Ovation Privacy Policy
Version: 3.0
Last revised on: Jan 7, 2025
At Ovation, we value your privacy and are committed to protecting it.
This Privacy Policy outlines how we collect, use, and disclose your information when you use our website (www.ovationup.com, including related domains or subdomains, collectively referred to as the “Website“), mobile and online applications (“Winback”, “Kiosk by Ovation”, and “Ovation Kiosk”, collectively the “App“), software, and services (together, the “Services“). It also explains your privacy rights and how applicable laws safeguard your information.
By using our Services, you consent to the collection, use, and disclosure of your information in accordance with this Privacy Policy. We will not use or share your personal information with anyone except as described in this Privacy Policy.
Capitalized terms that are not defined in this Privacy Policy have the meanings given to them in our Terms of Use.
This Privacy Policy does not apply to the Personal Information we may collect regarding our Customers’ employees and customers (‘Clients’) in the course of providing the Services. However, the handling of Client Personal Information is governed by our agreements with our Customers, including our Data Processing Agreement (collectively referred to as our ‘Agreement’). In the event of any conflict between the provisions of this Privacy Policy and our Agreement, the provisions of our Agreement will take precedence.
We do not establish direct relationships with our Customers’ clients. If we receive any inquiries or requests from Clients regarding their Personal Information, we will redirect those inquiries or requests to the relevant Customer. If you are a customer or employee of one of our Customers, we may retain your Personal Information on behalf of that Customer. If you have any questions about how we handle your Personal Information, we encourage you to contact the appropriate Customer. Any inquiries directly received from you concerning the use of your Personal Information will be forwarded to that Customer.
With that in mind, this Privacy Policy is designed to describe:
- Who we are and how to contact us
- Our relationship to you
- Your rights relating to your personal data
- Whose personal data do we collect?
- When we may process your personal data
- What personal data we collect
- How we use cookies and other tracking or profiling technologies
- How we use your personal data and why
- Who we share your personal data with
- How long we store your personal data
- Where we store your personal data
- How we protect your personal data
- Links to other websites
- Customer’s obligations to respect individual user’s rights
- Changes to our Privacy Policy
This Privacy Policy is intended to meet our duties of transparency under the General Data Protection Regulation (“GDPR“) and the EU ePrivacy Directive.
We will post any modifications or changes to this Privacy Policy on this page.
Who we are and how to contact us
Who we are: Ovation Up, Inc., a corporation duly organized and existing under the laws of the State of Delaware, USA (referred to as either “Ovation“, “we”, “us”, or “our” in this Privacy Policy). Our address is 833 W 1800 N, Mapleton, UT 84664, USA.
How to contact us:
If you have any questions about our practices or this Privacy Policy, please feel free to contact us at:
- Address: 75 W University Parkway, Orem, UT 84058
- Telephone: (801) 383-2821
- Email: dsr@ovationup.com
Our relationship to you
It is important that you identify which relationship(s) you have with Ovation to understand Ovation’s data protection obligations and your rights to your Personal Information under this Privacy Policy.
Ovation has the following relationships:
- A “User” is an individual providing Personal Information to us via our Website or other Services, such as by signing up for our newsletter or making an account and posting on the forums. Here, Ovation is a data controller.
- A “Customer” is a specific type of User that has engaged us to act as an agent (a “data processor”) by obtaining our Services. The Customer is the data controller, and Ovation is their data processor.
- A “Customer End User” is an individual that provides their Personal Information to our Customers. We do not control the purposes or the means by which their Personal Information is collected, and we are not in a direct relationship with Customer End Users.
If Customer End User who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct their query to the Ovation Customer (the data controller). If requested to remove data we will respond within a reasonable timeframe. In certain circumstances we may be required by law to retain your personal information, or may need to retain your personal information in order to continue providing a service.
Hereinafter we may refer to Customers and Users collectively as “You”.
Your rights relating to your personal data
You have the right under this Privacy Policy to:
- Request access to your Personal Data. If you are in certain jurisdictions, this enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it.
- Request correction of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where you have exercised your right to object to processing (see below).
- Object to processing of your Personal Data. This right exists where we are relying on a legitimate interest as the legal basis for our processing and there is something about your particular situation, which makes you want to object to processing of your Personal Data on this ground. You also have the right to object where we are processing your Personal Data for direct marketing purposes.
- Request the restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of Personal Data about you in certain scenarios (for example if you want us to establish its accuracy or the reason for processing it).
- Request the transfer of your Personal Data. If you are in certain jurisdictions, we will provide to you, or a third party you have chosen, your Personal Data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Withdraw consent. This right only exists where we are relying on consent to process your Personal Data (“Consent Withdrawal”). If you withdraw your consent, we may not be able to provide you with access to certain specific functionalities of our Site. We will advise you if this is the case at the time you withdraw your consent.
How to exercise your rights. If you want to exercise any of the rights described above, please contact us using the contact details in ‘Who we are and how to contact us’.
Typically, you will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, except in relation to Consent Withdrawal, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive, or, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Complaints
If you would like to submit a complaint regarding this Privacy Policy or our practices in relation to your Personal Data, please contact us at: dsr@ovationup.com with the subject: ‘Data Privacy’.
We will reply to your complaint as soon as we can.
If you feel that your complaint has not been adequately resolved, please note that if you are in the EU, the GDPR gives you the right to contact your local data protection supervisory authority. You can find information on your country’s data protection authority here.
Whose personal data do we collect?
We may process your personal data, if:
- You are our potential or current customer;
- You are an entity (or you are providing services to an entity), that we want to sell our services to;
- You are providing services/work for our client or to an entity, that uses our Services or Website developed by us (you act on behalf of them e.g. as their employee, associate, or representative);
When we may process your personal data
We may process your personal data collected directly from you or obtained from other sources in the following scenarios:
- Direct Communication: When you provide us with your personal data via various means of communication, such as sending an inquiry via email or through our Website.
- Contractual Obligations: When your personal data is necessary for the conclusion or performance of a contract, including when your personal data is provided as contact information to facilitate proper execution of the contract.
- Third-Party Sources: When we receive your personal data from other sources, such as entities that are our contractors or customers, during events, or from publicly available sources or websites.
- Service Access and Use: When you access or use:
- Any websites or web applications provided, published, developed, or made available by the Company, including our Website.
- Any mobile or online applications provided, published, licensed, developed, or made available by the Company, including our App.
- Any features, content, software, hardware, services, or other products available through the Website, App, or otherwise provided by the Company (collectively, the “Services”).
Your access and use of the Services may be conditional upon providing the requested personal data. Refusal to provide this information may prevent the Company from delivering certain Services.
What personal data we collect
At Ovation, we collect and process Personal Data to provide our Services, maintain security, and ensure compliance with applicable laws. We gather this information through three primary methods: information you provide to us, information collected automatically, and information obtained from external sources.
Information You Provide to Us. The type and amount of information we collect depends on the context in which it is provided and how we use it. Examples include:
- Identification Information: Personal details such as your name, email address, address, mobile number, birth date, and other similar information. This may also include historical, contact, and demographic data provided by you or your business representatives.
- Transaction and Billing Information: Data required to set up contracts and process payments, such as payment card numbers, bank account details, billing and shipping information, and the names of transacting parties. This also includes tax information like states of residence, withholding allowances, and tax filing status.
- Content Information: Information you generate when using the Services, such as uploaded content, documents, or other materials, which may reveal additional details about you.
- Purchase Information: Data about your purchase preferences, including products or services purchased, amounts paid, frequency and location of purchases, and similar details
- Communications with Us: Information shared when responding to surveys, submitting inquiries, or contacting our support team.
Information We Collect Automatically. We collect certain data automatically when you use our Services:
- Log Information: Data from web browsers, devices, and servers, including IP addresses, access times and dates, browser types, and language settings. This also includes details about links clicked, time spent on pages, and conversion information (e.g., completed transactions).
- Device Information: Details about your device, such as hardware model, operating system and version, unique device identifiers, mobile network information, and interactions with our Services. This may include GPS data and device location information during your use of the Services.
- Usage Information: Data about how you interact with the Services, including accessed features, browser type, language, other applications on your device, and time spent on specific webpages or applications.
Aggregated Data. We may also collect, use and share “Aggregated Data” for any purpose. Aggregated Data may be derived from your Personal Data, but once in aggregated form it will not constitute Personal Data as this data does not directly or indirectly reveal your identity. However, if we combine or connect Aggregated Data with your Personal Data so that it can directly or indirectly identify you, we treat the combined data as Personal Data which will be used in accordance with this Privacy Policy.
Children’s Data. Our Services are not directed to, and we do not knowingly collect information from, children under the age of 18. If you believe that a child under 18 may have provided us with Personal Information, please contact us.
Public Data. Information that you choose to make public can be disclosed publicly.
That means, of course, that information like any content that you make public on your website is all available to others. Public information may also be indexed by search engines or used by third parties. Please keep all of this in mind when deciding what you would like to share.
How we use cookies and other tracking or profiling technologies
Ovation may collect non-personally identifiable information regarding your usage of our Website, including the pages you viewed, demographic data such as server locations, and other information that does not identify you. Like most online services, we also use cookies and other technologies that may collect Personal Data.
Cookies:
What are cookies? When you visit the Services, we may send one or more “cookies” – small data files – to your computer to uniquely identify your browser and let Ovation help you enhance your navigation through the Site. A cookie may convey anonymous information about how you browse the Services to us so we can provide you with a more personalized experience, but does not collect personal information about you. A persistent cookie remains on your computer after you close your browser so that it can be used by your browser on subsequent visits to the Service. Persistent cookies can be removed by following your web browser’s directions. A session cookie is temporary and disappears after you close your browser.
What types of cookies do we use? Our Websites use the following types of cookies for the purposes set out below:
| Type of cookie | Purpose |
| Essential Cookies | These cookies are essential to provide you with services available through our Website and to enable you to use some of its features. For example, they allow you to log in to secure areas of our Website and help the content of the pages you request to load quickly. Without these cookies, the Services that you have asked for cannot be provided, and we only use these cookies to provide you with those services. |
| Security Cookies | These cookies enable and support our security features, and to help us detect malicious activity. |
| Functionality Cookies | These cookies allow our Website to remember choices you make when you use our Website, such as remembering your login details and remembering the changes you make to other parts of our Website which you can customize. The purpose of these cookies is to provide you with a more personal experience and to avoid you having to re-enter your preferences every time you visit our Website. |
| Marketing Cookies | These cookies help us deliver marketing campaigns and track their performance Similarly, our partners may use cookies to provide us with information about your interactions with their services, but use of those third-party cookies would be subject to the service provider’s policies. |
| Analytics and Performance Cookies | These cookies are used to collect information about traffic to our Website and how users use our Website. The information gathered via these cookies does not “directly” identify any individual visitor. However, it may render such visitors “indirectly identifiable”. This is because the information collected is typically linked to a pseudonymous identifier associated with the device you use to access our Site. The information collected is aggregated and anonymous. We use this information to help operate our Site more efficiently, to gather broad demographic information and to monitor the level of activity on our Site. We use a number of different tools such as Google Analytics for this purpose. |
How can I disable cookies? You can typically reset your web browser to refuse all cookies or to notify you when a cookie is being sent. In order to do this, follow the instructions provided by your browser (usually located within the “settings”, “help” “tools” or “edit” facility). Many browsers are set to accept cookies until you change your settings.
If you do not accept our cookies, you may experience some inconvenience in your use of our Services and some features of the Service may not function properly.
Further information about cookies, including how to see what cookies have been set on your computer or mobile device and how to manage and delete them, visit www.allaboutcookies.org.
Log Files: Log file information is automatically reported by your browser each time you access a web page. When you use our Website, our servers automatically record certain information your web browser sends whenever you visit any website. These server logs may include information such as your web request, Internet Protocol address, browser type, referring / exit pages and URLs, location, domain names, pages viewed, and other such information.
How we use your personal data and why
We generally use Personal Data for various purposes, including delivering and improving our Services, managing our Website, and providing customer and technical support. Additionally, we utilize this data for conducting research and analysis about our Services, verifying user identity, and preventing fraud or other unauthorized or illegal activities.
We have set out below, in a table format, more detailed examples of relevant purposes for which we may use your Personal Data.
| Purpose | Why do we do this |
| Providing, updating, and maintaining our Services, and business | To deliver the Services you have requested. |
| Research and development | To enable us to improve the Services and better understand our customers and the markets in which we operate. For example, we may conduct or facilitate research and use learnings about how people use our Services and feedback provided directly to us to troubleshoot and to identify trends, usage, activity patterns, areas for additional features and improvement of the Services and other insights. We also test and analyze certain new features with some users before introducing the feature to all users. |
| Communicating with users about the Services | To send communications via email, including, for example, responding to your comments, questions and requests, providing customer support, and sending you technical notices, service updates, security alerts. We may also provide tailored communications based on your activity and interactions with us. |
| Providing customer and technical support | To respond to your requests for assistance, comments and questions, to analyze crash information, to repair and improve the Services and provide other customer support. |
| Enhancing security | To keep our Services and associated systems operational and secure, including, for example, verifying activity, monitoring and investigating suspicious or fraudulent activity and to identify violations of our terms and policies. |
| To comply with applicable law, legal process and regulations and protect legitimate business interests | As we believe is reasonably necessary to comply with a law, regulation, order, subpoena, rule of a self-regulatory organization or audit or to protect the safety of any person, to address fraud, security issues, or to protect our legal rights, interests and the interests of others. |
Who we share your personal data with
We may share Your Personal with third parties in the ways that are described in the table below. We consider this information to be a vital part of our relationship with You.
| Recipients | Why we share it |
| Our Third Party Sub-Processors | Our sub-processors may access your Personal Data to help us develop, maintain and provide our Services and help manage our customer relationships. |
| Service Providers | Our service providers provide us support for our Services, including, for example, development tools, hosting, maintenance, backup, storage, virtual infrastructure, analysis, compliance reviews, banking services, and other services for us, which may require them to access or use Personal Data about You. |
| Professional Advisers | Our lawyers, accountants and consultants may need to review Your personal data to provide consultancy, compliance, banking, legal, insurance, accounting and similar services. |
| Legal and Taxing Authorities, Regulators and Participants in Judicial Proceedings | We may disclose Your Personal Data if we believe it is reasonably necessary to comply with a law, regulation, order, subpoena, rule of a self-regulatory organization or audit or to protect the safety of any person, to address fraud, security or technical issues, or to protect our legal rights, interests and the interests of others, such as, for example, in connection with the acquisition, merger or sale of securities or a business (e.g., due diligence). |
Business Transfers. In connection with any merger, sale of company assets, or acquisition of all or a portion of our business by another company, or in the unlikely event that Ovation goes out of business or enters bankruptcy, customer information would likely be one of the assets that is transferred or acquired by a third party. If any of these events were to happen, this Privacy Policy would continue to apply to your information and the party receiving your information may continue to use your information, but only consistent with this Privacy Policy.
With Your Consent. We may share and disclose information with your consent or at your direction. For example, we may share your information with third parties with which you authorize us to do so.
How long we store your personal data
We will retain your information for as long as it is reasonably needed for the purposes outlined in ‘How We Use Your Personal Data and Why‘. We will only keep your Personal Data for as long as reasonably necessary for these purposes, unless a longer retention period is required by law (for example, for regulatory purposes). This may involve maintaining Your Personal Data beyond the termination of your contract, for the duration necessary to pursue legitimate business interests, conduct audits, comply with (and demonstrate compliance with) legal obligations, resolve disputes, and enforce our agreements.
Where we store your personal data
The Services are maintained in the United States of America. Personal Data that you provide to us may be stored, processed, and accessed by us, our staff, subcontractors, and third parties with whom we share Personal Data, either in the USA or elsewhere, for the purposes described in this policy.
How we protect your personal data
Ovation is committed to protecting your personal data using robust administrative, technical, and physical safeguards. These measures are designed to prevent loss, theft, misuse, and unauthorized access, disclosure, alteration, or destruction of your data. We also ensure the security, confidentiality, and integrity of your personal data, protect against anticipated security threats, and comply with applicable privacy laws.
We regularly review our policies and procedures to maintain their effectiveness and ensure they are up-to-date. Access to personal data is strictly limited to employees, contractors, and agents who need it for legitimate business purposes. These individuals are bound by contractual confidentiality obligations and are subject to disciplinary action, including termination, for violations. Additionally, we may use third-party service providers to store and process personal data in compliance with confidentiality and security standards. These providers may operate in locations such as the United States, Japan, the European Union, or other countries.
While we strive to maintain strong security measures, it is important to note that no system is entirely immune to breaches. In the unlikely event of a security incident that compromises your personal data, we will promptly notify you with full details and immediately initiate a thorough investigation.
To ensure the security of your personal data, it is crucial that you do not share your login credentials, including passwords, with any third party. Ovation cannot guarantee the protection of your data if such credentials are shared.
Finally, Ovation cannot be held liable for any damages, claims, or liabilities arising from a security breach, except as required by applicable laws.
Links to other websites
Our Services may include links to other websites not operated or controlled by Ovation. We are not responsible for the content, accuracy, or opinions expressed on such websites, and they are not investigated, monitored, or checked for accuracy or completeness by us. Please remember that when you use a link to navigate from our Services to another website, our Privacy Policy is no longer in effect. Your browsing and interaction on any other website, including those linked on our site, are subject to that website’s own rules and policies. Third parties may use their own cookies or other methods to collect information about you.
Customer’s obligations to respect individual user’s rights
When using our Services, you may collect and process personal and sensitive information from your users. Under EU law, this makes you an independent data controller of the information obtained through our Services.
As a data controller, you are responsible for safeguarding the personal information you collect or process and must comply with all applicable data protection laws, including the GDPR. This includes maintaining a clear and accessible privacy policy for your users that aligns with this policy and Ovation’s Terms of Use.
For more information on GDPR, visit www.gdpr-info.eu.
As a data controller, you may be required to respond to user requests related to data access, correction, deletion, portability, or objections to processing, as mandated by applicable laws. You are also accountable for any unauthorized disclosures of personal information, including accidental breaches.
Understanding and adhering to consent requirements when processing user data is critical. In the event that Ovation and you are determined to be joint data controllers, and Ovation incurs expenses (e.g., legal fees or fines) as a result of your actions, you agree to indemnify Ovation for those expenses.
Changes to Our Privacy Policy
We reserve the right to revise, modify, add, or remove portions of this Privacy Policy at our sole discretion. Substantial changes to the Privacy Policy may be communicated through the Services, by sending an email to the most recent email address you provided (if applicable), and/or by prominently posting a notice of the changes on our Website or through your account. It is your responsibility to provide and maintain an up-to-date email address. If the email address you provided is invalid or unable to receive notifications, our dispatch of the email will still constitute effective notice of the changes.
Any changes to this Privacy Policy will become effective under the following conditions:
- For existing users: Fifteen (15) calendar days after the dispatch of an email notification (if applicable) or fifteen (15) calendar days after the posting of the notice on our website, whichever occurs first.
- For new users: Immediately upon posting of the updated Privacy Policy.
By continuing to use our Services after such changes, you acknowledge and accept the revised Privacy Policy and agree to be bound by its terms.
This Privacy Policy was last updated on the date indicated below. We encourage you to review this Privacy Policy periodically, particularly before providing any personal data or User Information.
