Privacy policy

Last updated: June 24th, 2025
This privacy policy explains how Oh Dear collects, uses, and protects your personal data in accordance with the General Data Protection Regulation (GDPR) and Belgian data protection law.

1. Data Controller

The data controller responsible for your personal data is:
Immutable VOF
Hemelshoek 277
2590, Berlaar, Belgium
VAT number: BE 0699.594.682
Email: [email protected]

2. What Personal Data We Collect

We collect and process the following categories of personal data:

• Account Information: Name, email address, company name, billing address
• Usage Data: Website monitoring data, uptime statistics, performance metrics
• Technical Data: IP addresses, browser information, device identifiers
• Communication Data: Support tickets, feedback, correspondence
• Payment Data: Billing information (processed by our payment providers)

3. Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Contract Performance: To provide our monitoring services and fulfill our contractual obligations
• Legitimate Interest: To improve our services, ensure security, and communicate about service updates
• Legal Obligation: To comply with tax, accounting, and legal requirements
• Consent: For marketing communications (where required) and optional features

4. How We Use Your Data

We use your personal data to:

• Provide website monitoring and uptime services
• Process payments and manage your account
• Provide customer support and respond to inquiries
• Send service-related communications and important updates
• Improve our services and develop new features
• Ensure security and prevent fraud
• Comply with legal and regulatory requirements

5. Data Sharing and Third Parties

We may share your personal data with:

• Service Providers: Payment processors, cloud hosting providers, email services
• Legal Requirements: When required by law, court order, or regulatory authority
• Business Transfers: In case of merger, acquisition, or sale of assets

We ensure adequate protection through Data Processing Agreements (DPAs) with all third-party processors. For a complete list of our subprocessors, please see our Subprocessors page.

6. International Data Transfers

Some of our service providers may be located outside the European Economic Area (EEA). When transferring data internationally, we ensure adequate protection through:

• European Commission adequacy decisions
• Standard Contractual Clauses (SCCs)
• Other appropriate safeguards as required by GDPR

7. Data Retention

We retain your personal data only as long as necessary:

• Account Data: For the duration of your account plus 5 years for legal/tax purposes
• Monitoring Data: According to your subscription plan (typically 1-2 years)
• Communication Records: 3 years from last interaction
• Technical Logs: Maximum 12 months

8. Your Rights Under GDPR

As a data subject, you have the following rights:

Right of Access

You can request access to your personal data and information about how we process it.

Right to Rectification

You can request correction of inaccurate or incomplete personal data.

Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data when it's no longer necessary or you withdraw consent.

Right to Restrict Processing

You can request limitation of processing in certain circumstances.

Right to Data Portability

You can request your data in a structured, machine-readable format to transfer to another service.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes.

Right to Withdraw Consent

Where processing is based on consent, you can withdraw it at any time.

9. Exercising Your Rights

To exercise any of your rights, please contact us at [email protected] or use our contact form. We will respond within one month of receiving your request.

You also have the right to lodge a complaint with the Belgian Data Protection Authority (Gegevensbeschermingsautoriteit/Autorité de protection des données) if you believe we have not handled your personal data properly.

10. Security Measures

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These include:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and employee training
• Incident response procedures

11. Data Breach Notification

In case of a personal data breach that poses a high risk to your rights and freedoms, we will notify you within 72 hours of becoming aware of the breach, as required by GDPR.

12. Cookies and Tracking

We do not use tracking cookies. We do use cookies for technical purposes such as session management.

13. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes by email or through our service. The current version is always available on our website.

14. Contact Us

If you have any questions about this privacy policy or our data practices, please contact us:

• Email: [email protected]
• Contact form: ohdear.app/contact
• Mail: Oh Dear BVBA, [Address], Belgium

15. Data Processing Agreement

For customers who process personal data through our services, our Data Processing Agreement (DPA) is available here.