Last updated on: 03/26/2023
Prior versions of this Privacy Notice can be found at Privacy Notice archive.
About this Privacy Notice
You deserve to be aware of how your personal data is used. Moreover, data protection laws give you certain rights over your personal data, no matter when or where it is being processed. This Privacy Notice is meant to give you information about what personal data we collect about you, how we use it, why we use it, and how you control the data processing.
1. The Basics
1.1 Who We Are
1.1.1 Waves Audio Ltd. ("Waves", "we", "us" or "our") offers a variety of services and products as further detailed below and/or in our Terms. Our offices are located at Azrieli Center 3, The Triangle Tower, 32nd Floor, Tel-Aviv 6701101, Israel. We may provide you with services through our wholly owned subsidiary, Waves Audio Inc., located at 2800 Merchants Drive, Knoxville, TN 37912 ("Waves Inc.") Waves Inc. collects and processes personal data on our behalf, as a “processor”, as further explained below. If you have questions about our company or your privacy, or want to exercise your rights, you can contact us at email@example.com.
1.1.2 Representative for data subjects in the European Union (EU) and the United Kingdom (UK). We value your privacy and your rights as a data subject and have therefore appointed Prighter Group with its local partners as our privacy representative and your point of contact, if you are located in the EU or UK. Prighter gives you an easy way to exercise your privacy-related rights (e.g. requests to access or erase personal data). If you want to contact us via our representative, Prighter or make use of your data subject rights, please visit the following website: https://prighter.com/q/11406283576.
1.2 Our Role: Controller and Processor Certain data protection laws, including the laws in the EU and UK, differentiate between a party that determines why and how personal data is processed (called a "controller") and a party that processes personal data solely on the controller's behalf and according to the controller's instructions (called a "processor"). Waves is the controller in respect of the processing described in this Privacy Notice, and Waves Inc. serves as Waves’s processor.
1.3 Definitions and Recommendations
1.3.1 When we refer to "services", we mean digital audio signal processing technologies through our software, hardware and apps, and providing this website, all as may be further detailed on our website at https://www.waves.com.
1.3.2 When we refer to "personal data", we mean information that is defined as personal data under law. This includes information that identifies you directly or indirectly, including unique identifiers like IP addresses or cookie IDs.
1.3.3 When we refer to "you", we mean visitors to our website, job applicants and any user of our services, as applicable.
1.3.4 This Privacy Notice is meant to be read together with our applicable terms of service, which you can find at www.waves.com/legal/website-terms-of-use ("Terms"). In general, we recommend that you routinely review this privacy notice and your preferences on our site.
1.4 A Note on Legal Bases. Certain jurisdictions only allow the processing of personal data where a legal basis has been established. Under the EU's General Data Protection Regulation ("GDPR"), the possible legal bases include: your consent, the processing is necessary to perform a contract with you, the processing is necessary to fulfill our legal obligations, or a company has a legitimate business interest to process your personal data. Where we are a controller, we only collect and process data where we have established a legal basis. Below you can find more details about specific legal bases.
2. Personal Data We Collect as a Controller, How We Use It, and Why.
Below is a description of the types of personal data we collect, how we use it, and the reason why we consider each use lawful. You have no legal obligation to provide us with personal data, but if you don't provide us with certain information, we may not be able to provide you with the associated services.
2.1 Website Visitors. When you visit our site, we may collect the following types of data about you.
2.1.1 Contact Form Information – When you send us a message through the contact form on our site, we collect any data you provide, such as your name, email, and the content of your message. When you sign up for our newsletters/mailing list we collect your email address.
How We Use this Data: To respond to your message, to provide you with informational newsletters about our products and services, and/or provide you with promotional materials we think may be of interest to you, all as applicable.
Legal Basis: We process this personal data based on the performance of a contract with you. Processing your Personal Data to share our newsletters and promotional materials is based on your consent. You may withdraw your consent at any time by contacting us at firstname.lastname@example.org.
2.1.2 Activity and System Data (automatically collected data, including through Cookies) – When you visit our site, we automatically collect data about your computer or mobile device, including personal data such as your IP address, device ID, time-zone, browsing history (e.g. the other sites you've visited before ours), and your activity on our site (e.g. what pages you visited, for how long, and what links you clicked on). For more information about the cookies we use and how to adjust your preferences, see the Cookies and Similar Technologies section below.
How We Use this Data: We mainly use this data to generate analytics data about the use of our site so we can maintain and improve the site and develop new products or services. We also use statistical data to prevent fraud and protect the security of our site. Some cookies and personal data may be used to provide you with advertising for our products and services or those of third parties, based on your preferences and interests. One of the tools we use to collect and analyze this data is "Google Analytics". For more information about how Google collects information and how you can control such use, see: policies.google.com/technologies/partner-sites.
Legal Basis: When we process this personal data which is generated from cookies and similar technologies for the purpose of developing and improving our products and services and/or to advertise to you, we do so based on your consent. When we process this personal data, which is not generated from cookies and similar technologies, and/or for the purpose of preventing fraud, we do so based on our legitimate interests to develop and improve our products and services, market our own products and to prevent fraud. We will only use your personal data for marketing third parties' products and Services if you have given your consent. You may withdraw your consent at any time at https://www.waves.com/legal/cookie-policy email@example.com. We will process your request as soon as reasonably possible, however it may take a few days for us to update our records before any opt-out is effective. Additional information regarding Our Marketing Activities is provided below.
2.2 Users - If you are a user of our services, we collect the following information from and about you.
2.2.1 Registration Data – In order to access some of our services, including to make a purchase through our website, you must first create an account. When creating an account, you will be asked to provide your username and email address. We may also indicate that the provision of certain personal data is voluntary, such as your telephone number, age and date of birth, gender, your occupation, country and zip code.
How We Use this Data: We use your registration information to allow you to access our services, save your preferences, protect the security of our services, prevent fraud, and address any issues that arise. We use your contact details to communicate with you about our services. We also use your contact details to send you informational newsletters about our products and services. In addition, we use your registration information to send you promotional materials relating to our products and services. For more information about our marketing activities and how you can control your preferences, see the section on Our Marketing Activities below.
Legal Basis: When we process your registration data to provide you with our services, we do so to perform a contract with you, in this case our Terms/customer agreement. When we process your registration data to maintain our services, including to prevent fraud, protect the security of and/or address issues with our services, we do so on the basis of our legitimate interest to maintain our assets. When we use your Personal Data to send you promotional materials relating to our services, we do so based on our legitimate interest to promote and market our services.
2.2.2 Payment Data – If you make a purchase through the services, you will be required to provide customary billing information, including your name, address, phone number, whether you have a Tax / VAT number (and the number), and the details of your credit card or other payment instrument. We may receive information related to such purchase, such as the last four (4) digits of your credit card number.
How We Use this Data: To process your payment and to prevent fraud.
Legal Basis: We process your payment data to perform a contract with you, specifically our Terms. When we process your payment data to prevent fraud, we do so based on our legitimate interest to protect ourselves and our customers.
2.2.3 Materials You Upload – We collect any personal data that may be included in any materials, including audio, images, usernames, avatar, profile information, your online presets, or documents, you may upload to the services.
How We Use this Data: To provide you with our services. When we process personal data that you may upload through our services, we process it to provide you with our services, maintain and improve the services and develop new products or services using analytics data, and provide you with advertising for our products based on your preferences and interests as reflected by such uploaded materials.
Legal Basis: We process the materials you provide to perform our contract with you, specifically, the Terms/customer agreement. When we process audio files for analytics purposes and targeted advertising purposes, we do so based on our legitimate interests to improve and market our services.
2.2.4 Activity and System Data (automatically collected data, including through Cookies) – e collect data about your device and your activity, as described more fully above in section 2.1.2, when you use our services. We may collect information about your activity and use of our services, including personal data. Without derogating from the aforementioned, you may withdraw your consent regarding tracking of your usage for the purpose of improving our services, by accessing “Waves Central” settings page under the Privacy Section and turn-off the applicable toggle regarding usage data.
How We Use this Data: To provide you with our services, and issue royalty payments to third-parties where we are legally required to do so. We may also process usage data to maintain and improve the services and develop new products or services, and offer you new products based on your preferences and interests.
Legal Basis: We process this information to perform our contract with you, specifically, the Terms/customer agreement. When we process this information for analytics and targeted advertising purposes, we do so based on our legitimate interests to improve and market our services.
2.2.5 Android's App Set ID – We collect Android's App Set ID from your device when you use our app.
How We Use this Data: We use the App Set ID for the essential purposes of analytics and fraud prevention. We do not connect the App Set ID to any Android advertising identifiers (for example, AAIDs) or any personal data for advertising purposes. We process the App Set ID in accordance with Google Play's User Data Policy.
Legal Basis: When we process your App Set ID to prevent fraud, we do so based on our legitimate interest to protect ourselves and our customers. When we process it for analytics purposes, we do so based on our legitimate interests to improve our services.
2.2.6 Geo-Location – subject to you consent, we collect your (geo)location when you use our services.
How We Use this Data: We use your location to provide you with location-based advertising and for statistical analyses of our services.
Legal Basis: We process your location based on your consent. You may withdraw your consent at any point by changing your device settings.
2.3 Job Applicants - If you apply for a job with us, we collect the information you provide as part of your application and during the course of the application process. This may include your name, contact details, resume, recommendations, and any other information we may request or that you choose to share with us.
How We Use this Data: We use this data to process your job application, including using your contact details to contact you for scheduling purposes and to provide you with updates. We also use this data to manage our recruitment campaigns, as well as to analyze their results and improve future campaigns.
Legal Basis: We process your application data based on our legitimate interest to attract and assess candidates for employment.
2.4 Customers of Distributors and Waves Inc. - When you use our services through on of our authorized distributors or Waves Inc., the distributor or Waves Inc. will provide us with your contact information, such as your name and e-mail address, as well as payment data as set forth in Section 2.2.2 above.
How We Use this Data: We use your registration information to allow you to access our services, save your preferences, protect the security of our services, prevent fraud, and address any issues that arise. We use your payment data to process your payment and to prevent fraud. We use your contact details to communicate with you about our services. We also use your contact details to send you informational newsletters about our products and services. In addition, we use your registration information to send you promotional materials relating to our products and services. For more information about our marketing activities and how you can control your preferences, see the section on Our Marketing Activities below.
Legal Basis: When we process your registration data to provide you with our services, we do so to perform a contract with you, in this case our Terms/customer agreement. We process your payment data to perform a contract with you, specifically our Terms. When we process your payment data to prevent fraud, we do so based on our legitimate interest to protect ourselves and our customers. When we process your registration data to maintain our services, including to prevent fraud, protect the security of and/or address issues with our services, we do so on the basis of our legitimate interest to maintain our assets. When we use your Personal Data to send you promotional materials relating to our services, we do so based on our legitimate interest to promote and market our services.
3. Our Marketing Activities
As described above, we may use personal data we collect for advertising and marketing purposes. We try to limit the marketing material we send to a reasonable and proportionate level. Below we describe how you can control the marketing material you receive from us.
3.1 Email Marketing and Services Communications
3.1.1. We use your contact details to send you informational newsletters and other marketing material about our products and services, if you have provided your consent. You may withdraw your consent at any time in your account.
3.1.2. You can stop the delivery of all marketing emails by following the "unsubscribe" link in any messages we send you. Alternatively, you can unsubscribe in your account.
3.1.3. If you are a registered user, you can change your preferences within your account to reflect how you would like us to communicate with you.
3.1.4. Note that if you are a registered user, we may need to contact you about administrative or service-related issues as part of the services we provide to you. This is not marketing communication and you will continue to receive these messages even if you opt-out of marketing emails.
4. Sharing the Personal Data We Collect.
We share your personal data as follows:
4.1 Affiliates. We may share your personal data with our affiliates, where this is necessary to provide you with our products and services and so that we can manage our business, such as to keep updated records of our users. A list of our affiliates is available at https://www.waves.com/contact-us.
4.2 Distributors. We may share your personal data, such as contact details, with our distributors, which act as an independent, separate controller of your personal data, and may use such data to offer you third party products or services. We share your personal data with distributors where this is necessary to provide you with our products and services and so that we can manage our business. Your information will only be shared with our distributors with your consent. For information about our distributors, please see our Dealers list, available at www.waves.com/.
4.3 Customers. If you use our services in connection with a company that is our customer, that customer may have access to information about your use of our services. For example, a user with an administrator account may be able to see your data.
4.4 Users of our services. If you choose to use our services which entail social features, such as sharing your audio files and comments with other users of such users, such users may be able to obtain personal data about you through the materials you choose to upload.
4.5 Service Providers. Below is a list of the types of service providers we use, the service each provides, and the types of data shared with each. All service providers have agreed to confidentiality restrictions and have undertaken to use your personal data solely as we direct.
|Type of Service
|Personal Data Shared
|We use service providers that offer cloud computing services. They offer us space on their servers for us to store our files and programs, including your personal data.
|All personal data that we collect from you is stored on third-party servers.
|Customer Relationship Management (CRM)
|We use an external CRM tool to help us keep track of our customers and information related to them, including their personal data.
|your name, company, position, email address, and phone number.
|We use an independent vendor to send out marketing emails on our behalf.
|your name and email address.
|When you make a payment through our services, the transaction is processed by an independent vendor.
|the details of your credit card number or your account with such vendor.
4.6 Advertisers. When you click on an ad, whether or not it's on our services, the relevant advertiser will be alerted that someone has visited the page on which the relevant advertisement was displayed, and may be able to identify your device by using certain technologies, like cookies. We share personal data with advertisers who collect data through our site with your consent. Advertisers are able to combine the personal data they collect independently with personal data we allow them to collect through our site.
4.7 Meta. For the purpose of advertising our products to you, we also share your contact details with Meta Platforms Ireland Limited ("Meta"), which acts as an independent, separate controller of your personal data, and may use such data to offer you third party products or services, or for other marketing profile purposes. We share your personal data with Meta for marketing and retargeting purposes, as set forth in Section 3 above. For more information about how Meta processes your data, please see https://www.facebook.com/privacy/guide/ads.
4.8 Change of Ownership. If we are looking to sell our company, liquidate assets, or merge with another, we may share your personal data with other interested parties as part of negotiations toward that transaction. In such case, or where we do sell our company, your personal data shall continue to be subject to the provisions of this Privacy Notice.
4.9 Law Enforcement Related Disclosure. We may share your personal data with government agencies or other relevant parties, such as a law office or independent auditor: (i) if we believe that such disclosure is appropriate to protect our rights, property or safety (including the enforcement of the Terms and this Privacy Notice) or those of a third party; (ii) if required by law or court order; or (iii) as is necessary to comply with any legal and/or regulatory obligations, such as audit requirements.
5. International Transfers.
Some of our service providers and affiliates or additional controllers are located in countries other than your own. When we transfer your personal data internationally, we will only do so safely and securely and in accordance with applicable law.
5.1. If you are located in the EU, when we share your personal data with third parties based outside of the European Economic Area ("EEA"), we will ensure that they sign on agreements that require them to comply with applicable law, keep your data secure at similar levels to the level described in this Privacy Notice, and make sure that your data protection rights are protected. We will also implement the following safeguards:
5.1.1. When we transfer your personal data to Israel, we rely on the decision by the European Commission that says that those countries are considered to provide an adequate level of data protection.
5.1.2. Where we transfer your personal data to other countries, we (i) take additional security measures to protect the data and (ii) use specific contracts approved by the European Commission, known as the Standard Contractual Clauses, to give your personal data the same protection it has in the EEA.
5.1.3. Please contact us at firstname.lastname@example.org if you would like further information on the specific mechanism used by us when transferring your Personal Data out of the EEA.
The security of your personal data is our highest priority. We work hard to make sure that your personal data will be held securely and that it will not be shared or lost accidentally. However, it is impossible to guarantee absolute security. The security of your data also depends on the security of the devices you use and the way in which you protect your user IDs and passwords. The measures we take include:
6.1 Technical Measures. The electronic safeguards we employ to protect your personal data include secure servers, firewalls, and antivirus protections.
6.2 Access Control. We limit access to your personal data only to authorized personnel who have a need to know, including account managers, customer support staff, and software developers. We review these permissions regularly and revoke an employee's access immediately after his/her termination.
6.3 Internal Policies. We maintain and regularly review and update our privacy related and information security policies.
6.4 Personnel. We require employees to sign non-disclosure agreements according to applicable law and industry customary practice.
6.5 Database Backup. Our databases are backed up and verified regularly. Backups are encrypted and stored within the production environment to preserve their confidentiality and integrity.
7. Your Rights - How to Control Our Use of Your Personal Data.
Depending on which laws apply, you have certain legal rights over your data. Below is some general information about rights that may apply to you but we recommend checking the law or consulting with a lawyer to understand what applies in your specific case. To exercise your rights, please contact us at email@example.com. If you want to exercise your rights regarding your personal data held by other controllers you can contact the applicable controller directly. We may ask for reasonable evidence to verify your identity before we can comply with any request.
7.1 Right of Access. You may have a right to know what personal data we collect about you. We may charge you with a fee to provide you with this information, if permitted by law. If we are unable to provide you with all the information you request, we will do our best to explain why. See Article 15 of the GDPR for more details, if your personal data is subject to GDPR.
7.2 Right to Correct Personal Data. You may have the request that we update, complete, correct or delete inaccurate, incomplete, or outdated Personal Data. See Article 16 of the GDPR for more details, if your personal data is subject to GDPR.
7.3 Deletion of Personal Data ("Right to Be Forgotten"). If you are located in the EU, you may have the right to request that we delete your personal data. Note that we cannot restore information once it has been deleted. Even after you ask us to delete your personal data, we may be allowed to keep certain data for specific purposes under applicable law. See Article 17 of the GDPR for more details, if your personal data is subject to GDPR.
7.4 Right to Restrict Processing. If you are located in the EU, you may have the right to ask us to stop processing your personal data. See Article 18 of the GDPR for more details, if your personal data is subject to GDPR.
7.5 Right to Data Portability. If you are located in the EU, you may have the right to request that we provide you with a copy of the personal data you provided to us in a structured, commonly-used, and machine-readable format. See Article 20 of the GDPR for more details, if your personal data is subject to GDPR.
7.6 Right to Object. If you are located in the EU, you may have the right object to certain processing activities. See Article 21 of the GDPR for more details, if your personal data is subject to GDPR.
7.7 Withdrawal of Consent. If we are processing your data based on your consent, you are always free to withdraw your consent, however, this won't affect processing we have done from before you withdrew your consent.
7.8 Right to Lodge a Complaint with Your Local Data Protection Authority. If you are located in the EU, you have the right to submit a complaint to the relevant data protection authority if you have any concerns about how we are processing your personal data, though we ask that as a courtesy you please attempt to resolve any issues with us first.
8. Your California Privacy Rights.
If you are a resident of the State of California, subject to certain exemptions, you have certain rights in relation to the Personal Data (for the purposes of this Section 8, "Personal Information") that we have collected about you, as detailed below. In accordance with applicable law, we may ask for reasonable evidence to verify your identity before we comply with certain of your requests, as detailed below.
8.1 Your Rights.
8.1.1 Right to Know. You have the right to request that we disclose to you any or all of the following, subject to applicable law:
8.1.2 Right to Delete. Subject to certain exceptions, you have the right to request that we and any of our service providers delete your Personal Information.
8.1.3 Right to Correct. You have the right to request that we correct any inaccurate Personal Information we maintain about you, taking into account the nature of the personal information and the purposes of the processing of the personal information.
8.1.4 Right to Opt-Out of the Sale or Sharing of Personal Information. If you are 16 years of age or older or have consented to the sale of your Personal Information, you have the right to direct us not to sell or share your Personal Information at any time. You may change your mind and opt back into the sale of your Personal Information at any time by contacting us at the address above. We may deny any request to opt-out of the sale of Personal Information that we deem in our good-faith, reasonable and documented belief is fraudulent.
8.1.5 Right to Limit Use and Disclosure of Sensitive Personal Information. You have the right to direct us to limit our use of your sensitive Personal Information, to that use which is necessary to perform the services or provide the goods reasonably expected by an average consumer who requests those goods or services and as otherwise permitted by applicable law.
8.1.6 Right to Non-Discrimination for Exercising your Consumer Privacy Rights. You have the right not to be discriminated against for exercising any of your consumer privacy rights, such as, not being denied any goods or services or charged different prices or rates.
8.2 How to Exercise your California Privacy Rights.
8.2.1 Contact Information. To exercise any of the rights detailed above, please submit a verifiable request to us by contacting us at firstname.lastname@example.org. You may only request to exercise your right of access twice within a 12-month period.
8.2.2 Submitting a Verifiable Request. In order to exercise your right to know or right to delete you must submit a request containing sufficient information that allows us to reasonably verify you are the person about whom we collected the applicable Personal Information or an authorized agent of such person, which may include details relating to your account. Any requests made through your password protected account will be verified through our existing authentication procedures for such account.
8.2.3 Submitting Requests through an Authorized Agent. An authorized agent may exercise requests on your behalf. In order to exercise your right to know or right to delete through an agent, we may ask for reasonable evidence to verify your identity and the agent’s identity, and written authorization permitting the agent to act on your behalf before complying with your request. In order to submit a request to opt-out of the sale of your Personal Information through an agent, we may ask for written authorization permitting the authorized agent to act on your behalf before complying with your request. We reserve the right to deny the request of any agent that does not provide proof that they have been authorized to act on behalf of the applicable consumer in accordance with applicable law.
8.3 Children. We do not knowingly sell the Personal Information of California residents under 16 years of age.
9. Data Retention.
9.1 We retain your personal data as long as necessary to fulfill each of the purposes we described above.
9.2 When deciding how long to store personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized access, the purposes for which the personal data was collected, as well as applicable legal requirements. Please note that we may delete information from our systems without notifying you first. Retention by any of our service providers or subcontractors may vary in accordance with each business's retention policy.
9.3 In some circumstances, we may store your personal data even after we're finished using it if required to do so by law (e.g. to fulfill tax or audit requirements), or to keep accurate records of our interactions in case there is a prospect of litigation relating to your personal data. In such cases, we will maintain the same security measures as described above.
9.4 Please contact us at email@example.com if you would like details about the retention periods for each type of personal data we process.
10. Cookies and Similar Technologies.
11. Third-Party Services.
You may have access to third-party services through our services. Please note that all use of third-party services is at your own risk and subject to such third party's terms and privacy policies. We do not take any responsibility for the performance of other services.
We do not knowingly collect personal data from children under the age of sixteen (16). In the event that you become aware that an individual under the age of sixteen (16) has registered without parental permission, please advise us immediately.
13. Changes to the Privacy Notice.
We may update this Privacy Notice from time to time to keep it up to date with legal requirements and the way we operate our business. We will place any updates on this webpage. Please come back to this page every now and then to make sure you are familiar with the latest version.