Privacy Policy

This Privacy Policy applies to: - OOLA website visits. - Inquiry forms and contact requests. - Direct email communication. - Discovery calls and early project discussions. - Proposal, quotation, and collaboration conversations. - Project-related communication, files, references, and documentation shared with OOLA. This policy does not replace any separate client agreement, statement of work, non-disclosure agreement, data processing agreement, or other written contract. If a separate agreement applies to a project, the separate agreement controls the project-specific relationship.

We collect information you provide directly to us, information generated through communication with us, and limited technical information related to website use.

2.1 Information you provide
We collect the following types of information when you contact OOLA or start a collaboration:
- Name.
- Email address.
- Phone number, if provided.
- Company name.
- Job title or role.
- Website or social media links.
- Project type.
- Project goals.
- Project brief.
- Design, development, branding, or content requirements.
- Budget context.
- Timeline context.
- Business context.
- Technical requirements.
- References, files, documents, or links you choose to share.
- Communication history.

2.2 Project and collaboration information
During project discussions or active work, we collect information needed to understand, plan, deliver, and support the work. This includes:
- Client materials.
- Product or service information.
- Brand assets.
- Content drafts.
- Business documents.
- Screenshots, wireframes, prototypes, or design files.
- Technical notes.
- Platform access details, where shared by the client.
- Feedback, revision notes, and approval records.
- Project management records.
- Billing, invoice, and administrative records.

2.3 Website and technical information
When you visit the website, we collect limited technical information needed to operate, secure, and improve the website. This includes:
- IP address.
- Browser type.
- Device type.
- Operating system.
- Pages visited.
- Referring website.
- Approximate location derived from technical data.
- Date and time of visit.
- Cookie preferences.
- Analytics data, where analytics cookies are accepted.

2.4 Information we do not intentionally collect
We do not intentionally request sensitive personal information unless it is required for a specific business purpose and you choose to provide it. Sensitive personal information includes government ID numbers, financial account credentials, health information, precise location data, biometric data, racial or ethnic origin, religious beliefs, political opinions, union membership, or similar protected information.

Please do not send sensitive personal information unless it is necessary for the project and agreed with OOLA in advance.

We use collected information for the following purposes: - To respond to inquiries. - To understand your business, project, or collaboration needs. - To evaluate project fit. - To prepare proposals, quotations, project scopes, timelines, or estimates. - To communicate with you. - To manage active projects. - To deliver design, development, branding, strategy, or consulting work. - To review feedback and revision requests. - To maintain business records. - To manage invoices, payments, and accounting records. - To improve our website, services, content, and internal workflow. - To protect the website and business operations. - To comply with legal, tax, accounting, contractual, and regulatory obligations. - To enforce agreements and protect legal rights.

OOLA is primarily governed by the laws and regulations of the Republic of Indonesia, including applicable personal data protection laws. Where applicable, OOLA processes personal information based on one or more of the following grounds: - Consent, when you choose to submit information, accept non-essential cookies, subscribe to communication, or approve specific use. - Contract or pre-contract steps, when processing is needed to respond to an inquiry, prepare a proposal, or deliver agreed services. - Legitimate business purposes, when processing supports normal business operation, website improvement, project management, security, client communication, portfolio administration, and service development. - Legal obligation, when processing is needed for tax, accounting, compliance, dispute handling, or legal recordkeeping. - Protection of legal rights, when processing is needed to establish, exercise, or defend legal claims. For visitors located outside Indonesia, OOLA also aims to respect applicable international privacy requirements, including GDPR, UK GDPR, CCPA/CPRA, and other applicable privacy laws where they apply.

OOLA treats client materials, business context, product information, unpublished work, access details, internal documents, and project communication as confidential unless one of the following applies: - The information is already public. - The client gives written approval. - Disclosure is required to deliver the project. - Disclosure is required by law. - Disclosure is necessary to protect legal rights. - The information is shared with a service provider bound by confidentiality or similar obligations. OOLA will not publish client work, case studies, screenshots, prototypes, private documents, testimonials, metrics, or business outcomes without written approval from the client. Portfolio use, public case studies, social media posts, award submissions, and similar public references require written approval unless already permitted under a separate agreement.

We do not sell personal information. We share information only when needed for business, operational, legal, or project-related purposes. This includes sharing with: - Hosting providers. - Email providers. - Analytics providers. - File storage providers. - Design and development tools. - Project management tools. - Communication platforms. - Payment, invoicing, accounting, or tax tools. - Legal, accounting, or professional advisors. - Contractors or collaborators involved in the project. - Public authorities, regulators, or courts where required by law. Service providers only receive information needed to perform their role.

OOLA’s website and workflow use third-party tools for hosting, communication, analytics, file storage, design, development, project management, and business administration. These providers process information under their own policies and security practices. Where required, OOLA will rely on appropriate agreements or safeguards with service providers. Examples of third-party service categories include: - Website hosting. - Domain and DNS services. - Website analytics. - Email and communication. - Cloud file storage. - Design tools. - Development tools. - Project management tools. - Invoicing and accounting tools. The specific tool list should be reviewed and updated before launch.

The website uses cookies and similar technologies to operate the website, remember cookie preferences, understand aggregate website performance, and support analytics where consent is provided. Non-essential cookies, including analytics or marketing cookies, are used only when you accept them through the cookie banner or consent mechanism. For more information, please read the OOLA Cookie Policy.

OOLA is based in Indonesia and works with digital tools and service providers that operate in different countries. This means information shared with OOLA, or processed through service providers, may be transferred to, stored in, or accessed from countries outside Indonesia or outside your location. Where required by applicable law, OOLA will use appropriate safeguards for international transfers, such as contractual protections, service provider commitments, security controls, or other recognized transfer mechanisms. By contacting OOLA, submitting an inquiry, or sharing project information, you understand that your information may be processed across different jurisdictions as needed for communication, project delivery, business operation, and legal compliance.

We keep information only for as long as needed for the purpose for which it was collected, including business, project, legal, accounting, tax, operational, support, portfolio approval, and dispute-resolution purposes. Typical retention periods include: - Inquiry records: kept for a reasonable period to respond, follow up, and manage business records. - Project records: kept for the duration of the project and for a reasonable period after completion. - Contract, invoice, and accounting records: kept as required by applicable legal, tax, and accounting rules. - Portfolio approval records: kept as long as needed to document permission. - Website analytics data: kept according to analytics provider settings and consent preferences. - Cookie consent records: kept as needed to remember and prove consent choices. OOLA will delete, anonymize, or limit access to information when it is no longer needed, unless retention is required by law, contract, accounting, dispute handling, or legitimate business needs.

OOLA uses reasonable technical, organizational, and administrative measures to protect information against unauthorized access, loss, misuse, disclosure, alteration, or destruction. These measures include appropriate access control, account security, secure storage practices, limited sharing, and careful handling of client materials. No website, email system, cloud tool, or internet transmission is completely secure. You share information with OOLA at your own discretion.

Depending on your location, applicable law gives you certain rights over your personal information.

These rights include:
- Access to personal information.
- Correction of inaccurate information.
- Deletion of personal information.
- Restriction of processing.
- Objection to certain processing.
- Data portability.
- Withdrawal of consent.
- Opt out of marketing communication.
- Opt out of sale or sharing, where applicable.
- Limit use of sensitive personal information, where applicable.

To make a privacy request, contact OOLA at contact@oola.digital.

We will review and respond to requests according to applicable law. We need to verify your identity before completing certain requests.

OOLA is primarily subject to the laws of the Republic of Indonesia, including applicable personal data protection regulations.

Subject to applicable Indonesian law, you may have rights related to your personal information, including the right to:
- Access your personal information.
- Correct inaccurate personal information.
- Complete incomplete personal information.
- End, delete, or destroy personal information where permitted by law.
- Withdraw consent for processing based on consent.
- Object to certain automated decision-making, where applicable.
- Restrict or delay certain processing.
- Request information about how your personal information is processed.
- Claim compensation where a violation causes loss, subject to applicable law.

To exercise your rights, contact OOLA at contact@oola.digital.

OOLA will review privacy requests according to applicable Indonesian law and other privacy laws where they apply. OOLA may need to verify your identity before completing a request.

If you are located in the European Economic Area or the United Kingdom, you have rights under applicable data protection laws. You have the right to request access, correction, deletion, restriction, objection, portability, and withdrawal of consent. Where processing is based on consent, you have the right to withdraw consent at any time. Withdrawal does not affect processing completed before the withdrawal. Where processing is based on legitimate interests, you have the right to object to processing in certain circumstances. You also have the right to lodge a complaint with your local data protection authority.

If you are a California resident, you have rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act. Subject to legal limits, these rights include: - The right to know what personal information is collected, used, disclosed, sold, or shared. - The right to request deletion of personal information. - The right to correct inaccurate personal information. - The right to opt out of sale or sharing of personal information. - The right to limit use and disclosure of sensitive personal information. - The right not to receive discriminatory treatment for exercising privacy rights. OOLA does not sell personal information. OOLA does not knowingly share personal information for cross-context behavioral advertising unless this is clearly disclosed and supported by a valid opt-out mechanism. If marketing pixels, retargeting tools, or advertising cookies are added later, OOLA should provide a “Do Not Sell or Share My Personal Information” mechanism where required by law.

This website is intended for business and professional audiences. OOLA does not knowingly collect personal information from children under 13, or the equivalent minimum age under applicable local law. If we learn that a child has submitted personal information without appropriate consent, we will delete the information where required.

OOLA only sends marketing communication where permitted by law or where you have chosen to receive it.

You can unsubscribe or opt out of marketing communication at any time by following the instructions in the message or contacting contact@oola.digital.

The website links to third-party websites, platforms, portfolios, social media pages, or tools. OOLA is not responsible for the privacy practices, content, security, or policies of third-party websites. You should review the privacy policy of each third-party website you visit.

OOLA updates this Privacy Policy when business practices, website features, tools, or legal requirements change. The “Last Updated” date shows when the policy was last revised. Continued use of the website after updates means you acknowledge the updated policy.

For questions, requests, or concerns about privacy or data handling, contact:

OOLA Digital Studio
Email: contact@oola.digital
Website: https://oola.digital