Last updated on April 28, 2020
Bravo Arts Solutions, LLC (“BAS”, “we”, “us”, “our”) is the provider of BravoBase, an arts management software as a service (“SaaS”) platform which includes the SaaS applications, hosted applications, mobile applications, locally installed applications, application programming interfaces (APIs), websites (e.g. bravo-base.com, etc.; “Website”), domains, as well as any other media forms, media channels, mobile websites, or other resources that are related, linked, or otherwise connected to the platform or provided with the Service (collectively, “BravoBase”, “Service” or “Services”).
1) Automatic Collection of Information. When you access the Service, our servers automatically record information that your device sends. This data may include information such as your device’s IP address and location, device name and version, operating system type and version, language preferences, information you search for in our Service, access times and dates, and other statistics. Information collected automatically is used only to identify potential cases of abuse and establish statistical information regarding Service traffic and usage. This statistical information is not otherwise aggregated in such a way that would identify any particular user of the system.
2) Collection of Personal Information. You can access the Service (including our websites) as a potential client or a patron of one of our clients without telling us who you are or revealing any information by which someone could identify you as a specific, identifiable individual. If, however, you wish to use some of the Service’s features (for example, to contact us, request information, make a purchase, etc.), you will be asked to provide certain Personal Information (for example, your name and e-mail address). We receive and store any information you knowingly provide to us when you create an account, publish content, make a purchase, or fill any online forms in the Service (or a user of the Service fills them in on your behalf for example for a mail or phone order, etc.). When required, this information may include the following:
• Personal details such as name, birthday, gender, country of residence, etc.
• Contact information such as email address, phone, address, etc.
• Account details such as username, unique user ID, password, etc.
• Payment information such as credit card details, bank details, etc.
• Geolocation data of the mobile device such as latitude and longitude.
• Certain features on the mobile device such as contacts, calendar, gallery, etc.
• Information about other individuals such as your family members, friends, etc.
• Any other materials you willingly submit to us such as articles, images, feedback, etc.
You can choose not to provide us with your Personal Information (unless you wish to be a client or client authorized user), but then you may not be able to take advantage of some of the Service’s features. Users who are uncertain about what information is mandatory are welcome to contact us at email@example.com.
4) Storing Personal Information. We will retain and use your Personal Information for the period necessary to comply with our legal obligations, resolve disputes, and enforce our agreements unless a longer retention period is required or permitted by law. We may use any aggregated data derived from or incorporating your Personal Information after you update or delete it, but not in a manner that would identify you personally. Once the retention period expires, Personal Information shall be deleted. Therefore, the right to access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after the expiration of the retention period.
5) Use and Processing of Collected Information. In order to make our Services available to you, or to meet a legal obligation, we need to collect and use certain Personal Information. If you do not provide the information that we request, we may not be able to provide you with the requested products or services. Some of the information we collect is directly from you via BravoBase. However, we may also collect Personal Information about you from other sources such as email and phone. Any of the information we collect from you may be used for the following purposes:
• Create and manage user accounts
• Fulfill and manage orders
• Deliver products or services
• Improve products and services
• Send administrative information
• Send marketing and promotional communications
• Respond to inquiries and offer support
• Request user feedback
• Improve user experience
• Post customer testimonials
• Deliver targeted advertising
• Administer prize draws and competitions
• Enforce terms and conditions and policies
• Protect from abuse and malicious users
• Respond to legal requests and prevent harm
• Run and operate our Services and websites
Processing your Personal Information depends on how you interact with our Services, where you are located in the world and if one of the following applies:
(i) You have given your consent for one or more specific purposes. This, however, does not apply, whenever the processing of Personal Information is subject to California Consumer Privacy Act or European data protection law;
(ii) Provision of information is necessary for the performance of an agreement with you and/or for any pre-contractual obligations thereof;
(iii) Processing is necessary for compliance with a legal obligation to which you are subject;
(iv) Processing is related to a task that is carried out in the public interest or in the exercise of official authority vested in us;
(v) Processing is necessary for the purposes of the legitimate interests pursued by us or by a third party.
Note that under some legislations we may be allowed to process information until you object to such processing (by opting out), without having to rely on consent or any other of the following legal bases below. In any case, we will be happy to clarify the specific legal basis that applies to the processing, and, in particular, whether the provision of Personal Information is a statutory or contractual requirement, or a requirement necessary to enter into a contract.
6) Information Transfer and Storage. BravoBase uses Amazon Web Services (“AWS”) secure servers located in the United States, which are paid for and managed by us, to process and store all data on the Service. Depending on your location, data transfers may involve transferring and storing your information in a country other than your own. You are entitled to learn about the legal basis of information transfers to a country outside the European Union or to any international organization governed by public international law or set up by two or more countries, such as the UN, and about the security measures taken by us to safeguard your information. If any such transfer takes place, you can find out more by checking the relevant sections of this document or inquire with us using the information provided in the contact section.
7) The Rights of Users. You may exercise certain rights regarding your information processed by us. In particular, you have the right:
(i) to withdraw consent where you have previously given your consent to the processing of your information;
(ii) to object to the processing of your information if the processing is carried out on a legal basis other than consent;
(iii) to learn if information is being processed by us, obtain disclosure regarding certain aspects of the processing and obtain a copy of the information undergoing processing;
(iv) to verify the accuracy of your information and ask for it to be updated or corrected;
(v) under certain circumstances, to restrict the processing of your information, in which case, we will not process your information for any purpose other than storing it;
(vi) under certain circumstances, to obtain the erasure of your Personal Information from us;
(vii) to receive your information in a structured, commonly used and machine readable format and, if technically feasible, to have it transmitted to another controller without any hindrance. This provision is applicable provided that your information is processed by automated means and that the processing is based on your consent, on a contract which you are part of, or on pre-contractual obligations thereof.
8) The Right to Object to Processing. Where Personal Information is processed for the public interest, in the exercise of an official authority vested in us or for the purposes of the legitimate interests pursued by us, you may object to such processing by providing a ground related to your particular situation to justify the objection. You must know that, however, should your Personal Information be processed for direct marketing purposes, you can object to that processing at any time without providing any justification. To learn, whether we are processing Personal Information for direct marketing purposes, you may refer to the relevant sections of this document.
9) How To Exercise These Rights. Any requests to exercise User rights can be directed to us through the contact details provided in this document. These requests can be exercised free of charge and will be addressed by us as early as possible.
11) Special Terms related to the European Economic Area.
If you are in the European Economic Area (“EEA”), the provisions of this Section apply to you.
a. Legal Basis for Processing. We may process your Personal Data because you have given us permission to do so (e.g., by sending data through our Service, contact or order forms), because the processing is in our legitimate interests and it’s not overridden by your rights, or because we need to process your Personal Data to comply with the law.
b. Your Rights Under the General Data Protection Regulation (“GDPR”). If you wish to know what Personal Data we hold about you, to have us remove it, or otherwise to exercise your rights, please contact us at firstname.lastname@example.org. In some cases, you also have the following rights related to your Personal Data including the right:
• to access, update, or delete your Personal Data.
• of rectification to have your information altered if it is inaccurate or incomplete.
• to object to our processing of your Personal Data.
• of restriction to request that we restrict how we process your Personal Data.
• to data portability to receive a copy of the information we have about you in a structured, machine-readable, and commonly used format.
• to withdraw consent to our processing of your Personal Data.
• to complain to an EEA data protection authority (a government agency) about our management of your Personal Data.
12) Billing and Payments. In case of services requiring payment, we request credit card, bank account or other payment account information, which will be used solely for processing payments. Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction unless otherwise stated. After that is complete, your purchase transaction information is deleted. Where necessary for processing future payments and subject to your prior consent, your financial information will be stored in encrypted form on secure servers of one of our reputed payment gateway service providers who is beholden to treating your Personal Information in accordance with the latest security standards as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. Sensitive and private data exchange happens over a SSL secured communication channel and is encrypted and protected with digital signatures, and BravoBase payment applications are also in compliance with PCI vulnerability standards in order to create as secure of an environment as possible for Clients and your users. Scans for malware are performed on a regular basis for additional security and protection.
12) Product and Service Providers. We may contract with other companies and independent contractors to provide certain products and services. These service providers are not authorized to use or disclose the information except as necessary to perform services on our behalf or comply with legal requirements. We may share Personal Information for these purposes only with third-parties whose privacy policies are consistent with ours or who agree to abide by our policies with respect to Personal Information. Our service providers are given the information they need to perform their designated functions, and we do not authorize them to use or disclose Personal Information for their own marketing or other purposes.
15) Links to Other Services, Websites and Applications. Our Service contains links to other services, websites and applications that are not owned or controlled by us. Please be aware that we are not responsible for the privacy practices of such other third-parties. We encourage you to be aware when you leave our Service and to read the privacy statements of every third-party service, website and application that may collect your Personal Information.
16) Privacy of Children. Users under 18 years old (“children”) are not authorized to use the service However, parents and guardians are permitted to enter the Personal Information of children under 18 as needed to use the Service for their benefit (for example to register a such children for a class offered by one of our Client organizations.) Therefore, we provide privacy protections with respect to Personal Information entered in our Service about such children and take reasonable precautions to protect the privacy of children’s Personal Information. We do not require a parent to disclose more information about a child than is reasonably necessary to use the Service. Parents who choose to enter their children’s information, or have it entered by an authorized user on their behalf (for example by submitting a phone order or mail in order form), into the Service have an easy method for giving consent. Parents can review their child’s information, delete it, and refuse to allow any further collection or use of such information by contacting us or the BravoBase Client who collected such data.
17) Newsletters. We offer electronic newsletters to which you may voluntarily subscribe at any time. We are committed to keeping your e-mail address confidential and will not disclose your email address to any third parties except as allowed in the information use and processing section or for the purposes of utilizing a third-party provider to send such emails. We will maintain the information sent via e-mail in accordance with applicable laws and regulations. In compliance with the CAN-SPAM Act, all e-mails sent from us will clearly state who the e-mail is from and provide clear information on how to contact the sender.
18) Information Security. We secure information you provide on Amazon Web Services computer servers and other services located in the United States in a controlled, secure environment, protected from unauthorized access, use, or disclosure. We maintain reasonable administrative, technical, and physical safeguards in an effort to protect against unauthorized access, use, modification, and disclosure of Personal Information in its control and custody. However, no data transmission over the Internet or wireless network can be guaranteed. Therefore, while we strive to protect your Personal Information, you acknowledge that
(i) there are security and privacy limitations of the Internet which are beyond our control;
(ii) the security, integrity, and privacy of any and all information and data exchanged between you and our Services (or any other online services) cannot be 100% guaranteed; and
(iii) any such information and data may be viewed or tampered with in transit by a third-party, despite our best efforts.
By using our Service, you recognize that the current reality is that even the biggest tech companies in the world as well as the most well-funded governments institutions are not immune to such limitations. However, your data is typically more secure in our Service than your home, office, or self-managed servers due to the greater pool of financial resources and technical expertise we employ in the security and backup of our systems and data.
19) Data Breach. In the event we become aware that the security of the Service has been compromised or users Personal Information has been disclosed to unrelated third parties as a result of external activity, including, but not limited to, security attacks or fraud, we reserve the right to take reasonably appropriate measures, including, but not limited to, investigation and reporting, as well as notification to and cooperation with law enforcement authorities. In the event of a data breach, we will make reasonable efforts to notify affected individuals if we believe that there is a reasonable risk of harm to the user as a result of the breach or if notice is otherwise required by law. When we do, we will send you an email.
20) Legal Disclosure. We will disclose any information we collect, use or receive if required or permitted by law, such as to comply with a subpoena, or similar legal process, and when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request. In the event we go through a business transition, such as a merger or acquisition by another company, or sale of all or a portion of its assets, your user account, and Personal Information may be among the assets transferred.
21) Changes and Amendments. We may change this Policy at any time by posting a new version on bravo-base.com. The new version will become effective on the date it’s posted, which will be listed at the top of the page.
22) Contacting Us. For questions about this Policy, please contact us at email@example.com.
23) Acceptance of This Policy. You acknowledge that you have read this Policy and agree to all its terms and conditions. By using BravoBase or its Services you agree to be bound by this Policy. If you do not agree to abide by the terms of this Policy, you are not authorized to use or access the Services.