Last updated: September 01. 2024

OHM Agency (hereinafter – "OHM," "we," "us,","our", etc.), provides various data-driven services to its clients, including marketing agency services, data analytics and other services which may involve processing of personal data.

This Privacy Policy (hereinafter – “Privacy Policy” or “Policy”) outlines our privacy and data processing practices in connection with our products and services (hereinafter – “Services”), namely, the services offered within SmallData, Influmtr, QueryVideo and other online projects which refer directly to this Policy. This Policy is separate from our Website Privacy Policy, which covers the use of our Websites.

1. Key definitions
• GDPR refers to the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
• CCPA (CPRA) refers to California Consumer Privacy Act of 2018 as amended by California Privacy Rights Act (CPRA) of 2020.
• Client refers to any existing or future client of OHM who has signed a relevant services agreement with OHM for any of the Services. Clients may play the role of advertisers in relation to the materials which are delivered to Client’s
• End Users as a result of OHM delivering its Services.End User refers to any individual who is using/consuming any online products such as: mobile apps, websites, etc. If the online products are delivered by Client or any of its affiliated parties or partners, such End User is called “Client’s End User” for the purposes of this Policy.
• Personal Data or Personal Information refers to any information relating to an identified or identifiable person or household who can be directly or indirectly identified or reasonably linked by reference to an identifier. This definition provides for a wide range of personal identifiers to constitute Personal Data, including an email address, identification number, device information, location data, or online identifiers, such as cookie files or similar technologies. This definition, when used in this Policy shall have the meanings attributed to the terms “Personal Data” and “Personal Information” by GDPR and CCPA (CPRA) accordingly.
• Data Processing refers to any operation or set of operations performed on Personal Data or on sets of Personal Data, whether by automated or non-automated means, such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment, combination, restriction, erasure, or destruction.
• Data Subject(s) refers to an identified or identifiable individual – data subject (under GDPR) or consumer (under CCPA (CPRA)). For the purposes of this Policy the term “Data Subject” shall mainly relate to individuals who are Client’s End Users and whose data are provided by the Client to OHM for the purposes of Services provision.
• Data Controller refers to a person who (either alone or jointly with other persons) determines the purposes for which, and the manner in which, any Personal Data is, or is to be, processed. For the purposes of this Policy (and processing activities described in this Policy only), Client is the Data Controller of the Personal Data of its End Users.
• Data Processor, refers to any person (other than an employee of the Data Controller) who processes data on behalf of the Data Controller for business purposes. In relation to the personal data of Client’s End Users, as well as to any personal data provided by the Clients within the course of receiving the Services, OHM is playing the role of Data Processor appointed by the Client.
• OHM refers to OHM INFLUMTR LTD registered under the laws of Cyprus under the number HE 432790 with a legal address at 19, Bouboulinas, 3032, Limassol, Cyprus, doing business as OHM or its subsidiaries and affiliated entities.
• Agreement(s) refers to the relevant commercial contracts entered by OHM and a Client for provision of the Services by OHM. Such contracts may include particular obligations and provisions related to sharing and processing of Personal Data or Data Processing/Sharing Agreements/Addendums. In case of overlapping with this Policy, the relevant provisions of the said contracts/agreements/Addendums shall prevail.
All the other terms used in this Policy shall have the meaning assigned to them in accordance with the applicable law or our contract with the relevant Client.
‍
2. Data we process in relation to the Services
‍Within the course of providing our Clients with the Services we may receive from them certain types of information about the experience they have with End Users for further processing (the “End User’s Data”). As such, this information does not allow to identify an individual End User when processed separately. However, from GDPR point of view, pieces of End User’s Data, when processed in combination with each other or another pieces of information related to End Users, may allow to identify directly or indirectly an individual End User and thus may constitute personal data. For this reason we treat any data regarding End Users, which we receive from our Clients, very seriously and take all due measures to secure processing of personal data received in order to exclude or minimize risks related to the processing.

The End User’s Data we receive and process may be divided into the following main categories:

Apart from the data about End Users the Clients may share with us personal data of their representatives whatsoever when entering into an agreement with us or registering to any of online-sources administered by OHM and used for provision of the Services.Should that be the case, such data provided by the Clients may include names, emails, billing addresses, etc. We shall process such data based on the fact that it is needed for entering or performing an agreement with Clients. The matters of processing of that type of data are out of the scope of this Services Privacy Policy and thus will not be further described herein. Instead, when such data is provided via special tools on any of our websites, the Website Privacy Policy shall apply. In relation to any of such “Client’s data” the relevant data subjects have all the rights described in Website Privacy Policy. Thus, the personal data described above may be collected by OHM in two different occasions:

• Conclusion of an Agreement: When Clients voluntarily provide information by filling out forms, contacting us, for example, with the purpose to enter into Agreements with us.
• Performance of an Agreement: If the Agreement envisages provision of the relevant Services we may receive End User’s Data from the Clients via use of an intermediary data analytics platform (Appsflyer or Adjust), who are also the processors acting upon the Clients’ instructions, same as we. See the privacy policies of such intermediaries to learn more about their privacy practices: Adjust’s Policy, Appsflyer’s Policy.

In this case the data may be collected by OHM through the use of different data collection technological solutions provided by the intermediaries and integrated by OHM. For example, the data shared by the Client with the involvement of Appsflyer, may be received by OHM by use of so-called “Pull API” or “Push API” solutions.
‍
3. Legal basis and purposes of processing
‍Being the company, providing data-driven services OHM respects the privacy of personal data as the fundamental principle. Thus, we process personal data only when we have a valid legal basis for doing that.

Since we receive personal data from Clients, it is important to note for avoidance of any doubts and for the purposes of this Policy, that in relation to the processing of the Client’s End Users’ personal data the Client is a Data Controller and OHM is a Data Processor.

In our processing of Clients’ End Users’ personal data we deal with the data lawfully collected by the Clients and shared with us on a legitimate basis. In the almost absolute majority of cases the Client’s legal basis for processing and sharing of the personal data will be the consent of the End User. In our collaboration with the Clients, any End Users’ Data shared with us, for which the End User has not given their consent for further processing in the marketing or advertising purposes, is specifically marked with “Do Not Track (DNT)” markers and filtered from the rest data. This allows us to ensure that no processing without legal basis takes place when delivering the Services to our Clients.

Thus, OHM is processing the End Users’ Data based on the documented instructions of the Clients and within the framework set by the relevant data processing agreements concluded with the Clients. To learn more about the legal grounds of processing and sharing of End Users’ Data the latters shall familiarize themselves with the relevant Client’s privacy policies. In any case OHM is bound by contractual provisions of the Agreements with Clients to assist and cooperate with the Clients in dealing with any data subjects’ requests.

4. Data sharing and transfers
‍By default, when providing Services OHM does not share personal data with any third parties. However, sharing as such takes place and this can happen within the course of providing the Services in several situations:
• If instructed by the Client upon the data processing agreement or via a separate request related to the relevant delegated processing activities – (e.g. to agreed Partners);
• To our service providers (data hosting providers, etc.) whose services we use to provide the Services; Transfers to subsequent third parties are covered by the Agreements with Clients. These companies are authorized to use received personal data only as necessary to provide these services to us;
• When legally required (e.g. in by lawful requests from any public authorities), including to meet national security or law enforcement requirements;To respond to, or prevent, fraud or to protect the safety of the Services, Clients, End Users or the public;
• Transfers between OHM legal entities (subsidiaries, branches, affiliates) as necessary for provision of the services. Transfers to subsequent third parties are covered by the arrangements between OHM legal entities.;
• As part of any merger or acquisition of OHM, in which case End User Data may be transferred to the surviving or acquiring entity.

‍International Data Transfers. OHM may transfer End User’s Data to countries outside of the Client’s or End User’s jurisdiction, including to countries that may not provide the same level of data protection as the country from which the data is originating. Thus, where required, we ensure that data transfers outside of the EU to the countries, in relation to which no ‘adequacy’ decision has been made by the European Commission, are subject to appropriate safeguards such as (SCCs) and other mechanisms.

‍Selling and sharing of personal data. We assure that we do not sell personal data to any third party and do not provide any data rebrokering services. However, we may share personal data to our partners for business and commercial purposes as described above. Data subjects have the right to opt out of sharing their personal information via contacting the Client, who collected the personal data from them, or OHM at [email protected].
‍
5. Data security and confidentiality
‍WOHM implements appropriate technical and organizational measures to protect personal data against unauthorized access, loss, or destruction so as to keep the highest level of confidentiality as can reasonably be achieved. However, no security measure is infallible, and OHM therefore does not provide any guarantee of the absolute security of personal data processed in connection with the Services.

‍Data retention
‍OHM retains personal data for as long as necessary to fulfill the obligations under the Agreements and to comply with legal obligations. The retention period may vary depending on the type of data and the specific legal or operational needs but in no case it is longer than 2 years.
‍
6. Changes to this Policy
‍We may update this Policy from time to time to reflect changes in our practices or applicable legal requirements. When we make significant changes, we will notify our Clients by updating the "Last updated" field at the top of this Policy and, when required, through additional notifications (e.g., via email).
‍
9. Contact Us
‍If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

OHM INFLUMTR LTD
Gregoriou Xenopoulou 30, Limassol 3106, Cyprus
Email: [email protected]
Data protection officer contact: [email protected]

As the personal data may be controlled by the said entity jointly with its partners and affiliated parties, it is important to note that  the said legal entity is appointed as EU representative of such partners or affiliated parties in relation to matters concerning processing of personal data of individuals in the EU, when such other joint controllers are located outside the EU.