PRIVACY POLICY
Effective September 17, 2024
SHORTLY.SX (“COMPANY”, “we”, “us”, “our”) is committed to protecting your privacy. This Privacy Policy describes how we collect and use, disclose and protect your information. We have created this Policy to inform you about what information we collect, how we collect your information, how we share your information and your rights related to that information. This Policy applies when you use our SHORTLY.SX website and services both within and outside the European Union (“EU”) and either as the creator of a COMPANY link (as defined below) or by clicking on a COMPANY link.
We may collect and receive information about users of our Services (“users,” “you,” or “your”) from a variety of sources, including: (i) information you provide through your user account on the Services (your “Account”) when you register for the Services; (ii) your use of the Services; and (iii) from third-party websites, services, and partners.
For purposes of this Policy, the sites, features, content, applications, and other services provided by COMPANY will be referred to as the “Services.” This Policy operates in conjunction with this Site’s TERMS OF USE.
Any capitalized terms used but not defined in this Policy have the meanings set forth in the Terms of Use. If you do not agree with our policies and practices, please do not use our Services. By accessing or using our Services, you agree to these Policies.
CONTROLLER AND PROCESSOR
Data protection and privacy laws in some jurisdictions distinguish between “controllers” and “processors” of personal data (as defined below). The purposes and means of processing personal data are determined by the controller, while the processor processes personal data on behalf of the controller on the basis of the controller’s instructions. When you create a COMPANY link (as a “User”), the COMPANY acts as the controller. When you click on a COMPANY link created by a User, we act as the processor. When TinyURL processes Personal Data as a processor on behalf of the User (meaning the creator of the shortened link), applicable laws, namely Regulation (EU) 2016/679 of the European Parliament and of the Council (hereinafter referred to as the “GDPR”), require the parties to enter into a data processing agreement (“DPA”) to govern such processing, the DPA attached to this Privacy Policy shall apply. In this case, the DPA set forth in Exhibit A will be incorporated into the Terms of Use and Service Agreement and form an integral part of the Agreement.
PERSONAL DATA
For the purposes of this Policy, “Personal Data” means any information that can identify, relate to, describe, be associated with or refer to a specific User, directly or indirectly. This may include identifiers such as a name, an identification number, location data, an online identifier or factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. This excludes aggregated or non-identifiable information that is maintained in a form that cannot reasonably be associated with or linked to you.
HOW WE LEGITIMATELY PROCESS YOUR PERSONAL DATA
TinyURL is entitled to process Users’ personal data in accordance with the law. The legal basis for collecting and using the personal data described below depends on the type of personal data concerned and the specific context in which it is collected.
Generally, we collect personal data:
a. When you give us your explicit consent;
b. to perform our contractual obligations to you;
c. When we have a legitimate interest in processing your personal data that does not override your rights.
Our legitimate interests include the effective operation of our Services, communicating with you to provide support, improving our platform, conducting marketing activities, and detecting or preventing illegal activities.
In certain circumstances, we may also have a legal obligation to collect personal data from you or we may need it to protect your vital interests or the interests of another person.
When we ask you to provide personal data in order to comply with a legal requirement or to perform a contractual obligation to you, we will specify the request and inform you whether the provision of your personal data is mandatory and the possible consequences if you choose not to provide it.
WHAT PERSONAL DATA DO WE COLLECT AND HOW WE COLLECT IT
There are several ways in which you can provide us with your personal data.
• 1) Directly from you:
I. Account Creation: When you create an account, we collect personal information from you, such as your name, email address, and other relevant information (your “Account”). If you create an account using credentials from a third-party account, such as Facebook, Google, Twitter, or Microsoft, we will access and collect your personal information provided by that third-party account. The amount of information shared with us from that third-party account depends on your privacy settings in your third-party account.
II. COMPANY Link Creation: Our Services allow users to create shortened URLs to websites (“COMPANY Links”). Users can create COMPANY Links without registering for an account. When you create a COMPANY Link, COMPANY collects and stores the original URL and the shortened URL and associates them with your session. This applies to both logged-in and logged-out users.
III. Billing Information: If you add your billing information to your user account, this information will be sent to our third-party payment processor. We do not store your billing information in our systems; however, we have access to and may store subscriber information through our third-party payment processor.
IV. User Support: If you contact us for help or support, we may collect your name, email address, or any other content you send us.
V. Social Media Interactions: We may collect information from your social media account if you interact with our social media presence.
• 2) Data Collected Automatically
I. Log Data: When you use our Services, whether as a registered user or an unregistered user, our servers may automatically record information that your browser sends whenever you create or use a TinyURL link (“Log Data”). This log data may include information such as your Internet Protocol (“IP”) address, device settings (such as browser type, operating system, language, extensions, etc.), the time and date of the COMPANY link, the referring website, the time and date of each access, device settings, and analysis of the sharing of the COMPANY link on third-party services, such as social media. We use this information to track and analyze the use of the Services, for technical administration of the Sites, to improve the functionality and user-friendliness of our Sites, and to better tailor them to the needs of our visitors.
II. Mobile Devices: We may collect information from your mobile device, such as unique identifiers transmitted from your device when you visit our Services.
III. Cookies and Similar Technology: “Cookies” are small data files that we transfer to your computer’s hard drive for record-keeping purposes. For more information, please see our COOKIE POLICY.
• 3) Personal Information We Collect from Other Sources
I. Social Media Services: Our Services allow you to interact with social media platforms and other third-party services (e.g., Facebook, Twitter, and LinkedIn). If you choose to share your COMPANY links using third-party services, we may collect information related to your use of those third-party services. In addition, if you access the Services using one of these social media platforms or other third-party services, we may receive information about you from those third parties, such as account and profile information. Please note that third-party services may have the ability to limit the information provided to us based on your account privacy settings.
NO SPECIAL CATEGORIES OF PERSONAL DATA
In accordance with applicable privacy laws, in particular Article 9 of the GDPR, special categories of personal data include any information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health, or data concerning a natural person's sex life or sexual orientation (hereinafter referred to as "special categories of personal data").
THE COMPANY does not request or collect any sensitive personal data or special categories of personal data as defined by applicable privacy laws in order for you to use our services.
PURPOSES FOR WHICH WE COLLECT AND MAY SHARE YOUR PERSONAL DATA
We collect and may share your personal data for the following purposes:
a. to operate and maintain our sites and provide services;
b. to enhance and personalize our services;
c. to process and complete requested transactions;
d. Where necessary for our legitimate interests (or those of a third party) and provided that your interests and fundamental rights do not override those interests
e. To communicate with you directly or through our partners, including for customer service, updates and other service-related information, as well as for marketing and promotional purposes;
f. To help detect, prevent or investigate security incidents, fraud and other misuse or abuse of our Services; and
g. To enforce our terms of service, protect our legal rights and comply with regulatory requirements or respond to government inquiries.
In the table below, we have outlined a description of the categories of personal data we collect, the legal basis for our collection and use of personal data, and the categories of third parties with whom some or all of your personal data may be shared.
| Type of Interaction Collection and Use Applied to | Categories of Personal Information Collected | Purposes for Collection, Use, and Sharing | Categories of Third Parties with Whom Some or All the Personal Information May Be Shared |
|---|---|---|---|
| Identifiers (such as name, alias, postal address, unique personal identifier, online identifier, Internet Protocol (IP) address, email address, account name, or other similar identifiers) |
|
|
| Customer Records Information (such as Name, address, telephone number, bank account number, credit or debit card number, other financial information) |
|
|
| Commercial information (such as records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies) |
|
|
| Internet or other electronic network activity information (such as information regarding a consumer’s interaction with an Internet website, application, or advertisement) |
|
|
| Non-Precise Geolocation information (such as zip or area code, state, country) |
|
|
| Inferences drawn from the above information about your predicted characteristics and preferences |
|
|
| Other information about you that is linked to the personal information above |
|
|
HOW WE MAY SHARE YOUR PERSONAL INFORMATION
Our Services are designed to allow you to share information and receive information about the COMPANY that you create. As a result, certain personal information may be shared with third parties as described below:
I. COMPANY Links You Create: When you create a TinyURL link, the shortened URL and the original URL it links to are publicly available to anyone who is provided with or has access to the COMPANY link.
II. Information We Share with Users: We may share the personal information we collect as described in this Policy with our users. When a COMPANY link is created, the user who created the link may be able to view aggregate information about the clicks and impressions of the COMPANY link, including the number of times the COMPANY link has been shared, whether or not it has been viewed, a comparison of the performance of that COMPANY link to the performance of all COMPANY links pointing to the same content, whether others are sharing the COMPANY link to the same content, and the geographic areas in which the same content or geographic identifier is displayed.
III. Service Providers: We may employ third-party companies and individuals to facilitate our Services, to provide the Services on our behalf, to improve our Services, and to perform services related to the Site (e.g., without limitation, maintenance services, database management, web analytics, payment processing, fraud detection, and improving site functionality) or to help us analyze how our sites and services are used. These third parties have access to your personal information only to perform these tasks on our behalf and are required not to disclose or use it for any other purpose.
IV. Analytics and Search Engine Providers: We may share personal information with analytics and search engine providers who assist us in improving and optimizing the Service.
V. Feedback: We may collect feedback from you about your experience so that we can compare your experience with other users of the Service in order to improve the quality of the Service. This feedback is the property of COMPANY and we reserve the right to share it with any third party.
VI. Acquisition, Merger or Bankruptcy: COMPANY may sell, transfer or otherwise share some or all of its assets, including your personal information, in connection with a merger, acquisition, reorganization, asset sale or in the event of bankruptcy.
VII. Disclosure without your consent: We may disclose information in response to subpoenas, court orders, or court orders or in connection with any legal process or to comply with applicable laws. We may also share your information in an emergency to establish or exercise our rights, to defend ourselves against legal claims, to investigate, prevent, or act in connection with possible illegal activities, suspected fraud, the safety of persons or property, or violations of our policies.
VIII. Disclosure with your consent: We will share information about you when you instruct us to do so, such as when you share COMPANY or content with others through the Services, or when we notify you that the information you provide will be shared in a certain way and you provide such information (such as by posting it on a third-party service).
We may also share aggregated information that does not include personal information, and we may otherwise make non-identifying information and log data available to parties for industry analysis, demographic profiling, and other purposes. Any aggregate information shared in these contexts will not include your personal information.
MARKETING AND ADVERTISING
We process your personal information to tailor our marketing and advertising efforts. For this purpose, we provide your information to third-party advertising networks (such as Google Doubleclick) and social media companies (such as Facebook, Instagram, and other social media platforms). When we provide information to agencies, advertising networks, and other parties for targeted advertising, we do not provide them with your name, financial information, or any sensitive information. We use online identifiers, such as emails, cookies, and device identifiers, to help us deliver targeted advertising to you and others like you.
We may also use aggregate information to help advertisers reach the kind of audience they want to target. We may use the personal information we collect from you to serve ads to your target audience.
To opt out of targeted advertising, you can use the following links provided by third parties that manage opt-outs for some ad networks:
• http://preferences-mgr.truste.com
• http://www.networkadvertising.org/managing/opt_out.asp
• http://www.aboutads.info/
• https://policies.google.com/privacy/partners
DO NOT TRACK SIGNALS
Your browser settings may allow you to automatically transmit a “Do Not Track” signal to the online services you visit. Please note, however, that there is no industry consensus on what website and app operators should do with these signals. Accordingly, unless and until the law is interpreted to require us to do so, we do not monitor or act on “Do Not Track” signals.
EMAIL MARKETING
If you subscribe to our Services or newsletter, we will send you marketing emails. If you change your mind, you may opt out at any time by selecting the unsubscribe option when you receive an electronic marketing communication from us. Withdrawing your consent will not affect the lawfulness of processing based on your consent before its withdrawal.
Please note that even if you opt out of receiving commercial emails, you will still receive emails that are transactional in nature, such as actions taken in your account, updates to our online policies, and other transactional communications.
INTERNATIONAL TRANSFERS
When you use our Services, your personal information may be transferred to our service providers and trusted partners who operate processing facilities outside the European Economic Area (“EEA”). This is only for the purposes of providing and to the extent necessary to provide the Services to you. The privacy laws in these countries may not protect your information as much as the laws in your jurisdiction.
However, the Company has taken steps to ensure robust security for your personal information, including the use of Standard Contractual Clauses (“SCCs”), to ensure that your data is adequately protected during transmission.
RETENTION OF YOUR PERSONAL INFORMATION
We will retain your personal information only for as long as is necessary for the purposes set out in this Policy. We will retain and use your personal information to the extent necessary to comply with our legal obligations (for example, if we are required to retain your personal information in accordance with applicable law), resolve disputes, and enforce our legal agreements and policies.
You have the following rights with respect to your personal data:
• If you wish to access, correct, update or request deletion of your personal data, you may do so at any time. Please note that if you exercise your deletion rights, you may no longer be able to use the Services unless you create a new account with us.
• You will not be discriminated against for exercising your data rights.
• To exercise your rights to delete your personal data under the GDPR or other data protection laws, you may deactivate your account through your control panel settings. After you submit a deactivation request, the personal data associated with your account will be deleted within 30 days. Please note that while some personal data may be retained in unaltered backups for up to 180 days, it will not be accessible or used after a deletion request has been processed. Some data, such as links, may remain active unless you specifically request deletion.
• You have the right to opt out of marketing communications from us at any time. You can exercise this right by clicking on the “unsubscribe” or “unsubscribe” link in the marketing emails we send you.
• Similarly, where we have collected and processed your personal data with your consent, you may withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we have carried out prior to your withdrawal, nor will it affect processing of your personal data carried out on the basis of lawful grounds for processing other than consent.
• You have the right to lodge a complaint with a data protection authority regarding our collection and use of your personal data. For further information, please contact your local data protection authority. Contact details of the authorities in other EU Member States can be found in the directory maintained by the European Data Protection Board (“EDPB”) as required by the GDPR.
Please note that while certain requests will be subject to necessary verification requirements. These rights can only be exercised by you or someone legally authorized to act on your behalf, we cannot respond to your request or provide you with personal data unless we can verify your identity or authority to make the request and confirm that the personal data concerns you.
You do not need to create an account with us to exercise your right to know or right to erasure. However, we consider requests made through your password-protected account to be sufficiently verified if the request concerns personal data associated with that specific account.
We will only process the personal data provided in the request for the purpose of verifying the identity of the requester or the authority to make the request.
SALE OF PERSONAL DATA OPT-OUT AND CONNECTION RIGHTS
TinyURL does not sell personal data to third parties for monetary value. However, to the extent that “sale” is interpreted under applicable law to include interest-based advertising or other uses of data described in the “Purposes for which we collect and may share your personal information” and “How we may share your personal information” sections above, we will comply with those laws in connection with such activities.
You do not need to create an account with us to exercise your right to opt out. We will use the personal information provided in your opt-out request only to review and comply with your request.
Please note that your decision to opt out of the sale of your personal information may affect the availability and quality of some of our services that we provide to you. Your personal information may be further shared in accordance with the terms of the Policy, unless such sharing constitutes a sale.
The security of your personal information is important to us. As such, TinyURL uses standard physical, technical, and administrative measures designed to reduce the risk of loss, misuse, unauthorized access, disclosure, or modification of your personal information. Unfortunately, no system or network can be guaranteed to be 100% secure, as we cannot and do not guarantee the security of any information you transmit to or through the Services or otherwise store.
SECURITY
THE COMPANY is committed to protecting your information. We use a variety of security technologies and measures designed to protect information from unauthorized access, use or disclosure. The measures we use are designed to provide a level of security appropriate to the risk involved in processing your personal information. Please note that no service is completely secure. While we strive to protect your data, we cannot guarantee that unauthorized access, hacking, data loss or data breaches will never occur.
NOT INTENDED FOR CHILDREN
Our services are not directed at persons under the age of 18. We do not knowingly collect information from persons under the age of 18. For this reason, we do not knowingly “sell,” as that term is defined under applicable law, including the CCPA, the personal information of minors.
If you are the parent or guardian of a minor under the age of 16 and are using our Services, you may contact us to request the deletion of any personal information, if any, that we have collected about the minor.
For privacy reasons, we may request proof of relationship to the minor.
UPDATES TO THE PRIVACY POLICY
We may update this Policy from time to time. When we update the Policy, we will notify you by updating the “Effective Date” at the top of this Policy, posting the new Policy, and providing other notices required by applicable law. We encourage you to review the Policy each time you visit the Site to be informed of our privacy practices. If we materially change the ways in which we process or share personal information previously collected from you through our Services, we will notify you.
If you do not agree or consent to such updates or changes, please do not continue to use the Services.
LINKS TO THIRD-PARTY WEBSITES
Our Services, email updates and other communications may from time to time contain links to and from the websites of others, including our partner networks, advertisers and affiliates. If you use a link to any of these websites, please note that these websites have their own privacy policies and that we are not responsible for those policies.
CONTACT US
If you have any questions about this Policy, please contact us.