1. General
This Privacy Statement explains how PastBook B.V. (“we” or “us”) collects, stores, uses, transfers, and shares Personal Data from our users (“you”) in connection with the PastBook mobile iOS application (“the App”) and PastBook.com (“the Website”).
2. What Personal Data do we collect?
In order to use the App and/or the Website and to provide you with the Services as defined in our Terms and Conditions we process the following categories of personal data:
2.1 In order for you to use the App and create and purchase your personalised photobook, we need to process the following categories of Personal Data:
– Images and Albums stored on your iOS device to create your photo book
– Your location data (optional depending on whether you choose to provide the App access to your current location) to increase the efficiency of creating your photo book
– Your contact information (name, address, zip code, phone number, email) to ship your photo book to your shipping address
– Your payment information (payment data and/or credit card) to process the payment and conclude the sale
2.2 In order for you to use the Website and create and purchase your personalised photobook and/or any photo products, we need to process the following categories of Personal Data:
– Contents from your Instagram, or Facebook profile as well as photos from your devices as well as content from other social network and storage services thru the integration of our partner Ink FilePicker inc.
– Your contact information (name, address, zip code, phone number, email) to ship your order to your shipping address
– Your payment information (payment data and/or credit card) to process the payment and conclude the sale
2.2 We may collect aggregated data when you are using our App and/or the Website. This can be:
– Frequency of use of the App and/or the Website
– Geographic information of App and/or the Website users
– Usage patterns of the App and/or the Website
3. How we use your Personal Data
PastBook will not collect or use your personal data without informing you. So, for any purpose of processing your personal data, we need to have some valid ground or so-called “legal basis”.
Depending on the case, we will process your personal data based on the following legal bases:
3.1 Your contractual relationship with us. We process your personal data related to your user account and to support you in compiling and producing a photobook based on the images stored on your device and deliver the photobook to you. We also process your personal data related to payments made to us.
3.2 Your consent. When compiling your personalised photobook in the App, you have the option to generate a photobook using your current location. This is not necessary to compile a photobook, but it can help you filter images based on your current location. Should you choose to use this option, the App will ask your consent to process your current location. If you have given your consent for this processing activity, you have the possibility to revoke it again. This can be done in the settings on your iOS device.
3.3 Legitimate Interest. We may process some of your personal data to pursue commercial interests, such as to inform you on offers similar to the photobook you have purchased via email or push notifications. Should you not wish to receive these types of emails, you can unsubscribe by clicking the unsubscribe button in any email or contact us directly. You can also opt out of receiving push notifications via the setting on your iOS device.
3.4 PastBook also processes personal data in an aggregated form provided via third-party SDK’s (software development kits), such as Google Analytics/Firebase and Appsflyer. An SDK is part of the source code of the App and the Website. The SDK is used to analyse how the App and the Website are used and provide us statistical insights in the data and insights into the business performance of the App and the Website. For example, statistical information about crashes of the App and the Website, attributes, and events of certain groups of individuals, and demographic information. Thanks to IP address anonymisation, the data collected by these SDKs cannot be traced back to individual users.
4. Securing your data
4.1 It is of great importance to us to protect your personal data. Therefore, we take precautions which include, but are not limited to the following: the personal data we receive from you is located on a secured server behind a firewall, and we utilize other physical, electronic, and procedural safeguards to protect the security and confidentiality of the information we have collected and to prevent unauthorised access to or disclosure of your information.
4.2 It is important for you to know that the compilation of your photobook when using the App takes place locally on your iOS device. Only in the case where you choose to purchase your personalised photobook by clicking the purchase button in the App, the images are transmitted from your device to our secured servers via an encrypted communication channel.
5. Data retention
PastBook will retain copies of your personal data in a form that allows for identification only for as long as:
5.1 (i) It is required by law. For example, we are obligated to retain certain personal data regarding our customers under Dutch tax law, such as orders, invoices, and payment data for a period of seven years;
5.2 (ii) We maintain an ongoing relationship with you. For example, where you are included in our mailing list and have not unsubscribed. We retain your data for 1 year after the relationship has ended or immediately when you have requested the deletion of your data;
5.3 (iii) Your personal Data is necessary in connection with the purposes set out in this privacy statement and we have a valid legal basis.
6. Third parties & PastBook
To provide PastBook’s product, personal data might be disclosed to a number of recipients. The following recipients could receive your personal data:
6.1 Third parties to provide us insights in the business performance of the App and the Website: Google Analytics/ Firebase, AppsFlyer and Facebook Ads conversion tracking (Facebook pixel).
6.2 Third parties that support us with sending push notifications to your device and emails : Customer.io and Sendgrid.
6.3 Third parties that support us with our marketing and remarketing efforts : Criteo, Google AdSense and Facebook Remarketing.
6.4 Third parties that support us with accessing to third-party accounts : Facebook account access and Stripe account access.
6.5 Heat mapping and session recording : Hotjar Heats Maps & Recordings.
6.6 Content commenting : Facebook Comments.
6.7 Commercial affiliation : ShareAsale and ReferralCandy.
6.8 Reviews publishing : Trustpilot.
6.9 Tag Management : Google Tag Manager.
6.10 Transferring the images from your device to a storage and processing location: Filestack.
6.11 Storage and processing: Amazon AWS.
6.12 Third parties to facilitate payments: PayPal, Adyen, Stripe.
6.13 Software for customer support: Zendesk.
6.14 Printing partners and connected printing facilities.
7. Storage and international data transfers
We may transfer your personal information to parties outside the European Economic Area under certain circumstances. In that event, we will take suitable measures with these parties, for example by agreeing to the standard contractual clauses adopted by the European Commission.
8. Your rights as a data subject
Under the GDPR, you have various rights to request from PastBook:
8.1 You have the right to access and receive a copy of your personal data, and other supplementary information.
8.2 You have the right to rectification of inaccurate personal data concerning you.
8.3 Under certain circumstances, you have the right to have your personal data erased.
8.4 Under certain circumstances, you have the right to request the restriction of the processing.
8.5 You have the right to receive your personal data which you have provided to us from PastBook in a structured, commonly used, and machine-readable format.
8.6 Under certain circumstances you can object to the processing of your personal data.
9. How to exercise your privacy rights?
9.1 Contact us at [email protected] to exercise any of your privacy rights. We will ensure to get back to you in 30 days. Due to the complexity of some cases, this can take us 90 days. We will ensure to inform you about this as well.
9.2 If you have a concern about our privacy practices, including the way we handled your personal data, you can report this to the data protection authority in your country of residence or to the Dutch Data Protection Authority (by following this link).
9.3 If we change the way we handle your personal data, we will update this statement. We reserve the right to make changes to our practices and this statement at any time, please check back frequently to see any updates or changes to our statement.
9.4 If you wish to exercise your right to have your personal data removed from our records, you may do so by following our Data Deletion Request process. Detailed instructions can be found at https://www.pastbook.com/legal/data-deletion-request/
9.5 Contact information:
PastBook B.V., Overhoeksplein 3, 1031KS Amsterdam, the Netherlands. [email protected]
9.6 Effective date of this privacy statement: 01-April-2021.