using the Website as continued use of the Website shall indicate your acceptance of any changes. All personal data held by us will be governed by the most recent Privacy Policy posted on the Website.

Contact us

If you have any queries relating to this privacy notice (including any requests to exercise your legal rights in respect of your data), you can contact us at admin@openconnectivity.org or through the Contact Us page of our Website.