POLÍTICA DE PRIVACIDAD Y POLÍTICA DE COOKIES DE LA APLICACIÓN OMI

The simplified joint stock company "OMI" SAS (hereinafter "OMI"), whose head office is located at 45 rue de la Chaussée d'Antin 75009 Paris France, is committed to respecting the privacy of any person providing them with personal data.

As part of the operation of the OMI Application distributed via the Spotify platform (hereinafter, the "Application"), OMI acts as data controller. The use of the terms "we" or "our" hereinafter refers to OMI.

This privacy and cookies policy (the "Privacy Policy") describes how we collect and use personal data relating to users of the Application (together "you", "your") in accordance with the General Data Protection Regulation. Protection of Personal Data ("GDPR") and the law known as "Informatique et Libertés" of January 6, 1978 as amended (together the "Applicable Legislation").

Generally speaking, OMI does not collect any directly identifying personal data through the use of the Application and only some specific indirectly identifying personal data is collected, as explained below.

This Privacy Policy also describes the legal bases on which we process personal data, who we share it with and how it is stored.

It is important that you read this Privacy Policy, as well as any other notices of information we may provide on specific occasions when we collect or process your personal data, so that you know how and why we use this data.

How is your personal data collected by OMI? What cookies are used?

We generally collect personal data about you directly via the Application (to be precise, via HTTP request headers). These are "cookies" or similar tracers within the meaning of the Applicable Legislation.

These tracers are strictly necessary for the provision of the service offered by OMI. The information thus collected is used to verify that the Application is used on the correct site and makes it possible to fight against fraud, in the interest of its users.

These cookies do not collect any information about you that may be used for marketing purposes or to remember the websites you have visited.

What personal data do we collect and for what processing purposes?

By personal data we mean any information about a person from which that person can be identified directly or indirectly. This does not include data for which identity has been removed (anonymous data).

As part of the Application, via trackers, the only personal data collected and processed by OMI is the IP address of the Application user. It is associated with access logs and the user's store. The legal basis for this processing is our legitimate interest: these data (collected via trackers) are strictly necessary for the provision of the service requested by the user and to enable us to fight against fraud.

OMI may also use the data to improve the algorithms of the Internet Application and its services as well as similar services that it offers to its customers, on the basis of its legitimate interest.

We believe that the risk associated with personal data that we process based on our legitimate interests is not excessive or overly intrusive. In particular, we have put in place measures to protect your rights by applying appropriate retention periods and ensuring appropriate security controls.

If you choose not to provide the personal data we request or if you set your device to block this information, we may not be able to provide you with the products and/or services you have requested or fulfill the requirements. purposes for which we requested Personal Data.

Recipients of your personal data

Generally speaking, we do not share your personal data with third parties and only OMI teams have access to it.

As an exception, we may share your personal data with third parties when required by law, in particular to judicial authorities, public administration and any other third party if we are obliged to disclose or share your personal data in order to comply with any legal obligation, to protect the rights, property and/or safety of our company or our personnel.

Your data may also be processed by our hosting service providers. We carefully selected these service providers and taken measures to ensure adequate protection of your personal data. All of our service providers are required by written contract to process the personal data provided to them solely for the purpose of providing a specific service to us and to maintain appropriate security measures to protect your personal data

Where are your personal data located? Is the data subject to international transfer?

Your personal data is located on our servers in France or those of our hosting providers located within the European Union. We will notify you if this changes and implement appropriate safeguards to enable such transfers.

How long do we keep your personal data?

We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting or tax requirements.

Generally, we delete your data within 13 months of collection and within 48 hours of uninstalling the Application, where applicable.

What do we do to ensure the security of your personal data?

OMI is committed to protecting personal data against loss, misuse, disclosure, alteration, unavailability, unauthorized access and destruction, and takes all reasonable precautions to protect the confidentiality of personal data, including by taking organizational and technical measures appropriate.

We have adopted physical, electronic and administrative security measures including the use of extensive firewalls and passwords to secure access to personal data. In addition, we limit access to personal data to employees who need to know this information in the course of their duties within OMI.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable supervisory authority of a suspected breach where we are legally required to do so.

Your rights

As a data subject, you have various rights. These rights are not absolute and each of these rights is subject to certain conditions in accordance with Applicable Legislation, as explained below. Given the nature of the personal data collected by OMI (mainly your IP address), the effective exercise of these rights will therefore be difficult in most cases, but we will do our best to respond.

  • The right of access -- you have the right to obtain from us confirmation as to whether or not your personal data is being processed by us, as well as certain other information (similar to that provided in this Privacy Policy) about how they are used. You also have the right to access your personal data, by requesting a copy of the personal data concerning you. This allows you to know and verify that we are using your information in accordance with data protection laws. We may refuse to provide information where it may reveal personal data about another person or adversely affect the rights of another person and we may ask you for further information if it is necessary to be able to respond to your request.

  • The right to rectification -- you can ask us to take steps to correct your personal data if it is inaccurate or incomplete.

  • The right to erasure -- also known as the 'right to be forgotten', this right allows you, in simple terms, to request the erasure or deletion of your personal data where, for example, it is not There is no compelling reason for us to continue using them or their use is illegal. However, this is not a general right to erasure and there are some exceptions, for example where we need to use the information to defend a legal claim or to be able to comply with a legal obligation.

  • The right to restrict processing -- you have the right to "block" or prevent further use of your personal data when we are assessing a rectification request or as an alternative to erasure. Where processing is restricted, we may still retain your personal data, but we cannot use it further.

  • The right to object -- you have the right to object to certain types of processing, for reasons relating to your particular situation, at any time, to the extent that such processing takes place for the purposes of the legitimate interests pursued by OMI.

We will be allowed to continue processing personal data if we can demonstrate that the processing is justified by compelling legitimate reasons which override your interests, rights and freedoms or if we need it for the establishment, the exercise or defense of legal actions. The right to withdraw your consent -- if we were to process your personal data based on your consent, you would have the right to withdraw your consent at any time. However, such withdrawal does not affect the lawfulness of the processing which took place before such withdrawal. The right to provide us with instructions on how we use your personal data after your death -- you have the right to provide us with instructions on how to manage (e.g. retention, erasure and disclosure) your data after your death. death. You can change or revoke your instructions at any time. To exercise these rights, please contact us at the address in paragraph I below, specifying the right you wish to exercise and attaching proof of identity to your request.

How to contact us?

OMI reserves the right to periodically update this Privacy Policy. We will inform you of any substantial modification relating to the use of your personal data.

If you have any questions regarding this privacy policy or the use of your personal data, please contact us by email at the following address:

OMI SAS 45 rue de la Chaussée d'Antin 75009 Paris or by email at support@omi.so

Before evaluating your request, we may ask you for additional information to identify you. If you do not provide the requested information and, as a result, we are unable to identify you, we may refuse to comply with your request.

If you are not satisfied with our response to your complaint or if you believe that the processing of your Personal Data does not comply with data protection laws, you can lodge a complaint with the competent supervisory authority regarding data protection. The Commission Informatique et Libertés (CNIL) is the data protection authority in France (www.cnil.fr).