Privacy Policy

Last updated: February 2026

1. Introduction

Otinga B.V. ("Otinga", "we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website (otinga.io) or use our services.

We are headquartered in the Netherlands and comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Information We Collect

2.1 Information You Provide

When you interact with our website or services, we may collect:

Contact Information: Name, email address, company name, job title, phone number
Communication Data: Messages you send us via contact forms, email, or calendar bookings
Account Information: If you create an account for our platforms, we collect login credentials and profile information
Business Information: Information about your organization's AI innovation needs and objectives

2.2 Information Collected Automatically

Usage Data: Pages visited, time spent, links clicked, referring URLs
Device Information: Browser type, operating system, IP address, device identifiers
Analytics Data: We use Google Analytics 4 to understand how visitors use our site (only with your consent)

2.3 Cookies and Tracking Technologies

We use cookies and similar technologies. See our Cookie Policy for details.

3. How We Use Your Information

We use your personal information for the following purposes:

3.1 Service Delivery

Respond to inquiries and provide requested information
Schedule and conduct meetings and consultations
Deliver our AI Innovation Engine, Hackathon Platform, and professional services
Send service-related communications

3.2 Business Operations

Improve our website and services
Conduct analytics and research
Comply with legal obligations
Protect against fraud and security threats

Send newsletters and thought leadership content
Provide information about our products and services
Invite you to events and webinars

You can opt out of marketing communications at any time by clicking "unsubscribe" in our emails or contacting us at privacy@otinga.io.

We process your personal data based on:

Consent: When you explicitly agree (e.g., newsletter signup, cookie consent)
Contract Performance: To provide services you've requested
Legitimate Interests: To improve our services, conduct business operations, and prevent fraud
Legal Obligation: To comply with applicable laws and regulations

We do not sell your personal information. We may share your data with:

5.1 Service Providers

Third-party vendors who help us operate our business:

Cloud hosting providers (e.g., Vercel, AWS)
Email service providers (e.g., Resend, SendGrid)
Analytics providers (e.g., Google Analytics)
Calendar scheduling tools (e.g., Calendly, Cal.com)
CRM systems (e.g., HubSpot, Pipedrive)

All service providers are contractually obligated to protect your data and use it only for the purposes we specify.

5.2 Legal Requirements

We may disclose your information if required by law, court order, or governmental authority.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

6. Data Retention

We retain your personal information only as long as necessary for the purposes outlined in this policy or as required by law:

Inquiry Data: 2 years after last contact
Client Data: Duration of engagement plus 7 years (tax and legal requirements)
Analytics Data: 26 months (Google Analytics default)
Marketing Data: Until you unsubscribe or request deletion

If you are in the European Economic Area (EEA), you have the following rights:

Access: Request a copy of your personal data
Rectification: Correct inaccurate or incomplete data
Erasure: Request deletion of your data ("right to be forgotten")
Restriction: Limit how we process your data
Data Portability: Receive your data in a structured, machine-readable format
Object: Object to processing based on legitimate interests or for marketing purposes
Withdraw Consent: Withdraw consent at any time (doesn't affect prior processing)

To exercise these rights, contact us at privacy@otinga.io.

8. International Data Transfers

Otinga is based in the Netherlands. If you access our services from outside the EEA, your data may be transferred to and processed in countries with different data protection laws.

We ensure adequate safeguards through:

Standard Contractual Clauses (SCCs) approved by the European Commission
Processing agreements with service providers
Compliance with GDPR transfer requirements

9. Data Security

We implement appropriate technical and organizational measures to protect your personal information:

Encryption in transit (TLS/SSL) and at rest
Access controls and authentication
Regular security audits and monitoring
Employee training on data protection
Incident response procedures

However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

10. Children's Privacy

Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by:

Posting the updated policy on our website with a new "Last updated" date
Sending an email to registered users (for significant changes)

Continued use of our services after changes constitutes acceptance of the updated policy.

12. Contact Us

For questions, concerns, or to exercise your rights:

Data Protection Contact: Email: privacy@otinga.io Address: Otinga B.V., Address, Netherlands

Data Protection Officer: If required under GDPR, our DPO can be reached at dpo@otinga.io

Supervisory Authority: You have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) or your local data protection authority.

This policy is effective as of the date stated above.