Skip to Content

Privacy Policy

Who We Are

Open User Systems Ltd is the data controller responsible for your personal data. Our details are:

  • Company name: Open User Systems Ltd
  • Company number: SC803008
  • Registered office: 42 Drummond Way, Perth, Scotland, UK, PH1 0AQ
  • Contact: data@openusersystems.com

Why We Collect Your Data and Our Legal Basis

We collect and process personal data primarily to fulfil our contracts with customers — for example, to process orders, provide our products and services, manage accounts, and handle billing and support requests.

Our lawful basis for this processing under UK GDPR is:

  • Contract (Article 6(1)(b)) — where processing is necessary to perform a contract with you, such as delivering a purchased product or providing support.
  • Legal obligation (Article 6(1)(c)) — where we need to retain records (e.g. financial records) to comply with UK tax law.
  • Legitimate interests (Article 6(1)(f)) — where processing helps us run and improve our business (e.g. fraud prevention, service security), balanced against your rights and freedoms.

If this changes to include marketing communications in future, we will update this section and, where required, seek your consent separately.

Who We Share Data With

We share personal data only with the service providers named in this policy (our data processors), who process it on our behalf to help us deliver our services. We do not sell personal data or share it with third parties for their own marketing purposes.

How We Store Your Personal Information

Your information is securely stored on the following third-party services:

  1. Pandle accounting system – EU and UK data centres
  2. Microsoft 365 – UK data centre
  3. IONOS hosting – UK data centre
  4. Cloudflare D1 database – EU data centre

We keep customer contact information and order/enquiry details for 7 years, in order to best serve you and adhere to HMRC guidelines. On request, we will dispose of your personal information by "anonymising" your data (removing any personal contact information and only leaving the company name for reference).

International Data Transfers

All our data processors store and process personal data within the UK and European Economic Area (EEA). We do not transfer personal data outside the UK/EEA. If this changes, we will update this policy to name the safeguard used (such as UK Adequacy Regulations, the UK International Data Transfer Agreement, or Standard Contractual Clauses).

Automated Decision-Making

We do not use automated decision-making or profiling that produces legal or similarly significant effects on you.

Data Protection Officer

We have not appointed a Data Protection Officer, as we are not required to do so under UK GDPR. Any data protection queries should be directed to data@openusersystems.com.

Your Data Protection Rights

Under data protection law, you have rights including:

Your right of access — You have the right to ask us for copies of your personal information.

Your right to rectification — You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

Your right to erasure — You have the right to ask us to erase your personal information in certain circumstances.

Your right to restriction of processing — You have the right to ask us to restrict the processing of your personal information in certain circumstances.

Your right to object to processing — You have the right to object to the processing of your personal information in certain circumstances.

Your right to data portability — You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

Please contact us at data@openusersystems.com if you wish to make a request.

How to Complain

If you have any concerns about our use of your personal information, you can make a complaint to us.

You can also complain to the ICO if you are unhappy with how we have used your data.

The ICO's address:

Information Commissioner's Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF

Helpline number: 0303 123 1113 ICO website: https://www.ico.org.uk

Our Products and Specific Services

OUS Hub – Outlook Add-in

  • No personal email content data is stored or processed by AI.
  • All Odoo API calls are proxied through a secure edge gateway. Your Odoo credentials are never stored in the add-in or database itself.
  • No access to your Odoo database is possible by OUS directly.
  • Your code runs automatically in Cloudflare's data centres around the world. When someone uses your service, it responds from whichever location is closest to them at that moment. Cloudflare has data centres in over 120 countries, including London and 56 other European locations: https://www.cloudflare.com/network/
  • The add-in files are copied to Cloudflare's servers worldwide. When someone visits your site, they download it from the nearest server, so it loads quickly. No personally identifiable or system data is stored here.
  • D1 Database: Uses EU data-centres for licensing. No personally identifiable information stored, only company name, user ID (numeric), database name, URL.
  • DPA (Data Processing Addendum): https://www.cloudflare.com/cloudflare-customer-dpa/
  • Trust Hub: https://www.cloudflare.com/trust-hub/
  • GDPR compliance: https://www.cloudflare.com/trust-hub/gdpr/

See our Cookie Policy for details on how we use cookies and analytics.