Information that we collect from you

During the course of your relationship with us, your use of our image and content download service (Service), or your use of any apps or websites where we make the Service available (Sites), we may collect the following information:

We don’t collect credit card information

We do not collect, store or process any credit card information. Any credit card payments made by users in connection with the Service will be processed by third-party payment platform providers.

How we use Personal Information and other data

We will use, disclose and hold Personal Information and data collected by us for the following purposes:

Lawful basis for processing Personal Information

We will always make sure that we have a lawful basis for the processing of your Personal Information.

In particular, we may need to process your Personal Information to pursue our legitimate business interests. This includes to enable us to operate the Service for the benefit of users and members. In claiming legitimate business interests to process your Personal Information, we will balance those legitimate business interests against your own interests – which may in some cases override our legitimate business interests.

In addition to our legitimate business interests, we will have a legal obligation in some circumstances to process certain Personal Information.

Cookies

Our Service and Sites may use cookies.  “Cookies” are small text files that are placed on computers, devices or browsers used to access websites, apps or other internet content.  We may use cookies to remember information about your personal preferences and user settings for the Service or Sites, to analyse Service or Site traffic and trends, and to generally understand the behaviours and interests of people who use the Service or Sites.

Our cookies will only use information about your personal preferences and user settings so that the Service or Sites will remember your details next time you visit.  We may use, disclose or sell other data collected by us from cookies for other purposes, but only on an aggregated basis and in a way that ensures that no individual is able to be identified from such information.  

You may be able to change the settings on the device that you use to access the Service or Sites in order to reject or limit the use of cookies, but this may reduce the functionality of the Service or Sites.

Please note that users based in the European Union will be asked to accept the use of cookies before these can be enabled on their devices.

Social sharing features

The Service may integrate with social sharing features and other related tools which let you share actions you take on the Service with other apps, sites, or media, and vice versa. Your use of such features enables the sharing of information with your friends or the public, depending on the settings you establish with the social sharing service. Please refer to the privacy policies of those social sharing services for more information about how they handle the Personal Information or data you provide to or share through them.

Statistical data that we collect

During your use of the Service or Sites we may collect statistical data about such use, such as the date, time and length of your use, the pages of the Service or Sites that you visit, the content you download, and information about the device you are using to access the Service or Sites. This information may be collected by software operating on the Service or Sites, or by third party service providers on our behalf.  

We may use and disclose such statistical data for the following purposes:

We may disclose or sell such statistical data to others for any purpose, but only on an aggregated basis and in a way that ensures that no individual is able to be identified from such data.

User and subject data

We may also use, sell or disclose any of the data about members, users of the Service and other persons that we collect for any purpose other than those purposes expressly permitted under this Privacy Policy, but only on an aggregated basis and in a way that ensures that no individual is able to be identified from such data.

Marketing

We may disclose or sell such statistical data to others for any purpose, but only on an aggregated basis and in aWe may use Personal Information and other data collected by us or via the Service or Sites to send or email to you marketing or promotional information about our services or products, or the services or products of other companies (Direct Marketing Information), but only if you have expressly given us permission to do so.

If you have given us permission to send to you Direct Marketing Information, and you later decide that you do not want us to send you any further Direct Marketing Information, you can contact us at any time to request that we stop sending you such information.  You can either contact our Data Protection Officer (see the details at the end of this Privacy Policy) or use the “Unsubscribe” facility at the bottom of any Direct Marketing Information email or communication that we send you.

We will not sell your Personal Information or other data to direct marketers unless you have expressly given us permission to do so.way that ensures that no individual is able to be identified from such data.

Business acquisition

We may transfer your Personal Information and other data to another entity in connection with a sale of our business or assets, or a merger or consolidation or restructuring of our business or company, or any other transaction in which a third party acquires ownership of any rights in the Service and Sites.

If we transfer any of your Personal Information and other data in such circumstances, we will ensure that such Personal Information and other data remain protected and that the recipient of that Personal Information and other data agrees to be bound by privacy practices and obligations that are consistent with our own under this Policy.

Disclosure of information to third-parties

We will not use your Personal Information and other data, or disclose your Personal Information and other data to third parties, except:

Holding Personal Information

We will not hold your Personal Information and other data for longer than is reasonably required for the purposes for which we may lawfully use that Personal Information or data.

In particular, we will hold your Personal Data for so long as you continue to use the Service and Sites, and for a period of five years after this. The only reason why we may hold any Personal Information for longer than this period is where we are required by law to do so.

Following that period (or following such longer period that we may be required by law to hold Personal Information) we will delete your Personal Information, or mask or anonymise your Personal Information so that it can no longer be used to identify you.

Security

We will use all reasonable endeavours to effect and maintain adequate security measures to safeguard your Personal Information and other data we hold from loss or unauthorised access, use, modification or disclosure.

Transfer of Information

We may transfer the information described in this Privacy Policy to or from other countries where necessary to enable us to operate the Service and Sites, and to supply any products or services ordered by you.

In particular, the Service and Sites are operated using servers and systems located in New Zealand, the European Union, the United States.

The European Commission has recognised New Zealand and the United States (limited to the Privacy Shield framework) as providing adequate protection for the personal data of European Union subjects.

We will ensure that appropriate safeguards are in place as prescribed by the European Union’s General Data Protection Regulation (GDPR), before we transfer any Personal Information of any European Union subjects to any data processor based in any country that the European Commission has not recognised as providing adequate protection for the personal data of European Union subjects. As a minimum, we will ensure that the data processor agrees to be bound by the European Commission’s Standard Contractual Clauses for the protection of personal data, or (in the case of the US) will ensure that the entity is Privacy Shield certified.

See below for details of some of the service providers to whom we may transfer the information described in this Privacy Policy, as well as their privacy practices as at the date of this Privacy Policy.

StripeWe use Stripe to process customer payments. Stripe’s services in Europe are provided by a Stripe affiliate, Stripe Payments Europe Limited, an entity located in Ireland. In providing services, Stripe Payments Europe Limited transfers personal data to Stripe, Inc., in the United States. Stripe has certified to the EU-U.S. and Swiss-U.S. Privacy Shield Framework. In addition to Privacy Shield, Stripe continues to employ additional compliance measures to ensure an adequate level of protection of personal data transferred outside the European Economic Area and the UK. For more information see https://stripe.com/nz/privacy#jurisdiction-specific-provisions.

Digital Ocean
We use Digital Ocean to host and operate the Service and Sites and to provide other services in connection with the Service and Sites. For personal data received from the European Union, DigitalOcean has certified its compliance to the EU-U.S. Privacy Shield Framework regarding the collection, use, and retention of personal data from the European Union. For more information see https://www.digitalocean.com/legal/privacy-policy/.

FullstoryWe use Fullstory to provide digital experience analytics for the Services and Sites, and provide Fullstory with user details such as user names and email addresses for this purpose. Fullstory production data is both processed and stored within Google Cloud Platform’s data centers. All Google data centers that process Fullstory data are located in the United States. Fullstory is certified under the EU-U.S. Privacy Shield Framework. For more information see https://help.fullstory.com/hc/en-us/sections/360003790713-General-Data-Protection-Regulation-GDPR-

Intercom
We use the Intercom messaging platform to provide a range of customer services solutions in connection with the Service and Sites, and we may provide to Intercom user names, contact details and other user data for this purpose. Intercom may transfer personal information to other countries outside the United States and make it accessible to its parents, subsidiaries, affiliates and third party service providers internationally. Intercom has committed to protecting user personal information in accordance with its Privacy Policy wherever it is processed. Intercom has business entities in Europe, the United States and a number of remote employees globally. Personal information may be processed in any country where an Intercom employee accesses the Intercom system. Intercom has self-certified to the EU-U.S. Privacy Shield. For more information see https://www.intercom.com/legal/privacy

Mixpanel
We use Mixpanel to provide business analytics in connection with the Service and Sites. We may provide user information to Mixpanel for that purpose. Mixpanel transfers personal information from the European Economic Area and Switzerland to other countries, some of which have not been determined by the European Commission to have an adequate level of data protection. When it does so, it uses a variety of legal mechanisms, including contracts, to help ensure user rights and protections. The personal information Mixpanel collects may be stored and processed in any country where Mixpanel or its affiliates, subsidiaries, or service providers maintain facilities. Currently, Mixpanel primarily uses data centers in the United States. The storage location is chosen to operate efficiently and improve performance. Mixpanel participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework for its collection, use, and retention of personal information transferred from the European Union to the United States. For more information see https://mixpanel.com/legal/privacy-policy/

Use of third-party websites

If you access any third-party websites via a link from any of the Service or Sites, you will leave the Service or relevant Site. By accessing these links you are not covered by the policies relating to the Service or that Site. We are not responsible for the content of any third-party websites, or their use of your Personal Information or other data.

Subscriber privacy practices

We have no control over the privacy practices of organisations that subscribe as members to the Service. In particular, we cannot control what such organisations may do with the information you input or upload into the Service on their behalf, or the information that you provide to such organisations for the purposes of their inputting or uploading that information into the Service. You should ensure that any organisation you provide Personal Information or other valuable data to has appropriate privacy practices in place that protect that Personal Information or data from misuse and unauthorised disclosure.

Your rights to access, correct and delete Personal Information

You have rights to information about your Personal Information that we collect and process. This information includes:

You also have the right to request from us the rectification or erasure of your Personal Information, to request from us the restriction of processing of your Personal Information, and to object to our processing of your Personal Information.

If you want to access, correct or seek the erasure of your Personal Information or data, please contact our Data Protection Officer (see below) and he/she will tell you how to make a request and if any charges will apply.

EU subjects may complain to a supervisory authority

European Union subjects have the right to lodge a complaint about our Personal Information processing activities with a supervisory authority in the EU Member State where they are based or where the data processing activity took place.

Our Data Protection Officer can help you to identify who your supervisory authority is.

Data Protection Officer

For any queries or further information about our Privacy Policy, or about our privacy or data practices, please contact our Data Protection Officer. This person’s contact details are as follows:

Death to Stock Limited Data Protection Officer

shaun@deathtostock.com
+6421 378086

GDPR Representative

As we are not based in the European Union, we have designated the following person to act as our representative in the European Union for the purposes of Article 27 of the GDPR:


Jessica@deathtostock.com
+6421 109 2707

Our GDPR Representative is authorised to act on our behalf with regard to all questions or issues concerning our collection and processing of the Personal Information of European Union subjects.

Amendments to the Privacy Policy

We may amend this Privacy Policy from time to time. Any such amendments will be effective immediately, unless we state otherwise.  We will take reasonable steps to notify users of any such amendments.

Your continued use of the Service or Sites after any such notice will constitute your acceptance of any amendments or revisions to this Privacy Policy.
You should periodically review this Privacy Policy for the latest information about our privacy practices.

Who we are

For the purposes of the GDPR, Death to Stock Limited, a New Zealand company (7603576), is both a controller and processor of data. Our registered office is located at 131 Bradbury Road, Botany Downs, Auckland 2010, New Zealand.