Privacy Shield Policy
MRP PRIVACY SHIELD POLICY
Last revised: March 05 2019
In accordance with our commitment to protect personal privacy, Market Resource Partners LLC and its affiliates (“MRP”) comply with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use and retention of personal information transferred from European Union and Switzerland to the United States respectively. MRP has certified to the Department of State that it adheres to the Privacy Shield Principles (“Principles”). If there is any conflict between this Policy and the Privacy Shield Principles, then the Privacy Shield Principles shall prevail. To learn more about the Privacy Shield Program and to view our certification, please visit https://www.privacyshield.gov/welcome. A list of participants can be found at https://www.privacyshield.gov/list.
The Federal Trade Commission (FTC) has jurisdiction over MRPs compliance with the Privacy Shield.
All MRP employees who handle Personal Data from Europe and/or Switzerland are required to comply with the Principles stated in this Policy.
SCOPE OF THIS PRIVACY SHIELD POLICY
This Policy applies to the processing of Personally Data that MRP receives or collects in the United States or transfers to the United States concerning Individuals who reside in the European Union or Switzerland.
This Policy does not cover data from which individual persons cannot be identified or situations in which pseudonyms are used. (The use of pseudonyms involves the replacement of names or other identifiers with substitutes so that identification of individual persons is not possible.)
COLLECTION OF PERSONAL DATA
The types of information that we may collect (directly from you or from third-party sources) and our privacy practices depend on the nature of the relationship you have with MRP and the requirements of applicable law. This section describes how we collect and use that information. This includes an overview of the type of information that we collect directly and automatically, the types of information that we receive from other sources and why we collect that information.
A. Information That You Provide to Us.
Certain parts of the MRP Sites may ask you to provide Personal Data voluntarily. For example, we collect Personal Data when you apply for a job at MRP, request a Prelytix demo, express an interest in obtaining additional information about MRP or our services, subscribe to marketing emails, or otherwise contact us. This Personal Data is collected by MRP to provide you with the best and most useful content and services, and to offer you opportunities to obtain other products and services from us and our Partners.
The Personal Data we collect may include business contact information (e.g. your name, mailing address, telephone number or email address) and contact preferences. It may also include professional information (e.g. your job title, department or job role) as well as the nature of your request or communication. We also collect information that you choose to provide to us when you complete ‘free text’ boxes on our forms.
Through Prelytix, clients may be able to provide additional data, including their authorised user and target contact information. MRP uses this information only to provide clients with services and as otherwise agreed to in their respective agreements. MRP may derive insights from usage of these features and types of insight typically derived from customer usage and customer-provided data but does not use any client-provided data except to provide its services.
During marketing services
You may provide us with information (which may include Personal Data) during a marketing call or in response to an email or direct mail campaign e.g. you may provide us information regarding alternative contacts methods or updating details. The Personal Data we collect during the marketing services may include business contact information (e.g. your name, mailing address, telephone number or email address) and contact preferences. We may also collect professional information (e.g. your job title, department or job role).
B. Information That We or Third Parties collect automatically
MRP Ad Services
When End Users visit Third Party Sites, we may (and our Partners or vendors may) use and deploy Technologies to automatically collect certain information about the End Users and their devices. Some of this information (including, for example, an IP address and unique identifiers stored in a cookie) may identify a computer or device and may in certain circumstances be considered “Personal Data”. However, the MRP Ad Services are designed to process information in such a manner that the information cannot be directly attributed to a specific, identifiable individual without the use of additional information (such as your name, address, or email address). We may collect this information by assigning a random unique identifier to your device the first time you interact with an advertisement on a Third-Party Site. This unique identifier may then associate you with information that we may collect about you. This information we may collect includes information about your browser and device information, information about your online behaviour and information about ads served, viewed or clicked on.
C. Information we receive from other Sources
We may also combine, merge, and/or enhance the information we collect about you with information collected from third parties such as other web-based and mobile networks, exchanges and websites (“Partners“) or our clients.
This information may include hashed identifiers derived from other information such as email addresses, mobile device IDs, demographic or interest data (like your industry, employer, company size, job title or department) and content viewed or actions taken on a Third-Party Site to help make the ads served to an End User more relevant while limiting exposure to less relevant ads.
As part of our marketing services, we may receive business contact lists from our clients to use as part of a marketing campaign. This data is only used for the client providing the information and in accordance with the client’s instructions. From time to time, we may also obtain information from the reception of a business which may include business contact information (e.g. your name, mailing address, telephone number or email address) and professional information (e.g. your job title, department or job role).
Data contained in the MRP database originates from a variety of sources including data suppliers, campaigns and MRP’s own research.
USE OF PERSONAL DATA
We may use and process your information based on the legal grounds and for the legitimate business purposes outlined in this Policy:
For providing and improving our services. MRP may use information it acquires to operate, improve, and personalize its business and services, including Prelytix and the MRP Sites. This use includes deriving insights, trends, use, and analytics, whether actual or predicted, from the data collected. MRP may also work with third parties to receive data or insights and combine that information with the data and insights provided by MRP. When providing our services, MRP often uses the data it collects with other data in our possession or customer-provided data as part of our services. For example, MRP may use information to provide customers with support or improve accuracy and develop new features based on historical use and trends.
Advertising (including ‘interest based’ advertising) and marketing for itself and customers. MRP may use the information it collects for advertising and marketing, such as creating data segments/audiences, analyzing and predicting business buying behavior or business interests and delivering interest-based advertising and content to you, such as ads, widgets, or website content tailored to you on behalf of advertisers, across websites, devices, and over time. MRP may also use the information for performing email, mail and/or telemarketing services for its clients.
As required by applicable law, legal process, or regulation. MRP may use all data it collects or receives as required under law, legal or financial processes like audits or regulations.
To provide reporting. MRP may create reports (such as performance analytics, statistics, metrics, and other details) for MRP customers on the companies and/or users that complete certain actions, such as completing a survey, opening/clicking email, visiting an MRP managed site or a client managed site.
For running its business. MRP may use the information it collects for billing, account management, invoicing, investigating security and privacy incidents, as well as other legitimate business interests.
For ID synching. We or our third party providers may also use information to undertake ‘ID synching’ or ‘user matching’ which means that we may share the information provided by you with third parties, who use this information to recognise you across different channels and platforms over time for advertising, analytics, attribution and reporting purposes. .
We may also use the information: (i) to respond to or provide you with information you request; (ii) f you have applied for a role with MRP, for recruitment related purposes; and (iii) to prevent, detect, respond and protect against potential or actual claims, liabilities, prohibited behaviour and criminal activity.
DISCLOSURES AND ONWARD TRANSFERS OF PERSONAL DATA
In order to operate our websites and provide services, we may provide personal, aggregate and other associated data to third parties including our services providers and vendors that provide or perform services for us, including services such as payment processing, database management, and professional services. MRP discloses Personal Data only to third parties who reasonably need to know such data for the scope of the initial transaction and not for other purposes.
Such third parties must agree to use the personal data only for the purpose for which they have been engaged by MRP and confirm that their privacy practices are consistent with this Policy.
On occasion, we may also share Personal Data concerning a visitor with our affiliates (such as a subsidiary or affiliate of our company) and Clients in furtherance of our operations and as needed to implement visitor request.
We remain responsible for the Personal Data that we share with third parties for processing on our behalf, and we remain liable under the principles if such third parties process such Personal Data in a manner inconsistent with the principles and we are responsible for the event giving rise to the damage.
Please be aware that MRP may be required to disclose Personal Data in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.
MRP does not collect any Sensitive Data
We offer individuals the opportunity to choose (opt-in) whether their Personal Data is (i) to be disclosed to a third party, (other than to an agent performing tasks on our behalf as mentioned above) and pursuant to our instructions, or (ii) to be used for a purpose that is materially different than the purpose for which it was originally collected or subsequently authorized by the individual. You can update your account preferences, by using the unsubscribe mechanism or other means provided within the communications that you receive, or by contacting us directly at firstname.lastname@example.org. If you wish to opt-out of being tracked by us using cookies please go to our opt-out page.
DATA INTEGRITY AND SECURITY
MRP uses reasonable efforts to maintain the accuracy and integrity of personal data and to update it as appropriate. MRP follows generally accepted industry standards and has implemented physical and technical safeguards to protect personal data from loss, misuse, and unauthorized access, disclosure, alternation, or destruction. For example, MRP’s systems use firewalls and Secure Socket Layers to help protect and safely transmit information.
We will retain Personal Data we collect from visitors as well as data we process on behalf of our Clients for as long as needed to provide our services to our visitors and Clients. We will retain Personal Data only as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements in your (respective) jurisdiction(s). Cookie information is retained for up to 13 months and is deleted thereafter.
ACCESS TO PERSONAL DATA
Data Subjects have the right to know what Personal Data about them is included in the databases and to ensure that such Personal Data is accurate and relevant for the purposes for which MRP collected it. Upon reasonable request and as required by the Privacy Shield principles, Data Subjects are allowed access to their Personal Data, in order to correct, erase, amend or block any data that is incorrect. In the event that you wish to access, change or update your information please contact: email@example.com and we will endeavour to respond to your request within 45 business days.
Please note that where MRP are acting as a processor of personal data for an MRP Client, MRP may first refer your request to the Client that submitted your personal data, and MRP will assist the Client as needed in responding to your request.
In compliance with the Privacy Shield Principles, MRP is committed to resolving complaints regarding the collection and use of your Personal Data. Should you wish to make a complaint regarding this Policy or the use of your Personal Data, please contact: firstname.lastname@example.org. MRP will respond to you within 45 days of receiving your complaint.
If the issue cannot be resolved through our internal processes, you may file a claim (free of charge) with PrivacyTrust, an independent U.S. alternate dispute resolution provider, at www.privacytrust.com.
If you have a complaint left unresolved by all available recourse mechanisms, you may invoke binding arbitration. Additional information is available here: www.privacyshield.gov/article?id=ANNEX-I-introduction.
CHANGES TO THIS POLICY
This Policy may be amended from time to time, consistent with the Principles and applicable data protection and privacy laws. If we make any material changes we will notify visitors by means of a notice on our website prior to the change becoming effective. We encourage visitors to periodically review this page for the latest information on our privacy practices.
For the purposes of this Policy, the following terms have the following meaning;
Personal Data as defined under the European Union Regulation 2016/679 (the GDPR) means any information relating to an identified or identifiable natural person (‘data subject’)
Data Subject means an identifiable natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person
Sensitive Data (or special categories of personal data) means specifically personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, concerning health, genetic and biometric data, sex life or sexual orientation. Same extra safeguards under the GDPR will apply to criminal convictions and offences data.