Data Privacy Transparency Statement
WEBMAYHEM INC. D/B/A LIBERATED SYNDICATION
Effective Date: May 25, 2018
Webmayhem Inc. d/b/a Liberated Syndication (or Libsyn) has prepared this data privacy transparency statement (this “Transparency Statement”) (collectively, “we”, “our” and/or “Libsyn”), to provide our customers, their employees, and any affected data subjects important information about the personal data we collect, receive, transfer, and process in the course of providing our services as a Podcast host and Podcast distributor (our “Podcast Services”).
In this Transparency Statement, you will find information about the types of personal data we collect regarding you ((A) as the owner of a registered Libsyn user account through which you may upload and distribute podcasts through Libsyn’s Podcast Services (an “Account Owner”); (B) as an individual who has been designated by the Account Owner as an alternate contact(s), or (C) as a podcast listener or subscriber, (collectively, “you”, “your”), how and why we process such personal data, with whom we may share such information, as well as how we protect your information.
In this Transparency Statement, we also describe the processes by which you may contact us in order to exercise your rights, in accordance with applicable law, to: (1) access, correct, restrict, or delete your personal data; (2) object to the processing of certain aspects of your personal data; and (3) ask any questions you may have about our privacy practices. Please take note as well that the practices described in this Transparency Statement are necessary and/or integral, to the performance of our Podcast Services. Where specifically noted below, exercising your rights as described herein may affect our ability to continue performing Podcast Services as requested.
This Transparency Statement may be updated and/or otherwise revised periodically to reflect changes in our data processing practices and/or policies. We will post notices of all such changes on our applicable websites and/or materials and the “Effective Date” noted above will indicate when this Transparency Statement was most recently revised. Except as may be otherwise required under applicable law, revisions to this Transparency Statement will be effective on the Effective Date noted without any other notice or approval by you. In certain jurisdiction, applicable law may require additional processes and procedures, in which case, revisions to this Transparency Statement will not be effective until we have met our obligations accordingly.
1. Data Controller For purposes of the European Union General Data Protection Regulation (the “GDPR”), Webmayhem Inc. d/b/a Liberated Syndication is the data controller (the “Data Controller”) for the processing of Personal Data as set forth herein.
You may contact us as follows:
Information Technology Director
Liberated Syndication, Inc.
5001 Baum Boulevard, Suite 770
Pittsburgh, Pennsylvania 15213
United States of America
Email: [email protected]
2. Personal Data & Special Categories of Data For the purpose of providing Podcast Services, we collect the types of personal information described below about you (as further detailed below, “Personal Data”).
a. Personal Information – We collect personal contact information about Account Owner and, where relevant, alternate contacts for Technical and Billing contacts (as described below), including without limitation name, organizational affiliation (for Professional Accounts), VAT id, mailing address, phone numbers, and email addresses.
b. Payment and Billing Information – We process payment information through a third-party service provider called a secure payment processor. Anytime you are asked to provide payment card information for payment to Libsyn, you are actually entering your payment card information directly to our payment processor’s systems. We enter into written contracts with our payment processors pursuant to which they are obligated to process your payment card information securely in accordance with the Payment Card Industry Data Security Standard (“PCI-DSS”), an information security standard for organizations that handle branded credit cards from major credit card brands. We do not collect, store or otherwise process your payment card information on our systems except for the limited, redacted information described below. As of the Effective Date first noted above, our secure payment processor is Braintree (A PayPal Company). You should review information about Braintree’s data handling policies and terms of service, available from their website (https://www.braintreepayments.com/legal/braintree-privacy-policy-us).
c. Account Information – We collect certain account information about our Account Owners and other users with whom we may interact, including without limitation: user name, password, Podcast Distribution, podcast subscriptions under a given account, the email headers (including IP address) of messages that you choose to send to us, and history of correspondence between you and Libsyn.
d. Special Categories of Data – We do not collect or otherwise process any special categories of data as defined under the GDPR in a personally identifiable way, with one possible exception. We may ask you to volunteer information that falls under the definition of special categories of data under the GDPR as part of our Surveys as specifically described below.
3. How We Obtain Personal Data – We collect Personal Data from data subjects or from Account Owners through Libsyn websites, and other information you provide directly to us, including by email or in conversation with our staff.
4. Personal Data Processing and Data Retention – We use Personal Data that we collect hereunder as necessary to provide Podcast Services. Subject always to your rights as set forth in Section 9 below:
a. Libsyn Owner Accounts – In order for you to use Podcast Services, we require you to register an Owner Account through Libsyn websites. During the signup process, you will be prompted to set up a user name and password for account login purposes and personal contact information as follows: Name, Organization (for Professional Accounts), Physical Address, Phone Number and Email Address (“Account Information”). Your login information is necessary to protect your vital interests as it enables you to secure your own Owner Account and establish your identity with Libsyn for purposes of transactions in the course of using our Podcast Services. Your Account Information is necessary for the performance of Podcast Services as we use Account Information to contact you regarding your Owner Account, contact you regarding Podcast Services, issue notices and alerts about the status of the Podcast Services, billing, invoices, collections, etc.
b. Technical Contacts and Billing Contacts – Account Owners may enter email addresses for alternate “Technical Contacts” and “Billing Contacts”. Additionally, Account Owners may elect to add additional Billing Contact information including without limitation the additional Billing Contact’s name, organization, mailing address, phone, fax and email address. We will use these alternate contacts to communicate about technical and billing issues. Upon designation of alternate contacts, we will send an email to the newly designated contacts, using the designated email address for the contact in question, seeking confirmation of consent to be designated as a contact for the account in question as well as consents as may be required under this Transparency Statement. If we do not receive consent from such alternate contacts in a timely manner, we reserve the right to change the designated contact information for the Technical and/or Billing contacts back to the information on file for the Account Owner.
d. Payments to Owner Accounts – As part of the Podcast Services, we may collect money on your behalf and remit it to you via wire transfer. In order to fulfill our obligations to remit funds to you, it is necessary for us to collect and process certain account and/or wire transfer instructions/information from you including without limitation the email address associated with your PayPal Account, your name, address, your bank’s name and address, Account Name, ABA Number, SWIFT and/or any identifying reference information you may want to have noted.
e. Support and Customer Service – When you contact us for technical support or customer service, we will process Personal Data that you provide at such time to associate you with the Podcast Services that is the subject of your request and the Owner Account that is associated with such Podcast Service. Such Personal Data includes email address, name, account numbers, and email headers (including IP address). You may contact us and provide Personal Data for such technical support and/or customer service by email, phone call, self-serve online support portals through websites operated by, or on behalf of, Libsyn. We use such Personal Data as necessary to respond to your request and/or provide the requested technical support and/or customer service, including without limitation communicating with you, internal communications, maintaining a history of correspondence, service tickets, outcomes, outstanding issues, etc. Our processing of Personal Data as described in this Section is also in furtherance of legitimate interests, including without limitation management reporting, quality assurance, reviewing historical support issues and requests for support or customer service, and to verify identity. We will process Personal Data in furtherance of this legitimate interest only when that is not overridden by your data protection rights under applicable law.
f. Surveys – From time to time we may invite you to participate in audience surveys. If you choose to participate, we will ask you for demographic information including without limitation gender, age, marital status, race, ethnicity, education, household income, etc. In order to avoid having the same person fill out more than one survey, we will also ask you for an email address. As we collect survey entries from listeners, we aggregate the information and share only that aggregated, demographic information with our content producers to enable them to better understand their audience. No personally identifiable information, and no individual survey entries, are ever shared with content producers.
g. Social Media Posting/Sharing Widgets – When you authorize Libsyn to distribute podcasts through various social media or other sharing services (through OnPublish or other destinations), you may be asked to provide account owner credentials for those services that require access to your personal account. Anytime you are asked to provide personal account credentials for Social Media/Sharing Widgets, you are actually entering your login information direct to those Social Media/Sharing systems. We do not collect, store or otherwise process login credentials to you peronsal accounts on our systems. Those Social Media/Sharing Widgets send back an Oauth Access Token that enables us to post to those sites on your behalf. We do not retrieve any other personal or public information from SocialMedia/Sharing Widgets. You should review information about the Social Media/Sharing Widgets data handling policies and terms of service, available from their websites. The exception to this is WordPress OnPublish. This process requires that Libsyn store your username and encrypted password to authenticate with WordPress for each post.
h. Session Reporting for Service Continuity – We process information related to your browser session to maintain service continuity when you log in. This allows our system to maintain information about a series of requests from you (i.e. the same user with the same browser across a small window of time). Such information, reported by your browser when you log in includes Account Information, IP Address and User Agent and is stored temporarily to maintain your login session with the Libsyn Podcast Service. As this information is used to provide continuity in use of the system when you are logged in, it is routinely cleared and not retained.
i. System Security and Data Privacy Protection – We monitor information on user activity within our system in order to protect the security of our systems and the privacy of our customers, for example, as an investigatory tool in case of a dispute or an unauthorized hack. Such information includes information reported by your browser, Account Information when you login, IP addresses, User Agent, account activity and usage levels to better assist with service delivery and/or security. We process this data because it is necessary to protect the vital interests of our customers, audience, users and other visitors to our website. Additionally, we process this information to protect our legitimate interests of process improvement, system security and protecting our customers, audience, users and other visitors to our website in a manner that, given the limited nature of the data processed as described above, is not overridden by the interests or fundamental rights and freedoms of the data subjects.
j. Compliance with Legal Obligations – In addition to processing Personal Data for the purposes of providing Podcast Services, we process Personal Data collected hereunder to comply with our own legal and regulatory obligations. For example, we may process personal information to comply with: applicable international sanctions, “know your customer”, anti-money laundering regulations, anti-bribery compliance requirements, record keeping requirements, required public filings, reporting requirements, court order, law enforcement order, and other legal and/or regulatory requirements.
k. Legitimate Interests – We may also use Personal Data collected hereunder in circumstances other than as expressly described above in connection with the services we provide; provided, however that any such additional processing may only occur when there is a legitimate interest to do so that is not overridden by your data protection rights as required by applicable law. The types of processing/uses contemplated hereunder may include, without limitation, for our own administrative and business needs (tracking time, billing, invoicing, collection), audits and self-assessments for compliance with applicable laws, regulations, court order, law enforcement order, and applicable workplace policies, and for information technology purposes including without limitation trouble shooting, business continuity, disaster recover, data backup and recovery.
l. Data Retention – We generally retain Personal Data for the periods specified applicable law, regulation, and/or court order, and in our document retention/filing polices, currently set at seven years. We may also retain Personal Data for longer periods where there is a reasonable basis for retaining such data, including without limitation in connection with the establishment, exercise or defense of legal claims. We retain Podcast account information for a period of six (6) months after account closure due to an automated suspension process for nonpayment but credit card information is not retained by our third-party processor after account closure.
5. Optional Data Processing. In addition to processing Personal Data in the ways set forth above for purposes related to the provision of Podcast Services, you may also choose to allow us to use certain Personal Data as detailed below. The types of data processing described in this Section 6 are not necessary or integral to the performance of Podcast Services and we will not use Personal Data for such optional purposes except as expressly set forth in this Section 6;
a. Information Requested – If you request information about our company, our affiliates, or our respective products and services, you may elect to provide personal contact information such as your name, your email address, your phone number, your company affiliation, and/or your mailing address. We may use your information to respond to your request.
b. Opt-In Subscription or Mailing Lists – From time to time we may offer you the option of signing up, or having us sign you up, for various subscription and/or mailing lists used to send communications from our company for purposes of keeping investors, customers, and other registered recipients updated with respect to investor relations information about our company, news and developments, our company’s products and services, and other communications about our company and our affiliates (“Updates”). In order to register you on such subscription and/or mailing lists, we will ask for your name and email address. If you provide your personal information specifically to subscribe to a particular Update (e.g., our Investor Relations Newsletter), we will use the personal information you provide specifically to send you the requested Updates. In other cases, we will specifically ask for your consent to use such information on an opt-in basis; provided, you acknowledge that where particular uses of opt-in information are necessary to our performance of related Domain Name Services, we may not be able to continue performing the affected Podcast Service if you exercise your right to refuse, or later withdraw, your consent.
7. Onward Transfers – Data We Share With Others. We will not sell, share, transfer, disclose, rent, use, or distribute Personal Data hereunder for purposes other than as set forth in this Transparency Statement unless required by law or as expressly authorized by a Data Controller as described above.
a. Service Notices – We send service-related notices, alerts and other messages to the email address(es) indicated in your Owner Account regarding account registration, account set up, billing and other service related communications using an email service provider called Postmark. Postmark is a Wildbit, LLC company and has registered under the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks. We use your Personal Data to send you such service-related messages as a necessary, and integral, part of our Domain Name Services.
b. Updates – We send Updates to the email address(es) provided at the time you subscribed and/or otherwise opted-onto various subscription lists for Updates using an email service provider called MailChimp. MailChimp is registered under the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks as “The Rocket Science Group LLC d/b/a MailChimp”.
c. Helpdesk – We use a service provider called Kayako to manage customer requests and customer service communications and send customer support and customer service messages to the email address(es) indicated in your Owner Account using the Kayako service. We will process data with Kayako based on a data protection agreement in compliance with GDPR requirements. Kayako’s Data Processing Agreement may be found on their website: https://www.kayako.com/legal/data-processing-agreement.
d. Payments to Account Owners – Wire transfer information you provide to enable wire transfer payments will be stored with First Commonwealth Bank for storage in a secure repository. We will process data with First Commonwealth Bank based on a data protection agreement in compliance with GDPR requirements.
e. Contextual Help – We offer and manage contextual help within the Libsyn user interface using a third-party service provider called WalkMe. WalkMe is registered under the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks.
f. Opt-In MyLibsyn Premium Podcast Subscribers’ Benefits – We process lists of MyLibsyn Premium Podcast Subscribers consisting of their email address, subscription level and sign-up date on an express, opt-in consent basis. Premium subscribers who choose to opt-in to these lists have access to exclusive benefits such as Premium Podcast information, special offers and access to bonus materials. In cases where the podcast producer for the show to which the premium subscription applies wishes to obtain such lists of MyLibsyn Premium Podcast Subscribers, the parties will enter into appropriate data protection agreements in compliance with the GDPR.
h. Exigent Circumstances – In addition to the disclosures set forth above, we will disclose Personal Data about you: (1) if we are required to do so by law or legal process, (2) to law enforcement authorities, judiciary or other government officials, (3) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss in connection with an investigation of suspected or actual illegal activity; or (4) if necessary to protect the vital interests of any person.
8. Transfer of Personal Data Outside of the EEA.
a. Libsyn is Headquartered In the United States – Libsyn processes Personal Data as described above in our home country, the United States of America. The United States of America is a country outside of the EEA (a “third-country”) that is not the subject to a European Commission finding of adequacy (the European Commission has not found that U.S. laws ensure an adequate level of protection for personal data with reference to the GDPR). When applicable, we process Personal Data in the U.S. on the basis of our participation in the EU-US Privacy Shield. Otherwise, we process Personal Data in the U.S. on the basis of your consent.
b. Transfers to Other Third-Country Legal or Natural Persons – Personal Data may be shared with other third-country legal or natural persons (either Data Controllers, or service providers under contract to us or to a Data Controller) for the purposes described in this Transparency Statement. When required by GDPR, we may transfer Personal Data to such third-country legal or natural persons on the basis of: (1) standard contractual clauses for data protection which have been approved for as the basis for transfers of Personal Data to third-countries by the European Commission; (2) binding corporate rules or codes of conduct approved under the terms of the GDPR; (3) when we transfer Personal Data to other organizations in the U.S., we may rely on those other organization’s participation in the EU-US Privacy Shield; or (4) the fact that the European Commission has issued a finding of adequacy with respect to privacy laws in such third country transferee’s jurisdiction. For further information, including to obtain a copy of the applicable documents used to protect your information as set forth above, please contact us as described above.
9. Your Rights and Options – If we receive a demand from you with respect to your rights of access or rectification, we will refer your demand to the applicable Data Controllers and assist such Data Controllers, to provide you, where appropriate, with access to your Personal Data and, as applicable, with the ability to review and correct inaccuracies, delete Personal Data that is no longer necessary or relevant, receive a copy of your Personal Data in a structured machine-readable format, and otherwise fulfill your demands on the Data Controller(s) to the extent based on the exercise of rights held by you under the GDPR.
If we receive a demand from you with respect to your rights of erasure, restriction of processing and/or right to object to processing, access or rectification, we will refer your demand to the applicable Data Controllers and assist such Data Controllers to respect your requests, where appropriate. In the event that you inform us in writing that you wish to opt-out of future processing of your Personal Data we will work with the applicable Data Controllers to respect your request. Where we rely solely on your consent, you may withdraw it at any time; subject to the limitations and disclosures set forth above regard the effect such demands or withdrawals may have on our ability to continue providing the Podcast Services in the manner for which we have been engaged.
You may also object to processing that is described above as being based on our legitimate interests alone. In such instances, our business interests must be found to be compelling and to not jeopardize your individual rights before further processing may continue. In order to meet our obligations under applicable law, we may take reasonable steps to verify your identity before responding to demands as set forth in this Section 9.
10. Complaints, Concerns, Recourse – If you have unresolved concerns about the processing of your Personal Data, you may have the right to complain to a data protection authority where you reside, where you work or where you believe there has been an infringement of data protection laws, all in accordance with, and subject to, applicable local law.
11. Tracking and Traffic Data.
In addition to Personal Data that we collect hereunder, we may, through our website, collect data generated automatically by traffic our website (“Traffic Data”). Traffic Data may include, without limitation, internet protocol address(es), operating system(s) and browser specifics of your device, device characteristics, geographic (geo-location) information, user ID(s), clickstream data, and specifics regarding your interactions with (i.e., the path you take through) the website. Traffic Data may also include your mobile device information (e.g., device model, operating system version, device date and time, unique device identifiers, mobile network information) and how you use the website. These types of information do not generally identify or relate to you as an individual; however we may associate these types of information with you as an individual.
We process limited podcast audience information per the Interactive Advertising Bureau standard using the combination of IP Address and User Agent (a string of characters that identifies the type/version of software that you are using to access content) to track podcast statistics. We do not expose or make this information available in any way to any third-parties (including podcast producers) that would identify individual listeners. We only provide podcast producers with aggregated statistics through the Libsyn website user interface. We reserve the right to research specific IP Addresses as may be necessary to protect our Podcast Services, our company, our people, and/or our systems. For example, we would research an IP Address that accessed our systems in the case of a suspected bot, rogue server or bad actor that may be affecting service delivery or performance. The raw data/logs containing this information are routinely purged and are not kept long term.
Our website may require you to accept session “cookies” to provide customer experience and efficiencies such as enabling you to login, personalizing your experience, and/or automatically filling in standard information on return visits. “Cookies” are small pieces of information that are stored locally on your device by your browser and passed back to the server whenever a request for a new page on the site is made. The session cookie is never saved or written to disk. It is discarded when the browser exits, when you log out of the website, or when you have not visited a page on the website for a given period of time, for example 60 minutes. Most web browsers automatically accept session cookies, but most browsers also allow you to configure your web browser to refuse them or to notify you before a cookie is set. You also can manually view (and delete) any cookies stored on your computer. If you do not allow session cookies to be set, you may not be able to use our website, access the full content otherwise available through our website and/or use the full features and functionality of our website.
Our website may use Google Analytics, a web analytics service provided by Google, Inc. (“Google“). Google Analytics uses “cookies” to help the website analyze how users use and view the website. Any information generated by the cookie about your use of our website (including your IP address, and particulars about your browser and configuration as reported by your browser) may be transmitted to and stored by Google on servers in the United States. Please note any information collected by Google Analytics cookies do not include personalized identification information (such as names, e-mail addresses, and payment information). Google may use the information collected for the purpose of enabling us to evaluate your use of our website, certain aspects of your user experience thereon, compiling reports on activity for us and providing other services relating to our website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. More information on the Google Analytics cookies are available from Google at https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage.
12. Do Not Track – Do Not Track (DNT) is a privacy preference that you can set in certain web browsers. When you turn on DNT, the browser may send a signal or other message to web services requesting that they not track you. At this time, our information collection practices will continue to apply as described in this Transparency Statement, regardless of any DNT signals that are sent by certain browsers or selected by you. For more information about DNT, please visit AllAboutDNT.org.
HOW TO CONTACT US
In order to exercise your rights hereunder, if you have any questions about this Transparency Statement and/or our processing of Personal Data, you may contact us in accordance with the information set forth in Section 1 above.