Origins Theory Privacy Notice

Effective Date: June 12, 2024
Last Updated: July 28, 2025

SCOPE

This Privacy Notice applies to personal information processed by Origins Theory, LLC ("Origins Theory," "we," "us," and "our") in the course of our business, including on our website and related online and offline offerings. To make this Privacy Notice easier to read, our website and related offerings are collectively called the "Services."

An Important Note:

This Privacy Notice does not apply to any of the personal information that Origins Theory processes on behalf of its customers ("Customer Data"). Our customers are responsible for providing the appropriate notice to and obtaining any required authorizations from individuals for the processing of Customer Data. Our customers' respective privacy policies govern the collection and use of Customer Data. Origins Theory's processing of Customer Data is governed by the contract it has with its customer.

PERSONAL INFORMATION WE COLLECT

The categories of personal information we collect depend on how you interact with us, use our Services, and the requirements of applicable law.

Personal Information You Provide to Us

Your Communications Data

We collect personal information from you such as your email address, phone number, or mailing address when you communicate with us, such as when you request information about our Services, register for our newsletter, request customer or technical support, or otherwise communicate with us. Some of this information is required. If you do not provide us with this information, you will not be able to communicate with us.

Survey Data

We may contact you to participate in surveys. If you decide to participate, you may be asked to provide certain information which may include personal information.

AI Chatbot

As part of the Services, we make available a chatbot powered artificial intelligence to communicate with customers and visitors to our site ("AI Chatbot"). We and our service providers (including OpenAI) collect and use information in connection with the AI Chatbot to provide and improve our services. If you contact us through a chat feature we offer on our site, we may monitor and retain those chat communications and store them with our service provider.

Interactive Features

We may offer interactive features such as our AI Chatbot, review forums, blogs, and social media pages and we may collect the associated metadata from such interactive features (such as when, where and by whom the content was created). We and others who use our Services may collect the information you submit or make available through these interactive features. Any content you provide on the public sections of these features will be considered "public" and is not subject to the privacy protections referenced herein. By using these interactive features, you assume the risk that the personal information provided by you may be viewed and used by third parties for their own purposes.

Event Data

We may attend conferences, trade shows, and other events where we collect personal information from individuals who interact with or express an interest in Origins Theory and/or the Services. If you provide us with any information at one of these events, we will use it for the purposes for which it was collected.

Business Development Data

We may collect personal information from individuals and third parties to assess and pursue potential business opportunities.

Job Applicant Data

We may post job openings and opportunities on the Services. If you reply to one of these postings by submitting your application, CV and/or cover letter to us, we will collect and process the information contained therein to assess your suitability, aptitude, skills, and qualifications for employment with Origins Theory. You may also choose to, but are not required to, provide your gender, ethnicity, veteran status, disability status and links to your website, blog, portfolio or LinkedIn profile as part of your job application.

Personal Information Collected Automatically

When you use our Services, we automatically collect personal information about you, your computer or mobile device, and your browsing actions and use patterns, such as:

Device Data

This includes technical data collected from your devices (including mobile devices) that you use the Services with. This information may include your Internet protocol (IP) address, user settings, MAC address, cookie identifiers, mobile advertising and other unique online identifiers, details about your browser, operating system or device, your general location information (including inferred location based off of your IP address), Internet service provider, and mobile carrier.

Usage Data

This includes information collected and processed about you when you are accessing or using our Services, such as your actions with the Services, including dates, time, pages that you visit before, during and after using the Services, information about the links you click, information about how you interact with the Services, including the frequency and duration of your activities, and other information about how you use the Services.

We may collect this information through our Services or with the help of technologies, such as cookies and other similar tracking technologies.

Cookies, Pixel Tags/Web Beacons, and Analytics Information

We, as well as third parties that provide content, advertising, or other functionality on the Services, may use cookies, pixel tags, local storage, and other technologies ("Technologies") to automatically collect information through the Services. Technologies are essentially small data files placed on your device that allow us and our partners to record certain pieces of information whenever you visit or interact with our Services.

  • Cookies. Cookies are small text files placed in device browsers to store their preferences. Most browsers allow you to block and delete cookies. However, if you do that, the Services may not work properly.
  • Pixel Tags/Web Beacons. A pixel tag (also known as a web beacon) is a piece of code embedded in the Services that collects information about engagement on the Services. The use of a pixel tag allows us to record, for example, that a user has visited a particular web page or clicked on a particular advertisement. We may also include web beacons in e-mails to understand whether messages have been opened, acted on, or forwarded.

Analytics

We may use Google Analytics and other service providers to automatically collect Usage Data and Device Data for analytics purposes. These analytics help us understand how our Services are used and improve user experience. You can opt out of Google Analytics' collection and processing of data generated by your use of our website through your browser settings or by using available opt-out tools.

Information from Other Sources

We may obtain information about you from other sources, including from third party services and organizations.

HOW WE USE YOUR PERSONAL INFORMATION

European data protection law requires that we have a "lawful basis" for each purpose for which we use your personal information. Depending on the purpose for collecting your information, we may rely on one of the following lawful basis:

  • The processing is necessary to perform a contract that we are about to enter into, or have entered into, with you ("Contractual Necessity").
  • The processing is necessary to pursue our legitimate interests or those of a third party, and we are confident that your privacy rights will be appropriately protected ("Legitimate Interests").
  • We have your specific consent to carry out the processing for the purpose in question ("Consent"). Generally, we do not rely on Consent as a legal basis for using your personal information other than in the context of direct marketing communications where required by applicable law.
  • The processing is necessary for compliance with a legal obligation to which we are subject ("Legal Obligation").

We use your personal information for a variety of business purposes, including:

To Provide the Services or Information Requested, such as:

  • Fulfilling our contract with you;
  • Responding to questions, comments, and other requests;
  • Providing access to certain areas, functionalities, and features of our Services;
  • Sharing personal information with third parties as needed to provide the Services; and
  • Answering requests for customer or technical support.

Administrative Purposes, such as:

  • Maintaining network and information security;
  • Debugging to identify and repair errors with our Services;
  • Ensuring internal quality control and safety;
  • Authenticating and verifying individual identities;
  • Carrying out audits;
  • Communicating with you about your account, activities on our Services and Privacy Notice changes;
  • Reviewing or otherwise processing user content (including, if permitted by applicable law, direct messages and chat communications and associated metadata) to assist in responding to support requests or to determine, analyze or scan for violations of our terms and policies and for fraud and abuse prevention purposes;
  • Preventing and prosecuting potentially prohibited or illegal activities;
  • Enforcing our agreements and policies; and
  • Complying with our legal obligations, including co-operating with public and government authorities, courts and regulators in accordance with our legal obligations under applicable laws.

To Process Job Applications:

We process your personal information if you apply for a job with Origins Theory, to evaluate your application and make hiring decisions, communicate with you and inform you of current and future career opportunities (unless you tell us that you do not want us to keep your details for such purposes), manage and improve our recruiting and hiring processes, or to conduct reference and background checks where required or permitted by applicable local law.

For Service Improvements, such as:

  • Measuring interest and engagement in our Services;
  • Improving the Services; and
  • Research and development (including marketing research), including for the purposes of developing new products and services.

For Marketing and Advertising Purposes

We may use personal information to tailor and provide you with marketing content and advertisements. We may provide you with these materials as permitted by applicable law and in accordance with your marketing preferences.

If you have any questions about our marketing practices or if you would like to opt out of the use of your personal information for marketing purposes, you may contact us at any time as set forth below.

Consent

We may use personal information for other purposes that are clearly disclosed to you at the time you provide personal information or, where required, with your consent.

De-identified and Aggregated Information

We may use personal information and other data about you to create de-identified and/or aggregated information, such as de-identified demographic information, de-identified location information, information about the device from which you access our Services, or other analyses we create. This information does not identify you.

How We Use Automatic Collection Technologies

We, as well as third parties that provide content, advertising, or other functionality on the Services, may use cookies, pixel tags, local storage, and other technologies to automatically collect information through the Services. Our uses of these Technologies fall into the following general categories:

  • Operationally Necessary. This includes Technologies that allow you access to our Services, applications, and tools that are required to identify irregular site behavior, prevent fraudulent activity and improve security or that allow you to make use of our functionality;
  • Performance Related. We may use Technologies to assess the performance of our Services, including as part of our analytic practices to help us understand how our visitors use the Services;
  • Functionality Related. We may use Technologies that allow us to offer you enhanced functionality when accessing or using our Services. This may include identifying you when you sign into our Services or keeping track of your specified preferences, interests, or past items viewed;
  • Advertising or Targeting Related. We may use first party or third-party Technologies, including cross-device tracking, to deliver content, including ads relevant to your interests, on our Services or on third party sites.

HOW WE DISCLOSE PERSONAL INFORMATION

We may share your personal information with the following categories of third parties:

Service Providers

We may share your personal information, such as your email, we collect about you with our third-party service providers. The categories of service providers to whom we entrust personal information include service providers for: (i) the provision of the Services; (ii) the provision of information, products, and other services you have requested; (iii) marketing and advertising; (iv) payment and transaction processing; (v) customer service activities; (vi) data hosting; (vii) the provision of customer relationship management ("CRM") services; and (viii) the provision of IT and related services.

  • Mailchimp: Because we use Mailchimp to manage subscriptions and registrations on our Services and manage marketing campaigns, we may disclose your personal information to Mailchimp. You can learn more about Mailchimp's processing of your personal information from Mailchimp's Global Privacy Statement at https://www.intuit.com/privacy/statement/.

Affiliates

We may share personal information with our corporate affiliates, including our subsidiary Origins Theory B.V., for our business operations purposes.

Advertising Partners

Through our Services, we may allow third party advertising partners to set Technologies and other tracking tools to automatically collect usage data and device data, such as information regarding your activities and your device (e.g., your IP address, cookie identifiers, page(s) visited, location, time of day). These advertising partners may use this information (and similar information collected from other websites) for purposes of delivering targeted advertisements to you when you visit third party services within their networks. This practice is commonly referred to as "interest-based advertising" or "personalized advertising." If you prefer not to share your personal information with third party advertising partners, you may follow the instructions below.

APIs and Software Development Kits

We may use third party APIs and software development kits ("SDKs") as part of the functionality of our Services. APIs and SDKs may allow third parties including advertising partners to collect your personal information in order to provide content that is more relevant to you. For more information about our use of APIs and SDKs, please contact us as set forth below.

Disclosures to Protect Us or Others

We may access, preserve, and disclose any information we store in association with you to external parties if we, in good faith, believe doing so is required or appropriate to: (i) comply with law enforcement or national security requests and legal process, such as a court order or subpoena; (ii) protect your, our, or others' rights, property, or safety; (iii) enforce our policies or contracts; (iv) collect amounts owed to us; or (v) assist with an investigation and prosecution of suspected or actual illegal activity.

Disclosure in the Event of Merger, Sale, or Other Asset Transfer

If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, purchase or sale of assets, or transition of service to another provider, then your information may be sold or transferred as part of such a transaction, as permitted by law and/or contract.

DISCLOSURE REGARDING AI CHATBOT – COLLECTION, STORAGE AND USE OF INFORMATION

The AI Chatbot uses OpenAI's artificial intelligence models accessible through OpenAI's application programming interface. When you interact with our AI Chatbot, we and our service providers (including OpenAI) collect the information you communicate to us. If you communicate with us through the AI Chatbot feature, we may monitor and retain those chat communications and store them with our service providers. We may also use these communications to build and improve our machine learning and other artificial intelligence models. For example, we may share personal information and chat communications with service providers such as OpenAI that host and provide the AI Chatbot functionality. OpenAI may use your information to provide the Services to you in accordance with the OpenAI Terms of Use we have entered into with OpenAI.

INTERNATIONAL DATA TRANSFERS

All personal information processed by us may be transferred, processed, and stored anywhere in the world, including but not limited to, the United States or other countries, which may have data protection laws that are different from the laws where you live. These countries may or may not have adequate data protection laws as defined by the data protection authority in your country.

If we transfer personal information from the European Economic Area, Switzerland, and/or the United Kingdom to a country that does not provide an adequate level of protection under applicable data protection laws, one of the safeguards we may use to support such transfer is the EU Standard Contractual Clauses.

For more information about the safeguards we use for international transfers of your personal information, please contact us as set forth below.

YOUR PRIVACY RIGHTS

In accordance with applicable law, you may have the right to: (i) request confirmation of whether we are processing your personal information; (ii) obtain access to or a copy of your personal information; (iii) receive in a structured, commonly used and machine readable format an electronic copy of personal information that you have provided to us, or ask us to send that information to another company (the "right of data portability"); (iv) object to or, in certain circumstances, restrict our processing of your personal information; (v) seek correction or amendment of inaccurate, untrue, incomplete, or improperly processed personal information ("right to rectification"); (vi) withdraw your consent. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent; and (vii) request erasure of personal information held about you by us, subject to certain exceptions prescribed by law ("right to be forgotten"). If you would like to exercise any of these rights, please contact us as set forth below.

We will process such requests in accordance with and if required under applicable laws. To protect your privacy, we will take steps to verify your identity before fulfilling your request.

We encourage you to contact us if you are not satisfied with how we have responded to any of your rights requests. If you are located in the European Economic Area or the United Kingdom, you also have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal information violates applicable law. Contact details for data protection authorities in EEA and UK are available through their respective government websites.

RETENTION OF PERSONAL INFORMATION

We retain the personal information we collect as described in this Privacy Notice for as long as you use our Services or as necessary to fulfill the purpose(s) for which it was collected, provide our Services, resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, and comply with applicable laws.

To determine the appropriate retention period for personal information, we may consider applicable legal requirements, the amount, nature, and sensitivity of the personal information, certain risk factors, the purposes for which we process your personal information, and whether we can achieve those purposes through other means.

We keep your personal information when: we have a legal obligations to do so (for example, if a court order is received about your account, we would retain your data for longer than the usual retention period when an account is delete); to deal with and resolve requests and complaints; to protect individuals' rights and property (for example, we will retain information about a data subject access request for 30 days after the request is dealt with in case there is a subsequent complaints and the information is needed to demonstrate how the request was handled); to conduct audits (for example, to maintain privacy and security compliance measures); and for litigation or regulatory matters (for example, we would retain your information if there was an ongoing legal claim, and the information was relevant to the claim. This information would be retained until the legal claim had been concluded).

When we have no ongoing legitimate business purpose or legal reason to process your personal information, we will either delete or anonymize it so that it is no longer personally identifiable with you. If this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

SECURITY OF YOUR PERSONAL INFORMATION

We take steps to ensure that your information is treated securely and in accordance with this Privacy Notice. Unfortunately, no system is 100% secure, and we cannot ensure or warrant the security of any information you provide to us. To the fullest extent permitted by applicable law, we do not accept liability for unauthorized disclosure.

By using the Services or providing personal information to us, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of the Services. If we learn of a security system's breach, we may attempt to notify you electronically by posting a notice on the Services, by mail or by sending an email to you.

THIRD PARTY WEBSITES/APPLICATIONS

The Services may contain links to other websites/applications and other websites/applications may reference or link to our Services. These third-party services are not controlled by us. We encourage our users to read the privacy policies of each website and application with which they interact. We do not endorse, screen or approve, and are not responsible for, the privacy practices or content of such other websites or applications. Providing personal information to third party websites or applications is at your own risk.

CHILDREN'S INFORMATION

The Services are not directed to children under 13 (or other age as required by local law outside the United States), and we do not knowingly collect personal information from children. If you learn that your child has provided us with personal information without your consent, you may contact us as set forth below. If we learn that we have collected a child's personal information in violation of applicable law, we will promptly take steps to delete such information, unless we have a legal obligation to keep it, and terminate the child's account.

CHANGES TO OUR PRIVACY NOTICE

We may revise this Privacy Notice from time to time in our sole discretion. If there are any material changes to this Privacy Notice, we will notify you as required by applicable law. You understand and agree that you will be deemed to have accepted the updated Privacy Notice if you continue to use the Services after the new Privacy Notice takes effect. We recommend that you review the Privacy Notice each time you access or use the Services to stay informed of our privacy practices.

CONTACT US

If you have any questions about our privacy practices or this Privacy Notice, or if you wish to submit a request to exercise your rights as detailed in this Privacy Notice, please contact us at:

hello@originstheory.com