Effective Date: June 15th, 2018
All capitalized terms and phrases used herein but not otherwise defined shall have the same meanings given to them in Company’s Terms of Service.
Users may optionally provide their email address to subscribe to our newsletters or to obtain additional information regarding our products and services. Users may unsubscribe at any time through the opt-out link contained within those communications.
Company does not sell, trade, rent, or lease Personal Data to any third parties. Company utilizes and shares Personal Data with the following data processors:
Personal Data collected is shared its website hosting partners, Amazon Web Services and Heroku, to facilitate its cloud hosting services. Customers should click on the hyperlinks of those third party services for more information about their data collection and privacy policies.
Company integrates API’s from imgIX to facilitate image processing and manipulation capabilities of content imported into the Platform as part of the Subscription Services. Personal Data contained within those documents is accessible to imgIX. Users should review the imgIX hyperlink for more information about its data collection and use practices.
Users may follow Company and/or share information on Facebook, Twitter, and LinkedIn, as well as other additional social media/sharing services/sites Users who follow/share on such third party sites are subject to the data collection and privacy practices of such third party sites. Users should click on the applicable Privacy Policies to review for more detail about information collected from these services.
Company may offer Customers the ability to integrate third party services (such as accounting applications) within the Platform via third party API’s. Such integration will require Customers to specifically authorize Company’s access. When authorized to access, Company will store a set of tokenized credentials to use with such third party API and exchange applicable data necessary to enhance features and functionality of the Subscription Services available to Customer.
Personal Data may also be disclosed to third parties to serve our legitimate business interests as follows: (1) as required by law, such as to comply with a subpoena, or similar legal process, (2) if Company is involved in a merger, acquisition, or sale of all or a portion of its assets, (3) to investigate, prevent, or take action regarding suspected or actual illegal activities or to assist government enforcement agencies; (4) enforce our agreements with you, and/or (5) investigate and defend ourselves against any third-party claims or allegations. We will use commercially reasonable efforts to notify Users about law enforcement or court ordered requests for Personal Data unless otherwise prohibited by law.
Only persons age 18 or older are authorized to subscribe to the Subscription Services and we do not knowingly collect Personal Data from anyone under the age of 18. If a parent or guardian becomes aware that his or her child (a) under the age of 16 in applicable EU Member Countries, or (b) under the age of 13 in the U.S. and applicable EU Member Countries, has provided us with Personal Data without parental consent, he or she should contact Company at firstname.lastname@example.org. We will delete such Personal Data from our files within a commercially reasonable time, but no later than required under the applicable law relating the child’s country of residence.
We will retain account and purchase data as long as it is necessary to facilitate Customer’s access and use of the Subscription Services. When a Customer’s account is terminated, Personal Data collected through the Platform will be deleted in accordance with the requirements of applicable law. Personal Data obtained from Site visitors will be maintained as long as it is necessary to provide requested communications and information-based services or until a visitor exercises its right to opt-out of requested communications or information-based services. Anonymized and Pseudo-anonymized data will be retained as long as Company determines such data is commercially necessary for it legitimate business interests.
Data Controller. The information that we collect, process and/or use through the Platform is controlled by Monograph Inc., Attention: Privacy Department, 165 11th St., San Francisco, California 94103. You may contact us at any time by mail at the above address or by emailing us at email@example.com.
We will only collect and process Personal Data about you where we have lawful bases. Lawful bases include consent (where you have given consent), contract (where processing is necessary for the performance of a contract with you), and “legitimate interests.” Where we rely on your consent to process Personal Data, you have the right to withdraw or decline your consent at any time and where we rely on legitimate interests, you have the right to object. If you have any questions about the lawful bases upon which we collect and use your personal data, please contact us at firstname.lastname@example.org.
Users within the EU may email Company at email@example.com in order to exercise their GDPR rights to: - Access, review, restrict processing of, or otherwise request erasure of your Personal Data; - Obtain the identity of the source of any Personal Data collected; - Request correction of any errors contained within your Personal Data; - Request transfer your Personal Data to another service provider; - Object to the manner in which your Personal Data is processed; or - Lodge a complaint with a supervisory authority.
For all GDPR-based requests made pursuant to this section, Company will (a) respond as required under applicable law, (b) provide a copy of any requested Personal Data in a structured, commonly used and machine-readable format, and (c) transmit such Personal Data to another service provider without restriction in accordance with applicable law.
California law permits California-resident Customers to request and obtain from Company once a year, free of charge, certain information about their Personally Identifiable Information (“PII”) (as defined by California law) disclosed to third parties for direct marketing purposes in the preceding calendar year (if any). If applicable, this information would include a list of the categories of PII that was shared and the names and addresses of all third parties with which we shared information in the immediately preceding calendar year.
We have implemented reasonable administrative, technical and physical security measures to protect your personal information against unauthorized access, destruction or alteration. However, although we endeavor to provide reasonable security for information we process and maintain, no security system can ever be 100% secure.
In addition, Company utilizes a PCI-DSS compliant third party payment processor to ensure the security of Subscriber’s Personal Data. Subscribers should review Stripe’s Security Policy for more information on their security practices. For information relating to data stored by Amazon Web Servers, please see the AWS Cloud Security Policy for more information on its security practices.
“Do Not Track” is a feature enabled on some browsers that sends a signal to request that a website disable its tracking or cross-Platform user tracking. At present, the Platform does not respond to or alter its practices when a Do Not Track signal is received.
If you have any questions regarding your Personal Data or about our privacy practices, please contact us at: Monograph Inc., Attention: Privacy Department, 165 11th St., San Francisco, California 94103 and/or at firstname.lastname@example.org.