Fable's Privacy Policy

Last Revised on May 12, 2021

This privacy policy reflects our dedication to protecting data in all regions where we operate. We respect the rights of individuals worldwide and are fully committed to complying with all applicable regulations and legal guidelines.

How this Policy Works

This document is organized into several sections. The initial section [Common Clauses] outlines our overall approach to data collection, storage, and processing. Subsequent sections detail specific regulations that apply depending on your location or the use of our services.

To gain a comprehensive understanding of how we handle your data and ensure that we uphold your rights under relevant data protection regulations, we recommend reading the first section and any sections applicable to your situation.

In cases where our general guidelines may differ somewhat from territorial regulations, the specific territorial clauses take precedence. Nevertheless, rest assured that we prioritize your privacy and are committed to respecting your rights as dictated by applicable regulations. We are dedicated to addressing any inquiries, complaints, or concerns in a professional and timely manner.

Common Clauses

Definitions

GDPR - Whenever the terms 'The General Data Protection Regulations’ or ‘GDPR' are referred to in this document, it pertains to both The Regulation (EU) 2016/679 (EU GDPR) and The Data Protection Act 2018 (UK GDPR). Should there be a need to invoke other regulations, they will be appropriately and distinctly named.

The Regulation (EU) 2016/679 (EU GDPR) Territorial scope - The territorial scope of the GDPR encompasses the processing of personal data by entities established within the European Union/UK, regardless of where the processing occurs, as well as entities outside the EU/UK that either offer goods or services to individuals within the EU or monitor their behavior within the Union. It also applies in situations governed by a Member State's public international law. This means the GDPR's reach extends beyond the EU's borders, affecting organizations globally that interact with EU residents.

The Data Protection Act 2018 (UK GDPR) Territorial Scope - The UK GDPR, which came into effect post-Brexit, maintains similar territorial principles. It applies to the processing of personal data by entities established within the United Kingdom. For entities outside the UK, the UK GDPR applies if they offer goods or services to, or monitor the behavior of, individuals within the UK. It also captures situations dictated by UK international law.

CCPA (California Consumer Privacy Act) - The CCPA is a state statute from California aimed at enhancing the privacy rights and consumer protection of its residents. Enacted in 2018 and effective from January 1, 2020, it allows California consumers to know what personal data is being collected about them, understand if their data is sold or disclosed and to whom, refuse the sale of their data, access their data, request businesses to delete any of their collected personal information, and ensures they are not discriminated against for exercising these rights.

CPRA (California Privacy Rights Act) - The CPRA is an extension and expansion of the CCPA, passed as a ballot initiative in November 2020. It introduces several significant changes to the CCPA, such as the establishment of the California Privacy Protection Agency, which is responsible for enforcing the state's consumer data privacy laws. It also extends the CCPA's exemption for employment-related information, introduces new rights for consumers like the right to correct inaccurate personal information and the right to limit the use of sensitive personal information, and places new obligations on businesses, including the need for regular risk assessments.

LGPD (Lei Geral de Proteção de Dados): The LGPD is Brazil's primary data protection legislation, which stands for "General Data Protection Law" when translated to English. Enacted in August 2018 and effective from September 2020, the LGPD regulates the processing of personal data of individuals within Brazil, regardless of where the data processing entity is located. The law aims to provide transparency in the use of personal data and to ensure the rights of data subjects. It sets out principles, rights, and duties for data processors and controllers, emphasizing the importance of consent, data subjects' rights, and the establishment of a national data protection authority. The LGPD draws inspiration from the European Union's General Data Protection Regulation (GDPR) and represents a significant shift in Brazil's approach to data privacy, emphasizing the protection of individual rights and the importance of transparency in data processing activities.

US Data Privacy Protection Laws: When we talk about US data protection laws, we're diving into the intricate network of legal rules that protect data privacy throughout the country.. The U.S. doesn't operate under a singular, overarching data protection statute. Instead, it boasts a mosaic of federal and state regulations, each tailored to address specific sectors or concerns. Renowned federal statutes like the Colorado Privacy Act (CPA, effective July 1, 2023), the Connecticut Data Privacy Act (CTDPA, effective July 1, 2023), the Utah Consumer Privacy Act (UCPA, effective December 31, 2023), and the Virginia Consumer Data Protection Act (VCDPA, effective January 1, 2023). Also, the Health Insurance Portability and Accountability Act (HIPAA) cater to health information, while the Gramm-Leach-Bliley Act focuses on financial institutions, and the Children's Online Privacy Protection Act (COPPA) zeroes in on the online data of minors. On the state level, trailblazing laws like the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) have set benchmarks for others to follow. Collectively, these laws form the backbone of the US's commitment to ensuring data privacy, security, and transparency for its citizens.

Personal data [personal data] - 'personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Sensitive Type of Data under GDPR - Under the General Data Protection Regulation (GDPR), ‘sensitive data’ is defined as personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic data, biometric data, data concerning health or data concerning a natural person’s sex life or sexual orientation.

Sensitive Type of Data under CCPA/CPRA - Sensitive personal information is a specific subset of personal information that includes certain government identifiers (such as social security numbers); an account log-in, financial account, debit card, or credit card number with any required security code, password, or credentials allowing access to an account; precise geolocation; contents of mail, email, and text messages; genetic data; biometric information processed to identify a consumer; information concerning a consumer’s health, sex life, or sexual orientation; or information about racial or ethnic origin, religious or philosophical beliefs, or union membership. Consumers have the right to limit a business’s use and disclosure of their sensitive personal information.

Processing - Any operation or set of operations performed on personal data, whether or not by automated means. This includes collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, dissemination, alignment, combination, restriction, erasure, or destruction.

Third-Party/Vendor - A natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

How To Contact Us

Fable, Inc. is registered in the United States of America. The Data Protection Lead is Emma Liebmann. You can contact us in any of the following ways:

Name of Data Protection Lead: Emma Liebmann
Company Name: Fable, Inc.
Data Protection Lead Address: emma@fable.app

Our Article 27 Representative

We have appointed EU and UK Representatives under Article 27 of the EU GDPR and UK GDPR respectively. Our appointed representatives are:

Our UK Representative

Under Article 27 of the UK Data Protection Act 2018, we have appointed a UK Representative to act as our data protection agent. Our nominated UK Representative is:

GDPR Local Ltd.
Adam Brogden
contact@gdprlocal.com
Tel +44 1772 217800
1st Floor Front Suite
27-29 North Street, Brighton England
BN1 1EB

Our EU Representative

Under Article 27 of the EU GDPR, we have appointed an EU Representative to act as our data protection agent. Our nominated EU Representative is:

Instant EU GDPR Representative Ltd.
Adam Brogden
contact@gdprlocal.com
Tel +35315549700
INSTANT EU GDPR REPRESENTATIVE LTD
Office 2,
12A Lower Main Street, Lucan Co. Dublin K78 X5P8
Ireland

What will happen if you contact us

If you contact us, we will use the personal information you provide to respond to your inquiry, to provide you with any information or assistance you request, to send you updates about our services or to invite you to participate in events, and to keep a record of your contact and other information, always treating your personal information in accordance with our Privacy Policy and applicable laws and regulations.

We will keep a record of your contact information and any other information you provide to us in order to respond to your inquiry, to improve our services and to comply with legal and regulatory requirements.

If you prefer not to receive marketing communications from us, you can opt-out at any time by following the instructions in the communication or by contacting us directly.

The data we collect is used by Fable to provide our services to you. We may share your data with other companies / organizations / people as required to provide our services or operate our company; however, unless required to do so by law, we will not otherwise share, sell, or distribute any of the information you provide to us without your consent.

We may use your information in order to process and complete transactions, and to send related information, including transaction confirmations and invoices.

How do we collect your data

  • At Fable, we collect data in a number of ways The main ways we collect data include:

  • Account Creation: When users sign up for the platform, they would likely provide basic information such as name, email address, and a password. This information would be essential for creating and managing user accounts;

  • Profile Information: Users might have the option to complete a profile, which could include additional details like a profile picture, job title, company name, and other relevant details to enhance collaboration;

  • Usage Data: As users interact with the platform, data regarding their activities, such as projects they create, collaborate on, or any templates they use, might be collected. This would help in understanding user behavior and improving the platform's features;

  • Feedback and Support: If users provide feedback or reach out for support, any information they share during these interactions might be collected to improve the platform and address user concerns;

  • Collaboration Tools: Given that Fable emphasizes collaboration, users might be able to invite colleagues or team members to join projects. In such cases, email addresses or other contact details of invitees might be collected;

  • Payment Information: If there are premium features or subscription tiers, payment information such as credit card details might be collected to process transactions;

  • Cookies and Tracking: To enhance user experience and for analytical purposes, cookies and other tracking technologies might be used to collect data about user interactions with the platform, preferences, and device information;

  • Third-party Integrations: If Fable integrates with other platforms or tools (e.g., design software, cloud storage), information might be collected from these third-party platforms based on user permissions;

  • Surveys and Promotions: Occasionally, users might be invited to participate in surveys or promotions, and any information provided during these activities could be collected;

  • Community Forums or Discussion Boards: If Fable offers community features, any information shared by users in these public spaces might be collected and stored.

What data we collect

When you use the Services or otherwise engage with us, we may ask you to provide us with certain details or information about you:

  • Basic contact details – name, address, phone number, email. We collect basic contact details communicate with you, provide you with products and services, and to market to you;

  • Account information – your email and password. We collect account information to maintain and secure your account with us. If you choose to use the Services and register an account, you are responsible for keeping your account credentials safe. We highly recommend that you do not share your username, password, or other access details with anyone else. If you believe your account has been compromised, please contact us immediately;

  • Preference information – information that you enter related to projects that you create or access. We collect preference information to provide you with the Services;

  • Transaction information – information related to your purchase of and subscription to our Services. We collect transaction information to provide you with the Services and any other products or services you have requested;

  • Any other information you choose to include in communications with us, for example, when sending a message through the Contact Us email addresses;

  • Some features of the Services may require you to enter certain information about yourself. You may elect not to provide this information, but doing so may prevent you from using or accessing these features.

We may obtain certain information about you from outside sources, such as when you choose to interact with us on social media (e.g., Facebook, Twitter or Medium) or when you choose to log into your Fable account with a separate personal account, such as Google. We also obtain certain information about you from third party vendors and service providers who may collect information directly from you, including our payment processor Stripe. We are not responsible or liable for the accuracy of the information provided to us by third parties and are not responsible for any third party’s policies or practices. See Section 6 below for more information.

In addition to the foregoing, we may use all of the above information to comply with any applicable legal obligations, to enforce any applicable terms of service, and to protect or defend the Services, our rights, the rights of our users, or others.

We recognize that some of this information might be considered sensitive under certain laws mentioned in the definitions. However, we want to assure you that we have implemented every possible measure to safeguard your data and will never share it with third parties without your explicit consent.

What data will be stored

We only collect the necessary personal data to manage our relationship with you, provide services to our clients and run and develop our company.

Account Details:

  • Username or User ID

  • Email address

  • Encrypted password

  • Date of account creation and last login

Profile Information:

  • Profile picture

  • Job title

  • Company name

  • Any other voluntary details provided by the user

Usage Data:

  • Projects created, edited, or viewed

  • Collaboration history (e.g., users invited, users collaborated with)

  • Templates or features used

  • User activity timestamps

Feedback and Support Interactions:

  • User queries or issues reported

  • Correspondence history with support teams

  • Feedback or suggestions provided

Collaboration Tools Data:

  • Email addresses or contact details of invitees

  • Shared project details or files

  • Payment Information (stored securely and in compliance with payment industry standards):

  • Transaction history

  • Subscription details (e.g. start date, renewal date)

  • Last four digits of credit card (full credit card details would typically be processed by a third-party payment processor and not stored directly by Fable)

Cookies and Tracking Data:

  • User preferences and settings

  • Device information (e.g., device type, browser type)

  • IP address

  • Interaction data with the platform (e.g., pages visited, features used)

Third-party Integration Data (based on user permissions):

  • Data retrieved from integrated platforms or tools, such as design files or collaboration details

Survey and Promotion Responses:

  • Answers or feedback provided in surveys

  • Participation details in promotions or contests

Community Forums or Discussion Boards Data:

  • Posts, comments, or interactions in community spaces

  • Usernames or identifiers associated with these interactions

The storage of this data would be done with a focus on security, ensuring data encryption, regular backups, and compliance with data protection regulations. You will have the right to access, modify, or request the deletion of your stored data in line with privacy rights and regulations.

What data will be shared

The specific data we share may vary depending on the nature of our engagement with you, but typically includes the following:

Third-party Service Providers:

  • Payment Processors: Transaction details (excluding full credit card information) might be shared with payment processors to facilitate subscription payments or purchases;

  • Cloud Storage and Hosting: Data might be stored on third-party servers or cloud platforms, which would involve sharing data with these providers;

  • Customer Support Tools: User queries, feedback, and support interactions might be managed through third-party customer support platforms.

Collaboration and Integration:

  • Project Collaborators: If users invite others to collaborate on a project, shared project details, and possibly the user's name or username, might be visible to those collaborators;

  • Third-party Platforms: If users integrate Fable with other platforms or tools, relevant data might be shared with these platforms based on user permissions.

Legal and Compliance:

  • Data might be shared with law enforcement or regulatory bodies if required by law or in response to legal requests;

  • In the event of a merger, acquisition, or sale of assets, user data might be shared with the relevant parties, but users would typically be notified of any such change in ownership or control of their data.

Analytics and Improvement:

  • Aggregated and anonymized data might be shared with analytics providers to understand platform usage, improve features, and optimize user experience. This data would not personally identify individual users.

Marketing and Promotions:

  • With user consent, data might be shared with marketing partners or platforms for targeted advertising or promotional campaigns. Users would have the option to opt-out of such sharing.

Community and Public Spaces:

  • Any information users share in public forums, discussion boards, or community spaces on Fable might be visible to other users or the public.

Affiliates and Partners:

  • Data might be shared with affiliated companies or business partners for operational purposes, joint promotions, or product integrations.It's important to note that any data sharing would be done with a commitment to user privacy. Users would also have the right to control and limit the sharing of their data through privacy settings and preferences.

Children’s data

We do not knowingly collect or maintain Personally-Identifying Information from anyone under the age of 13, unless or except as permitted by law. Any person who provides Personally-Identifying Information through the Website represents to us that he or she is 13 years of age or older. If we learn that Personally-Identifying Information has been collected from a user under 13 years of age on or through the Website, then we will take the appropriate steps to delete this information.

If you are the parent or legal guardian of a child under 13 who has become a member of the Website or has otherwise transferred Personally-Identifying Information to the Website, please contact the Company using our contact information below to have that child's account terminated and information deleted.

No AI in personal data processing

At Fable, we prioritize the privacy and security of our users. In an age where Artificial Intelligence (AI) is increasingly being integrated into various digital platforms, we've made a conscious decision to steer clear of AI when it comes to processing personal information.

Why is this significant? AI algorithms, while powerful, can sometimes operate in ways that are not entirely transparent, leading to potential privacy concerns. By not employing AI in the processing of personal data, Fable ensures that your information is handled with the utmost care and transparency. Every piece of personal data you entrust with us is managed with manual oversight, ensuring no unintended profiling, data mining, or other AI-driven analyses occur without your explicit knowledge and consent.

This approach underscores our commitment to maintaining a platform where users can confidently create, collaborate, and share, knowing that their personal information remains uncompromised and free from AI-driven scrutiny.

Lawful Basis for Processing

We acknowledge and follow the lawful basis established by the GDPR. However, we also respect the lawful bases defined by all relevant laws worldwide, ensuring that we align with the appropriate lawful basis wherever data subjects are located.

We will only use your personal data for the purposes for which we collected it and as you would reasonably expect your data to be processed and only where there is a lawful basis for such processing, for example:

To register you as a new customer Identity, Contact

  • Performance of a contract with you

  • Consent

To process and deliver the products and services you request and to manage payments, fees and charges. Identity, Contact, Financial, Transaction, Marketing and Communications

  • Performance of a contract with you

  • Necessary for our legitimate interests to recover debts owed to us

  • Consent

To manage our ongoing relationship with you which will include notifying you about changes to our terms, services or privacy policy, to maintain our records. Identity, Contact, Profile, Marketing and Communications

  • Performance of a contract with you

  • Necessary to comply with a legal obligation

  • Necessary for our legitimate interests to keep our records updated and to study how customers use our services

  • Consent

To administer and protect our business and our site (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data). Identity, Contact, Technical

  • Necessary for our legitimate interests for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganization or group restructuring exercise

  • Necessary to comply with a legal obligation

  • Consent

To use data analytics to improve our website, services, marketing, customer relationships and experiences. Technical, Usage

  • Necessary for our legitimate interests to define types of customers for our services, to keep our site updated and relevant, to develop our business and to inform our marketing strategy.

  • Consent

To make suggestions and recommendations to you about services that may be of interest to you. Identity, Contact, Technical, Usage, Profile

  • Necessary for our legitimate interests to develop our services and grow our business

  • Consent


Territorial / Framework Specific Clauses

GDPR-Specific Clauses for EU/UK Citizens Using Fable

At Fable, we are deeply committed to ensuring the privacy and protection of our users' data. In line with the General Data Protection Regulation (GDPR), we adhere to the following principles when processing personal data:

Lawfulness, Fairness, and Transparency: Every piece of personal data we process has a lawful basis, whether it's user consent, contractual necessity, or another valid reason. We ensure that our data processing activities are transparent, and users are informed about how their data is used.

Purpose Limitation: We collect personal data for specific, explicit, and legitimate purposes. We ensure that data is not processed in a manner that is incompatible with those purposes unless the user provides explicit consent or it's required by law.

Data Minimization: We only collect and process the personal data that is necessary for the purposes for which it is collected. We avoid excessive data collection and ensure that irrelevant or unnecessary data is not retained.

Accuracy: We take every step to ensure that the personal data we hold is accurate and up-to-date. If any inaccuracies are identified, we act swiftly to correct or delete them.

Storage Limitation: We retain personal data only for as long as necessary for the purposes for which it was collected. Once the data is no longer required, we ensure it is deleted or anonymized.

Integrity and Confidentiality: We employ robust security measures to protect personal data from unauthorized access, alteration, disclosure, or destruction. This includes both technical measures, like encryption, and organizational measures, like staff training.

Accountability: We take responsibility for the personal data we hold and process. We have measures in place to demonstrate compliance with GDPR principles, including maintaining relevant documentation, conducting regular audits, and appointing a Data Protection Officer (DPO) to oversee our data protection strategies.

Rights under the General Data Protection Regulation (GDPR)

We respect and facilitate the rights of data subjects under the GDPR. This includes rights to access, rectification, erasure, data portability, and objection to processing. We have processes in place to respond to data subject requests in a timely and compliant manner.

If you are a citizen of the European Union (EU) or the United Kingdom (UK), you have the following rights:

Right to Access: You have the right to request access to your personal data that Fable processes. This includes information about the purposes of processing, the categories of personal data concerned, and the recipients of the personal data.

Right to Rectification: Should you find that your personal data held by Fable is inaccurate or incomplete, you have the right to request its correction.

Right to Erasure (‘Right to be Forgotten’): Under certain conditions, you can request the deletion of your personal data. For instance, if the data is no longer necessary for the purposes for which it was collected.

Right to Restriction of Processing: You can request a temporary halt to the processing of your personal data, for reasons such as contesting its accuracy or objecting to its processing.

Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format. This allows you to transfer your data to another service provider if you wish.

Right to Object: If Fable processes your data based on legitimate interests or the performance of a task in the public interest/exercise of official authority, you can object to this processing, unless Fable can demonstrate compelling legitimate grounds for the processing.

Automated Individual Decision-making, Including Profiling: You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

Right to Lodge a Complaint: If you believe that Fable is not processing your personal data in accordance with GDPR regulations, you have the right to lodge a complaint with a supervisory authority in your member state.

US Data Privacy Protection Laws

At Fable we understand that adherence to all US data protection laws is of utmost importance. The United States has a complex system of legal rules that vigorously safeguard data privacy. Instead of having a single, overarching data protection law, the country operates under a mosaic of federal and state regulations, each carefully designed to address specific sectors and concerns. For example, important federal statutes like the Colorado Privacy Act (CPA, effective from July 1, 2023), the Connecticut Data Privacy Act (CTDPA, effective from July 1, 2023), the Utah Consumer Privacy Act (UCPA, effective from December 31, 2023), and the Virginia Consumer Data Protection Act (VCDPA, effective from January 1, 2023) play significant roles.

Moreover, there are specialized laws like the Health Insurance Portability and Accountability Act (HIPAA) for health information, the Gramm-Leach-Bliley Act for financial institutions, and the Children's Online Privacy Protection Act (COPPA) for the online data of minors. On the state level, trailblazing legislations such as the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) have set the standard for others to follow.

At Fable, we handle data with the utmost care and in a manner that aligns with the expectations and values of our users. Our data processing practices strictly adhere to the provisions outlined in US Data Privacy Protection Laws. We hold a deep respect for your rights under these regulations, including those that pertain to specific states like Delaware, Virginia, Colorado, every data privacy protecion law in force and any new ones that may arise. Our commitment mirrors the United States' steadfast dedication to safeguarding data privacy, enhancing security, and promoting transparency for all its citizens.

CCPA/CRPA - Specific Clauses for California Citizens Using Fable

At Fable, we recognise the importance of user privacy and are committed to upholding the highest standards of data protection, especially for our users based in California. In line with the California Consumer Privacy Act (CCPA), we have implemented the following measures:

Selling Consumer Data:

Fable is dedicated to maintaining the trust of our users. We want to be transparent about how we handle consumer data. If at any point we engage in the sale of consumer data, we will ensure that users have the choice to opt out of such sharing.

To facilitate this, we will prominently display a “Do Not Sell My Personal Information” link on our homepage. This link will direct users to a dedicated web page where they can exercise their right to opt out of any potential data sales.

Consumer Data Requests:

Users have the right to know what personal information Fable has collected about them and with whom it has been shared.

We provide multiple methods for users to submit data requests, including a dedicated phone number and a specific section on our website.

Upon receiving a request, we will identify and provide all collected information about the user and disclose any parties the data has been shared with.

Additionally, users have the right to request the deletion of their data. We are committed to complying with such requests within 45 days of receipt.

CCPA Specific Privacy Policy Specific Clauses

Fable's privacy policy is regularly updated to reflect our commitment to the CCPA. We ensure that our policy:

  • Highlights the rights afforded to users by the CCPA.

  • Clearly identifies the categories of personal information we have collected.

  • Explains the commercial reasons for collecting this data.

  • Specifies the categories of data, if any, that have been sold to third parties.

At Fable, we believe in a transparent and user-centric approach to data protection. Our adherence to the CCPA is a testament to our commitment to ensuring that our users, especially those in California, can confidently use our platform with their rights and privacy safeguarded.

Rights under the California Consumer Privacy Act (CCPA), and the California Privacy Rights Act (CPRA)

At Fable, we prioritise the privacy and rights of our users, especially those residing in California. In line with the California Consumer Privacy Act of 2018 (CCPA) and its subsequent amendments, we have implemented measures to ensure that our California-based users can exercise their rights fully.

Under the CCPA, California consumers have the following rights:

Right to Know: Users have the right to know about the personal information Fable collects about them, including how it is used and shared.

Right to Delete: Users can request the deletion of their personal information, with certain exceptions.

Right to Opt-Out: Users have the right to opt-out of the sale or sharing of their personal information.

Right to Non-Discrimination: Fable ensures that users are not discriminated against for exercising their CCPA rights.

In November 2020, California voters approved Proposition 24, the California Privacy Rights Act (CPRA), which further amended the CCPA. As of January 1, 2023, Fable has incorporated the following additional rights for California consumers:

Right to Correct: Users can request the correction of inaccurate personal information that Fable holds about them.

Right to Limit Use and Disclosure: Users have the right to limit the use and disclosure of sensitive personal information collected about them.

At Fable, we have taken proactive steps to ensure that our platform is compliant with the CCPA and its subsequent amendments. We believe in transparency, user empowerment, and the importance of safeguarding personal data. Our California-based users can confidently use our platform, knowing that their privacy rights are respected and protected.

Lei Geral De Proteção de Dados (LGDP) - Specific Clauses for Brazil Citizens Using Fable

Fable's Commitment to the Lei Geral de Proteção de Dados (LGPD)

At Fable, we are dedicated to upholding the highest standards of data protection for all our users, including those in Brazil. In alignment with the Lei Geral de Proteção de Dados (LGPD), we adhere to the following principles when processing personal data:

Purpose: We ensure that all personal data is processed for legitimate, clear, and previously specified purposes.

Suitability: The processing of personal data at Fable is always compatible with the context in which the data was initially collected.

Necessity: We strictly process data that is relevant, proportional, and necessary to achieve our specified purposes.

Free Access: Fable is committed to providing users with comprehensive information about the form, duration, and integrity of their personal data processing.

Data Quality: We prioritize maintaining personal data that is accurate, clear, relevant, and up-to-date, ensuring its integrity and reliability.

Transparency: Our users are provided with clear, precise, and easily accessible information about our data processing activities, ensuring they are always informed.

Security: Fable employs robust technical and administrative measures to safeguard personal data from unauthorized access, breaches, and accidental loss.

Prevention: Our data processing practices are designed to prevent any harm or adverse effects to our users.

Non-discrimination: We pledge never to process personal data in ways that could be deemed unlawful, abusive, or discriminatory against any individual.

Accountability: At Fable, we take responsibility for the personal data under our care. We continuously strive to demonstrate our compliance with privacy and data protection laws, including the LGPD.

Rights under the Lei Geral De Proteção de Dados (LGDP)

Our commitment to the LGPD underscores our dedication to ensuring that our users, especially those in Brazil, can confidently use our platform with their rights and privacy safeguarded. For any queries or to exercise your rights under the LGPD, please refer to our privacy policy or contact our dedicated privacy team.

At Fable, we are committed to upholding the rights of our users, especially those in Brazil, as outlined in the Lei Geral de Proteção de Dados (LGPD). As controllers of personal data, we recognize our responsibility to safeguard and facilitate these rights.

The nine data subject rights, as stipulated in Article 18 of the LGPD, are as follows:

Confirmation of Processing: Upon request, we will confirm whether we have processed an individual's personal data.

Access: Users can request access to their personal data, and we are committed to providing it promptly.

Correction: If a user's personal data is inaccurate, incomplete, or out-of-date, we will take steps to correct it.

Data Erasure, Anonymization, or Blocking: We will erase, anonymize, or block personal data that is deemed unnecessary, excessive, or processed in violation of the LGPD.

Data Transfer: Upon request, we will facilitate the transfer of a user's personal data to another organization.

Data Deletion: If personal data was collected with user consent, they can request its deletion (subject to certain exceptions).

Third-Party Sharing Information: We will inform users about any third parties with whom we have shared their personal data.

Refusal of Consent: We ensure that users are informed about their right to refuse consent and the consequences of such refusal.

Revocation of Consent: Users have the right to revoke their consent to our processing of their personal data, and we facilitate this right.

Furthermore, in line with Article 20 of the LGPD, if we make significant decisions affecting a user's interests using entirely automated processes, such as AI-driven recommendations, the user has the right to request a human review of that decision.

At Fable, we prioritize transparency, user empowerment, and the importance of safeguarding personal data. Our adherence to the LGPD's data subject rights is a testament to our commitment to ensuring that our users, especially those in Brazil, can confidently use our platform with their rights and privacy safeguarded.

For any queries or to exercise your rights under the LGPD, please refer to our privacy policy or contact our dedicated privacy team.

Other Applicable Regulations

Depending on your location and the use of our services, you may be subject to additional data protection regulations beyond those mentioned above. At Fable Inc., we want to assure you that we are committed to complying with all relevant local regulations to the best of our abilities, while also taking into consideration our operational constraints. Your data privacy and security remain a top priority for us, and we aim to ensure that our practices align with the specific requirements of your region or jurisdiction, wherever you may be.

This privacy policy is designed to encompass all relevant data protection laws currently in effect, including those listed in the following table, which are not exempted.

European Union
General Data Protection Regulation (GDPR)
Right to Access, Right to Rectification, Right to Erasure (‘Right to be Forgotten’), Right to Restriction of Processing, Right to Data Portability, Right to Object, Automated Individual Decision-making, Including Profiling and the Right to Lodge a Complaint

USA
California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
Right to Know, Right to Delete, Right to Opt-Out, Right to Non-Discrimination, Right to Correct, Right to Limit Use and Disclosure.

Brazil
Lei Geral de Proteção de Dados (LGPD)
Confirmation of Processing, Access, Correction, Data Erasure, Anonymization, or Blocking, Data Transfer, Data Deletion, Third-Party Sharing Information, Refusal of Consent and Revocation of Consent.

India
Personal Data Protection Bill (PDPB)
Rights to access information, Rights to data portability, Right to be forgotten, Оbjection to direct marketing and profiling, the right to review the information provided and withdraw consent that was previously provided.

Australia
Privacy Act 1988 (including the Australian Privacy Principles)
Right to know why your personal information is being collected, how it will be used and who it will be disclosed to, have the option of not identifying yourself, or of using a pseudonym in certain circumstances, ask for access to your personal information (including your health information), stop receiving unwanted direct marketing, ask for your personal information that is incorrect to be corrected, make a complaint about an organisation or agency the Privacy Act covers, if you think they’ve mishandled your personal information.

Canada
Personal Information Protection and Electronic Documents Act (PIPEDA)
Right to access the data subject's own personal data, right to rectify/correct the data subject's own personal data where inaccurate or incomplete, right to erasure of personal data, right to restrict data processing, right to object to the processing of personal data and right to withdraw consent.

South Africa
Protection of Personal Information Act (POPIA)
Right to access the data subject's own personal data, right to rectify/correct the data subject's own personal data where inaccurate or incomplete, right to erasure of personal data, right to restrict data processing, right to object to the processing of personal data and right to withdraw consent.

Japan
Act on the Protection of Personal Information (APPI)
Right to access the data subject's own personal data, right to rectify/correct the data subject's own personal data where inaccurate or incomplete, right to erasure of personal data and right to restrict data processing.

Singapore
Personal Data Protection Act (PDPA)
Right to access the data subject's own personal data, right to rectify/correct the data subject's own personal data where inaccurate or incomplete, right to data portability (passed by Parliament but not yet in force) and the right to withdraw consent.

China
Personal Information Protection Law
Right to access the data subject's own personal data,right to rectify/correct the data subject's own personal data where inaccurate or incomplete, right to erasure of personal data, right to restrict data processing, right to data portability, right to object to the processing of personal data, right to withdraw consent, and the right to lodge a complaint.

Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know such data. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

Where required under GDPR will report any breaches or potential breaches to the appropriate authorities within 24 hours and to anyone affected by a breach within 72 hours. If you have any queries or concerns about your data usage, please contact us.

Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

Cookies

A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added, and the cookie helps analyze web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences. We use traffic log cookies to identify which pages are being used. This helps us analyze data about webpage traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

Overall, cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

As well as your ability to accept or reject cookies, we also require your permission to store cookies on your machine, which is why when you visit our site, you are presented with the ability to accept our terms of use, including the storage of cookies on your machine.

Exercising your right to lodge a complaint to a local data protection authority

If you remain dissatisfied, then you have the right to apply directly to your local data protection authority. You can find the list at:

https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm

This document demonstrates our commitment to your privacy based regardless of territory, framework or other applicable laws. We are committed to protecting your privacy in all interactions and will at all times respect your rights and will respond professionally and courteously to any request.

Fable's Privacy Policy

Last Revised on May 12, 2021

This privacy policy reflects our dedication to protecting data in all regions where we operate. We respect the rights of individuals worldwide and are fully committed to complying with all applicable regulations and legal guidelines.

How this Policy Works

This document is organized into several sections. The initial section [Common Clauses] outlines our overall approach to data collection, storage, and processing. Subsequent sections detail specific regulations that apply depending on your location or the use of our services.

To gain a comprehensive understanding of how we handle your data and ensure that we uphold your rights under relevant data protection regulations, we recommend reading the first section and any sections applicable to your situation.

In cases where our general guidelines may differ somewhat from territorial regulations, the specific territorial clauses take precedence. Nevertheless, rest assured that we prioritize your privacy and are committed to respecting your rights as dictated by applicable regulations. We are dedicated to addressing any inquiries, complaints, or concerns in a professional and timely manner.

Common Clauses

Definitions

GDPR - Whenever the terms 'The General Data Protection Regulations’ or ‘GDPR' are referred to in this document, it pertains to both The Regulation (EU) 2016/679 (EU GDPR) and The Data Protection Act 2018 (UK GDPR). Should there be a need to invoke other regulations, they will be appropriately and distinctly named.

The Regulation (EU) 2016/679 (EU GDPR) Territorial scope - The territorial scope of the GDPR encompasses the processing of personal data by entities established within the European Union/UK, regardless of where the processing occurs, as well as entities outside the EU/UK that either offer goods or services to individuals within the EU or monitor their behavior within the Union. It also applies in situations governed by a Member State's public international law. This means the GDPR's reach extends beyond the EU's borders, affecting organizations globally that interact with EU residents.

The Data Protection Act 2018 (UK GDPR) Territorial Scope - The UK GDPR, which came into effect post-Brexit, maintains similar territorial principles. It applies to the processing of personal data by entities established within the United Kingdom. For entities outside the UK, the UK GDPR applies if they offer goods or services to, or monitor the behavior of, individuals within the UK. It also captures situations dictated by UK international law.

CCPA (California Consumer Privacy Act) - The CCPA is a state statute from California aimed at enhancing the privacy rights and consumer protection of its residents. Enacted in 2018 and effective from January 1, 2020, it allows California consumers to know what personal data is being collected about them, understand if their data is sold or disclosed and to whom, refuse the sale of their data, access their data, request businesses to delete any of their collected personal information, and ensures they are not discriminated against for exercising these rights.

CPRA (California Privacy Rights Act) - The CPRA is an extension and expansion of the CCPA, passed as a ballot initiative in November 2020. It introduces several significant changes to the CCPA, such as the establishment of the California Privacy Protection Agency, which is responsible for enforcing the state's consumer data privacy laws. It also extends the CCPA's exemption for employment-related information, introduces new rights for consumers like the right to correct inaccurate personal information and the right to limit the use of sensitive personal information, and places new obligations on businesses, including the need for regular risk assessments.

LGPD (Lei Geral de Proteção de Dados): The LGPD is Brazil's primary data protection legislation, which stands for "General Data Protection Law" when translated to English. Enacted in August 2018 and effective from September 2020, the LGPD regulates the processing of personal data of individuals within Brazil, regardless of where the data processing entity is located. The law aims to provide transparency in the use of personal data and to ensure the rights of data subjects. It sets out principles, rights, and duties for data processors and controllers, emphasizing the importance of consent, data subjects' rights, and the establishment of a national data protection authority. The LGPD draws inspiration from the European Union's General Data Protection Regulation (GDPR) and represents a significant shift in Brazil's approach to data privacy, emphasizing the protection of individual rights and the importance of transparency in data processing activities.

US Data Privacy Protection Laws: When we talk about US data protection laws, we're diving into the intricate network of legal rules that protect data privacy throughout the country.. The U.S. doesn't operate under a singular, overarching data protection statute. Instead, it boasts a mosaic of federal and state regulations, each tailored to address specific sectors or concerns. Renowned federal statutes like the Colorado Privacy Act (CPA, effective July 1, 2023), the Connecticut Data Privacy Act (CTDPA, effective July 1, 2023), the Utah Consumer Privacy Act (UCPA, effective December 31, 2023), and the Virginia Consumer Data Protection Act (VCDPA, effective January 1, 2023). Also, the Health Insurance Portability and Accountability Act (HIPAA) cater to health information, while the Gramm-Leach-Bliley Act focuses on financial institutions, and the Children's Online Privacy Protection Act (COPPA) zeroes in on the online data of minors. On the state level, trailblazing laws like the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) have set benchmarks for others to follow. Collectively, these laws form the backbone of the US's commitment to ensuring data privacy, security, and transparency for its citizens.

Personal data [personal data] - 'personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Sensitive Type of Data under GDPR - Under the General Data Protection Regulation (GDPR), ‘sensitive data’ is defined as personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic data, biometric data, data concerning health or data concerning a natural person’s sex life or sexual orientation.

Sensitive Type of Data under CCPA/CPRA - Sensitive personal information is a specific subset of personal information that includes certain government identifiers (such as social security numbers); an account log-in, financial account, debit card, or credit card number with any required security code, password, or credentials allowing access to an account; precise geolocation; contents of mail, email, and text messages; genetic data; biometric information processed to identify a consumer; information concerning a consumer’s health, sex life, or sexual orientation; or information about racial or ethnic origin, religious or philosophical beliefs, or union membership. Consumers have the right to limit a business’s use and disclosure of their sensitive personal information.

Processing - Any operation or set of operations performed on personal data, whether or not by automated means. This includes collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, dissemination, alignment, combination, restriction, erasure, or destruction.

Third-Party/Vendor - A natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

How To Contact Us

Fable, Inc. is registered in the United States of America. The Data Protection Lead is Emma Liebmann. You can contact us in any of the following ways:

Name of Data Protection Lead: Emma Liebmann
Company Name: Fable, Inc.
Data Protection Lead Address: emma@fable.app

Our Article 27 Representative

We have appointed EU and UK Representatives under Article 27 of the EU GDPR and UK GDPR respectively. Our appointed representatives are:

Our UK Representative

Under Article 27 of the UK Data Protection Act 2018, we have appointed a UK Representative to act as our data protection agent. Our nominated UK Representative is:

GDPR Local Ltd.
Adam Brogden
contact@gdprlocal.com
Tel +44 1772 217800
1st Floor Front Suite
27-29 North Street, Brighton England
BN1 1EB

Our EU Representative

Under Article 27 of the EU GDPR, we have appointed an EU Representative to act as our data protection agent. Our nominated EU Representative is:

Instant EU GDPR Representative Ltd.
Adam Brogden
contact@gdprlocal.com
Tel +35315549700
INSTANT EU GDPR REPRESENTATIVE LTD
Office 2,
12A Lower Main Street, Lucan Co. Dublin K78 X5P8
Ireland

What will happen if you contact us

If you contact us, we will use the personal information you provide to respond to your inquiry, to provide you with any information or assistance you request, to send you updates about our services or to invite you to participate in events, and to keep a record of your contact and other information, always treating your personal information in accordance with our Privacy Policy and applicable laws and regulations.

We will keep a record of your contact information and any other information you provide to us in order to respond to your inquiry, to improve our services and to comply with legal and regulatory requirements.

If you prefer not to receive marketing communications from us, you can opt-out at any time by following the instructions in the communication or by contacting us directly.

The data we collect is used by Fable to provide our services to you. We may share your data with other companies / organizations / people as required to provide our services or operate our company; however, unless required to do so by law, we will not otherwise share, sell, or distribute any of the information you provide to us without your consent.

We may use your information in order to process and complete transactions, and to send related information, including transaction confirmations and invoices.

How do we collect your data

  • At Fable, we collect data in a number of ways The main ways we collect data include:

  • Account Creation: When users sign up for the platform, they would likely provide basic information such as name, email address, and a password. This information would be essential for creating and managing user accounts;

  • Profile Information: Users might have the option to complete a profile, which could include additional details like a profile picture, job title, company name, and other relevant details to enhance collaboration;

  • Usage Data: As users interact with the platform, data regarding their activities, such as projects they create, collaborate on, or any templates they use, might be collected. This would help in understanding user behavior and improving the platform's features;

  • Feedback and Support: If users provide feedback or reach out for support, any information they share during these interactions might be collected to improve the platform and address user concerns;

  • Collaboration Tools: Given that Fable emphasizes collaboration, users might be able to invite colleagues or team members to join projects. In such cases, email addresses or other contact details of invitees might be collected;

  • Payment Information: If there are premium features or subscription tiers, payment information such as credit card details might be collected to process transactions;

  • Cookies and Tracking: To enhance user experience and for analytical purposes, cookies and other tracking technologies might be used to collect data about user interactions with the platform, preferences, and device information;

  • Third-party Integrations: If Fable integrates with other platforms or tools (e.g., design software, cloud storage), information might be collected from these third-party platforms based on user permissions;

  • Surveys and Promotions: Occasionally, users might be invited to participate in surveys or promotions, and any information provided during these activities could be collected;

  • Community Forums or Discussion Boards: If Fable offers community features, any information shared by users in these public spaces might be collected and stored.

What data we collect

When you use the Services or otherwise engage with us, we may ask you to provide us with certain details or information about you:

  • Basic contact details – name, address, phone number, email. We collect basic contact details communicate with you, provide you with products and services, and to market to you;

  • Account information – your email and password. We collect account information to maintain and secure your account with us. If you choose to use the Services and register an account, you are responsible for keeping your account credentials safe. We highly recommend that you do not share your username, password, or other access details with anyone else. If you believe your account has been compromised, please contact us immediately;

  • Preference information – information that you enter related to projects that you create or access. We collect preference information to provide you with the Services;

  • Transaction information – information related to your purchase of and subscription to our Services. We collect transaction information to provide you with the Services and any other products or services you have requested;

  • Any other information you choose to include in communications with us, for example, when sending a message through the Contact Us email addresses;

  • Some features of the Services may require you to enter certain information about yourself. You may elect not to provide this information, but doing so may prevent you from using or accessing these features.

We may obtain certain information about you from outside sources, such as when you choose to interact with us on social media (e.g., Facebook, Twitter or Medium) or when you choose to log into your Fable account with a separate personal account, such as Google. We also obtain certain information about you from third party vendors and service providers who may collect information directly from you, including our payment processor Stripe. We are not responsible or liable for the accuracy of the information provided to us by third parties and are not responsible for any third party’s policies or practices. See Section 6 below for more information.

In addition to the foregoing, we may use all of the above information to comply with any applicable legal obligations, to enforce any applicable terms of service, and to protect or defend the Services, our rights, the rights of our users, or others.

We recognize that some of this information might be considered sensitive under certain laws mentioned in the definitions. However, we want to assure you that we have implemented every possible measure to safeguard your data and will never share it with third parties without your explicit consent.

What data will be stored

We only collect the necessary personal data to manage our relationship with you, provide services to our clients and run and develop our company.

Account Details:

  • Username or User ID

  • Email address

  • Encrypted password

  • Date of account creation and last login

Profile Information:

  • Profile picture

  • Job title

  • Company name

  • Any other voluntary details provided by the user

Usage Data:

  • Projects created, edited, or viewed

  • Collaboration history (e.g., users invited, users collaborated with)

  • Templates or features used

  • User activity timestamps

Feedback and Support Interactions:

  • User queries or issues reported

  • Correspondence history with support teams

  • Feedback or suggestions provided

Collaboration Tools Data:

  • Email addresses or contact details of invitees

  • Shared project details or files

  • Payment Information (stored securely and in compliance with payment industry standards):

  • Transaction history

  • Subscription details (e.g. start date, renewal date)

  • Last four digits of credit card (full credit card details would typically be processed by a third-party payment processor and not stored directly by Fable)

Cookies and Tracking Data:

  • User preferences and settings

  • Device information (e.g., device type, browser type)

  • IP address

  • Interaction data with the platform (e.g., pages visited, features used)

Third-party Integration Data (based on user permissions):

  • Data retrieved from integrated platforms or tools, such as design files or collaboration details

Survey and Promotion Responses:

  • Answers or feedback provided in surveys

  • Participation details in promotions or contests

Community Forums or Discussion Boards Data:

  • Posts, comments, or interactions in community spaces

  • Usernames or identifiers associated with these interactions

The storage of this data would be done with a focus on security, ensuring data encryption, regular backups, and compliance with data protection regulations. You will have the right to access, modify, or request the deletion of your stored data in line with privacy rights and regulations.

What data will be shared

The specific data we share may vary depending on the nature of our engagement with you, but typically includes the following:

Third-party Service Providers:

  • Payment Processors: Transaction details (excluding full credit card information) might be shared with payment processors to facilitate subscription payments or purchases;

  • Cloud Storage and Hosting: Data might be stored on third-party servers or cloud platforms, which would involve sharing data with these providers;

  • Customer Support Tools: User queries, feedback, and support interactions might be managed through third-party customer support platforms.

Collaboration and Integration:

  • Project Collaborators: If users invite others to collaborate on a project, shared project details, and possibly the user's name or username, might be visible to those collaborators;

  • Third-party Platforms: If users integrate Fable with other platforms or tools, relevant data might be shared with these platforms based on user permissions.

Legal and Compliance:

  • Data might be shared with law enforcement or regulatory bodies if required by law or in response to legal requests;

  • In the event of a merger, acquisition, or sale of assets, user data might be shared with the relevant parties, but users would typically be notified of any such change in ownership or control of their data.

Analytics and Improvement:

  • Aggregated and anonymized data might be shared with analytics providers to understand platform usage, improve features, and optimize user experience. This data would not personally identify individual users.

Marketing and Promotions:

  • With user consent, data might be shared with marketing partners or platforms for targeted advertising or promotional campaigns. Users would have the option to opt-out of such sharing.

Community and Public Spaces:

  • Any information users share in public forums, discussion boards, or community spaces on Fable might be visible to other users or the public.

Affiliates and Partners:

  • Data might be shared with affiliated companies or business partners for operational purposes, joint promotions, or product integrations.It's important to note that any data sharing would be done with a commitment to user privacy. Users would also have the right to control and limit the sharing of their data through privacy settings and preferences.

Children’s data

We do not knowingly collect or maintain Personally-Identifying Information from anyone under the age of 13, unless or except as permitted by law. Any person who provides Personally-Identifying Information through the Website represents to us that he or she is 13 years of age or older. If we learn that Personally-Identifying Information has been collected from a user under 13 years of age on or through the Website, then we will take the appropriate steps to delete this information.

If you are the parent or legal guardian of a child under 13 who has become a member of the Website or has otherwise transferred Personally-Identifying Information to the Website, please contact the Company using our contact information below to have that child's account terminated and information deleted.

No AI in personal data processing

At Fable, we prioritize the privacy and security of our users. In an age where Artificial Intelligence (AI) is increasingly being integrated into various digital platforms, we've made a conscious decision to steer clear of AI when it comes to processing personal information.

Why is this significant? AI algorithms, while powerful, can sometimes operate in ways that are not entirely transparent, leading to potential privacy concerns. By not employing AI in the processing of personal data, Fable ensures that your information is handled with the utmost care and transparency. Every piece of personal data you entrust with us is managed with manual oversight, ensuring no unintended profiling, data mining, or other AI-driven analyses occur without your explicit knowledge and consent.

This approach underscores our commitment to maintaining a platform where users can confidently create, collaborate, and share, knowing that their personal information remains uncompromised and free from AI-driven scrutiny.

Lawful Basis for Processing

We acknowledge and follow the lawful basis established by the GDPR. However, we also respect the lawful bases defined by all relevant laws worldwide, ensuring that we align with the appropriate lawful basis wherever data subjects are located.

We will only use your personal data for the purposes for which we collected it and as you would reasonably expect your data to be processed and only where there is a lawful basis for such processing, for example:

To register you as a new customer Identity, Contact

  • Performance of a contract with you

  • Consent

To process and deliver the products and services you request and to manage payments, fees and charges. Identity, Contact, Financial, Transaction, Marketing and Communications

  • Performance of a contract with you

  • Necessary for our legitimate interests to recover debts owed to us

  • Consent

To manage our ongoing relationship with you which will include notifying you about changes to our terms, services or privacy policy, to maintain our records. Identity, Contact, Profile, Marketing and Communications

  • Performance of a contract with you

  • Necessary to comply with a legal obligation

  • Necessary for our legitimate interests to keep our records updated and to study how customers use our services

  • Consent

To administer and protect our business and our site (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data). Identity, Contact, Technical

  • Necessary for our legitimate interests for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganization or group restructuring exercise

  • Necessary to comply with a legal obligation

  • Consent

To use data analytics to improve our website, services, marketing, customer relationships and experiences. Technical, Usage

  • Necessary for our legitimate interests to define types of customers for our services, to keep our site updated and relevant, to develop our business and to inform our marketing strategy.

  • Consent

To make suggestions and recommendations to you about services that may be of interest to you. Identity, Contact, Technical, Usage, Profile

  • Necessary for our legitimate interests to develop our services and grow our business

  • Consent


Territorial / Framework Specific Clauses

GDPR-Specific Clauses for EU/UK Citizens Using Fable

At Fable, we are deeply committed to ensuring the privacy and protection of our users' data. In line with the General Data Protection Regulation (GDPR), we adhere to the following principles when processing personal data:

Lawfulness, Fairness, and Transparency: Every piece of personal data we process has a lawful basis, whether it's user consent, contractual necessity, or another valid reason. We ensure that our data processing activities are transparent, and users are informed about how their data is used.

Purpose Limitation: We collect personal data for specific, explicit, and legitimate purposes. We ensure that data is not processed in a manner that is incompatible with those purposes unless the user provides explicit consent or it's required by law.

Data Minimization: We only collect and process the personal data that is necessary for the purposes for which it is collected. We avoid excessive data collection and ensure that irrelevant or unnecessary data is not retained.

Accuracy: We take every step to ensure that the personal data we hold is accurate and up-to-date. If any inaccuracies are identified, we act swiftly to correct or delete them.

Storage Limitation: We retain personal data only for as long as necessary for the purposes for which it was collected. Once the data is no longer required, we ensure it is deleted or anonymized.

Integrity and Confidentiality: We employ robust security measures to protect personal data from unauthorized access, alteration, disclosure, or destruction. This includes both technical measures, like encryption, and organizational measures, like staff training.

Accountability: We take responsibility for the personal data we hold and process. We have measures in place to demonstrate compliance with GDPR principles, including maintaining relevant documentation, conducting regular audits, and appointing a Data Protection Officer (DPO) to oversee our data protection strategies.

Rights under the General Data Protection Regulation (GDPR)

We respect and facilitate the rights of data subjects under the GDPR. This includes rights to access, rectification, erasure, data portability, and objection to processing. We have processes in place to respond to data subject requests in a timely and compliant manner.

If you are a citizen of the European Union (EU) or the United Kingdom (UK), you have the following rights:

Right to Access: You have the right to request access to your personal data that Fable processes. This includes information about the purposes of processing, the categories of personal data concerned, and the recipients of the personal data.

Right to Rectification: Should you find that your personal data held by Fable is inaccurate or incomplete, you have the right to request its correction.

Right to Erasure (‘Right to be Forgotten’): Under certain conditions, you can request the deletion of your personal data. For instance, if the data is no longer necessary for the purposes for which it was collected.

Right to Restriction of Processing: You can request a temporary halt to the processing of your personal data, for reasons such as contesting its accuracy or objecting to its processing.

Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format. This allows you to transfer your data to another service provider if you wish.

Right to Object: If Fable processes your data based on legitimate interests or the performance of a task in the public interest/exercise of official authority, you can object to this processing, unless Fable can demonstrate compelling legitimate grounds for the processing.

Automated Individual Decision-making, Including Profiling: You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

Right to Lodge a Complaint: If you believe that Fable is not processing your personal data in accordance with GDPR regulations, you have the right to lodge a complaint with a supervisory authority in your member state.

US Data Privacy Protection Laws

At Fable we understand that adherence to all US data protection laws is of utmost importance. The United States has a complex system of legal rules that vigorously safeguard data privacy. Instead of having a single, overarching data protection law, the country operates under a mosaic of federal and state regulations, each carefully designed to address specific sectors and concerns. For example, important federal statutes like the Colorado Privacy Act (CPA, effective from July 1, 2023), the Connecticut Data Privacy Act (CTDPA, effective from July 1, 2023), the Utah Consumer Privacy Act (UCPA, effective from December 31, 2023), and the Virginia Consumer Data Protection Act (VCDPA, effective from January 1, 2023) play significant roles.

Moreover, there are specialized laws like the Health Insurance Portability and Accountability Act (HIPAA) for health information, the Gramm-Leach-Bliley Act for financial institutions, and the Children's Online Privacy Protection Act (COPPA) for the online data of minors. On the state level, trailblazing legislations such as the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) have set the standard for others to follow.

At Fable, we handle data with the utmost care and in a manner that aligns with the expectations and values of our users. Our data processing practices strictly adhere to the provisions outlined in US Data Privacy Protection Laws. We hold a deep respect for your rights under these regulations, including those that pertain to specific states like Delaware, Virginia, Colorado, every data privacy protecion law in force and any new ones that may arise. Our commitment mirrors the United States' steadfast dedication to safeguarding data privacy, enhancing security, and promoting transparency for all its citizens.

CCPA/CRPA - Specific Clauses for California Citizens Using Fable

At Fable, we recognise the importance of user privacy and are committed to upholding the highest standards of data protection, especially for our users based in California. In line with the California Consumer Privacy Act (CCPA), we have implemented the following measures:

Selling Consumer Data:

Fable is dedicated to maintaining the trust of our users. We want to be transparent about how we handle consumer data. If at any point we engage in the sale of consumer data, we will ensure that users have the choice to opt out of such sharing.

To facilitate this, we will prominently display a “Do Not Sell My Personal Information” link on our homepage. This link will direct users to a dedicated web page where they can exercise their right to opt out of any potential data sales.

Consumer Data Requests:

Users have the right to know what personal information Fable has collected about them and with whom it has been shared.

We provide multiple methods for users to submit data requests, including a dedicated phone number and a specific section on our website.

Upon receiving a request, we will identify and provide all collected information about the user and disclose any parties the data has been shared with.

Additionally, users have the right to request the deletion of their data. We are committed to complying with such requests within 45 days of receipt.

CCPA Specific Privacy Policy Specific Clauses

Fable's privacy policy is regularly updated to reflect our commitment to the CCPA. We ensure that our policy:

  • Highlights the rights afforded to users by the CCPA.

  • Clearly identifies the categories of personal information we have collected.

  • Explains the commercial reasons for collecting this data.

  • Specifies the categories of data, if any, that have been sold to third parties.

At Fable, we believe in a transparent and user-centric approach to data protection. Our adherence to the CCPA is a testament to our commitment to ensuring that our users, especially those in California, can confidently use our platform with their rights and privacy safeguarded.

Rights under the California Consumer Privacy Act (CCPA), and the California Privacy Rights Act (CPRA)

At Fable, we prioritise the privacy and rights of our users, especially those residing in California. In line with the California Consumer Privacy Act of 2018 (CCPA) and its subsequent amendments, we have implemented measures to ensure that our California-based users can exercise their rights fully.

Under the CCPA, California consumers have the following rights:

Right to Know: Users have the right to know about the personal information Fable collects about them, including how it is used and shared.

Right to Delete: Users can request the deletion of their personal information, with certain exceptions.

Right to Opt-Out: Users have the right to opt-out of the sale or sharing of their personal information.

Right to Non-Discrimination: Fable ensures that users are not discriminated against for exercising their CCPA rights.

In November 2020, California voters approved Proposition 24, the California Privacy Rights Act (CPRA), which further amended the CCPA. As of January 1, 2023, Fable has incorporated the following additional rights for California consumers:

Right to Correct: Users can request the correction of inaccurate personal information that Fable holds about them.

Right to Limit Use and Disclosure: Users have the right to limit the use and disclosure of sensitive personal information collected about them.

At Fable, we have taken proactive steps to ensure that our platform is compliant with the CCPA and its subsequent amendments. We believe in transparency, user empowerment, and the importance of safeguarding personal data. Our California-based users can confidently use our platform, knowing that their privacy rights are respected and protected.

Lei Geral De Proteção de Dados (LGDP) - Specific Clauses for Brazil Citizens Using Fable

Fable's Commitment to the Lei Geral de Proteção de Dados (LGPD)

At Fable, we are dedicated to upholding the highest standards of data protection for all our users, including those in Brazil. In alignment with the Lei Geral de Proteção de Dados (LGPD), we adhere to the following principles when processing personal data:

Purpose: We ensure that all personal data is processed for legitimate, clear, and previously specified purposes.

Suitability: The processing of personal data at Fable is always compatible with the context in which the data was initially collected.

Necessity: We strictly process data that is relevant, proportional, and necessary to achieve our specified purposes.

Free Access: Fable is committed to providing users with comprehensive information about the form, duration, and integrity of their personal data processing.

Data Quality: We prioritize maintaining personal data that is accurate, clear, relevant, and up-to-date, ensuring its integrity and reliability.

Transparency: Our users are provided with clear, precise, and easily accessible information about our data processing activities, ensuring they are always informed.

Security: Fable employs robust technical and administrative measures to safeguard personal data from unauthorized access, breaches, and accidental loss.

Prevention: Our data processing practices are designed to prevent any harm or adverse effects to our users.

Non-discrimination: We pledge never to process personal data in ways that could be deemed unlawful, abusive, or discriminatory against any individual.

Accountability: At Fable, we take responsibility for the personal data under our care. We continuously strive to demonstrate our compliance with privacy and data protection laws, including the LGPD.

Rights under the Lei Geral De Proteção de Dados (LGDP)

Our commitment to the LGPD underscores our dedication to ensuring that our users, especially those in Brazil, can confidently use our platform with their rights and privacy safeguarded. For any queries or to exercise your rights under the LGPD, please refer to our privacy policy or contact our dedicated privacy team.

At Fable, we are committed to upholding the rights of our users, especially those in Brazil, as outlined in the Lei Geral de Proteção de Dados (LGPD). As controllers of personal data, we recognize our responsibility to safeguard and facilitate these rights.

The nine data subject rights, as stipulated in Article 18 of the LGPD, are as follows:

Confirmation of Processing: Upon request, we will confirm whether we have processed an individual's personal data.

Access: Users can request access to their personal data, and we are committed to providing it promptly.

Correction: If a user's personal data is inaccurate, incomplete, or out-of-date, we will take steps to correct it.

Data Erasure, Anonymization, or Blocking: We will erase, anonymize, or block personal data that is deemed unnecessary, excessive, or processed in violation of the LGPD.

Data Transfer: Upon request, we will facilitate the transfer of a user's personal data to another organization.

Data Deletion: If personal data was collected with user consent, they can request its deletion (subject to certain exceptions).

Third-Party Sharing Information: We will inform users about any third parties with whom we have shared their personal data.

Refusal of Consent: We ensure that users are informed about their right to refuse consent and the consequences of such refusal.

Revocation of Consent: Users have the right to revoke their consent to our processing of their personal data, and we facilitate this right.

Furthermore, in line with Article 20 of the LGPD, if we make significant decisions affecting a user's interests using entirely automated processes, such as AI-driven recommendations, the user has the right to request a human review of that decision.

At Fable, we prioritize transparency, user empowerment, and the importance of safeguarding personal data. Our adherence to the LGPD's data subject rights is a testament to our commitment to ensuring that our users, especially those in Brazil, can confidently use our platform with their rights and privacy safeguarded.

For any queries or to exercise your rights under the LGPD, please refer to our privacy policy or contact our dedicated privacy team.

Other Applicable Regulations

Depending on your location and the use of our services, you may be subject to additional data protection regulations beyond those mentioned above. At Fable Inc., we want to assure you that we are committed to complying with all relevant local regulations to the best of our abilities, while also taking into consideration our operational constraints. Your data privacy and security remain a top priority for us, and we aim to ensure that our practices align with the specific requirements of your region or jurisdiction, wherever you may be.

This privacy policy is designed to encompass all relevant data protection laws currently in effect, including those listed in the following table, which are not exempted.

European Union
General Data Protection Regulation (GDPR)
Right to Access, Right to Rectification, Right to Erasure (‘Right to be Forgotten’), Right to Restriction of Processing, Right to Data Portability, Right to Object, Automated Individual Decision-making, Including Profiling and the Right to Lodge a Complaint

USA
California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
Right to Know, Right to Delete, Right to Opt-Out, Right to Non-Discrimination, Right to Correct, Right to Limit Use and Disclosure.

Brazil
Lei Geral de Proteção de Dados (LGPD)
Confirmation of Processing, Access, Correction, Data Erasure, Anonymization, or Blocking, Data Transfer, Data Deletion, Third-Party Sharing Information, Refusal of Consent and Revocation of Consent.

India
Personal Data Protection Bill (PDPB)
Rights to access information, Rights to data portability, Right to be forgotten, Оbjection to direct marketing and profiling, the right to review the information provided and withdraw consent that was previously provided.

Australia
Privacy Act 1988 (including the Australian Privacy Principles)
Right to know why your personal information is being collected, how it will be used and who it will be disclosed to, have the option of not identifying yourself, or of using a pseudonym in certain circumstances, ask for access to your personal information (including your health information), stop receiving unwanted direct marketing, ask for your personal information that is incorrect to be corrected, make a complaint about an organisation or agency the Privacy Act covers, if you think they’ve mishandled your personal information.

Canada
Personal Information Protection and Electronic Documents Act (PIPEDA)
Right to access the data subject's own personal data, right to rectify/correct the data subject's own personal data where inaccurate or incomplete, right to erasure of personal data, right to restrict data processing, right to object to the processing of personal data and right to withdraw consent.

South Africa
Protection of Personal Information Act (POPIA)
Right to access the data subject's own personal data, right to rectify/correct the data subject's own personal data where inaccurate or incomplete, right to erasure of personal data, right to restrict data processing, right to object to the processing of personal data and right to withdraw consent.

Japan
Act on the Protection of Personal Information (APPI)
Right to access the data subject's own personal data, right to rectify/correct the data subject's own personal data where inaccurate or incomplete, right to erasure of personal data and right to restrict data processing.

Singapore
Personal Data Protection Act (PDPA)
Right to access the data subject's own personal data, right to rectify/correct the data subject's own personal data where inaccurate or incomplete, right to data portability (passed by Parliament but not yet in force) and the right to withdraw consent.

China
Personal Information Protection Law
Right to access the data subject's own personal data,right to rectify/correct the data subject's own personal data where inaccurate or incomplete, right to erasure of personal data, right to restrict data processing, right to data portability, right to object to the processing of personal data, right to withdraw consent, and the right to lodge a complaint.

Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know such data. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

Where required under GDPR will report any breaches or potential breaches to the appropriate authorities within 24 hours and to anyone affected by a breach within 72 hours. If you have any queries or concerns about your data usage, please contact us.

Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

Cookies

A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added, and the cookie helps analyze web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences. We use traffic log cookies to identify which pages are being used. This helps us analyze data about webpage traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

Overall, cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

As well as your ability to accept or reject cookies, we also require your permission to store cookies on your machine, which is why when you visit our site, you are presented with the ability to accept our terms of use, including the storage of cookies on your machine.

Exercising your right to lodge a complaint to a local data protection authority

If you remain dissatisfied, then you have the right to apply directly to your local data protection authority. You can find the list at:

https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm

This document demonstrates our commitment to your privacy based regardless of territory, framework or other applicable laws. We are committed to protecting your privacy in all interactions and will at all times respect your rights and will respond professionally and courteously to any request.

Fable's Privacy Policy

Last Revised on May 12, 2021

This privacy policy reflects our dedication to protecting data in all regions where we operate. We respect the rights of individuals worldwide and are fully committed to complying with all applicable regulations and legal guidelines.

How this Policy Works

This document is organized into several sections. The initial section [Common Clauses] outlines our overall approach to data collection, storage, and processing. Subsequent sections detail specific regulations that apply depending on your location or the use of our services.

To gain a comprehensive understanding of how we handle your data and ensure that we uphold your rights under relevant data protection regulations, we recommend reading the first section and any sections applicable to your situation.

In cases where our general guidelines may differ somewhat from territorial regulations, the specific territorial clauses take precedence. Nevertheless, rest assured that we prioritize your privacy and are committed to respecting your rights as dictated by applicable regulations. We are dedicated to addressing any inquiries, complaints, or concerns in a professional and timely manner.

Common Clauses

Definitions

GDPR - Whenever the terms 'The General Data Protection Regulations’ or ‘GDPR' are referred to in this document, it pertains to both The Regulation (EU) 2016/679 (EU GDPR) and The Data Protection Act 2018 (UK GDPR). Should there be a need to invoke other regulations, they will be appropriately and distinctly named.

The Regulation (EU) 2016/679 (EU GDPR) Territorial scope - The territorial scope of the GDPR encompasses the processing of personal data by entities established within the European Union/UK, regardless of where the processing occurs, as well as entities outside the EU/UK that either offer goods or services to individuals within the EU or monitor their behavior within the Union. It also applies in situations governed by a Member State's public international law. This means the GDPR's reach extends beyond the EU's borders, affecting organizations globally that interact with EU residents.

The Data Protection Act 2018 (UK GDPR) Territorial Scope - The UK GDPR, which came into effect post-Brexit, maintains similar territorial principles. It applies to the processing of personal data by entities established within the United Kingdom. For entities outside the UK, the UK GDPR applies if they offer goods or services to, or monitor the behavior of, individuals within the UK. It also captures situations dictated by UK international law.

CCPA (California Consumer Privacy Act) - The CCPA is a state statute from California aimed at enhancing the privacy rights and consumer protection of its residents. Enacted in 2018 and effective from January 1, 2020, it allows California consumers to know what personal data is being collected about them, understand if their data is sold or disclosed and to whom, refuse the sale of their data, access their data, request businesses to delete any of their collected personal information, and ensures they are not discriminated against for exercising these rights.

CPRA (California Privacy Rights Act) - The CPRA is an extension and expansion of the CCPA, passed as a ballot initiative in November 2020. It introduces several significant changes to the CCPA, such as the establishment of the California Privacy Protection Agency, which is responsible for enforcing the state's consumer data privacy laws. It also extends the CCPA's exemption for employment-related information, introduces new rights for consumers like the right to correct inaccurate personal information and the right to limit the use of sensitive personal information, and places new obligations on businesses, including the need for regular risk assessments.

LGPD (Lei Geral de Proteção de Dados): The LGPD is Brazil's primary data protection legislation, which stands for "General Data Protection Law" when translated to English. Enacted in August 2018 and effective from September 2020, the LGPD regulates the processing of personal data of individuals within Brazil, regardless of where the data processing entity is located. The law aims to provide transparency in the use of personal data and to ensure the rights of data subjects. It sets out principles, rights, and duties for data processors and controllers, emphasizing the importance of consent, data subjects' rights, and the establishment of a national data protection authority. The LGPD draws inspiration from the European Union's General Data Protection Regulation (GDPR) and represents a significant shift in Brazil's approach to data privacy, emphasizing the protection of individual rights and the importance of transparency in data processing activities.

US Data Privacy Protection Laws: When we talk about US data protection laws, we're diving into the intricate network of legal rules that protect data privacy throughout the country.. The U.S. doesn't operate under a singular, overarching data protection statute. Instead, it boasts a mosaic of federal and state regulations, each tailored to address specific sectors or concerns. Renowned federal statutes like the Colorado Privacy Act (CPA, effective July 1, 2023), the Connecticut Data Privacy Act (CTDPA, effective July 1, 2023), the Utah Consumer Privacy Act (UCPA, effective December 31, 2023), and the Virginia Consumer Data Protection Act (VCDPA, effective January 1, 2023). Also, the Health Insurance Portability and Accountability Act (HIPAA) cater to health information, while the Gramm-Leach-Bliley Act focuses on financial institutions, and the Children's Online Privacy Protection Act (COPPA) zeroes in on the online data of minors. On the state level, trailblazing laws like the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) have set benchmarks for others to follow. Collectively, these laws form the backbone of the US's commitment to ensuring data privacy, security, and transparency for its citizens.

Personal data [personal data] - 'personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Sensitive Type of Data under GDPR - Under the General Data Protection Regulation (GDPR), ‘sensitive data’ is defined as personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic data, biometric data, data concerning health or data concerning a natural person’s sex life or sexual orientation.

Sensitive Type of Data under CCPA/CPRA - Sensitive personal information is a specific subset of personal information that includes certain government identifiers (such as social security numbers); an account log-in, financial account, debit card, or credit card number with any required security code, password, or credentials allowing access to an account; precise geolocation; contents of mail, email, and text messages; genetic data; biometric information processed to identify a consumer; information concerning a consumer’s health, sex life, or sexual orientation; or information about racial or ethnic origin, religious or philosophical beliefs, or union membership. Consumers have the right to limit a business’s use and disclosure of their sensitive personal information.

Processing - Any operation or set of operations performed on personal data, whether or not by automated means. This includes collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, dissemination, alignment, combination, restriction, erasure, or destruction.

Third-Party/Vendor - A natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

How To Contact Us

Fable, Inc. is registered in the United States of America. The Data Protection Lead is Emma Liebmann. You can contact us in any of the following ways:

Name of Data Protection Lead: Emma Liebmann
Company Name: Fable, Inc.
Data Protection Lead Address: emma@fable.app

Our Article 27 Representative

We have appointed EU and UK Representatives under Article 27 of the EU GDPR and UK GDPR respectively. Our appointed representatives are:

Our UK Representative

Under Article 27 of the UK Data Protection Act 2018, we have appointed a UK Representative to act as our data protection agent. Our nominated UK Representative is:

GDPR Local Ltd.
Adam Brogden
contact@gdprlocal.com
Tel +44 1772 217800
1st Floor Front Suite
27-29 North Street, Brighton England
BN1 1EB

Our EU Representative

Under Article 27 of the EU GDPR, we have appointed an EU Representative to act as our data protection agent. Our nominated EU Representative is:

Instant EU GDPR Representative Ltd.
Adam Brogden
contact@gdprlocal.com
Tel +35315549700
INSTANT EU GDPR REPRESENTATIVE LTD
Office 2,
12A Lower Main Street, Lucan Co. Dublin K78 X5P8
Ireland

What will happen if you contact us

If you contact us, we will use the personal information you provide to respond to your inquiry, to provide you with any information or assistance you request, to send you updates about our services or to invite you to participate in events, and to keep a record of your contact and other information, always treating your personal information in accordance with our Privacy Policy and applicable laws and regulations.

We will keep a record of your contact information and any other information you provide to us in order to respond to your inquiry, to improve our services and to comply with legal and regulatory requirements.

If you prefer not to receive marketing communications from us, you can opt-out at any time by following the instructions in the communication or by contacting us directly.

The data we collect is used by Fable to provide our services to you. We may share your data with other companies / organizations / people as required to provide our services or operate our company; however, unless required to do so by law, we will not otherwise share, sell, or distribute any of the information you provide to us without your consent.

We may use your information in order to process and complete transactions, and to send related information, including transaction confirmations and invoices.

How do we collect your data

  • At Fable, we collect data in a number of ways The main ways we collect data include:

  • Account Creation: When users sign up for the platform, they would likely provide basic information such as name, email address, and a password. This information would be essential for creating and managing user accounts;

  • Profile Information: Users might have the option to complete a profile, which could include additional details like a profile picture, job title, company name, and other relevant details to enhance collaboration;

  • Usage Data: As users interact with the platform, data regarding their activities, such as projects they create, collaborate on, or any templates they use, might be collected. This would help in understanding user behavior and improving the platform's features;

  • Feedback and Support: If users provide feedback or reach out for support, any information they share during these interactions might be collected to improve the platform and address user concerns;

  • Collaboration Tools: Given that Fable emphasizes collaboration, users might be able to invite colleagues or team members to join projects. In such cases, email addresses or other contact details of invitees might be collected;

  • Payment Information: If there are premium features or subscription tiers, payment information such as credit card details might be collected to process transactions;

  • Cookies and Tracking: To enhance user experience and for analytical purposes, cookies and other tracking technologies might be used to collect data about user interactions with the platform, preferences, and device information;

  • Third-party Integrations: If Fable integrates with other platforms or tools (e.g., design software, cloud storage), information might be collected from these third-party platforms based on user permissions;

  • Surveys and Promotions: Occasionally, users might be invited to participate in surveys or promotions, and any information provided during these activities could be collected;

  • Community Forums or Discussion Boards: If Fable offers community features, any information shared by users in these public spaces might be collected and stored.

What data we collect

When you use the Services or otherwise engage with us, we may ask you to provide us with certain details or information about you:

  • Basic contact details – name, address, phone number, email. We collect basic contact details communicate with you, provide you with products and services, and to market to you;

  • Account information – your email and password. We collect account information to maintain and secure your account with us. If you choose to use the Services and register an account, you are responsible for keeping your account credentials safe. We highly recommend that you do not share your username, password, or other access details with anyone else. If you believe your account has been compromised, please contact us immediately;

  • Preference information – information that you enter related to projects that you create or access. We collect preference information to provide you with the Services;

  • Transaction information – information related to your purchase of and subscription to our Services. We collect transaction information to provide you with the Services and any other products or services you have requested;

  • Any other information you choose to include in communications with us, for example, when sending a message through the Contact Us email addresses;

  • Some features of the Services may require you to enter certain information about yourself. You may elect not to provide this information, but doing so may prevent you from using or accessing these features.

We may obtain certain information about you from outside sources, such as when you choose to interact with us on social media (e.g., Facebook, Twitter or Medium) or when you choose to log into your Fable account with a separate personal account, such as Google. We also obtain certain information about you from third party vendors and service providers who may collect information directly from you, including our payment processor Stripe. We are not responsible or liable for the accuracy of the information provided to us by third parties and are not responsible for any third party’s policies or practices. See Section 6 below for more information.

In addition to the foregoing, we may use all of the above information to comply with any applicable legal obligations, to enforce any applicable terms of service, and to protect or defend the Services, our rights, the rights of our users, or others.

We recognize that some of this information might be considered sensitive under certain laws mentioned in the definitions. However, we want to assure you that we have implemented every possible measure to safeguard your data and will never share it with third parties without your explicit consent.

What data will be stored

We only collect the necessary personal data to manage our relationship with you, provide services to our clients and run and develop our company.

Account Details:

  • Username or User ID

  • Email address

  • Encrypted password

  • Date of account creation and last login

Profile Information:

  • Profile picture

  • Job title

  • Company name

  • Any other voluntary details provided by the user

Usage Data:

  • Projects created, edited, or viewed

  • Collaboration history (e.g., users invited, users collaborated with)

  • Templates or features used

  • User activity timestamps

Feedback and Support Interactions:

  • User queries or issues reported

  • Correspondence history with support teams

  • Feedback or suggestions provided

Collaboration Tools Data:

  • Email addresses or contact details of invitees

  • Shared project details or files

  • Payment Information (stored securely and in compliance with payment industry standards):

  • Transaction history

  • Subscription details (e.g. start date, renewal date)

  • Last four digits of credit card (full credit card details would typically be processed by a third-party payment processor and not stored directly by Fable)

Cookies and Tracking Data:

  • User preferences and settings

  • Device information (e.g., device type, browser type)

  • IP address

  • Interaction data with the platform (e.g., pages visited, features used)

Third-party Integration Data (based on user permissions):

  • Data retrieved from integrated platforms or tools, such as design files or collaboration details

Survey and Promotion Responses:

  • Answers or feedback provided in surveys

  • Participation details in promotions or contests

Community Forums or Discussion Boards Data:

  • Posts, comments, or interactions in community spaces

  • Usernames or identifiers associated with these interactions

The storage of this data would be done with a focus on security, ensuring data encryption, regular backups, and compliance with data protection regulations. You will have the right to access, modify, or request the deletion of your stored data in line with privacy rights and regulations.

What data will be shared

The specific data we share may vary depending on the nature of our engagement with you, but typically includes the following:

Third-party Service Providers:

  • Payment Processors: Transaction details (excluding full credit card information) might be shared with payment processors to facilitate subscription payments or purchases;

  • Cloud Storage and Hosting: Data might be stored on third-party servers or cloud platforms, which would involve sharing data with these providers;

  • Customer Support Tools: User queries, feedback, and support interactions might be managed through third-party customer support platforms.

Collaboration and Integration:

  • Project Collaborators: If users invite others to collaborate on a project, shared project details, and possibly the user's name or username, might be visible to those collaborators;

  • Third-party Platforms: If users integrate Fable with other platforms or tools, relevant data might be shared with these platforms based on user permissions.

Legal and Compliance:

  • Data might be shared with law enforcement or regulatory bodies if required by law or in response to legal requests;

  • In the event of a merger, acquisition, or sale of assets, user data might be shared with the relevant parties, but users would typically be notified of any such change in ownership or control of their data.

Analytics and Improvement:

  • Aggregated and anonymized data might be shared with analytics providers to understand platform usage, improve features, and optimize user experience. This data would not personally identify individual users.

Marketing and Promotions:

  • With user consent, data might be shared with marketing partners or platforms for targeted advertising or promotional campaigns. Users would have the option to opt-out of such sharing.

Community and Public Spaces:

  • Any information users share in public forums, discussion boards, or community spaces on Fable might be visible to other users or the public.

Affiliates and Partners:

  • Data might be shared with affiliated companies or business partners for operational purposes, joint promotions, or product integrations.It's important to note that any data sharing would be done with a commitment to user privacy. Users would also have the right to control and limit the sharing of their data through privacy settings and preferences.

Children’s data

We do not knowingly collect or maintain Personally-Identifying Information from anyone under the age of 13, unless or except as permitted by law. Any person who provides Personally-Identifying Information through the Website represents to us that he or she is 13 years of age or older. If we learn that Personally-Identifying Information has been collected from a user under 13 years of age on or through the Website, then we will take the appropriate steps to delete this information.

If you are the parent or legal guardian of a child under 13 who has become a member of the Website or has otherwise transferred Personally-Identifying Information to the Website, please contact the Company using our contact information below to have that child's account terminated and information deleted.

No AI in personal data processing

At Fable, we prioritize the privacy and security of our users. In an age where Artificial Intelligence (AI) is increasingly being integrated into various digital platforms, we've made a conscious decision to steer clear of AI when it comes to processing personal information.

Why is this significant? AI algorithms, while powerful, can sometimes operate in ways that are not entirely transparent, leading to potential privacy concerns. By not employing AI in the processing of personal data, Fable ensures that your information is handled with the utmost care and transparency. Every piece of personal data you entrust with us is managed with manual oversight, ensuring no unintended profiling, data mining, or other AI-driven analyses occur without your explicit knowledge and consent.

This approach underscores our commitment to maintaining a platform where users can confidently create, collaborate, and share, knowing that their personal information remains uncompromised and free from AI-driven scrutiny.

Lawful Basis for Processing

We acknowledge and follow the lawful basis established by the GDPR. However, we also respect the lawful bases defined by all relevant laws worldwide, ensuring that we align with the appropriate lawful basis wherever data subjects are located.

We will only use your personal data for the purposes for which we collected it and as you would reasonably expect your data to be processed and only where there is a lawful basis for such processing, for example:

To register you as a new customer Identity, Contact

  • Performance of a contract with you

  • Consent

To process and deliver the products and services you request and to manage payments, fees and charges. Identity, Contact, Financial, Transaction, Marketing and Communications

  • Performance of a contract with you

  • Necessary for our legitimate interests to recover debts owed to us

  • Consent

To manage our ongoing relationship with you which will include notifying you about changes to our terms, services or privacy policy, to maintain our records. Identity, Contact, Profile, Marketing and Communications

  • Performance of a contract with you

  • Necessary to comply with a legal obligation

  • Necessary for our legitimate interests to keep our records updated and to study how customers use our services

  • Consent

To administer and protect our business and our site (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data). Identity, Contact, Technical

  • Necessary for our legitimate interests for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganization or group restructuring exercise

  • Necessary to comply with a legal obligation

  • Consent

To use data analytics to improve our website, services, marketing, customer relationships and experiences. Technical, Usage

  • Necessary for our legitimate interests to define types of customers for our services, to keep our site updated and relevant, to develop our business and to inform our marketing strategy.

  • Consent

To make suggestions and recommendations to you about services that may be of interest to you. Identity, Contact, Technical, Usage, Profile

  • Necessary for our legitimate interests to develop our services and grow our business

  • Consent


Territorial / Framework Specific Clauses

GDPR-Specific Clauses for EU/UK Citizens Using Fable

At Fable, we are deeply committed to ensuring the privacy and protection of our users' data. In line with the General Data Protection Regulation (GDPR), we adhere to the following principles when processing personal data:

Lawfulness, Fairness, and Transparency: Every piece of personal data we process has a lawful basis, whether it's user consent, contractual necessity, or another valid reason. We ensure that our data processing activities are transparent, and users are informed about how their data is used.

Purpose Limitation: We collect personal data for specific, explicit, and legitimate purposes. We ensure that data is not processed in a manner that is incompatible with those purposes unless the user provides explicit consent or it's required by law.

Data Minimization: We only collect and process the personal data that is necessary for the purposes for which it is collected. We avoid excessive data collection and ensure that irrelevant or unnecessary data is not retained.

Accuracy: We take every step to ensure that the personal data we hold is accurate and up-to-date. If any inaccuracies are identified, we act swiftly to correct or delete them.

Storage Limitation: We retain personal data only for as long as necessary for the purposes for which it was collected. Once the data is no longer required, we ensure it is deleted or anonymized.

Integrity and Confidentiality: We employ robust security measures to protect personal data from unauthorized access, alteration, disclosure, or destruction. This includes both technical measures, like encryption, and organizational measures, like staff training.

Accountability: We take responsibility for the personal data we hold and process. We have measures in place to demonstrate compliance with GDPR principles, including maintaining relevant documentation, conducting regular audits, and appointing a Data Protection Officer (DPO) to oversee our data protection strategies.

Rights under the General Data Protection Regulation (GDPR)

We respect and facilitate the rights of data subjects under the GDPR. This includes rights to access, rectification, erasure, data portability, and objection to processing. We have processes in place to respond to data subject requests in a timely and compliant manner.

If you are a citizen of the European Union (EU) or the United Kingdom (UK), you have the following rights:

Right to Access: You have the right to request access to your personal data that Fable processes. This includes information about the purposes of processing, the categories of personal data concerned, and the recipients of the personal data.

Right to Rectification: Should you find that your personal data held by Fable is inaccurate or incomplete, you have the right to request its correction.

Right to Erasure (‘Right to be Forgotten’): Under certain conditions, you can request the deletion of your personal data. For instance, if the data is no longer necessary for the purposes for which it was collected.

Right to Restriction of Processing: You can request a temporary halt to the processing of your personal data, for reasons such as contesting its accuracy or objecting to its processing.

Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format. This allows you to transfer your data to another service provider if you wish.

Right to Object: If Fable processes your data based on legitimate interests or the performance of a task in the public interest/exercise of official authority, you can object to this processing, unless Fable can demonstrate compelling legitimate grounds for the processing.

Automated Individual Decision-making, Including Profiling: You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

Right to Lodge a Complaint: If you believe that Fable is not processing your personal data in accordance with GDPR regulations, you have the right to lodge a complaint with a supervisory authority in your member state.

US Data Privacy Protection Laws

At Fable we understand that adherence to all US data protection laws is of utmost importance. The United States has a complex system of legal rules that vigorously safeguard data privacy. Instead of having a single, overarching data protection law, the country operates under a mosaic of federal and state regulations, each carefully designed to address specific sectors and concerns. For example, important federal statutes like the Colorado Privacy Act (CPA, effective from July 1, 2023), the Connecticut Data Privacy Act (CTDPA, effective from July 1, 2023), the Utah Consumer Privacy Act (UCPA, effective from December 31, 2023), and the Virginia Consumer Data Protection Act (VCDPA, effective from January 1, 2023) play significant roles.

Moreover, there are specialized laws like the Health Insurance Portability and Accountability Act (HIPAA) for health information, the Gramm-Leach-Bliley Act for financial institutions, and the Children's Online Privacy Protection Act (COPPA) for the online data of minors. On the state level, trailblazing legislations such as the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) have set the standard for others to follow.

At Fable, we handle data with the utmost care and in a manner that aligns with the expectations and values of our users. Our data processing practices strictly adhere to the provisions outlined in US Data Privacy Protection Laws. We hold a deep respect for your rights under these regulations, including those that pertain to specific states like Delaware, Virginia, Colorado, every data privacy protecion law in force and any new ones that may arise. Our commitment mirrors the United States' steadfast dedication to safeguarding data privacy, enhancing security, and promoting transparency for all its citizens.

CCPA/CRPA - Specific Clauses for California Citizens Using Fable

At Fable, we recognise the importance of user privacy and are committed to upholding the highest standards of data protection, especially for our users based in California. In line with the California Consumer Privacy Act (CCPA), we have implemented the following measures:

Selling Consumer Data:

Fable is dedicated to maintaining the trust of our users. We want to be transparent about how we handle consumer data. If at any point we engage in the sale of consumer data, we will ensure that users have the choice to opt out of such sharing.

To facilitate this, we will prominently display a “Do Not Sell My Personal Information” link on our homepage. This link will direct users to a dedicated web page where they can exercise their right to opt out of any potential data sales.

Consumer Data Requests:

Users have the right to know what personal information Fable has collected about them and with whom it has been shared.

We provide multiple methods for users to submit data requests, including a dedicated phone number and a specific section on our website.

Upon receiving a request, we will identify and provide all collected information about the user and disclose any parties the data has been shared with.

Additionally, users have the right to request the deletion of their data. We are committed to complying with such requests within 45 days of receipt.

CCPA Specific Privacy Policy Specific Clauses

Fable's privacy policy is regularly updated to reflect our commitment to the CCPA. We ensure that our policy:

  • Highlights the rights afforded to users by the CCPA.

  • Clearly identifies the categories of personal information we have collected.

  • Explains the commercial reasons for collecting this data.

  • Specifies the categories of data, if any, that have been sold to third parties.

At Fable, we believe in a transparent and user-centric approach to data protection. Our adherence to the CCPA is a testament to our commitment to ensuring that our users, especially those in California, can confidently use our platform with their rights and privacy safeguarded.

Rights under the California Consumer Privacy Act (CCPA), and the California Privacy Rights Act (CPRA)

At Fable, we prioritise the privacy and rights of our users, especially those residing in California. In line with the California Consumer Privacy Act of 2018 (CCPA) and its subsequent amendments, we have implemented measures to ensure that our California-based users can exercise their rights fully.

Under the CCPA, California consumers have the following rights:

Right to Know: Users have the right to know about the personal information Fable collects about them, including how it is used and shared.

Right to Delete: Users can request the deletion of their personal information, with certain exceptions.

Right to Opt-Out: Users have the right to opt-out of the sale or sharing of their personal information.

Right to Non-Discrimination: Fable ensures that users are not discriminated against for exercising their CCPA rights.

In November 2020, California voters approved Proposition 24, the California Privacy Rights Act (CPRA), which further amended the CCPA. As of January 1, 2023, Fable has incorporated the following additional rights for California consumers:

Right to Correct: Users can request the correction of inaccurate personal information that Fable holds about them.

Right to Limit Use and Disclosure: Users have the right to limit the use and disclosure of sensitive personal information collected about them.

At Fable, we have taken proactive steps to ensure that our platform is compliant with the CCPA and its subsequent amendments. We believe in transparency, user empowerment, and the importance of safeguarding personal data. Our California-based users can confidently use our platform, knowing that their privacy rights are respected and protected.

Lei Geral De Proteção de Dados (LGDP) - Specific Clauses for Brazil Citizens Using Fable

Fable's Commitment to the Lei Geral de Proteção de Dados (LGPD)

At Fable, we are dedicated to upholding the highest standards of data protection for all our users, including those in Brazil. In alignment with the Lei Geral de Proteção de Dados (LGPD), we adhere to the following principles when processing personal data:

Purpose: We ensure that all personal data is processed for legitimate, clear, and previously specified purposes.

Suitability: The processing of personal data at Fable is always compatible with the context in which the data was initially collected.

Necessity: We strictly process data that is relevant, proportional, and necessary to achieve our specified purposes.

Free Access: Fable is committed to providing users with comprehensive information about the form, duration, and integrity of their personal data processing.

Data Quality: We prioritize maintaining personal data that is accurate, clear, relevant, and up-to-date, ensuring its integrity and reliability.

Transparency: Our users are provided with clear, precise, and easily accessible information about our data processing activities, ensuring they are always informed.

Security: Fable employs robust technical and administrative measures to safeguard personal data from unauthorized access, breaches, and accidental loss.

Prevention: Our data processing practices are designed to prevent any harm or adverse effects to our users.

Non-discrimination: We pledge never to process personal data in ways that could be deemed unlawful, abusive, or discriminatory against any individual.

Accountability: At Fable, we take responsibility for the personal data under our care. We continuously strive to demonstrate our compliance with privacy and data protection laws, including the LGPD.

Rights under the Lei Geral De Proteção de Dados (LGDP)

Our commitment to the LGPD underscores our dedication to ensuring that our users, especially those in Brazil, can confidently use our platform with their rights and privacy safeguarded. For any queries or to exercise your rights under the LGPD, please refer to our privacy policy or contact our dedicated privacy team.

At Fable, we are committed to upholding the rights of our users, especially those in Brazil, as outlined in the Lei Geral de Proteção de Dados (LGPD). As controllers of personal data, we recognize our responsibility to safeguard and facilitate these rights.

The nine data subject rights, as stipulated in Article 18 of the LGPD, are as follows:

Confirmation of Processing: Upon request, we will confirm whether we have processed an individual's personal data.

Access: Users can request access to their personal data, and we are committed to providing it promptly.

Correction: If a user's personal data is inaccurate, incomplete, or out-of-date, we will take steps to correct it.

Data Erasure, Anonymization, or Blocking: We will erase, anonymize, or block personal data that is deemed unnecessary, excessive, or processed in violation of the LGPD.

Data Transfer: Upon request, we will facilitate the transfer of a user's personal data to another organization.

Data Deletion: If personal data was collected with user consent, they can request its deletion (subject to certain exceptions).

Third-Party Sharing Information: We will inform users about any third parties with whom we have shared their personal data.

Refusal of Consent: We ensure that users are informed about their right to refuse consent and the consequences of such refusal.

Revocation of Consent: Users have the right to revoke their consent to our processing of their personal data, and we facilitate this right.

Furthermore, in line with Article 20 of the LGPD, if we make significant decisions affecting a user's interests using entirely automated processes, such as AI-driven recommendations, the user has the right to request a human review of that decision.

At Fable, we prioritize transparency, user empowerment, and the importance of safeguarding personal data. Our adherence to the LGPD's data subject rights is a testament to our commitment to ensuring that our users, especially those in Brazil, can confidently use our platform with their rights and privacy safeguarded.

For any queries or to exercise your rights under the LGPD, please refer to our privacy policy or contact our dedicated privacy team.

Other Applicable Regulations

Depending on your location and the use of our services, you may be subject to additional data protection regulations beyond those mentioned above. At Fable Inc., we want to assure you that we are committed to complying with all relevant local regulations to the best of our abilities, while also taking into consideration our operational constraints. Your data privacy and security remain a top priority for us, and we aim to ensure that our practices align with the specific requirements of your region or jurisdiction, wherever you may be.

This privacy policy is designed to encompass all relevant data protection laws currently in effect, including those listed in the following table, which are not exempted.

European Union
General Data Protection Regulation (GDPR)
Right to Access, Right to Rectification, Right to Erasure (‘Right to be Forgotten’), Right to Restriction of Processing, Right to Data Portability, Right to Object, Automated Individual Decision-making, Including Profiling and the Right to Lodge a Complaint

USA
California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
Right to Know, Right to Delete, Right to Opt-Out, Right to Non-Discrimination, Right to Correct, Right to Limit Use and Disclosure.

Brazil
Lei Geral de Proteção de Dados (LGPD)
Confirmation of Processing, Access, Correction, Data Erasure, Anonymization, or Blocking, Data Transfer, Data Deletion, Third-Party Sharing Information, Refusal of Consent and Revocation of Consent.

India
Personal Data Protection Bill (PDPB)
Rights to access information, Rights to data portability, Right to be forgotten, Оbjection to direct marketing and profiling, the right to review the information provided and withdraw consent that was previously provided.

Australia
Privacy Act 1988 (including the Australian Privacy Principles)
Right to know why your personal information is being collected, how it will be used and who it will be disclosed to, have the option of not identifying yourself, or of using a pseudonym in certain circumstances, ask for access to your personal information (including your health information), stop receiving unwanted direct marketing, ask for your personal information that is incorrect to be corrected, make a complaint about an organisation or agency the Privacy Act covers, if you think they’ve mishandled your personal information.

Canada
Personal Information Protection and Electronic Documents Act (PIPEDA)
Right to access the data subject's own personal data, right to rectify/correct the data subject's own personal data where inaccurate or incomplete, right to erasure of personal data, right to restrict data processing, right to object to the processing of personal data and right to withdraw consent.

South Africa
Protection of Personal Information Act (POPIA)
Right to access the data subject's own personal data, right to rectify/correct the data subject's own personal data where inaccurate or incomplete, right to erasure of personal data, right to restrict data processing, right to object to the processing of personal data and right to withdraw consent.

Japan
Act on the Protection of Personal Information (APPI)
Right to access the data subject's own personal data, right to rectify/correct the data subject's own personal data where inaccurate or incomplete, right to erasure of personal data and right to restrict data processing.

Singapore
Personal Data Protection Act (PDPA)
Right to access the data subject's own personal data, right to rectify/correct the data subject's own personal data where inaccurate or incomplete, right to data portability (passed by Parliament but not yet in force) and the right to withdraw consent.

China
Personal Information Protection Law
Right to access the data subject's own personal data,right to rectify/correct the data subject's own personal data where inaccurate or incomplete, right to erasure of personal data, right to restrict data processing, right to data portability, right to object to the processing of personal data, right to withdraw consent, and the right to lodge a complaint.

Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know such data. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

Where required under GDPR will report any breaches or potential breaches to the appropriate authorities within 24 hours and to anyone affected by a breach within 72 hours. If you have any queries or concerns about your data usage, please contact us.

Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

Cookies

A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added, and the cookie helps analyze web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences. We use traffic log cookies to identify which pages are being used. This helps us analyze data about webpage traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

Overall, cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

As well as your ability to accept or reject cookies, we also require your permission to store cookies on your machine, which is why when you visit our site, you are presented with the ability to accept our terms of use, including the storage of cookies on your machine.

Exercising your right to lodge a complaint to a local data protection authority

If you remain dissatisfied, then you have the right to apply directly to your local data protection authority. You can find the list at:

https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm

This document demonstrates our commitment to your privacy based regardless of territory, framework or other applicable laws. We are committed to protecting your privacy in all interactions and will at all times respect your rights and will respond professionally and courteously to any request.