Effective Date: October 2025
Version: 1.0

Introduction

OnDutyOps LLC (“OnDutyOps,” “we,” “our,” “us”) is committed to protecting the privacy and security of personal data in compliance with the EU General Data Protection Regulation (GDPR), the UK GDPR, and other applicable global privacy laws.
This policy explains how we collect, use, store, share, and protect personal information and the rights you have regarding that information.

Who We Are

Company Name: OnDutyOps LLC
Registered Office: Delaware, United States
Email: privacy@ondutyops.com
Website: https://ondutyops.com

OnDutyOps provides outsourced customer support, sales operations, and administrative services to global clients. We operate remotely with teams based in the United States, the Philippines, and other regions.
We act as both a Data Controller (for our website and internal operations) and a Data Processor (for client data handled on behalf of our customers).

Scope of This Policy

This policy applies to:

• Visitors of our website
• Clients and prospective clients
• Contractors, partners, and applicants
• Any individual whose personal data is processed by OnDutyOps

Data We Collect

We may collect and process:

• Identity and Contact Data: name, email address, company, position, phone number
• Service Data: client communications, project instructions, support tickets, CRM records
• Usage Data: browser type, IP address, cookies, analytics, timestamps
• Employment Data: CV details, references, and application records (for recruitment purposes)

Purpose and Lawful Basis for Processing

We process personal data only when a lawful basis exists under GDPR. These include:

• Contractual necessity: to perform our obligations and deliver requested services
• Consent: for marketing, cookies, and optional communications
• Legitimate interest: to improve our services and maintain business operations
• Legal obligation: to comply with accounting, tax, and regulatory requirements
• Recruitment: to evaluate and manage job applications

Consent may be withdrawn at any time by contacting privacy@ondutyops.com.

How We Use Personal Data

We use personal information to:

• Provide and improve our services
• Manage client relationships and support requests
• Respond to inquiries and communications
• Conduct analytics and service optimization
• Meet legal and contractual obligations
• Protect systems from unauthorized access or misuse

Data Sharing and International Transfers

OnDutyOps operates globally, which may involve transferring personal data outside the EEA or UK, including to the United States and the Philippines.
All transfers are protected through Standard Contractual Clauses (SCCs), Data Processing Agreements (DPAs), and other approved safeguards that ensure equivalent data protection standards.
We do not sell or rent personal data to third parties.

Data Retention

Personal data is retained only as long as necessary for the purposes for which it was collected, or as required by law or client contract.
When no longer needed, data is securely deleted or anonymized in accordance with our retention policy.

Data Subject Rights

Under GDPR, you have the right to:

• Access your personal data
• Request correction of inaccurate information
• Request erasure (“right to be forgotten”)
• Restrict or object to processing
• Request data portability
• Withdraw consent at any time
• Lodge a complaint with a supervisory authority

Requests can be sent to privacy@ondutyops.com, and we will respond within 30 days.

Security Measures

We employ industry-standard security controls to protect all personal and client data, including:

• Encryption in transit and at rest
• Multi-factor authentication and secure access controls
• Role-based permissions and least-privilege access
• Regular security audits and monitoring
• Employee training on data protection and phishing awareness

In the event of a data breach, we will notify affected parties and regulators in accordance with legal requirements.

Use of Processors and Subcontractors

We may use vetted third-party service providers (e.g., hosting partners, CRM platforms, communication tools) to deliver services.
All vendors operate under written DPAs and process data only on our documented instructions and under confidentiality obligations.

Cookies and Tracking Technologies

Our website uses cookies to enhance functionality and analyze traffic.

• Essential cookies enable core features.
• Analytics cookies track usage to improve our website (Google Analytics, Meta Pixel, LinkedIn Insight Tag).
• Advertising cookies operate only with your consent.

You may adjust your browser settings or our cookie banner to manage preferences.

Children’s Privacy

Our services are intended for adults and are not directed to children under 18 years old.
We do not knowingly collect personal data from minors.

Client Responsibilities

When we process personal data on behalf of a client, the client is the Data Controller and retains responsibility for lawful collection and consent.
OnDutyOps acts solely as a Data Processor, following documented instructions and contractual obligations.

Data Protection Officer Contact

For any questions, requests, or complaints regarding this policy, contact:

Data Protection Team
Email: privacy@ondutyops.com
OnDutyOps LLC, Delaware, USA

A formal Data Protection Officer may be appointed as the company expands its compliance program.

Policy Updates

We may update this policy from time to time to reflect changes in law or our operations.
The latest version will always be available at:
https://ondutyops.com/legal/gdpr

Additional Compliance Frameworks

OnDutyOps aligns its practices with:

• ISO 9001 (Quality Management System)
• ISO 27001 (Information Security Management System)
• GDPR (EU and UK)
• CCPA (California Consumer Privacy Act)

These standards guide our approach to data governance, security, and continuous improvement.

© 2025 OnDutyOps LLC — All rights reserved.