Our commitment to protecting your privacy
Introduction
Short Stories Global Ltd (“Short Stories”) provides tools to help the world’s writers to create, develop and promote their talents (each a “Service” and collectively, the “Services”). Short Stories acts as the data controller for personal data processed in respect of its Services and referred to as “our,” “we,” or “us” below. Short Stories operates the Services, which include websites, software, mobile services, and applications.
We know that you care about how your information is used and shared. This Privacy Policy provides details of the way in which Short Stories process personal data in line with their obligations under relevant data protection law, including the European Union’s General Data Protection Regulation (the “GDPR”), the California Consumer Privacy Act (the “CCPA”), and other applicable laws (collectively, “Data Protection Law”).
This Privacy Policy explains what information of yours will be collected by Short Stories when you use our Services, how the information will be used, and how you can control the collection, correction and/or deletion of information. Note that certain third parties may be able to identify you across sites and services and over time using the information they process, however, any such processing not done at the direction of us is outside the scope of this Privacy Policy. We are not responsible for the privacy policies, content or security of any linked third party websites or services. We recommend that you check the privacy and security policies of each and every website and service that you visit.
Information we Process.
The following table explains the types of information we collect and how we collect it. These categories of data may collectively be referred to as “Your Information”.
| Category | Example |
|---|---|
| Basic Account Information | In order to use our Services, Short Stories may require you to register and create an account. Depending on the Service, you will be required to provide a name and email address, and to choose an avatar and username. |
| Basic Account Information | People use our Services for different reasons. Some are looking for the perfect tools to help them create or share their designs. Others join our community in order to be inspired, or even to find the right designer to help them with a project. Depending on your needs, you may provide us with additional personal information, including your area of expertise (e.g. branding and logo design) and details of any training courses you have completed for your profile. |
| Identity Information | For certain Services, such as creating a shop on Short Stories, we may also be required to collect your full name, date of birth, national identification number, photo identification and other information in order to verify your identify and to comply with applicable law. |
| Payment and Billing Information | Users can pay to gain access to specific design tools and fonts, or to attend workshops and other training events. Pro Short Stories users can unlock a range of additional features, which enable them to sell their designs online or to enhance their profiles. Whatever our users’ individual needs, sometimes we will collect and process payments information. For instance, we collect the credit card information provided to us during checkout, for billing and payment purposes, and to process your transaction. Additional information, includes billing contact name, postal address and telephone number may be necessary in order for us to provide a particular service. |
| User-Generated Content | In order to use our Services, Short Stories may require you to register and create an account. Depending on the Service, you will be required to provide a name and email address, and to choose an avatar and username. Users can update their profiles to include custom avatars or photos, along with additional biographical information. They can create custom videos for their profile, in which they can “pitch” their talents to prospective employers. They may also upload their designs to the platform, engage in monthly playoffs and even open a shop to advertise their goods or services for sale. Certain users may also post freelance projects and other job opportunities. |
| Survey Information | We may ask you to complete surveys that we use for research purposes, or to evaluate our marketing or support efforts, and in those cases we store the answers given. |
| Contest Information | From time to time, we may offer contests or other promotions. If you choose to enter these contests or promotions, we may collect Identity Information and/or additional information. |
| Messages and Other Communications | Our Services can be used to communicate with us, other members of the community, or with prospective freelance designers or employers. |
Automatically-Collected Information
| Category | Example |
|---|---|
| Usage Information | We automatically collect information about the content and people you interact with, the features and add-ons you use and other actions you take, including applying to certain work opportunities advertised via our Services. |
| Location Data | While users can provide their location or shipping address in the course of using our Services, we also automatically collect certain location information, including your IP address and location information provided by your device. |
| Device Information | We automatically collect information from your browser or your device when accessing our Services, and record this data in log files. This includes information such as your unique device identifier, device attributes, device signals, data from device settings, networks and ads data. |
| Information Collected Through Cookies | When you visit a Service, we use cookies and related technologies (such as clear GIFs/web beacons) to identify the browser, to identify which page variant a visitor has seen, to determine if a visitor has clicked on a page variant, and to monitor traffic patterns and gauge popularity of service options. Please see our Cookie Policy for more information. |
Information Others Provide
| Category | Example |
|---|---|
| Updated Contact Information | We might receive information about you from other sources and add it to our account information. This may include updated delivery and address information from our shippers or other sources so that we can correct our records and deliver your next purchase or communication more easily. |
| Non-User Contact Information | Short Stories provides an option to invite a friend to their Service, in which case Short Stories will ask you for that person's email address and automatically send an email invitation to them. |
| User Reports | Users can report content to us, where they feel it infringes intellectual property rights or otherwise violates out our Terms of Service. |
| Social Media Information | Short Stories receives Your Information from social media companies such as Facebook and X who may transfer Your Information to us when you interact with that social media company in connection with our Services or use an alternative sign in to our Services through a social media company. |
| Analytic and Aggregator Information | Short Stories receives Your Information from ad networks, behavioural advertising vendors, market research, and social media companies or similar companies. Further, some of the Information Collected Through Cookies may be provided by third party analytic companies. |
Information we Create
| Category | Example |
|---|---|
| Inference Data | Short Stories, certain partners, social media companies, and third parties operating on our behalf create and infer Your Information based on our observations or analysis of Your Information processed under this Policy, and we may correlate this data with other data we process about you. We may combine any of Your Information about you that we receive from you and from third parties. |
Short Stories will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes unless we first notify you or obtain your consent, to the extent required by Data Protection Law.
Sensitive Personal Data
Data Protection Law recognises that certain types of information require additional protection. In particular, the GDPR prohibits the processing of sensitive personal data, other than in certain exceptional circumstances. Sensitive personal data in the EU includes information relating to one’s race or ethnicity, political opinions, religious or philosophical beliefs, membership of a trade union, as well as biometric data and data relating to one’s health or sexual orientation. Certain state laws in the US also have different definitions of sensitive personal data.
We do not knowingly collect or process any sensitive personal data. However, some users may make such information public through their use of our Services. For example, Short Stories permits users to add a biography to their profile. This is a free-text section that allows users to include whatever information they wish, subject to complying with the relevant Terms of Service. Users are in control of what information they share and, to the extent they choose to make sensitive personal data public, they may delete or amend this information at any time.
How We Process Your Information and Our Legal Bases for Doing So
We collect and process Your Information whenever you use our Services. Consistent with relevant Data Protection Law, we are required to identify a legal basis for each of our processing activities.
Under EU law there are six different bases, which may be relied upon to enable the lawful processing of Your Information. In particular, data controllers may process personal data:
- where they have received freely given, specific, informed and unambiguous consent from a data subject (“Consent”);
- where processing is necessary to conclude and perform a contract (“Contractual Necessity”);
- where processing is necessary to comply with a legal obligation to which they are subject (“Legal Obligation”); or
- in pursuit of the data controller’s legitimate interests, except where these interests are overridden by the rights and freedoms of individuals (“Legitimate Interests”).
Under the CCPA, we must disclose the purposes for which we collect your information:
- Business Purposes, which include auditing, security, debugging/repair, certain short-term uses, performing services, internal research for technical development, quality and safety maintenance and verification, as well as the use of Your Information for our operational purposes, or other notified purposes that use Your Information as reasonably necessary and proportionate to achieve the operational purpose; and
- Commercial Purposes, which include use of Your Information to advance our commercial or economic interests, such as encouraging others to buy, rent, lease, join, subscribe to, provide, or exchange products, goods, property, information, or services, or enabling or effecting, directly or indirectly, a commercial transaction.
Short Stories primarily rely on Consent, Contractual Necessity, Legal Obligation and Legitimate Interests when processing Your Information.
Who we Share Data With
Short Stories also works with third-party service providers who help us to provide our Services.
For EEA residents, when your information is transferred outside of the EEA, we will adopt measures to ensure that it is protected in a manner that is consistent with our obligations under Data Protection Law, including the European Union’s General Data Protection Regulation.
Transfers to Third Parties
| Category of Recipient | Type of Personal Data | Purpose | Location |
|---|---|---|---|
| Hosting providers | Your Information | We rely on cloud service providers to host user data. (Business Purposes) | UK |
| Customer support service providers | Basic Account Information, Payment and Billing Information, Messages and Other Communications, Location Data, Device Information and User Reports | Our third-party partners help to provide support to our customers throughout the world. (Business and Commercial Purposes) | UK, Ireland, Netherlands |
| Website analytics, for example Hotjar and Google Analytics | Basic Account Information, Location Data, Usage Information, Analytic and Aggregator Information | To help us better track the performance of our Services. (Business Purposes) | Malta, UK, EU |
| Payment Processing service providers, for example Stripe | Basic Account Information, Payment and Billing Information | To facilitate payments for our paid Services (Business Purposes) | UK, Ireland |
| Email help desk service provider, for example Zoho Desk | Basic Account Information, Location Data, Usage Information | Basic Account Information, Location Data, Usage Information | EU |
| Email service provider, for example Mailchimp, MailGun | Basic Account Information | To facilitate the sending of electronic mail and externally with our users, partners and other members of the public. (Business and Commercial Purposes) | USA, EU |
In addition to the above, some of our Services are integrated with social media networks and other platforms (e.g., Facebook, Pinterest, and LinkedIn) whereby information may be shared between us and those platforms. For instance, if you interact with our Service through a social media feature such as a plug-in, then you may be granting us on-going access to certain information from that social media account. If you do not want a social media platform to collect or share information about you, please review the privacy policy and privacy settings of the applicable social media property before using such features on our Service.
Your Rights
Data Protection Laws around the world, including the GDPR and the CCPA, provide users with certain rights over how their personal data is used by companies. Consistent with these laws, Short Stories enables users to access, amend and delete the Information You Provide. We also have systems in place to allow you to exercise your rights in respect of Automatically-Collected Information and Information Others Provide, including your rights to object to or restrict the processing of your personal data.
If you would like to exercise any of your rights, please contact the relevant company at the information provided below. Alternatively, you may update or correct certain information, such as your Basic Account Information and email preferences, at any time by logging in to your account settings page.
At any time you may:
- Decline to Submit Information: You may, of course, decline to submit Personal Information through the Service, in which we may not be able to provide certain services to you.
- Update Account Information: You may update or correct your account information and email preferences at any time by logging in to your account settings page.
- Unsubscribe from marketing emails: to unsubscribe from a particular newsletter, click the "unsubscribe" link at the bottom of that email newsletter. When we send newsletters to subscribers we may allow advertisers or partners to include messages in those newsletters, or we may send dedicated newsletters and marketing messages on behalf of those advertisers or partners. We may disclose your opt-out choices to third parties so that they can honour your preferences in accordance with applicable laws.
- Blocking cookies: certain browsers may be configured to notify you when you receive cookies, or allow you to restrict or disable certain cookies. If you choose to disable cookies, however, that could affect certain features of the Service that use cookies to enhance their functionality. Please see our Cookie Policy. Further, please note our Services do not respond to your browser’s do-not-track request.
- Disabling local shared objects: we may use other kinds of local storage that function similarly, but are stored in different parts of your computer from ordinary browser cookies. Your browser may allow you to disable its HTML5 local storage or delete information contained in its HTML5 local storage.
- Withdraw Your Consent: Where we are processing Your Information based on your consent, you may change your mind and withdraw your consent at any time. The consequence of you withdrawing consent might be that we cannot perform certain services for you, such as linking to your device or providing certain advertising to you, that are conditioned on your consent.
EU Residents
Under the General Data Protection Regulation (GDPR), you have the following rights regarding your personal information:
- Right to Withdraw Consent: You have the right to withdraw consent to processing where consent is the basis of processing.
- Right of Access: You have the right to access your personal information and certain other supplementary information, under certain conditions.
- Right to Object: You have the right to object to processing that is based on our legitimate interests, under certain conditions.
- Right to Deletion: You have the right to request the deletion of personal information about you, under certain conditions.
- Right to Restrict Processing: You have the right to demand that we restrict processing of your personal information, under certain conditions, if you believe we have exceeded the legitimate basis for processing, processing is no longer necessary, or believe your personal information is inaccurate.
- Right to Data Portability: You have the right to data portability of personal information concerning you that you provided us in a structured, commonly used, and machine-readable format, under certain conditions.
- Right to Object to Automated Decision-Making: You have the right to object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly
California Residents
The CCPA provides California residents with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.
Access to Specific Information and Data Portability Rights
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:
- The categories of personal information we collected about you, or that we have sold, or disclosed for a Commercial Purpose.
- The categories of sources for the personal information we collected about you.
- Our business or commercial purpose for collecting or selling that personal information.
- The categories of third parties with whom we share that personal information.
- The specific pieces of personal information we collected about you (also called a data portability request).
Deletion Request Rights
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request we will delete (and direct our service providers to delete) your personal information from our records unless an exception applies. We may deny your deletion request if retaining the information is necessary for us or our service providers to:
- Complete the transaction for which we collected the personal information, provide a good or service that you requested, or take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform the Services.
- Detect security incidents, protect against malicious, deceptive, fraudulent or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.)
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provide it.
Minors’ User Content
Individuals under the age of 18 in California can delete or remove publicly available User-Generated Content using the same deletion or removal procedures described above, or otherwise made available through the Services. If you have questions about how to remove your User-Generated Content or if you would like additional assistance with deletion you can contact us by email at [email protected]. We will work to delete your information, but we cannot guarantee comprehensive removal of that content or information posted through the Services.
Exercising Access, Data Portability, and Deletion Rights
To exercise the access, data portability, and deletion rights, please submit a verifiable consumer request to us by emailing us at [email protected]. Only you, or a person registered with the California Secretary of State that you authorise to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. You may only make a verifiable consumer request for access or data portability twice within a 12 month period. The verifiable consumer request must:
- Provide sufficient information that allows us to reasonably verify you are the person we collected personal information on.
- Describe your request with sufficient detail that allows us to properly understand, evaluate and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable request does not require you to create an account with us.
Response Timing and Format
We endeavour to respond to verifiable consumer requests within 45 days of receipt. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response to you by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. If applicable, we will also provide reasons we cannot comply with your request. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information. We do not charge a fee to process or respond to a verifiable consumer request unless it is excessive, repetitive, or unfounded. If we determine a fee is warranted, we will provide you with an estimate before completing your request.
Personal Information Sales Opt-Out and Opt-In Rights
For the purposes of GDPR and CCPA, we do not sell Your Information.
Non-Discrimination
We will not discriminate against you for exercising any of your rights under the CCPA or GDPR. Unless permitted by the CCPA or GDPR, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you with a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level of quality of goods or services.
Information
Under California Civil Code Section §1798.83, users of the Site and/or Services who are California residents may request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to [email protected] with “Request for California Privacy Information” in the subject line and in the body of your message. We will provide the requested information to you at your email address in response.
Under the GDPR, EU residents have the right to request information about the processing of their personal data. To make such a request, please send an email to [email protected] with “Request for EU Privacy Information” in the subject line and in the body of your message. We will provide the requested information to you at your email address in response.
Data Security and Data Breach
We care about the integrity and security of Your Information and implement appropriate technical and organisational security measures to safeguard Your Information from unlawful or unauthorised destruction, loss, change, disclosure, acquisition or access.
Short Stories follow generally accepted industry standards to protect the personal data provided to us, both during transmission and after it is received. Examples of our security measures include, as appropriate, physical measures such as locking access to servers, putting in place IT measures such as encryption, and restricting access to your information through approvals and passwords, so it is accessible only on a “need to know” basis.
Depending on Short Stories and the Service in question, your account information is protected by a password. You are responsible for carefully choosing and periodically changing an appropriately-strong password and for maintaining its secrecy. You are also responsible for controlling access to your email communications from Short Stories, and for other security measures, such as signing out after using our Services.
Despite these measures, it is not possible to warrant the security of any information you transmit to Short Stories or guarantee that your information on our Services may not be accessed, disclosed, altered, or destroyed by a breach of any of our technical or organisational safeguards. Your privacy settings may also be affected by changes to the functionality of Short Stories distributors, such as social networks. We are not responsible for the functionality or security measures of any third party.
Data Retention
We will keep personal data only for as long as is necessary for the purposes for which that personal data are processed, including to provide our Services. The storage periods are determined on a case-by-case basis and will depend on several factors, including:
- The type of information and the purpose for which it is processed;
- Any legal requirement to retain the data, including where data was processed on the basis of a Legal Obligation or until the Statute of Limitations has elapsed with respect to possible legal claims or investigations;
- Whether the data is required for Trust & Safety purposes. For example, where users breach our Terms of Service, we may terminate their account and prevent them from accessing our Services, in order to protect other users. In such circumstances, it may be necessary to retain certain personal data, even after account termination.
Following termination or deactivation of your User account, we may retain the Information You Provide for a commercially reasonable time for backup, archival, contract performance and enforcement, or audit purposes but for no longer than is necessary and only where the information is accurate and relevant for our use. Furthermore, we may retain and continue to use indefinitely all information contained in your communications to other Users or posted to public or semi-public areas of the Service after termination or deactivation of your User account. However, we will only keep this information on the Services where it was posted and will not use this information for any other purpose.
Privacy Policy Changes
As Short Stories continues to grow, the manner in which we process data will evolve over time. We will update this policy from time to time to reflect changing practices and will notify you of any material changes in the following ways: i) we will send an email to the address provided to us upon sign-up to our Services, or ii) we will post a notification on the relevant Company’s site or app.
Further Information and Complaints
For further information about this Privacy Policy and/or the processing of your personal data by, please contact us using the information provided below.
For users based in the EEA, you have the right to lodge a complaint with your competent data protection supervisory authority. The contact details of each supervisory authority are available on the European Data Protection Board’s website.
Notwithstanding this right, we request that you contact us in the first instance to give us the opportunity to address any concerns that you may have.
Contact Information
If you have any questions about this Privacy Policy or Services, Short Stories Data Protection Officer can be reached at [email protected].