What Information Do We Collect?
Mush is fully compliant with GDPR. In early 2018 we went through extensive alignment with GDPR and adhere closely to the seven pillars of GDPR: transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity and accountability.
We collect certain information you provide to us when using MUSH, such as when you create an account and profile, send us an email or post information or other content to MUSH.
We collect certain personal information, like your name, picture, email address and phone number, as well as certain non-identifying information, like birthday and postcode.
We will also collect the contact information of your friends, if you choose to connect your contacts and address book information with MUSH and your login credentials to your social network accounts, such as Facebook, Twitter, and Google, if you choose to connect these accounts with your MUSH account.
We also automatically collect certain information when you use MUSH, such as your location/GPS coordinates (if you enable this feature), a device identifier (but not the UDID), MAC address, Internet Protocol (IP) address (if using a browser), operating system, the browser type, the address of a referring site and your activity on MUSH.
You can enable or disable location services when you use MUSH at anytime, through your mobile device settings.
We may also automatically collect certain information through the use of “cookies”. These are small files that your browser places on your computer. We may use both session cookies and persistent cookies to better understand how you interact with our services, to monitor aggregate usage by our users and web traffic routing on our services, and to improve our services.
Most Internet browsers automatically accept cookies. You can instruct your browser, by editing its options, to stop accepting cookies or to prompt you before accepting a cookie from the websites you visit.
Where Do We Store The Information We Collect?
We store our data with Amazon Web Service, a ISO:27001 service. The data is physically held in Ireland. We use AWS RDS to store our data. We isolate our databases instances and to connect to our IT infrastructure through an industry-standard encrypted IPsec VPN
How Do We Use the Information We Collect?
Mush does not collect data for Clinical Research purposes. We use the information collected through MUSH for the purposes described below:
- to provide our services or information you request, and to process and complete any transactions;
- to respond to your emails, submissions, questions, comments, requests, and complaints and provide customer service;
- to monitor and analyse usage and trends, and to personalize and improve MUSH and your experiences when you use MUSH, such as providing content or features that match your profile or interests (including ads), and to increase the functionality and user friendliness of our services;
- to send you confirmations, updates, security alerts, and support and administrative messages and otherwise facilitate your use of, and our administration and operation of, our services;
- to allow you to add your location to your posts;
- to find and connect with your friends (when instructed by you);
- to let your friends know about your updates on MUSH
- for any other purpose for which the information was collected.
What Information Do We Share With Third Parties?
We will not share the personal information we have collected from you with 3rd parties without consent.
Details of how information is shared is described below:
- with your friends on MUSH with whom you want to share your updates on MUSH, and according to the preferences set in your account;
- with certain social networking services, if you allow such sharing through our services;
- with service providers who are working with us in connection with the operation of our site or our services. The data shared is anonymous, aggregated data and with 3 parties analytical platforms to help us improve the app (these service providers have access to aggregated and anonymous data to perform services on our behalf to improve the app. They are and are obligated not to disclose the data it or use it for any other purposes);
- with service providers who are working with us in connection with the operation of our site or our services (these service providers have access to your personal information only to perform services on our behalf and are obligated not to disclose it or use it for any other purposes);
- when you give us your consent to do so, including if we notify you that the information you provide will be shared in a particular manner and you provide such information;
- when we believe in good faith that we are lawfully authorized or required to do so or that doing so is reasonably necessary or appropriate to comply with the law or legal processes or respond to lawful requests or legal authorities, including responding to lawful subpoenas, warrants or court orders;
- in connection with, or during negotiations of, any merger, sale of company assets, financing or acquisition, or in any other situation where personal information may be disclosed or transferred as one of our business assets.
- We are not responsible for the actions of service providers or other third parties, nor are we responsible for any additional information you provide directly to any third parties.
Links to Other Sites
What Steps Do We Take To Protect Your Information Online?
All data is encrypted in transit both within our IT infrastructure and between mobile devices and our servers.
We take reasonable measures to protect your personal information in an effort to prevent loss, misuse and unauthorized access, disclosure, alteration and destruction.
We run a strict data management process that tracks any breaches both for our customers and our employees.
Please be aware, however, that despite our efforts, no security measures are perfect or impenetrable and no method of data transmission can be guaranteed against any interception or other type of misuse.
Accessing and Modifying Your Information
If you have an account, you can access and modify the personal information you provided us that is associated with your account.
You may “opt out” of receiving marketing or promotional emails from us by changing your account preferences or by following the instructions in those emails.
If you opt out of these messages, you will still receive emails from us, about your account, our services and other pertinent information related to our services. These communications are considered part of the service and your account, which you cannot opt-out from receiving.
You can deactivate your account by selecting the “deactivate” link in the app. Deactivating your account lets you remove your profile without permanently deleting it. When you deactivate your account, other users will no longer see your profile or information (but your information is saved, in case you want to reactivate your account at some point in the future). If you want to delete your information and your account, please contact us (firstname.lastname@example.org) with a request that we delete your account and information. We will take steps to delete your information as soon as is practicable, but some information may remain in archived/backup copies for our records and as otherwise required by law.
How Long Do We Retain Your Data For?
We store users’ data for two years after their last action within the app unless requested to be deleted. We store telemetry data for a maximum of 60 days and store aggregated and anonymised data permanently to track long term app trends.
Our Policy Toward Children
Our service is not directed to children under 13 and we do not knowingly collect personal information from children under 13. If we learn that we have collected personal information of a child under 13, we will take steps to delete such information from our files as soon as possible.
How Often Do We Review The App And Update Information?
We update our app on a weekly basis. Contact us if there is something you’d like us to change!