YOUR PRIVACY RIGHTS
1. Who Is Universal Audio?
In conducting its business, UA often collects data that identifies, or can be used to identify, specific individuals or households including, without limitation, members of the public who visit UA Domain(s) and our customers, employees and contractors. On May 25, 2018, a new law regulating the collection and handling of data related to residents of the European Union (the “EU”) went into effect. That law, called the “General Data Protection Regulation” or “ GDPR,” along with an updated version of an existing law, called the “EU ePrivacy Regulation”  ( together, the “New EU Privacy Laws”), give people to whom the New EU Privacy Laws apply, significantly more control over their data than prior law. For administrative ease, UA has decided to extend, the protections given under the New EU Privacy Laws to all individuals with whom UA does business, regardless of where they live.
3. What is Personal Data?
4. What Personal Data About Me Does UA Collect and For What Purposes?
Here are the categories of Personal Data that UA collects about you, along with the purposes for which such data is used:
(a) Personal Data That You Intentionally Give Us. We receive and store Personal Data that you enter on a UA Domain or otherwise give us, including, without limitation, the information found here. We also perform a variety of operations (or, “ Processing”) on your Personal Data including, without limitation, recording, organizing, structuring, adapting, altering or retrieving. We use the Personal Data that you provide for such purposes as responding to your requests, customizing future shopping experiences for you, improving our webstores, and communicating with you.
(b) Personal Data that We Collect on Our Own. We also Process certain Personal Data when you interact with us that you may not intentionally give us including, without limitation, the information found here. In some cases, this involves using " Cookies". Cookies are unique identifiers that we transfer to your device to enable our systems to recognize your device in order to facilitate shopping on a UA Domain, enable personalized “remarketing” advertisements on other websites with content served by UA, and provide other functionality. In some cases, you have the legal right to prevent us from using Cookies. Please see Section 9(b)(i) below for information on how to disable Cookies.
(c) Personal Data We Receive from Other Sources. We also Process Personal Data that originates from other sources. Click here to see examples of the information we receive.
5. How Long Does UA Keep My Personal Data?
UA will retain your Personal Data for no longer than is necessary to serve the purposes for which the data was collected, subject to your rights under Section 9 below.
6. Does UA Share My Personal Data With Anyone Else?
UA will not sell your Personal Data to any third party. However, UA may share some of your Personal Data with third parties for the reasons set forth below. Some of these third parties are located outside of the EU and some use Profiling and other kinds of automated decision making. “ Profiling” means the use of Personal Data to analyze, monitor or predict your behavior including, without limitation, your personal preferences, interests or location.
(a) UA Business Partners. UA works closely with a number of businesses, including, for example, businesses from whom we license technology and business who sell complementary products or services (each, a “ UA Business Partner”). In some cases, the UA Business Partner may sell offerings to you through a UA Domain. In other cases, we may provide services, or sell product lines jointly with the UA Business Partner. Click here for some examples of these kinds of arrangements. In each of these cases, we may share Personal Data that relates to those transactions with the UA Business Partner.
(b) UA Third-Party Service Providers. UA engages other companies and individuals to perform functions on our behalf (each, a “UA Third Party Service Provider”), including, without limitation, the kinds of UA Third Party Service Providers described here. Consistent with the GDPR, UA shall engage as UA Third Party Service Providers only Providers who have guaranteed, in writing, that they will (i) act only on UA’s documented instructions, (ii) impose confidentiality obligations on all personnel who process any Personal Data, (iii) ensure the security of the Personal Data it processes, (iv) abide by the rules regarding appointment of sub-processors, (v) implement measures to assist UA in complying with your rights, (vi) assist UA in obtaining approval from appropriate governmental authorities, (vii) at UA’s election, either return or destroy the Personal Data at the end of the relationship (except as required by applicable law) and (viii) provide UA with all information necessary to demonstrate compliance with the rules set forth in the GDPR.
7. Do I have the Right to Access My Personal Data?
(a) What Data Can I Access? If you are a California consumer, you have the right to request (up to 2 times in a 12-month period) that UA disclose to you certain information about the Personal Information that it collects from you, as well as certain information about the Personal Information that UA shares with third parties. The Personal Information that you have the right to request is enumerated in the CCPA. In addition, you have the right, at any time, to have UA confirm whether or not any of your Personal Data (within the meaning of the GDPR) is being Processed and, if so, where it is being Processed. You also have the right to receive the following information from UA:
(i) The purposes of the Processing;
(ii) The categories of Personal Data concerned;
(iii) The recipients or categories of recipient to whom the Personal Data have been or will be disclosed, in particular recipients in third countries or international organizations;
(iv) Where possible, the envisaged period for which the Personal Data will be stored, or, if not possible, the criteria used to determine that period;
(v) The existence of the right to request from UA rectification or erasure of Personal Data or the restriction of Processing of Personal Data concerning you or to object to such Processing;
(vi) The right to lodge a complaint with a Supervisory Authority (as defined in the GDPR), where applicable;
(vii) Where the Personal Data are not collected from you, any available information as to their source;
(viii) The existence of automated decision-making, including Profiling, referred to in Article 22 (1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such Processing for you.
(b) Who Do I Contact at UA to Get that Data? To request any of the information described in the preceding paragraph, you should notify UA’s Data Protection Officer (“DPO”) of such request in writing or by email. The contact information for our DPO is as follows:
Data Protection Officer
Universal Audio, Inc.
4585 Scotts Valley Drive
Scotts Valley, CA 94303
(c) Do I Have to Pay Anything to Get the Data? You are entitled to receive one (1) electronic copy of the Data for free. UA may charge you a reasonable fee based on administrative costs for further copies.
8. On What Basis is UA Claiming It Has the Right to Process My Personal Data?
The GDPR lists six (6) instances in which a data “Controller”, like UA, may legally Process the Personal Data of a person who is a covered by that law:
(a) The person has given consent to the processing of the information for one or more specific purposes;
(b) Processing is necessary for the performance of a contract to which the person is party or to take steps at the request of the person prior to entering into a contract;
(c) Processing is necessary for compliance with a legal obligation to which the Controller is subject;
(d) Processing is necessary to protect the vital interests of the person or of another individual ;
(e) Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the entity; OR
(f) Processing is necessary for the purposes of a legitimate interest pursued by the Controller or by a third party unless such interests are overridden by the interests or fundamental rights and freedoms of the person, which require protection of his/her information , in particular if the person is a child.
9. How Can I Restrict or Otherwise Control the Kinds of Personal Data That UA Processes?
(i) Right of Rectification . You have the right to cause UA to rectify inaccurate information about you without undue delay.
(ii) Right to be Forgotten (Also known as “The Right of Erasure”).
(A) You have the right to have UA erase your Personal Data without undue delay where one of the following grounds applies:
(1) The Personal Data are no longer necessary in relation to the purposes for which they were collected or otherwise Processed;
(2) You withdraw your Consent to the Processing in accordance with Section 8(a)(vi) below, where there is no other legal ground for the Processing;
(3) You object to the Processing in accordance with Section 8(a)(iv) below and there are no overriding legitimate grounds for the Processing;
(4) The Personal Data have been unlawfully Processed;
(5) The Personal Data are required to be erased for compliance with a legal obligation in European Union or Member State law to which UA is subject (if applicable); or
(6) The Personal Data have been collected in relation to the offer of information society services referred to in Article 8(1) of the GPDR.
(B) Where UA has made the Personal Data public and is obliged pursuant to the paragraph above to erase the Personal Data, UA, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform third parties which are Processing the Personal Data that you have requested the erasure by such third party of any links to, or copy or replication of, those Personal Data.
(C) Paragraphs A and B shall not apply to the extent that Processing is necessary:
(1) For exercising the right of freedom of expression and information;
(2) For compliance with a legal obligation which requires processing by Union or Member State law to which UA is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in UA;
(3) For reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) and Article 9(3) of the GDPR;
(4) For archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) of the GDPR in so far as the right of erasure is likely to render impossible or seriously impair the achievement of the objectives of that Processing; or
(5) For the establishment, exercise or defense of legal claims.
(iii) Right to Restriction of Processing . You have the right to restrict Processing where one or more of the following applies:
(A) The accuracy of the Personal Data is contested by you for a period enabling UA to verify the accuracy of the Personal Data;
(B) The Processing is unlawful and you oppose the erasure of your Personal Data and request the restriction of the Personal Data use, instead;
(C) You no longer need the Personal Data for the purposes of the Processing, but they are required by you for the establishment, exercise or defense of legal claims; or
(D) You have objected to Processing pursuant to Article 21(1) of the GDPR pending verification whether the legitimate grounds of UA override yours.
Where Processing has been restricted in accordance with the above, your Personal Data shall, with the exception of storage, only be Processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal or for reasons of important public interest to the EU or a Member State (if applicable).
(iv) Right to Object to Automated Decision Making.
(A) General Rule . Where the Personal Data is processed on the grounds of the legitimate interests of UA or a third party under Section 8(f) above, you are, nevertheless, entitled to object to the processing of any Personal Data relating to your particular situation. If you so object, UA has the burden of showing that UA’s purported compelling legitimate purpose overrides your interests or the fundamental rights and freedoms.
(B) Stronger Rule for Direct Marketing . Where Personal Data are processed for direct marketing purposes (with or without Profiling or other automated decision making process), you have the right to object at any time to the Processing of your Personal Data for such marketing. And, where you so object, the Personal Data shall no longer be Processed for such purposes.
(v) Automated Decision-Making.
(A) Rule . Subject to the exceptions set forth in paragraph (B) below, you have the right not to be subject to a decision based solely on automated processing, including Profiling, in a way that produces legal (or similar) effects on you.
(B) Exceptions . The foregoing rule does not apply if the decision:
(1) Is necessary for entering into, or performance of, a contract between you and UA;
(2) Is authorized by EU or Member State law to which UA is subject and which lays down suitable measures to safeguard your rights and freedoms and legitimate interests (if applicable); or
(3) Is based on your explicit Consent.
Where the basis of the exception is (1) or (3) above, UA must “implement suitable measure to safeguard” your rights and freedoms and legitimate interests, “at least the right to obtain human intervention on the part of UA”, to express his or her point of view and to contest the decision.
(vi) Right to Withdraw Consent. You have the right to withdraw Consent at any time, for any reason, by notifying UA’s DPO of such request in writing or by email using the contact information set forth under Section 6 above. Once you have withdrawn Consent as provided in the preceding sentence, UA must cease Processing your Personal Data and delete such Data, unless one or more of the other legal bases for collecting or processing your information, as described in Section 7 above, applies.
(vii) Data Portability . You have the right to receive your Personal Data in a structured, commonly-used and machine-readable format and have the right to transmit that data to third party without hindrance from UA, where:
(A) The Processing is based on Consent as set forth under Section 7(a) above or the Processing was necessary for the performance of your contract with UA, as set forth under Section 7(b) above; and
(B) The Processing is carried out by automated means.
(b) Other Steps You Can Take to Control Your Personal Data.
(i) Disabling Cookies . The “Help” feature on most browsers will tell you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. Additionally, you can disable or delete similar data used by browser add-ons, such as Flash cookies, by changing the add-on's settings or visiting the website of its manufacturer.
(ii) Changing Customer Preferences . If you want to adjust your communication and/or advertising preferences, you can do that by adjusting the appropriate settings here.
(iii) Disabling Location-Based Services on Your Mobile Device . Most mobile devices allow you to turn off location services. Most likely, these controls are located in the device's settings menu. If you have questions about how to disable your device's location services, we recommend you contact your mobile service provider or your device manufacturer.
10. Can I Trust Third-Party Advertisers and Links to Third Party Websites That Appear on a UA Domain?
The UA Domains include third-party advertising and links to other websites. Except for the express obligations set forth above and in the GDPR and ePrivacy Regulation, UA assumes no responsibility for the actions of third-party advertising or the content access via such links.
11. Are Children Allowed to Use the UA Domains?
If you are under 18, you may use the UA Domains only with the involvement of a parent or guardian.
12. Conditions of Use, Notices, and Revisions.
Last Updated Effective January 1, 2020
Personal Data that You Intentionally Give Us
When you use a UA Domain and/or UA’s products or you work for us, as an employee or contractor, you may provide us with certain information about yourself, intentionally. For example, when you create a my.uaudio account, search for a product; place an order through a UA Domain or one of our third-party sellers; register a UA product; contact us or a third party for customer support; complete a questionnaire or a contest entry form; participate in a forum, discussion board, or social media comment section on our website; provide a product review or sign-up for payroll or benefits, you will provide us with information about yourself. Such information could include your name, address, zip code, country of residence, the type of DAW and computer you use, information about your credit card, and other potentially sensitive information.
Personal Data that We Collect On our Own
One category of Personal Data that we Process on our own is derived from your use of one or more UA Domains. For example, we Process information about the IP address you use to connect your computer to the Internet; your login; your e-mail address; your password; your computer and your connection information (such as browser type, version, time zone setting, language preferences, browser plug-in types, operating system, and platform); the products you search for, your web history, your click through history, your purchase history; and the phone number you used to call our 800 number.
Another category of Personal Data that we Process on our own is derived from your use of UA’s products. For example, software you license from UA may cause your computer, without notice to connect to a UA Domain:
(i) on install, on launch, and on a regular or intermittent basis thereafter to detect or prevent fraudulent or unauthorized use of the software and to report on software demo period activation and the extent of DSP usage, among other things;
(ii) to report an error in the functioning of the software;
(iii) to: (a) check for updates that are available for download to and installation on the computer and (b) notify UA of the results of installation attempts;
(iv) so that UA can deliver content about the software and/or other UA products and services;
(v) to facilitate your access to content and services that are provided by UA or such third party;
(vi) upon deactivation of the software; and
(vii) usage information that our Product Development Departments use to improve the software.
A third category of Personal Data that we Process on our own is derived from information that you provide via technical and repair requests. This includes the email address or phone number that you use to contact us and, upon request, account information; information about your computer; the software you use in conjunction with UA software and products; information about the configuration of your computer to aid in troubleshooting; your mailing address; and additional telephone numbers
A fourth category of Personal Data that we Process on our own is derived from your use of your mobile device. For example, when you download or use software provided by UA, we may receive information about your location and your mobile device, including a unique identifier for your device. We may Process this information to provide you with location-based services, such as advertising, search results, and other personalized content.
A fifth category of Personal Data that we process on our own is derived from email communications to and from you. For example, to help us make e-mails more useful and interesting, we receive a confirmation when you open e-mail from UA, information on what items within the email you click, and information on any resulting web store purchase activities, if your computer and email software supports such capabilities. We also periodically compare our customer list to lists received from other companies, in an effort to avoid sending unnecessary messages to our customers. When using Personal Data from third parties, it is our policy to use such data only when you had previously consented to the third party’s transfer of the Personal Data to us.
In collecting the Personal Data described above, we may use browser data such as cookies or flash cookies (also known as Flash Local Shared Objects). We may also use software tools to measure and collect session information, including page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.
Information From Other Sources
Examples of Personal Data that we receive from other sources include updated delivery and address information from our carriers or other third parties, which we use to correct our records and deliver your next purchase or communication more easily; account information, purchase or redemption information, and page-view information from some merchants with which we operate co-branded businesses or from which we receive fulfillment, advertising, or other services; search term and search result information from some searches; search results and links, including paid listings (such as Sponsored Links); credit history information from credit bureaus, which we use to help prevent and detect fraud and to offer certain credit or financial services to some customers; and background and other employment-related information.
UA Business Partners
Examples of UA business partners with whom we may share your Personal Data include technology partners from whom we license software that we integrate into our Systems, partners from whom we license trademarks that we use to brand individual software titles (or “Plug-Ins”) that we develop for our Systems and partners who, themselves, develop Plug-Ins for our Systems.
UA Third Party Service Providers
Examples of UA Third Party Service Providers include businesses which help us: manage payroll and benefits, fulfill orders, deliver packages, send postal mail and e-mail, remove repetitive information from customer lists, analyze data, provide marketing assistance, serve online advertising, provide search results and links (including paid listings and links), process credit card payments, and provide customer service. Some of these UA Third Party Service Providers use Profiling or other kinds of automated decision making techniques.
One of the more common purposes for which Profiling and other kinds of automated decision making techniques are used is to generate interest-based advertisements for us. Interest-based ads, also sometimes referred to as personalized or targeted ads, are displayed to you based on information from activities such as purchasing on our sites, visiting sites that contain UA content or ads, or interacting with UA tools.
(a) Advertising Preferences
UA offers you choices about receiving interest-based ads from us. You can choose not to receive interest-based ads from UA. Please visit the appropriate third party advertising provider to learn how to set this preference.
You can also generally opt-out of receiving personalized ads from third party advertisers and ad networks who are members of the Network Advertising Initiative or who follow the Digital Advertising Alliance’s Self-Regulatory Principles for Online Behavioral Advertising by visiting the opt-out pages on the NAI website and DAA website.
(b) Communication Preferences. You can adjust your communication preferences by clicking here or by clicking the unsubscribe link at the bottom of emails you receive.
 The full name of the GDPR is “The Regulation (EU) 2016/679) of the European Parliament and Of the Council (dated April 27, 2016): On the Protection of Natural Persons With Regard to the Processing of Personal Data and on the Free Movement of Such Data and Repealing Directive 95/465/EC.” It became effective on May 25, 2018.
 The full name of the ePrivacy Regulation is “Regulation of European Parliament and of the Council Concerning the Respect for Private Life and the Protection of Personal Data in Electronic Communications and Repealing Directive 2002/58/EC (Regulation on Privacy and Electronic Communication).”