How we process your personal data stored on Meduza
In some cases, “Meduza” (more precisely, the Latvian company Medusa Project LLC, or simply “we”) receives personal data from readers and processes it. In this document, we describe what and how we process. We apply these principles if readers agree to use Meduza's services.
Terms we use in this document
The Reader is any individual who uses any of the services provided by Meduza.
Reader data are any information that Meduza knows about the Reader.
Personal data are any information related to the Reader (first name, last name, any other identifier used).
Processing – collection, storage, modification, provision of access, transfer of personal data of the Reader.
Meduza means any public service of Medusa Project SIA available at meduza.io, amp.meduza.io, special.meduza.io, including the Meduza mobile app (iOS, Android).
Payment data are information available to Meduza on the basis of payments made and information specified independently by the Reader for making a payment.
Our Core Principles
We ensure the confidentiality of personal data and apply all necessary organizational and technical measures to protect them. In some cases, in order to process personal data, Meduza works with partners and transfers these data to them. In these cases, we ensure that appropriate security measures are followed. This means that we do not share data with partners if we have doubts about their data retention practices or if we know that these practices are significantly different from those described in this document.
Categories of personal data we process
We may store three types of personal data:
- Identification: unique Reader’s identifier, IP address.
- Contact details: Reader’s email address, if they’re subscribed to one or several Meduza’s newsletters, or left their email address when donating to Meduza.
- Payment information: date and time of payment, amount, last four digits of the card.
Our advertising and payment partners may collect additional data. Details on the data collected and controls over them are described on the Cookies consent pop-up window. You can read about our Cookies policy here.
What we do and why do we do it
We process personal data for several reasons:
- To provide services (for example, to display relevant ads).
- So (subscribed) readers can receive our newsletters (for example, our daily newsletter) and our partner's newsletters (if subscribed) on a regular and uninterrupted basis.
- To collect statistics. We need this to keep track of whether our services are available to readers, and to understand how readers use our services, in order to develop and improve our services.
- To provide information about payments and payment methods.
We do not store your bank card or other payment instrument details on our servers. All debits are processed by the secure payment service Stripe and are transmitted only in encrypted form. In addition, there are no scripts on the payment page that we usually use on other pages (even Google Analytics).
We do not store information used for personalized advertising and do not use it for other purposes. All data is received and processed by our partner Azerion Technology B.V. in accordance with their Privacy Notice.
The data that we collect from you (e.g. email address) we use only in accordance with the principles of data processing specified in this document.
Who can access personal data
As mentioned above, sometimes we share personal data with our partners while maintaining the necessary security measures. For example, we share data with financial services companies for payment processing, email marketing services, analytics systems, and partners that provide continuous newsletters to our readers if they agree to receive such newsletters.
We could also be asked by law enforcement authorities in the Republic of Latvia to provide Reader data (though we regard this scenario to be highly unlikely).
Where and how personal data are processed
Personal data are processed within the area of the European Union and (or) the European Economic Area (EU/EEA), but in some cases may be transferred and processed in countries outside the EU/EEA. A transfer of data outside the EU/EEA can only happen if there is a legal justification for doing so and we can ensure an adequate level of data protection.
We store different personal data for different amounts of time:
- We store personal data that allow us to analyze the availability of services for three months.
The personal data we store are not used to personalize anything at Meduza (in legal terms: we do not make automatic decisions and do not profile anything or anyone based on these data).
What readers are entitled to
- First, the Reader has the opportunity to correct their personal information if it is incomplete and/or incorrect.
- Second, the Reader has the right to request the deletion of their personal data, if there is no legal justification provided for processing the data.
- Third, even if the Reader has consented to the processing of their personal data, they have the right to withdraw it. It should be understood, however, that this will not work if the goal of the data collection has already been achieved.
- Fourth, if the Reader believes that their rights and interests have been violated, they can file a claim with us. We will do our best to remedy any situation. To do this, please contact us at [email protected].
- Fifth, if readers believe that their rights and interests have been violated, they have the right to file a complaint about the use of personal data with the State Data Protection Inspectorate.
P.S. This document is subject to change!
At any time, we may unilaterally change the principles described above. But not in a secret way! We will warn readers on this page about this no later than a month before any changes come into force.
Этот документ также доступен по-русски.
Previous version of this document
Terms we use in this document
The Reader is any individual who uses any of the services provided by “Meduza”.
Reader data are any information that “Meduza” knows about the Reader.
Personal data are any information related to the Reader (first name, last name, any other identifier used).
Processing – collection, storage, modification, provision of access, transfer of personal data of the Reader.
“Meduza” means any public service of Medusa Project LLC available at meduza.io, amp.meduza.io, special.meduza.io, including the Meduza mobile app (iOS, Android).
Profile – a user account in “Meduza” services.
The User is a reader who, using “Meduza” services, has independently created a profile.
Payment data are information available to “Meduza” on the basis of payments made and information specified independently by the User for making a payment.
Our Core Principles
We ensure the confidentiality of personal data and apply all necessary organisational and technical measures to protect them. In some cases, in order to process personal data, “Meduza” works with partners and transfers these data to them. In these cases, we ensure that appropriate security measures are followed. This means that we do not share data with partners if we have doubts about their data retention practices or if we know that these practices are significantly different from those described in this document.
Categories of personal data we process
We may store three types of personal data:
- Identification: first name, last name, any other used identifier, IP address.
- Contact details: the user's e-mail or account used to log into the profile.
- Payment information: date and time of payment, amount, last four digits of the card.
What we do and why do we do it
We process personal data for several reasons:
- To provide services (for example, to display relevant ads).
- So (subscribed) readers can receive our newsletters (for example, "Evening Meduza") and our partner's newsletters (if subscribed) on a regular and uninterrupted basis.
- To collect statistics. We need this to keep track of whether our services are available to readers, and to understand how readers use our services, in order to develop and improve our services.
- To ensure that the profile works and is synchronised between the User's devices.
- To provide information about payments and payment methods.
We do not store your bank card or other payment instrument details on our servers. All debits are processed by the secure payment service Stripe and are transmitted only in encrypted form. In addition, there are no scripts on the payment page that we usually use on other pages (even Google Analytics or Yandex). Metrica services are not connected.
The data that we collect from you (name and surname, mailing address) we use only in accordance with the principles of data processing specified in this document.
Who can access personal data
As mentioned above, sometimes we share personal data with our partners while maintaining the necessary security measures. For example, we share data with financial services companies for payment processing, e-mail marketing services, analytics systems, and partners that provide continuous newsletters to our readers if they agree to receive such newsletters.
We could also be asked by law enforcement authorities in the Republic of Latvia to provide user data (though we regard this scenario to be highly unlikely).
Where and how personal data are processed
Personal data are processed within the area of the European Union and (or) the European Economic Area (EU/EEA), but in some cases may be transferred and processed in countries outside the EU/EEA. A transfer of data outside the EU/EEA can only happen if there is a legal justification for doing so and we can ensure an adequate level of data protection.
We store different personal data for different amounts of time:
- We store personal data that allow us to analyse the availability of services for three months.
- Personal data that are necessary for the operation of users’ profiles are stored until users decide to stop using their profiles. If you would like Meduza to remove such data, please contact us and we will purge the information from your profile.
The personal data we store are not used to personalise anything at Meduza (in legal terms: we do not make automatic decisions and do not profile anything or anyone based on these data).
What readers are entitled to
- First, readers have the opportunity to correct their personal information if it is incomplete and/or incorrect.
- Second, readers have the right to request the deletion of a profile and/or their personal data, if there is no legal justification provided for processing the data.
- Third, even if the Reader has consented to the processing of their personal data, they have the right to withdraw it. It should be understood, however, that this will not work if the goal of the data collection has already been achieved.
- Fourth, if the Reader believes that their rights and interests have been violated, they can file a claim with us. We will do our best to remedy any situation. To do this, please contact us at [email protected].
- Fifth, if readers believe that their rights and interests have been violated, they have the right to file a complaint about the use of personal data with the State Data Protection Inspectorate.
P.S. This document is subject to change!
At any time, we may unilaterally change the principles described above. But not in a secret way! We will warn readers on this page about this no later than a month before any changes come into force.