Privacy policy

Our Principles

Mecenates has designed this policy to be consistent with the following principles:

• Privacy policies should be human readable and easy to find;
• Data collection, storage, and processing should be simplified as much as possible to enhance security, ensure consistency, and make the practices easy for users to understand;
• Data practices should meet the reasonable expectations of users.

This Policy serves as an explanation of our privacy practices for both the Site and the services provided by Mecenates. By accessing and/or using the Webite, along with its affiliated sites, applications, services, goods, and by registering for an account, you acknowledge your understanding of how we manage your personal data in accordance with this Policy, covering data collection, usage, disclosure, processing, and retention practices. This Policy also provides insights into how you can control the sharing of your data.

Information We Collect

We collect information in multiple ways, including when you provide information directly to us; when we passively collect information from you, such as from your browser or device; and from third parties.

Information You Provide Directly to Us

We will collect any information you provide to us. We may collect information from you in a variety of ways, such as when you: (a) create an online account, (b) create a gallery, (c) contact other users, (d) make a donation or purchase, (e) contact us or provide feedback, or (f) upload your creative work or images. This information may include but is not limited to your name, profile specifics, physical address, billing information, contact details, transaction records, payment details (including instances where we process your payment method and credit card number), taxpayer data, and forms, information about accounts linked to other social networks, content and files you upload to the Site, and supplementary authentication data. This may include government-issued ID copies, passports, or driver's licenses, as permitted by relevant laws. Additionally, we collect insights from your communications with Mecenates and any content you post on our galleries, as well as your interactions with other Mecenates users.

Information that Is Automatically Collected

Device/Usage Information

We may automatically collect certain information about the computer or devices (including mobile devices or tablets) you use to access the Services. As described further below, we may collect and analyze (a) device information such as IP addresses, location information (by country and city), unique device identifiers, IMEI and TCP/IP address, browser types, browser language, operating system, mobile device carrier information, and (b) information related to the ways in which you interact with the Services, such as referring and exit web pages and URLs, platform type, the number of clicks, domain names, landing pages, pages and content viewed and the order of those pages, statistical information about the use of the Services, the amount of time spent on particular pages, the date and time you used the Services, the frequency of your use of the Services, error logs, and other similar information. As described further below, we may use third-party analytics providers and technologies, including cookies and similar tools, to assist in collecting this information.

Cookies and Other Tracking Technologies

We also collect data about your use of the Services through the use of Internet server logs and online tracking technologies, like cookies and/or tracking pixels. A web server log is a file where website activity is stored. A cookie is a small text file that is placed on your computer when you visit a website, that enables us to: (a) recognize your computer; (b) store your preferences and settings; (c) understand the web pages of the Services you have visited and the referral sites that have led you to our Services; (d) enhance your user experience by delivering content specific to your inferred interests; (e) perform searches and analytics; and (f) assist with security administrative functions. Tracking pixels (sometimes referred to as web beacons or clear GIFs) are tiny electronic tags with a unique identifier embedded in websites, online ads and/or email, and that are designed to provide usage information like ad impressions or clicks, measure popularity of the Services and associated advertising, and to access user cookies. We may also use tracking technologies in our license buttons and/or icons that you can embed on other sites/services to track the website addresses where they are embedded, gauge user interaction with them, and determine the number of unique viewers of them. If you receive email from us (such as event and update notification), we may use certain analytics tools, such as clear GIFs, to capture data such as whether you open our message, click on any links or banners our email contains, or otherwise interact with what we send. This data allows us to gauge the effectiveness of our communications and marketing campaigns. As we adopt additional technologies, we may also gather additional information through other methods.

Do Not Track

"Do Not Track" (DNT) represents a privacy preference that users can configure in specific web browsers, affording them the choice to abstain from online tracking by websites and online services. It is essential to note that we do not adhere to browser requests aimed at refraining from online tracking, a practice commonly known as "Do Not Track." Nevertheless, our Cookie Policy furnishes the information you need to opt out of receiving cookies.

Please note that you can change your settings to notify you when a cookie is being set or updated, or to block cookies altogether. Please consult the "Help" section of your browser for more information (e.g., Internet Explorer; Google Chrome; Mozilla Firefox; or Apple Safari). Please note that by blocking any or all cookies, you may not have access to certain features or offerings of the Services.

For more information about how we use cookies, please see our Cookies Notice.

We aggregate your personal information with data collected automatically or obtained from other companies, employing it for the specific purposes outlined in this Policy.

How We Use Your Information

We may use the information we collect from and about you to:

• Fulfill the purposes for which you provided it;
• Provide and improve the Services, including to develop new features or services, take steps to secure the Services, and for technical and customer support;
• Send you information about your relationship or transactions with us, account alerts, or other communications, such as newsletters to which you have subscribed;
• Process and respond to your inquiries or to request your feedback;
• Conduct analytics, research, and reporting, including to synthesize and derive insights from your use of our Services;
• Evaluate job candidates during our hiring process;
• Comply with the law and protect the safety, rights, property, or security of Creative Commons, the Services, our users, and the general public; and
• Enforce our Terms and Conditions, including to investigate potential violations thereof.

Please note that we may combine information that we collect from you and about you (including automatically collected information) with information we obtain about you from our affiliates and/or non-affiliated third parties, and use such combined information in accordance with this Privacy Policy.

We may aggregate and/or de-identify information collected through the Services. We may use de-identified and/or aggregated data for any purpose, including without limitation for research and marketing purposes.

When We Disclose Your Information

We may disclose and/or share your information under the following circumstances:

• Service Providers. We may disclose your information with third parties who perform services on our behalf, including without limitation, event management, candidate selection, marketing, customer support, data storage, data analysis and processing, and legal services;
• Legal Compliance and Protection of Mecenates and Others. We may disclose your information if required to do so by law or on a good faith belief that such disclosure is permitted by this Privacy Policy or reasonably necessary or appropriate for any of the following reasons: (a) to comply with legal process; (b) to enforce or apply our Terms and Conditions and this Privacy Policy, or other contracts with you, including investigation of potential violations thereof; (c) to respond to your requests for customer service; and/or (e) to protect the rights, property, or personal safety of Mecenates, our agents and affiliates, our users, and the public. This includes exchanging information with other companies and organizations for fraud protection, and spam/malware prevention, and similar purposes;
• Business Transfers. As we continue to develop our business, we may engage in certain business transactions, such as the transfer or sale of our assets. In such transactions, (including in contemplation of such transactions, e.g., due diligence) your information may be disclosed. If any of Mecenates' assets are sold or transferred to a third party, customer information (including your email address) would likely be one of the transferred business assets;
• Affiliated Companies. We may disclose your information with current or future affiliated companies;
• Consent. We may disclose your information to any third parties based on your consent to do so;
• Aggregate/De-identified Information. We may disclose de-identified and/or aggregated data for any purpose to third parties, including advertisers, promotional partners, and/or others.

Legal Basis for Processing Personal Data

The laws in some jurisdictions require companies to tell you about the legal ground they rely on to use or disclose information that can be directly linked to or used to identify you. To the extent those laws apply, our legal grounds for processing such information are as follows:

• To Honor Our Contractual Commitments to You. Much of our processing of information is to meet our contractual obligations to provide services to our users.
• Legitimate Interests. In many cases, we handle information on the ground that it furthers our legitimate interests in ways that are not overridden by the interests or fundamental rights and freedoms of the affected individuals, these include:
  • Customer service
  • Marketing, advertising, and fundraising
  • Protecting our users, personnel, and property
  • Managing user accounts
  • Analyzing and improving our business
  • Managing legal issues

We may also process information for the same legitimate interests of our users and business partners.

• Legal Compliance. We may need to use and disclose information in certain ways to comply with our legal obligations;
• Consent. Where required by law, and in some other cases where legally permissible, we handle information on the basis of consent. Where we handle your information on the basis of consent, you have the right to withdraw your consent; in accordance with applicable law.

Online Analytics

We may use third-party web analytics services (such as Google Analytics) on our Services to collect and analyze the information discussed above, and to engage in auditing, research, or reporting. The information (including your IP address) collected by various analytics technologies described in the "Cookies and Other Tracking Technologies" section above will be disclosed to or collected directly by these service providers, who use the information to evaluate your use of the Services, including by noting the third-party website from which you arrive to our Site, analyzing usage trends, assisting with fraud prevention, and providing certain features to you. To prevent Google Analytics from using your information for analytics, you may install the Google Analytics Opt-out Browser Add-on by clicking here.

Your Choices and Data Subject Rights

You have various rights with respect to the collection and use of your information through the Services. Those choices are as follows:

• Email Unsubscribe – You may unsubscribe from our emails at any time by visiting your Settings page or by emailing [email protected] with your request;
• Account Preferences – If you have registered for an account with us through our Services, you can update your account information or adjust your email communications preferences by logging into your account and updating your settings;
• EU Data Subject Rights – Individuals in the European Economic Area ("EEA") and other jurisdictions have certain legal rights (subject to applicable exceptions and limitations) to obtain confirmation of whether we hold certain information about them, to access such information, and to obtain its correction or deletion in appropriate circumstances. You may have the right to object to our handling of your information, restrict our processing of your information, and to withdraw any consent you have provided. To exercise these rights, please email us at [email protected] with the nature of your request. You also have the right to go directly to the relevant supervisory or legal authority, but we encourage you to contact us so that we may resolve your concerns directly as best and as promptly as we can.

Rights of EU, EEA and UK Users

If you are in the EU, EEA, or the UK, this section applies to you.

MECENATES S.R.L., located at Piazza Vienna 15, 40057 Granarolo Emilia (BO), Italy, is the Controller of your personal data under the EU and UK General Data Protection Regulation (GDPR).

You have the following rights under EU regulations:

• Right to know how we process your personal data and to receive a copy;
• Right to correct inaccuracies in your personal data;
• Right to erase your data in certain cases, like when it's no longer needed, you withdraw consent, or if processing is unlawful;
• Right to limit data processing when accuracy is disputed, processing is unlawful, data is no longer needed for its original purpose, or you object to processing under legitimate interests and we're reviewing your objection;
• Right to object to decisions based on automated processing or profiling;
• If you provided data with consent, the right to receive a structured, machine-readable copy and to have it transferred to another controller;
• Right to access safeguards for data transferred outside the EEA.

In certain cases, you can object to data processing related to your specific situation, which may halt processing. If your data is used for direct marketing, you can object anytime, including profiling, which stops this processing.

You can also file a complaint with a data protection supervisory authority. Note that access and erasure rights aren't absolute, and other individuals' interests may limit them as per local laws.

For data requests, we may need more information to confirm your identity. We might charge a fee where allowed by law. We can refuse requests that affect others' privacy, are impractical, or break the law. Additionally, as permitted, we may keep some data for record-keeping, accounting, and fraud prevention.

Specific Provisions for California Residents

This section of the Policy is pertinent if you are a California resident.

In the past twelve (12) months, we have collected various categories of personal information from users. This information includes, but is not limited to:

• Information provided directly by users, which encompasses identifiers and personal data, such as names, postal addresses, online identifiers, email addresses, passport or driver's license numbers, social security numbers, characteristics of protected classifications, gender, facial images, audio recordings, and similar details;
• Automatically collected information when using Mecenates, which includes identifiers and personal data, online identifiers, IP addresses, device and connection details (e.g., browser type and version, time zone, browser plug-ins), commercial information (e.g., product or service considerations, purchases), internet or electronic network activity (e.g., login/logout times, session durations, uploaded/downloaded content, web page views, activity metrics), and location data;
• Information obtained from third parties, including service providers, advertisers, and third-party accounts linked to Mecenates, which covers identifiers and personal data, online identifiers, email addresses, IP addresses, device and connection details, professional or employment-related information, internet or electronic network activity, commercial information, and location information;
• Inferences drawn from the collected information to create user profiles.

We use this personal information for the business purposes explained in the "How Do We Use the Information Collected?" section. Importantly, as stated in this Policy, we do not "sell" personal information in accordance with the California Consumer Privacy Act (CCPA).

Under the CCPA, you have certain rights concerning your personal information:

• The right to request access to the personal information collected over the last 12 months, including details about the categories of information, sources, business purposes, categories of third parties with whom we shared data, and specific pieces of information about you;
• The right to request deletion of your personal information under specific circumstances and exceptions;
• The right to be free from discrimination for exercising your CCPA rights;
• The right to use an authorized agent to submit requests. The agent must be registered with the California Secretary of State, provide proof of registration, and show documentation or proof of their authority to act on your behalf. You may also need to verify your identity directly with us and confirm the agent's authorization.

To make these requests, please contact us at [email protected]. We'll verify your request using your account information, including your email address, and may require government identification.

Please note that you can make an access request only twice within a 12-month period. There is no fee for processing or responding to your verifiable user request, unless it's excessive, repetitive, or manifestly unfounded. In such cases, we'll explain the reasons for the fee and provide a cost estimate before proceeding.

International Transfers

Our computer systems are currently based in the European Union. As described above in the "When We Disclose Your Information" section, we may share your information with trusted service providers or business partners in countries other than your country of residence, including the United States, in accordance with applicable law. This means that some of your information may be processed in the United States, which may not offer the same level of protection as the privacy laws of your jurisdiction. By providing us with your information, you acknowledge any such transfer, storage or use.

If we provide any information about you to any third parties information processors located outside of the EEA, we will take appropriate measures to ensure such companies protect your information adequately in accordance with this Privacy Policy and other data protection laws to govern the transfers of such data.

Security Measures

We have implemented technical, physical, and organizational security measures to protect against the loss, misuse, and/or alteration of your information. These safeguards vary based on the sensitivity of the information that we collect and store. However, we cannot and do not guarantee that these measures will prevent every unauthorized attempt to access, use, or disclose your information since despite our efforts, no Internet and/or other electronic transmissions can be completely secure.

Children

The Services are intended for users over the age of 18 and are not directed at children under the age of 13. Minors, specifically those under 18 but over 13, may utilize the Site solely through an account owned by a parent or legal guardian, with their explicit consent. It is the responsibility of parents and guardians to continually oversee their children's online activities. If we become aware that we have collected personal information (as defined by the Children's Online Privacy Protection Act) from children under the age of 13, or personal data (as defined by the EU GDPR) from children under the age of 16, we will take reasonable steps to delete it as soon as practicable.

Data Retention

We retain the information we collect for as long as necessary to fulfill the purposes set forth in this Privacy Policy or as long as we are legally required or permitted to do so. Information may persist in copies made for backup and business continuity purposes for additional time.

Third-Party Links and Services

The Services may contain links to third-party websites (e.g., social media sites like Facebook and Twitter), third-party plug-ins (e.g., the Facebook "like" button and Twitter "follow" button), and other services. If you choose to use these sites or features, you may disclose your information not just to those third-parties, but also to their users and the public more generally depending on how their services function. Mecenates is not responsible for the content or privacy practices of such third party websites or services. The collection, use and disclosure of your information will be subject to the privacy policies of the third party websites or services, and not this Privacy Policy. We encourage you to read the privacy statements of each and every site you visit.

Changes to this Privacy Policy

We will continue to evaluate this Privacy Policy as we update and expand our Services, and we may make changes to the Privacy Policy accordingly. We will post any changes here and revise the date last updated above. We encourage you to check this page periodically for updates to stay informed on how we collect, use and share your information. If we make material changes to this Privacy Policy, we will provide you with notice as required by law.

Questions About this Privacy Policy

If you have any questions about this Privacy Policy or our privacy practices, you can contact us at: [email protected].