Date of Last Revision: June 22, 2021
Sources of Personal Data We Collect:
When you visit or use the Service, we collect personal data directly from you, from third parties and automatically through our Service.
Categories of Personal Data We Collect:
When you sign up for our Service, we collect your name, email address, and encrypted password. If you log in using a 3rd party service (e.g. Facebook) we store your identifier for that service.
At your request, we collect the email addresses of other people you wish to share your projects with.
We collect and access your personal data when you reach out to our customer support team for help via email, chat, or phone.
We collect your photos, drawings, text, event dates, addresses, favorite themes, and project designs in the course of your uploading of photos and creating your projects. We also collect metadata indicating the date your photos were taken.
Through optional surveys, we may collect demographic information about you, such as your age and income ranges. Through the events you create we may also collect your birthdate.
Internet Activity Data
We collect the date you created your account, the dates you’ve logged into your account, and the dates you logged out or your session automatically expired.
When you visit our Site, we collect your IP address and information about your web browser. We may also collect your browser brand, version, operating system, and plugins in order to optimize your experience.
We use 3rd party Services (e.g. Google Analytics) that collect your IP address, information about your web browser you are using to access our Services, and details of what and when you’ve interacted with our Services and marketing promotions.
When you use the App, we may collect your location (with your authorization through your mobile OS) as well as information about your device and how you interact with the App.
We derive a rough estimate of your location based on your IP address.
We collect credit card information, billing address, shipping address, shipping speed, and item quantity when you place an order.
Mixbook does not store full credit card data. If you elect to associate a payment method with your account, that payment method will be stored by a payment service provider under contract with us. The storing payment service provider will be required to comply with the Payment Card Industry Data Security Standard (PCI DSS).
We store a record of the transactions you enter into with us, including which products you purchase.
We collect feedback from our customers via email, chat, web forms, and physical mail.
We use web browser cookies and other tracking methods to uniquely identify your browser session. We use your unique cookie before you are logged in to track and improve our Services and marketing campaigns. Once you are logged in, we use browser cookies to keep you logged in.
How We Use Your Personal Data:
We may use personal data to fulfill our contract with you, including to:
Allow you to create and edit custom photo projects.
Charge you for the products you ordered, manufacture them, and ship them.
Send invitations to view and edit your projects.
Detect and fix issues before your order is manufactured.
Verify that the person trying to login is you and not someone else.
We also use personal data as necessary for the following legitimate business interests:
Understand how you are using our Services.
Improve our Services.
Measure and improve our marketing campaigns.
Personalize our communication with you.
Approximate your location: We use your location to select a default localized experience for you to show local currency, prices, promotional offers, language, date format, shipping options, ship time estimates, and holiday lists in calendars. You may choose a different localized experience within your account settings.
Communicate with you as well as send you updates, surveys and communications about your activity on our Service such as order confirmation and shipping emails.
Troubleshoot and fix problems you may be experiencing, to improve the Site experience and for legal and security compliance purposes.
Display thumbnails to you on the site (e.g. in the shopping cart).
Customize special offers.
With your consent (where required by law), we use personal data to send you offers for products or services that may be of interest to you. You may opt out of receiving emails by following the instructions contained in each promotional email we send you. You can also control the marketing emails and/or text messages you receive by updating your settings through your account. In addition, if at any time you do not wish to receive future marketing communications, you may contact us. If you unsubscribe from our marketing lists, you will no longer receive marketing communications but we will continue to contact you regarding management of your account, other administrative matters, and to respond to your requests.
Sharing and Disclosure of Your Personal Data:
We do not sell your personal data. In certain circumstances we may share the categories of personal data described above with the following categories of third parties without further notice to you, unless required by the law, as set forth below:
We provide personal data to service providers to perform services on our behalf, such as to host the Service at a co-location facility for servers, to send out email updates about Mixbook or the Service, to process payments for products or Services, to print the projects that you order, or to provide search results, personalized advertising or links. In connection with these offerings and business operations, our service providers may have access to your personal data for use for a limited time in connection with these business activities. Where we utilize third parties for the processing of any personal data, we implement reasonable contractual and technical protections limiting the use of that data to Mixbook-specified purposes and imposing at least the same protections that we apply to your personal data.
For example: when you place an order for a printed copy of a project through the Service, your billing information is transmitted to a third-party credit card processor and your shipping information is transmitted to a third-party printer to be printed, bound, and shipped to you. In addition, if you elect to permit your credit card or other billing information to be saved, that information will be stored by such third-party credit card processor for the purpose of completing any future purchases you make in connection with the Service. We will also share your photos, name, and address with our printing and carrier services for purposes of production and delivery.
We share data with third parties in connection with advertising, retargeting and analytics on behalf of Mixbook. Under no circumstances do we rent, trade or share your address or e-mail address with any other company for their marketing purposes without your consent.
We may be required to disclose user information pursuant to lawful requests, such as subpoenas, law enforcement investigations, or court orders, or in compliance with applicable laws. We also may release information to protect our rights, property, or other interests, including those of our customers or other third parties or to prevent illegal activities or violations of the Mixbook Terms of Service. This may include sharing information with other companies, lawyers, agents, or government agencies.
If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of all or a portion of our assets, or transition of service to another provider (collectively a “Transaction”), your personal data and other information may be shared in the diligence process with counterparties and others assisting with the Transaction and transferred to a successor or affiliate after the Transaction.
We will only keep your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
By law we have to keep basic information about our customers (including Identification, Financial, and Transaction Data) for six years after they stop being customers for tax purposes.
You may come back at any time in the future and re-order products you have ordered from us in the past or utilize photos and other content you have uploaded to the service to create and order additional products (“Product Data”). You can however delete any such Product Data we retain in order to facilitate the repeat order process by sending us an email at email@example.com.
In some circumstances we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
Mixbook is not intended to be used by children, and we do not knowingly collect personally identifiable information from children under 13.
You must be at least 13 years or older to register and use the Service. If you are under the age of 13, you must use an account created by a parent or guardian, and you must have the explicit permission of a parent or guardian to use the Service.
In the event that we learn that we have collected personal data from a child under age 13, we will take appropriate steps to delete that information. If you become aware or believe that a child has provided us with personal data, please contact us.
We recommend that minors over the age of 13 ask their parents before sending any information about themselves to anyone over the internet.
Mixbook takes precautions to protect our users’ personal data. Your account information is located on a secured server behind a firewall, and we utilize other physical, electronic and procedural safeguards to protect the security and confidentiality of the information we have collected and to prevent the unauthorized access to or disclosure of your information.
However, no precautions are 100% effective. As a result, Mixbook does not guarantee that personal data you provide to us will remain secure. In the event we become aware that the security of the sites has been compromised or users' personal data has been disclosed to unrelated third parties as a result of external activity, including, but not limited to, security attacks or fraud, we reserve the right to take reasonably appropriate measures, including, but not limited to, investigation and reporting, as well as notification to and cooperation with data protection and law enforcement authorities.
Email and instant messaging including chat are not recognized as secure communications, we request that you not send private information to us by email or instant messaging services. If you have any questions about the security of the Site, please contact us at firstname.lastname@example.org.
Correcting Errors In Personal Data:
To correct errors in your personal data through the settings menu on the Services. If there’s any data you want to correct that you cannot update through settings, please email email@example.com and we are happy to make the update for you.
California Privacy Rights Disclosures:
Where provided for by law and subject to any applicable exceptions, California residents may have the following rights under the California Consumer Privacy Act of 2018 (“CCPA”):
To know the categories of personal data that Mixbook has collected about you, the business purpose for collecting your Personal Data, and the categories of sources from which the personal data was collected;
To access the specific pieces of personal data that Mixbook has collected about you;
To know whether Mixbook has disclosed your personal data for business purposes, the categories of personal data so disclosed, and the categories of third parties to whom we have disclosed your personal data;
To have Mixbook, under certain circumstances, delete your personal data; and
To be free from discrimination related to the exercise of these CCPA rights.
If you would like to exercise any or all of these rights, you may do so by contacting us. Your authorized agent may submit requests in the same manner. Once we receive your request, we will verify your identity by sending an email to the email address you provide to us.
EU and UK Citizens:
Legal Basis For Processing Personal data (European Economic Area)
Pursuant to the European Union General Data Protection Regulation (or GDPR), you have the following rights in relation to your Personal Data, under certain circumstances:
Right of access: If you ask us, we will confirm whether we are processing your Personal Data and, if so, provide you with a copy of that Personal Data along with certain other details. If you require additional copies, we may need to charge a reasonable fee.
Right to rectification: If your Personal Data is inaccurate or incomplete, you are entitled to ask that we correct or complete it. If we shared your Personal Data with others, we will tell them about the correction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so you can contact them directly.
Right to erasure: You may ask us to delete or remove your Personal Data, such as where you withdraw your consent. If we shared your data with others, we will tell them about the erasure where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Data with so you can contact them directly.
Right to restrict processing: You may ask us to restrict or ‘block’ the processing of your Personal Data in certain circumstances, such as where you contest the accuracy of the data or object to us processing it (please read below for information on your right to object). We will tell you before we lift any restriction on processing. If we shared your Personal Data with others, we will tell them about the restriction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so you can contact them directly.
Right to data portability: You have the right to obtain your Personal Data from us that you consented to give us or that was provided to us as necessary in connection with our contract with you, and that is processed by automated means. We will give you your Personal Data in a structured, commonly used and machine-readable format. You may reuse it elsewhere.
Right to object:
You may ask us at any time to stop processing your Personal Data, and we will do so:
If we are relying on a legitimate interest to process your Personal Data—unless we demonstrate compelling legitimate grounds for the processing or we need to process your data in order to establish, exercise, or defend legal claims;
If we are processing your Personal Data for direct marketing. We may keep minimum information about you in a suppression list in order to ensure your choices are respected in the future and to comply with data protection laws (such processing is necessary for our and your legitimate interest in pursuing the purposes described above);
Right to withdraw consent: If we rely on your consent to process your Personal Data, you have the right to withdraw that consent at any time. Withdrawal of consent will not affect any processing of your data before we received notice that you wished to withdraw consent.
Right to lodge a complaint with the data protection authority:
If you have a concern about our privacy practices, including the way we handled your Personal Data, you can report it to the data protection authority that is authorized to hear those concerns (in the UK, the Information Commissioner’s Office (ICO), who can be contacted at https://ico.org.uk/concerns
, and in other EU countries the data protection authority of the country in which you are located).
Transferring Your Data
If you are an individual in the EU or UK, you can also contact DataRep, our Data Protection Representative, by emailing firstname.lastname@example.org or writing to DataRep, BPM 335368, 372 Old Street, EC1V 9AU, London, United Kingdom (referencing “Mixbook” or “Interactive Memories” in the body of the correspondence).