Privacy policy

This Ocean.io Privacy Policy & Statement ("Privacy Statement"):

  • outlines our privacy policies and practices;
  • describes how we collect, use, share, and otherwise process Personal Data (as defined in the GDPR), and
  • informs you about your rights and choices regarding your Personal Data.

References to "Ocean.io," "we,", "us" or "our" are references to Ocean ApS (see below under "Contact Ocean.io" for full address).

1. Ocean.io's role

Ocean.io is the controller of your Personal Data as described in this Privacy Statement, unless specified otherwise.

This Privacy Statement does not apply to the extent we process Personal Data in the role of a processor or service provider on behalf of our customers, including where we process Personal Data from the customer's CRM or where we collect, use, share or process Personal Data via our platform and/or services. Processing of data collected from a customer's CRM system, including Personal Data, are covered by the Data Processing Addendum concluded with our customer and the Data Processing Policy.

Most importantly, whatever data, including Personal Data, we collect in connection with the processing activities identified under section 2 below, are processed for our internal purposes only and are under no circumstances included in the Ocean.io database made available to our customers.

We are not responsible for the privacy or data security practices of our customers, which may differ from those explained in this Privacy Policy & Statement.

2. Processing activities covered

This Privacy Statement applies to the processing of Personal Data collected by us when you:

  • Visit our websites that display or link to this Privacy Statement;
  • Visit our branded social media pages;
  • Visit our offices;
  • Receive communications from us, including emails, phone calls, texts or fax;
  • Use our services as an authorized user (for example, as an employee of one of our customers who provided you with access to our services) where we act as a controller of your Personal Data;
  • Register for, attend or take part in our events, webinars, or contests; or
  • Participate in community and open source development.

Our websites and services may contain links to other websites, applications, and services maintained by third parties. The information practices of other services, or of social media platforms that host our branded social media pages, are governed by their privacy statements, which you should review to better understand their privacy practices.

What personal data do we collect?

3.1 Personal data we collect directly from you

We may also collect information about you from other sources including third parties from whom we purchase or may purchase Personal Data and from publicly available information. We may combine this information with Personal Data provided by you. This helps us update, expand, and analyze our records, identify new customers, and create more tailored advertising to provide services that may be of interest to you.

  • If you express an interest in obtaining additional information about our services; request customer support; use our "Contact Us" or similar features; register to use our websites; sign up for an event, webinar or contest; or download certain content, we may require that you provide to us your contact information, such as your name, job title, company name, address, phone number, email address or username and password;
  • If you register or attend an event, we may, with your further consent, scan your attendee badge, which will provide to us your information, such as name, title, company name, address, country, phone number and email address;
  • If you register for an online community that we host, we may ask you to provide a username, photo or other biographical information, such as your occupation, location, social media profiles, company name, areas of expertise and interests;
  • If you interact with our websites or emails, we automatically collect information about your device and your usage of our websites or emails using cookies, web beacons, or similar technologies;
  • If you use and interact with our services, we automatically collect information about your device and your usage of our services through log files and other technologies;
  • If you communicate with us via a phone call from us, we may record that call;
  • If you voluntarily submit certain information to our services, such as filling out a survey about your user experience, we collect the information you have provided as part of that request.

If you provide us or our service providers with any Personal Data relating to other individuals, you represent that you have the authority to do so, and where required, have obtained the necessary consent.

3.2 Personal data we collect from other sources

We may also collect information about you from other sources including third parties from whom we purchase or may purchase Personal Data and from publicly available information. We may combine this information with Personal Data provided by you. In particular, we may collect such Personal Data from the following sources:

  • Third party providers of business contact information, including mailing addresses, job titles, corporate email addresses, IP addresses, social media profiles, LinkedIn URLs and custom profiles, for purposes of targeted advertising, delivering relevant email content, event promotion and profiling, determining eligibility and verifying contact information; and
  • Another individual at your organization who may provide us with your business contact information for the purposes of obtaining services; and
  • Platforms to manage code check-ins and pull requests. If you participate in an open source or community development project, we may associate your code repository username with your community account so we can inform you of program changes that are important to your participation or relate to additional security requirements.

4. What device and usage data do we process?

We use common information-gathering tools, such as tools for collecting usage data, cookies, web beacons, pixels, and similar technologies to automatically collect information that may contain Personal Data as you navigate our websites, our services, or interact with emails we have sent to you.

4.1 Device and usage data

We gather certain information automatically when individual users visit our websites. This information may include identifiers, commercial information, and internet activity information such as IP address (or proxy server information), device and application information, identification numbers and features, location, browser type, plug-ins, integrations, Internet service provider, mobile carrier, the pages and files viewed, searches, referring website, app or ad, operating system, system configuration information, advertising and language preferences, date and time stamps associated with your usage, and frequency of visits to the websites.

In addition, we gather certain information automatically as part of your use of our products and services. This information may include identifiers, commercial information, and internet activity information such as IP address (or proxy server), device and application identification numbers, location, browser type, Internet service provider, the pages and files viewed, website and webpage interactions including searches and other actions you take, operating system and system configuration information and date and time stamps associated with your usage.

4.2 Cookies, web beacons and other tracking technologies

We use technologies such as web beacons, pixels and tags alone or in conjunction with cookies, to gather information about the use of our websites and how people interact with our emails.

When you visit our websites, we, or an authorized third party, may place a cookie on your device that collects information, including Personal Data, about your online activities over time and across different sites. Cookies allow us to track use, infer-browsing preferences, and improve and customize your browsing experience.

We use both session-based and persistent cookies on our websites. Session-based cookies exist only during a single session and disappear from your device when you close your browser or turn off the device. Persistent cookies remain on your device after you close your browser or turn your device off. You can control the use of cookies on your device, but choosing to disable cookies on your device may limit your ability to use some features on our websites and services.

We also use web beacons and pixels on our websites and in emails. For example, we may place a pixel in marketing emails that notify us when you click on a link in the email. We use these technologies to operate and improve our websites and marketing emails.

4.3 Opt-out from cookies

In many cases you may opt-out from the collection of non-essential device and usage data on your web browser by managing your cookies at the browser or device level. Please note, however, that by blocking or deleting cookies and similar technologies used on our websites, you may not be able to take full advantage of the websites.

4.4 Social media features

Our websites may use social media features, such as the Facebook "like" button, the "Tweet" button and other sharing widgets ("Social Media Features"). Social Media Features may allow you to post information about your activities on our website to outside platforms and social networks.

We also allow you to log in to certain of our websites using sign-in services like Facebook Connect. These services authenticate your identity and provide you the option to share certain Personal Data from these services with us such as your name and email address to pre-populate our sign-up form.

Your interactions with Social Media Features are governed by the privacy policies of the companies providing them.

5. Purposes for which we process personal data and the legal bases on which we rely

We collect and process your Personal Data for the following purposes. Where required by law, we obtain your consent to use and process your Personal Data for these purposes. Otherwise, we rely on another authorized legal basis (including but not limited to the (a) performance of a contract or (b) legitimate interest) to collect and process your Personal Data.

  • Providing our websites and services: We process your Personal Data to perform our contract with you for the use of our websites and services and to fulfill our obligations under the applicable terms of use and service.
  • Promoting security: We process your Personal Data by tracking use of our websites and services, creating aggregated non-personal data, verifying accounts and activity, and investigating suspicious activity.
  • Managing user registrations: If you have registered for an account with us, we process your Personal Data by managing your user account for the purpose of performing our contract with you.
  • Handling contact and user support requests: If you fill out a "Contact Me" web form or request user support, we process your Personal Data to perform our contract with you and to fulfill your requests.
  • Managing event registrations and attendance: We process your Personal Data to plan and host events or webinars for which you have registered.
  • Managing promotions: If you register for a promotion, we process your Personal Data to perform our contract with you.
  • Managing payments: If you have provided financial information to us, we process your Personal Data to verify that information and to collect payments.
  • Developing and improving our websites and services: We process your Personal Data to analyze trends and to track your usage of and interactions with our websites and services.
  • Assessing and improving user experience: We process device and usage data to analyze trends and assess and improve the overall user experience.
  • Displaying personalized advertisements and content: We process your Personal Data to conduct marketing research, advertise to you, and provide personalized information about us on and off our websites.
  • Sending marketing communications: We will process your Personal Data to send you marketing information, product recommendations and other non-transactional communications about us and our affiliates and partners.
  • Complying with legal obligations: We process your Personal Data when cooperating with public and government authorities, courts or regulators in accordance with our legal obligations under applicable laws.

If we need to collect and process Personal Data by law, or under a contract we have entered into with you, and you fail to provide the required Personal Data when requested, we may not be able to perform our contract with you.

6. Who do we share personal data with?

We may share your Personal Data as follows:

  • Service Providers: With our contracted service providers, who provide services such as IT and system administration and hosting, credit card processing, research and analytics, marketing, customer support and data enrichment.
  • Affiliates: If you use our websites to register for an event or webinar organized by one of our affiliates, we may share your Personal Data with the affiliate to the extent this is required to process your registration.
  • Event Sponsors: If you attend an event or webinar organized by us, or download or access an asset on our website, we may share your Personal Data with sponsors of the event.
  • Promotion Sponsors: With sponsors of contests or promotions for which you register.
  • Third party networks and websites: With third-party social media networks, advertising networks and websites, so that Ocean.io can market and advertise on third party platforms and websites.
  • Professional Advisers: In individual instances, we may share your Personal Data with professional advisers acting as service providers, processors, or joint controllers — including lawyers, bankers, auditors, and insurers.
  • Third Parties in a Corporate Transaction: If we are involved in a merger, reorganization, dissolution or other fundamental corporate change, or sell a website or business unit, or if all or a portion of our business, assets or stock are acquired by a third party.

We may also share anonymous or de-identified usage data with our service providers for the purpose of helping us in such analysis and improvements.

For more information on the recipients of your Personal Data, please contact us by using the information in the "Contact Ocean.io" section, below.

7. International transfer of personal data

Your Personal Data may be collected, transferred to and stored by us in the EU and by our affiliates and third-parties disclosed in Section 6, above, that are based in other countries in their respective countries.

Therefore, your Personal Data may be processed outside your jurisdiction, and in countries that are not subject to an adequacy decision by the European Commission or your local legislature or regulator, and that may not provide for the same level of data protection as your jurisdiction, such as the EEA. We ensure that the recipient of your Personal Data offers an adequate level of protection and security, for instance by entering into the appropriate back-to-back agreements and, if required, standard contractual clauses or an alternative mechanism for the transfer of data as approved by the European Commission (Art. 46 GDPR) or other applicable regulator.

Where required by applicable law, we will only share, transfer or store your Personal Data outside of your jurisdiction with your prior consent.

8. Children

Our websites and services are not directed to children under the age of 16. We do not knowingly collect Personal Data from children under the age of 16. If you believe that a child under the age of 16 may have provided us Personal Data, please contact us using the information in the "Contact Ocean.io" section below.

9. How long do we keep your personal data?

We may retain your Personal Data for a period of time consistent with the original purpose of collection or as long as required to fulfill our legal obligations. We determine the appropriate retention period for Personal Data on the basis of the amount, nature, and sensitivity of the Personal Data being processed, the potential risk of harm from unauthorized use or disclosure of the Personal Data, whether we can achieve the purposes of the processing through other means, and on the basis of applicable legal requirements (such as applicable statutes of limitation).

After expiry of the applicable retention periods, your Personal Data will be deleted. If there is any data that we are unable, for technical reasons, to delete entirely from our systems, we will implement appropriate measures to prevent any further use of such data.

For more information on data retention periods, please contact us by using the information in the "Contact Ocean.io" section, below.

10. Your rights relating to your personal data

10.1 Your rights

You may have certain rights relating to your Personal Data, subject to local data protection laws. Depending on the applicable laws these rights may include the right to:

  • Access your Personal Data held by us;
  • Know more about how we processed your Personal Data;
  • Rectify inaccurate Personal Data and, taking into account the purpose of processing the Personal Data, ensure it is complete;
  • Erase or delete your Personal Data (also referred to as the right to be forgotten), to the extent permitted by applicable data protection laws;
  • Restrict our processing of your Personal Data, to the extent permitted by law;
  • Transfer your Personal Data to another controller, to the extent possible (right to data portability);
  • Object to any processing of your Personal Data, including for direct marketing purposes;
  • Opt out of certain disclosures of your Personal Data to third parties;
  • Not be discriminated against for exercising your rights described above;
  • Not be subject to a decision based solely on automated processing, including profiling, which produces legal effects; and
  • Withdraw your consent at any time (to the extent we base processing on consent), without affecting the lawfulness of the processing based on such consent before its withdrawal.

10.2 How to exercise your rights

To exercise your rights, please contact us by using the information in the "Contact Ocean.io" section, below. We try to respond to all legitimate requests within 14 business days unless otherwise required by law, and will contact you if we need additional information from you in order to honor your request or verify your identity.

Some registered users may update their user settings, profiles, organization settings and event registrations by logging into their accounts and editing their settings or profiles.

To update your billing information, discontinue your account or request return or deletion of your Personal Data and other information associated with your account, please contact us by using the information in the "Contact Ocean.io" section, below.

10.3 Your rights relating to customer data

As described above, we may also process Personal Data submitted by or for a customer to our products and services. To this end, if not stated otherwise in this Privacy Policy & Statement or in a separate disclosure, we process such Personal Data as a processor on behalf of our customer (and its affiliates) who is the controller of the Personal Data.

If your data has been submitted to us by or on behalf of an Ocean.io customer and you wish to exercise any rights you may have under applicable data protection laws, please inquire with them directly. Because we may only access a customer's data upon their instructions, if you wish to make your request directly to us, please provide us the name of the Ocean.io customer who submitted your data to us.

10.4 Your preferences for email and SMS marketing communications

If we process your Personal Data for the purpose of sending you marketing communications, you may manage your receipt of marketing and non-transactional communications from Ocean.io by clicking on the "unsubscribe" link located on the bottom of Ocean.io marketing emails or by replying or texting 'STOP' if you receive Ocean.io SMS communications.

Please note that opting out of marketing communications does not opt you out of receiving important business communications related to your current relationship with us, such as communications about your subscriptions or event registrations, service announcements or security information.

11. How we secure your personal data

We take appropriate precautions including organizational, technical, and physical measures to help safeguard against accidental or unlawful destruction, loss, alteration, and unauthorized disclosure of, or access to, the Personal Data we process or use.

While we follow generally accepted standards to protect Personal Data, no method of storage or transmission is 100% secure. You are solely responsible for protecting your password, limiting access to your devices and signing out of websites after your sessions. If you have any questions about the security of our websites, please contact us by using the information in the "Contact Ocean.io" section, below.

12. Changes to this Privacy Statement

We will update this Privacy Statement from time to time to reflect changes in our practices, technologies, legal requirements, and other factors. If we do, we will update the "effective date" at the top. If we make a material update, we may provide you with notice prior to the update taking effect, such as by posting a conspicuous notice on our website or by contacting you directly.

We encourage you to periodically review this Privacy Statement to stay informed about our collection, processing and sharing of your Personal Data.

13. Contact Ocean.io

To exercise your rights regarding your Personal Data, or if you have questions regarding this Privacy Statement or our privacy practices please fill out this form, email us at [email protected] or write to us at:

Ocean ApS (Ocean.io Data Controller)
Søtorvet 5, 1th
1371 Copenhagen K
Denmark

We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If, however, you believe that we have not been able to assist with your complaint or concern, and you are located in the EU, you have the right to lodge a complaint with the competent supervisory authority.

Last updated: December 3rd, 2025