Your privacy is a great responsibility
We want you to feel comfortable when using www.fancify.com (our website) and fancify our software (that you use on your website) and not have to worry about the security of your data. That is why data privacy is an integral part of our philosophy.
In this Privacy Policy, you will find all the information about which Personal Data we collect and process and for what purpose. Equally, we will also inform you of your data protection rights and how you can assert them.
The fancify Privacy Policy
Hello. Here's how we protect your data and respect your privacy.
General Principles
What is Personal Data?
Personal Data is any information relating to an identified or identifiable natural person. This includes, for example, name or address data, telephone number, mobile number, or online identifiers such as your device id and your IP address.
What is processing?
"Processing" means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means. The term is broad and covers virtually any handling of data.
Who is responsible for data processing?
The responsible party for data processing is Fancify LLC, located at 8 The Green, #6380, Dover, DE 19901 (“Fancify”, “we”, “us”, or “our”).
Questions?
If you have any questions or if you wish to exercise your rights, please contact us by email using hello [at] fancify.com.
What law applies?
Our use of your Personal Data is subject to the:
- Delaware Personal Data Privacy Act (“DPDPA”)
- Canada Personal Information Protection and Electronic Documents Act (the “PIPEDA”)
- California Consumer Privacy Act (“CCPA”) and the Privacy Rights and Enforcement Act (“CPRA”)
- the UK Data Protection Act (“DPA”); and
- the EU General Data Protection Regulation (“GDPR”),
and of course we process your Personal Data accordingly.
When can we process Personal Data?
In accordance with the above laws and good practice, we have to have at least one of the following to process your Personal Data:
- you have given your consent;
- the data is necessary for the fulfillment of a contract / pre-contractual measures;
- the data is necessary for the fulfillment of a legal obligation, or
- the data is necessary to protect our interests.
How long will you keep my data?
We process and store your Personal Data only for the period of time required to achieve the respective processing purpose or for as long as a legal retention period exists. Once the purpose has been achieved or the retention period has expired, the corresponding data is routinely deleted.
What Personal Data do we process?
Technical data
When you access our website, some access data is recorded automatically and stored in a log file on our website's server. This means if you browse and simply have a look at our website, we process:
- the IP address of your computer or device;
- the date and time of your access;
- the name and URL of the accessed file;
- the browser used;
- the amount of bytes transferred;
- the status of the page request;
- the session ID and
- the referrer URL.
The legal basis for processing is our legitimate interest.
Hosting
We use Firebase Hosting by Google for the purpose of hosting and displaying our website and SaaS. Google does so on our behalf, and that also means that all data collected on our website and SaaS is processed on Google's servers. The basis for processing is our legitimate interest, and the initiation and/or fulfillment of a contract.
Cookies
We use so-called cookies on our website. Cookies are pieces of information that are transmitted from our web server or third-party web servers to your web browser and stored there for later retrieval. Cookies may be small files or other types of information storage.
There are different types of cookies:
Essential cookies
Essential cookies are cookies to provide a correct and user-friendly website;
Non Essential cookies
Non-essential Cookies are any cookies that do not fall within the definition of essential cookies, such as cookies used to analyze your behavior on a website (“analytical” cookies) or cookies used to display advertisements to you (“advertising” cookies).
Essential Cookies
Essential cookies are cookies to provide a correct and user-friendly website;
Non-Essential Cookies
Non-essential Cookies are any cookies that do not fall within the definition of essential cookies, such as cookies used to analyze your behavior on a website (“analytical” cookies) or cookies used to display advertisements to you (“advertising” cookies).
We think it is important that you should have full control over your privacy online, we refrained from placing Non-essential Cookies and as such we are not required to obtain any consents. Nonetheless, this may change, and we ask you to regularly check this policy for any updates.
Contacting us
You can contact us in various ways and data is always collected in the process. You provide us with most of the data that we process when you contact us such as your name, and email address. This data is collected and processed exclusively for the purpose of contacting you and processing your request and then deleted again, provided that there is no legal obligation to retain it.
When using our Services
We process the personal data that arises when you use our services in order to provide our contractual services. This may include support, correspondence with you, invoicing, fulfillment of our contractual, accounting and tax obligations and other business obligations. Accordingly, the data is processed on the basis of the fulfillment of our contractual obligations and our legal obligations.
User Account
For this purpose, you can choose a password together with your email address. The legal basis for processing is our legitimate interest, the provision or initiation of a contractual service and your consent.
Alternatively, you are able to sign up using the convenience feature from Google or Facebook. For convenience login and sign up, you will be asked to provide your basic information (i.e., name, email address, and display picture) which is linked to your Google or Facebook account. When registering via convenience functions, you consent to certain data from your respective profile of being transferred to us.
When using our Software
If you wish to use our SaaS and its features, we process the Personal Data you provide. Depending on how you use our SaaS, you may integrate your Social Media accounts. While the integration is done using the Application Programming Interface (“API”) of the relevant Social Media account you wish to integrate, or via the API’s of the relevant email marketing platforms, the content integrated (such as your Posts, Videos, and Images) or distributed ( such as your marketing emails) is solely controlled by you. In this sense you have full control over how you use our SaaS and the Personal Data that is processed by us (“Service Data”). The legal basis is the provision of a contractual service.
We recognize that you own your Service Data. We provide you complete control of your Service Data by providing you the ability to (i) access your Service Data, (ii) share your Service Data through our SaaS. Where we process Service Data as Data Processor or in other words on behalf of you, we will process the Service Data involved in your use of our SaaS in accordance with your instructions and shall use it only for the purposes agreed between you and us.
We ensure that access by our employees to your data is only available on a need-to-know basis, restricted to specific individuals, and is logged and audited. We communicate our privacy and security guidelines to our employees and enforce privacy and protection safeguards strictly.
Some jurisdictions may require you to disclose your use of our SaaS as your processor in your privacy policy and/or data processing agreement as applicable. For this purpose all Service Data processed by us will be processed using Google’s Firestore Database (for data management) and Google’s Firebase Storage (for file storage and management) and take appropriate legal precautions and corresponding technical and organizational measures to ensure the protection of Service Data and Personal Data.
Further and if you are providing us with Personal Data relating to a third party, you agree a) that you have in place all necessary appropriate consents and b) that such third party has read this Privacy Policy. You agree to indemnify us in relation to all and any liabilities, penalties, fines, awards, or costs arising from your non-compliance with these requirements.
Support ticket
If you create a support ticket, we will request Personal Data and, where applicable, non-Personal Data in accordance with your request, this may include your name, email address and other order related data you voluntarily provide. The data provided is not shared with third parties and cannot read your data when it is entered. If you submit a support ticket, we process the data for the purpose of processing and handling your ticket.
Our employees will also have access to data that you knowingly share with us for technical support or to import data into our services. We communicate our privacy and security guidelines to our employees and enforce privacy safeguards strictly. The legal basis of the data processing is our obligation to fulfill the contract and/or our legitimate interest in processing your support ticket.
Payment Data
If you make a payment, your payment data will be processed via our payment service provider Stripe. Payment data will solely be processed by Stripe and we have no access to any Payment Data you may submit. The legal basis for the provision of a payment system is the establishment and implementation of the user contract for the use of the service.
What we DO NOT do
We do not sell your Personal Data or Service Data.
Personal Data
We do not sell anonymized Personal Data or Service Data.
Anonymized Data
We do not use Automated decision-making including profiling.
Automated decision-making
We do not request Personal Data from minors and children.
Minors and children
Data Sharing
In certain cases, it is necessary to transmit the processed Personal Data in the course of data processing. In this respect, there are different recipient bodies and categories of recipients.
Internal
If necessary, we transfer your Personal Data within Fancify. Of course, we comply with the associated legal framework and ensure that your data is processed properly. Access to your Personal Data is only granted to authorized employees who need access to the data due to their job, e.g., to provide our services or to contact you in case of queries.
External bodies
Personal Data is transferred to our service providers in the following instances:
- in the context of fulfilling our contract with you;
- to use marketing services and to advertise our services online;
- to communicate with you;
- to provide our website, and
- to state authorities and institutions as far as this is required or necessary.
International transfers
We may transfer your Personal Data to other companies as necessary for the purposes described in this Privacy Policy. In order to provide adequate protection for your Personal Data when it is transferred, we have contractual arrangements regarding such transfers. We take all reasonable technical and organizational measures to protect the Personal Data we transfer.
Security of your data
In order to protect the data stored with us in the best possible way against accidental or intentional manipulation, loss, destruction or access by unauthorized persons, we use appropriate technical and organizational security measures. The security levels are continuously reviewed in cooperation with security experts and adapted to new security standards.
Nevertheless, internet-based data transmissions can always have security gaps, so that absolute protection cannot be guaranteed. And databases or data sets that include Personal Data may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach, we will notify all affected individuals whose Personal Data may have been compromised as expeditiously as possible after which the breach was discovered.
And please remember:
- Unfortunately, no data transmission is guaranteed to be 100% secure.
- You are responsible of your username and password: keep them secret and safe!
- If you believe your privacy has been breached, please contact us immediately.
Marketing
Insofar as you have given us your separate consent to process your data for marketing and advertising purposes, we are entitled to contact you for these purposes via the communication channels you have given your consent to.
Your Rights and Privileges
Under the DPDPA, DPA and GDPR, you have the following rights:
- The right to access;
- The right to rectification;
- The right to erasure;
- The right to restrict processing;
- The right to object to processing;
- The right to data portability;
- The right to complaint to a supervisory authority
Under the PIPA, you have the following rights:
- Right to be informed;
- Right to access;
- Right to rectification;
- Right to erasure;
- Right to object/opt-out;
- Right to Consent;
- Right to Redressal
Under the CCPA and the CPRA you have the following rights:
- Right to Know/Access;
- Right to Delete;
- Right to Opt-out of Sale;
- Right to Non-Discrimination;
- Right to Rectification;
- Right to Limit Use and Disclosure of Sensitive Personal Information
Further, California’s “Shine the Light” law (Civil Code Section 1798.83) requires us to respond to requests from California asking about the business’s practices related to disclosing Personal Information to third parties for the third parties’ direct marketing purposes. You may make a request about our collection and disclosure of your Personal Information using the contact details provided.
Updating your information
If you believe that the information we hold about you is inaccurate or request its rectification, deletion, or object to its processing, please do so in your account or by contacting us.
Withdrawing your consent
You can withdraw consents you have given at any time by contacting us.
Access Request
In the event you want to make a Data Subject Access Request, please contact us. We will respond to requests regarding access and correction as soon as reasonably possible. Should we not be able to respond to your request within thirty (30) days, we will tell you why and when we will be able to respond to your request. If we are unable to provide you with any Personal Data or to make a correction requested by you, we will tell you why.
Other Relevant Laws
COPPA (Children Online Privacy Protection Act)
In conformity with the Children’s Online Privacy Protection Act (COPPA), we do not specifically market to children under the age of 13 years old.
CAN SPAM Act
To be in accordance with CAN SPAM, we agree to unsubscribe you promptly from ALL our marketing correspondence upon receiving your request.
Telephone Consumer Protection Act (TCPA)
If we send you SMS marketing communications, you may manage your receipt of marketing and non-transactional communications from us by replying or texting ‘STOP’.
Controls For Do-Not-Track Features
As there is no uniform technology standard for recognizing and implementing Do-Not-Track ('DNT') signals has been finalized, our website does not currently respond to DNT signals. If a standard is adopted we will inform you about that practice in a revised version of this section.
Validity and Questions
This Privacy Policy was last updated on Wednesday, April 4th, 2024, and is the current and valid version. However, from time to time changes or a revision to this policy may be necessary. If you feel that the above is not sufficient or if you have any queries as regards the collection, processing or use of your Personal Data, we are looking forward to hearing from you. We will make every effort to reply as soon as possible and take into consideration any suggestions from your end.