Effective as of January 1, 2020.
We provide important information for California residents
Table of Contents
- Personal information we collect
- How we use your personal information
- How we share your personal information
- Your choices
- Other sites and services
- International data transfer
- How to contact us
- Important information for California residents
Personal information we collect
Information you provide to us. The personal information you may provide to us through the Service or otherwise includes:
- Contact data, such as your first and last name, email and mailing addresses, residence, postal code, phone number, professional title, and organizational affiliation.
- Profile data, such as your username and password that you set to establish an online account with us, age, gender, biographical details, photograph, links to your profiles on various third party sites including social network preferences.
- Identity data that we collect to conduct identity verification and security checks such as a social security number, tax identification number, passport number, state or local identification number.
- Communications that we exchange, including when you contact us with questions, feedback, or otherwise.
- Transactional data, such as the information needed to complete your orders and/or payments on or through the Service (including name, credit card information, bank account number, billing and shipping information, insurance information), and information about payments to and from you and other details of products or services you have purchased from us.
- Marketing data, such as your preferences for receiving communications about our products, activities, events, and publications, and details about how you engage with our communications.
Data from other sources. We obtain personal information from other sources, such as:
- Users, including influencers or customers, who can provide ratings and feedback on their experiences through the Services.
- Screening providers, such as providers of background check, credit check, or other screening services.
- Data providers, such as information services and data licensors that provide demographic and other information
- Public sources, such as social media platforms.
Automatic data collection. We, our service providers, and our business partners may automatically log information about you, your computer or mobile device, and your activity over time on our sites and other sites and online services, such as:
- Device data, such as your computer or mobile device operating system type and version number, manufacturer and model, browser type, screen resolution, IP address, IP address, unique identifiers, the website you visited before browsing to our website, and general location information such as city, state or geographic area.
- Online activity data, such as pages or screens you viewed, how long you spent on a page or screen, navigation paths between pages or screens, information about your activity on a page or screen, access times, and duration of access.
- Precise geolocation data, such as when you authorize our mobile application to access your location.
Cookies. Some of our automatic data collection is facilitated by:
- Cookies, which are text files that websites store on a visitor‘s device to uniquely identify the visitor’s browser or to store information or settings in the browser for the purpose of helping you navigate between pages efficiently and remembering your preferences, enabling functionality, helping us understand user activity and patterns, and facilitating online advertising.
- Web beacons, also known as pixel tags or clear GIFs, which are typically used to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked, typically to compile statistics about usage of websites and the success of marketing campaigns.
- Software development kits, or SDKs, which are used to incorporate third party computer code into our App that allows our third-party service providers or advertising partners to collect data directly from it for a variety of purposes, including to provide us with analytics regarding the use of the App, to integrate with social media, add features or functionality to our app, or to facilitate online advertising.
We use your personal information for the following purposes or as otherwise described at the time we collect it:
Service Delivery. We use your personal information to:
- provide, operate and improve the Service and our business;
- conduct background checks and other screens permitted by law;
- establish and maintain your user profile on the Service, including allowing users to view profiles;
- process provider payments and related tax filings;
- enable security features of the Service, such as by sending you security codes via email or SMS, and remembering devices from which you have previously logged in;
- communicate with you about the Service, including by sending announcements, updates, security alerts, and support and administrative messages;
- understand your needs, interests, and massage preferences, and personalize your experience with the Service and our communications; and
- provide support for the Service and respond to your requests, questions, and feedback.
Research and development. We may use your personal information for research and development purposes, including to analyze and improve the Service and our business. As part of these activities, we may create aggregated, de-identified or other anonymous data from the personal information we collect. We make personal information into anonymous data by removing information that makes the data personally identifiable to you. We may use this anonymous data and share it with third parties for our lawful business purposes, including to analyze and improve the Service and promote our business.
Marketing and advertising. We and our third-party advertising partners may collect and use your personal information for marketing and advertising purposes:
- Direct Marketing. We may send you Stori-related or other direct marketing communications as permitted by law, including by email and mail. You may opt-out of our marketing communications as described in the Opt-out of marketing section below.
Compliance and protection. We may use your personal information to:
- comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities;
- protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims);
- audit our internal processes for compliance with legal and contractual requirements and internal policies;
- enforce the terms and conditions that govern the Service; and
- prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.
How we share your personal information
Service providers. Companies and individuals that provide services on our behalf or help us operate the Service or our business (such as IT, hosting, customer relationship management and support, print and mail fulfillment, data management, email delivery, marketing, website analytics, and providers of background, credit, and other screening services).
Advertising partners. Third-party advertising companies that collect information about your activity on the Site and other online services to help us advertise our services, and/or use hashed customer lists that we share with them to deliver ads to them and similar users on their platforms.
Professional advisors. Professional advisors, such as lawyers, auditors, and insurers, where necessary in the course of the professional services that they render to us.
Authorities and others. Law enforcement, government authorities, and private parties, as we believe in good faith to be necessary or appropriate for the compliance and operations purposes described above.
Business transferees. Relevant participants in business transactions (or potential transactions) involving a corporate divestiture, merger, consolidation, acquisition, reorganization, sale or other disposition of all or any portion of the business or assets of, or equity interests in, Stori or our affiliates (including, in connection with a bankruptcy or similar proceedings).
Please keep in mind that whenever you voluntarily make your personal information available for viewing by third parties on our Service, that information can be seen, collected and used by others besides us. We cannot be responsible for any unauthorized third-party use of such information.
You have the following choices with respect to your personal information.
Access or update your Information. If you have registered for an account with us, you may review and update certain account information by logging into the account.
Opt-out of marketing communications. You may opt-out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email, or by contacting us. You may continue to receive service-related and other non-marketing emails. If you receive marketing text messages from us, you may opt-out of receiving further marketing text messages from us by replying STOP to our marketing message.
Cookies. Most browsers let you remove and/or stop accepting cookies from the websites you visit. To do this, follow the instructions in your browser’s settings. Many browsers accept cookies by default until you change your settings. If you do not accept cookies, however, you may not be able to use all functionality of the Service and our Site may not work properly. For more information about cookies, including how to see what cookies have been set on your browser and how to manage and delete them, visit www.allaboutcookies.org. We use Google Analytics to help us understand user activity and patters on the Sites. You can learn more about Google Analytics cookies at https://developers.google.com/analytics/resources/concepts/gaConceptsCookies and about how Google protects your data at http://www.google.com/analytics/learn/privacy.html. You can prevent the use of Google Analytics relating to your use of our Sites by downloading and installing a browser plugin available at https://tools.google.com/dlpage/gaoptout?hl=en.
Privacy settings and location data. Users of our App can disable our access to their device’s precise geolocation in their mobile device settings.
Interest-based advertising. Some of our advertising partners are members of the Network Advertising Initiative (NAI) and are subject to the Self-Regulatory Principles for Online Behavioral Advertising published by the Digital Advertising Alliance (DAA). You can obtain more information about these companies’ information collection practices, and opt-out of receiving interest-based advertising from participating NAI and DAA members at http://www.networkadvertising.org/managing/opt_out.asp and/or the DAA’s website at optout.aboutads.info. Mobile app users may opt-out of receiving interest-based advertising in mobile apps provided by participating members of the Digital Advertising Alliance by installing the AppChoices mobile app, available at https://www.youradchoices.com/appchoices. You can also limit the collection of your information for interest-based ads by blocking third party cookies in your browser settings or using privacy plug-ins or ad-blocking software that help you block third party cookies. In addition, your mobile device settings may provide the functionality to limit use of the advertising ID associated with your mobile device for targeted online advertising purposes. If you opt-out of interest-based advertisements, you will still see advertisements online but they may be less relevant to you.
Please note that we also may work with companies that offer their own opt-out mechanisms or do not participate in the opt-out mechanisms described above. Even after using these opt-out mechanisms, you may receive interest-based advertising from other companies.
Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” or similar signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.
Declining to provide information. We need to collect personal information to provide certain services. If you do not provide the information requested, we may not be able to provide those services.
Third-party platforms. If you choose to connect to the Service through your social media account, you may be able to use your settings in your account with that platform to limit the information we receive from it. If you revoke our ability to access information from a third party platform, that choice will not apply to information that we have already received from that third party.
Other sites and services
The Service may contain links to websites, mobile applications, and other online services operated by third parties. These links are not an endorsement of, or representation that we are affiliated with, any third party. In addition, our content may be included on web pages, mobile applications or other online services that are not associated with us. We do not control websites, mobile applications or online services operated by third parties, and we are not responsible for their actions.
We employ a number of technical, organizational and physical safeguards designed to protect the personal information we collect. However, a security risk is inherent in all internet and information technologies and we cannot guarantee the security of your personal information.
International data transfer
We are headquartered in the United States and may use service providers that operate in other countries. Your personal information may be transferred to the United States or other locations where privacy laws may not be as protective as those in your state, province, or country.
The Service is not intended for use by children under 16 years of age. If we learn that we have collected personal information from a child under 16 without the consent of the child’s parent or guardian as required by law, we will delete it.
How to contact us
- Email: firstname.lastname@example.org
- Mail: Stori Media Networks, Inc., 25133 Avenue Tibbitts, Suite: J , Valencia CA, 91355
Scope. This section applies only to California residents. It describes how we collect, use and share Personal Information of California residents when we act as a “business” as defined under the California Consumer Privacy Act of 2018 (“CCPA”), and their rights with respect to their Personal Information. For purposes of this section, “Personal Information” has the meaning given in the CCPA but does not include information exempted from the scope of the CCPA or information we collect from you in the course of providing services to you or receiving services from you where you are an employee, controlling owner, director, officer or contractor of a company, partnership, sole proprietorship, non-profit or government agency. In some cases, we may provide a different privacy notice to certain categories of California residents, such as job applicants, in which case that notice will apply instead of this section.
Your California privacy rights. As a California resident, you have the rights listed below. However, these rights are not absolute, and in certain cases we may decline your request as permitted by law.
- Information. You can request the following information about how we have collected and used your Personal Information during the past 12 months:
- The categories of Personal Information that we have collected.
- The categories of sources from which we collected Personal Information.
- The business or commercial purpose for collecting and/or selling Personal Information.
- The categories of third parties with whom we share Personal Information.
- Whether we have disclosed your Personal Information for a business purpose, and if so, the categories of Personal Information disclosed to each category of third party recipient.
- Whether we’ve sold your Personal Information, and if so, the categories of Personal Information received by each category of third party recipient.
- Access. You can request a copy of the Personal Information that we have collected about you during the past 12 months.
- Deletion. You can ask us to delete the Personal Information that we have collected from you.
- Nondiscrimination. You are entitled to exercise the rights described above free from discrimination in the form of legally prohibited increases in the price or decreases in the quality of our Service.
We do not sell your personal information
How to exercise your rights
Starting January 1, 2020, you may exercise your right to information, access or deletion by :
- visiting https://stori.cloud
- emailing email@example.com
NOTE: THESE ARE NOT FUNCTIONAL UNTIL JANUARY 1, 2020
We reserve the right to confirm your California residency to process your requests and will need to confirm your identity to process your requests to exercise these rights. Government identification may be required. You may designate an authorized agent to make a request on your behalf. In order to designate an authorized agent to make a request on your behalf, you must provide a valid power of attorney, the requester’s valid government-issued identification, and the authorized agent’s valid government-issued identification. We cannot process your request if you do not provide us with sufficient detail to allow us to understand and respond to it.
Personal information that we collect, use and disclose
|Statutory category of personal information (PI)||PI we collect in this category (See “Personal information we collect” above for description)||Source of PI|
|Identifiers (excluding online identifiers)||
|Internet or Network Information||
|Inferences||May be derived from your:
|Professional or Employment Information||
|Protected Classification Characteristics||
Important information for EU residents
The EU General Data Protection Regulation (“GDPR”) comes into force across the European Union on 25th May 2018 and brings with it the most significant changes to data protection law in two decades. Based on privacy by design and taking a risk-based approach, the GDPR has been designed to meet the requirements of the digital age.
The 21st Century brings with it broader use of technology, new definitions of what constitutes personal data, and a vast increase in cross-border processing. The new Regulation aims to standardise data protection laws and processing across the EU; affording individuals stronger, more consistent rights to access and control their personal information.
Stori Media Network Inc. (‘we’ or ‘us’ or ‘our’) are committed to ensuring the security and protection of the personal information that we process, and to provide a compliant and consistent approach to data protection. We have always had a robust and effective data protection program in place which complies with existing law and abides by the data protection principles. However, we recognise our obligations in updating and expanding this program to meet the demands of the GDPR and the [UK’s Data Protection Bill/insert relevant country DP law].
Stori Media Network Inc. is dedicated to safeguarding the personal information under our remit and in developing a data protection regime that is effective, fit for purpose and demonstrates an understanding of, and appreciation for the new Regulation. Our preparation and objectives for GDPR compliance have been summarised in this statement and include the development and implementation of new data protection roles, policies, procedures, controls and measures to ensure maximum and ongoing compliance.
How We are Preparing for the GDPR
Stori Media Network Inc. already has a consistent level of data protection and security across our organisation, however it is our aim to be fully compliant with the GDPR by [1st May 2019]. Our preparation includes: –
- Information Audit – carrying out a company-wide information audit to identify and assess what personal information we hold, where it comes from, how and why it is processed and if and to whom it is disclosed.
- Policies & Procedures – [revising/implementing new] data protection policies and procedures to meet the requirements and standards of the GDPR and any relevant data protection laws, including: –
- Data Protection – our main policy and procedure document for data protection has been overhauled to meet the standards and requirements of the GDPR. Accountability and governance measures are in place to ensure that we understand and adequately disseminate and evidence our obligations and responsibilities; with a dedicated focus on privacy by design and the rights of individuals.
- Data Retention & Erasure – we have updated our retention policy and schedule to ensure that we meet the ‘data minimisation’ and ‘storage limitation’ principles and that personal information is stored, archived and destroyed compliantly and ethically. We have dedicated erasure procedures in place to meet the new ‘Right to Erasure’ obligation and are aware of when this and other data subject’s rights apply; along with any exemptions, response timeframes and notification responsibilities.
- Data Breaches – our breach procedures ensure that we have safeguards and measures in place to identify, assess, investigate and report any personal data breach at the earliest possible time. Our procedures are robust and have been disseminated to all employees, making them aware of the reporting lines and steps to follow.
- International Data Transfers & Third-Party Disclosures – where Stori Media Network Inc. stores or transfers personal information outside the EU, we have robust procedures and safeguarding measures in place to secure, encrypt and maintain the integrity of the data. Our procedures include a continual review of the countries with sufficient adequacy decisions, as well as provisions for binding corporate rules; standard data protection clauses or approved codes of conduct for those countries without. We carry out strict due diligence checks with all recipients of personal data to assess and verify that they have appropriate safeguards in place to protect the information, ensure enforceable data subject rights and have effective legal remedies for data subjects where applicable.
- Subject Access Request (SAR) – we have revised our SAR procedures to accommodate the revised 30-day timeframe for providing the requested information and for making this provision free of charge. Our new procedures detail how to verify the data subject, what steps to take for processing an access request, what exemptions apply and a suite of response templates to ensure that communications with data subjects are compliant, consistent and adequate.
- Legal Basis for Processing – we are reviewing all processing activities to identify the legal basis for processing and ensuring that each basis is appropriate for the activity it relates to. Where applicable, we also maintain records of our processing activities, ensuring that our obligations under Article 30 of the GDPR and Schedule 1 of the Data Protection Bill are met.
- Privacy Notice/Policy – Our Privacy Notice(s) to comply with the GDPR, ensuring that all individuals whose personal information we process have been informed of why we need it, how it is used, what their rights are, who the information is disclosed to and what safeguarding measures are in place to protect their information.
- Obtaining Consent – We are consent mechanisms for obtaining personal data, ensuring that individuals understand what they are providing, why and how we use it and giving clear, defined ways to consent to us processing their information. We have developed stringent processes for recording consent, making sure that we can evidence an affirmative opt-in, along with time and date records; and an easy to see and access way to withdraw consent at any time.
- Direct Marketing – The wording and processes for direct marketing, including clear opt-in mechanisms for marketing subscriptions; a clear notice and method for opting out and providing unsubscribe features on all subsequent marketing materials.
- Data Protection Impact Assessments (DPIA) – where we process personal information that is considered high risk, involves large scale processing or includes special category/criminal conviction data; we have developed stringent procedures and assessment templates for carrying out impact assessments that comply fully with the GDPR’s Article 35 requirements. We have implemented documentation processes that record each assessment, allow us to rate the risk posed by the processing activity and implement mitigating measures to reduce the risk posed to the data subject(s).
- Processor Agreements – where we use any third-party to process personal information on our behalf (e. Payroll, Recruitment, Hosting etc), we have drafted compliant Processor Agreements and due diligence procedures for ensuring that they (as well as we), meet and understand their/our GDPR obligations. These measures include initial and ongoing reviews of the service provided, the necessity of the processing activity, the technical and organisational measures in place and compliance with the GDPR.
- Special Categories Data – where we obtain and process any special category information, we do so in complete compliance with the Article 9 requirements and have high-level encryptions and protections on all such data. Special category data is only processed where necessary and is only processed where we have first identified the appropriate Article 9(2) basis or the Data Protection Bill Schedule 1 condition. Where we rely on consent for processing, this is explicit and is verified by a signature, with the right to modify or remove consent being clearly signposted.
Data Subject Rights
In addition to the policies and procedures mentioned above that ensure individuals can enforce their data protection rights, we provide easy to access information via our website www.stori.cam of an individual’s right to access any personal information that Stori Media Network Inc. processes about them and to request information about: –
- What personal data we hold about them
- The purposes of the processing
- The categories of personal data concerned
- The recipients to whom the personal data has/will be disclosed
- How long we intend to store your personal data for
- If we did not collect the data directly from them, information about the source
- The right to have incomplete or inaccurate data about them corrected or completed and the process for requesting this
- The right to request erasure of personal data (where applicable) or to restrict processing in accordance with data protection laws, as well as to object to any direct marketing from us and to be informed about any automated decision-making that we use
- The right to lodge a complaint or seek judicial remedy and who to contact in such instances
Information Security & Technical and Organisational Measures
[Insert Organisation Name] takes the privacy and security of individuals and their personal information very seriously and take every reasonable measure and precaution to protect and secure the personal data that we process. We have robust information security policies and procedures in place to protect personal information from unauthorised access, alteration, disclosure or destruction and have several layers of security measures, including: –
[SSL, access controls, password policy, encryptions, pseudonymisation, practices, restriction, IT, login authentication]
GDPR Roles and Employees
Stori Media Network Inc. have designated Anis Momin as our [Data Protection Officer (DPO)/Appointed Person] to implement our roadmap for complying with the new data protection Regulation. The team are responsible for promoting awareness of the GDPR across the organisation, assessing our GDPR readiness, identifying any gap areas and implementing the new policies, procedures and measures.
Stori Media Network Inc. understands that continuous employee awareness and understanding is vital to the continued compliance of the GDPR and have involved our employees in our preparation plans. We have implemented an employee training program specific to the which will be provided to all employees prior to May 25th, 2018, and forms part of our induction and annual training program.
If you have any questions about our preparation for the GDPR, please contact: firstname.lastname@example.org