Effective Date: March 31, 2021
This Privacy Policy applies to InAppStory Inc, (228 Park Ave S, PMB 68212, New York, New York 10003-1502 US) incorporated under the laws of USA in Delaware and INAPPSTORY EUROPE UNIPESSOAL LDA, a limited liability company incorporated and registered in Portugal (company number 516348582) whose registered office is at Largo Do Sol Posto, 1, 8000-150 Faro Portugal (“InAppStory”).
This Privacy Policy describes how InAppStory collects and uses the information, which may include personal data, you provide on our websites: https://inappstory.com ('Sites'). The Sites are jointly referred to as the 'Services.'
This Privacy Policy applies to owners, employees, representative, or other individuals acting on behalf of party to which InAppStory provides the Services. We act in our customers’ interest and are transparent about the processing of any personal data.
“Personal data” refers to any information relating to an identifiable individual or their personal identity.
CONSENT
In subscribing to our Services or filling in a contact form on our Sites, you agree and accept that we may gather, process, store and/or use the submitted personal data under the rules set forth below.
By giving your consent to us, you retain the right to have your personal data rectified and/or to be erased.
DATA COLLECTION
To grant you access and to use our Services, InAppStory requests you to provide the following information, some of which may be personal data:
Contact details: We collect your contact information such as first name and last name, business email address and address, job workplace and position, telephone number.
Financial information: We collect data necessary for payment, including for invoicing purposes, such as your billing details and credit card number.
Other: When communicating with InAppStory, InAppStory collects and processes written communications: email and live chat sessions, for improving its Services and quality control, which includes the usage of the collected communications for the handling of claims and fraud detection purposes. Collected communications are kept for a limited amount of time and automatically deleted, unless InAppStory has a legitimate interest to keep such communications for a longer period, including for fraud investigation and legal purposes.
DATA WE COLLECT ON SITES AUTOMATICALLY
When using the Services, InAppStory also collects information automatically, some of which may be personal data. This includes data such as:
InAppStory may also collect data automatically through cookies. For information on how we use cookies, refer to cookies and tracking.
DATA PROCESSING PURPOSES
We use the information you provide, some of which may be personal data, for the following purposes:
LEGAL BASE
InAppStory relies on the legal basis that the processing of your personal data is necessary for the performance of your agreement with InAppStory. If you do not provide the requested information, InAppStory cannot register your property, allow you to use, administer, and manage the Services, nor can we provide customer service to you.
InAppStory relies on its legitimate commercial business interest to provide its Services to you, to prevent fraud and to improve its Services. When using personal data to serve our commercial business interest, InAppStory will always balance your rights and interests in the protection of your information against InAppStory’s rights and interests.
InAppStory relies also where applicable on compliance with legal obligations (such as lawful law enforcement requests). Where needed under applicable law, InAppStory will obtain your consent prior to processing your personal data for direct marketing purposes.
If you wish to object to the processing set out and no opt-out mechanism is available to you directly (for instance in your account settings), to the extent applicable, please contact our Data Protection Officer at privacy@inappstory.com
DATA SHARING
We share your information, which may include personal data, with third parties as permitted by law and as described below. We do not sell or rent your personal data.
Service Providers: We share your information with third party service providers to provide our Services, store data and/or maintain the Sites or conduct business on our behalf. These service providers shall process personal data only as instructed by and to provide the services to InAppStory.
Payment Providers and other Financial Institutions: To process payments between you and InAppStory your information, as relevant, is shared with payment providers and other financial institutions.
Compelled Disclosure: When legally required, strictly necessary for the performance of the Services, or to protect our rights, we disclose your information to governmental authorities including law enforcement (subject to a lawful request), or in legal proceedings.
Sharing and Disclosure of Aggregate Data: We may share information in aggregate form and/or in a form which does not enable the recipient of such information to identify you, with third parties, for example for industry and demographic analysis.
In addition, InAppStory can disclose your personal data to third parties if you (or your account administrator acting on your behalf) requests or authorizes disclosure thereof.
INTERNATIONAL DATA TRANSFERS
The transmission of personal data as described in this Privacy Policy may include overseas transfers of personal data to countries whose data protection laws are not as comprehensive as those of the countries within the European Union. Where required by European law, InAppStory shall only transfer personal data to recipients offering an adequate level of data protection. In these situations, as may be required, we make contractual arrangements to ensure that your personal data is still protected in line with European standards. You can ask us to see a copy of these contractual agreements by contacting our Data Protection Officer at privacy@inappstory.com .
THIRD PARTY DATA
To provide its Services, InAppStory captures and stores information, which may include personal data, about you and your end-users uploading materials to InAppStory: (1) IP addresses; (2) request headers; (3) data submitted to the API of our Services.
InAppStory, upon request from you or your account administrator acting on your behalf, may use the data derived from media uploaded by your end-users to: (1) detect MIME types; (2) deliver, convert or otherwise process media upon request to our Services.
You can recover, modify or delete your data from your InAppStory account at any time through the dedicated procedures provided within its Services.
InAppStory does not sell, share or rent out data stored in your InAppStory account to third parties, nor does it use them for any purposes other than those outlined in this Privacy Policy.
By using our Services (receiving data from your end-users), you are considered the data controller within the meaning of the GDPR; InAppStory is acting as a data processor. In this capacity, you are responsible for:
When using our Services to receive data from EU citizens, it is your obligation to ensure that your entire data pipeline complies with the GDPR regulations. When using our Services to receive data from citizens of the California state (USA), it is your obligation to ensure that your entire data pipeline complies with the CCPA regulations. This implies you should sign (if applicable) the Data Processing Agreement provided by InAppStory to ensure GDPR / CCPA compliance of data flows between you and the Services. Please, use Terms of Service (https://inappstory.com/offer) as a draft of the Data Processing Agreement.
DATA SECURITY
Within the framework of its Services, InAppStory attributes the very highest importance to the security and integrity of information and personal data. InAppStory observes reasonable procedures to prevent unauthorized access to, and the misuse of, information including personal data. We use appropriate business systems and procedures to protect and safeguard information including personal data. We also use security and managerial procedures and industry standard technical restrictions for accessing and using the personal data on our servers. Only authorized personnel are permitted to access personal data in the course of their work.
In accordance with the GDPR and CCPA, InAppStory undertakes to take all pertinent precautions in order to preserve the security of the data and, in particular, to protect them against any accidental or unlawful destruction, accidental loss, corruption, unauthorized circulation or access, as well as against any other form of unlawful processing or disclosure to unauthorized persons.
To this end, InAppStory implements industry standard security measures to protect personal data from unauthorized disclosure. In using industry recommended methods of encoding, InAppStory takes the measures necessary to protect information connected with payments and credit cards.
DATA RETENTION
We will retain your information, which may include personal data, for as long as we deem it necessary to enable you to use our Services, to provide our Services to you, to comply with applicable laws, resolve disputes with any parties and otherwise as necessary to allow us to conduct our business, including to detect and prevent fraud or other illegal activities. All personal data we retain will be subject to this Privacy Policy.
InAppStory in no way undertakes to store all your data indefinitely. You can access data so long as you hold an active account with us and for a period that varies depending on the type of data concerned and the subscribed plan, but, in no event no longer than 12 months after the closing of your account. The data may be deleted at any time during active use of your account in accordance with the provisions set forth above.
If you have a question about a specific retention period for certain types of personal data, we process about you, please contact our Data Protection Officer at privacy@inappstory.com
YOUR CHOICES AND RIGHTS
We want you to be in control of how your personal information is used by us. In accordance with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks, the European General Data Protection Regulation 2016/679 (GDPR), and the California Consumer Privacy Act (CCPA), you can do this in the following ways:
Where we are using your personal information on the basis of your consent, you are entitled to withdraw that consent at any time subject to applicable law. Moreover, where we process your personal information based on legitimate interest or the public interest, you have the right to object at any time to that use of your personal information subject to applicable law.
We rely on you to ensure that your personal information is complete, accurate, and current. Please do inform us promptly of any changes to or inaccuracies of your personal information by contacting privacy@inappstory.com . Your applications will be processed within 30 days. We may require your application to be accompanied by a photocopy of proof of identity or authority.
In addition, you have the right to lodge a complaint with the data protection authority in your jurisdiction.
COOKIES AND TRACKING
As a general rule, InAppStory uses cookies to improve and personalize its Sites and Services and/or measure its audience. Cookies are files saved to your local storage when browsing on the internet and in particular on our Sites. A cookie is not used to gather your personal data without your knowledge but instead to record information on site browsing which can be read directly by InAppStory on your subsequent visits.
You can choose to decline acceptance of all cookies, but your ability to browse certain pages of our Sites may be reduced. The cookies used by InAppStory are intended to enable or facilitate communication, to enable the Services requested by users to be supplied, to recognize users when they re-visit the site, to secure payments which users may make, or other preferences necessary for the service requested to be supplied and to enable InAppStory, internally, to carry out analyses on hit rates and browsing experience so as to improve content, to track email open rates, click rates, and bounce-back rates at individual levels.
By default, cookies are not installed automatically (except for those cookies needed to run the InAppStory Sites and Services, and you are informed of their installation by a clickable banner with a text description). In accordance with the regulations that apply, InAppStory will require your authorization before implanting any other kind of cookie to your local storage. To avoid being bothered by these routine requests for authorization and to enjoy uninterrupted browsing, you can configure your device to accept InAppStory cookies, or we can remember your refusal or acceptance of certain cookies. By default, browsers accept all cookies.
When you access third party sites on our Sites, or when you are reading integration or social media links, cookies can be created by the companies disseminating these links. These third parties may be able to use cookies in the context of InAppStory’s Services (partners or other third parties supplying content or services available on the InAppStory site) and are responsible for the cookies they install, and it is their conditions on cookies which apply. InAppStory assumes no liability regarding the possible use of cookies by third parties. For more information, you are advised to check the cookie policy directly on these third-party sites concerning their use of cookies.
PRIVACY POLICY CHANGES
Just as our business changes constantly, this Privacy Policy may also change from time to time. If you want to see changes made to this Privacy Policy from time to time, we invite you to access this Privacy Policy to see the changes. If we make material changes or changes that will have an impact on you (e.g. when we start processing your personal data for other purposes than set out above), we will contact you prior to commencing that processing.
Any material changes made will be notified to you via our Sites or by email, to the extent possible, three (3) business days at least before any changes come into force.
PRIVACY SHIELD PRINCIPLES
InAppStory complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.
In compliance with the Privacy Shield Principles, InAppStory commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact InAppStory at privacy@inappstory.com or at our mailing address below:
Largo Do Sol Posto, 1, 8000-150 Faro Portugal To: Vladimir Lastovsky.
In the event we are unable to resolve your concern, you may contact EU Data Protection Authorities for EU/EEA Data Subjects and Swiss Federal Data Protection and Information Commissioner for Swiss Data Subjects which provide an independent third-party dispute resolution body. A binding arbitration option may also be available to you to address residual complaints not resolved by any other means.
InAppStory may disclose personal data to trusted third parties as indicated in the Privacy Policy. InAppStory requires that its agents and service providers that have access to Personal Data within the scope of this Privacy Shield Policy provide the same level of protection as required by the Privacy Shield Principles. We ensure that our agents process Personal Data received under the Privacy Shield in a manner consistent with our obligations under the Privacy Shield Principles, unless we prove that we are not responsible for the event giving rise to the damage. We may need to disclose Personal Data in response to lawful requests by public authorities, for law enforcement or national security reasons, or when such action is necessary to comply with a judicial proceeding or court order, or when otherwise required by law.
GDPR
InAppStory has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regards to complaints concerning data transferred from the EU and Switzerland.
QUESTIONS AND COMPLAINTS
If you have any questions or complaints about InAppStory’s Privacy Policy or practices, you may contact our Data Protection Officer at privacy@inappstory.com