Effective as of 25 May 2018
Thanks for choosing BentBox!
At BentBox, we want to give you the best possible experience to ensure that you enjoy our service today, tomorrow, and in the future. To do this we need to understand your viewing and purchasing habits so we can deliver an exceptional and personalized service specifically for you. That said, your privacy and the security of your personal data is, and will always be, enormously important to us. So, we want to transparently explain how and why we gather, store, share and use your personal data - as well as outline the controls and choices you have around when and how you choose to share your personal data.
We collect as little information as possible about your activity and we only collect information that is strictly related to you using the BentBox service and perform functions such as logging in and viewing the content you have purchased. We don't collect information related to your activity on other sites and we don't process cookies for marketing or advertisement purposes.
We don't process or store any of your payment details. All payments are processed by our payment processors Paysafe, SecurionPay and Verotel and we don't have any visibility of your personal information.
Your information is, and never will be, shared with any third party for marketing, advertising or data collection purposes.
All analytics data is collected anonymously and it is never shared with any third party.
There are many different ways you can use our services – to search for and share information, to communicate with other people or to create new content. When you share information with us, for example by creating a BentBox Account, we can make those services even better – to show you more relevant search results, to help you connect with people or to make sharing with others quicker and easier. As you use our services, we want you to be clear how we’re using information and the ways in which you can protect your privacy.
This Policy sets out the essential details relating to your personal data relationship with BentBox by Haas & Reed B.V.. The Policy applies to all BentBox services and any associated services (referred to as the ‘BentBox Service’). The terms governing your use of the BentBox Service are defined in our Terms and Conditions of Use (the “Terms and Conditions of Use”).
From time to time, we may develop new or offer additional services. If the introduction of these new or additional services results in any change to the way we collect or process your personal data we will provide you with more information and additional terms or policies. Unless stated otherwise when we introduce these new or additional services, they will be subject to this Policy.
The aim of this Policy is to:
We hope this helps you to understand our privacy commitments to you. For further clarification of the terms used in this Policy please visit our Privacy Center on bentbox.co. For information on how to contact us if you ever have any questions or concerns, then please see the ‘How to Contact Us’ section 14 below. Alternatively, if you do not agree with the content of this Policy, then please remember it is your choice whether you want to use the BentBox Service.
We collect information to provide better services to all of our users – from figuring out basic stuff like your gender, to more complex things like which Boxes you like the most, the people who matter most to you online, or which type of content you might like.
We collect information in the following ways:
(a) Information you give us. For example, our services require you to sign up for a BentBox Account. When you do, we’ll ask for personal information, like your name and email address. To take full advantage of the marketplace features we offer, we automatically create a publicly visible BentBox Profile, which may include your name and photo uploaded by you.
(b) Information we get from your use of our services. We collect information about the services that you use and how you use them, like when you view a Box, send a message, or view and interact with other users. This information includes:
(c) Device information
We collect device-specific information. BentBox may associate your device identifiers with your BentBox Account.
(d) Log information
When you use our services or view content provided by BentBox, we automatically collect and store certain information in server logs. This includes:
We use the information we collect to provide, maintain, protect and improve our services, to develop new ones, and to protect BentBox and our users. We also use this information to offer you tailored content – like giving you more relevant search results and suggested Boxes.
If you have a BentBox Account, we may display your Profile name, Profile photo, and actions you take on BentBox (such as likes, comments you write and comments you post). We will respect the choices you make to limit sharing or visibility settings in your BentBox Account.
When you contact BentBox, we keep a record of your communication to help solve any issues you might be facing. We may use your email address to inform you about our services, such as letting you know about upcoming changes or improvements.
We use information collected from cookies and other technologies, to improve your user experience and the overall quality of our services.
BentBox processes personal information on our servers. We may process your personal information on a server located outside the country where you live.
People have different privacy concerns. Our goal is to be clear about what information we collect, so that you can make meaningful choices about how it is used. For example, you can:
Our services let you share information with others. Remember that when you share information publicly, it may be indexable by search engines, including Google. Our services provide you with the option of removing your content.
Accessing and updating your personal information
Whenever you use our services, we aim to provide you with access to your personal information. If that information is wrong, we strive to give you ways to update it quickly or to delete it – unless we have to keep that information for legitimate business or legal purposes. When updating your personal information, we may ask you to verify your identity before we can act on your request.
We may reject requests that are unreasonably repetitive, require disproportionate technical effort (for example, developing a new system or fundamentally changing an existing practice), risk the privacy of others, or would be extremely impractical (for instance, requests concerning information residing on backup systems).
Where we can provide information access and correction, we will do so for free, except where it would require a disproportionate effort. We aim to maintain our services in a manner that protects information from accidental or malicious destruction. Because of this, after you delete information from our services, we may not immediately delete residual copies from our active servers and may not remove information from our backup systems.
We do not share personal information with companies, organizations and individuals outside of BentBox unless one of the following circumstances applies:
(a) With your consent
(b) We will share personal information with companies, organizations or individuals outside of BentBox when we have your consent to do so. We require opt-in consent for the sharing of any sensitive personal information.
(c) With domain administrators
If your BentBox Account is managed for you by a domain administrator then your domain administrator and resellers who provide user support to your organization will have access to your BentBox Account information (including your email and other data). Your domain administrator may be able to:
(d) For external processing
(f) For legal reasons
We will share personal information with companies, organizations or individuals outside of BentBox if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to:
We work hard to protect BentBox and our users from unauthorized access to or unauthorized alteration, disclosure or destruction of information we hold. In particular:
(a) We encrypt all of our services using SSL.
(b) We review our information collection, storage and processing practices, including physical security measures, to guard against unauthorized access to systems.
(c) We restrict access to personal information to BentBox employees, contractors and agents who need to know that information in order to process it for us, and who are subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.
You may be aware that a new European Union law, called the General Data Protection Regulation or "GDPR" gives certain rights to individuals in relation to their personal data. Accordingly, we have implemented additional transparency and access controls in our Privacy Settings to help users take advantage of those rights. As available and except as limited under applicable law, the rights afforded to individuals are:
In order to enable you to exercise these rights with ease and to record your preferences in relation to how BentBox uses your personal data, we provide you with access to the following settings via your Account Settings page:
The Privacy Center puts you in control of how BentBox processes your personal data. It provides you with information about what happens if you adjust your settings on your Account Settings page and how to opt out of receiving certain messages from BentBox. If we send you electronic marketing messages based on your consent or as otherwise permitted by applicable law, you may, at any time, respectively withdraw such consent or declare your objection (“opt-out”) at no cost. The electronic marketing messages you receive from BentBox (e.g. those sent via email) also will also include an opt-out mechanism within the message itself (e.g. an unsubscribe link in the emails we send to you).
You can find out more about the GDPR rights described above and the controls we provide to all BentBox users with respect to these rights in the ‘Your Rights’ section contained in the Privacy Center. If you have any questions about your privacy, your rights, or how to exercise them, please contact our Data Protection Officer using the ‘Contact Us’ form on the Privacy Center. We will respond to your request within a reasonable period of time upon verification of your identity.
We collect your personal data in the following ways:
We use anonymised and aggregated information for purposes that include testing our IT systems, research, data analysis, creating marketing and promotion models, improving the BentBox Service, and developing new features and functionality within the BentBox Service.
We have set out in the tables below the categories of personal data we collect and use about you:
Personal data collected when you sign up for the BentBox Service
|Categories of personal data||Description of category|
|Account Registration Data||This is the personal data that is provided by you or collected by us to enable you to sign up for and use the BentBox Service. This includes your email address.
Some of the personal data we will ask you to provide is required in order to create your account. You also have the option to provide us with some additional personal data in order to make your account more personalized.
The exact personal data we will collect depends on the type of BentBox Service plan you sign up for.
Personal data collected through your use of the BentBox Service
|Categories of personal data||Description of category|
|BentBox Service Usage Data||This is the personal data that is collected about you when you are using the BentBox Service - this may include:
Personal data collected with your permission that enables us to provide you with additional features/functionality
|Categories of personal data||Description of category|
|Payment Data||We don't receive such personal data. Your payment data is completely managed by our payment processors Verotel, SecurionPay and Paysafe and it is managed through the credit card network to authorise your payments. We don't have any visibility of information such as name, date of birth, full address and full credit card number and expiration date.|
When you use or interact with the BentBox Service, we use a variety of technologies to process the personal data we collect about you for various reasons. We have set out in the table below the reasons why we process your personal data, the associated legal bases we rely upon to legally permit us to process your personal data, and the categories of personal data (identified in Section 5 ‘What personal data do we collect from you?’) used for these purposes:
|Description of why BentBox processes your personal data (‘processing purpose’)||Legal Basis for the processing purpose||Categories of personal data used by BentBox for the processing purpose|
|To provide, personalize, and improve your experience with the BentBox Service and other services and products provided by BentBox, for example by providing customized, personalized, or localized content, recommendations and features.||
|To understand how you access and use the BentBox Service to ensure technical functionality of the BentBox Service, develop new products and services, and analyze your use of the BentBox Service, including your interaction with content and services that are made available or offered through the BentBox Service.||
|To communicate with you for BentBox Service-related purposes.||
|To process your payment to prevent or detect fraud including fraudulent payments and fraudulent use of the BentBox Service.||
|To communicate with you for:
|To provide you with features, information, or other content which is based on your specific interests and location.||
We have set out the categories of recipients of the personal data collected or generated through your use of the BentBox Service.
Publicly available information
The following personal data will always be publicly available on the BentBox Service: your name and/or username, profile picture, who you follow and who follows you on the BentBox Service, your public content and your public collections.
Personal data you may choose to share
The following personal data will only be shared with the categories of recipients outlined in the table below if:
you choose to make use of a specific BentBox Service feature where sharing of particular personal data is required for the proper use of the BentBox Service feature; or
you grant us your permission to share the personal data, e.g. by selecting the appropriate setting in the BentBox Service.
|Categories of Recipients||Reason for sharing|
|Third Party Applications you connect to your BentBox Account||If you connect your BentBox account to a Third Party Application, such as social media platforms (e.g. Tumblr, Twitter, Pinterest), BentBox may share your public information (such as username) to integrate with the third party platform, for example to share content from BentBox.
You will receive a notification before connecting to the Third Party Application to let you know what personal data will be shared / accessible to that Third Party Application.
|Your BentBox Followers|| There also may be times when you want us to share certain Service Usage Data, specifically information about your use of BentBox, with other BentBox users known as ‘Your BentBox Followers’.
For example, when you make Collections, you might want those Collections to be visible to others on the BentBox Service, but you can also make your playlists private at any time.
Learn more about how to manage notifications, your publicly available information, and what you share with others in the ‘Your rights and your preferences: Giving you choice and control’ Section 3 of this Policy and on the Privacy Center.
Information we may share
|Categories of Recipients||Reason for sharing|
|Service Providers and Others||We use technical service providers which may operate the technical infrastructure that we need to provide the BentBox Service, in particular providers which host, store, manage, and maintain the BentBox application, its content and the data we process.
We use technical service providers to help us communicate with you, as described in Section 6 of this Policy.
|Law Enforcement and Data Protection Authorities||We will share your personal data when we in good faith believe it is necessary for us to do so in order to comply with a legal obligation under applicable law, or respond to valid legal process, such as a search warrant, a court order, or a subpoena.
We also will also share your personal data where we in good faith believe that it is necessary for the purpose of our own, or a third party’s legitimate interest relating to national security, law enforcement, litigation, criminal investigation, protecting the safety of any person, or to prevent death or imminent bodily harm, provided that we deem that such interest is not overridden by your interests or fundamental rights and freedoms requiring the protection of your personal data.
We keep your personal data only as long as necessary to provide you with the BentBox Service and for legitimate and essential business purposes, such as maintaining the performance of the BentBox Service, making data-driven business decisions about new features and offerings, complying with our legal obligations, and resolving disputes. We keep some of your personal data for as long as you are a user of the BentBox Service. For example, we keep your playlists, song library, and account information.
If you request, we will delete or anonymise your personal data so that it no longer identifies you, unless, we are legally allowed or required to maintain certain personal data, including situations such as the following:
We are committed to protecting our users’ personal data. We implement appropriate technical and organisational measures to help protect the security of your personal data; however, please note that no system is ever completely secure. We have implemented various policies including pseudonymisation, encryption, access, and retention policies to guard against unauthorised access and unnecessary retention of personal data in our systems.
Your password protects your user account, so we encourage you to use a unique and strong password, limit access to your computer and browser, and log out after having used the BentBox Service.
We may occasionally make changes to this Policy.
When we make material changes to this Policy, we’ll provide you with prominent notice as appropriate under the circumstances, e.g., by displaying a prominent notice within the BentBox Service or by sending you an email. We may notify you in advance.
Please, therefore, make sure you read any such notice carefully.
If you want to find out more about this Policy and how BentBox uses your personal data, please visit the Privacy Center on bentbox.co to find out more.
BentBox parent company Haas & Reed B.V. is the data controller for the purposes of the personal data processed under this Policy.