Privacy Policy

OIID APP & WEBSITE PRIVACY POLICY AND COOKIE STATEMENT (V1.2)

Introduction

We are oiid, the developer of the “oiid” app (the “App”). We are very proud of the capabilities of the App and we want to give our customers the most enjoyable and fulfilling experience possible while using it. In order to do this, we need to understand your listening tastes and habits so we can deliver a truly personal experience, tailored to your individual preferences and expectations.

We are committed to protecting your privacy and the integrity of your personal information. This Privacy Policy (“Policy”) explains how we collect and process your personal data when you use the App, your privacy rights, and how the law protects you.

This Policy describes:

• what information we may collect about you
• how we will use the information we collect about you
• when we may use your details to contact you
• whether we will disclose your details to anyone else
• your choices and controls regarding the personal information you provide to us

Whenever you provide personal data, we are legally obliged to use your information in line with all applicable laws concerning the protection of such data, including the Norwegian Personal Data Act 2018 and the European General Data Protection Regulation, namely Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 repealing Directive 95/46/EC, also known as the “GDPR” (these laws are referred to collectively in this Policy as the “data protection laws”).

Who We Are

This Policy is issued on behalf of oiid A.S. (“we”, “us”, “our”), a company incorporated under the laws of Norway with business registration number 981 980 182 and having its head office at Bergenhus 13, 5003 Bergen, Norway. For the purposes of the data protection laws, oiid A.S. is the data controller and the entity responsible for the App.

Scope

This Policy applies to anybody who uses the App or who provides personal data via the App or our website at https://www.oiidmusic.com (our “Website”). It also applies to those who upload music, material or information via the App, request communication via the App or our Website, and to personal data processed in pursuit of our own marketing and business development efforts. We may also ask you for personal data when you report a problem on our App.

The App is not intended for children and we do not knowingly collect data relating to children.

It is important that you read this Policy together with any other privacy policy or fair processing policy we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This Policy supplements other notices and privacy policies and is not intended to override them.

Changes to this Policy

We reserve the right to amend this Policy from time to time. This version of the Policy was last updated on 1 October 2020. You will be informed of any material changes within a reasonable time by way of an alert on our Website or the App.

We reserve the right, in the event that we buy or sell all or part of our business or assets, to disclose personal data held by us to the prospective seller or buyer of such business or assets.

Acknowledgement

The first time you submit data via the App, you will be asked toacknowledge and accept the practices described in this Policy. If you do notaccept this Policy, you will not be able to post on, or view events oractivities publicised via the App.

In addition, we will endeavour to bring this Policy to your attentionevery time we ask for your personal information and we will seek your specificconsent whenever this is required.

Categories of personal data we collect from you

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity concerned has been removed.

We will collect (and subsequently use, store and transfer) the following personal data about you:

• your name, email address, phone number, birthday, and individual profile information when registering as a user and creating an account, making an enquiry via the App or the Website, or when you otherwise voluntarily submit data to us;
• usage data, such as the tiered service plan you sign up to, search queries, downloaded or streamed content, your playlists, your oiid library, and your browsing history within the App;
• App payment and purchase data, to be collected at the point of commencement of your trial membership, a paid subscription, or an individual in-App purchase, such as credit or debit card details;
• music, files or other data you voluntarily upload via the App;
• technical data relating to your use of the App, such as diagnostic and performance information, your App settings, log files, interactions with other users and information about your device;
• device information and attributes, network connections, network and device performance, information enabling encryption and for diagnostics and troubleshooting purposes;
• your marketing preferences, which may be adjusted or withdrawn at any time;
• information you provide when you complete surveys or enter competitions or enrol in promotional events;
• information about your use of the App and our Website;
• when you make a data subject access request.

We may also collect personal data about you from various third parties in the following circumstances:

• if you register for or log on to the App using third party credentials (e.g. Facebook / Twitter / Instagram), we will import your information from those companies to help create your account with us;
• our technical service partners may provide non-specific location mapping data in order to enable us to provide oiid content and features;
• our payment partners may provide your personal data to us in order to facilitate purchases and/or process payments.

Processing Activities

We will only use your personal data to the extent required to fulfil a user’s instructions, or to improve the functionality of the app and our services to users, or when the law allows us to. The following table summarises the types of data processing activities we will undertake in relation to personal data subject to this Policy:


Information we Process

Purposes for Processing

Legal Basis for Processing

Any personal data you provide to us on or after registration, such as names, contact details, interests and preferences, and payment and purchase data.

(1) To facilitate the delivery of the services we offer via the App by:

·      establishing and maintaining contact between us and you;

·      to provide you with information regarding music and activities reflecting your preferences and which we feel may interest you;

·      to personalise our services to meet your musical tastes and interests;

·      to process subscription fees, one-off payments or any other fees and charges associated with use of the App;

·      to provide training and receive feedback;

·      any other requests you may have as a user of the App.


(2) To deliver promotional materials when:

·      specifically requested;

·      consent is given by way of your marketing preferences;

·      authorised in the context of a specific request.


(3) To allow you to participate in competitions, prize draws, surveys or special features of the App, if you choose to do so;

(4) To notify you about changes to our services and policies;


(5) To publish reviews and testimonials;


(6) To promote security and good practice on the App, to investigate suspicious activity or violation of our terms and conditions, and to ensure the App is being used for legitimate purposes;


(7) To establish, exercise or defend legal claims, and to prevent and deter fraudulent use of the App.


(8) To fulfil our contractual obligations to third parties, e.g. record labels and publishers, and to take appropriate action with respect to copyright infringement and/or unlicensed or inappropriate content;

(1) The performance of our contractual obligations  to you.


(2) The performance of our contractual obligations to other users of the App and third parties.


(3) Your consent, or our legitimate interests, specifically the pursuit of our own marketing and business development efforts.


(4) Our legitimate interests, namely monitoring and improving the App’s performance and level of service to customers, and your consent whenever required.

Information you generate when you use the App, e.g. likes, song lists and download or purchase history

(1) To ensure that content downloaded via the App is presented in the most effective manner for you and your device;


(2) To administer and protect our business and the App, including trouble shooting, data analysis, testing, system maintenance, reporting and hosting of data;


(2) To provide and/or enhance functionality on theApp;


(3) To analyse the performance of the App, and/or diagnose performance issues;


(4) To process payments;


(5) To use data analysis to improve our services and customer experience, marketing, customer relationships;


(6) To deliver relevant marketing from time to time from us and our partners;


(7) To fulfill our contractual obligations to the owners of any musical or other content made available to users of the App;


(8) To establish, exercise or defend legal claims, and to prevent and deter fraudulent use of the App

(1) Our legitimate interests, namely monitoring and improving the App and our level of service to customers, and your consent whenever required.


(2) The performance of our contractual obligations to other users of the App and third parties.


(3) Our legitimate interests, namely monitoring and improving the App’s performance and our level of service to customers, to monetise the services we provide, to deter misuse of the App and to maintain the integrity and reputation of the App.

Marketing Preferences

You will only receive marketing communications from us if you have signed up for our newsletter or have requested marketing communications from us in the past.
We will ask for your express opt-in consent before we share your personal data with any third party for marketing purposes.

You may ask us to stop sending you marketing messages by clicking on the “Opt Out” link in our marketing messages. You may also opt out of marketing at any time by writing an email to privacy@oiid.com.

Any opt out requests will not apply in respect of personal data provided to us for the purposes of fulfilling request to post an event or activity via the App.

Sharing your personal data with third parties

You understand andacknowledge that we use third party service suppliers to facilitate transactionsmade via the App. These suppliers have givencontractual undertakings that they will safeguard personal data disclosed tothem in the course of providing such services in accordance with ourinstructions, and have agreed to be held liable in the event of any breach ofdata protection law for which they are responsible.

In addition to these suppliers, there are other third parties with whomwe may need to share your personal information for the reasons set out below:



Third Party

Purposes for Processing

Legal Basis for Processing

To facilitate the provision and promotion of our business and to monitor our business development.

Companies within our corporate group (including affiliates and ultimate beneficial owners), or who acquire a controlling interest in our business or its assets

The performance or negotiation of the contractual relationship between us and users of the App, and our legitimate interests, specifically the pursuit of our own marketing and business development efforts, and your consent whenever required by law.

Third party applications and devices

To allow you toconnect the App on your chosen device, and to facilitate the functionality ofthe App by sharing of technical data.

The performance of our contractual obligations  to you, and your consent to the extent the application or device requires disclosure of your personal data.

Artists and Record Labels

To act on any request you make (which you may revoke at any time) to link with artists, labels, or other content partners who may want to send you artist news or promotional offers.

Your consent.

Suppliers, such as payment merchants, software/IT systems, user service support, DRMsoftware providers and other third party service providers.

To facilitate the provision and promotion theApp, and to process payments associated with content and any services weprovide via the App.

The performance or negotiation of the contractual relationship between us and our legitimate interests, specifically the pursuit of our own marketing and business development efforts, to secure payments and the deterrence of fraud.

Oiid promotional partners

We may share your personal data in order to allow our partners tocustomise any promotional material you receive via the App in line with yourinterests and preferences. We may also share your personal data relating toyour use of the App, for example your take-up of promotional offers, and theways in which you use the App.

The performance of our contractual obligations to you, are legitimate interests, namely the improvement and enhancement of the in-App user experience, and your consent to the extent it is required by law in relation to the processing activity to be undertaken.

Oiid service partners

If you sign up for the App via a third party service or mobile dataservice provider, we may share your oiid username or other personal data as necessary in order to enable your account and enable you to access the App via such third party service or provider.

The performance of our contractual obligations to you, are legitimate interests, namely the improvement and enhancement of the in-App user experience, and your consent to the extent it is required by law in relation to the processing activity to be undertaken.

Professional advisors, such as accountants and solicitors.

Only when necessary, and limited to what is necessary.

Our legitimate interests, namely the proper administration of our business, or fulfilling our legal obligations to users of the App or in relation to enforcing or defending legal claims.

Competent authorities, such as regulatory authorities, law enforcement and national tax authorities

Only when compelled to and/or when under an obligation to do so.

Compliance with legal obligations, such as for the purposes of fraud reporting or other criminal activity, or in order to apply or enforce our terms and conditions.

Your personal data will only be shared with the third parties identified above if you choose to make use of a specific App feature where sharing of personal data is necessary for the use of the relevant feature OR you grant us permission to share your personal data. This will normally involve selecting the appropriate setting within the App, or by way of another automated consent mechanism.

 Your Data Subject Rights

We are committed to guaranteeing the statutory rights ofindividuals.  If you send us a requestregarding your rights under data protection law, we will respond within 30calendar days of receipt and, where possible, address your request within suchtime. Where necessary, this period may be extended by up to a further 60 days.

The persons to whom this Policy applies are under no statutory orcontractual obligation to provide personal data to us. However, should youdecide to submit personal data to us, you will have the following rights, as adata subject, under data protection law as summarised below:

the right to be informed

the right toaccess

the right to rectification

the right to restrict processing

the right to erasure

the right to object to profiling (i.e. automated decision-making)

the right to requesta copy of your personal data in electronic format (‘data portability’)

the right to complain to the Norwegian DataProtection Authority Datatilsynet (or your local data protection authority)

the right to withdraw consent (e.g. to direct marketing)

To enable users to record their preferences in relation to how we use personal data, we provide privacy and notification controls via the App’s settings sub-menu.

Please note these rights may not always apply, for example if fulfilling your request would require us to reveal personal data relating to another user, or if you ask us to delete information which we are required by law to keep or have a compelling legitimate interest in keeping. If this is the case, then we will let you know at the same time as we respond to your request.

We do not engage in profiling which is capable of producing legal or other significant effects for individual data subjects.

Detailed information on the content and the means to exercise your rights is provided by the Norwegian Data Protection Authority, available here. (LEGG TIL DATABEHANDLERAVTALE)


Retention Period

In respect of personal data within the scope of this Policy, we will retain such personal data until you advise us to securely dispose of it, or until it becomes outdated, or it is no longer appropriate for us to retain such data. It is your responsibility to inform us of any material changes to your personal data to ensure it is accurate. Outdated personal data will be periodically deleted in accordance with our internal data retention policies. However, we will keep certain data, for example playlists, purchased oiids, and account information so long as you remain a user of the App.

Subject to receiving a request from you, we will delete or anonymise your personal data so that it no longer identifies you, unless we are legally entitled or required to maintain certain personal data, for example an unresolved issue relating to your App account, information required for legal, tax or audit purposes, or where we have a legitimate interest in retaining personal data, such as fraud prevention or deterrence or to maintain the security or privacy of other individuals.

Security Measures

We have taken appropriate technical and organisational measures to ensure our own and our suppliers’ information security standards are appropriate to the risks associated with the personal data processing we undertake. Our security objectives include guaranteeing the confidentiality, integrity and availability of personal data and the resilience of the systems that process it. We have introduced policy standards such as pseudonymisation, encryption and retention policies to minimize the risk of a personal data breach. We have also put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

It is your responsibility to keep the password provided to you on registration secure and confidential at all times. We will not be held liable for any breach of data protection law arising from your improper use of the App, or due to your password details being disclosed to any third party, or your failure to exercise control over your App account settings. In the event you have reason to believe your interactions with us are not secure, or the integrity of your login has been compromised, please contact us immediately.

International Transfers

We work solely with world-class suppliers, some of whom have branches outside the European Economic Area (‘EEA’). Any transfers of your personal data outside the EEA take place only subject to appropriate safeguards as provided in data protection law. These safeguards are intended to secure your rights as a data subject with respect to any relevant non-EEA domiciled entities. The transfer of personal data to a country outside of the EEA shall take place only if one or more of the following applies:

a. the transfer is to a country, territory, or one or more specific sectors in that country (or an international organisation), that the European Commission has determined ensures an adequate level of protection for Personal Data (Andorra, Argentina, Canada (commercial organisations), Faroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Switzerland and Uruguay.

b. the transfer is to a country (or international organisation) which provides appropriate safeguards in the form of a legally binding agreement between public authorities or bodies; binding corporate rules; Standard Contractual Clauses adopted or approved by the European Commission; compliance with an approved code of conduct approved by a supervisory authority (e.g. the UK Information Commissioner’s Office); certification under an approved certification; contractual clauses agreed and authorised by the competent supervisory authority; or provisions inserted into administrative arrangements between public authorities or bodies authorised by the competent supervisory authority.

c. The transfer is made with your explicit consent.

d. The transfer is necessary for the performance of our contract with you.

CookiesPolicy

Our Website uses cookies. By using our Website and agreeing to this Policy, you consent to our use of cookies in accordance with the terms of this policy.

A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.

Cookies may be either "persistent" cookies or "session" cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.

Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies. Cookies are very easy to delete and block.

We use cookies for the following purposes:
• authentication - we use cookies to identify you when you visit our Website and as you navigate our Website;
• personalisation - we use cookies to store information about your preferences and to personalise the Website;
• security - we use cookies as an element of the security measures used to protect user accounts, including preventing fraudulent or unlicensed use of our services, and to protect the integrity of our website generally;
• analysis - we use cookies to help us to analyse the use and performance of our Website;
• cookie consent - we use cookies to store your preferences in relation to the use of cookies more generally.

Our service providers also use cookies and those cookies may be stored on your computer when you visit our Website.

Like most modern websites we use Google Analytics to analyse the use of our Website. We also use Social Media buttons to connect our visitors to their social accounts on Facebook, Twitter, Google+ and others. Google Analytics gathers information about website use by means of cookies. The information gathered relating to our Website is used to create reports about the use of our Website. Google's privacy policy is available at: www.google.com/policies/privacy. You can opt out of Google Analytics if you disable or refuse the cookie, disable JavaScript, or use the opt-out service provided by Google.

The ‘__cfduid’ cookie is also embedded on our Website. This cookie is established by Cloudflare, Inc. to identify trusted web traffic and to minimise blocking of legitimate users, and is necessary for maintaining the Website’s security features. In common with most other cookies, it anonymises end user IP addresses and does not store any identifiable personal information. This cookie is a session cookie and expires after 30 days.

Most, if not all, browsers allow you to refuse to accept cookies by adjusting your settings. For example: (1) in Internet Explorer you can refuse all cookies by clicking "Tools", "Internet Options", "Privacy", and selecting "Block all cookies" using the sliding selector; (2) in Firefox you can block all cookies by clicking "Tools", "Options", and un-checking "Accept cookies from sites" in the "Privacy" box.

You can also delete cookies already stored on your computer: (1) in Internet Explorer, you must manually delete cookie files (you can find instructions for doing so at http://support.microsoft.com/kb/278835); (2) in Firefox, you can delete cookies by, first ensuring that cookies are to be deleted when you "clear private data" (this setting can be changed by clicking "Tools", "Options" and "Settings" in the "Private Data" box) and then clicking "Clear private data" in the "Tools" menu.

Doing this may have a negative impact on the usability of many websites. In the case of our Website, disabling cookies means its functionality will be impaired.


Contact

In relation to any queries about this Policy or any other data protection matters, please email contact@oiid.com.

February 2021
oiid AS
Registered in Norway with company number 981 980 182
Registered Office: Bergenhus 13, 5003 Bergen, Norway