1. WHAT INFORMATION DO WE COLLECT?
Personal Information You Disclose to Us
When you visit us at MemberVault.co, subscribe to our Software as a Service (“SAAS”) product, you provide us with certain data and personal information that we collect to be able to serve you better. The data that is collected during these transactions is necessary for us to be able to give you access to your product, to keep track of how the business is run for functionality purposes, to provide you with excellent customer service.
We generally collect information such as first name, last name (optional), email address, what email service provider the user uses (optional), date of sign up, how many products the member has, how many users the member has, date and time of last activity, whether the member earned any account boosts, if so, what they are, whether the member wants to appear on the Leadership board, total size of uploads by the member, logs of timestamps of admin pages for troubleshooting purposes, and a log of errors that produced by the admin’s account.
2. OUTSIDE OF THE EUROPEAN UNION (“EU”)
If you are outside of the EU and enter your information to receive a free resource (also called freebie, lead magnet), make a purchase, respond to survey, register for a free training, or participate in a webinar, you will be automatically added to our newsletter and will receive emails and updates from us.
We do not send SPAM and our goal and purpose is to keep our emails relevant and valuable. However, if you do not wish to receive any communications from us, you can opt out by clicking on the unsubscribe link located at the bottom of the emails.
3. PEOPLE IN THE EUROPEAN UNION
If you are in the EU and opt-in to get a free resource or sign up either for a free or paid account to be a MemberVault user, participate in a free training, register for a webinar or live event, your email address will not be automatically added to the email list to receive our newsletter and updates unless you affirmatively consent to it.
Being a person who is located within the European Union, you are subject to the General Data Protection Regulation (“GDPR”). This means you will need to give us express and clear consent before we will add you to our email list for marketing and promotional emails.
You also have all the rights and protections that are afforded to you under the GDPR as we will discuss in detail further below.
Remember, that you always have the ability to unsubscribe even after giving your consent by simply clicking on the Unsubscribe link present on the footer of every email. Alternatively, you can also email us at firstname.lastname@example.org and request to be unsubscribed or deleted from our account.
4. GENERAL DATA PROTECTION ACT (GDPR)
Every business in the world that gets any traffic or buyers from the European Union must comply with the GDPR rules, even if the business is located outside of the EU.
GDPR is a data privacy and security law that intends to give power back to individuals to be in a position to control what happens to their data, how it is used, and how it is not used. The regulation went into effect on May 25, 2018. GDPR gave rise to several new and expanded rights, as well as defined several phrases that are essential for understanding this regulation.
If you operate within the European Economic Area or are an EU Resident, you can view and download our Data Processing Agreement here.
5. DEFINITIONS UNDER GDPR
Personal data — any information that will make the individual directly or indirectly identifiable. Information such as the individual’s name, last name, phone number, date of birth, social security number are all considered personal data because they can easily identify the individual in question. Other information, such as geographic location, IP address, web cookies, can also be considered personal data if they can help to identify the individual either by themselves or as part of a whole. Moreover, even data that is pseudonymous can be considered personal data if identifying the person is relatively easy.
Data controller — Data controller is the person or individual who makes decisions about the collected data-specifically how and why the personal data will be processed. MemberVault is a SAAS business, and as such is both a data controller and a data processor.
Data processor —Data processor is a third-party individual or business that actually processes the collected personal data on behalf of a data controller. The GDPR has special rules for these individuals and organizations. Data processors can be email service providers, cloud based storage softwares or services, and many others.
Data subject — The person whose data is processed. Our data subjects are our customers and clients, website visitors, and potential clients who visit membervault.co or /*.vipmembervault.com.
6. VISITORS’ RIGHTS UNDER GDPR
As someone who resides in the European Union, you are entitled to exercise certain rights that you are given under the General Data Protection Regulation (GDPR).
Any information or data that you chose to provide us will be kept with MemberVault until one of these happens: (1) you ask MemberVault to DELETE the information and/or data; (2) MemberVault decides to STOP USING the existing data processors, or (3) MemberVault decides that the cost of retaining the data outweighs the value in retaining it.
As a consumer and/or visitor on our Site who is located in the European Union region, you have the right to request access to your data that MemberVault collected on you and stores it.
You are within your rights to demand to know exactly what data and information MemberVault has collected on you. Keep in mind that some parts of this data was provided by you personally, while others were gathered through cookies and pixels.
You have the right to withdraw consent on a data that you previously gave us consent to collect and process. The right to withdraw consent applies to any future processing of that data. However, any data that has been collected and processed previously based on valid consent is lawful and not subject to liability based on any legal grounds.
You also have the right to request erasure of your data and all your information from MemberVault’s data storage. Once you request that your data be erased from MemberVault’s databases, we have thirty (30) days to comply with your request. If it’s impossible to comply within 30 days, then MemberVault will respond to the Member’s request and let them know about the issue and also give them a reasonable time as to when their request for deletion will be honored.
Aside from rights such as request to access, request to delete and rectify, an EU user also has the right to place restrictions on the data processing itself. This means a user can limit certain things that MemberVault can and cannot do with their data. You can choose to limit transfer of your data to third-party businesses (unless it’s essential for MemberVault’s basic functions).
You further have the right to file a complaint with a supervisory authority who oversees and handles issues related to the GDPR.
Lastly, it’s MemberVault’s duty to inform you that we only require information that is reasonably necessary to enter into a contract with you. We do not collect any unnecessary data, and any information we acquire is used for legitimate business purposes such as growing and scaling our business, or being able to provide satisfactory customer service to you and other users.
7. BRAZILIAN DATA PROTECTION LAW (LGPD)
The Brazilian Data Protection Law (hereafter, “LGPD”) is Brazil’s law on online privacy requirements and certain rights and privileges given to data subjects.
Under the LGPD, “processing” is defined as collection, production, reproduction, transmission, receipt, use, classification, filing, storage, control or evaluation of data, deletion, dissemination, extraction, modification, and communication. The LGPD applies to “personal data” that is defined as any information related to an identified or identifiable natural person. Moreover, sensitive data such as political opinion, racial or ethnic origin, religion, health, sex and more as they relate to a natural person.
Under the LGDP, the data subjects are given the following rights relating to their personal data:
• Awareness and confirmation of the existence of data processing;
• Anonymization or pseudonymization or removal of pieces of data that have been collected or processed without compliance with the LGPD;
• Access to personal data;
• Correction of inaccurate data;
• Right to request deletion;
• Right to revocation of consent;
• Right to request disclosure of any third parties with whom personal data is shared;
• Access to the customer policy information and consent revocation terms and conditions.
The data subject has the right to exercise these rights by getting in touch with us, MemberVault LLC anytime free of charge.
As a business, we can only process personal data if there is any legal basis for processing that data. The LGPD provides approximately ten (10) legal basis for processing data. The ten grounds are:
1. The data subject gives express consent to process the data.
2. Data processing is necessary to comply with a legal obligation.
3. Processing is essential to protect the life or physical safety of the data subject or another third party.
4. Necessary to execute a contract or contract related procedures that the data subject is a party of at the request of the data subject.
5. Necessary to process to fulfill the legitimate interests of the controller or of the third-party, except when data subject’s fundamental rights prevail.
6. Necessary to process in order to protect credit (refers to a credit score).
7. You need to process to protect the health in relation to activities of health professionals or health entities.
8. Necessary to process to carry out studies by research entities that ensure, when possible, the anonymization of personal data.
9. Necessary to process to exercise rights in judicial, arbitration and administrative procedures.
10. Necessary to process to execute public policies provided in laws or regulations, or those that are based on contracts, policies, agreements or similar binding instruments.
MemberVault LLC mostly uses legal basis #1, #4, and #5 above, which are that the data subject gives express consent to process the data; that processing is necessary to execute a contract or contract related procedures that the data subject is a party of at the request of the data subject; and that processing is necessary to to fulfill the legitimate interests of the controller or of the third-party, except when data subject’s fundamental rights prevail to process personal and sensitive data collected from you, respectively.
8. WE USE THIRD PARTY SOFTWARE AND COMPANIES
As a SAAS business, we find it necessary to use some third-party platforms to operate and run certain aspects of our business. We carefully vet and evaluate our options before committing MemberVault to work with any third-party platform.
Here are the current third-party platform that we work with:
9. INFORMATION AND DATA WE SHARE WITH OR TRANSFER TO THIRD-PARTY BUSINESSES
MemberVault shares information and personal data with ActiveCampaign, which is the email service provider that MemberVault chose to work with. Whenever a potential subscriber to our SAAS product signs up or creates an account, the following information is transferred to ActiveCampaign:
First name, email address.
ActiveCampaign then uses the first name and email address of the subscriber to send them information about their account and purchased products. We use ActiveCampaign to keep in touch with our SAAS subscribers to give them account updates, news, and send valuable content.
SamCart is the checkout cart that we chose to use for our SAAS business. We use SamCart as a means for subscribers and potential SAAS customers to purchase accounts or upgrade to a higher level account.
When our potential customers are on a SamCart page, should they decide to go through with the transaction, they will give out the following information:
Stripe and PayPal
Stripe and PayPal are payment gateways that we use for our subscribers to purchase or upgrade to our higher plans. All the payment details such as credit card or debit card numbers, security numbers, expiration codes are all stored by the payment gateways, in this case Stripe and PayPal in no particular order.
MemberVault does not itself collect or store any kind of payment information such as credit card, debit card or bank account number for its customers and potential customers. If the site visitor or customer has an issue with payment connected matters, the first place to look for answers would be to talk to either Stripe or PayPal.
Intercom is used by MemberVault as a means of providing chat support to customers and potential customers of our SAAS business. Intercom collects an email address from a customer or potential customer to be able to address their questions via email when there is no live chat available at that specific time.
Upon customer’s sign up or purchase of MemberVault SAAS plans, the contact’s name and email address are shared with Intercom. This sharing of data is essential for us to provide you with customer support and service.
The MemberVault platform is built upon the Amazon S3 server. The Amazon S3 server is where all the SAAS data is stored in.
WordPress is a widely popular content management system (“CSM”) where many people and businesses throughout the world build their business websites.
The company website, MemberVault.co is built in a self-hosted WordPress. The website contains information about our SAAS product and plans, provides an easy method for people to sign up for a free plan and try MemberVault.
Our website collects cookies, and has Google Analytics installed. Both of these pieces of data and code collect information from our website visitors. The collected information is essential for us to operate and provide the service our customers expect from us.
10. OTHER MEANS THAT DATA IS COLLECTED
There are other methods during which data and personal information is collected from our site visitors. During the time you visit and use our Site, certain limited data are collected from public databases, marketing partners, social media platforms, and analytics sources.
The types of data collected about you from other sources are your location, your computer system, which pages you have visited on our Site, how long you spend on each page, your IP address, your country, and possibly even your social media profiles and referrals.
11. CHILDREN’S ONLINE PRIVACY PROTECTION ACT (“COPPA”) COMPLIANCE
MemberVault.co and the MemberVault platform are not intended for children under the age of thirteen (13). We and MemberVault.co do not knowingly and intentionally collect any personally identifiable information from children under the age of 13. If you are under 13 years of age, please do not use or provide any information on this Website. Do not use any third parties that might have links present on this Website. Do not provide your name, address, phone number or any payment information.
If a parent or guardian believes that this Website unknowingly collected personally identifiable information from a child under the age of 13 in its database, please contact us at once at email@example.com, and we will do our best to immediately remove any and all such information from our database.
12. HOW DO WE USE THE INFORMATION WE COLLECT FROM YOU?
Keep Business Operational and Functional
Some of the information that you willingly provided to us, and others that might have been collected through cookies and other pixels, such as Google Analytics, Facebook, or site tracking pixels, are used to ensure that MemberVault platform is kept in operational and functional state. Some of the data is necessary so that the member can actually gain access to their account, receive account notifications and emails, to get customer support, help with system troubleshooting, and more.
Marketing and Advertising
The information we collected from you may be used to send you targeted marketing and advertising campaigns. These email and ad campaigns will introduce you to our products and services, or let you know of important updates. The legal basis for processing your information in this case can be based on both your valid consent or legitimate business interest.
If you do not wish to receive any marketing emails from us at any point (even if you gave your consent previously), then simply click on the “unsubscribe” link present at the footer of our emails. You may also email us at firstname.lastname@example.org to remove you from the list so you won’t receive any marketing emails.
The information that we collected from you may also be used to show you targeted ads. Those ads can be Facebook ads, Google ads, Instagram ads, Pinterest Ads, etc. These particular ads will be tailored to you based on your interest through the data that we collected. The legal basis for processing and using your data in this manner is our legitimate business interest to grow our business and operate it as well as can be.
Information Collected from Third-Party Apps and Tools
Any information collected from third-party tools such as Facebook pixel and Google Analytics, is used for statistical and analytical purposes and for evaluating and making improvements to operate and grow our business. This automatically collected information will not include personal information data.
13. SHARING YOUR PERSONAL INFORMATION AND DATA
MemberVault shares your personal information and data collected by you and third-party software with third-party companies that are associated with MemberVault and are essential to run our business. These third-party companies will keep your information secure and safe. They will not disclose it to others. The third-party companies that we share your information with are all GDPR compliant and respect your rights to your data.
We do not share, disclose, sell, lease or rent your information to any unrelated third-party business that is not associated with MemberVault and with running our business.
Only under limited circumstances will necessary information be shared with third-parties that are not associated with MemberVault business. Here are the situations in which we will share your information:
1. You gave us express consent to do so;
2. You entered into a contract for recurring payments—for this reason, your information will be processed on an as-needed basis to uphold the agreement;
3. Performance of a contract—if you are obligated to pay or perform an action, and you fail, we reserve the right to share necessary information with a third-party company, such as a collection agency or an attorney; and
4. Mandated by law—if legal proceedings are initiated, and there is a subpoena (unlikely, but better to be prepared than surprised).
Under the privacy laws, we can store strictly necessary cookies on your device for the operation and maintenance of this site. However, we do need your permission for all other types of cookies.
You will find different types of cookies on our site. Some of those are placed by third party services that are necessary for our business to operate.
15. EMAIL COMMUNICATIONS & CAN-SPAM COMPLIANCE
If you decide to contact us through email, we reserve the right to retain the content of your email messages, your email address, and our responses. We do this because it helps us with growing our business and keeping our records organized.
In compliance with the CAN-SPAM Act, any and all communications sent from our Company or Website will clearly state who the email is from, who the email is for, and how to contact the sender.
Furthermore, should you wish to not receive any more emails, you can click on the “Unsubscribe” link located at the bottom of the email.
16. CONTACT US
Our GDPR Representative
MemberVault appointed Katrina Scarlett as the GDPR Representative who will address your issues connected with GDPR. If you wish to exercise your rights, then contact the individual listed below:
NAME: Katrina Scarlett
Updated – September 21st, 2019