Summary – Policy Overview
This Policy explains how we may Process your information. This Policy may be amended or updated from time to time, so please check it regularly for updates.
Summary – Categories of Information We May Process
We may Process: your personal details (e.g., your name); demographic data (e.g., your age); your contact details (e.g., your address); records of your consents; purchase details; details of your employer (where relevant); information about your interactions with our content or advertising; and any views or opinions you provide to us.
We may also Process information about you from your use of our Services (e.g., the type of device you are using, the internet service provider, etc.), including your interactions with content and advertising on the Services.
“Personal Information” means information that is about any individual, or from which any individual is directly or indirectly identifiable.
“Process”, “Processing” or “Processed” means anything that is done with any Personal Information, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
We may Process the following categories of Personal Information about you:
We also collect other kinds of information from you or other sources, which we refer to as “Other Information” in this Policy, which may include but is not limited to:
Under certain circumstances and depending on applicable law, some of this Other Information may constitute Personal Information. Personal Information together with Other Information is hereinafter referred to as “User Information”.
Summary – Sensitive Personal Information
We do not seek to collect or otherwise Process your Sensitive Personal Information. Where we need to Process your Sensitive Personal Information for a legitimate purpose, we do so in accordance with applicable law. The Services are not intended for use by children.
We do not collect or otherwise Process Personal Information about race or ethnicity, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health, sexual life, any actual or alleged criminal offences or penalties, or any other information that may be deemed to be sensitive under GDPR (collectively, “Sensitive Personal Information”) in the ordinary course of our business. Where it becomes necessary to Process Sensitive Personal Information under GDPR, we would rely on one of the following legal bases:
The Services are not intended for use by children, especially those under 13. No one under the age of 13 should provide any Personal Information or use our public discussion areas, forums or chats. Minors under the age of 18 are not permitted to make purchases through the Services or obtaining coupons or codes from the Services to purchase goods or services on third party websites. If, notwithstanding these prohibitions, your children disclose information about themselves in our public discussion areas, consequences may occur that are not intended for children (for example, they may receive unsolicited messages from other parties). If it is discovered that we have collected Personal Information from someone under 13, we will delete that information immediately.
Summary – Collection and Creation of Information
We may collect or obtain User Information about you: directly from you (e.g., where you contact us); in the course of our relationship with you (e.g., if you make a purchase); when you make your Personal Information public (e.g., if you make a public post about us on social media); when you download, install, or use any of our Services; when you visit our Services; when you register to use any part of the Services; or when you interact with any third party content or advertising on the Services. We may also receive User Information about you from third parties (e.g., social network sites). We may also create User Information about you, such as records of your interactions with us. Mitredx is not responsible for Personal Information you volunteer about yourself in public areas of the Services. This Policy does not cover the practices of third parties who may provide information about you to Mitredx.
Collection of User Information: We may collect User Information about you from the following sources:
Creation of User Information. We may also create User Information about you, such as records of your interactions with us and details of your purchase history, for internal administrative purposes and analysis. We may also combine data you have provided to us with data obtained from third parties such as social networks and other data collection entities.
Summary – Purposes for Which We May Process Your Information
We may Process User Information for the following purposes: providing the Services to you; communicating with you; providing advertising to you on the Services and Channels; analyzing engagement with our audience; observing user engagement and purchase activity across the Service and Channels; offering business-to-business lead generation services; marketing our services and offerings to current and prospective customers; managing our IT systems; financial management; conducting surveys; ensuring the security of our systems; conducting investigations where necessary; compliance with applicable law; and improving our Services.
The purposes for which we may Process User Information, subject to applicable law, include:
Summary – Direct Marketing
We may Process your User Information to contact you with information regarding services that may be of interest to you. You may unsubscribe for free or opt out of SMS messages at any time.
We may Process your User Information to contact you via email, telephone, direct mail, SMS or other methods of communication to provide you with information regarding the Services that may be of interest to you. We may send information to you regarding the Services, upcoming promotions and other information that may be of interest to you, using the contact details that you have provided to us and always in compliance with applicable law.
You may unsubscribe from our newsletter lists at any time by following the unsubscribe instructions included in every email we send. We will not send you any emails from a list you have selected to be unsubscribed from, but we may continue to contact you to the extent necessary for the purposes of any other Services you have requested or for additional emails you have signed up for. You may opt out of any telephone marketing by contacting us at the contact details set out in Section 17 below. You may opt out of SMS messages by texting STOP to the received SMS. You can also text HELP for assistance, or contact Customer Service. You will not be charged by us for receiving or sending SMS messages, however, we make no representations, warranties or guarantees that a particular wireless service program will enable you to participate in an SMS program.
Summary – Cookies, Similar Technologies and Online Behavioral Advertising
Mitredx and/or certain third parties may collect information about you for online behavioral advertising purposes in order for you to receive relevant interest-based advertising on the Services and on other websites, platforms and media channels. We use Online Data as well as other User Information to send you online behavioral ads. Online Data is aggregated with the Other Information and data we collect and/or similar data collected by partners to create groups of users and certain general-interest categories or segments that we have inferred. We use this information to get a more accurate picture of audience interests in order to serve ads we believe are more relevant to your interests.
Tracking technologies on the Services may be deployed by Mitredx and/or by our service providers or partners. Certain tracking technologies enable us to assign a unique identifier to you, and relate information about your use of the Services to other information about you, including your User Information. We may match information collected from you through different means or at different times and use such information along with offline and online information obtained from other sources (including from third parties), including, but not limited to, demographic information and updated contact information, for the purposes of learning more about you so we can provide you with relevant content and advertising.
We and our partners (including but not limited to e-commerce partners, affiliates, and analytics providers) also may use technologies such as pixel tags, e-tags, IP addresses, Local Shared Objects, Local Storage, Flash cookies and HTML5 to analyze trends; administer the Services; collect and store information such as user settings, anonymous browser identifiers and video viewing history; supplement our server logs and other methods of traffic and response measurement; track users’ location and movements around the Services; gather demographic information about our user base; and to improve our understanding of traffic on the Services, visitor behavior, and responses to promotional campaigns. We may receive reports based on the use of these technologies by these third party companies on an individual and aggregated basis. For example, we may connect information about your IP address to known corporate or User Information and use the associated information related to aggregate content preferences to assist in our efforts to market services to you or the originating corporation(s). Various browsers may offer their own management tools for removing Local Storage. To manage Flash Local Shared Objects please click here.
We may use mobile analytics software to collect data and to better understand the functionality of our mobile software, devices and applications on your phone and other devices. This software may record information such as how often you use the application, the events that occur within the application, aggregated usage, performance data, and where the application was downloaded from. We may link this information to User Information.
Mitredx and/or certain third parties may collect information about you for online behavioral advertising (“OBA”) purposes in order for you to receive relevant interest-based advertising on the Services and on other websites, platforms and media channels. OBA is also referred to as interest-based advertising.
The specific providers we use for OBA are subject to change. For a list of some of the applicable providers, click here. For information about how to opt out of tracking methods for these entities and others, click here. For more details about OBA and opting out, see Section 15 below.
Summary – Lawful Basis for Processing User Information
We may Process your User Information where: you have given your consent; the Processing is necessary for a contract between you and us; the Processing is required by applicable law; the Processing is necessary to protect the vital interests of any individual; or where we have a valid legitimate interest in the Processing.
In Processing your User Information in connection with the purposes set out in this Policy, we may rely on one or more of the following legal bases, depending on the circumstances:
Summary – Disclosure of User Information to Third Parties
We may disclose your User Information to: legal and regulatory authorities; our external advisors; parties who Process User Information on our behalf (“Processors”); any party as necessary in connection with legal proceedings; any party as necessary for investigating, detecting or preventing criminal offences; any purchaser of our business; and any third party providers of advertising, plugins or content used on the Services.
We may disclose your User Information to other entities within the Company group, for legitimate business purposes (including operating the Services, and providing services to you), in accordance with applicable law. In addition, we may disclose your User Information to:
For some of our Services, we may make some information, such as the name of our users, their mailing address, phone number, email address—and in certain circumstances their employer’s name, company size and other industry data—available on a rental or other basis (e.g., sale) to third party providers of goods and services, for example, when such information is provided in connection with webcasts, white papers or other sponsored downloads.
When you use a co-branded service (a service operated with a partner of Mitredx), or register or otherwise provide information on a co-branded site, you grant us permission to pass the collected information back to that partner, which may include third party service providers whose services are embedded into and/or appear within the Services;
With respect to surveys, in the event that responses are publicly disclosed, users will be notified at the time they take the survey. Otherwise we will disclose only aggregate information regarding its users’ responses in surveys to other participants in the survey. Where surveys allow users to submit written comments, and where Mitredx advises users of the possibility of such disclosure at the time they take the survey, Mitredx reserves the right to disclose any information provided by users, provided that no User Information identifying a specific user is disclosed.
Mitredx and some of our advertisers may use third party advertising service companies to serve advertisements, for OBA or otherwise, and perform related services when you interact with the Services. Often, these third party advertising companies employ cookies and other technologies to measure the effectiveness of website, app and email advertisements and to create a record of interaction with our content that they use in conjunction with their advertising which appears on other sites or applications, or for reporting website traffic, app use, statistics, advertisement data and/or other activities on the Services. We also engage third party providers to assist with the segmentation of this data.
We may also sell or transfer Online Data to certain third parties such as advertisers who will use this data to serve ads that they believe are relevant to your interests, and who agree to maintain the confidentiality of this information. Some of these third parties may combine the Online Data with their own data about you to form a more detailed picture.
We may engage third party providers to assist with the collection, storage and segmentation of Online Data and the providers are required to maintain the confidentiality of this information. These third party providers may collect User Information from our Services for their own purposes, including but not limited to monitoring fraud around the web.
We may also engage third parties for the purpose of recognizing our users and delivering interest-based content and advertisements to them. We may share your User Information with our partners such as your name, postal address, email, or other identifier. Our partners may also: (i) collect information directly from your device, such as your IP address, device ID, advertising ID, and information about your browser or operating system; (ii) combine User Information about you received from Mitredx with information about you from other sites or services; and (iii) place or recognize a unique cookie on your browser.
If we engage a third-party Processor to Process your User Information, the Processor will be subject to binding contractual obligations to: (i) only Process the User Information in accordance with our prior written instructions; and (ii) use measures to protect the confidentiality and security of the User Information; together with any additional requirements under applicable law.
Summary – International Transfers of Information
We may transfer your Personal Information to recipients in other countries. Mitredx participates in the E.U.-U.S. Privacy Shield, the Swiss-U.S. Privacy Shield and the APEC Cross Border Privacy Rules System. Where we transfer User Information from the European Economic Area (“EEA”) to a recipient outside the EEA that is not in an adequate jurisdiction, we do so on the basis of standard contractual clauses.
Because of the international nature of our business, we may need to transfer your User Information within the Mitredx group of companies, and to third parties as noted in Section 9 above, in connection with the purposes set out in this Policy. For this reason, we may transfer your User Information to other countries that may have different laws and data protection compliance requirements to those that apply in the country in which you are located.
Where we transfer your Personal Information from the EEA to recipients located outside the EEA who are not in a jurisdiction that has been formally designated by the European Commission as providing an adequate level of protection for Personal Information, we do so on the basis of standard contractual clauses. You may request a copy of the relevant standard contractual clauses using the contact details provided in Section 17 below.
Please note that we may use data collected by a third party operator/licensee of localized versions or editions of Services.
Summary – Data Security
We implement appropriate technical and organizational security measures to protect your User Information. Please ensure that any Personal Information that you send to us is sent securely.
We have implemented appropriate technical and organizational security measures designed to protect your User Information against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, unauthorized access, and other unlawful or unauthorized forms of Processing, in accordance with applicable law. In certain instances we may use Secure Sockets Layer encryption and/or transfer certain User Information in a non-human readable format to provide protection. However, we cannot guarantee there will not be a breach, and we are not responsible for any breach of security or for the actions of any third parties.
Because the internet is an open system, the transmission of information via the internet is not completely secure. Although we will implement reasonable measures to protect your information, we cannot guarantee the security of your data transmitted to us using the internet. Any such transmission is at your own risk and you are responsible for ensuring that any Personal Information that you send to us are sent securely.
Summary – Data Accuracy
We take every reasonable step to ensure that your User Information is kept accurate and up-to-date and are erased or rectified if we become aware of inaccuracies.
We take every reasonable step to ensure that your User Information that we Process is accurate and, where necessary, kept up to date, and any of your User Information that we Process that you inform us is inaccurate (having regard to the purposes for which they are Processed) is erased or rectified.
Summary – Data Minimization
We take every reasonable step to limit the volume of your User Information that we Process to what is necessary.
We take every reasonable step to ensure that your User Information that we Process is limited to the User Information reasonably necessary in connection with the purposes set out in this Policy or as required to provide you services or access to the Services.
Summary – Data Retention
We take every reasonable step to ensure that your User Information is only retained for as long as they are needed. Online Data related to OBA is kept by Mitredx for not more than 180 days after which it will expire, subject to certain conditions.
We take every reasonable step to ensure that your User Information is only Processed for the minimum period necessary for the purposes set out in this Policy. The criteria for determining the duration for which we will keep your User Information are as follows: we will retain copies of your User Information in a form that permits identification only for as long as is necessary in connection with the purposes set out in this Policy, unless applicable law requires a longer retention period. Unless there is a specific legal requirement for us to keep the information, we plan to retain it for no longer than is necessary to fulfill a legitimate business need.
Summary – What Can I Do to Control My Information?
You can directly take steps to change your preferences for newsletters and online behavioral advertising as outlined in this section.
If you are an EU resident, you may have certain rights including: the right not to provide your Personal Information to us; the right of access to your Personal Information; the right to request rectification of inaccuracies; the right to request the erasure, or restriction of Processing, of your Personal Information; the right to object to the Processing of your Personal Information; the right to have your Personal Information transferred to another controller; the right to withdraw consent; and the right to lodge complaints with supervisory authorities. We may require proof of or need to verify your identity before we can give effect to these rights.
You may directly take steps to change your preferences as follows:
Your Newsletter and Email Subscriptions. You can opt out or unsubscribe to a newsletter or other email list at any time by following the instructions at the end of the newsletters or emails you receive. Please allow five to ten business days for changes to take effect. On some Services, member service-related communications are an integral part of such Services to which you subscribe and you may continue to receive emails as part of that particular portion of the Services unless you cancel your account, even if you opt out of the newsletters or email list. If you have provided more than one email address to us, you may continue to be contacted unless you request to unsubscribe each email address you have provided.
Push Notifications. We send you push notifications from time-to-time in order to update you about any events or promotions that we may be running. If you no longer wish to receive these types of communications, you may turn them off at the device level. To ensure you receive proper notifications, we will need to collect certain information about your device such as operating system and user identification information.
OBA. Mitredx is a member of the Digital Advertising Alliance (“DAA”) in the U.S., E.U. and Canada and uses third party assurance platforms to comply with the DAA principles. Mitredx strives to adhere to the self-regulatory organization principles for the DAA (US), the DAAC (Canada) and the EDAA (EU). Online ads on the Services using Online Data are delivered with the DAA Ad Marker Icon , which helps users understand how their data is being used and provides choices for users who want more control. This icon is also on each of our web pages and applications where Online Data is collected that will be used for OBA purposes.
The DAA Ad Marker Icon provides information (and links to other information) on online behavioral ads, who is collecting and using your Online Data, how you can opt out and more. If you would prefer that we not collect Online Data that may be used to help determine which advertisements to serve you, opt out by clicking this icon , which can be found on most of our webpages and mobile applications.
Cookies and Pixel Tags. You may stop or restrict cookies and pixel tags on your computer or purge cookies from your browser by adjusting your web browser preferences. However, if you “turn off,” purge, or disable cookies or pixel tags, although you may still use the Services, you may not be able to use all of the features, functions, or services available on the Services.
Location Based Services. You may opt-out of having your Precise Location Data collected by Mitredx at any time by editing the appropriate setting on your mobile device (which is usually located in the Settings area of your device).
California Residents. In accordance with the California Online Privacy Protection Act, we may collect Personal Information about your online activities when you use the Services. While we give our users many avenues to opt out of providing Personal Information, we do not respond to Web browsers’ “do not track” signals. California’s “Shine the Light” law, Civil Code Section 1798.83, permits our users who are California residents to periodically request and obtain certain information about any Personal Information disclosed to third parties for direct marketing purposes. If you are a California resident and wish to make such a request or if you wish for us to refrain from gathering your Personal Information, please submit your request in writing to the contact details set out in Section 17 below.
EU Residents. GDPR provides certain rights for EU residents. You may decline to share certain information with us, in which case we may not be able to provide some of the features and functionality of the Services. These rights include, in accordance with applicable law, the right to object to or request the restriction of processing of your information, and to request access to, rectification, erasure and portability of your own information. Where we process your information on the basis of your consent, you have the right to withdraw that consent (noting that such withdrawal does not affect the lawfulness of any Processing performed prior to the date on which we receive notice of such withdrawal, and does not prevent the Processing of your Personal Information in reliance upon any other available legal bases). Requests should be submitted by contacting us (using the contact instructions in Section 17 below). If you are an EU resident and have any unresolved privacy concern that we have not addressed satisfactorily after contacting us, you have the right to contact the appropriate EU Supervisory Authority and lodge a complaint.
Summary – Contact Details
You may contact us at the addresses set out below or by emailing [email protected]
Attention: Legal Department
114 Fifth Avenue, 15th Floor
New York, NY 10011
If you are an EU resident, you may contact our Data Protection Officer at [email protected]
If you have any comments, questions or concerns about any of the information in this Policy, or any other issues relating to the Processing of User Information carried out by us, or on our behalf, please contact:
Attention: Legal Department
114 Fifth Avenue, 15th Floor
New York, NY 10011
Our Data Protection Officer may be contacted at [email protected]
If you have an unresolved concern regarding your privacy or our use of data that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) by clicking here.
Monday, May 16th 2022 - 00:04:23 AM