Skip links

The protection and security of your data is important to us. This privacy policy describes how we, Memorisation of [insert address] (“Memorisation”, “we” or “us”) collect, store and process information about individual visitors to our website www.memorisation.co.uk

This privacy policy only applies to website of Memorisation on which this privacy policy is stored or from which reference is made to this privacy policy by means of a link (hereinafter: “www.memorisation.co.uk”). This privacy policy does not apply to linked website that are not owned and controlled by Memorisation.

Commitment to data protection

Personal data is any information relating to personal or material circumstances that relates to an identified or identifiable individual. This includes, for example, your name, date of birth, e-mail address, postal address or telephone number as well as online identifiers such as your IP address. In contrast, information of a general nature that cannot be used to determine your identity is not personal data. This includes, for example, the number of users of a website.

In principle, we will only use your personal data in accordance with the applicable data protection laws, in particular the UK`s Data Protection Act 2018 (DPA), the General Data Protection Regulation (“GDPR”), and only as described in this privacy policy.

Our principles

Memorisation respects your right to privacy and is committed to the following key principles:

· We protect your privacy and aim to provide you with a service that is tailored to your needs.

· Personal data is collected for specific purposes based on your consent or a legitimate interest when you contact us.

· You have the right to information and access to your personal data at any time and may request its correction or deletion.

· We do not sell your personal data to third parties. However, if necessary and if explicitly mentioned afterwards or if you have consented, we may share your data with partners and other service providers. In this case, their own privacy policies may also apply.

· We take all reasonable measures to ensure the security and protection of your data from misuse.

Data Breaches/Notification

Databases or data sets that include Personal Data may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach, we will notify all affected individuals whose Personal Data may have been compromised, and the notice will be accompanied by a description of action being taken to reconcile any damage as a result of the data breach. Notices will be provided as expeditiously as possible after which the breach was discovered.

Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for processing operations involving personal data, Art. 6 (1) (a) GDPR serves as the legal basis.

When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.

Insofar as processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6 (1) (c) GDPR serves as the legal basis.

In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 (1) (d) GDPR serves as the legal basis.

If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override the former interest, Art. 6 (1) (f) GDPR serves as the legal basis for the processing.

Supplementary information on your right of objection

We would like to point out in addition that if your personal data is processed on the basis of legitimate interest within the framework of the balance of interests pursuant to Art. 6 (1) (f) GDPR and/or your personal data is processed for direct marketing purposes, you have the right to object to the processing of your personal data at any time.

General technical organisational measures

Memorisation has taken a variety of security measures to protect personal information to an appropriate extent and adequately. All information held by Memorisation is protected by physical, technical, and procedural measures that limit access to the information to specifically authorised persons in accordance with this Privacy Policy.

The Memorisation website is behind a software firewall to prevent access from other networks connected to the Internet. In addition, only employees who need the information to perform a specific job are granted access to personally identifiable information. These employees are trained in security and privacy practices and treat your information confidentially.

Your Rights

You have a number of ‘Data Subject Rights’ below is some information on what they are and how you can exercise them. There is more information on the Information Commissioners website (www.ico.org.uk).

• information about the processing of your personal data.

• obtain access to the personal data held about you.

• ask for incorrect, inaccurate or incomplete personal data to be corrected.

• request that personal data be erased when it’s no longer needed or if processing it is unlawful.

• object to the processing of your personal data for marketing purposes or on grounds relating to your particular situation.

• request the restriction of the processing of your personal data in specific cases.

• receive your personal data in a machine-readable format and send it to another controller (‘data portability’).

• request that decisions based on automated processing concerning you or significantly affecting you and based on your personal data are made by natural persons, not only by computers.

• You also have the right in this case to express your point of view and to contest the decision

• Where the processing of your personal information is based on consent, you have the right to withdraw that consent without detriment at any time through our contact form.

The above rights may be limited in some circumstances, for example, if fulfilling your request would reveal personal information about another person, if you ask us to delete information which we are required to have by law, or if we have compelling legitimate interests to keep it.

We will let you know if that is the case and will then only use your information for these purposes. You may also be unable to continue using our services if you want us to stop processing your personal information.

We encourage you to get in touch if you have any concerns with how we collect or use your personal information. You do however also have the right to lodge a complaint directly with the ICO, their contact details can be found on their website (www.ico.org.uk).

In the next sections we explain when and how we process personal data about you when you visit our website.

a) Hosting To provide our website, we use the services of Cloudflare, Inc a content delivery network (CDN), Backblaze, Inc. a Cloud storage provider, SiteGround (SG Hosting Inc.) a web hosting company and WordPress (Automatic Inc.) a content management system. Those service providers process the below-mentioned data and all data to be processed in connection with the operation of this website on our behalf. As part of the services, data may also be transferred outside the UK/EEA as part of further processing on our behalf. The legal basis for the data processing is our legitimate interest in providing our website in accordance with Art. 6 Para. 1 f) GDPR.

b) Provision of the website and creation of log files

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. The following data is collected:

· Information about the browser type and the version used.

· The user’s operating system

· The user’s internet service provider

· The IP address of the user

· Date and time of access

· Websites from which the user’s system accesses our website

· Websites that are accessed by the user’s system via our website

The legal basis for the temporary storage of the data and the log files is Art. 6 Para. 1 lit. f GDPR.

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session. The storage in log files is done to ensure the functionality of the website. In addition, we use the data to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context. The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for the user to object.

c) Use of cookies

When visiting the website, so-called cookies are stored on your computer or device. Cookies are small text files in which the provider of a website stores data relevant to facilitate surfing on the website. Such a cookie cannot be read by any other website than the one that placed the cookie. Memorisation does not store any of your personal data in the “cookies”. The maximum life of the cookie is 90 days. After this period has expired, the cookie is automatically deleted. A new cookie is set each time you visit the website. If a cookie exists, the information is updated. This corresponds to deleting and resetting the cookie.

The purpose of using technically necessary cookies is to simplify the use of website for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognised even after a page change.

Analysis cookies are used to improve the quality of our website and its content. Through the analysis cookies, we learn how the website is used and can thus constantly optimise our offer.

When calling up our website, users are informed by an information banner about the use of cookies for analysis purposes and referred to this privacy policy. In this context, there is also an indication of how the storage of cookies can be prevented in the browser settings. The legal basis for the processing of personal data using cookies is Art. 6 para. 1 lit. f GDPR. For further information on Cookies please refer to our Cookie Policy.

d) Google Analytics

We use the Google Analytics service of the provider Google Ireland Limited (Google Ireland) on our website.

Google Analytics is a web analytics service that enables us to collect and analyse data about the behaviour of visitors to our website. Google Analytics uses cookies to analyse the use of our website. This involves the processing of personal data in the form of online identifiers (including cookie identifiers), IP addresses, device identifiers and information about interaction with our website.

Some of this data is information stored in the terminal device you are using. In addition, further information is also stored on your end device via the cookies used. Such storage of information by Google Analytics or access to information already stored in your terminal device will only take place with your consent.

Google Ireland will process the data collected in this way on our behalf in order to evaluate the use of our website by users, to compile reports on the activities within our website and to provide us with other services associated with the use of our website and the use of the Internet. In doing so, pseudonymous user profiles of the users can be created from the processed data.

The setting of cookies and the further processing of personal data described here takes place with your consent. The legal basis for data processing in connection with the Google Analytics service is therefore Art. 6 para. 1 letter a GDPR. You can revoke this consent at any time with effect for the future.

The personal data processed on our behalf to provide Google Analytics may be transferred to any country in which Google Ireland or Google Ireland’s sub-processors maintain facilities.

We only use Google Analytics with IP anonymisation activated. This means that the IP address of the user is shortened by Google Ireland within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. The IP address transmitted by the user’s browser is not merged with other data. Further information on the use of data for advertising purposes can be found in Google’s privacy policy at: www.google.com/policies/technologies/ads/.

The data on user actions is stored for a period of 14 months and then automatically deleted. Data whose storage period has expired is automatically deleted once a month.

e) Contacting us

If you contact us using our contact form or e-mail, we process the following data from you for the purpose of processing and handling your enquiry: Name, contact details -if provided by you- and your message.

The legal basis of the data processing is our obligation to fulfil the contract and/or to fulfil our pre-contractual obligations in accordance with Art. 6 Para. 1 b) GDPR. and/or our legitimate interest in processing your enquiry in accordance with Art. 6 Para. 1 f) GDPR.

If you contact us via the Chat, anonymised data is collected and stored using technologies provided by tawk.to, Inc, for the purpose of web analytics and to operate the live chat system used to respond to live support requests. Usage profiles can be created from this anonymised data under a pseudonym. Insofar as the information collected in this way has a personal reference, the processing is carried out in accordance with our legitimate interest in effective customer service and the statistical analysis of user behaviour for optimisation purposes. The legal basis for this data processing is your consent pursuant to Art. 6 para. 1 lit. a GDPR.

f) Newsletter

You will only receive our free newsletter with your express consent. The subscription to the newsletter can be cancelled by the user concerned at any time. For this purpose, there is a corresponding link in each newsletter.

When registering for the newsletter, the data from the input mask is transmitted to us. In addition, the following data is collected during registration: IP address of the calling computer and date and time of registration. The collection of other personal data during the registration process serves to prevent misuse of the services or the e-mail address used. The legal basis for the processing of the data after the user has registered for the newsletter is Art. 6 para. 1 lit. a GDPR. The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Accordingly, the user’s e-mail address is stored for as long as the subscription to the newsletter is active. The newsletter is sent using the dispatch service provider “MailChimp”, a newsletter dispatch platform of the US provider Rocket Science Group, LLC.

g) Shop To provide our web shop, we use the WooCommerce service developed and operated Automattic, Inc. 132 Hawthorne Street San Francisco, CA 94107, USA. WooCommerce provides us with their online e-commerce platform through which we can offer our goods for sale to you. The data you provide during the check-out and when placing an order is processed by WooCommerce (save for Payment data). For more information, please see WooCommerce’s privacy policy at https://automattic.com/privacy/.

The payment data collected in respect of your purchase is made via the payment service provider Stripe of 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland to which you pass on your payment details during the checkout, for payment processing. Your data will only be passed on for the purpose of payment processing with Stripe and only insofar as it is necessary for this purpose. The legal basis for the processing of your personal data is Art. 6 (1) b) GDPR.

h) Contract fulfilment and data management in the context of service provision

We process various data within the framework of the provision of our services and for the initiation and processing of the existing contractual relationship between you and us.

If you have commissioned us to provide a service, we process your data and all information that is necessary in the context of fulfilling the services, exclusively for the purpose of processing and handling the contractual relationship. This includes in particular our appropriate advice and support, correspondence with you, invoicing, fulfilment of our accounting and tax obligations.

Accordingly, the data is processed on the basis of Art. 6 (1) b) GDPR as well as to fulfil our legal obligations pursuant to Art. 6 (1) c) GDPR.

i) Log in

During the onboarding process we set up your account and access to our members only area. For this purpose, we will provide you with a system generated access link that is sent to your e-mail address after you have purchased your QR Keepsake. The legal basis for processing data during the log in process is Art. 6 (1) (b) GDPR.

Duration of data storage

We only store personal data for as long as it is necessary for the purposes for which it is processed or for as long as any consent you have given us has been revoked by you. Insofar as statutory retention obligations must be observed, the storage period for certain data may be up to 6 years, irrespective of the processing purposes.

Transfer of personal data

Memorisation will not disclose or otherwise distribute your personal data to third parties unless this is necessary for the performance of our services (legal basis for processing: Art. 6 para. 1 lit. b) GDPR), you have consented to the disclosure (legal basis for processing: Art. 6 para. 1 lit. a) GDPR) or the disclosure of data is permitted by relevant legal provisions.

Memorisation is entitled to outsource the processing of your personal data in whole or in part to external service providers acting as processors for Memorisation pursuant to Art. 4 No. 8 GDPR within the

framework of the data protection provisions. External service providers support us, for example, in the technical operation and support of the website, data management, the provision and performance of services, marketing, as well as the implementation and fulfilment of reporting obligations.

The service providers commissioned by Memorisation process your data exclusively in accordance with our instructions. Memorisation remains responsible for the protection of your data, which is ensured by strict contractual regulations, technical and organisational measures and additional controls by us.

Personal data may also be disclosed to third parties if we are legally obliged to do so e.g., by court order (legal basis for processing: Art. 6 (1) (c) GDPR) or if this is necessary to support criminal or legal investigations or other legal investigations or proceedings at home or abroad or to fulfil Memorisation’ legitimate interests (legal basis for processing: Art. 6 (1) (f) GDPR).

International transfers

Our main operations are based in the UK and your personal information is generally processed, stored and used within in the UK and other countries in the European Economic Area (EEA). In some instances, your personal information may be processed outside the European Economic Area. If and when this is the case, we take steps to ensure there is an appropriate level of security, so your personal information is protected in the same way as if it was being used within the UK and the EEA.

Where we need to transfer your data outside the UK or the EEA, we will use one of the following safeguards:

• The use of approved standard contractual clauses in contracts for the transfer of personal data to third countries.

• Transfers to a non-EEA country with privacy laws that give the same protection as the UK and the EEA.

Automated decision-making

Automated decision-making including profiling pursuant to Art. 22 (1) and (4) GDPR does not take place on the part of Memorisation.

Social Media

We are present in various “social media” platforms in order to communicate with our customers, interested parties and users registered there and to be able to inform them about our offers there. We would like to point out that you use these platforms and their functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g., commenting, sharing, rating).

In addition, your data may be processed for market research and advertising purposes. For example, usage profiles can be created from your usage behaviour and the resulting interests. This allows, for example, advertisements to be placed within and outside the platforms that presumably correspond to your interests. Cookies are usually stored on your computer for this purpose. Independently of this, data that is not directly collected from your devices may also be stored in the usage profiles (especially if you are a member of the respective platforms and are logged in to them).

We, as the provider of this information service, do not collect and process any data from your use of our service beyond this.

The processing of users’ personal data is based on our legitimate interests in providing users with effective information and communicating with users pursuant to Art. 6 para. 1 p.1 lit. f. GDPR. If you are asked by the respective providers for consent to data processing, the legal basis for processing is Art. 6 para. 1 sentence 1 lit. a., Art. 7 GDPR.

If you are a member of a social network and do not want the network to collect data about you via our website and link it to your stored membership data with the respective network, you must

· log out of the respective network before visiting our website,

· delete the cookies on your device and

· close and restart your browser.

After logging in again, however, you will once more be recognisable to the network as a specific user. In the case of requests for information and the assertion of user rights, we would also like to point out that these can most effectively be asserted with the providers. Only the providers have access to the users’ data and can take appropriate measures and provide information directly. If you still need help, you can contact us.

Updating your information

If you believe that the information, we hold about you is inaccurate or that we are no longer entitled to use it and want to request its rectification, deletion, or object to its processing, please do so within your account or contact us. For your protection and the protection of all of our users, we may ask you to provide proof of identity before we can answer the above requests.

Keep in mind, we may reject requests for certain reasons, including if the request is unlawful or if it may infringe on trade secrets or intellectual property or the privacy of another user. Also, we may not be able to accommodate certain requests to object to the processing of personal information, notably where such requests would not allow us to provide our service to you anymore.

When you send a data subject access request

The legal basis for the processing of your personal data in the context of handling your data subject access request is our legal obligation and the legal basis for the subsequent documentation of the data subject access request is both our legitimate interest and our legal obligation.

The purpose of processing your personal data in the context of processing data when you send a data subject access request is to respond to your request. The subsequent documentation of the data subject access request serves to fulfil the legally required accountability. Your personal data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of the processing of a data subject access request, this is three years after the end of the respective process. You have the possibility at any time to object to the processing of your personal data in the context of the processing of a data subject access request for the future. In this case, however, we will not be able to further process your request. The documentation of the legally compliant processing of the respective data subject access request is mandatory. Consequently, there is no possibility for you to object.

Links to other providers

Our website also contains – clearly recognisable – links to the websites of other companies. Insofar as there are links to websites of other providers, we have no influence on their contents. Therefore, no guarantee or liability can be assumed for these contents. The respective provider or operator of the pages is always responsible for the content of these pages.

The linked pages were checked for possible legal violations and recognisable infringements at the time of linking. Illegal contents were not recognisable at the time of linking. However, permanent monitoring of the content of the linked pages is not reasonable without concrete indications of a legal violation. Such links will be removed immediately if infringements of the law become known.

Personal information and children

Our services are aimed at people aged 18 and over. We will not knowingly collect, use or disclose personal information from minors under the age of 18 without first obtaining consent from a legal guardian through direct offline contact.

Changes and updates to the privacy policy

We kindly ask you to regularly inform yourself about the content of our privacy policy. We will amend the privacy policy as soon as changes to the information processing activities we carry out make this

necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g., consent) or other individual notification.

Concerns and Contact

If you have any concerns about a possible compromise of your privacy or misuse of your personal information on our part, or any other questions or comments, you can contact us.