Privacy Shield Notice

Effective as of January 30, 2019

OTOY, Inc. and its affiliates and subsidiaries ("OTOY" or "we", "us" or "our") complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data transferred to it in the United States from the European Economic Area ("EEA") and Switzerland, respectively. We have certified to the Department of Commerce that we adhere to the Privacy Shield Principles. To learn more about the Privacy Shield program, the Privacy Shield Principles and to view our certification, please visit


Our certification of adherence to the Privacy Shield Principles applies to the personal data that (a) we collect from our customers and other visitors to our website for account management, billing or marketing purposes ("OTOY User Data"), (b) that we process on behalf of our customers in providing online services to them under a service agreement ("Services Data") and (c) we collect about our employees (past or present) collected in the context of the employment relationship ("HR Data"). OTOY commits to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with the advice given by the panels with regard to HR Data transferred from the EU and Switzerland in the context of the employment relationship. Please contact us to be directed to the relevant DPA contacts.

Data processed.

The OTOY User Data that we collect, use and share is described in our Privacy Policy. While our customers decide what Services Data to submit, it typically includes information about their own users and how they use the customer’s sites, applications and services and third party applications. We process Services Data as instructed by our customers and do not own or control Services Data.

Purposes of data processing.

We collect, use and share OTOY User Data for the purposes described in our Privacy Policy. We process Services Data for the purpose of providing our online services to our customers, which may include accessing and processing the data to provide the services, to correct and address technical or service problems, to follow instructions of the customer who submitted the data, or in response to contractual requirements.

Inquiries and complaints.

In compliance with Privacy Shield Principles, OTOY commits to resolve complaints about our collection or use of your personal data. EU and Swiss individuals with inquiries or complaints concerning our Privacy Shield policy should first contact [email protected]. If you are located in the EEA or Switzerland and have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact the JAMS Privacy Shield Program, our U.S.-based third party dispute resolution provider (free of charge), which you can learn more about by visiting


If you are located in the EEA or Switzerland and neither OTOY nor our dispute resolution provider resolves your complaint, you may be entitled to invoke binding arbitration under certain conditions more fully described on the Privacy Shield website.

Third parties who may receive personal data.

We share OTOY User Data with third parties as described in our Privacy Policy. We may share Services Data with third parties under the following circumstances and only in accordance with the applicable customer agreements:

  • Affiliates. We may disclose Services Data to our subsidiaries and corporate affiliates for use consistent with this Privacy Policy.
  • Service Providers. We may employ third party companies and individuals to administer and provide the Service on our behalf (such as customer support, hosting, website analytics, email delivery, database management services). OTOY maintains contracts with these service providers restricting their access, use and disclosure of personal data in compliance with our Privacy Shield obligations, including the onward transfer provisions, and we may be liable if they fail to meet those obligations and we are responsible for the event giving rise to damage.
  • Legal requirements. We may disclose Services Data if required to do so by law in order to (for example) respond to a subpoena or request from law enforcement, a court or a government agency, or in the good faith belief that such action is necessary (a) to comply with a legal obligation, (b) to protect or defend our rights, interests or property or that of third parties, (c) to prevent or investigate possible wrongdoing in connection with the services, (d) to act in urgent circumstances to protect the personal safety of customers, their users or the public; or (e) to protect against legal liability.
  • Business Transfers. As we develop our business, we might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganization, dissolution or similar event, Services Data may be part of the transferred assets.

In addition, we may be required to disclose any personal data that we process in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Your rights to access, to limit use, and to limit disclosure.

Individuals in the EEA and Switzerland have rights to access personal data about them, and to limit use and disclosure of their personal data. With our Privacy Shield self-certification, we have committed to respect those rights. This means that if you wish to access Services Data and request that we correct, amend or delete it if it is inaccurate or processed in violation of Privacy Shield, you should contact that customer with your request. We will then help them to fulfil that request in accordance with their instructions.

If your personal data includes OTOY Personal Data, you can request access to that data and request that we correct amend, or delete it if it is inaccurate or processed in violation of Privacy Shield by emailing your request to [email protected]. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions.

U.S. Federal Trade Commission Enforcement.

OTOY’s commitments under the Privacy Shield are subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.  

If there is any conflict between the terms in this Privacy Shield Notice and the Privacy Shield Principles, the Privacy Shield Principles shall take precedence.