Last updated: May 24, 2018
Mozaik.io Limited ("us", "we", or "our") operates the https://www.mozaik.io website (the "Service").
This page informs you of our policies regarding the collection, use and disclosure of Personal Information when you use our Service.
Information Collection And Use
While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you. Personally identifiable information may include, but is not limited to, your email address ("Personal Information").
When creating a user account with the Services, you'll be asked to provide your email and name. These are required in order to set up a unique account and for the transactional emails within the Services. Your email will also be used to help onboard you to the Services and provide you information about the Services.
Your email and name is also used with our in-application tracking for the legitimate interest of improving the Service. This tracking is used to identify issues, bugs and help us improve the product. We retain the information until you delete your account.
We also use your email and name for providing the legitimate interest of technical and sales support. We retain this information indefinitely. You can object to the processing of this information by contacting email@example.com.
Content and information submitted by users to the Services is referred to in this policy as “Customer Data”. As further explained below, Customer Data is controlled by the organization or other third party that created the account (the “Customer”).
Mozaik.io employees or contractors only access Customer Data at the request of Customer in order to provide support.
Billing information is collected in order to fulfill the contract of providing Services to the Customer. The collected billing information includes credit card details, billing address and billing contact. According to UK law, we are obliged to retain these details for a period of 6 years.
The billing information is processed by Stripe Inc. which process the data in the US. The data is transferred to the US under the US-EU Privacy Shield.
We may also collect information that your browser sends whenever you visit our Service ("Log Data"). This Log Data may include information such as your computer's Internet Protocol ("IP") address, browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages and other statistics.
In addition, we may use third party services such as Google Analytics that collect, monitor and analyze this type of information in order to increase our Service's functionality. These third party service providers have their own privacy policies addressing how they use such information.
If you sign up to our newsletter you are consenting to receiving newsletter and marketing communications about the Services from us. You can withdraw consent at any time by clicking unsubscribe in the emails.
Your Individual Data Rights
You have various rights over your personal information. Those rights are:
- Being informed about data collected and how it is processed
- Access to the data we have on you
- Being able to correct and update the data we have on you
- Erasure of the data we have on you
- Restricting of the processing of the data we have on you
- Being able to move the data we have on you to another service
- Knowledge of what automated decision-making and/or profiling we do with your personal information
There are circumstances when your data rights can be overridden, such as in the case of billing information which is required to be maintained for 6 years under UK law.
We don’t do any automated decision-making or profiling.
You can access and update (rectify) the Personal Information we have on you by logging onto the site and navigating to your account. If you wish to rectify information in other services please email firstname.lastname@example.org.
You can erase the data we have on you by closing and deleting your Service account. This will also anonymize the tracking data we have collected in the process of using the Service.
You can restrict various processing of your Personal Information by opting out of various services (see Appendix B).
We may employ third party companies and individuals to facilitate our Service, to provide the Service on our behalf, to perform Service-related services or to assist us in analyzing how our Service is used.
These third parties have access to your Personal Information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
|Data Type||Processing Location||Processor||GDPR Legal Basis||Retention Period|
|Customer Data||EU||Mozaik.io Ltd., AWS Europe||N/A||Until deleted by the customer or the account deleted|
|Personal Information||EU, US||Mozaik.io Ltd., AWS Europe, Intercom Inc||Legitimate Interest, Contractual||Varies (see Appendix A)|
|Log Data||EU||Mozaik.io Ltd., AWS Europe||Legitimate Interest||Varies (see Appendix A)|
|Billing Information||EU, US||Stripe Inc||Contractual||6 years as required by UK statutory obligations|
For the purposes of the GDPR legislation our Supervisory Authority is the UK’s Information Commissioner’s Office. If you wish to lodge a complaint about your data subject rights or the lawfulness of processing about the you can do so by contacting the ICO.
Compliance With Laws
We will disclose your Personal Information where required to do so by law or in accordance with an order of a court of competent jurisdiction, or if we believe that such action is necessary to comply with the law and the reasonable requests of law enforcement or to protect the security or integrity of our Service.
The security of your Personal Information is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security. As such we make no warranties as to the level of security afforded to your data, except that we will always act in accordance with the relevant UK and EU legislation.
Your information, including Personal Information, may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.
If you are located outside United Kingdom and choose to provide information to us, please note that we transfer the information, including Personal Information, to United Kingdom and process it there.
In the event that a dispute arises with regards to the international transfer of data, you agree that the courts of England and Wales shall have exclusive jurisdiction over the matter.
Links To Other Sites
We have no control over, and assume no responsibility for the content, privacy policies or practices of any third party sites or services.
Our Service does not address anyone under the age of 16 ("Children").
We do not knowingly collect personally identifiable information from children under 16. If you are a parent or guardian and you are aware that your Children has provided us with Personal Information, please contact us. If we become aware that we have collected Personal Information from a children under age 16 without verification of parental consent, we take steps to remove that information from our servers.
This Policy shall be governed and construed in accordance with the laws of England and Wales, without regard to its conflict of law provisions.
Appendix A – Personal Information Collected
|Personal Information||Processing||Lawful Basis of Processing||Retention Period|
|Stored and used to provide a unique account. Used to send transactional emails and product related updates||Contractual, Various Legitimate Interests||Until you request the deletion of your account|
|Name||Storage and display in the application and transactional emails sent to you and other account users||Contractual, Various Legitimate Interests||Until you request the deletion of your account|
|IP address||Storage and usage in application tracking||Legitimate interest of security||Indefinite|
|Analytics Cookies||Pseudo-anonymous id cookie used to aggregate session statistics||Legitimate interest of improving the application for your benefit||Up to 2 years|
Appendix B – Personal Information Processors
|Processor||Information Processed||Location of Processing||Privacy Protections||Opt-out|
|Amazon Web Services, Inc.||Email, Name, IP address||EU||GDPR, Privacy Shield, Data Processing Addendum||Delete your account|
|Stripe, Inc||Name, Email for billing and fraud purposes||US||Privacy Shield, Data Processing Addendum||N/A|
|Google LLC||Analytics Cookie for anonymous tracking||US||Privacy Shield, Data Processing Addendum||Opt-out with browser add-on|