Oki Privacy Policy

When it comes to your personal data, safety and transparency take top priority here at Oki. To help you understand what information we collect about you, how we use it and what rights you have, we’ve prepared this detailed Privacy Policy. 

1. General

2. Why and how do we collect and use your personal data?

3. Personal data recipients

4. Use of cookies

5. Right of amendment

6. Your statutory rights regarding your personal data

7. Our contact details

 

1. General

This Privacy Policy applies to the online platform Oki (“Website”) and to the associated app (“App”) (the Website and the App are jointly referred to as the “Platform”) intended for Cyprus users.

The Platform is operated by Oki ., a company registered in Delaware, with business location at C/o AG Accounting 735 Geary St. #303 San Francisco, CA 94109. The operator is further referred to as “We”, “Us” or “Oki”. More details about how to get in contact with us can be found at the end of this Privacy Policy under No. 7.

We take your privacy extremely seriously. All personal data will be collected, stored and used by us in accordance with the European Union General Data Protection Regulation No. 2016/679 (“GDPR”) and/or other applicable statutory regulations.

The services offered by us via the Website and/or App can function only if we collect, store, transfer, delete and/or otherwise use (“collect and use”) specific data relating to you (“personal data” or “data”). Personal data means all information relating to an identified or identifiable natural person such as your name, date of birth, address, or email address.

This Privacy Policy describes what type of data we collect from you and for what purposes we collect and use it when you use the services offered by Us on the Platform. This Privacy Policy also contains important information on the protection of your data, especially the statutory rights you have in connection with it.

Certain services on our Platform are offered by third-party suppliers. When you use these services, the data protection regulations that govern third-party suppliers will then apply in addition to this data protection statement. Prior to your use of such services, the third-party suppliers may require you to provide permission under the data protection law.

Under applicable data protection laws, Oki is obligated to inform you about data processing and Oki fulfills this obligation within this Privacy Policy. This Privacy Policy and any parts of it are not meant as contractual clauses and do not form part of the general terms and conditions (“GTC”) as a contract that is concluded with registered users. Under applicable data protection laws, Oki can process data that is necessary for the fulfillment of a contract with you or necessary for taking steps at your request prior to entering into a contract (Art. 6 (1) (b) GDPR). References to the GTC should always be understood as information on data processing (Art. 13 and 14 GDPR) and never as clauses that form part of the GTC. By using the Platform and our services, you enter into a legally binding contract between you and Oki, the conditions of which are described in the GTC.

 

2. Why and how do we collect and use your personal data?

 

2.1. To enable you to use the Platform, allow us to provide our services and perform our GTC

 

We collect and use your personal data to allow you to use our Platform, to provide our services and to fulfill a contract (GTC) with you and above all, to carry out commercial transactions via the Platform, to use the electronic payment system or to leave reviews and communicate with other members. To use these services, you need a Oki account. For this purpose, you must register as a member on the Website or App.

Most of your personal data is required to fulfill a contract (GTC) with you. If you do not provide us with this personal data, we will not be able to enter into and fulfill a contract (GTC) with you. A portion of your data is required to fulfill our legal obligations when you become a member of our Platform. If you do not provide us with this personal data, we will not be able to comply with legal requirements or provide our services.

This data is also used for improvement of the Platform in order to enhance user experience for our members (see 2.2.12).

We collect and use your personal data for these purposes until your Oki account is deactivated or inactive for five (5) years.

2.1.1. To enable registration on the Platform

When you register as a member on the Platform, you must provide the following data in order to complete the registration procedure and access your Oki account:

Legal basis for the collection and use of data is the fulfillment of a contract (GTC) to which you are party or in order to take steps at your request prior to entering into a contract (GTC) (Art. 6 (1) (b) of the GDPR).

We also determine your location based on your IP address at the time of registration. You can at any time choose to change your city and make it not visible to other members under "My settings" in your Oki account.

We collect and use your personal data for this purpose until your Oki account is deactivated or inactive for five (5) years.

2.1.2. To authenticate your identity via Google, Facebook or using an Apple ID

If you register using your Google Ireland Ltd. (Ireland), Google LLC (USA) (“Google”) or Meta Platforms Ireland Ltd. (Ireland), Meta Platforms, Inc. (USA) (“Facebook”), or Apple Inc. (USA) (“Apple”) account or later on decide to link your Google, Facebook or Apple account to your Oki account, you will be transferred from our Platform to the Google, Facebook or Apple website and asked to enter the log-in information for your Google, Facebook or Apple ID account.

If you enter your Google log-in information, Google will share the following data with Oki from your Google account (you may choose not to provide some data):

If you enter your Facebook log-in information, Facebook will share the following data with Oki from your Facebook account (you may choose not to provide your email address):

If you enter your Apple ID log-in information, Apple will share the following data with Oki from your Apple ID account (you may choose not to provide your email address by using Apple’s Private Email Relay Service):

The data we obtain from Google, Facebook or Apple will be used to set up your Oki account. This means that we will use the member name from your Google, Facebook or Apple ID account as your Oki account member name so that it will be visible to other visitors to the Website and App users. No other data obtained from Google, Facebook or Apple will be visible to anyone on the Platform.

You can, at any time, unlink your Google, Facebook or Apple ID account. This can be done under "My settings" in your Oki account. If, however, when you initially registered, you did so without linking your Google, Facebook or Apple ID account, you can create such a link later.

Collection and use of personal data is our legitimate interest to enable you conveniently authenticate your identity in order to carry out the registration process or access your Oki account (Art. 6 (1) (f) of the GDPR).

If, however, when you initially registered, you did so without linking your Google, Facebook or Apple ID account, you can create such a link later.

2.1.3. To enable you to set up your profile information

If you decide to add profile details to the account you create on the Platform, we collect and use the following data when you choose to provide it:

Your profile photo, information on whether you have enabled Holiday Mode and the information you provide in the "About You" section are visible to other Platform visitors, but the remainder of the data entered by you is not visible.

Legal basis for such collection and use of your personal data is our legitimate interest to enable you to set up your profile information and to ensure that other visitors of the Platform could access relevant information you choose to provide (Art. 6 (1) (f) of the GDPR).

We collect and use your personal data for this purpose until your Oki account is deactivated or inactive for five (5) years. Photo metadata containing personal data is deleted immediately.

2.1.4. To show other members relevant information regarding your activity on the Platform

When you are a registered member on the Platform, we collect, use and make public on the Platform the following information in order to provide other members with relevant information:

Legal basis for such collection and use is our legitimate interest in ensuring that our members access important information about each other (Art. 6 (1) (f) of the GDPR).

We collect and use your personal data for this purpose until your Oki account is deactivated or inactive for five (5) years.

2.1.5. To enable you to list your items

If you list items on the Platform, we will collect and use the following data for the purpose of creating, publishing and deleting listings on the Platform (the required information differs depending on the chosen item category):

Legal basis for such collection and use of your personal data is our legitimate interest to enable you to create, publish and delete listings on the Platform when you so decide (Art. 6 (1) (f) of the GDPR).

Personal data collected and used for this purpose is kept for eighteen (18) months and seven (7) days of inactivity. Deleted items and their photos are stored for 6 months. Photo metadata containing personal data is deleted immediately.

2.1.6. To enable notifications on the Platform for you

When you are a registered member on the Platform, we will provide you with notifications on the Platform regarding your new followers, your favorited items, your activity on the forum and other important messages.

The legal basis for the collection and use of data for the purposes of sending you inbox notifications within the Platform is the performance of a contract (GTC) to which you are party (Art. 6(1)(b) of the GDPR), and the legal basis for sending you push notifications is our legitimate interest to facilitate sales on the Platform (Art. 6(1)(f) of the GDPR).

We collect and use your personal data for this purpose until your Oki account is deactivated or inactive for five (5) years.

2.1.7. To enable you to communicate with other members

If you communicate with other members on the Platform, we collect and use the following data:

Legal basis for the collection and use of data is the fulfillment of a contract (GTC) to which you are party (Art. 6 (1) (b) of the GDPR).

We collect and use your personal data for this purpose until your Oki account is deactivated or inactive for five (5) years.

If you decide to remove a message from a conversation, it will be instantly hidden for you and the recipient, and permanently deleted after three (3) months from the moment you remove it. Legal basis for storing the removed message data is our legitimate interest to ensure the safety of our Platform and our members (Art. 6 (1) (f) of the GDPR).

2.1.8. To enable you to leave reviews for other members on the Platform

If you leave reviews for other members, Oki collects and uses the following data for the purpose of making the reviews publicly available on the Platform:

Legal basis for such collection and use of your personal data is the legitimate interest of our members and Oki to build trust among Oki members (Art. 6 (1) (f) of the GDPR)..

You can, at any time, edit or delete your reviews left for other members.

We collect and use your personal data for this purpose until your Oki account is deactivated or inactive for five (5) years. The reviews are subsequently anonymized.

2.1.9. To receive reviews from other members

When you receive reviews from other members, we will collect and use the following data for the purpose of making the reviews publicly available on the Platform:

Legal basis for such collection and use is the legitimate interest of our members and Oki to build trust among Oki members (Art. 6 (1) (f) of the GDPR).

We collect and use your personal data for this purpose until your Oki account is deactivated or inactive for five (5) years.

2.1.10. To enable you to post in the forum and discuss with our community

The Oki forum is where our community comes to talk and help each other by sharing experience and tips. You can create new forum topics or post comments in our forum. We collect and use the following data which you voluntarily submit on the Platform:

If you select to post anonymously, your member name/picture won't be visible to other members. However, your identity will still be visible to the Oki team.

Legal basis for such collection and use of your personal data is the fulfillment of a contract (compliance with our GTC) to which you are a party (Art. 6 (1) (b) of the GDPR) as well as the legitimate interest of our members to have a platform for communication (Art. 6 (1) (f) of the GDPR).

You can delete and edit your own forum topics and posts at any time.

Unless you delete your forum topics or posts beforehand, we collect and use your personal data for this purpose until your Oki account is deactivated or inactive for five (5) years.

2.1.11. To address your public feedback about us 

If you leave a public review or other feedback about the Platform, we collect and use the following data for the purpose of addressing your feedback:

The legal basis for such collection and use is our legitimate interest to manage Oki’s reputation (Art. 6 (1) (f) of the GDPR).

We collect and use your personal data for this purpose for up to 4 months.

2.1.12. To send you important communication regarding the Platform

If you register on the Platform, we will send you emails and messages via the Platform’s messaging system for the purpose of providing important notifications such as GTC, Privacy Policy changes.

Legal basis for the collection and use of data is the performance of a contract (compliance with our GTC) to which you are party (Art. 6 (1) (b) of the GDPR) and compliance with the legal obligations to which Oki is subject (Art. 6 (1) (c) of the GDPR).

We collect and use your personal data for this purpose until your Oki account is deactivated or inactive for five (5) years.

2.1.13. To send you offers via the Platform’s messaging system

If you register on the Platform, we will send you offers related to Oki services via the Platform’s messaging system (“Offers”).

Legal basis for the collection and use of data is our legitimate interest in providing offers to our members (Art. 6 (1) (f) of the GDPR, Art. 13 (2) of Directive 2002/58/EC of the European Parliament and of the Council of July 12, 2002 regarding the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications), Art. 81 (2) of Lithuanian Law on Electronic Communications).

In order to send Offers, Oki uses the service provider, Braze, Inc. (USA), established outside the European Economic Area. In this case, personal data is protected by the service provider entering into the EU standard contractual clauses for the transfer of data as approved by the European Commission.

We collect and use your personal data for this purpose until your Oki account is deactivated or inactive for five (5) years.

2.1.14. To provide you with customer support service

If you send us questions, requests or complaints, we will collect and use the following data for the purpose of providing you with customer support services you request on the Platform:

The type of information we collect may vary depending on your inquiry.

Legal basis for the collection and use of data is the fulfillment of a contract (GTC) to which you are party (Art. 6 (1) (b) of the GDPR).

In order to respond to your inquiries, Oki provides your data to customer support service providers.

The following service providers are operating outside the European Economic Area, which may result in your data being shared with our customer support agents outside the European Economic Area. In these instances, the personal data is protected by the service providers entering into the EU standard contractual clauses for the transfer of data as approved by the European Commission.

Personal data collected and used for this purpose is kept for 2 years after the last update related to your inquiry. If your account is deleted, personal data collected and used for this purpose will be deleted along with your account.

2.1.15. To resolve any purchase-related disputes between members

If you purchase and/or sell items on the Platform and are involved in a dispute with another member, we will collect and use any of your personal data held by Oki necessary to solve the dispute.

We base such collection and use on a legitimate interest in settling disputes between our members and defending the rights and interests of Oki (Art. 6 (1) (f) of the GDPR) and, where relevant, compliance with the legal obligations to which Oki is subject (Art. 6 (1) (c) of the GDPR).

Personal data collected and used for this purpose is kept for 1 year after the conclusion of a dispute.

2.1.16. To temporarily retain your deactivated account

If you decide to deactivate your account, we will take all reasonable efforts to make sure it is no longer viewable on the Platform and restrict the use of your personal data. For up to 3 months, it is still possible to restore your account if it was accidentally or wrongfully deactivated or in case you change your mind and wish to return to the Platform and take action in the event that someone other than yourself gained access to and deleted your account without your knowledge.

The legal basis for such storage of your data is the legitimate interest of Oki and our members to restore your account when necessary (Art. 6 (1) (f) of the GDPR) and, where applicable, to comply with the legal obligations to which Oki is subject (Art. 6 (1) (c) of the GDPR).

Personal data is kept for this purpose for 3 months from the date of deactivation of your Oki account.

After 3 months, we permanently delete your account from our Platform.

 

2.2. To improve your experience when using the Platform

 

We collect and use your personal data in order to improve your experience when using the Platform by enabling you to personalize your feed and search results, providing you relevant suggestions and storing your previous searches, sending you notifications and otherwise making the use of Platform more pleasant.

Specific applicable legal basis for the collection and use of your data is described in each section below.

2.2.1. To enable your preferences regarding your feed and search results

If you choose to personalize the items presented to you on the Platform (on item feed, catalog and search results), we will collect and use the following data for the purpose of presenting you a feed personalized based on your preferences:

Legal basis for such collection and use of your personal data is the legitimate interest of Oki and its members (Art. 6 (1) (f) of the GDPR) to make the Platform more convenient for our members and allow you to see offers from other members that might interest you the most based on your set preferences.

We collect and use your personal data for this purpose until your Oki account is deactivated or inactive for five (5) years.

2.2.2. To personalize your feed and search results

We also personalize item feeds by evaluating your preferences according to the following:

Legal basis for such collection and use is the legitimate interest of Oki and its members (Art. 6 (1) (f) of the GDPR) to make the Platform more convenient for our members and, thanks to personalization, allow you to see offers from other members that might interest you the most.

We collect and use your personal data for this purpose until your Oki account is deactivated or inactive for five (5) years.

2.2.3. To prioritize high value items for sale by reputable sellers

In order to determine whether you, as a reputable seller, offer high value items, we will collect and use the following data from you when you sell your items on the Platform:

We use results to prioritize high value items sold by reputable sellers when showing items to new members, and increase the visibility of items uploaded by members that have chosen the same language as you and/or live in the same country or region, items listed by new members, items that have three (3) favorites or more, children’s items that have one or more favorites, items that are bumped, and we show relevant items on the Platform.

Legal basis for such collection and use of your personal data is our legitimate interest in prioritizing high value items sold by reputable sellers in order to facilitate sales and member satisfaction on the Platform (Art. 6 (1) (f) of the GDPR).

We collect and use your personal data for this purpose until your Oki account is deactivated or inactive for five (5) years.

2.2.4. To recommend relevant items to you

If you choose to create item listings on the Platform, we will collect and use data you provide in the listing (see 2.1.5 above) by analyzing it in order to either offer members who clicked on your items other relevant items or offer them to members to whom your items may be relevant.

Legal basis for such collection and use of your personal data is our legitimate interest in the improvement of the Platform and in ensuring that our members receive relevant suggestions and search results (Art. 6 (1) (f) of the GDPR).

We collect and use your personal data for this purpose until your Oki account is deactivated or inactive for five (5) years.

2.2.5. To suggest relevant item descriptions

When you create item listings on the Platform, we collect and analyze the data you provide in the listing (see 2.1.5 above) to suggest the most appropriate description for your listing.

The legal basis for such collection and use of data is our legitimate interest to improve the Platform and ensure that our members receive relevant suggestions (Art. 6 (1) (f) of the GDPR).

We collect and use your personal data for this purpose until the deactivation of your Oki account or for 5 years of inactivity on your account.

2.2.6. To improve search results on the Platform

We collect and use data provided in the item listings (see 2.1.5 above) with no seller-related information in order to improve search results by evaluating the degree of relevance of certain items with respect to a specific search keyword and to automatically suggest relevant categories for new listings. For this, we only use the item listing without any link to a particular seller.

Legal basis for such collection and use is our legitimate interest in improving the Platform and ensuring that our members receive relevant suggestions and search results (Art. 6 (1) (f) of the GDPR).

Oki uses service providers who provide data analysis services to Oki.

We collect and use your personal data for this purpose until your Oki account is deactivated or inactive for 5 years.

2.2.7. To save your recent searches

In order to help you find previously searched items on the Platform, we save your search keywords. We collect and use the following data for the purpose of providing information about newly listed items on the Platform based keywords from your previous searches:

Legal basis for such collection and use is the legitimate interest of our members and Oki to improve search results on the Platform (Art. 6 (1) (f) of the GDPR).

You can delete your search history at any time.

Unless you delete your search history earlier, we collect and use your personal data for this purpose for up to 6 months.

2.2.8. To help you draw more attention to your listings

Should you order extra services, i.e. bumps or the “Wardrobe Spotlight” in order to increase your items’ visibility on the Platform, we collect and use the following data:

Legal basis for the collection and use of data is the fulfillment of a contract (your order for extra features under GTC) to which you are party (Art. 6 (1) (b) of the GDPR).

Personal data is required to fulfill a contract (GTC) with you. If you do not provide us with this personal data, we will not be able to enter into or fulfill a contract (GTC) with you.

We collect and use your personal data for this purpose until your Oki account is deactivated or inactive for 5 years.

2.2.9. To suggest a price upon creation of an item listing

If you choose to create an item listing on the Platform, our algorithms will analyze its price in addition to the item category, item brand and item condition. We will then use that information to show you pictures and prices of similar items sold in the last three months in order to help you determine the selling price for your item.

If the selling price you chose is above the price range for similar items sold on the Platform in the last three months, Oki will also give you a tip regarding the recommended price range.

Legal basis for such collection and use is our legitimate interest in helping our members choose the right price for their items (Art. 6 (1) (f) of the GDPR).

To perform the above function, we collect and use pictures and prices of items sold in the last three (3) months.

Upon listing your items, we collect and use such information to analyze your items throughout the item listing process. Upon sale of your items, we collect and use the data mentioned above for three (3) months after the item’s sale.

2.2.10. To enable notifications about your favorite items

If you favorite an item listed by another member on the Platform, Oki will inform you when the price of your favorited goes down or when the item is sold. For this reason, we will collect and use the following data:

Legal basis for such collection and use is the legitimate interest of our members and Oki in facilitating sales on the Platform (Art. 6 (1) (f) of the GDPR).

We collect and use your personal data for this purpose until your Oki account is deactivated or inactive for five (5) years.

2.2.11. To notify sellers when you favorite their items

If you favorite an item on the Platform, Oki will inform the seller that you have favorited their item.

Legal basis for such collection and use is the legitimate interest of our members and Oki in facilitating sales on the Platform (Art. 6 (1) (f) of the GDPR).

You can disable these notifications by logging in to the Platform, going to Privacy Settings and changing the appropriate settings.

We collect and use your personal data for this purpose until your Oki account is deactivated or inactive for five (5) years.

2.2.12. To allow you to follow other members

If a member you followed listed a new item on the Platform, we will notify you about it.

Legal basis for such collection and use of your personal data is our legitimate interest to help members receive timely information about new items of interest to them, thereby facilitating sales on the Platform (Art. 6 (1) (f) of the GDPR).

We collect and use your personal data for this purpose until your Oki account is deactivated or inactive for five (5) years.

2.2.13. To improve our Platform

Oki is committed to the Platform’s optimal performance. While the Platform is in use, Oki gathers information about actions performed on the Platform (button clicks, visiting time, notifications read, other information based on a given business case) and other data described under 2.1, 2.2, 2.5, 2.6 and 5 of this Privacy Policy in order to help us make decisions on how to improve the Platform and make it a better experience for our members.

Legal basis for such collection and use is our legitimate interest in maintaining performance and improving the Platform (Art. 6 (1) (f) of the GDPR).

We collect and use your personal data for this purpose until your Oki account is deactivated or inactive for five (5) years.

2.2.14. To conduct surveys

We are always looking for ways to improve your user experience with Oki. As such, you may be invited to participate in a survey and your feedback may be used. For this purpose, we collect and use the following data:

Legal basis for inviting you to participate in the survey is our legitimate interest in receiving feedback from our members and using it to improve the Platform (Art. 6 (1) (f) of the GDPR, Art. 13 (2) of Directive 2002/58/EC of the European Parliament and of the Council of July 12, 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications), Art. 81 (2) of Lithuanian Law on Electronic Communications).

We collect and use your personal data for this purpose until your Oki account is deactivated or inactive for five (5) years.

For our surveys, we use service provider, Widgix Limited (United Kingdom, which is considered to be safe in terms of data protection by the European Commission).

For our surveys we use a service provider Widgix Limited (United Kingdom, which is considered by the European Commission as safe in terms of data protection).

We will anonymize your responses after 3 months – this means that the responses will no longer be associated with you.

2.2.15. To conduct interviews

In order to understand our users' needs and improve your experience on the Platform, we conduct on-site or online interviews with you. For this purpose, we collect and use the following data:

Legal basis for inviting you to participate in the interview is our legitimate interest in receiving feedback from our members and using it to improve the Platform (Art. 6 (1) (f) of the GDPR).

We collect and use your personal data for this purpose until your Oki account is deactivated or inactive for five (5) years.

If you wish to participate in the interview, the information above will be collected based on your consent (Art. 6 (1) (a) of the GDPR).

We will anonymize your responses after three (3) months – this means that the responses will no longer be associated with you.

2.2.16. To enable you to share your user journey

We are making constant improvements to our Platform and look for ways to improve your experience while using Oki. If you agree, we enable you to share your user journey through our Platform. In so doing, we will collect and use the following data:

Legal basis for inviting you to participate in the sharing of your user journey is our legitimate interest in receiving feedback from our members and using it to improve the Platform (Art. 6 (1) (f) of the GDPR.

We collect and use your personal data for this purpose until your Oki account is deactivated or inactive for five (5) years.

If you wish to participate in the survey, the information above will be collected based on your consent (Art. 6 (1) (a) of the GDPR).

We will anonymize your responses after three (3) months – this means that the responses will no longer be associated with you.

2.2.17. To enable automatic content translation

To make the content available in all preferred member languages, we have integrated an automatic translation solution into the Platform. We collect and use the following data if you or another member wishes to have translated:

For automatic translation, Oki uses service provider Google LLC (USA) which is established outside the European Economic Area. In this case, the personal data is protected by the service provider entering into the EU standard contractual clauses for the transfer of data as approved by the European Commission.

Legal basis for such collection and use of the personal data is the legitimate interest of Oki and its members (Art. 6 (1) (f) of the GDPR) in making the Platform more convenient and intuitive for our members.

We collect and use your personal data for this purpose for 2 weeks after the translation has been completed.

 

2.3. To ensure the security of your account and the Platform

 

Oki strives to ensure that our member accounts and the Platform itself are secure and protected from cyber-attacks, unauthorized access and other similar risks.

2.3.1. To track visits to the Platform for security purposes

When you connect to the Website or App, we collect and use the following data (log files), even if you are not logged in to the Website as a member:

For access via mobile devices, the following log files are also recorder as part of your use of the Oki App:

This data is used for security purposes, especially the prevention of cyber-attacks such as data scraps and denial of service attacks and to prevent unauthorized multiple applications.

Legal basis for such collection and use is our legitimate interest to protect the Platform and ensure its security and the legitimate interest of our members in ensuring the safety of their accounts on the Platform (Art. 6 (1) (f) of the GDPR).

Personal data collected and used for this purpose is kept for 3 months.

2.3.2. To help you avoid using a compromised password

If you decide to register using a password or subsequently decide to change your password, we will check it against a database of passwords compromised in previous data breaches having occurred on other platforms and through other services. To enable this functionality, we take the password, hash it and then use the first 5 characters of the hash to Have I Been Pwned (https://haveibeenpwned.com/) to conduct a search in the database for compromised passwords.

By performing this check, we are able to protect your account by confirming that you are using a password not known to be compromised.

Legal basis for such collection and use is our legitimate interest to protect the Platform and ensure its security and the legitimate interest of our members in ensuring the safety of their accounts on the Platform (Art. 6 (1) (f) of the GDPR).

We collect and use personal data for this purpose only for the duration necessary to perform the password check.

2.3.3. To allow you to reset your password

If you forgot your password or decide to change it for other reasons and do not have access to your email, we may ask you to answer a few security questions to verify your identity. For this purpose, we will collect and use the following data:

Legal basis for such collection and the use of your personal data is our legitimate interest to protect the Platform and ensure its security and the legitimate interest of our members in ensuring the safety of their accounts on the Platform (Art. 6 (1) (f) of the GDPR).

We collect and use your personal data for this purpose until your Oki account is deactivated or inactive for five (5) years.

2.3.4. To verify your account in case of suspicious activity related to your account

If we detect activity on your account considered to be suspicious by Oki, we will ask you to perform a basic verification by confirming your email, Facebook or Google accounts. For the purpose of performing a basic verification, we will collect and use the following data:

Legal basis for such collection and use is our legitimate interest to protect the Platform and ensure its security and the legitimate interest of our members in ensuring the safety of their accounts on the Platform (Art. 6 (1) (f) of the GDPR).

We collect and use your personal data for this purpose until your Oki account is deactivated or inactive for five (5) years.

2.3.5. To conduct phone number and two-step verifications

Should you decide to apply an additional layer of protection to your account and activate phone verification, we will use your phone number in order to enable this function. Legal basis for such collection and use is our legitimate interest in providing our users with additional measures to protect their account (Art. 6 (1) (f) of the GDPR).

You may also be asked to verify your phone number in case of suspicious activities on your account. In that event, verification is mandatory and personal data collection and use is based on the fulfillment of a contract (GTC) to which you are party (Art. 6 (1) (b) of the GDPR).

When you verify your phone number, Oki will collect and use your phone number for two-step verification purposes.

Personal data for mandatory verifications is required to enter into and fulfill a contract (GTC) with you. If you do not provide us with this personal data, we will not be able to enter into and fulfill a contract (GTC) with you.

In order to carry out phone number and two-step verifications, we use service provider, Vonage Holdings Corp. (USA), enabling us to send you verification messages or make verification calls to dictate verification code if you do not verify your phone number within 5 minutes. While this results in your data being shared outside the European Economic Area, the data is protected by the service provider entering into the EU Standard Contractual Clauses for the transfer of data as approved by the European Commission.

We collect and use your personal data for this purpose until your Oki account is deactivated or inactive for five (5) years.

2.3.6. To carry out payment source security checks

As part of the security process, we ask our members to provide verification of their payment source. In order to perform such security checks, Oki collects and uses the following personal data:

Legal basis for such collection and use is our legitimate interest to protect the Platform and ensure its security and the legitimate interest of our members to ensure the safety of their accounts on the Platform (Art. 6 (1) (f) of the GDPR).

Personal data collected and used for this purpose is kept for 4 days after the security check is passed.

2.3.7. To carry out PayPal account security checks

As part of the security process, we request our members to verify ownership of their PayPal accounts where there was no actual charge. As part of this process, Oki collects and uses the following data:

As part of the security process, we also ask our members that use PayPal to verify ownership of their PayPal accounts. As part of this process, Oki collects and uses the following data:

Legal basis for such collection and use is our legitimate interest to protect the Platform and ensure its security and the legitimate interest of our members to ensure the safety of their accounts on the Platform (Art. 6 (1) (f) of the GDPR).

Personal data collected and used for this purpose is kept for 4 days after the security check.

2.3.8. To prevent fraudulent payments

To ensure secure payments on the Platform and uphold our GTC, we may check payments for any signs of fraudulent activities, such as unauthorized use of credit/debit card or payment information, fake transactions, etc.

If we come across such payments, we take appropriate measures as outlined in our GTC, which may include a thorough review of the transaction, cancellation of the payment, or even blocking the associated member's account.

To detect and cancel suspicious payments, we may use fully automated tools. By doing so, we can prevent fraudulent activities in an efficient and timely manner, ultimately protecting our members from harm. We use means to ensure a high precision rate and accuracy of our automated tools, including manual reviews of automated decisions.

The following categories of data are used to prevent fraudulent payments, including making the automated decisions for detecting and cancelling suspicious transactions:

Legal basis for such collection and use of data is the performance of a contract (GTC) to which you are a party (Art. 6 (1) (b) of the GDPR).

We collect and use your personal data for this purpose for 2 years after the payment verification procedure.

2.3.9. To ensure listing compliance with our Authenticity Policy

For some listings, we collect and use the following data in order to ensure that such listings comply with our Authenticity Policy:

Legal basis for such collection and use of your personal data is our legitimate interest to protect the Platform and our members from eventual counterfeit (Art. 6 (1) (f) of the GDPR).

We may share photos of listings or other proofs of authenticity free of your personal data with brand owners in order to verify certain items.

Personal data collected and used for this purpose is kept for 2 years when it is necessary to solve disputes between our users.

2.3.10. To facilitate the exercise of intellectual property rights

Intellectual property right holders (or their representatives) can complete our Intellectual Property Infringement Report. Within this report, Oki collects and uses the following personal data:

The legal basis for such collection and use of your personal data is our legitimate interest to protect the Platform and our members from intellectual property infringements (Art. 6 (1) (f) of the GDPR).

Personal data collected and used for this purpose are kept for 5 years.

2.3.11. To carry out account ownership checks

As part of the security process, we may ask our members to verify ownership of their Oki account. To confirm your identity, we will need one of the following as proof:

Legal basis for such collection and use of your personal data is our legitimate interest to protect the Platform and ensure its security and the legitimate interest of our members to ensure the safety of their accounts on the Platform (Art. 6 (1) (f) of the GDPR).

Personal data collected and used for this purpose is kept for 3 days from receipt of the proof.

2.3.12. To allow you to report inappropriate behavior or content

If you would like to report inappropriate messages, forum activity, members, items, spam or spoof mail, we will collect and use the following data for the purpose of ensuring the security of the Platform and its members:

Legal basis for such collection and use of your personal data is our legitimate interest to protect the Platform and ensure its security and the legitimate interest of our members to ensure the safety of their accounts on the Platform (Art. 6 (1) (f) of the GDPR).

We collect and use your personal data for this purpose until your Oki account is deactivated or inactive for five (5) years.

2.3.13. To report suicidal posts

In exceptional cases, where we notice suicidal posts on our Platform, we may report them to the police. In such cases we will collect and use and disclose the following data for the purpose of reporting suicidal posts:

Legal basis for such collection and use is the protection of your vital interests (Art. 6 (1)(d) of the GDPR).

We collect and use your personal data for this purpose until your Oki account is deactivated or inactive for five (5) years.

 

2.4. To supervise compliance with and enforce GTC

 

Oki actively supervises compliance with and enforces GTC for the purpose of ensuring the security of your account and that of the Platform.

2.4.1. To calculate the trust score

In order to ensure the security of the Platform and its members, Oki gives each member a "trust score" calculated using an algorithm, and maintains a database of unlawful activities typically performed by bad actors. The "trust score" indicates the likelihood of improper use of the Platform.

Our algorithm takes into account members’ comments on a forum, messages to other members, items listed on the platform, transactions, reports from other members on that member, the member's profile and contact information, the member's violations of our GTC, IP addresses, and browser fingerprints, other content provided to use by the member.

When member evaluations meet certain thresholds, the member's usage of the platform is restricted or the member is asked to verify his/her telephone number, email, Facebook or Google accounts.

Legal basis for such collection and use is our legitimate interest to protect the Platform and its users and ensure its security and the legitimate interest of our members to ensure their safety on the Platform (Art. 6 (1) (f) of the GDPR).

We collect and use your personal data for this purpose until your Oki account is deactivated or inactive for five (5) years.

2.4.2. To identify and prevent malicious accounts and activities

In order to ensure the security of the Platform and its members, Oki collects and maintains a database of keywords indicating malicious accounts and activities. This database may contain emails, certain words or phrases found in messages, and other relevant data. By matching members’ activity against the keywords in the database, we can identify and prevent bad actors more effectively.

The legal basis for such collection and use is our legitimate interest to protect the Platform and its users and ensure its security and the legitimate interest of our members to ensure their safety on the Platform (Art. 6 (1) (f) of the GDPR).

The database entries containing personal data are retained for 13 months.

2.4.3. To enforce spam filtering

In order to protect our members and the Platform, we use spam filtering tools. These tools include a list of keywords that are commonly associated with spam. If your messages include these keywords, they are stopped by the above-referenced tools and reviewed manually before being sent to other members.

Legal basis for such collection and use is our legitimate interest to protect the Platform and its users and ensure its security and the legitimate interest of our members to ensure their safety on the Platform (Art. 6 (1) (f) of the GDPR).

We collect and use your personal data for this purpose until your Oki account is deactivated or inactive for five (5) years.

2.4.4. To moderate your activity on the Platform

In order to ensure the security of the Platform and its members we regularly moderate your activity on the Platform. We may check your listings automatically or we may check your listings, comments, and messages upon receipt of reports from other members or third parties.

If you communicate with another Oki member via private message and either you or another member sends us a report or escalates a transaction, we collect and use information contained in your communications to check for potential violations of our GTC.

Legal basis for such collection and use is our legitimate interest to protect the Platform and its users and ensure its security and the legitimate interest of our members to ensure their safety on the Platform (Art. 6 (1) (f) of the GDPR).

We collect and use your personal data for this purpose until your Oki account is deactivated or inactive for five (5) years.

2.4.5. To issue and enforce warnings

As a member, if you violate our GTC or take other actions that result in a warning being issued to you, we collect and use the following data to issue and enforce the warning:

Legal basis for such collection and use is our legitimate interest to protect the Platform and its users and ensure its security and the legitimate interest of our members to ensure their safety on the Platform (Art. 6 (1) (f) of the GDPR).

We collect and use your personal data for this purpose until your Oki account is deactivated or inactive for five (5) years.

2.4.6. To delete or hide items that violate Oki GTC

If you list items that violate our GTC, we will remove or hide them. However, we will retain deleted listings as proof of the violation. For this purpose, Oki uses personal data included in the listing as specified under 2.1.5.

Legal basis for such collection and use is our legitimate interest to protect the Platform and its users and ensure its security and the legitimate interest of our members to ensure their safety on the Platform (Art. 6 (1) (f) of the GDPR).

Deleted listings are stored for 30 days after their removal.

2.4.7. To detect and lock compromised accounts

In order to protect our members and the Platform, we regularly check for suspicious activities to detect compromised accounts. If we determine that your account may be compromised or at your request, we may lock your account.

Legal basis for such collection and use of your personal data is our legitimate interest to protect the Platform and its users and ensure its security and the legitimate interest of our members to ensure their safety on the Platform (Art. 6 (1) (f) of the GDPR).

We collect and use your personal data for this purpose until your Oki account is deactivated or inactive for five (5) years. If your account is locked and then unlocked, we retain your data for two (2) years after unlocking your account. If your account remains permanently locked, we retain your data for this purpose for five (5) years after your last activity on the Platform.

2.4.8. To suspend members

If you send too many messages in a short period of time, you may get suspended for between one (1) and six (6) hours. For this purpose, Oki collects and uses the time and duration of the suspension.

Legal basis for such collection and use is our legitimate interest to protect the Platform and its users and ensure its security and the legitimate interest of our members to ensure their safety on the Platform (Art. 6 (1) (f) of the GDPR).

We collect and use your personal data for this purpose until your Oki account is deactivated or inactive for five (5) years.

2.4.9. To enforce bans

If you violate Oki GTC in a way that results in your ban, we will use the reason for your ban, its time and your profile data.

Legal basis for such collection and use is our legitimate interest to protect the Platform and its users and ensure its security and the legitimate interest of our members to ensure their safety on the Platform (Art. 6 (1) (f) of the GDPR).

Personal data collected and used for this purpose is kept for three (3) months from the time you were blocked.

2.4.10. To enforce IP blocks

If there are signs of cyber-attacks or other risks to the Platform’s security coming from your IP address, in order to protect the platform, we will collect and use your IP address and block it.

Legal basis for such collection and use is our legitimate interest to protect the Platform and its users and ensure its security and the legitimate interest of our members to ensure their safety on the Platform (Art. 6 (1) (f) of the GDPR).

Personal data collected and used for this purpose is kept for five (5) years.

2.4.11. To restrict the fraudulent use of payment instruments 

If there are signs of any fraudulent activity with your payment instrument (e.g. credit/debit card), we will collect and use your payment instrument and order data to protect the Platform by restricting the use of your payment instrument.

The legal basis for such collection and use is our legitimate interest to protect the Platform and its members and ensure its security and the legitimate interest of our members to keep them safe on the Platform (Art. 6 (1) (f) of the GDPR).

Personal data collected and used for this purpose are kept for the duration of the restrictions applied.

 

2.5. To enable your payment for items

 

Payments made on the Platform are carried out via payment service providers that offer payment processing and escrow services.

Most of your personal data is required to fulfill a contract (GTC) with you. If you do not provide us with this personal data, we will not be able to enter into and fulfill a contract (GTC) with you (Art. 6 (1) (b) of the GDPR). Part of your data is required to fulfill our or our payment service providers’ legal obligations when you are a member of our Platform (Art. 6 (1) (c) of the GDPR). If you do not provide us with this personal data, we or our payment service providers will not be able to comply with legal requirements nor will we be able to provide our services.

This data is also used for improvement of the Platform in order to make it a better experience for our members (see 2.2.12).

2.5.1. To allow you to make a purchase or add a payment card for payment purposes

When you add a payment card or purchase an item or our extra services via the Platform, we collect and use the following data for the purpose of allowing you to make payments:

When you add a payment card or purchase an item or our extra services via the Platform, relevant payment service provider (please see 2.5.3 and 2.5.4 below) receives the following data:

Legal basis for the collection and use of data is the fulfillment of a contract (compliance with our GTC) to which you are party (Art. 6 (1) (b) of the GDPR).

Personal data is required to fulfill a contract (GTC) with you. If you do not provide us with this personal data, we will not be able to enter into and fulfill a contract (GTC) with you.

If you agree, we will store your bank card details for future use.

Legal basis for such collection and use is your consent (Art. 6 (1) (a) of the GDPR).

We collect and use your personal data for this purpose until your Oki account is deactivated or inactive for five (5) years.

2.5.2. To allow you to add a bank account for withdrawal purposes

When you add a bank account for withdrawal purposes, we collect and use the following data to allow you to withdraw money:

Legal basis for the collection and use of data is the fulfillment of a contract (compliance with our GTC) to which you are party (Art. 6 (1) (b) of the GDPR).

Personal data is required to fulfill a contract (GTC) with you. If do not provide us with this personal data, we will not be able to enter into and fulfill a contract (GTC) with you.

We collect and use your personal data for this purpose until your Oki account is deactivated or inactive for five (5) years.

2.5.3. To enable you to pay and receive payments on our Platform

If you opt to pay a seller or for extra services by payment card or other payment method integrated on the Platform, or if you use other services on the Platform for which a charge is made, the transaction in question will be collected and used via the electronic payment system ADYEN (see our GTC), which is operated by ADYEN N.V. (Netherlands) ("ADYEN"). On behalf of Oki, ADYEN will collect the payment information based on the payment method selected (e.g. payment card, etc.). The payment will then be implemented via ADYEN and the payment scheme owner or facilitator of the payment method you have selected. To this extent, the data protection rules of ADYEN and the payment scheme owner or facilitator of the payment method you have selected will apply.

For more information on payment procedure, see Article 6 of our GTC. If you use a payment card as your payment method, Oki will see only the card holder’s full name, the first six and last four digits of your payment card number and expiration date.

This information will be used by us solely for the purpose of confirming payment. The rest of the card data is masked and forwarded to ADYEN to handle the transaction.

Legal basis for the collection and use of data is the fulfillment of a contract (compliance with our GTC) to which you are a party (Art. 6 (1) (b) of the GDPR).

Personal data are required to fulfill a contract (GTC) with you. If you do not provide us with this personal data, we will not be able to enter into and fulfill a contract (GTC) with you.

We collect and use your personal data for this purpose until your Oki account is deactivated or inactive for five (5) years.

Additionally, if you are a seller on Oki and you want to receive payments from buyers through the above electronic payment system for the purchase of your products, you will have to accept ADYEN’s Terms and Conditions and create an e-wallet with ADYEN (referred to on the Platform as a "Oki Balance"). In order to do so, you must provide the following data:

ADYEN processes this information in accordance with applicable laws and as described in AYDEN's Privacy Policy.

Legal basis for the collection and use of your personal data is the fulfillment of a contract (compliance with our GTC and ADYEN’s Terms and Conditions) to which you are party (Art. 6 (1) (b) of the GDPR).

Personal data are required to fulfill contracts (GTC and ADYEN Terms and Conditions) with you. If you do not provide us with this personal data, we will not be able to enter into and fulfill contracts with you.

We collect and use your personal data for this purpose until your Oki account is deactivated or inactive for five (5) years.

2.5.4. To enable you to receive payments on our old.Oki.com Platform

Please note, this section only applies to our old Platform.

If you opt to pay a seller by payment card or other payment method integrated on the Platform, or if you use other services on the Platform for which a charge is made, the transaction in question will be collected and used via the electronic payment system, STRIPE (see our GTC), which is operated by Stripe, Inc. (United States) ("STRIPE").

On behalf of Oki, STRIPE will collect the payment information required according to the payment method selected (e.g. payment card, etc.). The payment will then be implemented via STRIPE and via the payment scheme owner or facilitator of the payment method you have selected. To this extent, STRIPE’s data protection rules and those of the payment scheme owner or facilitator of the payment method you have selected will apply. For more information on payment procedure, see Article 13 of our GTC.

If you use a payment card as your payment method, Oki will see only the card holder’s full name, the last four digits of your payment card number, expiration date, brand and country code. This information will be used by us solely for the purpose of confirming payment. The remaining card data is masked and forwarded to STRIPE to handle the transaction.

Legal basis for the collection and use of your personal data is the fulfillment of a contract (compliance with our GTC) to which you are party (Art. 6 (1) (b) of the GDPR).

Personal data are required to fulfill a contract (GTC) with you. If you do not provide us with this personal data, we will not be able to enter into and fulfill a contract (GTC) with you.

We collect and use your personal data for this purpose until your Oki account is deactivated or inactive for five (5) years.

Additionally, if you are a seller on Oki and you want to receive payments from buyers through the above electronic payment system for the purchase of your products, you will have to accept STRIPE’s Terms and create an e-wallet with STRIPE (referred to on the Platform as a "Oki Balance"). For this, you must provide the following data:

You can find out more on how STRIPE collects and uses your data by consulting STRIPE's privacy policy, accessible at the following address: https://stripe.com/privacy.

Legal basis for the collection and use of your personal data is the fulfillment of a contract (compliance with our GTC and STRIPE Terms) to which you are party (Art. 6 (1) (b) of the GDPR).

Personal data is required to fulfill contracts (GTC and STRIPE Terms and Conditions) with you. If you do not provide us with this personal data, we will not be able to enter into and fulfill contracts with you.

We collect and use your personal data for this purpose until your Oki account is deactivated or inactive for five (5) years.

2.5.5. To enable donations

When you make a donation via our Platform, we collect and use the following data for the purpose of allowing you to make the donation:

The legal basis for such collection and use is our legitimate interest to bring value to our members by empowering them to support their causes (Art. 6 (1) (f) of the GDPR).

We collect and use your personal data for this purpose until the deactivation of your Oki account or if your account is inactive for 5 years.

2.5.6. To implement Know Your Customer (KYC) checks on our Platform

Whenever you reach the KYC thresholds which are set by ADYEN, ADYEN will ask you to provide a copy of your passport, ID card or driver’s license, including temporary licenses. In that case, we will enable ADYEN to collect the following data from you in order to allow ADYEN, as payment service provider, to perform an identity check (so-called Know Your Customer, KYC):

As a separate safety check, ADYEN may also request a photo/screenshot of the bank statement listing transactions for a one-month period. In that case, we collect the following information as requested by ADYEN:

For this purpose, Oki implemented ADYEN’s API – a technical measure that allows you to submit a copy of your document and other data to ADYEN without leaving the platform. All document copies go straight to our payment provider ADYEN without being saved on our systems.

This is necessary in order to fulfill our legitimate interest to provide ADYEN with necessary information for their compliance with the legal obligations to which ADYEN is subject (Art. 6 (1) (f) of the GDPR).

2.5.7. To implement Know Your Customer (KYC) checks on our old.Oki.com Platform

Please note, this section only applies to our old Platform.

Whenever you reach the KYC thresholds which are set by STRIPE, STRIPE will ask you to provide a copy of your passport, ID card or driver’s license, including temporary license. In that case, we will enable STRIPE to collect the following data from you in order to allow STRIPE, as payment service provider, to perform an identity check (so-called Know Your Customer, KYC):

For this purpose, Oki implemented STRIPE’s API – a technical measure that allows you to submit a copy of your document and other data to STRIPE without leaving the platform. All document copies go straight to our payment provider STRIPE without being saved on our systems.

This is necessary in order to fulfill our legitimate interest to provide STRIPE with necessary information for their compliance with the legal obligations to which STRIPE is subject (Art. 6 (1) (f) of the GDPR).

2.5.8. To issue refunds

If you purchase an item and it is never shipped, arrives damaged or is not as described and you issue a claim, we collect and use the data used to make a purchase (see 2.5.1 and 2.5.4) for the purpose of issuing a refund.

Legal basis for the collection and use of data is the fulfillment of a contract (GTC) to which you are party (Art. 6 (1) (b) of the GDPR).

Personal data is required to fulfill a contract (GTC) with you. If you do not provide us with this personal data, we will not be able to enter into and fulfill a contract (GTC) with you.

Transaction data is kept for 13 months from the day of transaction.

2.5.9. To keep financial records

If you participate in purchase-sale and/or other transactions when using the Platform, Oki will collect and use the following data in order to carry out its accounting-related duties:

This is necessary in order to comply with the legal obligations to which Oki is subject (Art. 6 (1) (c) of the GDPR).

Financial regulations require us to keep accounting documents that confirm the transactions for 10 years.

 

2.6. To enable shipment of items purchased on the Platform

 

Oki strives to make the shipping of items purchased on the Platform as smooth and convenient as possible by offering shipping methods on the Platform.

Most of your personal data is required to fulfill a contract (GTC) with you. If you do not provide us with this personal data, we will not be able to enter into and fulfill a contract (GTC) with you.

This data is also used for improvement of the Platform in order to make it a better experience for our members (see 2.2.12).

2.6.1. To enable you to ship or receive items

If you choose to enter your shipping information or when you buy or sell items, we collect and use the following data that you provide for dispatch and shipping purposes:

Legal basis for the collection and use of data is the fulfillment of a contract (GTC) to which you are party (Art. 6 (1) (b) of the GDPR).

Personal data is required to fulfill a contract (GTC) with you.

We provide personal data collected and used for this purpose to the following recipients:

Otherwise, it is up to the seller to follow the instructions and provide your data to the shipping provider.

Personal data collected and used for this purpose is kept for 6 months.

2.6.2. To track your parcel

When you buy or sell items on the Platform, we collect and use the following data for shipment tracking purposes:

If we are unable to gather tracking information directly from a particular shipping provider, we provide the aforementioned information to a tracking service provider AfterShip Limited (Hong Kong, China). Personal data is protected by the service provider entering into the EU Standard Contractual Clauses for the transfer of data as approved by the European Commission.

Legal basis for the collection and use of your personal data is the legitimate interest of Oki and our members to track shipment when it is impossible to gather tracking information directly from a particular shipping provider (Art. 6 (1) (f) of the GDPR).

Personal data is required to fulfill a contract (GTC) with you. If you do not provide us with this personal data, we will not be able to enter into and fulfill a contract (GTC) with you.

Personal data collected and used for this purpose is kept for 6 months.

 

2.7. To carry out marketing activities

 

Oki seeks to involve our members in marketing campaigns that benefit our members. At the same time, we wish to present you with marketing material that is both relevant and engaging.

2.7.1. To send you marketing emails

You can register for our newsletter and for other marketing emails ("Marketing Emails"). When you register, we will ask you for your permission to use your email address to send you Marketing Emails containing the latest information on our products and services, especially regarding goods available on the Platform, special offers and marketing campaigns. If, upon registration, you do not give your permission, you can change your mind at any time and agree to receive Marketing Emails by changing the settings on your Oki account.

We base such collection and use on your consent (Art. 6 (1) (a) of the GDPR, Art. 81(1) of Lithuanian Law on Electronic Communications).

You can grant or revoke your consent to receive Marketing Emails at any time with future effect. In your Oki account, you can adjust your settings to choose what emails you wish to receive or disable the receipt of further Marketing Emails. Alternatively, you can click "Unregister" at the end of the Marketing Email. Revoking your consent will not affect the legality of the collection and use carried out prior to withdrawal of your consent.

Oki uses the service provider, Braze, Inc. (USA), established outside the European Economic Area, to send Marketing Emails. In this case, the personal data is protected by the service provider entering into the EU standard contractual clauses for the transfer of data as approved by the European Commission.

We collect and use your personal data for this purpose until your Oki account is deactivated or inactive for five (5) years or until you revoke your consent.

2.7.2. To personalize marketing messages

Oki will use the data used to register you on the Platform (see above under 2.1.1, 2.1.2 and 2.1.3) and related to your Oki account (see 2.2), the data on your forum activity (see 2.1.10), your log files (see 2.3.1 above) and other means (see 2.7.7) to personalize marketing messages and advertisements presented to you.

We base such collection and use of your personal data on our legitimate interest to present you with marketing messages that we consider relevant to you (Art. 6(1)(f) of the GDPR).

Oki uses service provider, Braze, Inc., (USA) established outside the European Economic Area, to send you personalized marketing messages. In this case, the personal data is protected by the service provider entering into the EU standard contractual clauses for the transfer of data as approved by the European Commission.

We collect and use your personal data for this purpose until your Oki account is deactivated or inactive for five (5) years.

2.7.3. To contact you for publicity and/or earning opportunities

If you register on the Platform, we may contact you via email or via the Platform’s messaging system to offer you to share your content (e.g., pictures) on our social media profiles, or to participate in our marketing campaigns, or to have your information shared with the press, or for other publicity and/or earning opportunities. This is done in order to ensure that only members who give their consent are featured on our social media profiles or receive other publicity and/or earning opportunities.

We base such collection and use on our legitimate interest to increase your publicity and that of Oki and/or provide you with earning possibilities (Art. 6(1)(f) of the GDPR).

If you consent, we may check your profile information to ensure that we only offer publicity and/or earning opportunities to members with a good reputation (i.e., compliance with the GTC). The collection and use of your personal data for this purpose will be based on your consent (Art. 6 (1) (a) of GDPR).

If you agree to participate in publicity and/or earning opportunities offered by us, the further collection and use of your personal data will be based on your consent (Art. 6(1)(a) of the GDPR).

If you sign a contract with Oki related to the publicity and/or earning opportunity, the collection and use of your personal data will be based on a contract between Oki and you (Art. 6(1)(b) of the GDPR).

We collect and use your personal data for this purpose until your Oki account is deactivated or inactive for five (5) years.

Messages themselves are deleted after twelve (12) months.

2.7.4. To conduct advertisement campaigns involving you

If you agree to participate in our advertisement campaigns, we will use your telephone number to contact you with a proposal to participate in our advertisement campaign and give you more details about the project.

If you sign a contract with Oki related to the advertising campaign, we will collect and use the following data for the purpose of completing and fulfilling a contract between you and Oki:

If you provide your address and room photos we will use them to arrive at your location and film the advertisement. If you agree, we may also use your name, age, city or story to be included in advertising campaigns.

We base your invitation to participate in our advertisement campaigns on our legitimate interest in increasing your publicity and that of Oki (Art. 6(1)(f) of the GDPR). If you agree, your participation in our advertisement campaign will be based on a contract between Oki and you (Art. 6(1)(b) of the GDPR).

This data may be transferred to our partners (advertising agencies, directors) that are responsible for implementing the advertisement campaign.

Personal data for your participation in our advertisement campaign are required to fulfill a contract with you. If you do not provide us with this personal data, we will not be able to enter into and fulfill a contract with you.

We collect and use your personal data for this purpose until your Oki account is deactivated or inactive for five (5) years.

2.7.5. To enable us to post your content on our social media accounts

If you agree, we will post your content on our social media accounts for marketing and PR purposes.

We base such collection and use on your consent (Art. 6(1)(a) of GDPR).

You may grant or revoke your consent at any time by logging into the Platform, visiting Privacy Settings and changing relevant settings.

In order to post your content on our social media accounts, we provide data to social media platform operators.

The following social media platform operators are established outside the European Economic Area, which may result in your data being transferred outside the European Economic Area. In these cases the personal data is protected by the operators entering into the EU standard contractual clauses for the transfer of data as approved by the European Commission:

We collect and use your personal data for this purpose until your Oki account is deactivated or inactive for five (5) years.

2.7.6. To allow you to see personalized advertisements

Upon your consent, Oki will allow advertising service partners to collect your IP address and/or mobile device identifier and place their cookies on your devices and then use the data to personalize advertisements presented to you. This means that with your consent, you will receive advertisements based on your interests and your activity on the Platform. Namely, advertising service partners will collect and use the following data:

Legal basis to conduct this is Art. 61(4) of Lithuanian Law on Electronic Communications. To the extent that it involves personal data, we base such collection and use on your consent (Art. 6 (1) (a) of the GDPR).

You can choose not to receive personalized marketing and advertisements at any time by changing relevant settings on the Platform. Withdrawal of permission will not affect the lawfulness of the collection and use carried out prior to the withdrawal of permission.

To enable our service providers to show you personalized advertisements, your data is used by partners who provide personalized advertisement services.

Information is collected for this purpose by advertising service partners and is not stored by Oki.

2.7.7. To evaluate efficiency of promotional campaigns

When you use the Platform, Oki analyzes its marketing activities and how you use the Platform (when you register, login, create a listing, make a sale or purchase, upload an item’s photo, open our App, register or install the app, etc.) for the purpose of evaluating the efficiency of promotional campaigns, and to better comprehend visitor behavior after they have viewed a certain ad and visited our Platform or downloaded our App.

We base such collection and use on our legitimate business interest to evaluate the efficiency of our promotional campaigns in order to improve upon them (Art. 6 (1)(f) of the GDPR).

In order to carry out the above evaluations, Oki provides your data to service providers who evaluate the efficiency of promotional campaign services.

Our service provider, Braze, Inc. (USA), is established outside the European Economic Area. In this case the personal data is protected by the service provider entering into the EU Standard Contractual Clauses for the transfer of data as approved by the European Commission.

In order to optimize our advertising campaigns, we send certain information on your activities like apps opened, sessions, registrations, logins, information about you listing an item, uploading an item’s photo or buying an item, etc. to Google and Facebook advertising platforms. Thus, we transfer the data of your activities to the following recipients:

We collect and use your personal data for this purpose until your Oki account is deactivated or inactive for five (5) years.

2.7.8. To manage our social media profiles

If you are interested in our activity and follow our profiles on social media, we collect and use the following data about you in order to manage our social networking sites:

We base such collection and use on our legitimate interest to manage our social media profiles (Art. 6(1)(f) of GDPR).

In order to manage our social media accounts, we receive and provide data to social media platform operators.

The following social media platform operators are established outside the European Economic Area, which may result in your data being transferred outside the European Economic Area. In these cases personal data is protected by the operators entering into the EU standard contractual clauses for the transfer of data as approved by the European Commission:

Personal data collected and used for this purpose are kept as long as you are registered on a specific social media network.

Joint Controllership with Facebook (“page insights”)

Oki operates a so-called fan page on the social media platform of Facebook. Oki operates a so-called fan page on the social media platform of Facebook. Facebook and Oki are only jointly responsible for the processing of so-called "insights data" (Art. 26 (1) sentence 1 of the GDPR) insofar as this data is used for the creation of so-called "page insights" and only for the data collection phases from Oki's fan page until its transmission to Facebook. For other data processing, Oki and Facebook are separately responsible for data processing.

Within the scope of their joint controllership, Oki and Facebook have entered into an agreement (referred to as the "page insights controller addendum"). The agreement covers the data processing that is collected and used in connection with a visit or interaction with our fan page, but only to the extent that this data is also (subsequently) processed for "page insights". "Page insights" includes analysis services that help us to better understand interactions on our site. In this context, we do not receive any personal data from Facebook, only an anonymous evaluation and illustration. Facebook provides more information on this on its help page for "page insights". The information about data for "page insights" explains how "insights data" is collected and used to create "page insights". This includes the following actions:

The processing of visitor data from our fan page serves the purpose of providing the page as well as the statistical evaluation of the use of our page. This evaluation is made anonymous for Oki. The legal basis for data processing is Art. 6 (1)(f) of the GDPR. Our legitimate interests in the processing of personal data when visiting the site and the creation of "site insights" consist of presenting the company and the Platform. Similarly, we also seek to contact members and interested parties in order to provide information on products and promotions, as well as for the collection of data in order to generate anonymous evaluations and illustrations on the use of our fan page.

If you wish to exercise your rights with respect to your data (see bullet point 6. below), contacting Facebook directly is the most effective way. You can contact us if you still need help in exercising your rights. In accordance with our agreement, Facebook assumes primary responsibility for fulfilling the obligations for the joint processing of "insights data". This includes fulfilling the following rights:

Facebook provides more details on how to exercise these rights in the "page insights data" information.

Joint Controllership with LinkedIn

Oki operates a so-called company page on LinkedIn, the social media platform. LinkedIn and Oki are only jointly responsible (Art. 26 (1) sentence 1 of the GDPR) for the processing of so-called "insights data", enabling us to receive anonymized statistics and insights on how visitors interact with our page. For other data processing, Oki and LinkedIn are separately responsible for data processing.

Within the scope of the joint controllership, Oki and LinkedIn have entered into an agreement (referred to as the "Page Insights Joint Controller Addendum") in which the data protection obligations are allocated between LinkedIn and Oki. The agreement stipulates the following:

The data processing of LinkedIn company page visitors serves to provide the page itself as well as the statistical evaluation of the use of our page. This evaluation is made anonymous for Oki (LinkedIn does not share personal data with us when providing us with the insights, we only have access to a summarized version of the insights; also, we are unable to make conclusions about individual members based on information in the insights). The legal basis for the processing of your personal data is Art. 6 (1)(f) of the GDPR. Our legitimate interests in the processing of personal data when visiting the site and the creation of the "insights" consist of presenting the company and the Platform and, for example, contacting members and interested parties and providing information about products and promotions, as well as the collection of data for the creation of anonymous evaluations and illustrations on the use of our company page.

2.7.9. To enable you to participate in Oki’s referrals program

If you refer one or more friends to Oki’s Platform, you can earn Oki shopping vouchers. We will collect and use the following data for the purpose of enabling you to participate in Oki’s referrals program and to provide you with a Oki shopping voucher:

Legal basis for the collection and use of data is the fulfillment of a contract (GTC) to which you are party (Art. 6 (1) (b) of the GDPR).

Personal data is required to fulfill a contract (GTC) with you. If you do not provide us with this personal data, we will not be able to enter into and fulfill a contract (GTC) with you.

We collect and use your personal data for this purpose until your Oki account is deactivated or inactive for five (5) years.

 

2.8. For legal purposes

 

2.8.1. To handle your requests related to personal data

If you exercise your statutory rights regarding your data (see 6 below), we will collect and use the data contained in your request in addition to any other personal data held by Oki for the purpose of examining the request, responding to it and, when necessary, taking necessary action.

This is necessary in order to comply with the legal obligations to which Oki is subject (Art. 6 (1) (c) of the GDPR).

Personal data collected and used for this purpose are kept for two (2) years from the day we respond to your request.

2.8.2. To provide information to law enforcement and other state institutions

If we have reasonable grounds to suspect that you are involved in illegal activities, we will collect and use necessary data from your profile data (see 2.1), data related to your activities on the Platform (see 2.2) and data collected and used for security purposes (see 2.3 and 2.4) in order to notify the law enforcement and other state institutions.

Oki also provides the above data to law enforcement and other state institutions when we receive requests for information in relation to investigations carried out by these institutions.

This is necessary in order to comply with the legal obligations to which Oki is subject (Art. 6 (1) (c) of the GDPR).

Personal data is required to fulfill our legal obligations when you are a member of our Platform. If you do not provide us with this personal data, we will not be able to comply with legal requirements.

Oki collects and uses your personal data for this purpose for the same amount of time that your Oki account is stored – for 3 months from the date of deactivation of your Oki account or after five (5) years of inactivity on your account.

2.8.3. To defend our rights against chargebacks

If you have made transactions via our payment service providers, we will collect and use your personal data held by Oki to the extent necessary to resolve a particular situation.

We base such collection and use of your personal data on a legitimate interest to defend our rights in case a chargeback procedure is initiated against Oki (Art. 6 (1) (f) of the GDPR).

2.8.4. To defend the rights and interests of Oki

If you become involved in a dispute with Oki or we need to carry out enforcement of our GTC or otherwise defend, enforce, exercise and uphold our rights, we will collect and use all of your personal data held by Oki to the extent necessary to resolve a particular situation.

We base such collection and use on a legitimate interest to defend the rights and interests of Oki (Art. 6 (1) (f) of the GDPR).

Personal data collected and used for this purpose are kept for 3 years or until the dispute is resolved (including the time limit for appeal, if applicable), or until the investigations/legal proceedings are pending (including the time limit for appealing these investigations/legal proceedings), or until final issuance of the binding decision from the authorized body.

 

3. Personal data recipients

 

Oki transfers or shares personal data with service providers only insofar as necessary and allowed in accordance with applicable laws. Service providers to which your personal data is transferred or with whom it is shared for specific purposes are described under 2 above. In addition, we appoint the following service providers who, as a result, receive personal data as data recipients.

We perform ongoing technical maintenance and upgrades to the Platform to protect the security and confidentiality of personal data we process and to perform certain business-related functions that help make our services available and functional. For this reason, we transfer your profile data to service providers who provide cloud and hosting services, IT security, maintenance and technical services, and communications services.

The following service providers are established outside the European Economic Area, which may result in your data being transferred outside the European Economic Area. In these cases the personal data is protected by the service providers entering into the EU standard contractual clauses for the transfer of data as approved by the European Commission:

We transfer personal data to attorneys, attorney assistants, notaries, bailiffs, auditors, accountants, bookkeepers, debt collectors, consultants, translation agencies, IT service providers, insurance companies, and archiving services that provide services to Oki.

Additionally, we share data within the Oki group. Data processed within the Oki group is transferred to Oki, UAB (Lithuania) insofar as necessary for the management of Oki group.

Oki is legally obligated to provide personal and/or usage data to investigative, criminal prosecution or supervisory authorities if and to the extent required to prevent risk to the public and for the prosecution of criminal acts.

Oki may share your data with third parties when transferring rights and obligations pertaining to the contractual relationship between you and Oki to such third parties in accordance with the GTC (available via the link: https://www.Oki.com/terms_and_conditions), in particular in the event of the transfer of a business sector, a merger by way of the creation of a new company, a merger by way of absorption, a de-merger or any changes in control affecting Oki.

 

4. Use of cookies

 

Oki uses cookies and similar technologies on the Platform. You can find out more by visiting our Cookie Policy.

 

5. Right of amendment

 

As our services are constantly evolving, we reserve the right to change this Privacy Policy at any time subject to the applicable regulations. Any changes will be published promptly on this page. You should, nevertheless, check this page regularly for any updates.

 

6. Your statutory rights regarding your personal data

 

If you are a California resident, please see our California Privacy Policy regarding the rights you have under California law and how to exercise them.

Subject to conditions, limitations, and exceptions established by statutory data protection provisions, you have the right at any time:

To exercise any of the rights specified in this section, you can contact Oki and submit your request using the contact information (7 below).

 

7. Our contact details

 

If you have any questions regarding the collection and use of your data as part of your use of the Platform, or regarding your rights, please contact our data protection officer at privacysupport@Oki.com.

Oki data protection officer:

Oki, UAB

Svitrigailos st. 13

LT-03228 Vilnius

Republic of Lithuania