Privacy Policy
Effective date: April 3rd, 2023
In brief
- This Privacy Policy explains how we collect, use and disclose your personal data (i.e., information that allows your direct or indirect identification), and how you can use your data subject rights to know more and make various requests related to our processing of your data.
- We may collect personal data from users of our website and products, technical information sent by your browser or plug-in, and our partners offering license management and purchases.
- The data categories we process include contact, license management, customer, payment, visitor, product analytics, profile and communication data as well as information on your marketing permissions.
- We go privacy first. While considering how to best serve our customers, we will also try to keep the personal data we process to a minimum and use data in the least identifiable form possible. That’s why we also strive to aggregate, anonymize or pseudonymize any personal data as soon as possible, where appropriate.
- Our processing purposes include license management, customer support and relationship management, marketing and sales, maintaining this website, as well as business development and administration.
- We keep your personal data only for as long as we have a legitimate commercial reason to retain it for a purpose described above.
- We protect your personal data by using technical and organizational measures designed to provide a level of security appropriate to the risk of processing.
- We disclose your data to work with our license management and merchant partners, obtain services necessary to run our business and for certain other reasons as detailed below.
- For any questions or requests , please email privacy@oeksound.com
1. About this Privacy Policy
oeksound Ltd (“we”, “us”, “our”) develops and sells software plug-ins (“Product(s)”) intended for use in various digital audio workstations (DAWs), and operates this website oeksound.com (“Website”) to promote and conduct its business.
This page informs you of our policies regarding the collection, use, disclosure any other processing of personal data when you visit and use our Website and/or buy and use our Products, and the choices you have associated with that data.
Also, please note that since we use a popular third-party license management service, iLok, to help us and our licensees manage licenses to our Products, your use of the Products requires you to engage with the provider of the iLok solutions, PACE Anti-Piracy Inc. (“PACE”), including having your personal data processed as set out in more detail in the iLok.com Privacy Policy available through their website (www.ilok.com). Furthermore, in order to provide you with a smooth purchasing experience and any necessary support when you buy one or more of our Product licenses, we have integrated the FastSpring ecommerce solution, operated by Bright Market, LLC d/b/a FastSpring (“FastSpring”), into the relevant portions of our Website, with FastSpring also operating as the merchant of record with regard to your purchases. This means that checking out your shopping cart at our Website, and any possible further engagement with FastSpring, requires that you share your personal data with FastSpring in the manner detailed in their Privacy Policy which is accessible to you as shown in the Checkout phase of your purchase. To ensure everything works together smoothly, PACE and FastSpring may also share your data with us in some instances, as further detailed below in this Privacy Policy.
By personal data we mean any information relating to an identified or identifiable natural person (also called a “data subject”). As set out in the EU General Data Protection Regulation (2016/679) applicable to the processing of your personal data along with other applicable data protection laws (collectively, the “Data Protection Laws”), an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
2. Data controller
oeksound Ltd
P.O. Box 1188 00101 Helsinki
FINLAND
Business ID: 3088588-2
3. Contacting us
If you have any questions about this Privacy Policy, including any requests concerning your rights as a data subject, please contact us at privacy@oeksound.com.
4. Changes to this Privacy Policy
We may update our Privacy Policy from time to time in response to changing legal, technical or business developments.
When we update the Privacy Policy, we will inform you in a manner we consider consistent with the significance of the changes and update the “Effective date” at the top of this Privacy Policy. With more significant updates, we will let you know via email and/or a notice on this Website.
You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy will become effective when they are posted on this page.
5. The personal data we process
We may collect, use, store and transfer, or process in another manner, the following personal data concerning you:
Contact Data
Your contact details, such as your name, email address and postal address.
License Management Data
Information on the licenses, if any, granted to you by us for the use of any Product, including the status of the licenses and any information you have provided to us, or that has been conveyed to us by PACE, in the context of a support issue or request concerning such license(s).
Customer Data
Information related to your interaction and the customer relationship you have with us, including information you have provided to us in the context of any commercial transaction, Product-related support request, query, survey or similar as well as your purchase and order details, purchase history (e.g., what licenses you have purchased), and any other necessary documentation of your transactions with us and our partners, such as FastSpring and PACE, as well as information on any possible cancellations, complaints, claims or other similar requests or events.
Payment Data
Any relevant payment details and payment history related to your purchases or otherwise, including, e.g., payment method, date, time, currency, amount, processing information and similar transaction details as well as any other necessary documentation of payments and transactions between us.
Visitor Data
Primarily anonymous or pseudonymized information about your use of our Website, including full uniform resource locators (URLs) of the pages you visit, information on your manner and time of use, such as date and time, frequency and patterns of use and other information on the interaction with our Website, as well as technical information related to your use of the Website and to your equipment, as sent by or obtained from your system in the course of your use of the service, such as your internet protocol (IP) address and User Agent string (including information on your browser, system and platform), and as collected at different points in time and combined together by using cookies and/or similar technologies – however, only when based on your active consent, where legally required.
Product Analytics Data
Primarily anonymous or at most pseudonymized data sent by our Products to our backend services for analytics and telemetry at various points in time:
Update check and basic system configuration: Product name and version, user operating system and version, date and time of data transmission, host software name and version, CPU family and core count, RAM amount, CPU’s available instruction set, GPU chipset details. Sent when the plug-in is launched or loaded to the host software.
Parameter settings: data collection trigger (e.g., mixing session saved, mix committed), Product name and version, parameter data.
User interactions: Product name and version, user interface widget used, time deltas and timestamps of user actions (widget changes).
Communication Data
Your correspondence with us for customer support and other communication between us, including notifications which we may, from time to time, send to you by email.
Marketing Data
Information on your preferences and settings regarding marketing carried out by us or our partners.
6. Anonymous and pseudonymized data
We may use, disclose and otherwise process anonymous data (i.e., data that does not allow your direct or indirect identification) and/or pseudonymized data (i.e., personal data processed so that it no longer allows your direct or indirect identification without the use of additional information, provided that any such additional information is kept separately and subject to measures ensuring that no identification will happen), including Product Analytics and Visitor Data:
- to learn about the use of our Products and Website for product and business development purposes
- to deliver targeted advertisements to you on other websites and platforms
- to provide reporting in aggregated form to our current and prospective partners and service providers, and
- for statistical or research and analysis purposes in aggregated form
Personally, we value privacy highly and want our business practices to reflect this. When collecting telemetry and other data on your use of our products and Website, we are not interested in collecting or connecting data to profile or single out specific users, and we would like to keep the amount of personally identifiable data processed to a minimum. At the same time, we would like to collect just enough data to be able to further improve and develop our products and business, including optimizing and developing the user experience, usability and features of our plug-ins, providing you with better customer support, and focusing our development efforts on the features and functionality you value and use most. While we think we have done a good job in balancing these legitimate business interests of ours against your data protection rights, you are absolutely free to disagree, and unless we are talking about data that has been statistically aggregated in a reliable manner and therefore definitely anonymous, we have provided ways for you to deny your consent or opt out, as the case may be, with respect to the kind of processing discussed here.
Because complete, future-proof anonymization of personal data is hard, we have decided to proceed cautiously and, as a principle, treat even data we have anonymized as something potentially re-identifiable, and to secure and safeguard it accordingly, as set out in this Privacy Policy. In particular, where appropriate and feasible, we will take the following measures:
- providing you with options to control what personal data we may process and how (such as obtaining your active consent for any non-essential cookies and/or other tracking technologies used for web analytics and targeting ads, or allowing you to opt out of sending us Product Analytics Data by adjusting the plug-in settings);
- removing our ability to identify specific individuals by taking active and automated measures to aggregate, anonymize or pseudonymize your personal data at the earliest point reasonably possible (such as for Product Analytics Data, preferably already on your device before the data ever hits our servers);
- minimizing collection of personal data in general, taking appropriate technical and organizational measures to avoid and prevent any unnecessary combination of datasets, especially those of particular detail, large size or different origins, and using the data in the least identifiable form that will support processing necessary for our legitimate business operations; and
- test, assess, and improve our anonymization and pseudonymization measures on a continuous basis.
7. How we collect personal data
We may collect personal data about you in the following ways:
- Information provided by you: Information which you provide or deliver to us through, e.g., our Website or via email or phone. You may give us information, e.g., in the course of purchasing licenses for Products, and making other transactions or support requests.
- Automated technologies: We may automatically collect License Management, Payment, Visitor, as well as certain Customer Data based on purchases you make and your other use of our Website. In the context of your use of our Products, we collect Product Analytics Data to the extent you have not opted out of such collection via the relevant Product settings (where available).
- Third parties or publicly available sources: We may receive personal data about you from the following third parties:
- License Management Data from PACE in order to help us provide you support concerning licenses to our Products.
- Payment Data from FastSpring to provide you support, where necessary, and to process and retain certain information and documentation for purposes of complying with accounting and tax laws.
- Visitor Data from our service providers carrying out web analytics.
Please note, that where we need to collect certain data based on law or a contract between you and us, and you fail to provide that data when requested, we may not be able to provide you with the services you have requested.
8. How we process personal data
Below we have set out the purposes for which we may process your personal data and the legal bases we rely on to do that. Most commonly, our processing of personal data will rely on the following legal bases:
- Contract: We process your personal data based on contract (or pre-contractual steps taken upon your request) when the processing is necessary for the performance of a contract between us, such as an End User License Agreement for a Product.
- Legitimate interests: We process your personal data based on legitimate interests if the processing is necessary for the purposes of legitimate interests pursued by us or by a third party, except where such interests are overridden by your privacy interests or fundamental rights and freedoms.
- Legal obligation: We process your personal data based on legal obligations when the processing is necessary for our compliance with a legal obligation, such as mandatory provisions of accounting and tax laws.
- Consent: Certain processing requires that we obtain a separate consent from you, e.g., when we seek to set cookies on your device for purposes of web analytics or delivering targeted advertising.
We may rely on more than one legal basis depending on the specific purpose for which we are using your data. If you need details about the grounds we are relying on with respect to specific data or circumstances, please contact us as set out above.
Purpose of processing | Category of personal data | Legal basis |
---|---|---|
License management and support | Contact, License Management, Customer, Payment, Communication | a) Contract b) Legitimate interest (conducting business) |
Product support | Contact, Customer, Communication | a) Legitimate interest (customer service) |
Product and business development | Customer, Product Analytics, Communication | a) Legitimate interests (developing business and products) |
Customer relationship management | Contact, Customer, Communication, Marketing | a) Legitimate interests (managing customer relationship, conducting business) |
Maintaining, securing and developing Website | Visitor, Communication | a) Legitimate interests (improving and developing services, ensuring information security) |
Marketing and sales | Contact, Customer, Visitor, Profile, Marketing | a) Legitimate interests (marketing, conducting business) b) Consent (when legally required) |
General administration of business | Contact, License Management, Customer, Payment, Communication | a) Legitimate interest (conducting business) b) Legal obligations |
In addition to the above-mentioned purposes, we may process your personal data where necessary for the establishment, exercise, or defense of legal claims. Such processing is based on the legitimate interests of us or another party, in particular the protection of the legal rights of us, you or those of third parties (e.g., other users of our products and services). We may also process your personal data where necessary for the purposes of managing our risks or obtaining professional advice. The legal basis for this is our legitimate interest to conduct risk management.
9. How we share and transfer your data
Where necessary and solely to the extent necessary for the purposes detailed above, your personal data may be disclosed to the following recipients and categories of recipients:
- To PACE for license management purposes.
- To FastSpring for purposes of managing payments and related support.
- To our service providers and partners for purposes of web analytics, marketing and delivering targeted advertising.
- To our service providers for the purposes of accounting, financial, ICT, legal and other conventional business services provided to us.
- To buyers or potential buyers (and their agents and advisers) in connection with any (possible) purchase, merger or acquisition of any part of our business, provided that the information is used only to the extent deemed necessary for such purposes.
- To competent courts and other authorities according to applicable laws as well as to third parties where we deem that disclosing your personal data is necessary to protect your vital interests or those of any other person, or for compliance with laws or regulations, or to protect, defend or secure our legal rights, including when we enforce or apply agreements between you and us, or to counter the potential misuse of our products and services, or to secure the rights, in particular our intellectual property rights, or any assets or security of ours, our users and/or third parties. This includes exchanging information with other organizations for the purposes of preventing fraud, violation of intellectual property rights, and any other harmful or criminal activity.
- To any other person – but only with your separate consent unless otherwise provided by applicable laws.
We process your personal data in secure locations and servers mostly within the European Economic Area. Your personal data may be transferred to countries outside the European Union or the European Economic Area only where the European Commission has held that the country in question ensures an adequate level of protection for personal data, or where we have taken appropriate safeguards to require that your personal data remains protected in accordance with this policy, such as by implementing the Standard Contractual Clauses adopted by the European Commission for international transfers of personal data. You may contact us for more information on the safeguards in place. In individual cases, international transfers of personal data may also take place based on (i) your separate and explicit consent, (ii) the performance of a contract between you and us or the implementation of pre-contractual measures taken at your request, or (iii) other applicable grounds for transfer under the Data Protection Laws.
10. How we retain your data
We keep your personal data only as long as we have a legitimate commercial reason to retain it for a purpose described above.
To determine the appropriate retention period, we consider and evaluate the scope, nature and sensitivity of the personal data we process, the potential risk of harm or damage from unauthorized use or disclosure, the purposes for which we process the data and the relevant legal requirements. We will also regularly assess the data we keep, and where we deem retention unnecessary, we will either erase or anonymize the data or, if this is not possible – for example, in case of information stored in backup archives – we will store the data securely and block any further processing until deletion is possible.
We generally retain personal data relating to an individual customer relationship and related Product licenses at least for the duration of the customer’s use of our Products and, in any case, for a reasonable period of time after that, or the customer’s last purchase, transaction or contact with us, for example to be able to respond appropriately to customer queries, to resolve issues relating to the customer relationship and/or any Product licenses, and to prepare for any potential legal issues or claims relating to our products and services.
We also retain some data for periods necessary for compliance with applicable laws and regulations or to secure our legal rights or those of our customers or our partners. Certain information related to retention obligations, e.g., in the fields of accounting and taxation must usually be retained for six (6) years from the end of the relevant accounting period. If you need detailed information on the retention periods or how we determine them in particular circumstances and/or in connection with particular personal data, please contact us as set out above.
11. How we secure your data
To protect your personal data, we use appropriate technical and organizational measures designed to provide a level of security appropriate to the risk of processing. Those measures include, inter alia, as appropriate, the encryption of personal data, procedures which ensure the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services and the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident and procedures by which the effectiveness of technical and organizational measures are regularly tested, assessed and evaluated to ensure the security of the processing. In assessing the appropriate level of security, we take account in particular of risks that are presented by processing, in particular from accidental or unlawful destruction, loss alteration, unauthorized disclosure of, or access to personal data transmitted, stored or otherwise processed.
We also strive to ensure that any natural person acting under our authority who has access to personal data does not process them except on instructions from us. We will see to that only such employees and employees of a service provider providing us services have access to personal data who, due to the nature of their work tasks, need that access.
12. Your rights as a data subject
Unless otherwise explained in this section, you may invoke the following rights by contacting us as detailed above in Section 2 of this Privacy Policy.
Rights of access, rectification and erasure: You have the right to obtain from us confirmation as to whether or not personal data concerning you is being processed by us, and where that is the case, access to that personal data. You may need to prove your identity in order to use this right. Your right of access may, however, be restricted on the basis of legislation, the privacy interests of other persons and/or the protection of trade secrets or intellectual property. Considering the purposes of the processing, we will also rectify, complete or erase inaccurate, incomplete or outdated personal data upon your request.
Data portability: If you wish, you may obtain the personal data which you have provided to us and which is being processed automatically on the basis of consent or contract, in a structured, commonly used, and machine-readable format.
Right to prohibit direct marketing: You may prohibit the processing of your personal data for direct marketing purposes by clicking the link at the end of a marketing message or by contacting us as set out above.
Right to object and right to restrict: You may object, on grounds relating to your particular situation, to processing of personal data concerning you which is based on legitimate interest, such as by using the settings provided in the Product to opt out of sharing some or all Product Analytics Data (where available) or by contacting us as detailed above. Where you object to our processing, you have the right to request that the processing in question be restricted for the period during which we evaluate the basis you have presented for your request. The processing may also be restricted, inter alia, when you contest the accuracy of your personal data. In that situation, the processing will be restricted for the time during which we can ensure the accuracy of the personal data.
Withdrawal of consent: You may withdraw your consent for the processing of personal data at any time by contacting us, or in some cases by some another manner offered to you (often as instructed in the same context where we have obtained your consent). Please note that only minor parts of our processing of personal data is based on your consent.
Right to lodge a complaint: If you consider our processing of your personal data to be inconsistent with Data Protection Laws, you may lodge a complaint with the competent supervisory authority (http://www.tietosuoja.fi).