WP Umbrella Logo

Privacy and Data Handling Rules

At Liven Studio, we have a few fundamental principles :

  • We don’t ask you for personal information unless we truly need it.
  • We don’t share your personal information with anyone except to comply with the law, develop our products, or protect our rights.
  • We don’t store personal information on our servers unless required for the ongoing operation of one of our services.
  • We don’t sell any of your personal information

Below is our privacy policy about personal data, which incorporates these goals.

Updated on January 9, 2023

Section 1 : Privacy Policy

1. Introduction

Before using the website www.wp-umbrella.com and the application https://app.wp-umbrella.com/ please be aware of and accept this policy. This document informs you of the processing carried out by our company LIVEN STUDIO as the data controller on your personal data.

LIVEN STUDIO commits to taking appropriate measures to ensure the protection and confidentiality of the personal data it processes, in compliance with the provisions of Law No. 78-17 of January 6, 1978 (known as the “Data Protection Act” or “LIL”) and the General Data Protection Regulation (“GDPR”) No. 2016/679.

2. Who is this policy for?

This policy applies to internet users who browse our site (“Site”) as well as to users (clients or not) of our WP Umbrella application (hereafter referred to as the “Application” or “WP UMBRELLA”).

3. Who is the data controller?

The data controller, as defined by the GDPR, is the person who determines the means and purposes of the processing. Our company LIVEN STUDIO is the data controller. LIVEN STUDIO is a simplified joint-stock company with a capital of 2353 euros, registered in the Lyon Trade and Companies Register under SIRET number 901 423 434, with its registered office located at 4 rue de République, 69001 Lyon. To consult the processing carried out by LIVEN STUDIO in its capacity as a subcontractor, please refer to our subcontracting agreement.

4. What are the purposes and legal bases for processing personal data?

The purpose of processing corresponds to the objective pursued by the data controller. As a data co

The purpose of data processing corresponds to the objective pursued by the data controller. As a data controller, we commit to only process personal data for specific and legitimate purposes based on legal grounds.

No.PURPOSES (Why we use the data)LEGAL BASES (What authorizes us to process data)
1Technical management of the Application: maintenance, hosting, security, and user account management (creation, update, deletion).Legitimate interest, Acceptance of the Terms of Use (user contract), Execution of pre-contractual measures
2Customer management: order tracking, payments, renewals, pre-subscription exchanges, support service.Customer Terms and Conditions (client contract)
3Customer loyalty and commercial prospecting (retaining users who are customers – convincing registered users who are not yet customers to become one – finding potential future users – following up on contacts after events)Legitimate interest
4Measuring Application satisfaction (collecting feedback to test, optimize, improve).Legitimate interest
5Management of the wp-umbrella.com website: technical management (hosting, maintenance, security), support requests via contact form, partner/team referencing, customer testimonials, newsletter subscriptions (blog), audience measurement trackers.Legitimate interest, Consent for referencing partners/teams and publishing customer testimonials
6Management of the affiliate program (tracking affiliates and commission payments)Affiliate contract

5. Personal data we process as data controller

We commit to processing strictly only the personal data necessary for the purposes outlined above.

No.PURPOSESTYPE OF PERSONAL DATA
1Technical management of the ApplicationUser account data: email, first name, last name – API key (Login possible via Google and Github accounts), Connection data: IP addresses, logs, terminal identifiers, connection identifiers
2Customer managementCustomer data: account data (first name, last name, email), Order-related data (billing address, company name, order date, credit card, renewal date, payment, exchanges)
3Customer loyalty and commercial prospectingClients, users, prospects: first name, last name, email, country
4Measuring Application satisfactionCustomer data: name, first name, gravatar, email, last login date, OS, vote, comments
5Management of www.wp-umbrella.com– Connection data: IP addresses, logs, terminal identifiers, browser logs, contact form data: name, first name, email, message, need, Data of referenced individuals and customers providing testimonials: name, first name, photo, position, testimonials, Email for newsletter subscribers, Audience measurement tracker data is anonymized
6Management of the affiliate programAffiliate identity data, Affiliate-related data: referred customers, commission amounts

6. Data Retention Periods

We commit to retaining personal data only for the time necessary for their processing and then deleting them once they are no longer needed for the purposes outlined above.

No.PURPOSESDATA RETENTION PERIODS
1Technical management of the ApplicationUser account data is retained as long as the user account is active. In the event of 3 years of inactivity (non-client), an email is sent to the user regarding the status of their account. With a positive response, the processed data will be retained for a new period of 3 years. In the absence of a positive and explicit response, the processed data will be deleted or anonymized. Connection data is retained only for the time necessary for the technical operation.
2Customer managementAs long as the client subscription continues, then for 10 years. Support service exchanges are retained for 2 years after the last ticket is closed.
3Customer loyalty and commercial prospecting– Customer loyalty is maintained throughout the contractual relationship, then for 3 years from the end of the contract (consent is required afterward)
– Commercial prospecting is carried out for 3 years from the collection.
4Measuring Application satisfaction10 years from the user’s comment
5Management of the website www.wp-umbrella.com– Connection data is retained only for the time necessary for the technical operation (a few weeks or months maximum).
– Contact form data is retained for 2 years from the last contact.
– Data of referenced individuals and customers providing testimonials are retained for 5 years from publication.
– Email of newsletter subscribers is retained for 3 years from the last contact or click from the person. At the end of this period, the person is contacted to determine if they wish to continue receiving the newsletter. With a positive response, the processed data will be retained for a new period of 3 years. In the absence of a positive and explicit response, the processed data will be deleted or anonymized.
Management of the affiliate program10 years from the end of the affiliation contract.

7. Mandatory or Optional Nature of Data Collection

The collected data are mandatory for fulfilling the processing purposes.

8. Source of Data Collection

LIVEN STUDIO collects Data directly from the concerned individual, except for satisfaction measurement and the affiliate program, where some data are collected using third-party tools.

9. Who are the Recipients of the Data?

The personal data collected are intended for the use of LIVEN STUDIO. However, they may be transmitted to our service providers/suppliers who participate as processors in the management of the WP UMBRELLA Website and Application, such as the Application host (Scaleway) and the online payment service provider Stripe. We ensure that our processors commit to complying with the GDPR. The list of our processors is available upon request (support@wp-umbrella.com). LIVEN STUDIO may disclose personal data to competent authorities in operations aimed at combating any criminally punishable activity.

10. What Security Measures Are Implemented?

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk. We take steps to ensure that any natural person acting under our authority or that of our processors, who has access to personal data, does not process them except on instructions from the data controller, unless obliged to do so.

11. Existence of Data Transfers to Countries Outside the European Union and Associated Guarantees

We may, through our processors, transfer personal data outside the European Union. This is the case, for example, for the hosting of the Website (Kinsta) and payments for WP Umbrella subscriptions (Stripe). LIVEN STUDIO commits not to transfer personal data outside the European Union without having provided, prior to the transfer, appropriate guarantees as defined by the GDPR.

12. Automated Decision-Making

LIVEN STUDIO does not engage in fully automated decision-making.

13. Fate of Personal Data after Death – Right to Access, Rectify, Delete, and Portability of Data

The individual concerned by processing may define directives concerning the storage, erasure, and communication of their personal data after death. These directives can be general or specific. The individual concerned by processing also has the right to access, object, rectify, delete, and, under certain conditions, port their personal data. The individual has the right to withdraw their consent at any time if consent constitutes the legal basis of the processing. The request must indicate the first and last name, email or postal address of the concerned individual, and be signed and accompanied by a valid identity document. For any questions, you can contact us at support@wp-umbrella.com or at the following address: 4 rue de République 69001 Lyon

14. Complaint

The individual concerned by processing has the right to lodge a complaint with the French supervisory authority (CNIL): https://www.cnil.fr/fr/webform/adresser-une-plainte.

Section 2 : Data Processing Agreement

Updated on January 9, 2023

In the context of using the WP UMBRELLA solution (hereinafter referred to as the “Solution” or “WP UMBRELLA Solution”), the company LIVEN STUDIO may carry out the processing of personal data as a processor on behalf of its users (hereinafter “Users”): freelance developers or web agencies working on WordPress sites.

Under this data processing agreement, the User entrusts LIVEN STUDIO with the processing of personal data. In this context, the User acts as the data controller with respect to LIVEN STUDIO, which in turn acts as a processor.

This agreement is made in accordance with the provisions of Law No. 78-17 of January 6, 1978 (known as “Data Protection Act” or “LIL”) and the General Data Protection Regulation (“GDPR”) No. 2016/679. Each party undertakes to comply with the obligations incumbent upon them under this regulation and this agreement.

1. Purpose of this personal data processing agreement

This agreement aims to define the conditions under which LIVEN STUDIO, in its capacity as a processor, carries out the processing of personal data on behalf of the User, who is the data controller. To consult the processing carried out by LIVEN STUDIO as a data controller, the User is invited to refer to the Privacy Policy.

2. Definitions

Personal Data: Refers to any information relating to an identified or identifiable person. A person who can be identified, directly or indirectly, in particular by reference to an identifier or one or more specific elements unique to their identity, is deemed identifiable.

Regulation: Refers to the applicable regulations for the Parties on the date of the considered Processing, in particular, Law No. 78-17 of January 6, 1978 (known as “Data Protection Act” or “LIL”) and the General Data Protection Regulation (“GDPR”) 2016/679 of the European Parliament and of the Council of April 27, 2016.

Processing: Refers to any operation or set of operations carried out on Personal Data, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, as well as locking, erasing, or destruction, regardless of whether this operation is carried out automatically or not.

Data Controller: Refers to the Party who, alone or jointly, determines the purposes and means of a Processing. In the context of this agreement, and with respect to LIVEN STUDIO, the data controller is the User.

Processor: Refers to any natural or legal person who processes Personal Data on behalf of the Data Controller. In the context of this agreement, the Processor with respect to the User is LIVEN STUDIO.

Data Subject(s): Refers to any natural person whose Personal Data may be subject to Processing by the Processor under this agreement.

3. User obligations

In the context of using the WP UMBRELLA Solution, LIVEN STUDIO performs processing of personal data of the User’s end client(s), as well as individuals interacting with the WordPress site(s) of these end client(s). The User entrusts LIVEN STUDIO with “cascading” subcontracting activities on personal data, on behalf of their end client(s). The User, as a Data Controller with respect to LIVEN STUDIO and as a processor with respect to their end client(s), commits to complying with all obligations incumbent upon them under the Regulation. In particular, the User declares to have informed and signed a written data processing agreement in accordance with Article 28 of the GDPR, with their end client(s), expressly authorizing them to use the WP UMBRELLA Solution, install the WP UMBRELLA plugin on their WordPress site(s) and perform the personal data Processing described below, under the conditions defined in this agreement. The User undertakes that the data processing agreement to be concluded between them and their end client(s) reflects the personal data processing described below in Article 4 and complies with the conditions defined in this agreement.

4. Characteristics of the Processing

The User’s instructions according to which LIVEN STUDIO must carry out the Data Processing are those set out in this agreement. Any modification of the agreement must be established in the form of a written amendment signed by both Parties.

The processing may have the following purposes:

  • Automatic backup of sites
  • Establishment of maintenance reports related to sites
  • Cleaning of databases

The Processing instructions may include the following:

  • Perform backups of sites and the data they contain, according to the frequency chosen by the User (every hour, daily, weekly)
  • Generate and distribute maintenance reports for the end client(s), related to the technical health of the internet site(s)
  • Delete unnecessary data from databases.

The Processing may consist of: Consultation, structuring, exporting, preservation, transmission, dissemination, deletion

The Data Subjects may be:

  • The end client of the User: i.e., the publisher of the site on which the WP UMBRELLA plugin is installed
  • Individuals interacting with the end client’s site (internet users – administrators – users)

The types of Data processed may be:

  • Identification data of the end client: name, first name, site address, email, telephone.
  • Data stored on the end client’s site. These Data may include (depending on the site):
    • Civil status, identity, identification data, images (name, first name, address, photograph, date and place of birth, etc.)
    • Connection data (IP addresses, logs, terminal identifiers, login identifiers, timestamp information, etc.)
    • Location data (movements, GPS data, GSM, etc.)
    • Personal life (lifestyle habits, family situation…)

The User ensures that no sensitive data is processed under this agreement.

5. Duration of Retention of Processed Data:

If the User is a client of LIVEN STUDIO, i.e., they have subscribed to a paid subscription: the saved data (backups) are deleted after 100 days (however, they are only available to the User for 50 days). They are also deleted if the User removes the project linked to the backup. Maintenance reports are retained for a duration corresponding to the length of the paid subscription to WP UMBRELLA + 90 days.

If the User does not subscribe to the paid WP UMBRELLA subscription upon the expiration of their 14-day free trial from the creation of their account: backups and management reports are deleted 90 days after the end of the free trial period or upon deletion by the User of the project linked to the backup.

Data processed in the context of cleaning databases (spam) are deleted at the User’s request.

6. Obligations of LIVEN STUDIO

The User acknowledges that the obligations of LIVEN STUDIO enable them to fully satisfy their obligations under the Regulation. LIVEN STUDIO, in its capacity as a processor, commits to processing Data only on documented instructions from the User.

LIVEN STUDIO undertakes not to transfer the Data outside of the European Union without having provided, prior to the transfer, appropriate safeguards as defined by the Regulation. To this end, the Parties agree that the transfer of Data may be governed by LIVEN STUDIO’s acceptance of the European Commission’s Standard Contractual Clauses – module 3 (transfer from processor to processor). The User authorizes LIVEN STUDIO to transfer the Data processed by LIVEN STUDIO.

Furthermore, LIVEN STUDIO commits to:

  • Implement appropriate technical and organizational measures considering the state of knowledge, implementation costs, and the nature, scope, context, and purposes of processing as well as the associated risks, to prevent any loss, damage, alteration, or unauthorized access to the Data;
  • Ensure that all persons authorized to process the Data under its responsibility commit to respecting confidentiality;
  • Destroy all the Data it holds at the end of the agreed retention periods, unless there is an express and prior request from the User for the return of these Data (in which case they will be returned in the format used by LIVEN STUDIO); upon request from the User, this return can be made in another format and/or be accompanied by assistance services provided under the conditions of reversibility specified by LIVEN STUDIO; in any case, LIVEN STUDIO will delete any copy of these Data following the aforementioned procedures, unless Union law or the law of the Member State requires the retention of these Data;
  • Ensure, in the event of using a service provider (who will then be qualified as a “subsequent processor”), to pass on all the contractual obligations regarding Data protection imposed on it; it is specified that the User gives LIVEN STUDIO general authorization to subcontract the Processing to subsequent processors of its choice. The list of these subsequent processors is available upon request.
  • Provide the User, considering the nature of the Processing and the information available to LIVEN STUDIO, with all necessary information to enable them to fulfill their obligations under Articles 35 and 36 of the GDPR, if applicable;
  • Assist the User, considering the nature of the Processing, with appropriate technical and organizational measures, so that the latter can fulfill their obligation to respond to requests from Data Subjects wishing to exercise their rights under Chapter III of the GDPR;
  • Notify the User of any Data breach (as defined in Article 4 of the GDPR) as soon as possible after becoming aware of it, in accordance with the provisions of Article 33.2 of the GDPR;
  • Provide the User, upon request and when required by the GDPR, with the necessary information to enable them to notify the supervisory authority or the Data Subjects;
  • Immediately inform the User if, in its opinion, an instruction constitutes a violation of the provisions of the GDPR;
  • In the event that LIVEN STUDIO is required to transfer Data under the law to which it is subject, it commits to informing the User of this legal obligation before processing, unless the relevant law prohibits such information for significant reasons of public interest.
  • The User may, at their expense, conduct or have conducted, by any service provider of their choice bound by professional secrecy, audits related to the compliance of LIVEN STUDIO with its obligations regarding the processing of personal data under this agreement, during its execution. The User commits to notifying LIVEN STUDIO in writing of any audit mission with a minimum notice of ten (10) calendar days, communicating the purpose of the mission, the envisaged duration of the mission, which may not exceed 4 days, and the names of the appointed experts. The Parties will agree on the scheduling of the audit, the auditor committing to cause minimal disruption in LIVEN STUDIO’s activities. A copy of the audit report prepared by the auditor will be given to each party and will be jointly reviewed by the Parties, who commit to meeting for this purpose. If the audit confirms a breach by LIVEN STUDIO of its obligations, it will bear the audit costs and implement, at its expense, the necessary corrective measures within thirty (30) working days from the delivery of the audit report. Except as provided above, the User bears all costs incurred by them for the audits. In the absence of correction within the said period, the User may terminate this agreement and the WP UMBRELLA subscription for breach, under the conditions provided in the General Terms and Conditions of Sale.

In the context of the points mentioned above, the User undertakes to formulate their requests within sufficient time to allow LIVEN STUDIO to respond without disrupting its activity or having to work urgently, except for compelling reasons beyond the control of the User. The services referred to in this article will be provided by LIVEN STUDIO at no additional cost, without prejudice to any additional requests from the User, which will be billed according to a quote previously validated by the User, except in urgent cases (in which case the services will be provided at the current rate of LIVEN STUDIO on the day of the request).

Furthermore, in accordance with Article 30.2 of the GDPR, LIVEN STUDIO will keep a register of processing activities carried out on behalf of the User. In this context, LIVEN STUDIO must record the contact details of the person in charge of issues related to the protection of personal data or, where applicable, the Data Protection Officer (DPO) of the User, if the User communicates this information.

The User is informed that the GDPR representative designated by LIVEN STUDIO is: Mr. Aurelio Volle, legal representative of LIVEN STUDIO. He can be reached by email: support@wp-umbrella.com.

This agreement will enter into force on the date of creation of the User’s account on the WP UMBRELLA Solution. It will remain in force as long as LIVEN STUDIO performs Processing entrusted by the User under the Terms of Use and the present agreement.