Last updated on 7 February 2023
This privacy notice describes how Overtone Studios AB, reg. no. 559123-4199, Västgötagatan 2, 118 27 Stockholm, Sweden (“Overtone Studios”, “we”, “our”, “us”) collects and uses your personal data. It tells you what to expect us to do with your personal data if you communicate or engage with us or otherwise visit our website. It further describes the rights you may have in relation to our use of your data and how to exercise those rights.
As a data controller, we must ensure that we use your personal data in compliance with applicable privacy and data protection laws (primarily the General Data Protection Regulation (EU) 2016/679, the “GDPR”) and to protect your personal data accordingly. If you have questions or concerns regarding how we fulfill our obligations, you are welcome to contact us using the details in Section 8 below.
We may update this privacy notice from time to time. At the top of the page, you can see the last date when this was made.
In order for Overtone Studios to be able to provide our website and communicate with you, we collect and process your personal data as further explained below.
The personal data we use is primarily collected directly from you when you interact with us or use our website. To help you better understand why we use your personal data and to make sure you know we use it only as necessary in a legitimate way, the purposes for carrying out our processing activities as well as the legal bases we rely on for doing so are explained below. 2.1.
We review our storage of personal data on a regular basis, in order to delete or anonymize data when it is no longer necessary to keep for the purposes it was collected. E.g. when you make a contact request on our website, we will keep your personal data for as long as necessary in order to fulfill your request and then delete it within one (1) year.
Please note that your personal data may be stored for some time after our last interactions with each other, e.g. in order for us to be able to fulfil our remaining contractual or legal obligations or address legal claims related to our relationship with you or the company you represent or work for.
For more information, please contact firstname.lastname@example.org
In order for us to be able to work with you and to carry out our business activities and fulfill our obligations as described in Section 3 above, your personal data will be shared with the following categories of recipients.
(a) Our group companies. We may share your personal data with our group companies to enable e.g. localized support.
(b) Service providers. We engage third party service providers who will receive and process your personal data, subject to the data protection obligations we apply for such situations. Such third party service providers are typically necessary to operate our website and other IT services, such as technical infrastructure service providers. They also include external consultancy services such as legal services.
(c) Public agencies and authorities. We share information with public agencies and authorities to comply with our legal obligations, or to claim or respond to legal processes (e.g., a court order), or where otherwise necessary for the establishment, exercise or defense of legal claims.
(d) Sale or transfer. We may also share your personal data to third parties (such as a data room vendor and/or potential investors) in case of a merger, tenure, acquisition or sale of all, or parts of, our assets.
In order to carry out activities described in this privacy notice, we will share your personal data with our group companies. This includes transfers to our group companies within the EU/EEA as well as outside the EU/EEA (the USA and South Korea). Transfers of your personal data outside of the EU/EEA also takes place in relation to other recipients listed in Section 4 above, e.g. our service providers, partners and social media platforms.
Before we transfer personal data outside the EU/EEA we have to ensure that the level of protection of your personal data and your rights remain adequate.
This means we must base such transfers on specific mechanisms, most commonly
We are committed to protecting your personal data. To help maintain the security of your personal data we have implemented organizational and technical measures to adequately protect it, e.g. policies, instructions, routines against unauthorised access and unnecessary retention as well as safeguards such as firewalls, fraud detection and other systems to detect unauthorized activities aimed at us. We keep these measures under close review in order to keep our systems and the personal data we process safe.
There are a number of rights that you may be entitled to exercise in relation to us when we process your personal data. Below, you find a summary of what these rights involve and when they may apply. If you want to know more or wish to make a request in order to exercise your rights, you are welcome to email us at email@example.com or mail your request to the address in Section 8 below.
Your rights and when they may apply:
(b) Right of access. You have the right to know whether we process personal data relating to you and to obtain a copy of the personal data we process about you. You also have the right to supplementary information similar to the information in this privacy notice to understand how we are using your data, e.g. why we are processing it, what categories of personal data it concerns and for how long we store it.
(c) Right to rectification. You have the right to have inaccurate personal data about you corrected and, in some cases, you may even supplement it.
(d) Right to erasure. You have the right to obtain that we erase personal data relating to you when we no longer have a relevant or valid reason to process or store it, such as when you (or the company you represent) quit your subscription with us and end your relationship with us, or if you object to certain processing carried out by us and we cannot adequately justify continued processing.
(e) Right to portability. You have the right to reuse your personal data. This means you may have the right to receive it from us or have it directly transmitted to someone else for continued use at your choice, where the personal data has been provided or generated directly by you during the course of your relationship with us. Please note however that this excludes information or results we have inferred or created. Neither does the right to portability apply to the extent we only process data manually. Your right to portability will further depend on interoperability, what is technically feasible and whether it will adversely affect the rights of others.
(f) Right to object. You have the right to object to our continued processing of your personal data. For example, where our processing is carried out with reference to our or someone else’s legitimate interests, your objection may result in an obligation for us to cease the processing unless we are able to sufficiently justify continued processing.
(g) Right to restriction. Following your request to exercise your rights there may be situations where we must cease our processing activities and restrict them, without erasing your personal data. This might be because you object to such erasure or need the personal data to establish, exercise, or defend legal claims. There may also be situations where we need to verify e.g. the accuracy of the personal data concerned or where we disagree with each other to the extent we need to assess whether we can still process your personal data in spite of your objection. In such cases, you have the alternative to obtain that we restrict the processing of the personal data concerned which means (i) we will only store it or use in very limited situations (if applicable), such as with your consent or to establish, exercise, or defend legal claims and (ii) you will be informed before we lift any such restriction.
(h) Right to lodge a complaint with a supervisory authority. If you are unhappy with how we process your personal data or our practices around privacy and data protection matters otherwise, you have the right to lodge a complaint to a supervisory authority. In Sweden, this is the Swedish Authority for Privacy Protection (Sw. Integritetsskyddsmyndigheten), but each EU member state has their own supervisory authority that you can reach out to at your convenience. Before you lodge a complaint with the supervisory authority, you are of course always welcome to contact us with any concerns or complaints. The easiest way to do so is to reach out via email: firstname.lastname@example.org or at the address in Section 8 below.
If you have more questions and would like to get in touch with us, you are more than welcome to contact us via email: email@example.com or via mail at the address below.
a. Overtone Studios AB
b. Västgötagatan 2, 118 27 Stockholm, Sweden