Last update: 31 October 2022
The Society Pledge: We will not sell your personal data.
Great to see you here! At Society we care deeply about data protection, and we put great effort in being transparent to our users and customers on how we process personal data. If you’re considering creating an account with us or you already have one and are using the Society app, it is important that you read this privacy notice as it will help you understand how we may process your personal data when using and interacting with our app.
Make sure to read it carefully as this notice contains important information on how we process your personal data as well as what your rights are, how to contact us and how to make a complaint if you have one.
Please note that this Privacy Notice is for the use of our app only. If you want to learn more about how we may process personal data on the Society website, click here.
This app Privacy Notice is divided into the following sections:
This app is operated by Society is a trading name for WeClikk Ltd. Copyright © WeClikk Ltd. All rights reserved. A company registered in England and Wales # 11879909. Information Commissioner’s Office # ZA641997, with address at 11 Laud Street, Croydon, Greater London CR0 1SU, United Kingdom.
With subsidiary in United States, being registered as Society Inc., located in the 4th Floor Suite #842, 1007 N Orange St. Wilmington, Delaware 19801, United States.
Data Processor: WeClikk Ltd.
For more information go to www.createyoursociety.com
When you download, use or purchase Services on the Society App, we may process your personal data. We care much about treating your data responsibly and we’re committed to protecting your data. At Society we follow and implement regulatory requirements under the California Consumers Protection Act 2018 (CPRA), UK General Data Protection Regulation (UK GDPR), UK DPA 2018, UK PECR and EU General Data Protection Regulation (EU GDPR).
This privacy notice relates to your use of the Society application.
Throughout our app we may link or advertise other websites or apps owned and operated by third parties, either to make additional products and services available to you or to continue providing free subscriptions (to know more read Terms and Conditions).
These other third-party websites or apps may also gather information about you in accordance with their own separate privacy notices. For privacy information relating to these other third-party websites, please consult their privacy notices.
Society is the Data Controller for some personal data, meaning that Society determines the purposes and means of the processing of that personal data. In some regulations Data Controller may be described as Data Owner or similar terms. The data Society is controller of is the data you, as a club owner or club member, share with Society to register yourself, create your account, interact with us through social media, email, SMS and other means.
Society is the Data Controller for any personal data collected, stored, used and analyzed to ensure the proper functionality of the app, improve our services and to create new products and services for you.
Society as a Data Processor means we only process personal data on behalf of the controller, in this case club app owners and admins. In some regulations the Data Processor may be referred to as vendor or service provider. Society is the data processor for all club apps created in Society including all activities that are happening within a club app such as conversations, events, club member management, club logos and info, and such.
As a data processor, Society provides the technology to enable you, the club owner, to manage your club’s activities.
Society will not manage, sell or share your club app data, interfere or in any way get involved in its activities unless we have reasons to believe the club owners are performing unlawful activities or acting in an unethical way. In this case Society reserves the rights to cancel and/or dissolve the club and delete the club owner’s account, as detailed in the Terms and Conditions.
Club owners, meaning the users that create apps within Society, are the data controller for all the personal data of people joining its club.
We may collect your personal data when you access and use the Society app, register with us, contact us, or send us feedback.
We collect this personal data from you either directly, such as when you create an account with us, or indirectly, such as your app activity while using the Society app (see ‘Cookies’ below).
The personal data we collect about you depends on the activities carried out by you on the Society app. This information includes:
We use this personal data to:
The Society app does not store any bank or card payment details. All financial data is stored by Stripe and processed by Society App in real-time via Stripe API. All card numbers are encrypted on disk with AES-256. Decryption keys are stored on separate machines. Stripe’s infrastructure for storing, decrypting, and transmitting card numbers runs in separate hosting infrastructure, and doesn’t share any credentials with Stripe’s primary services.
When we use your personal data, we are required to have a legal basis for doing so. There are various legal bases on which we may rely on, depending on what personal data we process and why.
The legal bases we may rely on include:
We share personal information from our customers and users with third parties outside Society under the very limited circumstances and specific purposes below:
We will not share your personal data with any other third party.
We will not sell your personal data (to know more read “Do we sell your personal data”).
The period for which data is retained varies according to the purpose for which the data is processed. Personal data is being kept only for the time necessary to fulfil the processing purpose.
In addition, there may be legal requirements that determinate certain data to be retained for a minimum period.
Society adheres to the Children’s Online Privacy Protection Act (“COPPA”). COPPA is a law in the United States that regulates the way in which online websites may collect and use information from children. Our data processing is done accordingly to the COPPA.
We care about the safety of children. Society’s services are not directed towards children under the age of 13, therefore they are not allowed to register with us, use our services, or disclose any personal data without appropriate parental or legal guardian approval. Society requires parental consent to use the app until the child completes 13 years old regardless of the pre-defined age categories from your app store.
We do not knowingly contact or engage with children under the age of 13 without said parental consent (or consent from your legal guardian). If you have reason to believe that a child under the said age has provided us with their personal data, please contact us at email@example.com and we will endeavor to delete that data from our databases.
We never sell your personal data.
Despite that, in conformity with the California Consumer Privacy Act, we do engage in personal data sharing activities that could be considered “sales” under the CPRA, such as sharing commercial information, identifiers, or virtual network activity with website analytics companies. For more information regarding this topic please check “Privacy Information for California Residents” on this Privacy Notice.
We do not share Child Activity Information with third parties for marketing or promotional purposes and do not advertise to children.
We are a global business. The personal data we collect from our customers and users may be transferred internationally to third party’s vendors, consultants, or server providers located in a foreign country, such as Google Drive, Mailchimp and Microsoft, who use cloud infrastructure service providers with headquarters in the United States.
This means we may transfer your Personal Data to other countries that may have different data protection rules. When transferring data across borders, we take measures to comply with applicable data protection laws related to such transfer.
Where applicable law requires a data transfer mechanism, we use one or more of the following:
For transfers to third countries, we have entered into International Data Transfer Agreements approved by the UK Parliament or Standard Contractual Clauses, approved by the European Commission, to ensure an adequate level of protection for the transfer of your Personal Data to those entities outside the EEA. You can obtain a copy of the relevant Standard Contractual Clauses clicking here.
Your personal data is always going to be protected in accordance with this Privacy Notice wherever it is possible.
A cookie is a small text file which is placed onto your device (e.g: smartphone or another electronic device) when you use our app.
Society uses third-party analytics services (such as Google Analytics) as well as self-hosted data collection services on our services to collect and analyze usage information through cookies and similar technologies; research, or reporting; and provide certain features to you.
If you are a customer using Society’s free subscription, you agree that in exchange for Society’s free App hosting, development, improvements and technical support, Society has the rights to:
to fund and provide a Free Subscription service for you.
Advertisements will be reasonable to ensure the user experience is balanced and not spammed with ads by Society.
We would like to send you information about products and services, competitions, and special offers, which may be of interest to you. Where we have your consent or it is in our legitimate interest to do so, we may do this by email or text message (SMS).
If you have agreed to being contacted in this way, you can unsubscribe at any time by:
You have certain rights when it comes to the use of your data. At Society we make this a global commitment and treat all our users equally. These are:
a. Right to be Informed: You have the right to be informed about all data processing activities performed on your personal data at the point of collection.
b. Right of Access: Also knows as Data Subject Access Requests (“DSARs” or “SARs”), you have the right to request information relating to you, and to receive a copy of your personal data.
c. Right to Rectification: You have the right to request the rectification or completion of inaccurate or incomplete personal data concerning you.
d. Rights to Erasure, Restriction, Data Portability and to Object: In certain circumstances you have the right to:
Have in mind that we can still store some of our users’ information if the data has been anonymized and it is not possible to directly link the data back to the individual to identify them.
We may also retain some personal information that is strictly necessary to comply with legal or governmental obligations.
e. Automated Decision Making: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal or similarly significant affects concerning you.
f. Facilitating Your Rights: Society is required to provide within one month of receipt, information on the action we have taken to facilitate the request, or where applicable, the reasons for not taking action.
Any requests made by children younger than 18 years must be made on behalf of a parent or legal guardian.
If you would like to exercise any of those rights, please contact us through this email: firstname.lastname@example.org .
For residents of other jurisdictions, to exercise your data protection rights or to receive more details in connection with them, you can submit requests via email@example.com. You may be required to provide additional information necessary to confirm your identity before we can respond to your request. We will consider all such requests and provide our response within the period required by applicable law.
Please note, however, that certain information may be exempt from such requests, for example if we need to keep the information to comply with our own legal obligations or to establish, exercise, or defend legal claims. Your rights and our responses will vary based on your state or country of residency.
Please note that you may be located in a jurisdiction where we are not obligated, or are unable, to fulfill a request. In such a case, your request may not be fulfilled. If applicable, you may make a complaint to your local data protection supervisory authority in the country where you are based. Alternatively, you may seek a remedy through local courts if you believe your rights have been breached.
To make use of your rights as stated above, you can make a direct request with us. Click here and submit your request concerning CPRA, and here concerning UK GDPR and EU GDPR. Once you submitted your request, our team will get in touch with you within:
The CPRA, UK GDPR and EU GDPR allows Society to extend this period by further two months in certain circumstances.
Terms used in this section and not otherwise defined have the meaning given to them under the California Consumer Privacy Act (“CPRA”). California law requires us to provide some additional information regarding rights with respect to “personal information.” In many cases, the CPRA allows Californian residents to make certain requests about their personal information. Specifically, unless certain exceptions apply, the CPRA allows the following:
a. Right to know
You can request information about the categories of personal information we collect or disclose about you; the categories of sources of such information; the business or commercial purpose for collecting the personal information; and the categories of third parties with whom we share/disclose personal information.
Society should respond to those requests with details on which personal information was collected within the prior 12 (twelve) months, and under certain circumstances, beyond the prior 12 (twelve) month period.
b. Right to opt-out
You have the right to opt-out of businesses selling and sharing your data.
c. Right to delete
You can request Society to delete their personal information if it is no longer needed, and Society has the obligation to request third parties that have bought or received the personal information in question to also delete it.
d. Right to Data Portability
Data subject can request to transfer specific personal information to another entity, when it is possible, and in a structured, commonly used, machine-readable format.
e. Right to Correct Information
The data subject has the right to request Society to correct any inaccurate personal information.
f. Right to Limit Use and Disclosure of Sensitive Personal Information
The data subject has the right to limit the use and disclosure of their sensitive personal information.
g. Right to Access Information about Automated Decision Making
The data subject has the right to request meaningful information about the logic involved in the decision-making process, as well as a description of the likely outcome of the process.
h. Right to Opt-out of Automated Decision-making Technology
You have the right to opt-out of being subjected to automated decision-making processes, including profiling.
You have the right to be provided with information about certain financial incentives that Society offers, if any, and the right to not be subject to certain negative consequences for exercising CPRA rights.
We reserve the right to verify your identity before responding to a request, which may include, at a minimum, depending on the sensitivity of the information you are requesting and the type of request you are making, verifying your name, email address, phone number, or other information. You are also permitted to designate an authorized agent to submit certain requests on your behalf.
In order for an authorized agent to be verified, you must provide the authorized agent with signed, written permission to make such requests or a power of attorney. We may also follow up with you to verify your identity before processing the authorized agent’s request.
Please note that certain information may be exempt from such requests under California law. For example, we need certain information in order to provide the Services or to comply with legal obligations, so we would need to either reject the request to delete the information or, if we are legally permitted to delete it, we would need to terminate our provision of the Services to the data subject after deleting it.
If you would like further information regarding your legal rights under California law or would like to exercise any of them, please email firstname.lastname@example.org.
California residents have the right to opt out of the “sale” or “sharing” of their personal information.
California law broadly defines “sale” in a way that may include allowing third parties to receive certain information such as cookies, IP address and/or browsing behavior for interest-based advertising or related purposes.
Although Society does not currently sell personal information in exchange for any monetary consideration, we may share personal information for these purposes in such a way that could be deemed a “sale” as defined by the CPRA.
We also share certain information as set forth in “Cookies and other Tracking Technologies” section. For details on how to opt out of cookies, please see the “Cookies Policy“.
Please note that we do not knowingly sell Child Activity Information or the personal information of minors under 18 years of age.
For Society the security of the personal data we collect from our customers and users is a high priority and we make sure to adopt the proper technical, organizational, and administrative measures to protect the information we hold in our websites and products against loss, unauthorized access, misuse, modification, or destruction.
Some of the security measures we use are:
Also, we only allow domains to register in Society, such as “ac.uk” or “.edu” by default, all chat messages are encrypted end-to-end and connections are all encrypted via SSL https.
As we improve our products and app, we may also update this Privacy Notice from time to time.
It is your responsibility to periodically check this document and maintain yourself informed about eventual changes in our activities regarding personal data.
We will let you know about the privacy updates on our app:
a. by changing the date on top of this document,
b. by sending you an email whenever we update our Privacy Notice and
c. if the change is substantial, a notice will be posted on the app.
If you would like to see the version of the Privacy Notice that was in effect immediately prior to this version, please contact us at email@example.com.
Please contact us if you have any questions about this privacy notice or the data we hold about you.
If you wish to contact us, please send an email to firstname.lastname@example.org.
Data Controller: WeClikk Ltd