Memberia

Memberia – GDPR Information Notice

Effective Date: … / … / 2025

This GDPR Information Notice explains how personal data is processed in relation to Memberia (the web application, mobile applications, and all related software and services), and what rights individuals in the European Union have under the EU General Data Protection Regulation ("GDPR").

1. What is GDPR?

The GDPR is the European Union's comprehensive data protection law. It has applied across the EU since 25 May 2018 and aims to harmonize data protection rules and strengthen individuals' control over their personal information.

2. Our Commitment

CCCC (the provider of Memberia) is committed to protecting the personal data we process and to maintaining a consistent, lawful, and transparent approach to data protection. We continuously review and improve our policies, contracts, and technical safeguards to meet GDPR requirements.

3. Scope of the GDPR

The GDPR applies to:

  • Organizations established in the EU; and
  • Organizations outside the EU that offer goods or services to people in the EU or monitor their behavior in the EU.
  • So, even if a service is operated outside the EU, GDPR may still apply whenever EU residents' personal data is processed.

4. Key Definitions (GDPR terms)

  • Data Subject: A person located in the EU whose personal data is processed.
  • Personal Data: Any information relating to an identified or identifiable person (e.g., name, email, ID, IP address, location, usage data).
  • Controller: The entity that decides why and how personal data is processed.
  • Processor: The entity that processes personal data on behalf of a controller.
  • Third Party: Anyone other than the data subject, controller, processor, or authorized persons.
  • Processing: Any operation performed on personal data (collection, storage, use, sharing, deletion, etc.).
  • Consent: A freely given, specific, informed, and unambiguous agreement to data processing.
  • Personal Data Breach: A security incident causing accidental or unlawful loss, alteration, or unauthorized access/disclosure of personal data.
  • Supervisory Authority: The independent public authority in each EU country that enforces GDPR.

5. What counts as Personal Data under GDPR?

Personal data includes any information that can identify someone directly or indirectly, even when combined with other data. This covers not only obvious identifiers (name, email, address), but also online identifiers (IP), behavioral/usage patterns, location data, biometric data, financial data, and more. Data that is "pseudonymized" may still be personal data if it can be linked back to a person.

6. Your Rights under GDPR

GDPR gives EU individuals a set of enforceable rights, including:

  • Right to be informed about data processing before/when data is collected.
  • Right of access to your personal data and processing details.
  • Right to rectification of inaccurate or incomplete data.
  • Right to erasure ("right to be forgotten") in certain cases.
  • Right to restriction of processing in certain cases.
  • Right to data portability to receive your data in a structured, machine-readable form and transfer it to another provider.
  • Right to object to processing based on legitimate interests or for direct marketing.
  • Rights related to automated decision-making and profiling.
  • To exercise any GDPR right, see the Contact section at the end.

7. Controller vs. Processor in Memberia–Customer Relationships

Unless a separate agreement states otherwise:

  • Organizations/businesses using Memberia to manage their members are typically the Controllers of their members' data.
  • CCCC/Memberia acts as a Processor for those organizations, and may also be an independent Controller for certain platform-level data (e.g., security logs, core service analytics) where permitted by law and contract.

8. What data Memberia collects

Depending on the feature you use, Memberia may process:

8.1 Data from organizations/businesses (account owners)

  • Authorized person name and contact details
  • Organization name and billing/payment details
  • Support requests and communications

8.2 Data from users/members

  • Name, email, phone
  • Membership identifiers and status
  • Check-in / QR-barcode verification records
  • Messages or content you submit within Memberia

8.3 Data collected automatically

  • IP address, device and browser/app information
  • Log files (actions taken within Memberia)
  • Crash reports, performance/diagnostic data
  • Cookies and similar technologies on the web version

8.4 Data from chat/support interactions

  • Contact details you provide
  • Support conversation text and related metadata
  • Additional verification data if needed for security

9. How we collect personal data

We collect data when you:

  • Register or manage an account in Memberia
  • Use membership features (including check-ins and verification)
  • Navigate within the web/app (automatic logs/SDKs/cookies)
  • Contact our support or respond to surveys

10. How we use personal data

We process personal data to:

  • Provide and operate Memberia services
  • Verify identities and manage accounts
  • Enable membership validation and reporting
  • Process payments and invoices
  • Provide customer support
  • Maintain security, prevent fraud/abuse
  • Improve and develop Memberia features
  • Meet legal obligations and respond to lawful requests

11. When we share personal data

Personal data is not sold. We share it only when necessary to provide the service or comply with law, including with:

  • Infrastructure/hosting, database, and backup providers
  • Email/SMS/push notification services
  • Payment and billing providers
  • Customer support tools
  • Authorized staff/admins of the organization using Memberia
  • Courts, law enforcement, or public authorities when legally required
  • All transfers are limited, purpose-bound, and protected by contracts and security measures.

12. International transfers

Memberia may store or process data on servers located outside the EU/EEA. When GDPR applies, cross-border transfers are made with appropriate safeguards (such as Standard Contractual Clauses) and, where required, with consent.

13. How long we keep personal data

We retain personal data only as long as needed for:

  • Service delivery
  • Legal retention duties
  • Dispute resolution and enforcement
  • Security and fraud prevention
  • After that, data is deleted, irreversibly anonymized, or securely destroyed.

14. How we protect personal data

We use reasonable, current technical and organizational measures, including:

  • Encryption in transit (TLS/SSL)
  • Role-based access control
  • Monitoring and logging
  • Regular backups
  • Vendor confidentiality obligations
  • Ongoing security improvements
  • No online system is perfectly secure, but we work continuously to protect data.

15. Personal data breaches

If a personal data breach occurs and GDPR applies, the Controller will notify the relevant Supervisory Authority within 72 hours where feasible, and affected individuals without undue delay when there is a high risk to their rights. Processors notify Controllers promptly.

16. Marketing and communications

We send promotional messages only where permitted by law and, when required, based on your consent. You can opt out at any time through in-app settings or by contacting us.

17. Cookies and analytics (web version)

Memberia web services may use cookies or similar tools for:

  • Session management
  • Security
  • Performance and usage analytics
  • Where legally required, non-essential cookies are used only after consent.

18. Third-party services and AI (if enabled)

Some optional Memberia features may rely on third-party services (e.g., hosting, analytics, email/SMS, payment, or AI providers). If you choose to use AI-powered features, relevant inputs may be transmitted to the AI provider solely to deliver the feature. Organizations can disable AI features for their users via admin settings.

19. Contact / Exercising GDPR Rights

For any GDPR request or question, contact the Controller:

  • Controller: CCCC
  • GDPR Contact Email/Form: [TO BE FILLED]
  • Address: [TO BE FILLED]
  • We respond to valid requests within GDPR time limits (normally within one month, extendable where permitted).