Memberful Privacy Policy

1. What this policy covers

This Privacy Policy applies to information that we collect about you when you use our websites (including memberful.com) and any products and services that are available on or through our websites (“Services”). Below we explain how we collect, use, and share information about you, along with the choices that you have with respect to that information.If you have any questions about this Privacy Policy, please contact us at [email protected].

For the purposes of this Privacy Policy, “Memberful”, “we” or “us” means Memberful, LLC. Memberful is the processor of personal data processed, pursuant to this Privacy Policy, in cases where it processes personal data it gathers on its Customers’ behalf. In certain instances Memberful acts as a data controller in those limited instances where we decide the purposes and methods of processing personal data.

We collect and process your information on the basis of different legal grounds, depending on the nature of the information being provided and the type of processing involved. With the exception of section 8 of this Privacy Policy, when we say “you” or “your” we are referring to all individuals that provide their personal data to Memberful in the context of our Services.

If you are a visitor of a site that is running Services provided by Memberful (“Memberful Enabled Site”) site, the entire Privacy Policy applies to you, but section 8 in particular applies to you only.

2. Information we collect

We only collect information about you if we have a reason to do so–for example, to provide our Services, to communicate with you, or to make our Services better.

We collect information in three ways:

We provide further detail below.

2.1 Information you provide to us
It’s probably no surprise that we collect information that you provide to us. The amount and type of information depends on the context and how we use the information. Here are some examples.

2.2 Information we collect automatically
We also collect some information automatically.

2.3 Information we collect from other sources
We may also get information about you from other sources. For example, if you connect your account to a third-party service provider, we may receive information from that service. The information we receive depends on which services you authorize and any options that are available. We may also get information from third party services about individuals who are not yet our users (…but we hope will be!), which we may use, for example, for marketing and advertising purposes.

3. How we use your information

We use information about you as mentioned above and as follows:

4. How we share your information

We do not sell our users’ private personal information, as defined under the California Consumer Privacy Act (see section 7 of this Privacy Policy).

We share information about you in the limited circumstances spelled out below and with appropriate safeguards on your privacy.

5. Our commitment to protecting your information

Our customers may benefit from a number of rights in relation to their information that we process.

For more information about our commitment to data protection, please see the Memberful Data Protection Policy. And for more information on our commitment to security, please see our Security Policy.

6. Transferring your information

Memberful is a worldwide service. By accessing or using the Services or otherwise providing information to us, you agree to the processing, transfer to, and storage of information in the U.S. and other countries.

6.1 Contractual protections
Where appropriate, Memberful’s transfers of personal data of individuals in the EEA and Switzerland outside of those locations are performed based on contractual obligations placed on the recipient of the personal data.

6.2 Privacy Shield Principles and Framework
Memberful complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data transferred from the European Union (including all EEA countries), the United Kingdom, and Switzerland to the United States. We do not rely on the EU-US or Swiss-US Privacy Shield as our lawful basis to transfer personal data from the European Union, EFTA States, or the United Kingdom, however.

While Privacy Shield is no longer a lawful transfer mechanism, Memberful has nonetheless certified to the Department of Commerce that it adheres to the Privacy Shield Principles and participants are still obligated to comply with its principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

Memberful is responsible for the processing of personal data it receives, under each Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Memberful complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.

With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, Memberful is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Memberful may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. In compliance with the Privacy Shield Principles, Memberful commits to resolve complaints about our collection or use of your personal data. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Memberful at [email protected].

Memberful has further committed to refer unresolved Privacy Shield complaints to an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, you may visit https://www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint (free of charge). To facilitate fast and convenient resolution of complaints, you agree to participate in online dispute resolution through JAMS Online Mediation (Endispute).

If your Privacy Shield complaint is not satisfactorily addressed, and your complaint involves human resources data transferred to the United States from the EU in the context of the employment relationship, Memberful commits to cooperate with the panel established by the EU data protection authorities (DPA Panel) and to comply with the advice given by the DPA Panel with regard to such human resources data. To pursue an unresolved human resources complaint, you should contact the state or national data protection or labor authority in the appropriate jurisdiction. Contact details for the EU data protection authorities can be found at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.

Under certain conditions, Privacy Shield provides the right to invoke binding arbitration when other dispute resolution procedures have not provided resolution. This is described in Annex I to the Privacy Shield.

7. Compliance with California privacy laws

Memberful is subject to the California Consumer Privacy Act (CCPA). The CCPA allows California residents to request access to the specific pieces and categories of personal information (as defined) that the business has collected about the consumer, the categories of sources for that information, the business or commercial purposes for collecting the information, and the categories of third parties with which the information was shared.

Memberful provides California residents and all users with the right to view, access, transport or delete their information by contacting [email protected].

Under California’s “Shine the Light” law (Civil Code section 1798.83), California residents have certain rights regarding the disclosure of their information to third parties for their own direct marketing purposes. Memberful’s policy is not to disclose your information to third parties for the third parties’ direct marketing purposes if you have exercised your option to prevent that. If you wish to not have your personal information shared for those purposes, you may request that we delete your personal data by following the steps outlined above.

8. Our customers’ end users

If you are a visitor of a Memberful Enabled Site, this section applies to you only.

This section should always be read in conjunction with the specific Privacy Policy and Terms of Service, if any, of the Memberful Enabled Site which will contain further details regarding the processing of your personal data by the Memberful Enabled Site.

You can get more information about Memberful by visiting the ‘about Memberful’ section of our support site. Memberful assists its users/customers in providing their end users with a better experience and service as well as assisting them in diagnosing technical problems and analyzing user trends. Most importantly, through Memberful’s Services, the functionality of the Memberful Enabled Site can be improved, making them more user-friendly, more valuable, and simpler to use for the end users.

Memberful has no direct relationship with the end users whose personal data it processes. An individual end user who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct their query to the Memberful customer (the data controller) whose Memberful Enabled Site you are using. If we are then requested to remove data by the Memberful customer we will respond within a reasonable timeframe. In certain circumstances we may be required by law to retain your personal data, or may need to retain your personal data in order to continue providing a service.

9. Additional information

9.1 Data Processing Addendum
Memberful’s Data Processing Addendum applies where and only to the extent that Memberful processes Personal Data on your behalf in the course of providing the Services and such Personal Data is subject to Data Protection Laws requiring such a contractual framework.

9.2 Minimum age of our customers
Our Services are not directed to children, and you may not use our Services if you are under the age of 13.

9.3 Storage of your information
Memberful stores your information until it is no longer necessary to provide our Services, or until you ask us to delete your information. We are also required to retain certain information in order to comply with local laws.

9.4 Inquiries and complaints
If you have any questions about this Privacy Policy, please contact us at [email protected]. If you have a complaint, we would be happy to address that for you. But you also have the right to direct your complaint to the appropriate data protection supervisory authority.

10. Privacy Policy changes

Although most changes are likely to be minor, Memberful may change its Privacy Policy from time to time. Memberful encourages visitors to frequently check this page for any changes to its Privacy Policy. If we make changes that, in our sole discretion, are material, we may provide additional notice (such as adding a statement to our homepage or sending you a notification through e-mail or your dashboard). Your continued use of the Services after any change in this Privacy Policy will constitute your agreement to such change.

Changelog