“Applicable Data Protection Legislation” means any legislation in force from time to time which implements the European Union Directive 95/46/EC and Directive 2002/58/EC and the General Data Protection Regulation (“GDPR”) 2016/679 of April 27th, 2016 and is applicable to this Agreement and all other applicable laws and regulations that may apply to the transfer of Personal Data.
“Personal Data” shall mean any information relating to a Data subject; an identifiable person is one who can be defined, directly or indirectly, notably by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to his/her physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Contact data and Service Data are Personal Data.
“Contact Data” means any names, phone numbers, e-mail addresses and certain financial details held within commercial systems to conduct the Parties’ relationship management and billing transactions between the Parties;
“Controller”, “Data Subject”, “Personal Data”, “Process/Processing” and “Processor”, shall have the same meaning as in the European Union Directive 95/46/EC or the General Data Protection Regulation 2016/679 of April 27th, 2016.
“Service Data” means any Party’s Personal Data (that is not Contact Data) held within the Parties’ systems, applications or databases and that may be accessed, processed, used or stored as a consequence of performing the services under the Agreement.
“Third Country” means a country that is: (i) outside of the European Economic Area; and (ii) not the subject of a formal decision by the European Commission, made pursuant to Section 25(6) of the European Union Directive 95/46/EC or under Article 45 (1) of the General Data Protection Regulation 2016/679, stating that that country ensures an adequate level of protection for personal Data.
Information collected through the Service
Membrain may also collect and process other information when you interact with the Service online, such as the type of browser you are using, the type of operating system you are using; the IP address or other unique identifier such as a device identifier of any of your computer(s) or device(s) that are used to access the Service. Such information will be collected and processed irrespective of whether you only access the Service or if you actually use the Service. Membrain may also collect and process certain information when you as a user with a user account interact with the Service such as the information in your personal profile, the messages you send, the groups you form, the events you set up, the applications you add and the information you transmit information through various channels.
Information collected through other sources
Membrain may also collect information about you from other sources, such as third party sites or platforms, newspapers, blogs, instant messaging services, and other End Users of the Service through the operation of the Service in order to provide you with more useful information and a more personalized experience.
Log files. Log files are files that log actions that have occurred on a website or in an app. Membrain may collect data in the form of log files and may use such log files to gather statistics about End Users user habits and to assess overall service activity, including how many "hits" a particular web page is getting and other navigational data. These entries enable Membrain to track interest in specific promotions and features, troubleshoot technical concerns, and provide End Users with content that may be of interest to them. Log files are used internally only, and are not associated with any particular user, computer, or browser.
Web beacons. The Service may use a variety of technical methods for tracking purposes, including “Web beacons” etc. Web beacons are small pieces of data that are embedded in images on the pages of the Service. We may also use these technical methods to analyze the traffic patterns in the Service such as the frequency with which End Users accesses various parts of the Service etc. These technical methods may involve the transmission of information either directly to us or to another party authorized by us to collect information on our behalf. The information from use of these technical methods may be collected in a form that is personally identifiable.
4. Use of information – Purpose and legal basis
Membrain will use information about you for the following purposes in accordance with applicable laws:
Information you provide or is collected from you in or in relation to the Service and information from other sources
Information is provided by you or collected in or in relation to the Service and/or collected from other sources in order to:
Processing of this information is necessary for the purpose of performance of a contract to which you are party in order to support the operation of the Service facilitate the delivery of requested products and services and enable maintenance and update of the Service under Article 6(1)(b) of the GDPR and purposes is justified by our legitimate interests in providing advertisements and content of interest to you and improving our services in accordance with Article 6(1)(f) of the GDPR ("the balancing-of-interest rule").
With respect to the processing of Personal Data, Membrain is Data Controller. Membrain shall (i) Not keep the Personal Data for longer than is necessary for the purposes of performing the Agreement unless further storage is required in order to establish, exercise or defend a legal claim or to comply with applicable law, including accounting rules; (ii) Store, process and use the Personal Data for the sole purpose of performing the Agreement; and (iii) Ensure that their employees and employees of their affiliates and subcontractors involved in the performance of the Agreement comply with the provisions of this agreement (iv) Implement all reasonable technical and organizational measures to protect your Personal Data against any accidental or unlawful destruction, accidental loss, unauthorized alteration, communication or access, (v) Where applicable report to you, upon its occurrence, any unauthorized access, disclosure, use, modification or destruction of your Personal Data, (vi) Refrain from exporting or transferring your Personal Data to any Third Country, and from collecting, using or Processing Personal Data within any Third Country, unless prior to the transfer we have ensured that an adequate level of protection of the Personal Data has been implemented in accordance with the terms and conditions stated in section 9 of this Agreement (International Data Transfers). Personal Data is deleted or anonymized as soon as it no longer serves one of the above-mentioned purposes and in any event, no later than three (3) years after your interaction with us has ended.
As a general rule we will not share Personal Data that directly identifies you (such as your name, e-mail or postal address) with independent third parties without your consent, unless it is either required by law or we determine that disclosure is reasonably necessary to enforce our rights, property or operations or to protect our End Users or third parties.
Notwithstanding the foregoing, we may share information about you with certain third parties based on the legal basis in Articles 6(1)(b), 6(1)(c) and 6(1)(f) of the GDPR as follows:
We use or may use the following service providers when providing our services:
In order to access the complete Service, certain premium Service functions, content and features etc. you are required to pay certain fees. When purchasing such features and functions etc. you may be asked by Membrain and/or the platform/service providers to provide certain personally identifiable information, such as full name, billing address, email address, phone number, and credit card number/expiration date etc.
Once End Users have successfully entered valid credit card information etc. and completed the order process, a purchasing account will be created and maintained for them. Membrain and/or the platform/service providers will use the information provided to process the End User’s order and to send order confirmations via email, as well as to make future purchases easier for the End User. Membrain does not sell, transfer or share customer information with third parties, except where applicable the information is transferred, disclosed and shared with its third-party agent(s) who uses the information solely to handle and deliver certain online activities necessary to operate Membrain’ business (e.g. processing orders and payments).
Membrain has taken reasonable steps to ensure that the personally identifiable information it collects is secure and we have taken reasonable measures to protect the confidentiality, security, and integrity of the Personal Data collected from our Service’s End Users. Personal Data is stored in secure operating environments that are not available to the public and that are only accessible to authorized employees and contractors. We also have security measures in place to protect the loss, misuse, and alteration of the information under our control. However, there is no such thing as perfect security. As a result, although we strive to protect personally identifying information, we cannot ensure or warrant the security of any information transmitted to us through or in connection with the Service, that we store on our systems or that is stored on our service providers' systems.
Please note that Membrain may provide links to other services and websites that are operated and hosted by third parties who may have their own information collection practices. Those other services and websites are governed by their own privacy policies, which may be substantially different from Membrain’s policies. Visitors to other services and websites are encouraged to review the privacy policies and information collection practices of those websites.
We may transfer and share your information to third parties (including service providers operating on our behalf) which may be located in countries outside the European Union (“EU”) and/or the European Economic Area (“EEA”) which may not have the same level of data protection laws as those in the country where you are located. Where your data is sent to a country outside the EU/EEA that is not subject to an adequacy decision by the EU Commission, the transfers will only occur based on the following safeguards: i) If the entity is certified to comply with the principles for data protection under the US-EU Privacy Shield Framework ("Privacy Shield") (see Privacy Shield at www.privacyshield.gov), or ii) If we have entered into EU Commission approved standard contractual clauses with the entity, which is deemed to offer sufficient safeguards with respect to the protection of the privacy and fundamental rights and freedoms of individuals.
You have the following rights regarding your Personal Data:
The right to request access
In accordance with Article 15 of the GDPR you may request access to processed Personal Data. This includes confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:
Where Personal Data is transferred to a third country or to an international organization, you have the right to be informed of the appropriate safeguards pursuant to Article 46 relating to the transfer.
You shall be provided a copy of the Personal Data undergoing processing. For any further copies requested, we may charge a reasonable fee based on administrative costs. Where you make the request by electronic means, and unless otherwise requested by you, the information shall be provided in a commonly used electronic form. The right to obtain a copy shall not adversely affect the rights and freedoms of others. Please note that the access may be restricted due to intellectual property rights or trade secrets.
The right to object
You have the right to object to the Personal Data processing on grounds relating to your particular situation when the data are processed based on the balancing-of-interest rule in Article 6(1)(f) of the GDPR, see Article 21 of the GDPR. In this case, we will cease the processing unless there are compelling legitimate grounds for the processing which override your interests, rights, and freedoms or if the processing is necessary for the establishment, exercise or defense of legal claims. You have the right to object to our processing of your Personal Data for direct marketing purposes at any time. We will cease the processing of your Personal Data for this purpose after the objection. Please note that if you exercise this right, your user license to use the Service and related services will cease automatically.
Right of correction and erasure
You have the right to have inaccurate Personal Data rectified, in accordance with Article 16 of the GDPR.
You have the right to have your Personal Data erased where one of the following grounds applies, see Article 17 of the GDPR:
Please note that your right to erasure may be limited if the data are necessary for compliance with a legal obligation or for the establishment, exercise or defense of legal claims.
The right to restriction
You have the right to obtain restriction of processing in certain circumstances, in accordance with Article 18 of the GDPR. If you have the right to restriction, we will only process your Personal Data with your consent or for the establishment, exercise or defense of a legal claim or to protect a person or important grounds of public interest.
The right to withdraw consent
If we have asked for your consent to our processing of your Personal Data, you have the right to withdraw your consent at any time, in accordance with Article 7 of the GDPR. If you withdraw your consent, we will cease processing of the Personal Data for which you have withdrawn consent, unless we have a legal obligation to keep some or parts of your data. Please note that if you withdraw your consent, your right to use the Service and related services will cease automatically. The withdrawal of your consent does not affect the lawfulness of processing based on your consent before its withdrawal.
The right to data portability
You have the right to receive your Personal Data that you have provided to us in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance if the processing is based on consent or contract performance, in accordance with Article 20 of the GDPR.
Changing or Removing Account Information
Access and control over most Personal Data in the Service are readily available through the profile editing tools on your account with Membrain or the applicable platform/service provider that you are accessing the Service through. End Users may modify or delete any or all of their profile information at any time by logging into their accounts at Membrain or the platform/service providers. Information will be updated as soon as possible. End Users who wish to deactivate their Service account may do so in their accounts with Membrain or the applicable platform/service provider that you are accessing the Service through. Removed information may persist in backup copies for a reasonable period of time but will not be generally available to other End Users or visitors of the Service. You cannot, however, remove communications made in any communication features in the Service, which might have been shared with other End Users (for example sending personal messages to another End Users).
If you wish to invoke any of the rights described above, you may contact us at any time by emailing us at email@example.com. We will process and answer your requests without undue delay and in any event within one month of our receipt of the request unless a longer period is required due to the complexity of the request. In this case, our response time can be up to three months in total as permitted by Article 12 of the GDPR.
Disputes between you and Membrain
OUR GOAL IS TO RESOLVE DISPUTES FAIRLY AND QUICKLY. FOR ALL DISPUTES AGAINST MEMBRAIN, YOU AGREE TO FIRST CONTACT MEMBRAIN AND TRY TO RESOLVE THE DISPUTE INFORMALLY BY SENDING A WRITTEN NOTICE OF THE CLAIM ("NOTICE") TO MEMBRAIN. THE NOTICE TO MEMBRAIN MUST BE SENT VIA REGISTERED LETTER TO THE ADDRESS LISTED IN SECTION 17 BELOW OR BY EMAIL WITH CONFIRMATION OF RECEIPT. THE NOTICE MUST (A) INCLUDE YOUR NAME, YOUR RESIDENTIAL ADDRESS AND E-MAIL ADDRESS AND / OR MOBILE PHONE NUMBER ASSOCIATED WITH YOUR ACCOUNT REGISTERED WITH MEMBRAIN AND/OR THE PLATFORM/SERVICE PROVIDER; (B) DESCRIBE THE TYPE AND REASON FOR THE CLAIM; AND (C) SPECIFY THE SPECIFIC COMPENSATION SOUGHT, IF ANY. IF YOU AND MEMBRAIN CANNOT AGREE ON A SOLUTION TO THE DISPUTE WITHIN 60 DAYS OF RECEIVING SUCH A NOTICE, EITHER PARTY MAY INITIATE LEGAL PROCEEDINGS IN ACCORDANCE WITH SECTIONS 12-15 BELOW.
You are solely responsible for your interactions with other users of the Service. We reserve the right, but have no obligation, to monitor disputes between you and other users.
YOU AGREE THAT ANY AND ALL CLAIMS MUST BE MADE IN YOUR INDIVIDUAL CAPACITY, AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS OR REPRESENTATIVE PROCEEDING.
This Agreement is governed by and will be construed in accordance with the laws of Sweden without regard to conflicts of law principles and the parties hereby consent to the sole and exclusive jurisdiction of the Swedish courts, with the district court of Solna as the first venue, to resolve any disputes hereunder.
Notwithstanding anything to the contrary, Membrain may apply to any court of competent jurisdiction for injunctive or other equitable relief.
Upstream Business Solutions AB, d.b.a. Membrain
171 48 Solna
Telephone: +46-8-511 670 11
Last Updated: September 26, 2019