1. Introduction
1.1 About This Policy
This Privacy Policy ("Policy") describes how VedTech Solutions Limited ("VedTech," "we," "us," or "our") collects, uses, discloses, and protects personal information when you use our cloud-based Odoo hosting platform and related services (the "Services").
1.2 Our Commitment
VedTech is committed to protecting your privacy and handling your personal information responsibly. We comply with Jamaica's Data Protection Act, 2020 and, where applicable, international data protection regulations including the General Data Protection Regulation (GDPR).
1.3 Scope
This Policy applies to:
- Visitors to our website (vedtechsolutions.com)
- Customers who use our Services
- Users authorized by customers to access the Services
- Individuals who contact us for support or inquiries
1.4 Data Controller
VedTech Solutions Limited acts as the Data Controller for personal information collected through our website and for account/billing data. For Customer Data processed through the Services, VedTech acts as a Data Processor on behalf of our customers (who are the Data Controllers).
2. Information We Collect
2.1 Information You Provide
Account Information:
- Name and contact details (email address, phone number)
- Company name and business information
- Username and password (passwords are hashed and never stored in plain text)
- Billing address
Payment Information:
- Credit card details (processed securely through our payment processor; we do not store full card numbers)
- Billing history and transaction records
- Tax identification numbers where required
Communications:
- Support tickets and correspondence
- Feedback, surveys, and reviews
- Any other information you choose to provide
Customer Data:
- Business data you upload to your Odoo instance
- Files, documents, and attachments
- Database records and configurations
2.2 Information Collected Automatically
Usage Data:
- Pages visited and features used
- Time spent on the platform
- Click patterns and navigation paths
- Error logs and performance data
Device and Technical Data:
- IP address and approximate location (country/region)
- Browser type and version
- Operating system
- Device type and screen resolution
- Referring website
Cookies and Similar Technologies:
- Session cookies (for authentication)
- Preference cookies (for settings)
- Analytics cookies (with consent)
See Section 9 for our complete Cookie Policy.
3. Legal Basis for Processing
For users in the European Economic Area (EEA), we process personal data based on the following legal grounds:
| Purpose | Legal Basis |
|---|---|
| Account creation and service delivery | Performance of contract |
| Payment processing | Performance of contract |
| Customer support | Performance of contract |
| Security and fraud prevention | Legitimate interests |
| Legal compliance | Legal obligation |
| Service improvements | Legitimate interests |
| Marketing communications | Consent |
| Analytics | Consent or legitimate interests |
Legitimate Interests: We have conducted balancing tests to ensure our legitimate interests do not override your fundamental rights. You may object to processing based on legitimate interests by contacting us.
4. How We Use Your Information
4.1 Service Delivery
- Provisioning and maintaining your Odoo instance
- Processing transactions and billing
- Providing technical support
- Sending service-related communications (account alerts, maintenance notices)
4.2 Security and Protection
- Protecting against unauthorized access and abuse
- Detecting and preventing fraud
- Monitoring for security threats
- Enforcing our Terms of Service
4.3 Improvement and Development
- Analyzing usage patterns to improve our Services
- Developing new features and functionality
- Conducting research and analytics
- Testing and troubleshooting
4.4 Communications
- Responding to your inquiries and requests
- Sending administrative notices
- Providing customer support
- Marketing communications (with consent)
4.5 Legal and Compliance
- Complying with applicable laws and regulations
- Responding to legal requests and court orders
- Protecting our legal rights
- Fulfilling tax and accounting obligations
5. Information Sharing and Disclosure
5.1 We Do Not Sell Your Data
VedTech does not sell, rent, or trade your personal information to third parties for their marketing purposes.
5.2 Service Providers
We share information with trusted service providers who assist us in operating our business:
| Provider Category | Data Shared | Purpose |
|---|---|---|
| Cloud Infrastructure | Customer Data, technical data | Hosting and storage |
| Payment Processing | Billing information | Transaction processing |
| Email Services | Email addresses, names | Transactional emails |
| Analytics | Anonymized usage data | Service improvement |
| Support Tools | Support communications | Customer service |
| Security Services | Technical logs | Threat detection |
All service providers are bound by data processing agreements requiring them to process data only as instructed, implement appropriate security measures, maintain confidentiality, and delete data upon termination.
5.3 Legal Requirements
We may disclose information when required by law or in good faith belief that disclosure is necessary to:
- Comply with legal obligations or valid legal process
- Protect and defend our rights or property
- Prevent fraud or security threats
- Protect the safety of our users or the public
When permitted, we will notify you of such requests.
5.4 Business Transfers
In the event of a merger, acquisition, bankruptcy, or sale of assets, personal information may be transferred to the acquiring entity. We will notify you of any such transfer and any choices you may have.
5.5 With Your Consent
We may share information for other purposes with your explicit consent.
6. International Data Transfers
6.1 Data Location
Customer Data is primarily processed and stored in secure data centers. However, some processing may occur in other countries where our service providers operate, including the United States.
6.2 Transfer Safeguards
When transferring personal data outside of Jamaica or the EEA, we implement appropriate safeguards:
- Standard Contractual Clauses (SCCs): Approved by the European Commission for EEA data transfers
- Data Processing Agreements: Binding contracts with all service providers
- Security Measures: Encryption and access controls regardless of location
- Due Diligence: Vetting of service providers for adequate protection
6.3 EEA-Specific Transfers
For users in the EEA, we rely on:
- Standard Contractual Clauses (Module 2: Controller to Processor)
- Binding Corporate Rules where applicable
- Adequacy decisions by the European Commission
You may request a copy of applicable transfer mechanisms by contacting privacy@vedtechsolutions.com.
7. Data Security
7.1 Security Measures
We implement comprehensive security measures to protect your data:
Technical Safeguards:
- Encryption in transit (TLS 1.2+)
- Encryption at rest (AES encryption with PBKDF2 key derivation)
- Isolated container environments for each customer
- Regular security patches and updates
- Firewall and intrusion detection systems
- DDoS protection
Organizational Safeguards:
- Employee access controls and authentication
- Background checks for personnel with data access
- Security awareness training
- Documented security policies and procedures
- Vendor security assessments
Operational Safeguards:
- 24/7 infrastructure monitoring
- Regular security assessments
- Incident response procedures
- Business continuity planning
7.2 Data Breach Notification
In the event of a data breach affecting your personal data, we will:
- Investigate: Immediately assess the scope and impact
- Contain: Take steps to prevent further unauthorized access
- Notify Affected Individuals: Within 72 hours of confirming the breach
- Notify Regulators: As required by applicable law (including the Office of the Information Commissioner in Jamaica)
- Provide Information: Details of the breach, data affected, steps taken, and recommended actions
- Offer Remediation: Appropriate remedies such as credit monitoring where applicable
7.3 Your Security Responsibilities
You are responsible for:
- Maintaining strong, unique passwords
- Enabling two-factor authentication (when available)
- Protecting your account credentials
- Reporting suspected security incidents promptly
8. Data Retention
8.1 Retention Periods
| Data Type | Retention Period | Reason |
|---|---|---|
| Active Account Data | Duration of account | Service delivery |
| Customer Data (post-termination) | Based on subscription plan (3-90 days) | Data export window per plan tier |
| Backup Data | Based on subscription plan (3-90 days) | Plan-based backup retention |
| Billing Records | 7 years | Tax and legal requirements |
| Support Records | 2 years | Service quality |
| Security Logs | 1 year | Security monitoring |
| Anonymized Analytics | Indefinite | Service improvement |
8.2 Deletion Process
Following account termination or deletion request:
- Immediate: Account access revoked
- Based on Plan: Active data deleted from production systems according to your subscription plan's retention period:
- Trial/Solo: 3 days
- Starter: 7 days
- Professional: 30 days
- Enterprise: 90 days
- Backup Purge: Data purged from backup systems as cycles complete (follows plan retention period)
- Exception: Data subject to legal holds retained as required
8.3 Anonymization
Where possible, we anonymize data rather than delete it, allowing us to retain aggregate insights without identifying individuals.
9. Cookies and Tracking Technologies
9.1 Types of Cookies We Use
Essential Cookies (Always Active):
- Session authentication
- Security tokens (CSRF protection)
- Load balancing
- User preferences (language, timezone)
These cookies are necessary for the Services to function and cannot be disabled.
Analytics Cookies (Consent Required):
- Page view tracking
- Feature usage analysis
- Performance monitoring
Marketing Cookies:
We do not currently use marketing or advertising cookies.
9.2 Cookie Consent
For non-essential cookies, we obtain consent through our cookie consent banner. You may:
- Accept all cookies
- Reject non-essential cookies
- Customize your preferences
9.3 Managing Cookies
You can control cookies through:
- Our cookie preference center (available via the cookie banner)
- Browser settings (instructions vary by browser)
- Opt-out links for specific analytics providers
Note: Disabling essential cookies may prevent you from using certain features of the Services.
9.4 Do Not Track
We currently do not respond to "Do Not Track" browser signals, as there is no industry standard for implementation. We honor cookie consent preferences instead.
10. Your Rights
10.1 Rights Under Jamaica's Data Protection Act
You have the right to:
- Access: Request a copy of your personal data
- Correction: Request correction of inaccurate data
- Deletion: Request deletion of your data (subject to legal retention requirements)
- Objection: Object to certain processing activities
- Portability: Receive your data in a portable format
10.2 Additional Rights for EEA Residents (GDPR)
If you are in the EEA, you also have the right to:
- Restrict Processing: Limit how we use your data
- Withdraw Consent: Withdraw consent at any time (without affecting lawfulness of prior processing)
- Lodge a Complaint: File a complaint with a supervisory authority
- Automated Decision-Making: Not be subject to solely automated decisions with legal effects (we do not engage in such processing)
10.3 Additional Rights for California Residents (CCPA)
If you are a California resident, you have the right to:
- Know: What personal information we collect and how it is used
- Delete: Request deletion of your personal information
- Opt-Out: Opt out of the sale of personal information (we do not sell personal information)
- Non-Discrimination: Not be discriminated against for exercising your rights
10.4 Exercising Your Rights
To exercise any of these rights:
- Email: privacy@vedtechsolutions.com
- Subject Line: Include "Privacy Rights Request" and specify the right you wish to exercise
- Verification: We may need to verify your identity before processing your request
Response Time:
- We will acknowledge your request within 5 business days
- We will respond substantively within 30 days (extendable by 60 days for complex requests)
- Requests are free of charge, unless manifestly unfounded or excessive
10.5 Right to Withdraw Consent
Where processing is based on consent, you may withdraw consent at any time by:
- Updating your account preferences
- Contacting privacy@vedtechsolutions.com
- Using unsubscribe links in marketing emails
Withdrawal does not affect the lawfulness of processing before withdrawal.
11. Children's Privacy
11.1 Age Restriction
Our Services are not intended for individuals under eighteen (18) years of age. We do not knowingly collect personal information from children.
11.2 Parental Rights
If you are a parent or guardian and believe your child has provided personal information to us, please contact us at privacy@vedtechsolutions.com. We will take steps to delete such information promptly.
11.3 Discovery of Minor's Data
If we discover that we have collected personal information from a minor, we will:
- Delete the information promptly
- Terminate any associated account
- Notify the parent or guardian if contact information is available
12. Changes to This Policy
12.1 Notification of Changes
We may update this Privacy Policy from time to time. We will notify you of material changes by:
- Posting the updated Policy on our website
- Sending an email to your registered address
- Displaying a prominent notice in the Services
12.2 Effective Date
Changes become effective on the date specified in the updated Policy. Continued use of the Services after the effective date constitutes acceptance.
12.3 Review History
Previous versions of this Policy are available upon request.
13. Contact Us
13.1 Privacy Inquiries
Data Protection Contact:
- Email: privacy@vedtechsolutions.com
- Subject Line: Include "Privacy Inquiry" for faster routing
Attn: Privacy Team
Kingston, Jamaica
13.2 Complaints
If you are not satisfied with our response to a privacy concern, you may:
- Jamaica: Contact the Office of the Information Commissioner
- EEA: Lodge a complaint with your local data protection authority
- UK: Contact the Information Commissioner's Office (ICO)
13.3 Response Times
| Request Type | Initial Response | Resolution |
|---|---|---|
| General Inquiry | 5 business days | 15 business days |
| Rights Request | 5 business days | 30 days (extendable) |
| Complaint | 5 business days | 30 business days |
| Data Breach | 72 hours | Ongoing updates |