Memberful Privacy Policy

What This Policy Covers

This Privacy Policy applies to information that we collect about you when you use our websites (including memberful.com) and any products and services that are available on or through our websites. Throughout this Privacy Policy we’ll refer to our website and other products and services collectively as “Services.”

Below we explain how we collect, use, and share information about you, along with the choices that you have with respect to that information.

If you have any questions about this Privacy Policy, please contact us at info@memberful.com.

If you are a visitor of a site which is running Services provided by Memberful (“Memberful Enabled Site”), the ‘End Users’ section of this Privacy Policy applies to you.

If you are an employee or independent contractor personnel of Memberful, the ‘Human Resources’ section of this Privacy Policy applies to you.

Information We Collect

We only collect information about you if we have a reason to do so–for example, to provide our Services, to communicate with you, or to make our Services better.

We collect information in three ways: if and when you provide information to us, automatically through operating our services, and from outside sources. Let’s go over the information that we collect.

Information You Provide to Us

It’s probably no surprise that we collect information that you provide to us. The amount and type of information depends on the context and how we use the information. Here are some examples:

Information We Collect Automatically

We also collect some information automatically:

Information We Collect from Other Sources

We may also get information about you from other sources. For example, if you connect your account to a third-party service provider, we may receive information from that service. The information we receive depends on which services you authorize and any options that are available. We may also get information from third party services about individuals who are not yet our users (…but we hope will be!), which we may use, for example, for marketing and advertising purposes.

How We Use Information

We use information about you as mentioned above and as follows:

How We Share Information

We do not sell our users’ private personal information.

We share information about you in the limited circumstances spelled out below and with appropriate safeguards on your privacy:

Information Shared Publicly

Information that you choose to make public is–you guessed it–disclosed publicly. That means, of course, that information like any content that you make public on your website is all available to others. Public information may also be indexed by search engines or used by third parties. Please keep all of this in mind when deciding what you would like to share.

Other Things You Should Know (Keep Reading!)

Transferring Information

Memberful is a worldwide service. By accessing or using the Services or otherwise providing information to us, you consent to the processing, transfer, and storage of information in and to the U.S. and other countries, which may have rights and protections that are different from those in your home country.

EU-U.S. and Swiss-U.S. Privacy Shield Frameworks

Memberful complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. Memberful has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

Memberful is responsible for the processing of personal data it receives, under each Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Memberful complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.

With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, Memberful is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Memberful may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. In compliance with the Privacy Shield Principles, Memberful commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Andrew Strojny at Memberful at privacyshield@memberful.com.

Memberful has further committed to refer unresolved Privacy Shield complaints to an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, you may visit https://www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint (free of charge). To facilitate fast and convenient resolution of complaints, you agree to participate in online dispute resolution through JAMS Online Mediation (Endispute).

If your Privacy Shield complaint is not satisfactorily addressed, and your complaint involves human resources data transferred to the United States from the EU in the context of the employment relationship, Memberful commits to cooperate with the panel established by the EU data protection authorities (DPA Panel) and to comply with the advice given by the DPA Panel with regard to such human resources data. To pursue an unresolved human resources complaint, you should contact the state or national data protection or labor authority in the appropriate jurisdiction. Contact details for the EU data protection authorities can be found at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm

Under certain conditions, Privacy Shield provides the right to invoke binding arbitration when other dispute resolution procedures have not provided resolution. This is described in Annex I to the Privacy Shield.

Third Party Software

If you’d like to use third party software/services with our Services, please keep in mind that when you interact with them you may provide information about yourself to those third parties. We don’t own or control these third parties and they have their own rules about collection, use and sharing of information. You should review their rules and policies when installing and using any third party software/services.

Opting Out of Electronic Communications

You may opt out of receiving promotional messages from us. Just follow the instructions in those messages. If you opt out of promotional messages, we may still send you other messages, like those about your account and legal notices.

Our Commitment to Protecting Your Data

Our customers may benefit from a number of rights in relation to their information that we process. Some rights apply only in certain limited cases, depending on your location. If you would like to manage, change, limit, or delete your personal information, you can do so via your Memberful account settings or by contacting us. Upon request, Memberful will provide you with information about whether we hold any of your personal information. By visiting your account settings, you can access, correct, change, and delete certain personal information associated with your account. In certain cases where we process your information, you may also have a right to restrict or limit the ways in which we use your personal information. In certain circumstances, you also have the right to request the deletion of your personal information, and to obtain a copy of your personal information in an easily accessible format.

If we process your information based on our legitimate interests as explained above, or in the public interest, you can object to this processing in certain circumstances. In such cases, we will cease processing your information unless we have compelling legitimate grounds to continue processing or where it is needed for legal reasons.

For more information about our commitment to data protection, please see the Memberful Data Protection policy.

Your Obligations to Respect Individual User’s Rights

In connection with using our Services, you may receive and determine what to do with certain personal information from your users, such as when communicating with them and entering into transactions with them. This means you process personal information (for example, buyer name, email address, and shipping address) and, to the extent you do so, under EU law, you are an independent controller of data relating to other users that you may have obtained through the Services.

You are responsible for protecting user personal information you receive or process and complying with all relevant legal requirements when you use the Services. This includes applicable data protection and privacy laws that govern the ways in which you can use a user’s information. Such laws may require that you post, and comply with, your own privacy policy, which must be accessible to your users and compatible with this policy and Memberful’s Terms of Use. For more information on the General Data Protection Regulation, see more resources at https://gdpr-info.eu and http://gdprandyou.ie.

As a data controller, to the extent that you process users’ personal information outside of the Services, you may be required under applicable data protection and privacy laws to honor requests for data access, portability, correction, deletion, and objections to processing. Also, if you disclose personal information without the user’s proper consent, you are responsible for that unauthorized disclosure. This includes, for example, disclosures you intentionally make or unintentional data breaches. For example, you may receive a buyer’s email address or other information as a result of entering into a transaction with that buyer. This information may only be used for the authorized purpose. You may not use this information for unsolicited commercial messages or unauthorized transactions. Without the user’s consent, and subject to other applicable Memberful policies and laws, you may not add any user to your email or physical mailing list, use that user’s identity for marketing, or obtain or retain any payment information. Please bear in mind that you're responsible for knowing the standard of consent required in any given instance.

If Memberful and you are found to be joint data controllers of personal information, and if Memberful is sued, fined, or otherwise incurs expenses because of something that you did as a joint data controller of users’ personal information, you agree to indemnify Memberful for the expenses it occurs in connection with your processing of users’ personal information.

End Users

If you are a visitor of a Memberful Enabled Site, this section applies to you.

This section should always be read in conjunction with the specific Privacy Policy and Terms of Service, if any, of the Memberful Enabled Site which will contain further details regarding the processing of your personal data by the Memberful Enabled Site.

You can get more information about Memberful by visiting the ‘about Memberful’ section of our support site. Memberful assists its users/customers in providing their end users with a better experience and service as well as assist them in diagnosing technical problems and analyzing user trends. Most importantly, through Memberful’s Services, the functionality of the Memberful Enabled Site can be improved, making them more user-friendly, more valuable, and simpler to use for the end users.

Memberful has no direct relationship with the end users whose personal data it processes. An individual end user who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct their query to the Memberful customer (the data controller) whose Memberful Enabled Site you are using. If requested to remove data we will respond within a reasonable timeframe. In certain circumstances we may be required by law to retain your personal information, or may need to retain your personal information in order to continue providing a service.

Human Resources

If you are an employee or independent contractor personnel of Memberful, this section applies to you.

Memberful collects various personal data depending on your responsibilities, citizenship, and location of employment. Personal data collected is limited to information necessary to conduct business. Personal data collected includes but is not limited to: name, address, government identification number (i.e., social security number, national identification number, taxpayer identification number, driver’s license, etc.), date of birth, phone number, email address, OFAC information, resume information including but not limited to educational background, employment history, areas of expertise, job type preferences, and any other similar information.

If you are a resident of the EU, please see the above section titled “EU-U.S. and Swiss-U.S. Privacy Shield Frameworks” for additional information.

Privacy Policy Changes

Although most changes are likely to be minor, Memberful may change its Privacy Policy from time to time. Memberful encourages visitors to frequently check this page for any changes to its Privacy Policy. If we make changes, we will notify you by revising the change log below, and, in some cases, we may provide additional notice (such as adding a statement to our homepage or sending you a notification through e-mail or your dashboard). Your continued use of the Services after any change in this Privacy Policy will constitute your consent to such change.

Changelog

This Privacy Policy is a heavily modified version of the Privacy Policy made available under a Creative Commons Sharealike license by Automattic. You in turn are therefore allowed to copy it, adapt it, and repurpose it for your own use as permitted under the terms of that license. Just make sure to revise the language so that your policy reflects your actual practices.