- Who we are and how to contact us?
- Our Relationship to You
- Your rights relating to your Personal Data
- Whose personal data do we collect?
- When we may process your personal data?
- What Personal Data we collect
- Marketing Communications Preferences
- How we use your Personal Data and why
- Who we share your personal Data with?
- How long we store your Personal Data
- Where we store your Personal Data
- How we protect your Personal Data
- Links to Other Websites & Third Party Applications
- California Privacy Disclosures and Rights
- Customer’s Obligations to Respect Individual User’s Rights
Protection Regulation"("GDPR") and "California Consumer Privacy Act"("CCPA").
Who We Are and How to Contact Us?
Our address is 1209 Orange Street Wilmington, New Castle County, Delaware 19801, USA.
Our Relationship to You
Memberstack has the following relationships:
- A “User” is an individual providing Personal Information to us via our website or other services, software or platforms, such as by signing up for our newsletter or making an account and posting on the forums. Here, Memberstack is a data controller.
- A “Customer” is a specific type of User that has engaged us to act as an agent (a “data processor”) by obtaining our Services. The Customer is the data controller, and Memberstack is their data processor.
- A “Customer End User” is an individual that provides their Personal Information to our Customers. We do not control the purposes or the means by which their Personal Information is collected, and we are not in a direct relationship with Customer End Users.
If Customer End User who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct their query to the Memberstack customer (the data controller) whose Memberstack Enabled Site you are using. If requested to remove data we will respond within a reasonable timeframe. In certain circumstances we may be required by law to retain your personal information, or may need to retain your personal information in order to continue providing a service.
Hereinafter we may refer to Customers and Users collectively as “You.”
Your Rights Relating to Your Personal Data
- Request access to your Personal Data. If you are in certain jurisdictions, this enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it.
- Request correction of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where you have exercised your right to object to processing (see below).
- Object to processing of your Personal Data. This right exists where we are relying on a legitimate interest as the legal basis for our processing and there is something about your particular situation, which makes you want to object to processing of your Personal Data on this ground. You also have the right to object where we are processing your Personal Data for direct marketing purposes.
- Request the restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of Personal Data about you in certain scenarios (for example if you want us to establish its accuracy or the reason for processing it).
- Request the transfer of your Personal Data. If you are in certain jurisdictions, we will provide to you, or a third party you have chosen, your Personal Data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Withdraw consent. This right only exists where we are relying on consent to process your Personal Data ("Consent Withdrawal"). If you withdraw your consent, we may not be able to provide you with access to certain specific functionalities of our Site. We will advise you if this is the case at the time you withdraw your consent.
How to exercise your rights. If you want to exercise any of the rights described above, please contact us using the contact details in Who We Are and How to Contact Us.
Typically, you will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, except in relation to Consent Withdrawal, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive, or, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
We will reply to your complaint as soon as we can.
If you feel that your complaint has not been adequately resolved, please note that if you are in the EU the GDPR gives you the right to contact your local data protection supervisory authority. You can find information on your country’s data protection authority here.
Whose personal data do we collect?
We may process your personal data, if:
- You are our potential or current client;
- You are an entity (or you are providing services to an entity), that we want to sell our services to;
- You are providing services / work for our client or to an entity, that uses our services or platform developed by us (you act on behalf of them e.g. as their employee, associate, representative);
- You are interested in actions that we undertake (e.g. as part of contact with media).
When we may process your personal data?
We may process your personal data received directly from You or from other sources. Therefore, your personal data may be processed:
- If you have provided us with your personal data via various means of communication (e.g. by sending us an inquiry, via email, via our websites);
- In the case of conclusion or performance of a contract, including in case when your personal data has been provided to us as contact data for the purpose of proper performance of the above contract;
- If we have received your personal data from another source (e.g. from an entity that is our contractor / client, during events or from publicly available sources / websites).
What Personal Data we collect
Memberstack uses Personal Data we collect to provide the Services, maintain security, monitor aggregate metrics such as total number of visitors, traffic, and demographic patterns, and track user content and users as necessary to comply with the Digital Millennium Copyright Act and other applicable laws.
We collect information in three ways: if and when you provide information to us, automatically through operating our services, and from outside sources.
Information You Provide to Us. The amount and type of information depends on the context and how we use the information. Here are some examples:
- Registration Information: We ask for basic information from you in order to set up your account - for example, your name, phone number and email address.
- Transaction and Billing Information: If you buy something from us, you will provide additional personal and payment information that is required to process the transaction and your payment, such as your name, credit card information, and contact information. We process this data, but it is stored with a compliant 3rd party.
- Content Information: In connection with using the Services, you may generate content that provides us with additional information about you.
- Credentials: In connection with using the Services, you may provide us with credentials for your website (like SSH, FTP, and SFTP username and password).
- Communications with Us: You may also provide us information when you respond to surveys or communicate with us about a support question.
Information We Collect Automatically. We also collect some information automatically:
- Log Information: we collect information that web browsers, mobile devices, and servers typically make available, such as the browser type, IP address, unique device identifiers, language preference, referring site, the date and time of access, operating system, and mobile network information. We collect log information when you use our Services.
- Usage Information: We collect information about your usage of our Services. For example, we collect information about the actions that site administrators and users perform on a site–in other words, who did what, when and to what thing on a site (e.g., [username] deleted “[content]” at [time/date]). We also collect information about what happens when you use our Services along with information about your device (e.g., mobile screen size, name of cellular network, and mobile device manufacturer). We use this information to, for example, provide our Services to you, as well as get insights on how people use our Services, so we can make our Services better.
- Location Information: We may determine the approximate location of your device from your IP address. We collect and use this information to, for example, calculate how many people visit our Services from certain geographic regions. We may also collect information about your precise location via our mobile apps (when, for example, you post a photograph with location information) if you allow us to do so through your mobile device operating system’s permissions.
- Information from Cookies & Other Technologies: Please check our Cookies Policy.
Information We Collect from Other Sources. We may also get information about you from other sources. For example, if you connect your account to a third-party service provider, we may receive information from that service. The information we receive depends on which services you authorize and any options that are available. We may also get information from third party services about individuals who are not yet our, which we may use, for example, for marketing and advertising purposes.
No Special Categories of Personal Data. We do not collect any "Special Categories of Personal Data" about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sexual orientation, political opinions, trade union membership). Nor do we collect any information about criminal convictions and offences.
Children's Data. We do not knowingly solicit personal information of children under the age of 16. We do not knowingly collect personal information of and from children under the age of 16. If we learn that a child under the age of 16 has provided us with personal information without parental consent, we will take steps to delete it.
Public Data. Information that you choose to make public can be disclosed publicly. That means, of course, that information like any content that you make public on your website is all available to others. Public information may also be indexed by search engines or used by third parties. Please keep all of this in mind when deciding what you would like to share.
Marketing Communications Preferences
You can ask us to stop sending you marketing messages or modify your email preferences at any time through any of the following methods:
- by following the opt-out links on any marketing message sent to you; or
- by contacting us at any time using the contact details in Who We Are and How to Contact Us.
Where you opt out of receiving these marketing messages, this will not apply to Personal Data provided to us as a result of emails relating to existing or pending hires, using the Services or consent to direct marketing communications.
How We Use Your Personal Data and Why
We generally use Personal Data for the following: to deliver and improve our Services; to manage our software and provide you with customer and technical support; to perform research and analysis about our software; to verify your identity and prevent fraud or other unauthorized or illegal activity; to enforce or exercise any rights in our Terms of Service;
In respect of each of the purposes for which we use your Personal Data, the GDPR requires us to ensure that we have a legal basis for that use if you are within the EU. The legal bases depend on the Services you use and how you use them. This means we collect and use your Personal Data only where:
- We need it to provide you the Services, including to operate the Services, provide customer support and personalized features and to protect the safety and security of the Services;
- It satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to market and promote the Services and to protect our legal rights and interests; or
- We need to process your data to comply with a legal or regulatory obligation.
We may also rely on your consent as a legal basis for using your Personal Data where we have expressly sought it for a specific purpose. If we do rely on your consent to a use of your Personal Data, you have the right to change your mind at any time (but this will not affect any processing that has already taken place). We have set out below, in a table format, more detailed examples of relevant purposes for which we may use your Personal Data.
Why do we do this
Providing, updating, and maintaining our Services, and business
To deliver the Services you have requested.
Research and development
To enable us to improve the Services and better understand our users and the markets in which we operate. For example, we may conduct or facilitate research and use learnings about how people use our Services and feedback provided directly to us to troubleshoot and to identify trends, usage, activity patterns, areas for additional features and improvement of the Services and other insights. We also test and analyze certain new features with some users before introducing the feature to all users.
Communicating with users about the Services
To send communications via email, including, for example, responding to your comments, questions and requests, providing customer support, and sending you technical notices, service updates, security alerts. We may also provide tailored communications based on your activity and interactions with us.
Providing customer and technical support
To respond to your requests for assistance, comments and questions, to analyze crash information, to repair and improve the Services and provide other customer support.
To keep our Services and associated systems operational and secure, including, for example, verifying accounts and activity, monitoring and investigating suspicious or fraudulent activity and to identify violations of our terms and policies.
To comply with applicable law, legal process and regulations and protect legitimate business interests
As we believe is reasonably necessary to comply with a law, regulation, order, subpoena, rule of a self-regulatory organization or audit or to protect the safety of any person, to address fraud, security issues, or to protect our legal rights, interests and the interests of others.
What happens when you do not provide necessary Personal Data?
Where we need to process your Personal Data either to comply with law, or to perform the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with the functionalities of the Services). In this case, we may have to stop you from using our Services.
Who We Share Your Personal Data With?
We may share your Personal with third parties in the ways that are described in the table below. We consider this information to be a vital part of our relationship with you.
Why we share it
Our subprocessors may access your Personal Data to help us develop, maintain and provide our Services and help manage our customer relationships (including providing customer support, customer liaison, etc).
Our service providers provide us support for our Services, including, for example, development tools, search engine, hosting, maintenance, backup, storage, virtual infrastructure, analysis, identity verification, background and compliance reviews, banking services, and other services for us, which may require them to access or use Personal Data about you.
Our lawyers, accountants may need to review your personal data to provide consultancy, compliance, banking, legal, insurance, accounting and similar services.
Legal and Taxing Authorities, Regulators and Participants in Judicial Proceedings
We may disclose your Personal Data if we believe it is reasonably necessary to comply with a law, regulation, order, subpoena, rule of a self-regulatory organization or audit or to protect the safety of any person, to address fraud, security or technical issues, or to protect our legal rights, interests and the interests of others, such as, for example, in connection with the acquisition, merger or sale of securities or a business (e.g., due diligence).
With Your Consent. We may share and disclose information with your consent or at your direction. For example, we may share your information with third parties with which you authorize us to do so.
Published Support Requests. And if you send us a request (for example, via a support email or one of our feedback mechanisms), we reserve the right to publish that request in order to help us clarify or respond to your request or to help us support other users.
How long we store your Personal Data
We will retain your information for as long as it is reasonably needed for the purposes set out in How We Use Your Personal Data and Why unless you request that we remove your Personal Data as described in Your Rights Relating to Your Personal Data. We will only retain your Personal Data for so long as we reasonably need to use it for these purposes unless a longer retention period is required by law (for example for regulatory purposes). This may include keeping your Personal Data after the termination of your contract for the period of time needed for us to pursue legitimate business interests, conduct audits, comply with (and demonstrate compliance with) legal obligations, resolve disputes and enforce our agreements.
Where We Store Your Personal Data
The Services are maintained in the United States (East Coast). Personal Data that you provide us may be stored, processed and accessed by us, our staff, sub-contractors and third parties with whom we share Personal Data in the United States or elsewhere for the purposes described in this policy. We may also store Personal Data in locations outside the direct control of Memberstack (for instance, on servers or databases co-located with hosting providers).
How We Protect Your Personal Data
Memberstack uses industry-standard physical, managerial, and technical safeguards to preserve the integrity and security of your personal information. We limit access to your Personal Data to those employees and other staff who have a business need to have such access. All such people are subject to a contractual duty of confidentiality.
We periodically review our policies and procedures to evaluate their effectiveness and ensure that they remain up to date.
Links to Other Websites & Third Party Applications
Our services may contain links to other websites not operated or controlled by Memberstack. We are not responsible for the content, accuracy or opinions expressed in such websites, and such websites are not investigated, monitored or checked for accuracy or completeness by us.
If you’d like to use third party software/services with our Services, please keep in mind that when you interact with them you may provide information about yourself to those third parties. We don’t own or control these third parties and they have their own rules about collection, use and sharing of information. You should review their rules and policies when installing and using any third party software/services.
California Privacy Disclosures and Rights
The disclosures in this section apply solely to individual residents of the State of California and provide additional information about how we collect, use, disclose, and otherwise process personal information within the scope of the California Consumer Privacy Act of 2018, as amended, including its implementing regulations ("CCPA"). Unless otherwise expressly stated, all terms in this section have the same meaning as defined in the CCPA.
a. Handling Sensitive Personal Information
Certain data elements collected to provide the Service may be deemed "sensitive personal information" under the CCPA. These include your account username, password, and the contents of messages sent via our email.
We do not use or disclose such sensitive personal information to "infer" characteristics under the CCPA, except for providing the specified Service as outlined in the CCPA.
b. Sharing of Personal Information
We utilize cookies and comparable tracking technologies that empower specific advertising networks, social media entities, analytical services, and other third-party enterprises to directly gather and divulge your personal data from your browser or device when you access or engage with our Service or interact with us online.
On occasion, we might transmit personal data to specific partners for reasons related to advertising or analytics.
If you wish to decline participation in these activities involving the "sharing" of personal information (as delineated by the CCPA or other relevant privacy laws in the United States), you are required to:
- Deactivate cookies in our preference center for cookies or activate the Global Privacy Control (“GPC”) feature in your browser; and
- See this article to opt-out.
Please note that the aforementioned right to opt out does not extend to cases where we have suitably confined our partners to serve as our “service providers” or “processors” (as these terms are clarified by the CCPA or other pertinent privacy laws in the United States).
For more information on GPC, kindly refer to http://globalprivacycontrol.org.
c. Privacy Rights for California Residents
If you are a resident of California, you possess the potential to utilize the subsequent rights concerning the personal data we have gathered about you (subject to specific legal limitations):
- The Right to Know any or all of the following information relating to your personal information we have collected and disclosed in the last 12 months, upon verification of your identity:
- The specific pieces of personal information we have collected about you;
- The categories of personal information we have collected about you;
- The categories of sources of the personal information;
- The categories of personal information that we have disclosed to third parties for a business purpose, and the categories of recipients to whom this information was disclosed;
- The categories of personal information we have sold or shared and the categories of third parties to whom the information was sold or shared; and
- The business or commercial purposes for collecting, selling, or sharing the personal information.
- The Right to Request Deletion of personal information we have collected from you, subject to certain exceptions.
- The Right to Opt Out of Personal Information Sales or Sharing to third parties now or in the future.
You also have the right to be free of discrimination for exercising these rights. However, please note that if the exercise of these rights limits our ability to process personal information (such as in the case of a deletion request), we may no longer be able to provide you our Service or engage with you in the same manner.
d. How to Exercise Your California Privacy Rights
Please see section b above to exercise your right to opt out of personal information sales or sharing.
To exercise your rights to know, or delete, please submit a request by: Emailing firstname.lastname@example.org with the subject line "California Rights Request".
Please be aware that we will need to verify your identity before proceeding with your request.
Customer’s Obligations to Respect Individual User’s Rights
In connection with using our Services, you may receive and determine what to do with certain personal information from your users, such as when communicating with them and entering into transactions with them. This means you process personal information (for example, buyer name, email address, and shipping address) and, to the extent you do so, under EU law, you are an independent controller of data relating to other users that you may have obtained through the Services.
As a data controller, to the extent that you process users’ personal information outside of the Services, you may be required under applicable data protection and privacy laws to honor requests for data access, portability, correction, deletion, and objections to processing. Also, if you disclose personal information without the user’s proper consent, you are responsible for that unauthorized disclosure. This includes, for example, disclosures you intentionally make or unintentional data breaches. For example, you may receive a buyer’s email address or other information as a result of entering into a transaction with that buyer. This information may only be used for the authorized purpose. You may not use this information for unsolicited commercial messages or unauthorized transactions. Without the user’s consent, and subject to other applicable Memberstack policies and laws, you may not add any user to your email or physical mailing list, use that user’s identity for marketing, or obtain or retain any payment information. Please bear in mind that you're responsible for knowing the standard of consent required in any given instance.If Memberstack and you are found to be joint data controllers of personal information, and if Memberstack is sued, fined, or otherwise incurs expenses because of something that you did as a joint data controller of users’ personal information, you agree to indemnify Memberstack for the expenses it occurs in connection with your processing of users’ personal information.