How we process your personal data stored on Meduza
In some cases, “Meduza” (more precisely, the Latvian company Medusa Project LLC, or simply “we”) receives personal data from readers and processes it. In this document, we describe what and how we process. We apply these principles if readers agree to use Meduza's services.
This is a new version of this document, which will take effect on August 25, 2022. You can find a current version of the document at the bottom of this page.
Terms we use in this document
The Reader is any individual who uses any of the services provided by “Meduza”.
Reader data are any information that “Meduza” knows about the Reader.
Personal data are any information related to the Reader (first name, last name, any other identifier used).
Processing – collection, storage, modification, provision of access, transfer of personal data of the Reader.
“Meduza” means any public service of Medusa Project LLC available at meduza.io, amp.meduza.io, special.meduza.io, including the Meduza mobile app (iOS, Android).
Profile – a user account in “Meduza” services.
The User is a reader who, using “Meduza” services, has independently created a profile.
Payment data are information available to “Meduza” on the basis of payments made and information specified independently by the User for making a payment.
Our Core Principles
We ensure the confidentiality of personal data and apply all necessary organisational and technical measures to protect them. In some cases, in order to process personal data, “Meduza” works with partners and transfers these data to them. In these cases, we ensure that appropriate security measures are followed. This means that we do not share data with partners if we have doubts about their data retention practices or if we know that these practices are significantly different from those described in this document.
Categories of personal data we process
We may store three types of personal data:
- Identification: first name, last name, any other used identifier, IP address.
- Contact details: the user's e-mail or account used to log into the profile.
- Payment information: date and time of payment, amount, last four digits of the card.
What we do and why do we do it
We process personal data for several reasons:
- To provide services (for example, to display relevant ads).
- So (subscribed) readers can receive our newsletters (for example, "Evening Meduza") and our partner's newsletters (if subscribed) on a regular and uninterrupted basis.
- To collect statistics. We need this to keep track of whether our services are available to readers, and to understand how readers use our services, in order to develop and improve our services.
- To ensure that the profile works and is synchronised between the User's devices.
- To provide information about payments and payment methods.
We do not store your bank card or other payment instrument details on our servers. All debits are processed by the secure payment service Stripe and are transmitted only in encrypted form. In addition, there are no scripts on the payment page that we usually use on other pages (even Google Analytics or Yandex). Metrica services are not connected.
The data that we collect from you (name and surname, mailing address) we use only in accordance with the principles of data processing specified in this document.
Who can access personal data
As mentioned above, sometimes we share personal data with our partners while maintaining the necessary security measures. For example, we share data with financial services companies for payment processing, e-mail marketing services, analytics systems, and partners that provide continuous newsletters to our readers if they agree to receive such newsletters.
We could also be asked by law enforcement authorities in the Republic of Latvia to provide user data (though we regard this scenario to be highly unlikely).
Where and how personal data are processed
Personal data are processed within the area of the European Union and (or) the European Economic Area (EU/EEA), but in some cases may be transferred and processed in countries outside the EU/EEA. A transfer of data outside the EU/EEA can only happen if there is a legal justification for doing so and we can ensure an adequate level of data protection.
We store different personal data for different amounts of time:
- We store personal data that allow us to analyse the availability of services for three months.
- Personal data that are necessary for the operation of users’ profiles are stored until users decide to stop using their profiles. If you would like Meduza to remove such data, please contact us and we will purge the information from your profile.
The personal data we store are not used to personalise anything at Meduza (in legal terms: we do not make automatic decisions and do not profile anything or anyone based on these data).
What readers are entitled to
- First, readers have the opportunity to correct their personal information if it is incomplete and/or incorrect.
- Second, readers have the right to request the deletion of a profile and/or their personal data, if there is no legal justification provided for processing the data.
- Third, even if the Reader has consented to the processing of their personal data, they have the right to withdraw it. It should be understood, however, that this will not work if the goal of the data collection has already been achieved.
- Fourth, if the Reader believes that their rights and interests have been violated, they can file a claim with us. We will do our best to remedy any situation. To do this, please contact us at [email protected]
- Fifth, if readers believe that their rights and interests have been violated, they have the right to file a complaint about the use of personal data with the State Data Protection Inspectorate.
P.S. This document is subject to change!
At any time, we may unilaterally change the principles described above. But not in a secret way! We will warn readers on this page about this no later than a month before any changes come into force.
Этот документ также доступен по-русски.
Previous version of this document
Terms used in this document
Reader refers to any individual using any services rendered by Meduza.
Reader data refers to any information concerning the reader known to Meduza.
Personal data refers to any reader-related information.
Processing refers to the collection, storage, change, provision of access to, and transfer of reader personal data.
Meduza refers to any public service of Medusa Project SIA available at meduza.io, amp.meduza.io, special.meduza.io.
Our basic principles
We ensure the confidentiality of personal data and apply all necessary organizational and technical measures to protect personal data. In certain cases, Meduza engages its partners in personal data processing, and transfers this data to them. In these cases, we make sure that adequate security measures are taken. It means that we do not transfer any data to partners whose data storage principles seem doubtful to us, or if we know that these principles substantially differ from those provided for in this document.
Categorization of personal data processed by us
We may store personal data of two types:
- Identification data, including first name, last name, and IP-address.
- Contact data, including user email.
Why we do this
We process personal data due to several reasons:
- For the readers to be able to chat using our platform (if they wish to).
- To ensure the operation of services (for instance, to show relevant ads).
- For the readers to be able to receive our newsletters (the Evening Meduza, for instance), subject to subscription.
- For us to be able to collect statistics. We need it for two purposes: to see if our services are available to readers, and to understand how readers use our services, making them more convenient based on our observations.
We only use the data collected from you (first and last name in chats, email address for newsletters), subject to your consent to the principles of processing this data.
Those who can get access to personal data
As already mentioned above, sometimes we transfer personal data to our partners, while taking adequate measures to ensure their security. For instance, we transfer data to mailing services, or analytics systems. We may also provide data at the request of the Latvian Republic law enforcement authorities (although we cannot imagine why they might need it).
Where and how personal data is processed
Personal data is processed in the European Union and/or European Economic Area (EU/EEA), but in certain cases may be transferred to states outside the EU/EEA and processed there. Transfer of data beyond the borders of the EU/EEA may only occur on legal grounds, and subject to ensuring an adequate data protection level.
Storage periods for various data may differ.
- Personal data allowing us to analyze service availability is stored for three months.
- Personal data required to enable chat operation is stored until you choose to cease using chats. If you wish us to delete this data, please write us an email, and we will delete your profile.
Personal data stored by us is not used to personalize anything anywhere (in the language of law, it means that we do not take any automated decisions, and do not create any profiles based on this data).
What readers are entitled to
- Firstly, readers have an opportunity to amend their personal data if it is incomplete and/or incorrect.
- Secondly, readers have the right to request the deletion of their personal data.
- Thirdly, if a reader thinks their rights and interests were breached, they may file a claim. We will do everything possible to remedy the situation. For this purpose, please send us an email at [email protected].
- Fourthly, if readers think that their rights and interests were breached, they are entitled to file a claim concerning the use of personal data to the State Data Protection Inspection.
P.S. This document may be subject to change!
We have the right to change the above principles at any time on a unilateral basis. We are not going to do this secretly — instead, we will warn our readers about it at least a month before any changes enter into force, right here on this page.
Этот документ также доступен по-русски.