Once Upon Publishing AB including our affiliates and related parties (“we”) process personal information through our digital channels such as this website, mobile apps and/or other future digital interfaces.
If you live outside of the US, please see our international Personal Data Policy.
1. Personal data which is processed
“Personal Data” means every type of information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular natural, living person . We must collect Personal Data in order for the Service to at all operate and be meaningful for you as a user. We collect and process the following Personal Data regarding you:
1.1 Via the app
In conjunction with your creation of an account via the app, we collect the following Personal Data: e-mail address. We also process the information you share with us in conjunction with the use of the Service, e.g. when you upload and/or contribute content and information (for example, pictures and text materials you have chosen for your Products(s)). In conjunction with ordering a Product in the app, we collect information regarding you in order to process the order. This includes your name, your address and contact information in the form of telephone numbers and e-mail addresses to the extent we are not already in possession of the same.
1.2 Via the website
3. What do we use the personal data for?
We will process the Personal Data collected by us for the following purposes:
1. In order to be able to communicate with you;
2. To deliver the Service and ensure that the Service works;
3. In order to be able to produce and deliver the Product you have created and ordered via the app;
4. In order to be able to offer you the opportunity to order Products once again;
5. To analyse your use of the Service to improve the Service and develop new Products and services;
6. To administer your account and use of the Service and communicate with you, e.g. via notices, e-mail and in other ways;
7. To inform you regarding our updates to the Service and the general terms and conditions which are applicable to the use of the app;
8. To market the Service, either within or outside the Service, including functions and content of the Service; and
4. Legal basis
Information we collect in conjunction with your registration of a user account via our app is processed by us in order to fulfil our obligations under the agreement with you as a customer, i.e. to provide the app and the Service in general. When we collect information regarding you when you place an order via the app, we process this data in order to fulfil our undertakings relating to the order, i.e. to produce and deliver the Product you have ordered.
When we analyse user behaviour, we do so in light of our legitimate interest in developing the Service and our Products. In the event we process personal data regarding you in conjunction with direct marketing, we do so in light of our legitimate interest in marketing the Service and our Products.
5. Information from third parties
In certain cases, we may supplement the Personal Data provided by you with information from a third party for the purpose of evaluating and improving the digital channels in the Service.
We obtain information regarding your name and e-mail address from Facebook if you choose to log in to the Service through your Facebook account. In addition, we obtain information from our collaboration partners for news despatches in order to evaluate our marketing.
6. Information to third parties
These providers may process Personal Data and sometimes require limited access to Personal Data which has been collected via the digital channels or the Service. We shall at all times strive to limit such access to Personal Data and shall only share information reasonably necessary in order for the providers to be able to carry out their work or provide their services. We will also require that such providers
At no time will we disclose customer lists, order histories or similar information to third parties except as may be necessary or required under Section 4.
7. Transfers to third countries
In the event we choose to retain providers outside the United States, e.g. cloud service providers, we will in such case comply with all applicable laws, rules and regulations that may apply to your Personal Data and you consent to such transfer and processing of your data.
8. Storage time
Your Personal Data will not be retained for a period of time in excess of what is necessary taking into account the purposes of processing, and we will otherwise erase Personal Data in the manner following from applicable legislation. We save your Personal Data connected to your account as long as you have an account in the Service provided you do not, prior thereto, request that we erase your Personal Data. Products which you have created through the Service will be erased at the same time you remove your account.
We also save digital copies of the Products which you have ordered during a period of ninety (90) days. The purpose of this is to be able to reproduce Products about which complaints have been made.
We do not save your personal identification number or your card or bank information. All processing concerning payments is handled via third party suppliers of the payment service. In order to obtain information regarding the manner in which they process your personal data, we refer you to their privacy policies.
The file names of the pictures you upload in the app are not saved but, rather, are replaced by a new name series which, in turn, is managed by our system.
12. Federal and State Legislation
COPPA (Children Online Privacy Protection Act)
When it comes to the collection of personally identifiable information from children under 13, the Children's Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, the nation's consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children's privacy and safety online.
We do not specifically market to children under 13.
CAN SPAM Act
The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.
If you object to receiving commercial emails, you can unsubscribe through a link at the end of these emails or by contacting us at firstname.lastname@example.org
Protecting against security threats, abuse, and illegal activity. We use and may disclose information to detect, prevent and respond to security incidents, and for protecting against other malicious, deceptive, fraudulent, or illegal activity. For example, to protect our services, we may receive or disclose information about IP addresses that malicious actors have compromised.
Auditing and measurement. We use information for analytics and measurement to understand how our services are used, as well as to fulfill obligations to our business partners like developers. We may disclose non-personally identifiable information publicly and with these partners, including for auditing purposes.
Maintaining our services. We use information to ensure our services are working as intended, such as tracking outages or troubleshooting bugs and other issues that you report to us.
Research and development. We use information to improve our services and to develop new products, features and technologies that benefit our users and the public.
Laws and regulations. We also use information to satisfy applicable laws or regulations, and disclose information in response to legal process or enforceable government requests, including to law enforcement.
California Do Not Track Disclosures
We take all suitable technical and organisational security measures necessary in order to protect the Personal Data against unauthorised access, alteration or destruction. However, there is always a risk involved in providing Personal Data via digital channels since it is not possible to completely protect technical systems from encroachment.
Communications between you and Once Upon take place via a so-called SLL protocol, an encrypted transmission between service and user which maintains a recognised high standard. SSL is used, for example, by Facebook, Instagram and Google. Your information is saved on the Google Cloud Platform servers and, in conjunction with payment in AWS (Amazon Web Services) in accordance with their agreement. Logs of user behaviour are saved by us through Google Analytics, Firebase Analytics and Firebase Crashlytics.
13. Personal Data Incidents
In conjunction with a security incident concerning Personal Data, e.g. hacking or an unintentional loss of personal data, we will notify you of such security incident in accordance with applicable laws. We may also require information from you, e.g. if there is a risk of ID theft or fraud.
15. Invalid provisions
16. Applicable law; Dispute resolution
17. Contact information