Privacy Policy

Memory in Waves Privacy Policy

Effective date: 15 May 2020

Your right to privacy is important to us. In this privacy policy, we explain to you in detail how we handle your personal data. Please read the document carefully. If you have any questions or concerns regarding your personal data, please contact us. 

Contents of this privacy policy

  1. WHAT IS THIS PRIVACY POLICY ABOUT?
  2. WHAT PERSONAL DATA DO WE COLLECT AND FOR WHAT PURPOSES DO WE USE IT? 
  3. AUTOMATICALLY COLLECTED TECHNICAL DATA
  4. COMMERCIAL COMMUNICATION
  5. STORAGE PERIOD
  6. THIRD-PARTY ACCESS TO YOUR PERSONAL DATA
  7. INTERNATIONAL TRANSFERS
  8. OUR SECURITY MEASURES
  9. YOUR RIGHTS TO MANAGE YOUR  PERSONAL DATA
  10. CONTACT DETAILS
  1. WHAT IS THIS PRIVACY POLICY ABOUT? 

In this section, we explain to you more about this privacy policy and our role with regard to your personal data. 

1.1 What is this privacy policy about? This privacy policy applies to the processing of personal data collected from you, as an individual user or a business entity, (“you” and “your”) through the website https://memoryinwaves.com and any related services (collectively, “Memory in Waves”). For your convenience, this privacy policy is always available on Memory in Waves and you can consult it at any time. Please note that this privacy policy is not applicable to any other websites, products, services, and businesses operated by us or third parties that either integrate with Memory in Waves or are linked from Memory in Waves. Please read the privacy notices provided by the relevant third parties carefully to know how they handle your personal data. 

1.2 Who is responsible for your personal data? Memory in Waves is owned and operated by  Juan Herrera having an address at 9318 Skokie blvd., P.O. Box 4512, Skokie, IL 60077-1300, the United States of America (“we”, “us”, and “our”). We act as a data controller with regard to your personal data collected through Memory in Waves. 

1.3 What is Memory In Waves about? Memory in Waves is an e-commerce website allowing you to order and purchase customised items featuring audio or video recordings depicted in sound waves (the “Products”).

1.4 What about minors? Memory in Waves is not marketed and/or intended to be used by persons under the age of 18. We do not knowingly collect personal data of persons under the age of 18.

1.5 Do we use cookies? We use cookies on Memory in Waves because it allows us to ensure the best possible user experience. In our cookie policy available at https://memoryinwaves.com/cookie-policy, we explain in detail what cookies we use, for what purposes they are used, and how we manage cookies. 

1.6 For how long is this privacy policy valid? This version of the privacy policy enters into force on the date specified at the top of the privacy policy (please refer to the “Effective date”) and remains valid until terminated or updated by us.

1.7 Can this privacy policy be amended? We reserve the right to amend this privacy policy from time to time. We can do so in order to address changes in our business practices and laws, regulations, and industry standards applicable to us. We will notify you about the amended privacy policy by (i) posting it on this page, (ii) changing the effective date, and (iii) sending you a notice (if we have your contact details). If the changes are significant or, under the applicable law, we are required to do so, we will seek your consent. If you disagree with any changes made by us, please do not use Memory In Waves.

 

  1. WHAT PERSONAL DATA DO WE COLLECT AND FOR WHAT PURPOSES DO WE USE IT?

We do not collect more personal data than it is reasonably necessary for your use of Memory In Waves. In this section, we list the types of personal data that we collect from you, the purposes for which we use your personal data, and the lawful grounds that we rely upon. 

2.1 We comply with the principle of data minimisation. It means that we collect only a minimal amount of personal data that is necessary for your use of Memory In Waves. We further use your personal data only for specified and legitimate purposes that are listed below and rely on the lawful bases prescribed by law. We will not use your personal data for any purposes other than the purposes for which you have provided your personal data. 

    • If you register a user account, we collect your email address. We use your email address only for the purposes of sending you your password, registering and maintaining your user account, contacting you, if necessary (e.g., to send an update about your order), and providing you with the services that you request. The lawful basis is: ‘performing a contract with you’. 
    • If you update your user account, we collect your (i) billing address, (ii) shipping address, (iii) first name, (iv) last name, (v) email address, and (vi) password. We use such data only for updating your user account, contacting you, if necessary, delivering you the Products, and maintaining our business records. The lawful bases are: ‘performing a contract with you’ and ’pursuing our legitimate business interests’ (to administer our business). 
    • When you order the Products, we collect your (i) first name, (ii) last name, (iii) address, (iv) phone number (optional),  (v) any extra notes that you decide to leave, (vi) shipping address, and (vii) payment details (i.e., your PayPal username or credit card details – card number, expiry date, and CVC). We use such data only to process your payments,  prevent fraud, produce and deliver the Products that you have ordered, and maintain our business records. The lawful bases are: ‘performing a contract with you’, ’pursuing our legitimate business interests’ (to administer our business and prevent fraud), and ‘complying with our legal obligations’.    
    • If you send us an email or contact us via our contact form, we collect your (i) name, (ii) email address, and (iii) any information that you, at your own discretion, decide to provide in your message. We use such data to respond to your inquiry. The lawful basis is: ‘pursuing our legitimate business interests’ (to grow our business); if you provide optional personal data, the lawful basis is: ‘your consent’.  
    • When you contact us via the live chat, we collect your Facebook Messenger data that you make available though your Facebook settings (e.g., your name, email address, and photo). Please note that the provision of such data to us is governed by Facebook individual privacy policy and you can control what personal data you would like to share with third parties. 
    • If you browse Memory In Waves, we automatically collect your IP address. Your IP address tells us the general area where you are located. IP addresses are used for analytics purposes and managed by our third-party analytics service providers. We do not keep records of your IP address and we cannot identify you as a natural person in any manner on the basis of your IP address. The legal basis is: ‘pursuing our legitimate business interests’ (to analyse and improve our business). 
    • If you browse Memory In Waves, we also automatically collect your cookie-related data. For more information on our use of cookies, please refer to our cookie policy available at https://memoryinwaves.com/cookie-policy

2.2 Personal data in the Files. When you submit audio/video recordings or other materials (collectively, the “Files”) when ordering the Products, those Files may contain personal data. We use the Files and the data in the Files only for producing the Products ordered by you; the Files shall not be accessed or used by us or third parties for any other purpose. You are solely responsible for making sure that the personal data in the Files was obtained in a lawful manner. You are not allowed to submit any personal data that was obtained in an unlawful manner (e.g., without consent of a data subject). The legal basis is: ‘performing a contract with you’. 

2.3 What optional personal data can you supply to us in other occasions? In some special occasions, you may decide to share with us some personal data, at your own discretion. For example, if you participate in a contest, activity, or event organised by us, request support from us, provide feedback about the Products, or communicate with us via social media, you may make available certain information about yourself. Please keep in mind that the provision of such personal data is entirely optional and it is your decision whether to share it with us or not. If you decide to disclose your personal data, we will use it for the intended purpose only, which depends on the situation, such as to reply to you, to provide you with the requested services, or to pursue our legitimate business interests (to analyse and improve our business). Where possible, we will de-identify your personal data.

2.4 Do we collect sensitive data? We do not collect special categories of personal data (“sensitive data”) when you use Memory in Waves. Sensitive data is information about your health, religious and political beliefs, racial origins, membership of a professional or trade association, or sexual orientation. If you decide, at your sole discretion, to provide such sensitive data to us, we will keep it in strict confidentiality and use it only for the sole purpose for which it was provided. The lawful basis for the processing of such sensitive data is: ‘your consent’.    

2.5 What if you decide not to provide us with your personal data? If you decide not to submit your personal data when we ask for it, the requested operations may not be performed and you may not be able to use the full functionality of Memory in Waves, purchase the Products, or get our response.

 

  1. AUTOMATICALLY COLLECTED TECHNICAL DATA

When you use Memory In Waves, our systems and services collect some technical data about your device and visits. In this section, we let you know what technical (non-personal) data we collect from you and for what purposes we use that data. 

3.1 What non-personal data do we collect? When you access and browse Memory in Waves, we or our analytics service providers automatically collect certain technical non-personal data for analytics purposes. Such non-personal data allows us to analyse your use of Memory in Waves. However, it does not allow us to identify you. We and our analytics service providers collect the following information: 

    1. The type of your device; 
    2. The type of your operating system; 
    3. The type of your browser; 
    4. Log files; 
    5. The videos that you access;
    6. Your scroll depth;
    7. The pages that you view on Memory in Waves and your time logs; 
    8. Web addresses that you access from Memory in Waves; 
    9. Your Flash version, JavaScript support, screen resolution, and screen processing ability; and 
    10. your other online behaviour data. 

3.2 For what purposes do we use non-personal data? We use the technical data listed above to analyse your use of Memory in Waves. More particularly, we use it to:

    1. Analyse what kind of users access and use Memory in Waves;
    2. Examine the content available on Memory in Waves, including its relevance, popularity, and engagement rate; 
    3. Ensure the security of Memory in Waves and prevent abuse; and
    4. Develop new services, Products, and features of Memory in Waves.

3.3 What about combined or de-identified data? In case your technical data is combined with your personal data and such a combination allows us to identify you, we will treat the aggregated data as personal data. If your personal data is de-identified in a way that it cannot be associated with an identified or identifiable natural person, such data will not be personal data and we reserve the right to use it for any reasonable business purpose.

 

  1. COMMERCIAL COMMUNICATION

We may send you promotional offers from time to time. In this section, we explain when you can be contacted for promotional purposes and what you can do to decline our commercial communication.

4.1 Why do we send commercial communication? We send commercial communication like newsletters, advertisements, special offers, information about our new Products, if we want to inform you about the latest developments of Memory in Waves and promote our Products. When sending commercial communication, we comply with the laws applicable to such communication.

4.2 When will you receive commercial communication? You will receive our commercial communication if you provide us with your express (“opt-in”) consent to receive such communication. If you subscribe to our newsletter, you automatically provide your consent to receive our updates. We also have the right to send marketing communication if we have previously concluded a contract with you (e.g., if you have purchased the Products from us) and we would like to inform you about our new Products that are similar and may be of interest to you. 

4.3 How to opt out from commercial communication? You can easily opt out from our commercial communication any time free of charge. To do so, you merely need to click on the “unsubscribe” link that you can find in any of our digital messages or contact us directly (our contact details are available at the end of the privacy policy).

4.4 What about service-related notices? If strictly necessary and we have your contact details, we will send you important notices. Such notices include information about your order, the Products, your user account, technical aspects of Memory in Waves, your privacy and security, and other administrative matters. Please note that such notices do not fall within the scope of commercial communication that requires your consent.

 

  1. STORAGE PERIOD

We keep your personal and technical data in our systems only for as long as it is necessary for its specific and limited purposes. Below, we provide you with more information about the storage period.

5.1 How long do we store your personal data? Your personal data will be stored in our systems only for the time period it is required for the purposes for which it was provided, unless you request us to delete your personal data earlier. As soon as your personal data becomes no longer necessary for its purposes, you request us to delete your personal data, and/or we do not have another lawful ground for keep it, we will delete your personal data from our systems in a safe and secure manner.

5.2 How long do we store your technical data? Your technical data will be kept in our systems as long as it is necessary for the purposes listed in section 3.2 above.

5.3 Our legal obligations. In some cases, we are required by law to keep your personal data for a certain period of time to comply with our legal obligations. For example, your payment data and information about your orders is stored for accountancy purposes. We will store your personal data only for the minimum period required by law and delete it as soon as the required retention period expires.

 

  1. THIRD-PARTY ACCESS TO YOUR PERSONAL DATA

Where necessary, we will allow the access to your personal data by external service providers. The  situation when we disclose your personal data and the list of third parties that have access to it are provided below. 

6.1 Do we disclose your personal data to others? We do not disclose your personal data to third parties, unless it is necessary for the proper operation of Memory In Waves. For example, we may share your personal and non-personal data with third parties that  help us to maintain Memory in Waves, provide certain business services to us, or render services on our behalf (e.g., production, shipping, analytics, advertising, and email distribution services). We do not sell your personal data to third parties. 

6.2 In what instances do we disclose your personal data? We disclose your personal data only if it is required for the following purposes:

    1. Ensuring the operation of Memory in Waves;
    2. Ensuring the production and delivery of the Products ordered by you;
    3. Providing you with the requested information;
    4. Pursuing our legitimate business interests;
    5. Preventing fraud and ensuring security;
    6. Carrying out our contractual obligations;
    7. Law enforcement purposes; or 
    8. If you provide your prior consent. 

6.3 Who are our data processors? The data processors that we cooperate with agree to ensure an adequate level of protection for your personal data that is consistent with this privacy policy and the applicable data protection laws. Our data processors include:

    1. Our hosting and database service provider SiteGround (https://www.siteground.com) located in Bulgaria;
    2. Our Content Delivery Network (CDN) service provider Cloudflare (https://www.cloudflare.com) located in the United States; 
    3. Our cloud storage service provider Google (https://www.google.com/drive) located in the United States; 
    4. Our payment service providers PayPal (https://www.paypal.com) and Stripe (https://stripe.com) located in the United States; 
    5. Our marketing, newsletter and database service provider MailChimp (https://mailchimp.com) located in the United States; 
    6. Our database service providers WooCommerce (https://woocommerce.com) located in South Africa, WordPress (https://wordpress.com), and Elementor (https://elementor.com) located in Israel;
    7. Our newsletter and page builder service provider Elementor (https://elementor.com) located in Israel;
    8. Our contact form service provider Gravity Forms (https://www.gravityforms.com) lo-cated in the United States;
    9. Our live chat and technical support service provider Facebook (https://www.facebook.com) located in the United States;
    10. Our email service provider Google (https://gsuite.google.com) located in the United States;
    11. Our analytics service providers Facebook Pixel (https://www.facebook.com/business/learn/facebook-ads-pixel) and Google Analytics (https://analytics.google.com) located in the United States, and Hotjar (https://www.hotjar.com) located in Malta;
    12. Our order fulfilment and warehouse service provider Printful (https://www.printful.com) located in the United States; and
    13. Our shipping service providers DHL (https://www.dhl.com) located in Germany, UPS (https://www.ups.com), USPS (https://www.usps.com), and FedEx (https://www.fedex.com) located in the United States, DPD (https://www.dpd.com) located in France, and Latvijas Pasts (https://pasts.lv/en/) located in Latvia.

6.4 Do we disclose your non-personal data? Taking into account that your non-personal data does not allow us to identify you, it may be disclosed to third parties for any purpose. For example, we may share your technical data with third parties for business or research purposes, improving Memory In Waves, or developing new products and services. 

6.5 Legal requests. If we are contacted by a public authority, we may disclose information about you, if it is necessary for pursuing a public interest objective, such as national security or law enforcement.

6.6 Successors. In case Memory In Waves or our business is sold partly or fully, we will provide your personal data to a purchaser or successor, if necessary. We will request it to handle your personal data in line with this privacy policy.

 

  1. INTERNATIONAL TRANSFERS

Your personal data may be transferred outside the country of your residence. In this section, we inform you when we transfer your personal data abroad and what safeguards we use for such transfers.

Some of our data processors specified above are located outside the country in which you reside. For example, if you reside in a country belonging to the European Economic Area (EEA), we will need to transfer your personal data to countries outside the EEA, if it is necessary. When transferring your personal data abroad, we make sure that the country of the recipient guarantees an adequate level of protection for your personal data (for example, the recipient is a Privacy-Shield certified entity) or we conclude a data processing agreement with the recipient that ensures such protection.

 

  1. OUR SECURITY MEASURES

Your personal data must be kept safe and secure. In this section, we inform you about the measures that help us to protect your personal data.

8.1 What security measures do we use? To keep your personal data safe and secure, we implement organisational and technical information security measures. They help us to protect your personal data against unauthorised loss, misuse, access, and disclosure. Our security measures are: 

    1. Choosing reliable service providers;
    2. Secured networks (we use SSL protocol);
    3. Daily data backups; 
    4. Strong passwords to protect our systems;
    5. Limited access to your personal data by our staff; and 
    6. Anonymisation of personal data (if possible). 

8.2 How do we handle security breaches? Due to the specifics of the communications and information processing technology, no personal data is entirely secure. Although we put our best efforts to protect your personal data, we cannot be responsible for any destruction, loss, use, copying, modification, leakage, and falsification of your personal data caused by the factors that are outside our reasonable control. In case of a data breach, we will take suitable measures to mitigate it as prescribed by law.

 

  1. YOUR RIGHTS TO MANAGE YOUR  PERSONAL DATA

You have certain control over how we handle your personal data. In this section, we list the rights that you have with regard to your personal data and explain how you can exercise those rights.  

9.1 What rights do you have? You can ask us to access and manage your personal data that is in our possession. More specifically, you have the right to:

    1. Receive a copy of your personal data stored by us;
    2. Know the purposes for which we process your personal data;
    3. Correct your personal data that is inaccurate;
    4. Move your personal data to another processor;
    5. Delete your personal data stored by us;
    6. Restrict or object the processing of your personal data;
    7. Withdraw consent that you have previously provided; or
    8. Submit a complaint about how we handle your personal data.

9.2 How can you exercise your rights? If you would like to exercise your rights listed above, you can consult your user account (some personal data can be amended there); in other cases, you have to contact us at [email protected] and clearly explain your request. We may ask you to submit an identifying piece of information that will allow us to to verify your identity. Your request will be answered without undue delay (no later than 2 weeks).

9.3 How can you launch a complaint? You have the right to launch a complaint regarding our data processing activities. To do so, you should contact us first and express your concerns. We will address your complaint and respond to it as soon as possible (no later than 2 weeks). If, after receiving our response, you still have concerns, you have the right to lodge a complaint with your local data protection authority.

 

  1. CONTACT DETAILS

You can contact us to receive further clarifications regarding your personal data by using the following contact details:

Email: [email protected]

Postal address: Memory in Waves, 9318 Skokie blvd., P.O. Box 4512, Skokie, IL 60077-1300, the United States of America 

Contact form / Live chat: https://memoryinwaves.com/contact/

 

***