Date of Last Revision: May 25, 2018
- Understand what information we collect and how we collect, share, and use the information; and
- Make informed decisions when using the Services provided by Mosaic through its websites located at www.mixbook.com, www.montagebook.com, www.mixbook.com/mosaic and/or www.wedpics.com (the “Site”) and through its mobile applications and related Services (collectively, such Services, including any new features and applications and the Site, defined as the “Service(s)”).
Information We Collect and How We Use It
When you visit or use the Service, we collect the following data directly from you, from third parties and automatically through our Service in order to provide our Services to you, to perform analytics for our business purposes, to advertise or market our Services to you, and/or to perform security, administrative or customer service activities.
Location and Localization
When you visit our Sites, we collect your IP address and information about your web browser and/or the app you are using to access our Services.
We use your IP address and browser locale to approximate your location. We use your location to select a default localized experience for you to show local currency, prices, promotional offers, language, date format, shipping options, ship time estimates, and holiday lists in calendars. You may choose a different localized experience within your account settings.
3rd Party Tracking Tools
We use 3rd party Services (e.g. Google Analytics) that collect your IP address, information about your web browser and/or the app you are using to access our Services, and details of what and when you’ve interacted with our Services and marketing promotions.
We use 3rd party services to better understand how you are using our Services and how we can improve. We also use them to measure and improve our marketing campaigns.
We use web browser cookies and other tracking methods to uniquely identify your browser session. We use your unique cookie before you are logged in to track and improve our Services and marketing campaigns. Once you are logged in, we use browser cookies to keep you logged in.
We collect your name, email address, and encrypted password. If you log in using a 3rd party Service (e.g. Facebook) we store your identifier for that Service.
We use your name in order to personalize our communication with you. We use your email address as your login name and to communicate with you as well as send you updates, promotions, special offers, surveys and communications about your activity on our Service such as order confirmation and shipping emails. We use your encrypted password and/or your 3rd party ID to verify that the person trying to login is you and not someone else.
We collect the date you created your account, the dates you’ve logged into your account, and the dates you logged out or your session automatically expired. We also collect whether you logged in using your Mosaic login name or using a 3rd party Service, e.g. Facebook.
We use this data to help us understand how you are using our Services, to improve our Services, to customize special offers, and to improve security.
Log Data and Analytics
We collect IP address, information about your web browser and/or the app you are using to access our Services, and details of what and when you’ve interacted with our Services and marketing promotions.
We use your IP address in our logs which track all activity on our site. We use our logs to help us understand how you are using our Services, to help us troubleshoot and fix problems you may be experiencing, to improve the site experience and for legal and security compliance purposes.
We collect your photos, drawings, text, event dates, addresses, favorite themes, and project designs in the course of your uploading of photos and creating your projects.
We use this data to enable the creation and editing of your projects, for displaying thumbnails to you on the site (e.g. in the shopping cart), to personalize marketing emails to you, for detecting and fixing issues before your order is manufactured, and for manufacturing the final product that we ship to you.
We collect and access your personal data when you reach out to our customer support team for help via email, chat, or phone. We will never ask for you password or financial information and you should not share your password or financial information with anyone.
We use the data we collect and access to help troubleshoot and resolve any issues that you may have with our Service.
We collect credit card information, billing address, shipping address, shipping speed, and item quantity when you place an order. We use this data to charge you for the products you ordered, manufacture them, and ship them.
Mosaic does not store full credit card data. If you elect to store a Payment Method with us, that Payment Method will be stored by a payment service provider under contract with us. The storing payment service provider will be required to comply with the Payment Card Industry Data Security Standard (PCI DSS).
We collect text and/or multiple choice form feedback from our customers via email, chat, web forms, and physical mail. We use this data to improve our Services and troubleshoot specific issues you may be encountering.
Social Media Integrations
At your request, we collect the email addresses of other people you wish to share your projects with. We use those emails to send them an invitation to view and edit your project.
WedPics Website and Mobile Application (“WedPics”)
Name and Profile Picture. Our mobile application WedPics and its associated website are designed to make it easy for you to find and connect with others. For this reason, your name and profile picture do not have privacy settings. If you are uncomfortable with sharing your profile picture, you should delete it (or not add one).
Contact Information. Your contact information settings control who can contact you on WedPics, and who can see your contact information such as your media. Remember that none of this information is required except for your email address, and you do not have to share your email address with anyone.
User Content. When uploading a photo, you can control exactly who can see it by selecting the event in which it will be stored. The specified event will determine who will be able to see your media.
Other. Here are some other things to remember:
- Some of the content you share and the actions you take will be displayed on WedPics and be visible to your contacts or other WedPics users and third-party partners.
- Even after you remove information from your profile or delete your account, copies of that information may remain viewable elsewhere to the extent it has been shared with others, it was otherwise distributed pursuant to your privacy settings, or it was copied or stored by other users.
- You understand that information might be reshared or copied by other users and displayed by third-party partners of the Website.
- If you use an external source to publish information to WedPics (such as a mobile application or another website), you should check the privacy setting for that post, as it is set by that external source.
Sharing Your Information With Third Parties
For example: when you place an order for a printed copy of a project through the Service, your billing information is transmitted to a third-party credit card processor and your shipping information is transmitted to a third-party printer to be printed, bound, and shipped to you. In addition, if you elect to permit your credit card or other billing information to be saved, that information will be transmitted to a third-party credit card processor and stored by such third-party credit card processor for the purpose of completing purchases you make in connection with the Service.
We share data with third parties in connection with advertising, retargeting and analytics on behalf of Mosaic. Under no circumstances do we rent, trade or share your address or e-mail address with any other company for their marketing purposes without your consent.
We may be required to disclose user information pursuant to lawful requests, such as subpoenas, law enforcement investigations, or court orders, or in compliance with applicable laws. We also may release information to protect our rights, property, or other interests, including those of our customers or other third parties or to prevent illegal activities or violations of the Mosaic Terms of Service. This may include sharing information with other companies, lawyers, agents, or government agencies.
Transferring Your Data
Mosaic is headquartered in the United States. We have operations and service providers in the United States and throughout the world. As such, we and our service providers may transfer your personal information to, or access it in, jurisdictions (including the United States) that may not provide equivalent levels of data protection as your home jurisdiction. These countries may not have the same data protection laws as the country in which you initially provided the information. By providing your Personal Information to the Service, you consent to any transfer and processing in accordance with this Policy.
Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. If the provider is not EU-US Privacy Shield certified, we may use the EU Model Clauses. We are applying for certification with the U.S. Department of Commerce under the EU - U.S. Privacy Shield Framework.
Some of our external third-party providers are based outside of the EEA, so their processing of data will involve a transfer of data outside the EEA.
We will only keep your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they stop being customers for tax purposes.
We also make a promise to you that you can come back at any time in the future and re-order products you have ordered from us in the past or utilize photos and other content you have uploaded to the service to create and order additional products. So, unless you actively delete this information, we keep it, so we can keep our promise to you.
In some circumstances you can ask us to delete your data; see Your Rights and Choices below for further information.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
Mosaic is not intended to be used by children, and we do not knowingly collect personally identifiable information from children under 13 (16 in the EU). The Children's Online Privacy Protection Act (COPPA) defines personal information as "individually identifiable information," including things like a first and last name, a street address, an email address, or a telephone number. COPPA places requirements on websites that collect such information from children.
You must be at least 13 years or older (16 in the EU) to register and use the Service. If you are under the age of 13 (16 in the EU), you must use an account created by a parent or guardian, and you must have the explicit permission of a parent or guardian to use the Service.
In the event that we learn that we have collected personal information from a child under age 13 (16 in the EU), we will take appropriate steps to delete that information. If you become aware or believe that a child has provided us with personal information, please contact us as provided in the Contact Us section.
We recommend that minors over the age of 13 (16 in the EU) ask their parents before sending any information about themselves to anyone over the internet.
Mosaic takes precautions to protect our users’ Personal Information: your account information is located on a secured server behind a firewall, and we utilize other physical, electronic and procedural safeguards to protect the security and confidentiality of the information we have collected and to prevent the unauthorized access to or disclosure of your information.
However, no precautions are 100% effective. As a result, Mosaic does not guarantee that Personal Information you provide to us will remain secure. In the event we become aware that the security of the sites has been compromised or users' personal information has been disclosed to unrelated third parties as a result of external activity, including, but not limited to, security attacks or fraud, we reserve the right to take reasonably appropriate measures, including, but not limited to, investigation and reporting, as well as notification to and cooperation with data protection and law enforcement authorities.
Email and instant messaging including chat are not recognized as secure communications, we request that you not send private information to us by email or instant messaging Services. If you have any questions about the security of the Mosaic Web Site, please contact us at firstname.lastname@example.org.
Your Rights and Choices
Correcting Errors in Personal Data
To correct errors in your personal data, access the setting menu on our website or within the app and make your corrections. If there’s any data you want to correct that you cannot update through our website or apps, please email email@example.com and we are happy to make the update for you.
Downloading Personal Data
If you wish to download your personal data, email firstname.lastname@example.org.
Deleting Personal Data
If you wish to delete your account and the data associated with it, email email@example.com. Please note that even after your account is deleted, we keep records of your past orders and other data necessary for financial, legal, and tax compliance.
Contacting our Data Protection Officer
To reach our Data Protection Officer with a question or concern about your data, or about your privacy including your rights under GDPR, please email firstname.lastname@example.org.
You have the right to access and/or take your data at any time. You may contact our Data Protection Officer at email@example.com to request a copy of your personal data and can ask for a copy of personal data be provided in machine readable form.
Legal Basis for Processing Personal Information (European Economic Area)
If you wish to learn more about specific legal grounds we rely on to process your information for any particular purpose (including any legitimate interests we have to process this information), please contact us as provided under the Contact Us section. For example, we rely on our legitimate interests to process information for direct marketing purposes and for fraud prevention and detection, provided these interests are not overridden by your data protection interests or fundamental rights and freedoms.
Your Data Protection Right (European Economic Area)
In some regions, such as the EEA, you may have certain rights in relation to your personal information, including the right to access, correct, update, or request deletion of your personal information. We takes reasonable steps to ensure that the data we collect is reliable for its intended use, accurate, complete, and up to date. You also can manage your profile and settings within your account settings. However, if you are not a user of our Services and you want to contact us directly about accessing, correcting, updating, or deleting your personal information, or altering your data or marketing preferences, you can do so at any time by contacting as provided in the Your Rights and Choices section. We will consider your request in accordance with applicable laws.
You can object to processing of your personal information, ask us to restrict processing of your personal information, or request portability of your personal information. Again, you can exercise these rights by contacting us as provided in the Your Rights and Choices section.
You can complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority. Contact details for data protection authorities in the EEA and Switzerland are available here.
Similarly, if we have collected and processed your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. We may ask you to verify your identity in order to help us respond efficiently to your request.