COOKIES AND PRIVACY POLICY

PRIVACY POLICY

Upstream Business Solutions AB d.b.a. Membrain a Swedish corporation, with registered and business offices at Industrivagen 17, 171 48 Solna, Sweden, corporate id. number 556685-9020, (“Membrain”) respects your privacy and provides you with this Privacy Policy (“Privacy Policy”) so that you may understand the ways in which we do and do not use the information you transmit when accessing and using the Membrain services, accessing and using websites, platforms and related services (hereinafter the “Service”). Please note that your access and/or use of the Service constitutes your acceptance of this Privacy Policy as well as our Terms of Use.

IF YOU DO NOT AGREE WITH THIS PRIVACY POLICY PLEASE DO NOT ACCESS AND/OR USE THE SERVICE.

1. Definitions

“Applicable Data Protection Legislation” means any legislation in force from time to time which implements the European Union Directive 95/46/EC and Directive 2002/58/EC and the General Data Protection Regulation (“GDPR”) 2016/679 of April 27th, 2016 and is applicable to this Agreement and all other applicable laws and regulations that may apply to the transfer of Personal Data.
“Personal Data” shall mean any information relating to a Data subject; an identifiable person is one who can be defined, directly or indirectly, notably by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to his/her physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Contact data and Service Data are Personal Data.
“Contact Data” means any names, phone numbers, e-mail addresses and certain financial details held within commercial systems to conduct the Parties’ relationship management and billing transactions between the Parties;
“Controller”, “Data Subject”, “Personal Data”, “Process/Processing” and “Processor”, shall have the same meaning as in the European Union Directive 95/46/EC or the General Data Protection Regulation 2016/679 of April 27th, 2016.
“Service Data” means any Party’s Personal Data (that is not Contact Data) held within the Parties’ systems, applications or databases and that may be accessed, processed, used or stored as a consequence of performing the services under the Agreement.
“Third Country” means a country that is: (i) outside of the European Economic Area; and (ii) not the subject of a formal decision by the European Commission, made pursuant to Section 25(6) of the European Union Directive 95/46/EC or under Article 45 (1) of the General Data Protection Regulation 2016/679, stating that that country ensures an adequate level of protection for personal Data.

2. Collection of information

Information collected through the Service

Where applicable, accessing and using of certain basic services may not require registering of an account with Membrain or the applicable platform/service providers that are providing the Service etc. to you. In order to access and use certain services you must register an account with Membrain or the platform/service providers that are providing the service to you. You must then create an account with Membrain or the platform/service providers’ platforms that hosts the Service to access the Service. To create an account you are required to provide certain mandatory information such as your name, your email address, account login etc. which is mandatory in order to be able to establish an account. Membrain and/or the platform/service providers (for example Google, Amazon, Microsoft etc.) collects information on the terms and conditions set out in this Privacy Policy and/or the platform/service providers’ own Privacy Policies, which can be found on the respective platforms. Membrain does not use financial information for any purpose other than processing payments. Further you may, but may not be required to, provide certain voluntary information such as date of birth, screen name, your personal profile, interests in and use of various Membrain services, games, products and services, and any other personal or preference information which you may choose to voluntarily provide.

Membrain may also collect and process other information when you interact with the Service online, such as the type of browser you are using, the type of operating system you are using; the IP address or other unique identifier such as a device identifier of any of your computer(s) or device(s) that are used to access the Service. Such information will be collected and processed irrespective of whether you only access the Service or if you actually use the Service. Membrain may also collect and process certain information when you as a user with a user account interact with the Service such as the information in your personal profile, the messages you send, the groups you form, the events you set up, the applications you add and the information you transmit information through various channels.

Information collected through other sources

Membrain may also collect information about you from other sources, such as third party sites or platforms, newspapers, blogs, instant messaging services, and other End Users of the Service through the operation of the Service in order to provide you with more useful information and a more personalized experience.

3. Cookies and logs etc.

Cookies. A cookie is information a website or app places on your computer’s or device’s hard drive so that the website or app is able to remember your preferences and/or which pages you visited on the website/app and make your visit more efficient and enjoyable. Membrain may use cookies to determine the number of unique users of the Service over a given period, or to remember user account details, etc. so that the need for multiple log-ins is eliminated. It may combine information collected through cookies to any Personal Data submitted online when using the Service to help personalize a user’s access to and use of the Service. Cookies may be disabled on your computer by indicating this in the preferences or options menus in your browser.

Log files. Log files are files that log actions that have occurred on a website or in an app. Membrain may collect data in the form of log files and may use such log files to gather statistics about End Users user habits and to assess overall service activity, including how many "hits" a particular web page is getting and other navigational data. These entries enable Membrain to track interest in specific promotions and features, troubleshoot technical concerns, and provide End Users with content that may be of interest to them. Log files are used internally only, and are not associated with any particular user, computer, or browser.

Web beacons. The Service may use a variety of technical methods for tracking purposes, including “Web beacons” etc. Web beacons are small pieces of data that are embedded in images on the pages of the Service. We may also use these technical methods to analyze the traffic patterns in the Service such as the frequency with which End Users accesses various parts of the Service etc. These technical methods may involve the transmission of information either directly to us or to another party authorized by us to collect information on our behalf. The information from use of these technical methods may be collected in a form that is personally identifiable.

4. Use of information – Purpose and legal basis
Membrain will use information about you for the following purposes in accordance with applicable laws:

Age identification
To identify your age for data protection purposes, for example to determine the legal requirements for processing of Personal Data. We request that anyone under the age of 18 not send any Personal Data about themselves over the Internet unless sent under the supervision of their parent or guardian. We do not knowingly collect Personal Data from children under 13 years old in the Service. We believe it is important to safeguard the privacy of children and encourage parents to regularly monitor their children’s use of online activities. If you are a parent and believe that your child under the age of 13 has accessed and/or used the Service and provided personally identifiable information to us, please contact us at info@membrain.com or the mailing address at the end of this Privacy Policy and we will work to delete that account and any such personally identifiable information. This in compliance with Article 6(1)(c) of the GDPR.

Information you provide or is collected from you in or in relation to the Service and information from other sources
Information is provided by you or collected in or in relation to the Service and/or collected from other sources in order to:

  • provide, operate, improve and maintain the Service, Service experience and services, your account(s);
  • send technical notices, updates, security alerts;
  • for support and troubleshooting reasons;
  • send support and administrative messages;
  • provide information about the Service;
  • monitor the end users using of the Service and activities in the Service;
  • identify, fix, and troubleshoot bugs and service errors, provide software updates etc;
  • resolve disputes, investigate and help curb fraud and illegal behavior, comply with the law, and to enforce our agreements and policies;
  • manage the Service and send you confirmations and important information about your account, the Service, purchases, subscriptions, and warranties.

Processing of this information is necessary for the purpose of performance of a contract to which you are party in order to support the operation of the Service facilitate the delivery of requested products and services and enable maintenance and update of the Service under Article 6(1)(b) of the GDPR and purposes is justified by our legitimate interests in providing advertisements and content of interest to you and improving our services in accordance with Article 6(1)(f) of the GDPR ("the balancing-of-interest rule").

5. Storage of Personal data

With respect to the processing of Personal Data, Membrain is Data Controller. Membrain shall (i) Not keep the Personal Data for longer than is necessary for the purposes of performing the Agreement unless further storage is required in order to establish, exercise or defend a legal claim or to comply with applicable law, including accounting rules; (ii) Store, process and use the Personal Data for the sole purpose of performing the Agreement; and (iii) Ensure that their employees and employees of their affiliates and subcontractors involved in the performance of the Agreement comply with the provisions of this agreement (iv) Implement all reasonable technical and organizational measures to protect your Personal Data against any accidental or unlawful destruction, accidental loss, unauthorized alteration, communication or access, (v) Where applicable report to you, upon its occurrence, any unauthorized access, disclosure, use, modification or destruction of your Personal Data, (vi) Refrain from exporting or transferring your Personal Data to any Third Country, and from collecting, using or Processing Personal Data within any Third Country, unless prior to the transfer we have ensured that an adequate level of protection of the Personal Data has been implemented in accordance with the terms and conditions stated in section 9 of this Agreement (International Data Transfers). Personal Data is deleted or anonymized as soon as it no longer serves one of the above-mentioned purposes and in any event, no later than three (3) years after your interaction with us has ended.

6. Information we share with third parties

As a general rule we will not share Personal Data that directly identifies you (such as your name, e-mail or postal address) with independent third parties without your consent, unless it is either required by law or we determine that disclosure is reasonably necessary to enforce our rights, property or operations or to protect our End Users or third parties.

Notwithstanding the foregoing, we may share information about you with certain third parties based on the legal basis in Articles 6(1)(b), 6(1)(c) and 6(1)(f) of the GDPR as follows:

  • Third-Party Agents and Contractors
    We may share information about you with third party agents and contractors in order to provide the Service to you, for ongoing development, for analytical purposes etc. We will only provide information to such third party agents and contractors for their performances of their specific assignments for us and consistent with this Privacy Policy, and for no other purposes and provided that such third party agents and contractors have ensured an adequate level of protection of the Personal Data in accordance with all Applicable Data Protection Legislation and/or though agreements with us.
  • Social networks
    Where the Service and related services are accessed and/or provided through social networks.
  • Third parties
    When required by applicable law, rule, regulation, legal process, in the process of negotiations of, any mergers and acquisitions, sale of company assets, financing or acquisition of all or a portion of our business by another company where personally identifiable information submitted to us may be transferred to the acquiring entity.
  • Courts, law enforcement agencies, legal authorities etc.
    When ordered or requested by courts, legal authorities etc. and required in order for us to abide by applicable laws, or to protect our rights, in defense in lawsuits, property or safety of Membrain, the Service, end users etc.
  • Other end-users
  • In order to provide certain Service features.

Where applicable certain third parties’ use of Personal Data will not be covered by this Privacy Policy. In such instances, you must review such third parties’ privacy policies.

We use or may use the following service providers when providing our services:

  • https://aws.amazon.com/privacy/
  • https://cloud.google.com/security/privacy/
  • https://www.microsoft.com/en-us/trust-center/privacy

7. Payment information

In order to access the complete Service, certain premium Service functions, content and features etc. you are required to pay certain fees. When purchasing such features and functions etc. you may be asked by Membrain and/or the platform/service providers to provide certain personally identifiable information, such as full name, billing address, email address, phone number, and credit card number/expiration date etc.

Once End Users have successfully entered valid credit card information etc. and completed the order process, a purchasing account will be created and maintained for them. Membrain and/or the platform/service providers will use the information provided to process the End User’s order and to send order confirmations via email, as well as to make future purchases easier for the End User. Membrain does not sell, transfer or share customer information with third parties, except where applicable the information is transferred, disclosed and shared with its third-party agent(s) who uses the information solely to handle and deliver certain online activities necessary to operate Membrain’ business (e.g. processing orders and payments).

8. Security

Membrain has taken reasonable steps to ensure that the personally identifiable information it collects is secure and we have taken reasonable measures to protect the confidentiality, security, and integrity of the Personal Data collected from our Service’s End Users. Personal Data is stored in secure operating environments that are not available to the public and that are only accessible to authorized employees and contractors. We also have security measures in place to protect the loss, misuse, and alteration of the information under our control. However, there is no such thing as perfect security. As a result, although we strive to protect personally identifying information, we cannot ensure or warrant the security of any information transmitted to us through or in connection with the Service, that we store on our systems or that is stored on our service providers' systems.

Please note that Membrain may provide links to other services and websites that are operated and hosted by third parties who may have their own information collection practices. Those other services and websites are governed by their own privacy policies, which may be substantially different from Membrain’s policies. Visitors to other services and websites are encouraged to review the privacy policies and information collection practices of those websites.

Any improper collection or misuse of User Content or information provided in the Service is a violation of the Terms of Use and should be reported to Membrain at legal@membrain.com.

9. International Data Transfers

We may transfer and share your information to third parties (including service providers operating on our behalf) which may be located in countries outside the European Union (“EU”) and/or the European Economic Area (“EEA”) which may not have the same level of data protection laws as those in the country where you are located. Where your data is sent to a country outside the EU/EEA that is not subject to an adequacy decision by the EU Commission, the transfers will only occur based on the following safeguards: i) If the entity is certified to comply with the principles for data protection under the US-EU Privacy Shield Framework ("Privacy Shield") (see Privacy Shield at www.privacyshield.gov), or ii) If we have entered into EU Commission approved standard contractual clauses with the entity, which is deemed to offer sufficient safeguards with respect to the protection of the privacy and fundamental rights and freedoms of individuals.

10. Your Choices and Controls

You have the following rights regarding your Personal Data:

The right to request access
In accordance with Article 15 of the GDPR you may request access to processed Personal Data. This includes confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:

  • the purposes of the processing;
  • the categories of Personal Data concerned;
  • the recipients or categories of recipient to whom the Personal Data have been or will be disclosed, in particular recipients in third countries or international organizations;
  • where possible, the envisaged period for which the personal data will be stored or, if not possible, the criteria used to determine that period;
  • the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
  • the right to lodge a complaint with a supervisory authority;
  • where the Personal Data are not collected from you, any available information as to the source;
  • the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

Where Personal Data is transferred to a third country or to an international organization, you have the right to be informed of the appropriate safeguards pursuant to Article 46 relating to the transfer.

You shall be provided a copy of the Personal Data undergoing processing. For any further copies requested, we may charge a reasonable fee based on administrative costs. Where you make the request by electronic means, and unless otherwise requested by you, the information shall be provided in a commonly used electronic form. The right to obtain a copy shall not adversely affect the rights and freedoms of others. Please note that the access may be restricted due to intellectual property rights or trade secrets.

The right to object

You have the right to object to the Personal Data processing on grounds relating to your particular situation when the data are processed based on the balancing-of-interest rule in Article 6(1)(f) of the GDPR, see Article 21 of the GDPR. In this case, we will cease the processing unless there are compelling legitimate grounds for the processing which override your interests, rights, and freedoms or if the processing is necessary for the establishment, exercise or defense of legal claims. You have the right to object to our processing of your Personal Data for direct marketing purposes at any time. We will cease the processing of your Personal Data for this purpose after the objection. Please note that if you exercise this right, your user license to use the Service and related services will cease automatically.

Right of correction and erasure

You have the right to have inaccurate Personal Data rectified, in accordance with Article 16 of the GDPR.

You have the right to have your Personal Data erased where one of the following grounds applies, see Article 17 of the GDPR:

  • The Personal Data is no longer necessary in relation to the purposes for which it was collected or otherwise processed,
  • if you have withdrawn your consent and there are no other legal grounds for the processing,
  • if you have objected to the processing and there are no overriding legitimate grounds for the processing,
  • the personal data have to be erased for compliance with a legal obligation in Union or Member State law,
  • the personal data have been unlawfully processed or
  • the personal data have been collected in relation to the offer of information society services.

Please note that your right to erasure may be limited if the data are necessary for compliance with a legal obligation or for the establishment, exercise or defense of legal claims.

The right to restriction

You have the right to obtain restriction of processing in certain circumstances, in accordance with Article 18 of the GDPR. If you have the right to restriction, we will only process your Personal Data with your consent or for the establishment, exercise or defense of a legal claim or to protect a person or important grounds of public interest.

The right to withdraw consent

If we have asked for your consent to our processing of your Personal Data, you have the right to withdraw your consent at any time, in accordance with Article 7 of the GDPR. If you withdraw your consent, we will cease processing of the Personal Data for which you have withdrawn consent, unless we have a legal obligation to keep some or parts of your data. Please note that if you withdraw your consent, your right to use the Service and related services will cease automatically. The withdrawal of your consent does not affect the lawfulness of processing based on your consent before its withdrawal.

The right to data portability

You have the right to receive your Personal Data that you have provided to us in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance if the processing is based on consent or contract performance, in accordance with Article 20 of the GDPR.

Changing or Removing Account Information

Access and control over most Personal Data in the Service are readily available through the profile editing tools on your account with Membrain or the applicable platform/service provider that you are accessing the Service through. End Users may modify or delete any or all of their profile information at any time by logging into their accounts at Membrain or the platform/service providers. Information will be updated as soon as possible. End Users who wish to deactivate their Service account may do so in their accounts with Membrain or the applicable platform/service provider that you are accessing the Service through. Removed information may persist in backup copies for a reasonable period of time but will not be generally available to other End Users or visitors of the Service. You cannot, however, remove communications made in any communication features in the Service, which might have been shared with other End Users (for example sending personal messages to another End Users).

If you wish to invoke any of the rights described above, you may contact us at any time by emailing us at legal@membrain.com. We will process and answer your requests without undue delay and in any event within one month of our receipt of the request unless a longer period is required due to the complexity of the request. In this case, our response time can be up to three months in total as permitted by Article 12 of the GDPR.

11. Disputes

Disputes between you and Membrain

OUR GOAL IS TO RESOLVE DISPUTES FAIRLY AND QUICKLY. FOR ALL DISPUTES AGAINST MEMBRAIN, YOU AGREE TO FIRST CONTACT MEMBRAIN AND TRY TO RESOLVE THE DISPUTE INFORMALLY BY SENDING A WRITTEN NOTICE OF THE CLAIM ("NOTICE") TO MEMBRAIN. THE NOTICE TO MEMBRAIN MUST BE SENT VIA REGISTERED LETTER TO THE ADDRESS LISTED IN SECTION 17 BELOW OR BY EMAIL WITH CONFIRMATION OF RECEIPT. THE NOTICE MUST (A) INCLUDE YOUR NAME, YOUR RESIDENTIAL ADDRESS AND E-MAIL ADDRESS AND / OR MOBILE PHONE NUMBER ASSOCIATED WITH YOUR ACCOUNT REGISTERED WITH MEMBRAIN AND/OR THE PLATFORM/SERVICE PROVIDER; (B) DESCRIBE THE TYPE AND REASON FOR THE CLAIM; AND (C) SPECIFY THE SPECIFIC COMPENSATION SOUGHT, IF ANY. IF YOU AND MEMBRAIN CANNOT AGREE ON A SOLUTION TO THE DISPUTE WITHIN 60 DAYS OF RECEIVING SUCH A NOTICE, EITHER PARTY MAY INITIATE LEGAL PROCEEDINGS IN ACCORDANCE WITH SECTIONS 12-15 BELOW.

User disputes

You are solely responsible for your interactions with other users of the Service. We reserve the right, but have no obligation, to monitor disputes between you and other users.

12. Class action waiver

YOU AGREE THAT ANY AND ALL CLAIMS MUST BE MADE IN YOUR INDIVIDUAL CAPACITY, AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS OR REPRESENTATIVE PROCEEDING.

13. Claims

YOU AND MEMBRAIN AGREE THAT ANY CAUSE OF ACTION ARISING OUT OF OR RELATED TO THE TERMS OF USE OR THIS PRIVACY POLICY MUST COMMENCE WITHIN ONE (1) YEAR AFTER THE CAUSE OF ACTION ACCRUES. OTHERWISE, SUCH CAUSE OF ACTION IS PERMANENTLY BARRED.

14. Governing law

This Agreement is governed by and will be construed in accordance with the laws of Sweden without regard to conflicts of law principles and the parties hereby consent to the sole and exclusive jurisdiction of the Swedish courts, with the district court of Solna as the first venue, to resolve any disputes hereunder.
Notwithstanding anything to the contrary, Membrain may apply to any court of competent jurisdiction for injunctive or other equitable relief.

15. Changes to our Privacy Policy

This Privacy Policy applies to all information collected by us or provided to us on and after the Effective Date. This Privacy Policy is subject to change and we may make any changes to this Privacy Policy as we see fit. Membrain will notify you of material changes by posting them on its Website and/or applicable app stores, and/or on the websites etc. You are encouraged to check back and review this Privacy Policy from time to time so that you will always know what information is collected how it is used and to whom it is disclosed. Your continued use of our services subject to this Privacy Policy will signify your acceptance of Privacy Policy changes.

16. Contact

If you have any questions, complaints or comments regarding our Privacy Policy, please contact Membrain at:

Upstream Business Solutions AB, d.b.a. Membrain
Industrivagen 17
171 48 Solna
Sweden
Email: legal@membrain.com
Telephone: +46-8-511 670 11

Last Updated: September 26, 2019