Privacy Policy

1. Introduction

Welcome to memento.uno. We are a digital memorial platform dedicated to helping families and loved ones preserve and share memories of those who matter most. Memento.uno is operated by Memento, UAB, a company registered in the Republic of Lithuania, European Union.

We are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your information when you use our website and services at memento.uno (the "Service"). It applies to all users of our platform, whether you are creating a memorial, contributing content, or simply visiting our site.

We process personal data in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and applicable Lithuanian data protection legislation. By using our Service, you acknowledge that you have read and understood this Privacy Policy.

2. Data We Collect

2.1 Account Data

When you register for an account, we collect your name, email address, and password (stored in hashed form). If you choose to complete your profile, we may also collect your phone number and profile photograph. This information is necessary for us to provide you with access to the Service and to communicate with you about your account.

2.2 Memorial Data

When you create or contribute to a memorial, we collect the content you provide. This includes photographs, written tributes, biographical information, dates of birth and death, and any other text, images, or media you upload. Memorial data may include personal information about the deceased person and, in some cases, about living individuals who are mentioned in tributes or appear in photographs.

2.3 Usage Data

We automatically collect certain technical information when you visit our website. This includes your IP address (anonymised where possible), browser type and version, operating system, referring URLs, pages visited, time spent on pages, and general interaction patterns. We collect this data through cookies and similar technologies, as described in our Cookie Policy.

2.4 Payment Data

If you purchase a subscription or physical product (such as a QR code panel), your payment is processed by our third-party payment processor. We do not store your full credit card number, bank account details, or other sensitive financial information on our servers. We receive only a transaction reference, the amount paid, and confirmation of successful payment from our payment processor.

3. How We Use Your Data

We use the personal data we collect for the following purposes:

To provide and maintain the Service. Your account data allows us to authenticate you, manage your subscription, and provide access to memorial creation and management tools. Memorial data is used to display the memorials you create on the platform and, where applicable, to link them to physical QR code panels.

To improve and develop the platform. We analyse aggregated and anonymised usage data to understand how people use our Service, identify areas for improvement, and develop new features. We do not use individual memorial content for analytics or product development purposes.

To communicate with you. We use your email address to send essential service communications, such as account confirmations, subscription renewal notices, and important updates about the Service. With your consent, we may also send you occasional communications about new features or relevant content.

To comply with legal obligations. We may process your data where necessary to comply with applicable laws, regulations, or legal processes, including tax and accounting requirements related to paid subscriptions.

4. Legal Basis for Processing (GDPR Article 6)

We process your personal data on the following legal bases under GDPR Article 6(1):

Consent (Art. 6(1)(a)). Where you have given us clear, affirmative consent to process your data for specific purposes, such as receiving marketing communications or enabling non-essential cookies. You may withdraw your consent at any time.

Performance of a contract (Art. 6(1)(b)). Processing that is necessary for us to provide you with the Service you have requested, including account management, memorial hosting, subscription processing, and delivery of physical products.

Legitimate interest (Art. 6(1)(f)). Processing that is necessary for our legitimate business interests, provided these interests are not overridden by your rights and freedoms. This includes platform security, fraud prevention, service improvement through aggregated analytics, and ensuring the integrity of memorial content.

Legal obligation (Art. 6(1)(c)). Processing that is necessary for us to comply with a legal obligation to which we are subject, such as maintaining financial records for tax purposes or responding to lawful data access requests from authorities.

5. Data Retention

We retain your personal data for as long as your account is active and your subscription is in good standing. Memorial content remains accessible on the platform for the duration of your active subscription, ensuring that the memories you have created continue to be available to those you have shared them with.

If you cancel your subscription, we retain your account data and memorial content for a grace period of thirty (30) days following the end of your current billing cycle. During this grace period, you may reactivate your subscription and regain full access to your memorials. After the grace period expires, your memorial content will be archived and will no longer be publicly accessible.

You may request permanent deletion of your account and all associated data at any time by contacting us at dpo@memento.uno. Upon receiving a verified deletion request, we will permanently erase your personal data and memorial content within thirty (30) days, except where we are legally required to retain certain information (such as transaction records for tax compliance).

6. Your Rights Under GDPR

As a data subject under the GDPR, you have the following rights with respect to your personal data:

• Right of access — You have the right to request a copy of the personal data we hold about you, along with information about how it is processed.
• Right to rectification — You have the right to request correction of any inaccurate or incomplete personal data we hold about you.
• Right to erasure — You have the right to request the deletion of your personal data where there is no compelling reason for us to continue processing it.
• Right to data portability — You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.
• Right to restriction of processing — You have the right to request that we restrict the processing of your personal data in certain circumstances.
• Right to object — You have the right to object to the processing of your personal data where we rely on legitimate interest as our legal basis.
• Right to withdraw consent — Where processing is based on your consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.
• Right to lodge a complaint — You have the right to lodge a complaint with a supervisory authority. In Lithuania, the relevant authority is the State Data Protection Inspectorate (Valstybinė duomenų apsaugos inspekcija, vdai.lrv.lt).

To exercise any of these rights, please contact our Data Protection Officer at dpo@memento.uno. We will respond to your request within thirty (30) days in accordance with GDPR requirements.

7. Data Sharing

We do not sell, rent, or trade your personal data to third parties. We believe your data belongs to you, and we treat it with the care and respect it deserves.

We may share your data with a limited number of trusted third-party processors who assist us in operating the Service. These processors act only on our instructions and are contractually bound to protect your data in accordance with GDPR. Our third-party processors include our hosting infrastructure provider, our payment processor, and our transactional email service provider.

We select processors based within the European Union wherever possible. All processors are subject to appropriate data processing agreements that ensure a level of data protection consistent with this Privacy Policy and the GDPR.

We may also disclose your personal data if required to do so by law, or if we believe in good faith that such disclosure is necessary to comply with a legal obligation, protect our rights or safety, or investigate potential violations of our Terms of Service.

8. International Data Transfers

Our servers and primary data infrastructure are located within the European Union. We make every effort to ensure that your personal data remains within the EU at all times.

In the event that any data transfer outside the European Economic Area becomes necessary (for example, through the use of a third-party service provider), we will ensure that appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission or an adequacy decision under GDPR Article 45. We will not transfer your data to any country that does not provide an adequate level of data protection without implementing appropriate supplementary measures.

9. Cookies

We use cookies and similar technologies to operate our website, remember your preferences, and analyse how our Service is used. For detailed information about the cookies we use, their purposes, and how to manage your cookie preferences, please refer to our Cookie Policy.

10. Children's Privacy

Our Service is not intended for use by children under the age of sixteen (16). We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16 without verified parental consent, we will take prompt steps to delete that information from our servers. If you believe that a child under 16 has provided us with personal data, please contact us immediately at dpo@memento.uno.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes to this policy, we will notify you by sending an email to the address associated with your account and by displaying a prominent notice on our website at least fourteen (14) days before the changes take effect.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data. The "Last updated" date at the top of this page indicates when this policy was most recently revised.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please do not hesitate to contact us:

Data Protection Officer
Email: dpo@memento.uno

Memento, UAB
Vilnius, Lithuania
European Union

General enquiries
Email: hello@memento.uno