Please note that the Site may contain links to other web sites, and the Site allows Users to download or otherwise access Content (including software), controlled by third parties. Legacy Stories is not responsible for the privacy practices of these or any other web sites or Content controlled by third parties, and you access and utilize such Content and web sites entirely at your own risk. Legacy Stories recommends that you review the privacy and other practices governing any other web sites that you choose to visit and any Content you wish to download or otherwise access.
Legacy Stories is based, and this web site is hosted, in the United States of America. If you are from the European Union, Canada or other regions of the world with laws governing data collection and use that may differ from U.S. law and you are registering an account on the Site, visiting the Site, purchasing products or services from Legacy Stories or the Site, or otherwise using the Site, please note that any personally identifiable information that you provide to Legacy Stories may be transferred to or utilized by Legacy Stories or its affiliates in the United States. Any such personally identifiable information provided may be processed and stored in the United States by Legacy Stories or a service provider acting on its behalf.
1. Who is collecting your data?
(a) Information You Explicitly Give Us: We receive and store any information you enter on our Website or give us in any other way through a direct interaction with us which includes: Your Username/Password when you create your account. Your email when/if you subscribe to our newsletter(s). Your name and email when you contact us through our contact forms. Your Username/Password when you subscribe to our services. Your Personal Data when you upload and/or create content. Your name and email when you contact our service support. Note that we do not collect any payment information when you purchase any of our products or paid subscriptions. We have an agreement with PayPal and Stripe as resellers of our services. See the Third-party Providers section below for more information.
2. How we use Personal Data.
We may use and disclose Personal Data only for the following purposes: To allow you to purchase our products and to subscribe to our services. To publish your stories, photos or recordings for viewing only according to the audience setting you choose for each item. To provide support and improve the Services we offer, as well as to enhance customer relationships. To notify you about new product releases and service developments, offers and to advertise our products and services under this policy. To track and evaluate our marketing campaigns, including online advertising and e-mail marketing campaigns.
3. Personal Data Disclosed to Third Parties
Additionally, in the event of a reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of Legacy Stories’ business, assets or stock (including in connection with any bankruptcy or similar proceedings), we may transfer the Personal Data it has collected to the relevant third party.
4. Public Information and Third Party Websites
a) Social media platforms. We maintain presences on social media platforms including Facebook, Twitter, and Instagram. Any information, communications, or materials you submit to us via a social media platform is done at your own risk without any expectation of privacy. We cannot control the actions of other users of these platforms or the actions of the platforms themselves. Your interactions with those features and platforms are governed by the privacy policies of the companies that provide them.
A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us. You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website. Google Analytics: This cookie allows us to see information on user website activities including, but not limited to page views, source and time spent on a website. The information is depersonalized and is displayed as numbers, meaning it cannot be tracked back to individuals. This will help to protect your privacy. Using Google Analytics, we can see what content is favorite on our website, and strive to give you more of the things you enjoy reading and watching. Google Adwords: Using Google Adwords code we can see which pages helped lead to an action taken by a visitor (conversion). This allows us to make better use of our paid search budget. DoubleClick: We use remarketing codes to log when users view specific pages, allowing us to provide targeted advertising in the future.
7. How You May Exercise Your Rights
You can email email@example.com and provide a photocopy of your ID card or another similar identification document, to request the exercise of the following rights: Right to require access to any Personal Data we may have about you. Right to request rectification (if incorrect) or deletion of Personal Data. Right to request limitation of their treatment, in which case Legacy Stories will only keep them for the exercise or defense of claims. Right to object to processing. Legacy Stories will no longer process the Personal Data in the way you indicate unless for compelling legitimate reasons or the exercise or defense of possible claims have to be further treated. Right to data portability. If you wish your Personal Data to be processed by another company, Legacy Stories will provide you with the portability of your data to the new data controller. We will give you access to any Personal Data we hold about you within 30 days of any request for that information. Unless it is prohibited by law, we will remove any Personal Data about an individual from our servers at your or their request. There is no charge for an individual to access or update their Personal Data.
Possibility of withdrawing consent. If you have given your consent for a specific purpose, you have the right to withdraw it at any time, without it affecting the lawfulness of the processing based on the consent before its withdrawal. How to complain to the Control Authority. If you consider that there is a problem with the way in which Legacy Stories is handling your Personal Data, you may address your complaints to Legacy Stories (indicated above) or to the corresponding Data Protection Authority.
8. Accuracy and Data Retention
We take reasonable business measures in compliance with laws to keep your Personal Data accurate and up to date, to the extent that you provide us with the information we need to do so. If your Personal Data change (for example, if you have a new email address), then you are responsible for notifying us of those changes. We will retain the following data:
(a) Disaggregated data: Disaggregated data will be retained without a deadline for deletion.
(b) Subscribers data: During the time your account is active or as long as needed to provide you with our Services under our Terms of Service. In any case, it will be the minimum necessary from time to time, currently subject to certain statutes of limitation terms: Four years: Law on Infringements and Sanctions in the Social Order (obligations regarding affiliation, registration, cancellation, contribution, payment of salaries…); Art. 66 ff. General Tax Law (Accounting Books…); Five years: Art. 1964 Civil Code (personal actions without special time limit) Six years: Art. 30 Commercial Code (Accounting Books, invoices…) Ten years: Art. 25 of the Prevention of Money Laundering and Financing of Terrorism Act.
(c) Newsletter subscribers’ details: From the moment the user subscribes to the newsletter until the subscription is ceased.
9. Children’s Privacy
Our Services and Products are not directed or targeted to children. If you have not reached the age of majority or are not able to enter into legally binding agreements in your country, you may not use our Services and Products unless supervised/accepted by an adult, as applicable. Our goal is to comply with applicable laws and regulations relating to collection and use of information from children as such term is defined by applicable laws. If you believe that we have received information from a child or other person protected under such laws, please notify us immediately by e-mailing to firstname.lastname@example.org, and we will take reasonable steps to remove that information from our databases.
10. Notice of Breach of Security
We take reasonable and appropriate measures to protect Personal Data from loss, misuse, and unauthorized access, disclosure, alteration, and destruction, taking into account the risks involved in the processing and the nature of the Personal Data. If a security breach causes an unauthorized intrusion into our system that materially affects you, then we will notify you as soon as possible (in the event of a breach being detected, Legacy Stories undertakes to inform users within 72 hours) and later report the action we took in response. We use PayPal as the reseller of our services. Therefore, all payments for the services will be made through PayPal. PayPal uses security measures to protect your information both during the transaction and after its completion. They are a United States-based seller of digital goods specialized in safe and secure Internet sales, compliant with PCI and that employs Verisign SSL Certificates. We only use service providers that enter into agreements with us whereby the service provider commits to take the appropriate measures to protect Personal Data and be compliant with GDPR.
11.Third Party Service Providers
To be transparent and provide you with the maximum information about who our third party service providers are, we list below the ones that may keep Personal Data, what information they keep, and how we ensure the GDPR compliance through their contracts.
Google. We use Google Analytics to analyze their use and optimize their performance. Google is a US company the data of which are in Google Cloud Locations. As described in their Privacy Shield certification, they comply with the EU-US and Swiss-US Privacy Shield as set forth by the US Department of Commerce regarding the collection, use and retention of Personal Data from European Union member countries and Switzerland, respectively. Google is fully committed to GDPR compliance as described on their Commitments to GDPR that articulate the commitments with us. For all the previous services, as a commitment to privacy and security, we have signed the following documents: Data Processing Security Terms (Customers) contract, and an EU Model Contract clauses.
Amazon. We use Amazon Web Services (AWS), the Amazon cloud computing platform, as host of our websites. Personal Data related to this service (except for payment details, see FastSpring above) is kept in Amazon’s systems. Amazon.com, Inc. is a US company, the data of which are in AWS Global Infrastructure. As described in their legal policies, participates in the EU-US and Swiss-US Privacy Shield Framework regarding the collection, use, and retention of Personal Data from European Union member countries and Switzerland, respectively. They have certified with the Department of Commerce that they adhere to the Privacy Shield Principles. Amazon is fully committed to GDPR compliance as described on their Compliance to GDPR that articulate the commitments with us. As an additional means of meeting the adequacy and security requirements of the GDPR, we have signed a Data Processing Addendum with Amazon.
Mad Mimi: We use Mad Mimi, a GoDaddy company, to deliver our newsletters and other email communications. Mad Mimi has servers located around the US, and keeps Personal Data about your name and email and gathers statistics about email opening and clicks as part of its service. Mad Mimi is a US company, the data of which are in the US. As described in their legal policies, they have certified their compliance with the US-EU Safe Harbor Framework and the US-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data from European Union member countries and Switzerland. They have certified with the Department of Commerce that they adhere to the Privacy Shield Principles. As described in their knowledge base, they are committed to achieving compliance with the GDPR and is mindful of your compliance efforts.
Aweber: We also use Aweber to deliver our newsletters and other email communications. Aweber has servers located around the US that keeps Personal Data about your name and email and gathers statistics about email opening and clicks as part of its service. Aweber is a US company, the data of which are in the US. As described in their legal policies, they have certified their compliance with the US-EU Safe Harbor Framework and the US-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data from European Union member countries and Switzerland. They have certified with the Department of Commerce that they adhere to the Privacy Shield Principles. As described in their knowledge base, they are committed to achieving compliance with the GDPR and is mindful of your compliance efforts.