10 April 2022
This policy describes the information we process to support Luminary ROLI Ltd. and the products and features offered by Luminary ROLI Ltd.
"Personal data" means any information relating to you that can identify you, directly or indirectly, in particular by reference to an identifier such as a name, email address, an identification number, location data, or an online identifier.
For the purpose of the EU General Data Protection Regulation 2016/679 (GDPR), the data controller is Luminary ROLI Ltd. a company registered in England and Wales under company number 13407346 whose registered office is at 326/327 Stean Street, London E8 4ED.
All your data will be held and used in accordance with the GDPR and any relevant national laws which implement the GDPR and any legislation that replaces it in whole or in part.
2. Children and Minors
ROLI offers a limited version of the Platform for certain ROLI products and services for children under the age of 13 who are located in the US, or children under the age of 16 who are located anywhere else in the world (collectively called "Limited Users"). This limited version of the Platform restricts certain features and options to ensure that ROLI does not collect any personal data from the Limited User other than as provided for in this paragraph. Except in the case of responding to a specific request to register or support ROLI products from a Limited User, as more fully described below, ROLI does not collect or store any personal data from such Limited Users, apart from a persistent identifier that is used only for support of the internal operations of the ROLI Platform. The persistent identifier is not used or disclosed to contact the Limited User, including through behavioral advertising; to amass a profile on the Limited User; or for any other purpose other than internal operations. Internal support operations include the following:
— Providing the Limited User with limited access to the Platform;
— Collecting anonymous information about how the Limited User uses our services and products;
— Administering our Platform and for internal operations, including troubleshooting, data analysis, testing, and research;
— Improving our Platform to ensure that content is presented in the most effective manner for the Limited User;
— Keeping our Platform safe and secure.
ROLI does not share Limited Users' personal data with any third parties, except to the extent it is required to share with our data processors in order to provide the Platform, in order to comply with legal obligations or to protect the rights and safety of ROLI and its customers, as is further described in Section 5 (Cookies) below. ROLI takes all steps reasonably necessary to ensure that your data is treated securely, with adequate protections when engaging processors on our behalf.
3. Information We Collect
This Section 3 describes ROLI's collection practices for non-Limited Users, who are 13 years of age or older in the case of US users, or 16 years of age or older in the case of non-US users throughout the world. Please see section 2 for ROLI's collection practices for Limited Users.
Information you give us.
You may give us information about yourself via forms on the Platform or by corresponding with us by phone, e-mail or otherwise. This includes information you provide when you register, visit or use the Platform, place an order on the Platform, subscribe to the newsletter, or report a problem with the Platform. The information you give us may include your name, address, e-mail address and phone number, personal description, photograph, and which products you have purchased from us. In limited circumstances, you may provide us with your card or bank account details.
Information we collect about you. Information we get from your use of our Platform.
With regard to each of your visits to the Platform we may automatically collect the following information:
— technical information, including the Internet protocol (IP) address used to connect your computer to the Internet; your login information; browser type and version; time zone setting; session length; browser plug-in types and versions; hostname; operating system and platform and computer specifications;
— information about your visit and use of our Platform, including the use of certain features or content on our Platform; the full Uniform Resource Locators (URL) clickstream to, through and from our Platform (including date and time); products you viewed or searched for; page response times, download errors, length of engagement with web pages or apps, page and software interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number.
Information we receive from other sources.
We work closely with third parties — including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers (such as Google Analytics ) search information providers, and credit reference agencies. We may receive information about you from such third parties.
Information you share.
When you save or share a music project file through our Platform, we may receive information about your device, software and your composition, as well as any notes or comments you post related to it or any other content on the platform.
How we use information we collect We will use the information you give us:
— to improve customer service and help us respond to your support needs more effectively.
— to meet our obligations arising from any contract entered into between you and us and to provide you with the information, products and services that you request from us;
— to provide you with information about other goods and services we offer that are closely related to those that you have already purchased or enquired about;
— to provide you with information about goods or services we feel may interest you. If you are an existing customer, we will contact you by electronic means (e-mail or SMS) only to provide information about goods and services similar to those which were the subject of a previous sale or negotiations of a sale to you, and you will be given an option to unsubscribe with each communication. If you have not purchased a product, we will contact you by electronic means only if you have consented to this;
— to notify you about changes to our service and products;
— to provide you with learning and support content to help you make the most of your products;
— to ensure that content from our Platform is presented in the most appropriate manner for you and for your computer.
We will use the information we collect about you for the reasons above, and also:
— to understand how you use our services and products and further personalise your experience.
— to administer our Platform and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
— to allow you to participate in interactive features of our service, when you choose to do so;
— as part of our efforts to keep our Platform safe and secure;
— to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you;
— to make suggestions and recommendations to you and other users of our Platform about goods or services that may interest you or them.
We may combine information we receive from other sources with information you give to us and information we collect about you. We will use this information and the combined information only for the purposes set out above (depending on the types of information we receive).
4. The Legal Basis for Processing your Information
In accordance with GDPR, the main grounds that we rely upon in order to process your information are as follows:
— Necessary for entering into or performing a contract. In order to perform obligations which arise under any contract we have entered into with you, it will be necessary for us to process your information.
— Necessary for compliance with a legal obligation. We are subject to certain legal requirements which may require us to process your information. We may also be obliged by law to disclose your information to a regulatory body or law enforcement agency.
— Necessary for the purposes of legitimate interests. Either we or a third party will need to process your information for the purposes of our (or a third party's) legitimate interests, provided that we have established that those interests are not contrary to your rights and freedoms, including your rights to privacy, and to have your information protected. Our legitimate interests include responding to requests and enquiries from you or a third party, optimising our website and user experience, informing you about our services, and ensuring that our operations are conducted in an appropriate and efficient manner.
— Consent. In all other circumstances, we will ask for your consent to process your information, or to communicate regularly with you.
6. Information we share
We may share your personal data with any member of our group, which means Luminary ROLI Ltd., as the ultimate holding company, and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
We may share your personal data with selected third parties, including business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you, and with trustworthy analytics and search engine providers that assist us in the improvement and optimization of our Platform.
In the event that we sell or buy any business or assets, we may disclose your personal data to the prospective seller or buyer of such business or assets.
We may also disclose or share your personal data if we are under a duty to do so (including in the case of Limited Users) in order to comply with any legal obligation, or in order to enforce or apply our General Terms of Sale and other agreements; or to protect the rights, property, or safety of Luminary ROLI Ltd., our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection.
7. Storage and Security
The data that we collect from you may be transferred to, and stored at, a destination outside the European Union, the European Economic Area and Switzerland ("the Territory"), and in particular the United States. It may also be processed by staff operating outside the Territory who work for us or for one of our suppliers. Such staff may be engaged in, among other things, the fulfilment of your order, the processing of your payment details, and the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing.
To the extent that any of your data is provided to third parties outside the EEA, or accessed by third parties from outside the EEA, we will ensure that appropriate safeguards are in place in accordance with the GDPR (such as the European Commission's standard contractual clauses, or the EU/US Privacy Shield).
Unfortunately, the transmission of information via the internet is not completely secure. We will do our best to protect your personal data, meet our obligation to employ best practices, and avoid unnecessary storage or transfer of your data. However, we cannot guarantee the absolute security of your data transmitted to our Platform. We are not responsible for any damages which you, or others, may suffer as a result of the loss of confidentiality of such information, but may still be responsible for a breach of personal information, and potentially will be required to report this to the Information Commissioner's Office. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
8. Marketing and Third Party Links
Where you have not previously bought from us but have registered your details with us (for example by entering a competition or registering your products), we will send you marketing communications only if you opted into receiving marketing at the time. You may withdraw this consent at any time. We may also share certain data with third party social media platforms in order to show you targeted ads when you visit them. We do this by:
— using cookies to capture your visits to our website. Please refer to our Cookies Policy for more information;
— providing these platforms with your email address to create 'audiences' of users fitting a certain demographic/category so that we can show our advertisements to audiences that want to see them. Please check the social media platforms' terms for more details of these services.
This is in our legitimate interest to send you direct marketing. See 'Opting out' below for details of how you can adjust your marketing preferences. Our Cookies Policy also explains how you can adjust your cookies preferences.
In case you decide that you no longer want to give us permission to send you marketing messages, you may do so by unsubscribing from the newsletter via the unsubscribe link in the footer in each email.
If you opt out of receiving email marketing from us, we will no longer share your email address with social media platforms (see 'Third Party Processors' below). However, you may continue to see our ads through them, due to their general demographic targeting. Please check the social media platforms for more details of how to opt out of seeing these ads.
Our Platform may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies. We cannot accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
9. Third Party Processors
Payment providers — We use payment providers to process your payment transactions, such as PayPal, Stripe and Affirm.
Cloud storage providers — We use cloud computing platforms that securely store all of our data, including customer details.
Email service providers — In order to send you marketing content and transactional emails, we share your details with our email service providers.
Stockists and delivery providers — In order to package and mail your orders to you, it is necessary to share your information with stockists and delivery providers.
Marketing and insights providers — Marketing and insights tools allow us to understand our customers better so that we may continually improve our website, products and customer service experience. We may share anonymised information about our customers to facilitate this process. Customer service platforms — When you interact with our Support team, your details are shared with our customer service platform providers. Feedback forms — when you make a purchase, we engage a third party to request and collate your feedback on our behalf.
10. Compliance and cooperation with regulatory authorities
11. How long we hold your information
We will only retain your information for as long as is necessary to fulfil our purposes, including for the purposes of satisfying any legal, accounting or reporting requirements. The criteria that we use to determine retention periods will be determined by the nature of the data and the purposes for which it is kept, the sensitivity of the data and the potential risk of harm from unauthorised use or disclosure.
12. Your rights
You have certain rights in relation to the personal data that we hold about you. Details of these rights and how to exercise them are set out below. Please note we will require evidence of your identity before we are able to respond to your request.
Right of Access. You have the right at any time to ask us for a copy of the personal information that we hold about you and to check that we are lawfully processing it. Where we have good reason, and if the GDPR permits, we reserve the right to decline such a request, or certain elements of the request. If we refuse your request or any element of it, we will provide you with our reasons for doing so.
Right of Data Portability. In certain instances, you have a right to receive any personal information that we hold about you in a structured, commonly used and machine-readable format.
In such circumstances, you can ask us to transmit that information to you or directly to a third party organisation.
While we are happy for such requests to be made, we are not able to guarantee technical compatibility with a third party organisation's systems. We are also unable to comply with requests that relate to personal information of others without their consent.
You can exercise any of these rights at any time by contacting us using the details in the 'Contact' section below.
Right of Correction or Completion. If personal information we hold about you is not accurate or is out of date and requires amendment or correction, you have a right to have the data rectified or completed. This can usually be done by interacting with our platform.
Right of Erasure. In certain circumstances, you have the right to request that personal information we hold about you is erased e.g. if the information is no longer necessary for the purposes for which it was collected or processed or our processing of the information is based on your consent and there are no other legal grounds on which we may process the information.
Right to Object to or Restrict Processing. In certain circumstances, you have the right to object to our processing of your personal information e.g. if we are processing your information on the basis of our legitimate interests, but there are no compelling legitimate grounds for our processing which override your rights and interests.
You may also have the right to restrict our use of your personal information, such as in circumstances where you have challenged the accuracy of the information and during the period where we are verifying its accuracy.
Right to Withdraw Consent
In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. This can usually be done by interacting with our platform. Alternatively, you can do this by contacting us using the details in the 'Contact' section below. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
If you are unhappy about our use of your information, you can contact our data protection team or contact us using the details in the Contact section below. You are also entitled to lodge a complaint with the UK Information Commissioner's Office using any of the below contact methods:
Telephone: 0303 123 11113
Website: https://ico.org.uk/concerns/ Post: Information Commissioner's Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF
If you live or work outside of the UK or you have a complaint concerning our activities outside of the UK, you may prefer to lodge a complaint with a different supervisory authority. A list of relevant authorities in the EEA can be accessed here.