Society App Privacy Notice

Last update: 31 October 2022

The Society Pledge: We will not sell your personal data.

Great to see you here! At Society we care deeply about data protection, and we put great effort in being transparent to our users and customers on how we process personal data. If you’re considering creating an account with us or you already have one and are using the Society app, it is important that you read this privacy notice as it will help you understand how we may process your personal data when using and interacting with our app.

Make sure to read it carefully as this notice contains important information on how we process your personal data as well as what your rights are, how to contact us and how to make a complaint if you have one.

Please note that this Privacy Notice is for the use of our app only. If you want to learn more about how we may process personal data on the Society website, click here.

This app Privacy Notice is divided into the following sections:

Who we are

This app is operated by Society is a trading name for WeClikk Ltd. Copyright © WeClikk Ltd. All rights reserved. A company registered in England and Wales # 11879909. Information Commissioner’s Office # ZA641997, with address at 11 Laud Street, Croydon, Greater London CR0 1SU, United Kingdom.

With subsidiary in United States, being registered as Society Inc., located in the 4th Floor Suite #842, 1007 N Orange St. Wilmington, Delaware 19801, United States.

Data Processor: WeClikk Ltd.

For more information go to www.createyoursociety.com

When you download, use or purchase Services on the Society App, we may process your personal data. We care much about treating your data responsibly and we’re committed to protecting your data. At Society we follow and implement regulatory requirements under the California Consumers Protection Act 2018 (CPRA), UK General Data Protection Regulation (UK GDPR), UK DPA 2018, UK PECR and EU General Data Protection Regulation (EU GDPR).

Our app

This privacy notice relates to your use of the Society application.

Throughout our app we may link or advertise other websites or apps owned and operated by third parties, either to make additional products and services available to you or to continue providing free subscriptions (to know more read Terms and Conditions).

These other third-party websites or apps may also gather information about you in accordance with their own separate privacy notices. For privacy information relating to these other third-party websites, please consult their privacy notices.

Definitions

  • Consumer: means a natural person who is a California resident, as defined in Section 17014 of Title 18 of the California Code of Regulations, as that section read on September 1, 2017, however identified, including by any unique identifier.
  • CPRA: means the California Privacy Rights Act effective as of January 1st, 2023 (CPRA).
  • Data Controller: means the natural or legal person, which, alone or jointly with others, determines the purposes and means of the processing of personal data
  • Data Processor: means a natural or legal person, body which processes personal data on behalf of the controller
  • Data Protection Act 2018: controls how your personal information is used by organizations, businesses, or the government. The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR), also called DPA18.
  • Data Protection Regulation: are the legislations that set guidelines for the collection and processing of personal data from individuals, such as GDPR and CPRA.
  • Data subject: means an identified or identifiable natural person to whom the data in question belongs to.
  • Household: means a group, however identified, of consumers who cohabitate with one another at the same residential address and share use of common devices or services.
  • PECR: the PECR (Privacy and Electronic Communications (EC Directive) Regulations 2003) is a UK law that is derived from derived from the EU’s ePrivacy Directive (Directive 2002/58/EC) and gives people specific rights to electronic communications
  • Personal data: means any information that can be linked to an individual and identify them no matter if on its own or when combined with other data. Examples of personal data are name, ID number, location data, health information, political or economic interests, online identifiers, and IP addresses.
  • Personal information: means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.
  • Processing: are any activities where we use personal data, both through electronic and manual means. This includes (without limitation) collecting, recording, storing, organizing, adapting, altering, using, disclosing, and erasing personal data.
  • Sell: means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to a third party for monetary or other valuable consideration.
  • Sharing: means “disclosing, disseminating, making available, transferring, a consumer’s personal information by the business to a third party for cross-context behavioral advertising, whether or not for monetary or other valuable consideration.
  • You: means the user or potential user of the Society application
  • We, us, Society, WeClikk: means Society, the makers behind the Society application

Our Responsibilities

Society as Data Controller

Society is the Data Controller for some personal data, meaning that Society determines the purposes and means of the processing of that personal data. In some regulations Data Controller may be described as Data Owner or similar terms. The data Society is controller of is the data you, as a club owner or club member, share with Society to register yourself, create your account, interact with us through social media, email, SMS and other means.

Society is the Data Controller for any personal data collected, stored, used and analyzed to ensure the proper functionality of the app, improve our services and to create new products and services for you.

In accordance with this notice and our terms of use, we put the greatest effort to ensure the responsible use of your data and in compliance with data protection regulations that cover jurisdictions we operate in.

Society as Data Processor

Society as a Data Processor means we only process personal data on behalf of the controller, in this case club app owners and admins. In some regulations the Data Processor may be referred to as vendor or service provider. Society is the data processor for all club apps created in Society including all activities that are happening within a club app such as conversations, events, club member management, club logos and info, and such.

As a data processor, Society provides the technology to enable you, the club owner, to manage your club’s activities.

Society will not manage, sell or share your club app data, interfere or in any way get involved in its activities unless we have reasons to believe the club owners are performing unlawful activities or acting in an unethical way. In this case Society reserves the rights to cancel and/or dissolve the club and delete the club owner’s account, as detailed in the Terms and Conditions.

Responsibilities of Club Owners

Club Owners as Data Controllers

Club owners, meaning the users that create apps within Society, are the data controller for all the personal data of people joining its club.

  • This means the club owner is responsible in how they manage members data and Society is not involved in that.

Our collection and use of your personal data

We may collect your personal data when you access and use the Society app, register with us, contact us, or send us feedback.

We collect this personal data from you either directly, such as when you create an account with us, or indirectly, such as your app activity while using the Society app (see ‘Cookies’ below).

The personal data we collect about you depends on the activities carried out by you on the Society app. This information includes:

  • your name, email, and phone number
  • financial information, such as the last four numbers of your card
  • date of birth, gender, selfie, country, IP address, long time stamp, relationship status
  • Club logo, club category, club app pin, club events, club advertisements
  • the club apps you are part of, if you are the club owner, who is on the club’s guests lists, and who the club members are,
  • information on your app usage, such as location data, user device, session, time, and date of activity
  • details of any feedback you give us by phone, email, post or via social media
  • chat history, time, and date of activity if you contact us via social media or other chat apps
  • the University, College, or School you attend or attended, and year of graduation

We use this personal data to:

  • communicate with you
  • provide services for you
  • register your account
  • process your payment transaction
  • verify your association with the University, College, or School, you registered yourself with
  • customize our app and its contents according to your preferences
  • notify you of any changes to our website or to our services that may affect you
  • help you fix any inconveniences, such as unpredicted bugs
  • improve our services

The Society app does not store any bank or card payment details. All financial data is stored by Stripe and processed by Society App in real-time via Stripe API. All card numbers are encrypted on disk with AES-256. Decryption keys are stored on separate machines. Stripe’s infrastructure for storing, decrypting, and transmitting card numbers runs in separate hosting infrastructure, and doesn’t share any credentials with Stripe’s primary services.

When we use your personal data, we are required to have a legal basis for doing so. There are various legal bases on which we may rely on, depending on what personal data we process and why.

The legal bases we may rely on include:

  • Consent: where you have given us clear consent for us to process your personal data for a specific purpose, such as sending you our newsletter.
  • Contract: where our use of your personal data is necessary for a contract we have with you, or because you have asked us to take specific steps before entering a contract. For example, when downloading the Society app and creating an account with us, you agree to our Terms of Use which you can find here. This is a valid contract between you and us.
  • Legal obligation: where our use of your personal data is necessary for us to comply with the law (not including contractual obligations). For example, where we’re legally obliged to keep financial records for a certain period in different jurisdictions.
  • Legitimate interests: where our use of your personal data is in our legitimate interests or the legitimate interests of a third party (unless there is a good reason to protect your personal data which overrides our legitimate interests). For example when we have new functionalities on our app that we want to share with you because we think they are of interest for you.

Who we share your personal data with

We share personal information from our customers and users with third parties outside Society under the very limited circumstances and specific purposes below:

  • Vendors: We may share personal data with third-party vendors, such as email providers, communication tools, storage (e.g: Google Cloud, AWS), analytics software (e.g: Sentry, Firebase, Amplitude Analytics).
  • National Security Authorities or Law Enforcement: Society may share personal data to comply with laws and protect our rights and the rights of others. We may disclose your information when we, in good faith, believe disclosure is appropriate to comply with the law, a court order or a subpoena. We may also disclose your information to prevent or investigate a possible crime; to protect the security of the services; to enforce or apply our online Terms of Use or other agreements; or to protect our own rights or property or the rights, property, or safety of our users or others.

We will not share your personal data with any other third party.

We will not sell your personal data (to know more read “Do we sell your personal data”).

For how long we keep your data

The period for which data is retained varies according to the purpose for which the data is processed. Personal data is being kept only for the time necessary to fulfil the processing purpose.

In addition, there may be legal requirements that determinate certain data to be retained for a minimum period.

Children’s Privacy

Society adheres to the Children’s Online Privacy Protection Act (“COPPA”). COPPA is a law in the United States that regulates the way in which online websites may collect and use information from children. Our data processing is done accordingly to the COPPA.

Age limits

We care about the safety of children. Society’s services are not directed towards children under the age of 13, therefore they are not allowed to register with us, use our services, or disclose any personal data without appropriate parental or legal guardian approval. Society requires parental consent to use the app until the child completes 13 years old regardless of the pre-defined age categories from your app store.

We do not knowingly contact or engage with children under the age of 13 without said parental consent (or consent from your legal guardian). If you have reason to believe that a child under the said age has provided us with their personal data, please contact us at contact@createyoursociety.com and we will endeavor to delete that data from our databases.

Do we sell your personal data

We never sell your personal data.

Despite that, in conformity with the California Consumer Privacy Act, we do engage in personal data sharing activities that could be considered “sales” under the CPRA, such as sharing commercial information, identifiers, or virtual network activity with website analytics companies. For more information regarding this topic please check “Privacy Information for California Residents” on this Privacy Notice.

We do not share Child Activity Information with third parties for marketing or promotional purposes and do not advertise to children.

International Data Transfers

We are a global business. The personal data we collect from our customers and users may be transferred internationally to third party’s vendors, consultants, or server providers located in a foreign country, such as Google Drive, Mailchimp and Microsoft, who use cloud infrastructure service providers with headquarters in the United States.

This means we may transfer your Personal Data to other countries that may have different data protection rules. When transferring data across borders, we take measures to comply with applicable data protection laws related to such transfer.

Where applicable law requires a data transfer mechanism, we use one or more of the following:

For transfers to third countries, we have entered into International Data Transfer Agreements approved by the UK Parliament or Standard Contractual Clauses, approved by the European Commission, to ensure an adequate level of protection for the transfer of your Personal Data to those entities outside the EEA. You can obtain a copy of the relevant Standard Contractual Clauses clicking here.

Your personal data is always going to be protected in accordance with this Privacy Notice wherever it is possible.

Cookies and other tracking technologies

A cookie is a small text file which is placed onto your device (e.g: smartphone or another electronic device) when you use our app.

We use cookies in our apps that help us recognize you and your device and store some information about your preferences or past actions.

For further information on cookies, our use of cookies, when we will request your consent before placing them and how to disable them, please see our Cookie Policy.

Analytics

Society uses third-party analytics services (such as Google Analytics) as well as self-hosted data collection services on our services to collect and analyze usage information through cookies and similar technologies; research, or reporting; and provide certain features to you.

Free Subscription

If you are a customer using Society’s free subscription, you agree that in exchange for Society’s free App hosting, development, improvements and technical support, Society has the rights to:

  • advertise to you through the app,
  • attract advertisers/sponsors and
  • charge transaction fees within the app

to fund and provide a Free Subscription service for you.

Advertisements will be reasonable to ensure the user experience is balanced and not spammed with ads by Society.

Marketing

We would like to send you information about products and services, competitions, and special offers, which may be of interest to you. Where we have your consent or it is in our legitimate interest to do so, we may do this by email or text message (SMS).

If you have agreed to being contacted in this way, you can unsubscribe at any time by:

Your rights

You have certain rights when it comes to the use of your data. At Society we make this a global commitment and treat all our users equally. These are:

a. Right to be Informed: You have the right to be informed about all data processing activities performed on your personal data at the point of collection.

b. Right of Access: Also knows as Data Subject Access Requests (“DSARs” or “SARs”), you have the right to request information relating to you, and to receive a copy of your personal data.

c. Right to Rectification: You have the right to request the rectification or completion of inaccurate or incomplete personal data concerning you.

d. Rights to Erasure, Restriction, Data Portability and to Object: In certain circumstances you have the right to:

  • Request and obtain the erasure of personal data concerning you,
  • Request and obtain the restriction of processing of personal data concerning you,
  • Request to have your personal data transmitted to another controller without hindrance, where technically feasible (data portability),
  • Object at any time to data processing carried out in our legitimate interests or carried out for direct marketing purposes.

Have in mind that we can still store some of our users’ information if the data has been anonymized and it is not possible to directly link the data back to the individual to identify them.

We may also retain some personal information that is strictly necessary to comply with legal or governmental obligations.

e. Automated Decision Making: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal or similarly significant affects concerning you.

f. Facilitating Your Rights: Society is required to provide within one month of receipt, information on the action we have taken to facilitate the request, or where applicable, the reasons for not taking action.

Requirements by Children

Any requests made by children younger than 18 years must be made on behalf of a parent or legal guardian.

If you would like to exercise any of those rights, please contact us through this email: contact@createyoursociety.com .

Other Jurisdictions

For residents of other jurisdictions, to exercise your data protection rights or to receive more details in connection with them, you can submit requests via contact@createyoursociety.com. You may be required to provide additional information necessary to confirm your identity before we can respond to your request. We will consider all such requests and provide our response within the period required by applicable law.

Please note, however, that certain information may be exempt from such requests, for example if we need to keep the information to comply with our own legal obligations or to establish, exercise, or defend legal claims. Your rights and our responses will vary based on your state or country of residency.

Please note that you may be located in a jurisdiction where we are not obligated, or are unable, to fulfill a request. In such a case, your request may not be fulfilled. If applicable, you may make a complaint to your local data protection supervisory authority in the country where you are based. Alternatively, you may seek a remedy through local courts if you believe your rights have been breached.

How to make use of your rights

To make use of your rights as stated above, you can make a direct request with us. Click here and submit your request concerning CPRA, and here concerning UK GDPR and EU GDPR. Once you submitted your request, our team will get in touch with you within:

  • European and UK citizens: 30 days upon request
  • Californian citizens: 45 days upon request
  • Any other user/citizen: 30 days upon request

The CPRA, UK GDPR and EU GDPR allows Society to extend this period by further two months in certain circumstances.

Privacy Information for California Residents

Terms used in this section and not otherwise defined have the meaning given to them under the California Consumer Privacy Act (“CPRA”). California law requires us to provide some additional information regarding rights with respect to “personal information.” In many cases, the CPRA allows Californian residents to make certain requests about their personal information. Specifically, unless certain exceptions apply, the CPRA allows the following:

a. Right to know
You can request information about the categories of personal information we collect or disclose about you; the categories of sources of such information; the business or commercial purpose for collecting the personal information; and the categories of third parties with whom we share/disclose personal information.

Society should respond to those requests with details on which personal information was collected within the prior 12 (twelve) months, and under certain circumstances, beyond the prior 12 (twelve) month period.

b. Right to opt-out
You have the right to opt-out of businesses selling and sharing your data.

c. Right to delete
You can request Society to delete their personal information if it is no longer needed, and Society has the obligation to request third parties that have bought or received the personal information in question to also delete it.

d. Right to Data Portability
Data subject can request to transfer specific personal information to another entity, when it is possible, and in a structured, commonly used, machine-readable format.

e. Right to Correct Information
The data subject has the right to request Society to correct any inaccurate personal information.

f. Right to Limit Use and Disclosure of Sensitive Personal Information
The data subject has the right to limit the use and disclosure of their sensitive personal information.

g. Right to Access Information about Automated Decision Making
The data subject has the right to request meaningful information about the logic involved in the decision-making process, as well as a description of the likely outcome of the process.

h. Right to Opt-out of Automated Decision-making Technology
You have the right to opt-out of being subjected to automated decision-making processes, including profiling.

You have the right to be provided with information about certain financial incentives that Society offers, if any, and the right to not be subject to certain negative consequences for exercising CPRA rights.

Verifying your identity

We reserve the right to verify your identity before responding to a request, which may include, at a minimum, depending on the sensitivity of the information you are requesting and the type of request you are making, verifying your name, email address, phone number, or other information. You are also permitted to designate an authorized agent to submit certain requests on your behalf.

In order for an authorized agent to be verified, you must provide the authorized agent with signed, written permission to make such requests or a power of attorney. We may also follow up with you to verify your identity before processing the authorized agent’s request.

Please note that certain information may be exempt from such requests under California law. For example, we need certain information in order to provide the Services or to comply with legal obligations, so we would need to either reject the request to delete the information or, if we are legally permitted to delete it, we would need to terminate our provision of the Services to the data subject after deleting it.

If you would like further information regarding your legal rights under California law or would like to exercise any of them, please email contact@createyoursociety.com.

Opt-out

California residents have the right to opt out of the “sale” or “sharing” of their personal information.

California law broadly defines “sale” in a way that may include allowing third parties to receive certain information such as cookies, IP address and/or browsing behavior for interest-based advertising or related purposes.

Although Society does not currently sell personal information in exchange for any monetary consideration, we may share personal information for these purposes in such a way that could be deemed a “sale” as defined by the CPRA.

We also share certain information as set forth in “Cookies and other Tracking Technologies” section. For details on how to opt out of cookies, please see the “Cookies Policy“.

Please note that we do not knowingly sell Child Activity Information or the personal information of minors under 18 years of age.

Keeping your personal data secure

For Society the security of the personal data we collect from our customers and users is a high priority and we make sure to adopt the proper technical, organizational, and administrative measures to protect the information we hold in our websites and products against loss, unauthorized access, misuse, modification, or destruction.

Some of the security measures we use are:

  • Google Cloud Firewall
  • Email authentication
  • SMS authentication
  • Two factor authentication

Also, we only allow domains to register in Society, such as “ac.uk” or “.edu” by default, all chat messages are encrypted end-to-end and connections are all encrypted via SSL https.

Changes to this Privacy Notice

As we improve our products and app, we may also update this Privacy Notice from time to time.

It is your responsibility to periodically check this document and maintain yourself informed about eventual changes in our activities regarding personal data.

We will let you know about the privacy updates on our app:

a. by changing the date on top of this document,
b. by sending you an email whenever we update our Privacy Notice and
c. if the change is substantial, a notice will be posted on the app.

The “Most recent update” caption at the top of this page indicates when this Privacy Policy was last revised.

If you would like to see the version of the Privacy Notice that was in effect immediately prior to this version, please contact us at contact@createyoursociety.com.

How to contact us

Please contact us if you have any questions about this privacy notice or the data we hold about you.

If you wish to contact us, please send an email to contact@createyoursociety.com.

Data Controller: WeClikk Ltd

Do you need extra help?

If you would like this website privacy policy in another format (for example: audio, large print, braille) please contact us (see ‘How to contact us’ above).