Last updated on 07/02/2021
- the personal data that we collect;
- how and for what purposes we use your personal data;
- for how long we retain your personal data;
- your rights in respect of the processing of your personal data;
- our protection measures to keep your personal data secure;
- the ways you can control how your personal data is used or shared in order to protect your rights.
1. Who we are
FinalLevel OU, Pärnu mnt 158, 11317 Tallinn, the Republic of Estonia
You also may submit inquiries regarding personal data protection, privacy and security matters to firstname.lastname@example.org.
2. What personal data do we collect?
Personal data (or data) is any information relating to you and that alone or in combination with other information allows a person that collects and processes such information to identify you as an individual. It can be your name, address, your location data, or information related to your physical, physiological, genetic, mental, economic, cultural or social identity. Personal data under the EU General Data Protection Regulation (GDPR) also includes such technical information as a Media Access Control address (MAC-addresses), International Mobile Equipment Identity (IMEI), Unique Device Identifier (UDID), the Identity for Advertisers (IDFA), Internet Protocol address (IP-address), browser and system information.
Processing of the personal data means, for example, collection, recording, organizing, structuring, storage, use, disclosure by any means etc.
If you choose to login on our Site, additionally to the data we collect from anonymous users, the following categories of data to and on behalf of you will be processed:
When you log in through a third-party account such as Google, Facebook, Twitter, Yahoo, Apple or similar services, you give us consent to extract from such an account your name, photo, email address, language preferences or other information which is clearly indicated when signing in with their help. Please pay attention to the description when you consent to such logging in.
When you visit our feedback page to ask questions or give another request to us, you should provide us with your name, email address and the text of the message). We kindly ask you not to provide us with any excessive personal data, including sensitive data on the feedback page.
- the latest station which you’re listening;
- the latest country you’re browsing;
- the latest language you’re selected;
- favorite station list.
- Your IP number in anonymized form.
- The date and time of the latest login (based on your consent).
After login you are issued with cryptographic token which is used both as a proof of your consent and authorisation. This token is stored in your cookie, and sent with each request by your browser to ORB.
Additionally, when you log in through the application and you sync the application with the Site, we may collect and process the information about your devices through which you may login, such as platform, language, deviceID and phone model.
3. What do we use your personal data for?
We collect and process the personal data in order to provide you with all necessary services within our Site (including to make steps to conclude the contract with you). In particular, we collect and process different types of data for the following purposes:
"Account data": to provide you with our primary services, create and maintain your account, communicate with you at your request, to identify you as an ORB User;
"Feedback data": to provide you with the user support services (e.g. provision of the full and accurate information regarding your request), to improve our Site (ORB continually strives to improve our Site offerings based on the information and feedback we receive from our Users);
"Configuration data": to personalize your experience (the information will help ORB better respond to your individual needs); to produce and display cookie declarations;
"Log-in Data": to enable secure login for you in the ORB Service.
If at any time you would like to stop sharing your information, you can delete your data after login by clicking on "Delete my Data" or by contacting us at email@example.com.
4. What is the legal basis for processing of your data?
EU General Data Protection Regulation (GDPR)
The processing of your data is either based on your consent or in case the processing is necessary for the performance of a contract to which you are a party, or in order to take steps at your request prior to entering into a contract, cf. GDPR art. 6(1)(a)-(b) whatever is may be applicable.
We collect and process most of the personal data to fulfil our contractual obligations under our Terms, that is for the performance of the contract and to make tuning to your favorite stations quick, fun and enjoyable, as well as to provide other information services indicated in the Terms.
If you voluntarily provide us with personal data within the feedback or similar requests, you also agree that we may collect and process these data to provide additional services to you within our Terms.
If the processing is based on your consent, you may at any time withdraw your consent by simply deleting your personal data by clicking "Delete my data (in case of login) or by contacting us at firstname.lastname@example.org.
California Consumer Privacy Act (CCPA)
The California Consumer Privacy Act (CCPA) is a law designed to protect the data privacy rights of citizens living in California. Under this law you have important rights, describing below:
1. How your data is being used
2. Opt out of having your personal information been used
Find out, how your data is been used by third party, which is Google for our project: https://policies.google.com/privacy
You can choose to opt out of having your personal information sold or been used by third-parties and businesses, such as Google Doubleclick or Google Adsense.
By clicking on the button below, you will restricts Google to use your personal data. Google will only show you non-personalized ads. Non-personalized ads are based on contextual information, such as the content of our website.
Restricts Google to use your personal data
By processing this request, you will restricts Google to use your personal data. Google will only show you non-personalized ads. Non-personalized ads are based on contextual information, such as the content of our website.
3. Delete all your personal data
If you authorized on Online Radio Box, you can delete all you personal data from our servers. All End User Data, Configuration Data and System Generated Data will be erased after account deletion in 29 days.
Request to delete my Personal Data
We do not permit children under 13 years of age (or under 16 years of age for children residing in the EU/EEA) to register and does not knowingly collect any personal information from them. If you are under the age of 13 (or under the age of 16 if you reside in the EU/EEA), please do not register with us. In the event that we learn affirmatively that we have obtained or collected information from or about children under 13 (or, where applicable, 16) years of age, we will use our best efforts to remove such information from our servers. If you are aware of any child under the age these age limits who have registered with us, please contact our Support Team by emailing at email@example.com.
5. How do we protect your personal data?
ORB implements the following technical, physical and organizational measures to maintain the safety of your personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized use, unauthorized modification, disclosure or access and against all other unlawful forms of processing.
ORB uses distributed system and doing its best to provide the best availability possible, but service is provided as is, and ORB doesn’t responsible for any damage which might be caused by interruptions.
All personnel are subject to full confidentiality and any subcontractors and subprocessors are required to sign a confidentiality agreement if not full confidentiality is part of the main agreement between the parties.
The personal data can be only accessed through private network over an encrypted connection and only from the limited set of IPs. Also any access by authorized personnel is logged. We do not store personal information outside of the private servers even temporarily.
ORB will at all times keep you informed about changes to the processes to protect data privacy and security, including practices and policies. You may at any time request information on where and how data is stored, secured and used. ORB will also provide the summaries of any independent audits of the Service (if applicable).
All access to personal data is blocked by default, using a zero privileges policy. Access to personal data is restricted to individually authorized personnel. Authorized personnel are granted a minimum access on a need-to-have basis.
The ability to intervene
ORB enables your rights of access, rectification, erasure, blocking and objection mainly by providing built-in functions for data handling in the Service, and also by informing about and offering you possibility of objection when ORB is planning to implement changes to relevant practices and policies.
ORB uses security reports to monitor access patterns and to proactively identify and mitigate potential threats. Administrative operations, including system access, are logged to provide an audit trail if unauthorized or accidental changes are made. System performance and availability is monitored from both internal and external monitoring services.
Personal Data breach notification
In the event that your data is compromised, ORB will notify you and competent Supervisory Authority(ies) within 72 hours by e-mail with information about the extent of the breach, affected data, any impact on the Service and ORB's action plan for measures to secure the data and limit any possible detrimental effect on the data subjects.
Cookies are small pieces of code that are stored on your device when you use websites or other services. They are installed on your device to enable different useful features, for example, to facilitate navigation on the service.
In some (but not all) cases, cookies are used to collect personal data, such as IP addresses and data linked to the IP address. The usage of such cookies is regulated by the data protection laws, and you as a user obtain more rights to control the collection and processing of these data.
We use the following cookies divided by groups:Necessary cookies
These cookies are strongly required for the error-free operation of the Site, as well as for its accessibility. You may decline these cookies by changing your browser settings, but this may affect the functioning of ORB. There are several types of necessary cookies:
- Authorization token (we generate unique cryptographically signed token on every request from the browser, we validate this token and associate it with the User’s name, email and favorites);
- Current station;
- Current country;
- Sound volume;
- Current language;
- Cookie settings.
Marketing cookies help us and our partners to fit the adverts and content you see during and after visiting our site to your interests. We use Google Doubleclick for Publishers (Google Adsense) https://policies.google.com/privacy
These cookies allow us to track your activity on the ORB to optimize it for our users. For instance, we may count the number of visitors, measure sessions durations, check the geographical location of the visitors, characteristics of their devices etc. The cookies are set by third-party analytics service Google Analytics https://policies.google.com/privacy. The data collected in such a way is stored in aggregated form, and it does not constitute personally identifiable information.
Other third party cookies
We use social network sharing buttons, to help our users spread ORB content on the social networks. Service provided by the AddThis (https://www.oracle.com/legal/privacy/addthis-privacy-policy.html).
We use YouTube to have official music videos for top tracks on the radio stations by YouTube embedded player, under YouTube open API (https://developers.google.com/youtube/terms/api-services-terms-of-service).
The cookies consent message is the first message that you were likely to see when you visited our Site. You may choose the types of cookies for the use of which you agree. If you want to change your cookies preferences, you can make it by the button below:The following links might be useful for you to configure the cookies on the Site with the use of the best option of browser and OS for the users of:
7. Do we disclose any information to outside parties?
We do not sell, trade or otherwise transfer to outside parties any personally identifiable information.
This does not include trusted third parties or subcontractors who assist us in operating our Site, conducting our business, or servicing you. Such trusted parties may have access to personally identifiable information on a need-to-know basis and will be contractually obliged to keep your information confidential. In particular, we use YouTube API, Google Analytics, Google Admob (for applications) and Google Adsense Services, MoPub Service (for applications).
We may also release your information when we believe release is appropriate to comply with the law, enforce our Site policies, or protect our or others’ rights, property, or safety. Furthermore, anonymized visitor information may be provided to other parties for marketing, advertising, or other uses.
When we transfer data to the country not recognised by the European Commission as ensuring an adequate level of data protection, we secure such transmission by including standard contractual clauses compliant with the EU data protection laws into our data processing agreements.
Legally required disclosure
ORB will not disclose your data to law enforcement except when instructed by you or where it is required by law. When governments make a lawful demand for your data from ORB, ORB strives to limit the disclosure. ORB will only release specific data mandated by the relevant legal demand. If compelled to disclose your data, ORB will promptly notify you and provide a copy of the demand unless legally prohibited from doing so.
8. Third party links
At our discretion, we may include or offer third party products or services on our Site. These third party sites have separate independent privacy policies. If you are interested in more details about how these third-party services process personal data, please refer to their privacy policies available on their websites. We have no responsibility or liability for the content and activities of these linked websites. Nonetheless, we seek to protect the integrity of our Site and welcome any feedback about these websites.
9. Where do we store the information?
No stored data will be transferred, backed up and/or recovered by ORB outside of the European Union.
Personal data location
All data are stored in databases and file repositories hosted in Falkenstein, Germany (Hetzner DC5). All data are automatically replicated in real time to secondary hot failover databases and file repositories Falkenstein, Germany (Hetzner DC5).
Databases are continuously backed up to enable restore to any point in time within a retention period of 29 days. Backups are stored on file storage in Falkenstein, Germany (Hetzner DC7).
Installation of software on cloud customer’s system
No installation of software is required to use the Service. The login-protected Service is accessible through a standard web browser.
10. Access, data portability, migration, and transfer back assistance
You may at any time obtain confirmation from ORB as to whether or not personal data concerning you are being processed. You may at any time order a complete data copy, which you may transmit to another controller of the data. Your data will be delivered within 10 working days by ORB as files in CSV format. Logical relations between datasets will be preserved in form of unique identifiers.
11. Request for rectification, restriction or erasure of the personal data
You may at any time obtain without undue delay rectification of inaccurate personal data concerning you.
You may at any time request us to restrict the processing of personal data when one of the following applies:
- if you contest the accuracy of the personal data, for a period enabling ORB to verify the accuracy of the personal data;
- if the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead; or
- if ORB no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims.
You may without undue delay request the erasure of personal data concerning you, and ORB shall erase the personal data without undue delay when one of the following applies:
- if the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- if you withdraw your consent on which the processing is based, and where there is no other legal ground for the processing;
- if you object to the processing in case the processing is for direct marketing purposes;
- if the personal data have been unlawfully processed; or
- if the personal data have to be erased for compliance with a legal obligation in EU or national law.
12. Data retention
Data retention policy
All Account Data, Configuration Data and Log-in Data will be erased after account deletion in 29 days.
Request to delete my Personal Data (allows the authorized users to delete all their personal data without any recovery options).
Data retention for compliance with legal requirements
You cannot require us to change any of the default retention periods, except for the reasons for erasure as it is stated above, but may suggest changes for compliance with specific sector laws and regulations.
We use logs all system updates, configuration changes and access to provide an audit-trail if unauthorized or accidental changes are made. You may request a data protection audit performed by an independent third party who is also accepted by ORB. You may pay a Fee associated with the request plus applicable taxes as well as any other costs related to the audit as the case may be.
ORB will cooperate with you in order to ensure compliance with applicable data protection provisions, e.g. to enable you to effectively guarantee the exercise of data subjects’ rights (right of access, rectification, erasure, blocking, opposition), to manage incidents including forensic analysis in case of security breach.
15. Online Radio Box Terms and Conditions of Use
Please also visit our Terms section establishing the use, disclaimers, and limitations of liability governing the use of our Site.
17. If you are not satisfied
Also you may at any time lodge a complaint with a supervisory authority regarding ORB’s collection and processing of your personal data.
The Data Protection Inspectorate will continue to act as the supervisory authority in Estonia.
Data Protection Inspectorate, Väike-Ameerika 19, 10129 Tallinn, Estonia, www.aki.ee
Thank You for choosing ORB and enjoy your streaming!:)