- All capitalised terms used and not otherwise defined herein have the meanings ascribed to them in Memory's terms of service (available at //www.cabesh.com/terms-of-service, hereinafter "Terms of Service").
- Nothing herein is intended to limit user’s statutory data processing rights.
2. Legal Basis For Memory's Processing Of Personal Data
- Memory only processes personal data necessary for the performance of Memory’s contractual obligations to the user according to the Terms of Service, or in order to take steps at the request of the user prior to entering into the Terms of Service.
- Memory does not intend to process special categories of personal data, such as data on racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation.
- Memory will only process special categories of personal data as specified above at the request of the User (“Data Subject”), i.e. when the user submits such data to Memory at their own will. For example, users may choose to connect their Memory account to fitness apps or to keep track of doctor’s appointments. Memory will only process such special categories of personal data following the informed, expressly and freely given consent of the Data Subject.
- Memory may anonymise and aggregate data for the purpose of machine learning and statistics in order to improve the Service.
3. How Personal Data Is Collected Through Use Of Memory
Memory may collect information (including personal data) about Data Subjects:
- during the conclusion and modification of the agreements it concludes with Data Subjects (the information collected may include the data provided in such agreements, such as the Data Subject’s contact information, or for the purposes of negotiating, concluding or amending same);
- when a Data Subject fills in forms via the Service, opens a User Account, subscribes to, or unsubscribes from, a Service Plan, creates or modifies a user profile, or enters or modifies other information associated with their User Account (the information thus provided by the Data Subject);
- when a Data Subject downloads, installs, updates or uninstalls the Software, or accesses or uses the Service or any other service connected with Memory (the location (GPS), manner, means and duration of such activity as well as other information the Data Subject may provide); and
- when otherwise knowingly made available to Memory (the information the Data Subject provides).
4. How Personal Data Is Collected Through Use of Third-Party Integrations
If you choose to use or connect to third-party integrations (e.g. Google Calendar, Trello etc.) through the Service, or if you are required or permitted to do so by a Customer, such third parties may allow us to have access to and store additional information about your interaction with those services as it relates to your use of the Service.
If you initiate these connections, you also understand that we will share information about you that is required to enable your use of the third-party integration through the Service. If you do not wish to have this information shared, do not initiate these connections.
By enabling these connections, you authorise us to connect and access the information provided through these connections, and you understand that the privacy policies of these third parties govern such connections. More information about each integration can be found on the respective support pages for Timely.
5. Purpose Of The Processing Of Personal Data
The Provider will process information as referenced in section 5 and 6 (collectively, "Data") for the purposes of
- providing the Service
- improving or otherwise modifying the Service and notifying Data Subjects thereof,
- customising the content and/or layout of the Service for the particular Data Subject,
- replying to the Data Subjects' communications and contacting them,
- performing Provider's obligations towards the Data Subject,
- exercising and enforcing Provider's rights according to the Terms of Service,
6. Storage Period For Personal Data
Memory will keep personal data for as long as necessary to fulfil their contractual obligations towards the Data Subject, as specified in the Terms of Service. Personal data will be deleted or anonymised as soon as possible after the termination of the Data Subject’s account, unless it must be stored in order for Memory to fulfil obligations in statutory law.
7. Where Personal Data Is Processed
- The data controller is Memory AS, a company based in Oslo, Norway.
- Memory AS may use sub-suppliers and transfer personal data to these sub-suppliers, including sub-suppliers in countries not considered to provide adequate protection for personal data. In such cases, Memory will only transfer personal data subject to appropriate safeguards provided by sub-suppliers, such as a legally binding and enforceable instrument between public authorities or bodies, or standard data protection clauses adopted by the EU Commission. A copy of such safeguards may be obtained by contacting Memory at support[at]www.cabesh.com.
8. Transfer Of Personal Data To Others
- Memory will not transfer or provide access to Data Subject’s personal data to any third party except when, to the extent, and to persons; With the Data Subject’s consent, required by law, or necessary in order to perform Memory's obligations under the Agreement, or its statutory obligations, or to exercise its legal rights, or defend against claims or other process.
- Memory represents that it has implemented and will continue to employ appropriate measures to ensure that Customer Details are processed securely and in compliance with the applicable law.
- Memory has no obligation to monitor or access its customers' accounts, but may do so in cases where such action is reasonably justified (e.g., in order to prevent illegal or harmful activity, provide customer support, or perform its legal duties).
9. Data Subject's Rights
- Access of rights: Upon the Data Subject’s request, Memory will grant the Data Subject access to, all Personal Data that Memory maintains about the Data Subject, unless such information is otherwise available to the Data Subject or Provider is legally prohibited from disclosing such records.
- Right to rectification or erasure of personal data or restriction of processing.
- If any Personal Data prove to be incorrect or misleading, the Data Subject is entitled to have the data rectified. Registered Data Subject’s can access and correct certain of their own Personal Data through the Service by visiting their personal profile page and account setting page.
- Rights in connection with Disclosure
- In all cases where Memory is allowed to disclose Personal Data to third parties, it will ensure that the person to whom disclosure is made grants the respective Data Subject the same as those set forth herein with respect to the processing of such Customer Details (including the right to be informed about the data maintained on the Data Subject and the right to correct or have corrected incorrect or misleading information).
- Right to data portability
- The Data Subject has the right to receive the personal data concerning him or her, which he or she has provided to Memory, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from Memory.
- Right to lodge a complaint with a supervisory authority
- The Data Subject has the right to lodge a complaint with a supervisory authority if the Data Subject considers that the processing of personal data relating to him or her infringes his or her rights.
- If a Data Subject participates in Memory’s mailing or similar program, Memory may use their personal data to send them information about products, services, promotions, and events that Memory believes may be of interest to them. Any subscription to any such program may be cancelled at will.
- Memory may send registered Data Subjects certain important communications relating to the Service, such as (e.g.) service announcements and administrative messages, without offering Data Subjects the opportunity to opt out of receiving them.
12. Change Of Policy
Memory’s use and transfer to any other app of information received from Google Accounts will adhere to Google API Services User Data Policy, including the Limited Use requirements.
The Limited Use requirements have four elements:
- Allowed Use: Developers are only allowed to use restricted scope data to provide or improve user-facing features that are prominent from the requesting app's user interface. It should be clear to your users why and how you use the restricted scope data they've chosen to share with you.
- Allowed Transfer: Developers are only allowed to transfer restricted scope data to others if that transfer is (a) necessary to provide or improve user-facing features that are prominent from the requesting app's user interface, (b) to comply with applicable laws, or (c) a part of a merger, acquisition or sale of assets of the developer. All other transfers or sales of user data are completely prohibited.
- Prohibited Advertising: Developers are never allowed to use or transfer restricted scope data to serve users advertisements. This includes personalized, re-targeted and interest-based advertising.
- Prohibited Human Interaction: Developers cannot allow humans to read restricted scope user data. For example, a developer with access to a user's data is not allowed to have one of its employees read through a user's emails. There are four limited exceptions to this rule: (a) the developer obtains a user's consent to read specific messages (for example, for tech support), (b) it's necessary for security purposes (for example, investigating abuse), (c) to comply with applicable laws, and (d) the developer aggregates and anonymizes the data and only uses it for internal operations (for example, reporting aggregate statistics in an internal dashboard)