Effective February 1, 2019
Legacy Stories is committed to safeguarding the information you entrust to Legacy Stories and believes that every User should know how it utilizes the information collected from Users. Please note that the Site may contain links to other web sites, and the Site allows Users to download or otherwise access Content (including software), controlled by third parties. Legacy Stories is not responsible for the privacy practices of these or any other web sites or Content controlled by third parties, and you access and utilize such Content and web sites entirely at your own risk. Legacy Stories recommends that you review the privacy and other practices governing any other web sites that you choose to visit and any Content you wish to download or otherwise access.
Legacy Stories is based, and this web site is hosted, in the United States of America. If you are from the European Union, Canada or other regions of the world with laws governing data collection and use that may differ from U.S. law and you are registering an account on the Site, visiting the Site, purchasing products or services from Legacy Stories or the Site, or otherwise using the Site, please note that any personally identifiable information that you provide to Legacy Stories may be transferred to or utilized by Legacy Stories or its affiliates in the United States. Any such personally identifiable information provided may be processed and stored in the United States by Legacy Stories or a service provider acting on its behalf.
1. Who is collecting your data
Dentom, LLC dba Legacy Stories
306Lebanon St NW
Knoxville, TN 37919
2. Personal information collected
(a) Information You Explicitly Give Us: We receive and store any information you enter on our Website or give us in any other way through a direct interaction with us which includes:
- Your Username/Password when you create your account.
- Your email when/if you subscribe to our newsletter(s).
- Your name and email when you contact us through our contact forms.
- Your Username/Password when you subscribe to our services.
- Your Personal Data when you upload and/or create content.
- Your name and email when you contact our service support.
Note that we do not collect any payment information when you purchase any of our products or paid subscriptions. We have an agreement with PayPal as a reseller of our services. See the Third-party Providers section below for more information.
(b) Information we collect automatically: When you use the Services or browse our Website, we may collect information about your visit to our Website, your usage of the Services, and your web browsing. That information may include:
- Your network routing information (where you come from).
- Your Internet Protocol (IP) address used to connect your computer to the Internet and may identify your general geographic location or company.
- Your computer and connection information such as browser type, version, and time zone setting, browser plug-in types and versions, operating system, and platform.
3. How we use Personal Data
We may use and disclose Personal Data only for the following purposes:
- To allow you to purchase our products and to subscribe to our services.
- To publish your stories, photos or recordings for viewing only according to the audience setting you choose for each item.
- To provide support and improve the Services we offer, as well as to enhance customer relationships.
- To notify you about new product releases and service developments, offers and to advertise our products and services under this policy.
- To communicate with you about a conference or event sponsored or participated by us, including information about the event’s content, logistics, payment, updates.
- To share Personal Data with third parties who provide services to us, provided that the third party has executed any data processing documentation required by law.
- To meet legal requirements, including complying with court orders, valid discovery requests, valid subpoenas, and other appropriate legal mechanisms.
4. What Personal Data we share and disclose to Third Parties
We do not sell your Personal Data to anyone. We may share your Personal Data with our third party Service Providers, who help us provide and support our Services, such as credit card processing services, order fulfillment, analytics, event or campaign management, information technology and related infrastructure provision, e-mail delivery, and other similar services. In this case, we require by contract from our services providers to use your Personal Data only to provide services to us and subject to terms consistent with this policy.
We may disclose your personal data as we believe to be necessary or appropriate:
- under applicable law, including laws outside your country of residence;
- to comply with legal process;
- to respond to requests from public and government authorities, including public and government authorities outside your country of residence;
- to allow us to pursue available remedies or limit the damages that we may have.
Additionally, in the event of a reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of Legacy Stories’ business, assets or stock (including in connection with any bankruptcy or similar proceedings), we may transfer the Personal Data it has collected to the relevant third party.
5. Public Information and Third Party Websites
a) Social media platforms. We maintain presences on social media platforms including Facebook, Twitter, and Instagram. Any information, communications, or materials you submit to us via a social media platform is done at your own risk without any expectation of privacy. We cannot control the actions of other users of these platforms or the actions of the platforms themselves. Your interactions with those features and platforms are governed by the privacy policies of the companies that provide them.
A cookie is a small file that is placed on your computer's hard drive to help analyze web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages are being used. This helps us analyze data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes, and then the data is removed from the system.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
- Google Analytics: This cookie allows us to see information on user website activities including, but not limited to page views, source and time spent on a website. The information is depersonalized and is displayed as numbers, meaning it cannot be tracked back to individuals. This will help to protect your privacy. Using Google Analytics, we can see what content is favorite on our website, and strive to give you more of the things you enjoy reading and watching.
- Google Adwords: Using Google Adwords code we can see which pages helped lead to an action taken by a visitor (conversion). This allows us to make better use of our paid search budget.
- DoubleClick: We use remarketing codes to log when users view specific pages, allowing us to provide targeted advertising in the future.
7.How You May Exercise Your Rights
- Right to require access to any Personal Data we may have about you.
- Right to request rectification (if incorrect) or deletion of Personal Data.
- Right to request limitation of their treatment, in which case Legacy Stories will only keep them for the exercise or defense of claims.
- Right to object to processing. Legacy Stories will no longer process the Personal Data in the way you indicate unless for compelling legitimate reasons or the exercise or defense of possible claims have to be further treated.
- Right to data portability. If you wish your Personal Data to be processed by another company, Legacy Stories will provide you with the portability of your data to the new data controller.
We will give you access to any Personal Data we hold about you within 30 days of any request for that information. Unless it is prohibited by law, we will remove any Personal Data about an individual from our servers at your or their request. There is no charge for an individual to access or update their Personal Data.
Possibility of withdrawing consent. If you have given your consent for a specific purpose, you have the right to withdraw it at any time, without it affecting the lawfulness of the processing based on the consent before its withdrawal.
How to complain to the Control Authority. If you consider that there is a problem with the way in which Legacy Stories is handling your Personal Data, you may address your complaints to Legacy Stories (indicated above) or to the corresponding Data Protection Authority.
8. Accuracy and Data Retention
We take reasonable business measures in compliance with laws to keep your Personal Data accurate and up to date, to the extent that you provide us with the information we need to do so. If your Personal Data change (for example, if you have a new email address), then you are responsible for notifying us of those changes.
We will retain the following data:
(a) Disaggregated data: Disaggregated data will be retained without a deadline for deletion.
(b) Subscribers data: During the time your account is active or as long as needed to provide you with our Services under our Terms of Service. In any case, it will be the minimum necessary from time to time, currently subject to certain statutes of limitation terms:
- Four years: Law on Infringements and Sanctions in the Social Order (obligations regarding affiliation, registration, cancellation, contribution, payment of salaries…); Art. 66 ff. General Tax Law (Accounting Books…);
- Five years: Art. 1964 Civil Code (personal actions without special time limit)
- Six years: Art. 30 Commercial Code (Accounting Books, invoices…)
- Ten years: Art. 25 of the Prevention of Money Laundering and Financing of Terrorism Act.
(c) Newsletter subscribers’ details: From the moment the user subscribes to the newsletter until the subscription is ceased.
9. Children’s Privacy
Our Services and Products are not directed or targeted to children. If you have not reached the age of majority or are not able to enter into legally binding agreements in your country, you may not use our Services and Products unless supervised/accepted by an adult, as applicable.
Our goal is to comply with applicable laws and regulations relating to collection and use of information from children as such term is defined by applicable laws. If you believe that we have received information from a child or other person protected under such laws, please notify us immediately by e-mailing to
, and we will take reasonable steps to remove that information from our databases.
10. Notice of Breach of Security
We take reasonable and appropriate measures to protect Personal Data from loss, misuse, and unauthorized access, disclosure, alteration, and destruction, taking into account the risks involved in the processing and the nature of the Personal Data. If a security breach causes an unauthorized intrusion into our system that materially affects you, then we will notify you as soon as possible (in the event of a breach being detected, Legacy Stories undertakes to inform users within 72 hours) and later report the action we took in response.
We use PayPal as the reseller of our services. Therefore, all payments for the services will be made through PayPal. PayPal uses security measures to protect your information both during the transaction and after its completion. They are a United States-based seller of digital goods specialized in safe and secure Internet sales, compliant with PCI and that employs Verisign SSL Certificates.
We only use service providers that enter into agreements with us whereby the service provider commits to take the appropriate measures to protect Personal Data and be compliant with GDPR.
11.Third Party Service Providers
To be transparent and provide you with the maximum information about who our third party service providers are, we list below the ones that may keep Personal Data, what information they keep, and how we ensure the GDPR compliance through their contracts.
PayPal is a United States-based seller of digital goods specialized in safe and secure internet sales, compliant with PCI and that employs Verisign SSL Certificates.
In our websites, we use Google Analytics to analyze their use and optimize their performance.
Google is a US company the data of which are in Google Cloud Locations. As described in their Privacy Shield certification, they comply with the EU-US and Swiss-US Privacy Shield as set forth by the US Department of Commerce regarding the collection, use and retention of Personal Data from European Union member countries and Switzerland, respectively.
Google is fully committed to GDPR compliance as described on their Commitments to GDPR that articulate the commitments with us. For all the previous services, as a commitment to privacy and security, we have signed the following documents: Data Processing Security Terms (Customers) contract, and an EU Model Contract clauses.
We use Amazon Web Services (AWS), the Amazon cloud computing platform, as host of our websites. Personal Data related to this service (except for payment details, see FastSpring above) is kept in Amazon’s systems.
Amazon.com, Inc. is a US company, the data of which are in AWS Global Infrastructure. As described in their legal policies, participates in the EU-US and Swiss-US Privacy Shield Framework regarding the collection, use, and retention of Personal Data from European Union member countries and Switzerland, respectively. They have certified with the Department of Commerce that they adhere to the Privacy Shield Principles.
Amazon is fully committed to GDPR compliance as described on their Compliance to GDPR that articulate the commitments with us. As an additional means of meeting the adequacy and security requirements of the GDPR, we have signed a Data Processing Addendum with Amazon.
We use Mad Mimi, a GoDaddy company, to deliver our newsletters and other email communications. Mad Mimi has servers located around the US, and keeps Personal Data about your name and email and gathers statistics about email opening and clicks as part of its service.
Mad Mimi is a US company, the data of which are in the US. As described in their legal policies, they have certified their compliance with the US-EU Safe Harbor Framework and the US-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data from European Union member countries and Switzerland. They have certified with the Department of Commerce that they adhere to the Privacy Shield Principles.
As described in their knowledge base, they are committed to achieving compliance with the GDPR and is mindful of your compliance efforts.
We also use Aweber to deliver our newsletters and other email communications. Aweber has servers located around the US that keeps Personal Data about your name and email and gathers statistics about email opening and clicks as part of its service.
Aweber is a US company, the data of which are in the US. As described in their legal policies, they have certified their compliance with the US-EU Safe Harbor Framework and the US-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data from European Union member countries and Switzerland. They have certified with the Department of Commerce that they adhere to the Privacy Shield Principles.
As described in their knowledge base, they are committed to achieving compliance with the GDPR and is mindful of your compliance efforts.
Contacting Legacy Stories
306 Lebanon St NW
Knoxville, TN 37919