Privacy Policy

At ONLINECITY.IO ApS (hereafter ONLINECITY.IO), we value your privacy and take the protection of your personal information very seriously. Therefore, it is important to us that you understand how we collect, store and process your personal information when using GatewayAPI.com (this applies to any use of the websites, GatewayAPI.com and GatewayAPI.eu).

This Privacy Policy applies to the processing of personal data that occurs when we collect information about you and when you use our services, including our websites.

This Privacy Policy explains what personal information we collect on you as well as;

• Why personal information is collected
• How personal information is collected
• How the information is processed
• How and for how long they are stored

The Privacy Policy also explains your rights in relation to your personal information and how you can exercise those rights, and it fulfills our duty in regards to the GDPR Art. 14.

The Privacy Policy must be read in conjunction with the terms of the particular service you use, which may indicate additional specific terms regarding the personal information that we collect about you.

The company responsible within the meaning of the GDPR and other national data protection laws of the member states as well as other data protection regulations is:

• ONLINECITY.IO ApS
• Buchwaldsgade 50, 5000 Odense C
• VAT ID: 27364276
• Phone: +45 66 11 83 11
• Mail: info@onlinecity.dk

You may submit inquiries regarding personal data protection, privacy and security matters to gdpr@onlinecity.dk.

3.1 Provision of the website and log statistices/files

ONLINECITY.IO processes personal data only if this is necessary to provide a functioning website and our content and services. The processing of personal data takes place regularly only with consent. An exception applies to cases in which prior consent can not be obtained for reasons of fact and the processing of the data is permitted by law.

Any of the information we collect from you may be used for one or more of the following purposes:

• To personalize your experience (the information will help ONLINECITY.IO better respond to your individual needs);
• To improve our website (ONLINECITY.IO continually strive to improve our website offerings based on the information and feedback we receive from you);
• To establish a primary channel of communication with you;
• To enable you to talk to an expert;
• To document the use of our platform/services.

Each time our website is accessed, our system automatically collects data and information on you:

• Information about the type and version of your internet browser;
• Your internet service provider;
• The operating system of your computer or smartphone;
• Your IP address;
• Date and time of your access;
• Geographical location

We collect such technical information in so-called “log files”, meaning that a statistical system collects information that can provide a statistical picture of how many visitors the website has had, where they come from, on what parts of the website users leave the site etc. We collect log-files so that we can display our website correctly and we can identify the causes of any technical problems, for the technical optimization of our websites and for the purpose of the security of our computer systems and networks. For these purposes, the legal basis is legitimate interest in the processing of data according to GDPR art. 6(1)(f).

The data will be deleted as soon as it is no longer necessary for the purpose of its collection. Typically, this technical information will be erased or rendered unrecognizable at the latest after seven days.

The collection of data for the provision of the website and the storage of the data in log files is essential for the operation of the website. 

User-ID tracking

Information is collected when using Google User-ID tracking to get a more accurate user count and also to analyze the user experience of our logged in customers. We use this information to develop new forms of marketing campaigns and user experiences tailored to different device types and combinations of user activities.

Facebook tracking/pixel

Using Facebook’s tracking code, we use the information to remarket on Facebook, to the users who have visited www.gatewayapi.com, build audiences on Facebook and to evaluate the effectiveness of campaigns.

We do not have access to personally identifiable information in this regard.

Linkedin tracking

Using LinkedIn tracking code, we use the information to remarket on LinkedIn, to users who have visited www.gatewayapi.com and to evaluate the effectiveness of campaigns. We do not have access to personally identifiable information in this regard.

Google login

If you sign up or sign in via Google, we will automatically receive your name and email address from Google. This happens only at the customer’s own choice.

Google Analytics

Google Analytics is used as a statistics tool to study visitor behavior on the website. We do not have access to personally identifiable data.

Google Ads

Google Ads tracking is set up to track solely on sign ups. It is used as a backup tracking tool to Google Analytics. 

Matomo

We use Matomo as a supplement to Google Analytics. Like Google Analytics, Matomo is used for statistical purposes.

Login

Only information that you enter yourself will be sent to us.

3.2 You become a customer of ONLINECITY.IO

When you decide to create an account and become a customer of ONLINECITY.IO, processing of personal data will happen for one or more of the following purposes;

• To identify you as a contracting party;
• To establish a primary channel of communication with you;
• To establish a login flow and overview of used platforms (https://onlinecity-id.io/) for you as a customer 
• To enable ONLINECITY.IO to issue valid VAT invoices and to process transactions (your information will not be sold, exchanged, transferred or given to any other company for any reason whatsoever, without your consent, other than for the express purpose of delivering the service requested)
• To send periodic emails (the email address you provide for order processing may be used to send you information and updates pertaining to your account, in addition to receiving occasional company news (if accepted), updates, related product or service information, etc.)
  

The personally identifiable information that we collect for the purpose of creating an account at our platform is: 

• Account data (contact details, such as email address and name, name company name, address, phone number, VAT number, preferred language and currency, any email address for invoice recipients and bank account details)
• Configuration data (like domain name and IP address)

The legal basis for the processing of this personal data is in connection with the fulfillment of the contract (providing the services, sending invoices and communication) with the customer and being able to uncover the needs of customers using the service at GatewayAPI.com under EU Data Protection Regulation (GDPR), Article 6 (1) (b) and (f).

3.3 Use of Business-to-Business Lead Generation

We may engage in B2B lead generation activities, which involve collecting, processing and sharing limited business contact information (e.g., name, job title, work email, company name, business phone) – if available, IP address and pages visited and date/time of visits of potential customers or contacts in a business context. This data is processed for purposes of marketing outreach, commercial communication, qualification of leads and establishing or developing business relationships.

Such contact data will only be used insofar as permitted by applicable data protection laws (e.g. GDPR). We ensure that these data processing activities are conducted with a lawful basis (e.g. legitimate interest or consent) and subject to appropriate safeguards.

We may share or grant access to such lead data with selected partners or service providers (e.g. marketing agencies, CRM platforms) for the purpose of lead nurturing, outreach or campaign management. In such cases, we require these partners to adhere to equivalent data protection obligations.

We retain lead data only for as long as necessary for the stated purposes, after which we anonymize, delete or otherwise render them non-identifiable, in accordance with our data retention and deletion schedules.

ONLINECITY.IO processes personal data as a data processor for the purpose of providing a SMS API gateway service for sending and receiving text messages. For this, we will display message logs of both sent and possibly received messages and delivery statuses for sent messages.

The personally identifiable information that we collect for the purpose of providing a SMS API gateway service is;

• Telephone numbers
• Message logs
• Message content (and depending on this, possible information such as membership numbers, subscription numbers, subscription types, contract dates, etc.)
• Sender name/number

Types of data subjects:

• Customers
• Employees
• Affiliates

The legal basis for processing this personal data, in connection with identifying customers’ needs through the use of the service on GatewayAPI.com and complying with the data processing agreement between you and ONLINECITY.IO, is provided under GDPR Article 6(1)(a) and Article 6(1)(b).

Find more information in our data processing as a data processor of our customers under our data processing agreement on our website.

In addition to the information that you provide in connection with your account creation in order to use the services on the website, the website uses cookies. A cookie is a text file that is sent to your browser from a web server and stored on the hard disk of your desktop, tablet or smartphone. You can set your browser to notify you when you receive a cookie, or you can opt out of cookies altogether.

See GatewayAPI.com’s Cookie Declaration at https://gatewayapi.com/cookie-policy/ for information on the cookies and tracking technologies we use.

Our services are not aimed at children under 13 years. We do not knowingly collect information from children under the age of 13. If you have not reached the age limit, do not use the services and do not provide us with your personal information. If you are a parent of a child below the age limit and you learn that your child has provided ONLINECITY.IO with personal information, please contact us at gdpr@onlinecity.dk and insist on exercising your rights of access, correction, cancellation and/or opposition.

We maintain online presences on social networks to communicate with customers and provide information about our products and services. User data is often processed by these networks for market research and advertising, creating usage profiles based on user interests and behavior. This allows targeted ads on both the social networks and third-party websites.

As part of our online presence, we may access statistics, including demographic info and user interactions with our posts, provided by the social networks. These statistics are aggregated and do not identify individual users.

The legal basis for data processing is GDPR art. 6(1)(a)-(b) for staying in contact with customers and engaging potential future customers.

For information on the data processing by the social networks themselves, refer to their privacy policies. Data protection requests should be directed to the respective providers, as they control access to the data. Links to more details about the social networks we use are provided below:

• Facebook (USA and Canada: Facebook Inc., 1601 Willow Road, Menlo Park, California 94025, USA; all other countries: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)
  • Operation of the Facebook Fanpage in joint responsibility on the basis of an agreement on joint processing of personal data (so-called Page Insights Supplement regarding the controller).
  • Information on the processed Page Insights data and the contact option in the event of data protection enquiries: https://www.facebook.com/legal/terms/information_about_page_insights_dat
  • Privacy policy: https://www.facebook.com/about/privacy/
  • Opt-out: https://www.facebook.com/settings?tab=ads and https://www.youronlinechoices.com

• Google/ YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland).
  • Privacy policy: https://policies.google.com/privacy
  • Opt-out: https://adssettings.google.com/authenticated

• LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland).
  • Operation of the LinkedIn company page in joint responsibility on the basis of an agreement on joint processing of personal data (so-called Page Insights Joint Controller Addendum).
  • Information on the Page Insights data processed and the contact option in the event of data protection enquiries: https://legal.linkedin.com/pages-joint-controller-addendum 
  • Privacy policy: https://www.linkedin.com/legal/privacy-policy 
  • Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

• Google My Business

• • We operate a Google My Business listing, using Google’s services provided by Google Ireland Limited. Please note that you use Google and its functions (e.g., commenting, sharing, messaging) at your own risk.
  • When interacting with our Google My Business listing, Google collects your IP address and device information via cookies, which are used to provide us with statistics. This data may be processed by Google and transferred outside the EU. For details, refer to Google’s privacy policy.
  • We are unaware of how Google uses or stores this data and whether it is shared with third parties. If you contact us through Google, we advise against sharing personal data, as messages may be read or evaluated by Google. We delete conversations within 14 days or after switching communication channels.
  • We do not collect or process additional data beyond what Google provides and do not use other Google functions on our website.

8.1 Recipients of data

ONLINECITY.IO does not sell, trade or transfer personally identifiable information to outside parties, except to trusted third parties. These parties have access to your data on a need-to-know basis and are required to keep it confidential.

We may share your personal data with the following categories of recipients:

• IT infrastructure and cloud service providers: To host and maintain our systems, services and communications platforms.
  
• Payment service providers: To process payments securely and comply with accounting obligations.
  
• Customer support and CRM systems: To manage inquiries, service requests and ongoing communication with you.
  
• Email and communication platforms: For sending service-related messages and managing communication flows.
  
• Analytics and tracking providers: To analyze and optimize user experience and platform performance.
  
• Marketing automation and campaign tools: For email campaigns and related communication when consent is provided.
• Business-to-business (B2B) lead generation and marketing partners: To identify, qualify, and communicate with potential business customers. Such partners may provide or process limited business contact information (e.g., name, company, title, business email) – if available – to support legitimate interest–based outreach and marketing activities in accordance with applicable data protection laws.
  
• Professional advisors and legal services: To comply with legal obligations or to defend legal rights.
  
• Public authorities and regulators: Where required by law or applicable regulation.
  

Group companies (OnlineCity Group entities): For internal administrative purposes and to provide you with a seamless experience across our platforms.

8.2 Data transfer to third countries

We use services from providers located in third countries (outside the EU/EEA) where data protection standards may not be equivalent to those in the EU. In such cases, if no adequacy decision has been made by the European Commission, we take appropriate measures to ensure an adequate level of protection, such as using standard contractual clauses or binding internal data protection rules.

However, if data is transferred to a third country without such safeguards, there is a risk that authorities in that country (e.g., intelligence services) could access and analyze the data, and your rights may not be fully enforceable.

For customers on GatewayAPI.com (GatewayAPI.eu is out of scope), customer support may be delivered by external support agents based in Vietnam. These agents act under a data processing agreement with ONLINECITY.GROUP and access only the information necessary for troubleshooting and assistance. We apply Standard Contractual Clauses and strict access controls to ensure your data is protected in compliance with GDPR. Data will still be kept in our databases in the EU.

You can find more information about how we secure your personal data and your rights in Section 10  of this Privacy Policy.

9.1 Storage and deletion of your data

In principle, we only store personal data for as long as is necessary to fulfill contractual or legal obligations for which we collected the data. After that, we delete the data immediately, unless we still need the data until the expiry of the statutory limitation period for evidence purposes for claims under civil law or due to statutory retention obligations.

We delete or block the personal data of the data subject as soon as the purpose of the storage is fulfilled. It may also be stored if provided for by the European or national legislator in EU regulations, laws or regulations to which our company is subject. Blocking or deletion of the data also takes place when a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data for conclusion of a contract or fulfillment of the contract.

9.2 Data Retention Policy

Due to tax regulations, Account Data will be retained for up to five full fiscal years from the cancellation of your GatewayAPI account.

If you have a user account at GatewayAPI, we store your personal information in GatewayAPI.com for up to 12 months after your user account is frozen, after which we delete your account. We freeze your account after 60 days without any activity, and notify you via email.

If you don’t have a user account at GatewayAPI, we store your personal information gathered via the above-mentioned services for up to 18 months after your visit, after which it is anonymized.

Personal information or any type of data covered under the data processing agreement will be stored in accordance with the data processing agreement.

If we process your personal data – after successful identification – you have the following rights towards us:

• Right to information (Article 15 GDPR)
• Right to rectification (Article 16 GDPR) – you can always update your information by logging into your account at GatewayAPI.com.
• Right to deletion (Article 17 GDPR) – meaning to get your account deleted with all history at gatewayapi.com as long as this does not conflict with other legislation, including the Danish Bookkeeping Act.
• Right to restriction of processing (Article 18 GDPR)
• Right to data portability (Article 20 GDPR) – You
• Right to withdraw consent (Article 7(3) GDPR)
• Right to object to certain data processing activities (Article 21 GDPR)
• Right to object to automated decision-making, incl. profiling (Article 22 GDPR) – We may not be able to comply with this request where the processing is necessary to enter or perform our contract with you or when the processing is authorised under a law to which we are subject.

In order to exercise your rights described here, you can contact us at any time using the contact details listed under “Name of the company responsible”.

You may at any time lodge a complaint with a supervisory authority regarding ONLINECITY.IO’s collection and processing of your personal data, In Denmark, you can lodge a complaint with the Danish Data Protection Agency at www.datatilsynet.dk.

Protecting the information you give us or that we receive about you is our priority. We take appropriate security measures to protect your information from loss, misuse and unauthorized access, alteration, disclosure or destruction.

ONLINECITY.IO has taken measures to ensure the ongoing confidentiality, integrity and availability and resiliency of systems and services that process personal information, and will restore the availability and access to information in the event of a physical or technical incident in a timely manner.

Find more information in our Data Processing Agreement.

We occasionally update this policy. If this happens, we will notify you of the changes via the website. You automatically accept the changes to the Privacy Policy – to the extent permitted by applicable law – by using our service after being notified of any such changes. Therefore, we urge you to regularly review this policy on the website for the latest information on how we protect your personal information.

In the event that we make material changes that restrict ONLINECITY.IO’s rights or obligations under this Privacy Policy, we will publish a clear notice that informs users when they are updated.