Customer Data Privacy Policy

(“Privacy Policy”)

Effective Date: May 25, 2018 (view archived version)

I. Corporate Commitment to Privacy

Ooyala, Inc, Ooyala Limited, Ooyala AB, and any other entity that directly or indirectly controls, is controlled by, or is under common control with Ooyala, Inc (collectively “Ooyala” “our,” “we” or “us”) are committed to respecting your privacy. This Privacy Policy describes how we collect, use, disclose, store and otherwise process information through http://www.ooyala.com/ and through the products and/or services provided by or through Ooyala (collectively “Services”). In addition, this policy states how you can control the collection, correction and/or deletion of information. We will not use or share your information with anyone except as described in this Privacy Policy.

We urge you to read this Privacy Statement so that you understand our commitment to you and your privacy, and how you can participate in that commitment.

II. Scope

This Privacy Policy applies to personal information and other information collected by Ooyala or its service providers from or about:

(i) visitors to, or users of, its websites;

(ii) current customers using the Services pursuant to a written agreement with Ooyala;

(iii) prospective and current customers using the Services pursuant to a clickwrap, browserwrap, or other online agreement;

(iv) service providers and business partners;

(v) other third-parties that use the Services, including without limitation including without limitation the end users of prospective and current customers.

As used in this Privacy Policy, “you” or “your” means, collectively, the entities or individuals set forth in (i) – (v) of this Section II.

III. GDPR Compliance

Ooyala complies with the General Data Protection Regulation (“GDPR”) as set forth by the European Parliament in April 2015. The regulation mandates that Ooyala protects the personal data and privacy of EU data subjects. If there is any conflict between the policies in this privacy policy and GDPR, the GDPR principles shall govern.

IV. FTC Enforcement Power

Ooyala is subject to the investigatory and enforcement powers of the Federal Trade Commission.

V. Personal Information

Definition of Personal Information

Personal information refers to any information relating to an identified or identifiable natural person, such as an identification number, physical, physiological, mental, economic, cultural, or social identifiers.

Definition of Personal Information (Special Categories of Information)

Special categories of personal data refers to genetic and biometric data which can identify a unique individual. Under GDPR, these categories require additional privacy protections.

VI. Definition of Non-Personal Information

We may also collect information that is related to you but that does not personally identify you (“Non-personal Information”). Non-personal Information also includes information that could personally identify you in its original form, but that we have modified (for instance, by aggregating, anonymizing or de-identifying such information) in order to remove or hide any Personal Information.

VII. Consent

Ooyala collects personal information about you in connection with many of our services. When working or using our company, you may be prompted to make an account which may hold personal information such as your name, mailing address, email address, or credit card information. Prior to collecting this information, Ooyala will obtain your consent. At any point in time, you can revoke consent and we will cease using and processing your data immediately.

VIII. Information Collected Automatically

Ooyala may also collect Technical Information about you when you visit our websites, which your web browser automatically sends whenever you visit a website on the Internet. "Technical Information" is information that does not, by itself, identify a specific individual but which could be used to indirectly identify you. Our servers automatically record this information, which may include your Internet Protocol ("IP") address, browser type, browser language, and the date and time of your request. Gathering your information helps us ensure our websites and other services work correctly and support out customer analytic efforts.

IX. Information Collected Automatically (Examples)

Email communication

We may use pixel tags and cookies in our marketing emails so that we can track your interaction with those messages, such as when you open the email or click a URL link that’s embedded within them. When recipients click on one of those URLs, they pass through a separate web server before arriving at the destination page on a company website. We use tools like pixel tags and cookies so that we can determine interest in particular topics and measure and improve the effectiveness of our communications.

Mobile communication

When you download or use our mobile-device applications, or access one of our mobile-optimized websites, we may receive information about your mobile device, including a unique identifier for your device.

Cookies and Similar Technologies

We may collect information about your use of the websites through cookies and similar technology. A "cookie" is a unique numeric code that we transfer to your computer so that we can keep track of your interests and/or preferences and recognize you as a return visitor to the websites. For example, we may use these technologies to collect information about the ways visitors use our websites, to support the features and functionality of our websites, and to personalize your experience when you use our websites.

X. Information Collected from Other Sources

Ooyala may also collect information about you from other sources to help us correct or supplement our records, improve the quality or personalization of our service to you, and prevent or detect fraud. We work closely with third parties (for example, business partners, service providers, sub-contractors, advertising networks, analytics providers, search information providers, fraud protection services) and may receive information about you from them. The following are some examples:

Third-Party Vendors

In order to provide the services and improve Ooyala’s websites, we may engage the services of third-party vendors. In the process of supplying services to Ooyala, these third-party vendors may need to collect Personal Information about you.

Log Files

Log files record website activity on our services and enable us to gather statistics about our users' browsing habits. These entries help Ooyala determine (among other things) how many and how often users have accessed or used our services, which pages they've visited, and other similar data.

Clear GIFs

Clear GIFs, sometimes called "web bugs" or "web beacons," are small electronic images that are placed on a web page or in an email message. We use clear GIFs to monitor user behavior, deliver cookies, collect information, count visits, understand usage and campaign effectiveness, and to tell if a recipient has opened and acted upon an email.

XI. Permitted Use of Personal Information

Ooyala uses your personal information to provide you products and services, such as to fulfill your requests for products or to help us personalize our offerings to you. We also use your personal information to support our business functions, such as fraud prevention, marketing, and legal functions. To do this, we combine personal and non-personal information, collected online and offline, including information from third party sources. The following are some examples:

Fulfill Requests

To fulfill your requests for products and services and communicate with you about those requests;

Understand Customer Behavior

To better understand customer behavior so that we may improve our marketing and advertising efforts and to improve the distribution of our products and services;

Personalize Offerings

To help us personalize our service offerings, websites, mobile services, and advertising;

Legal

To comply with legal and/or regulatory requirements;

Responding to Customer

To respond to reviews, comments, or other feedback you provide us;

Industry Benchmarking

For industry benchmarking and analysis consistent with our legitimate business purpose;

XII. Promotional Messaging or Advertising

Ooyala uses your contact information to recommend products and services that might be of interest to you, to send you marketing and advertising messages such as newsletters, announcements, or special offers or to notify you about our upcoming events.

XIII. Ability to Opt-In to Promotional Messaging or Advertising

Ooyala allows you to opt-in to receive advertisements based on your interests. If you do not opt-in, you will still receive advertisements but they will not be tailored to your interests.

XIV. Disclosure of Personal Information to Third Parties

Ooyala will not rent or sell your Personal Information to others but may disclose personal information with third-party vendors and service providers that work with Ooyala. We will only share personal information to these vendors and service providers to help us provide a product or service to you. Examples of third parties we work with are Amazon, Microsoft, Google, and Akamai. These third parties only have access to personal information necessary for them to complete their service.

XV. Disclosure of Personal Information for Business Purposes

If Ooyala sells any part of its operations, Ooyala may transfer personal information in connection with the sale. Prior to a sale occurring, Ooyala will contact you to gain your consent for the disclosure of your personal information.

XVI. Disclosure of Personal Information for Leg

Reasons

Ooyala may be required to disclose personal information to the authorities, law enforcement agencies, government agencies, or legal entities. We may disclose information by law, litigation, or as a matter of national security to comply with valid legal process including subpoenas, court orders or search warrants, and as otherwise authorized by law. We may also need to disclose personal information in the event of an emergency that threatens an individual's life, health, or security.

XVII. Disclosure of Personal Information Via Links to Third-Pa

Services, and Applications

Using our website or services may link to third party web websites, services, and applications. Ooyala is not responsible for any personal information collected through these means. Information collected is governed through the third party's website's Privacy Policy. Any interactions you have with these web websites, services, or applications are beyond the control of Ooyala. When you post information to or through such services, those websites' privacy policies and cookie usage policies apply directly. We urge you to read the privacy and security policies of any external websites before providing any personal information while accessing those websites.

XVIII. Onward Transfer Liability

In cases of onward transfer to third parties of your personal data, Ooyala is potentially liable. In particular, Ooyala remains responsible and liable under GDPR if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with its principles, unless Ooyala proves that it is not responsible for the event giving rise to the damage.

XIX. Use of Cookies and Other Technologies (e.g. Web Beacons)

Ooyala uses cookies to operate and improve our website as well as to simplify the interaction with you. When you visit our websites, our servers send a cookie to your computer or mobile device to help personalize your experience and advertisements. Cookies help us better understand user behavior and facilitate effectiveness of advertisements. Cookies only stand to recognize your web browser but information collected from cookies is not personally identifiable. Ooyala may also use web beacons or other technologies in conjunction with cookies to gather information about your visit to our websites. Web beacons may be embedded through our website or electronic communications and can allow servers to collect information related to your visit. Web beacons are primarily use to provide content and advertisements that are more relevant to you.

XX. Ability to Disable Technologies

Some web browsers (including some mobile web browsers) provide settings that allow you to control or reject cookies or to alert you when a cookie is placed on your computer, tablet or mobile device. Although you are not required to accept cookies, if you block or reject them, you may not have access to all features available through our services. For more information, visit the help page for your web browser or see http://www.allaboutcookies.org

XXI. Consequences of Disabling Technologies

Please note that if you disable your web browser's cookies and other technologies, certain features of our website and services will be disabled and you will limit the functionality we can provide when you visit our site.

XXII. Security Measures Taken to Protect Personal I

Company

Security of all information is of the utmost importance for Ooyala. Ooyala uses technical and physical safeguards to protect the security of your personal information from unauthorized disclosure. Nevertheless, such security measures cannot prevent all loss, misuse or alteration of personal information and we are not responsible for any damages or liabilities relating to any such incidents to the fullest extent permitted by law. In the case of a data breach, we will notify you without delay of any loss, misuse or alteration of personal information that may affect you. You can review Ooyala’s data breach notification policy at: http://www.ooyala.com/breach-notification-policy (as may be updated by Ooyala from time to time).

XXIII. Security Measures to Protect Personal Informa

Parties

We require that our third party service providers and channel partners agree to keep all confidential information we share with them and to use the information only to perform their obligations in the agreements we have in place with them. These third party service providers and channel partners are expected to maintain privacy and security protections that are consistent with Ooyala’s privacy and information security policies.

XXIV. Data Retention and Storage

Ooyala retains your information for business purposes as long as is reasonably necessary to provide you with our products and services, but in no event for longer than twenty-seven (27) months. Ooyala will also retain your information as reasonably necessary to comply with our legal obligations, resolve disputes and enforce our agreements. We may also retain cached or archived copies of your information for a reasonable period of time, but in no event for longer than twenty-seven (27) months. At any point in time, you can withdraw consent and we will immediately stop processing your data.

XXV. Choice: Your Privacy Rights

Ooyala gives you choices about the ways we collect, use, and share your personal information. You can choose what contact information will be stored in your account and preferences. However, if you choose not to provide certain details, some of your experiences with us may be affected. If at any point in time you wish know what data we process about you, you can request to access the information by contacting DPO@ooyala.com.

XXVI. Collection of Information from Children

The Company recognizes the importance of protecting the privacy and safety of children. Our website and services are primarily directed towards the general audience and are not directed towards children. We do not knowingly collect information about children under the age of 13 however there are some instances where we may collect information, but we will make sure parental consent is achieved beforehand. A parent or guardian of a child may contact us at DPO@ooyala.com to request that we delete such information.

XXVII. International Transfer of Personal Information

Ooyala may share customer information within our family of companies for a variety of purposes, for example to provide you with the latest information about our products and services and offer you our latest promotions. To facilitate our global operations, Ooyala may transfer personal data from your home country to other Ooyala locations across the world. To protect your personal information, we will only transfer data to countries who provide an "adequate" level of personal data protection. If the data is transferred to counties without 'adequate' protection as determined by the European Parliament, we will use additional safeguards to ensure your data is protected.

XXVIII. Questions/Updates to Policy

Inquiry, Compliant, and Dispute Process (Detailed, GDPR)

In compliance with GDPR, Ooyala commits to resolve complaints about your privacy and our collection/use of your personal information. If you have an inquiry or complaint regarding this privacy policy, please contact Ooyala at DPO@ooyala.com.

XXIX. Contact Point to Update/Delete Personal Information

You have the right to access and limit the use and disclosure of your personal data. If you would like to express your point of view, challenge an explanation of data use, or otherwise obtain further information, contact DPO@ooyala.com. If at any time after registering for information, your personal information changes, notify us and we will update your contact information. Please note, at any time, if you desire to obtain or transfer your information, we will provide you with your personal data in a structured and commonly used electronic format.

XXX. Location of Data Processing/Storage

Personal information collected about EU data subjects via our website or our Services is processed in the United States by Ooyala or by a third party acting on our behalf. When you provide personal information to Ooyala, you consent to the processing of your information in the United States. Our websites are hosted in the United States.

If you are a current customer using the Services pursuant to a written agreement with Ooyala, click here to download, review, and accept the Ooyala Data Processing Addendum.

XXXI. California Privacy Rights

California Civil Code Section 1798.83 permits individual California residents to request certain information regarding Ooyala's disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please write to DPO@ooyala.com.

Please include your name, mailing address, and email address if you want to receive a response by email. Otherwise, we will respond by postal mail within the time required by applicable law.

If you are a California resident under age 18 and are a registered user of any of the services, then you may request that we remove any content that you created and publicly posted on our website ("User Content"). To request removal of your User Content, please send an email with a detailed description of the specific Data User Content to DPO@ooyala.com. Ooyala reserves the right to request that you provide information that will enable us to confirm that the User Content that you want removed was created and posted by you.

Ooyala will make a good faith effort to delete or remove your User Content from public view as soon as reasonably practicable. Please note, however, that your request that we delete your User Content does not ensure complete or comprehensive removal of your User Content. Your User Content may remain on backup media, cached or otherwise retained by Ooyala for administrative or legal purposes or your User Content may remain publicly available if you or someone else has forwarded or re-posted your User Content on another website or service prior to its deletion. Ooyala may also be required by law to not remove (or allow removal) of your User Content.

XXXII. GDPR Rights

Right of Access

At any point in time, you can confirm your data is being processed and request to access your data. If you wish to access/confirm you data is being processed, please contact DPO@ooyala.com.

Right to Consent

Before collecting and using your personal data, Ooyala will obtain consent. At any point in time, you can revoke consent and Ooyala will stop using and processing your personal data.

Right to Erasure

You have the right to request Ooyala erases all of your personal data on a number of grounds, including if the data is no longer necessary for its original purpose or if you withdraw consent. If Ooyala receives a request, we will inform all third parties who have the data of this request. For additional information on when you can request data erasure, please contact DPO@ooyala.com.

Right to Rectification

If any personal data is inaccurate or incomplete, you can request Ooyala corrects the data. When this occurs, Ooyala will notify third parties who have access to the data of the change. If you wish to alter your data, please contact DPO@ooyala.com.

Right to Restrict Processing

Even if personal data is still stored by a company, now or in the future, you can request Ooyala stops using or processing your data. If you wish to restrict data processing, please contact DPO@ooyala.com.

Right to Object

You have the right to object to your personal data being processed for profiling, direct marketing, scientific research, and statistics. If you wish to object, please contact DPO@ooyala.com.

Rights Related to Automatic Decision Making and Profiling

At any point in time, you can contact a Ooyala representative to express your point of view, challenge an explanation of data use, or otherwise obtain further information on automatic data processing.

Right to Data Portability

You have the right to transfer your personal data from one electronic processing system to another without being prevented from doing so by Ooyala's data processor. Unless extended by Ooyala request, within one (1) month, Ooyala will respond to the request and provide you with the desired information for free in a structured and commonly used electronic format.

Data Breach Response

Security of all information is of the utmost importance for Ooyala. Ooyala uses technical and physical safeguards to protect the security of your personal information from unauthorized disclosure. Nevertheless, such security measures cannot prevent all loss, misuse or alteration of personal information and we are not responsible for any damages or liabilities relating to any such incidents to the fullest extent permitted by law. In the case of a data breach, we will notify you of any loss, misuse or alteration of personal information that may affect you. You can review Ooyala’s data breach notification policy at: http://www.ooyala.com/breach-notification-policy (as may be updated by Ooyala from time to time).