Privacy

Privacy policy

Last updated: January 2016

About LightWidget

LightWidget is a service that provides responsive widgets for Instagram, which can be embedded on various websites and blogs.

This privacy policy describes how we may process personal data when you use our website and our widgets, your rights and how to contact us for more information about our privacy policy.

Summary of our Privacy Policy

We respect your right to privacy, and process all personal data in accordance with Polish and EU privacy regulations. For your convenience, we have compiled a summary of the privacy policy below, but we recommend that you read the complete policy to better understand how we collect and use personal information.

When you use our widgets, we will register information that you explicitly provide to us in our widget form. We may also gather information when you use our widgets, such as technical information and when, where and how our widgets were used.

We process the information to deliver our services to you, and to improve and develop our widgets and services. We also process personal information that you provide to us during widget upgrade. We may not share the data with any affiliated companies and 3rd party services. Information is gathered only for accounting, invoicing and contact purposes.

If you have not yet created an LightWidget widget, the only personal data we collect is your IP address, which is used for security and IT operational purposes. We may, however, collect anonymous data about the use of our websites and basic technical information about your device and Internet connection for statistical and analytical purposes.

We comply with Instagram Policy that can be found under this link: https://www.instagram.com/about/legal/terms/api/.

1. Basic data protection terminology

Personal data is any information relating to an identified or identifiable natural person. Examples include your name, address, phone number and e-mail, but also other types of information that is associated with identifiable information, such as your account activities.

Processing of personal data is any operation that is performed upon personal data, such as collection, organization, storage, distribution or erasure.

2. Personal data that we collect

We receive a number of different types of information when you create and use our widgets or website.

a) Information you provide to us

When you create a widget and perform activities such as embedding or upgrading it, you provide certain data that is stored by us in our database to recognize you and to ensure the delivery of the service that you have ordered. We will also store information when you contact us, for example when you e-mail us, so that we can assist you and answer your questions. We may also use anonymous and aggregated data about such inquiries to improve our services.

b) Information we collect through the use of our service

When you use our widget, we may gather information about our widget activity. The information can be divided into the following types:

  • Technical information about your device and Internet connection through server logs and other tools we record information about the device and your Internet connection, including operating system, browser version, IP addresses, cookies and other unique identifiers. The technical information is usually processed as aggregated data to analyze how people use our widgets, but we may also link such data to your widget, for instance so that we can view statistics of your widgets.
  • Information about your use of our widgets. We register your widget activities such as number of views, website(s) that use our widgets and number of clicks. We also store information about your visits to our websites. We use this information, among other things, to prevent abuse and to improve our services.
  • Cookies and locally stored content. When you visit our website we use various technologies to recognize you as a user. For instance, we use cookies and local storage to improve user experience. We may also store anonymous identifiers locally on mobile devices incapable of using cookies. You will find more information on cookies and anonymous identifiers in subsection 12 below.

3. Instagram data that we collect

We receive number of different types of information that you and Instagram API provide to us when you create and use our widgets or website.

a) User email and access token 

When you authorize our app with Instagram you provide certain data that we store in our database. We use following data for usage of Instagram API purposes. However we do not store password to your Instagram account.

b) Instagram photos

We use Instagram API to fetch information about photos from particular username or hashtag, that was provided in our widget form. We use only basic data like images links, tags and captions. We do not store Instagram images and videos in our storage in any way. We only have required URLs to them. Images in our widgets comes directly from Instagram.

4. Instagram data retention

We cache and store User content mentioned above in point 3. of this Privacy Policy only for necessary period of time to improve our service performance and for purposes of our widgets. We store data from Instagram API  in temporary cache. We do not save images link permanently in our storage, just in memory. Based on data from Instagram we generate static widget files. Based on our statistics inactive widget are removed after period of 2 months permanently from our hard drives.

5. How can I remove my pictures from your widget?

You may at any time request to remove your pictures and information from our widget and website. In order to do that, please use our contact page and inform us about the pictures that should be removed from our widgets.

6. How do we use information?

We use personal data to deliver our services to you, to improve and develop services in LightWidget, to understand market trends and predict future behavior, and to prevent abuse of our services. The details are as follows:

a) Market trend analysis

We analyze data to understand market trends, so that we can improve, develop and customize our website and widgets. Such analyses can be made by us directly.

b) Improve our widgets and website

We use information to improve our services, for instance by trying to make our widgets and websites as user-friendly as possible. We may for instance register all steps (page views, clicks etc) related to the widget generation to understand if there are certain elements that are confusing to our users. The analyses are usually carried out on an aggregated and anonymized level, but we may also use identifiable data to provide technical support and to understand how each individual use our services.

c) Abuse prevention

We use information to restrict various forms of abuse of our services, such as fraudulent activities, denial of service attacks, spamming, unauthorized logins and other actions that are prohibited under Polish law.

7. How we may share the information

We will not share, sell, convey or otherwise disclose personal data other than as stated in this Privacy Policy, unless we are required to do so by law or you have given your explicit consent.

If there is suspicion of illegal activities in connection with use of our services, information may be disclosed to the police and other public authorities subject to a court or administrative order. IP addresses and anonymous information may also be shared with a third party device recognition tool to prevent unauthorized logins or fraudulent behavior.

We may use so-called data processors to process information on our behalf for the purposes as detailed in subsection 6. We may for instance store information on a web server operated by a third party, or use a third party to perform a payment transaction. Such data processors are subject to specific data processing agreements, as well as and national and EU regulation, which among other things protect the confidentiality, integrity and use of this data.

8. Retention of personal data

Personal data will only be kept as long as it is necessary for the purposes of our service.. You may at any time delete your widget with all statistical data by using our contact page. Your widget will then be deleted after a quarantine period, unless the information is needed to provide a service that you still want to have or we are required by law to keep the information for a specific timeframe (we are for example required to retain certain payment information according to accounting legislation).

9. Quarantine period when canceling your account

If you choose to delete your widget, it will be set in quarantine for 90 days. After that period, all your personal information will be deleted or anonymized. However, there are two exceptions:

  • we have a legal obligation to keep the transactional data for 5 years
  • we keep profile information and login data for a period up to 2 years for security reasons, to be able to investigate fraud or abuse

This data is archived securely and encrypted. It is only made available to official legal entities in response to a legal request (like a court order or subpoena) if we believe that the law requires us to do so.

Profile information and login data may be accessed by our security and forensics team in a case by case basis when we believe it is necessary to do so. For example, this may be done to detect or prevent fraud and other illegal activity or to prevent other serious harm. This data is not available to anyone else outside the security team.

After the aforementioned retention period has passed, all personal identifiable data is removed from all records.

10. Information retention of blocked accounts

Blocked widgets and accounts may be accessed, processed and retained for an extended period of time when it is the subject of a legal request or obligation, governmental investigation, or investigations concerning possible violations of our terms or policies, or otherwise to prevent harm. We also may retain information from blocked accounts for violations of our terms for at least a year to prevent repeat abuse or other violations of our terms.

11. Data security

We have established measures to prevent unauthorized or unlawful processing of personal data, which include organizational measures such as regular risk assessment and internal policies and procedures, as well as physical and information technology security to safeguard the information.

To prevent unauthorized log in to your account, we may use a tool from an external provider to identify the device that you use when you log in. The tool sends data to both your device and the identification service to help us prevent abuse and make sure no one but you can access your account.

12. Use of analytical tools, cookies and other technology

We use various forms of technology to recognize you as a user and analyze data about our users. Such technology is used partly because it is necessary for services to function, partly to make it easier for you to use the service, and partly to enable us to carry out analyses that will enable us to develop and enhance our services.

a) Analytics tools

We use the following analytical tools to collect information about how our services are used, including the number of visitors, how and from where they browse our site etc:

Google Analytics

This tool is used to improve and personalize our website and widgets,to understand market trends and to tailor our offers and marketing. The information we process through Google Analytics may contain identifiable information in the form of IP addresses and profile data, but we normally base our analyses on aggregate data.

Users who do not want to be part of such analyses may use the following link: https://chrome.google.com/webstore/detail/google-analytics-opt-out/fllaojicojecljbmefodhfapmkghcbnh?hl=pl

 

b) Cookies

A cookie is a small text file that is located in browser directories. Cookies are created when a user’s browser loads a website. The website sends information to the browser, which creates a text files, and every time the user goes back to the same website, the browser retrieves and sends this file to the website’s server.

We use cookies to help you navigate our website efficiently and perform certain functions, such as authenticate when you log in to a secure area of our websites and to store your login information so that you do not have to re-enter the same information every time you visit our websites. There are different types of cookies:

A session-based cookie act as a sort of “bookmark” within the site, and tell our servers what pages to show, so that you do not have to remember or start navigating the site all again. Session-based cookies can also store ordering information needed to make shopping carts work. As the name suggests, such cookies last only as long as the browser session. When you close all open browser windows, or turn your computer completely off, the session-based cookies will be gone forever.

A persistent cookie, on the other hand, is stored on your hard drive in your computer until a specified date, which could be tomorrow, next week, or next year. Persistent cookies remain on your computer until either a) expire, b) is overwritten by new cookies, or c) you manually remove them. Such cookies are employed to store user preferences such as your preferred language, and they may also store your login information if you enable the ‘remember me on this computer’ function. We also use cookies to store information about your browsing history.

You consent to our use of cookies as described above by using our services. If you want to withdraw your consent, you can do this by changing your browser settings. Note, however, that this may cause you to lose certain functions, and that you will not be able to log in properly to our websites.

c) Other relevant technologies

We may also use web beacons/pixels to track user behaviour on our widgets and website.

13. Updates to this policy

We may update our privacy policy statement from time to time to reflect changes we make to our website and our policies. If we should update this privacy statement, the new statement will be published on the website within 5 days before the changes are implemented.

The commencement date of this privacy statement is January 8th, 2016.

14. Contact information

If you have any questions or inquiries about this privacy policy please contact us by using our contact page.