MIMOTO PRIVACY NOTICE
Mimoto, Inc. and its affiliates (collectively, the “Company,” “we,” or “us”) want you to be familiar with how we collect, use, and disclose Personal Information.
“Personal Information” is information that identifies you as an individual or relates to an identifiable individual. This Privacy Notice describes our processing practices of Personal Information and Biometrics Data that we collect and use in connection with:
- Websites operated by us from which you are accessing this Privacy Notice (the “Websites”);
- Software made available by us for use on or through computers, our platform, and mobile devices (the “Services”);
- Our social media pages (such as Company LinkedIn, Facebook, Twitter, and Instagram) from which you are accessing this Privacy Notice (collectively, our “Social Media Pages”);
- Email messages that we send to you that link to this Privacy Notice or other communications with you; and
- Offline business interactions you have with us.
“Biometric Data” is data that may be collected and processed to create an identifying Visa Profile. Visa Profiles are created in accordance with contractual requirements described in Mimoto’s Terms of Service. Collected and processed Biometric Data is human inputs, which may include keyboard, mouse and touch inputs. These are typing style indicators. The Mimoto does not use raw keystrokes. Additional Biometric Data used to enrich a Visa Profile may include audio (e.g. voice) or video.
Collectively, we refer to the Websites, Apps, Social Media Pages, emails, and offline business interactions as the “Services.” Collectively, we refer to the Mimoto Platform, Mimoto Console, Mimoto Rational Agent, Mimoto Inform, Mimoto Enforce, and Mimoto Insights as the “Product.”
COLLECTION AND PROCESSING OF PERSONAL INFORMATION
How we collect Personal Information
We collect Personal Information in a variety of ways, including through our Services and from other sources, as set out in the grid below.
We need to collect certain Personal Information in order to provide the requested Services to you. If you do not provide the information requested, we may not be able to provide the Services. We will note which Personal Information is required to provide the Services at the time of its collection.
If you disclose any Personal Information relating to other people to us, you represent that you have the authority to do so and to permit us to use the information in accordance with this Privacy Notice.
Processing of Personal Information
The grid below is included to provide a level of transparency in which:
- The individual is able to identify for each processing operation (i.e., collection, recording, storage, use, etc.): the purpose of processing, the relevant legal basis, the data categories processed, and the source of the data.
- Where there are multiple legal bases, the notice must be sufficiently granular to allow the individual to identify when a particular legal basis will be relied on.
- More detailed information about legitimate interest should be provided for each processing operation.
- Personal information categories for each processing operation must also be included.
We use your Personal Information for legitimate business purposes as described in the overview below.
Making our Service Available to You
Events and Visitors
Marketing and User Engagement
Personalization and Improving our Services
Security and Legal Reasons
We collect the following categories of Personal Information:
- Personal Information we receive from you:
B. Personal Information we collect through your use of our Services or from other sources:
Disclosure of Personal Information
We also disclose your Personal Information as necessary or appropriate, in particular when we have a legal obligation or legitimate interest to do so, as set out in further detail below.
COOKIES AND SIMILAR TECHNOLOGIES
We seek to use reasonable organizational, technical and administrative measures to protect Personal Information within our organization. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us in accordance with the “Contacting Us” section below.
CHOICES AND INDIVIDUALS’ RIGHTS
Your choices regarding our use and disclosure of your Personal Information
We give you choices regarding our use and disclosure of your Personal Information for marketing purposes and we will only engage with individuals who have given an opt-in consent for marketing emails. If texts/SMS/mobile messages are sent to individuals for marketing purposes, they would require an additional opt-in. This will not affect emails designated as account support (business or technical) related. You may opt out from:
- Receiving marketing-related emails from us. If you no longer want to receive marketing-related emails from us on a going-forward basis, you may opt out by following the unsubscribe link included on all marketing and/or sales emails or emailing [email protected] from the email address you wish to have classified as opt out/unsubscribe.
- Receiving marketing-related texts from us. You may opt out of receiving marketing-related texts/SMS/mobile messages by texting an Opt out request back. As stated above, texts/SMS/mobile messages will require an additional opt-in to be received. For this reason, a preemptive opt out is not necessary.
- Our sharing of your Personal Information with affiliates for their direct marketing purposes may occur after an opt-in confirmation. If you would prefer that we discontinue sharing your Personal Information on a going-forward basis with our affiliates for their direct marketing purposes, you may send an email to [email protected].
- The Company never sells Personal Information or collected Biometrics Data that could be used to identify an individual.
We will try to comply with your request(s) as soon as reasonably practicable. Please note that if you opt out of receiving marketing from us, we may still send you important administrative messages, from which you cannot opt out.
How you can exercise your rights
If you would like to request to access, correct, update, suppress, restrict, or delete Personal Information, object to or opt out of the processing of Personal Information, withdraw your consent (which will not affect the lawfulness of processing prior to the withdrawal), or if you would like to request to receive a copy of your Personal Information for purposes of transmitting it to another company (to the extent these rights are provided to you by applicable law), you may contact us in accordance with the “Contacting Us” section below. We will respond to your request consistent with applicable law.
In your request, please make clear what Personal Information you would like to have changed or whether you would like to have your Personal Information suppressed from our database. For your protection, we may only implement requests with respect to the Personal Information associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable.
Please note that we may need to retain certain information for recordkeeping purposes and/or to complete any transactions that you began prior to requesting a change or deletion (e.g., when you make a purchase or enter a promotion, you may not be able to change or delete the Personal Information provided until after the completion of such purchase or promotion).
In keeping with Article 13(2)d of GDPR, you may lodge a complaint with an EU/EEA data protection authority for your country or region where you have your habitual residence or place of work or where an alleged infringement of applicable data protection law occurs. A list of data protection authorities is available at https://ec.europa.eu/newsroom/article29/items/612080.
We will retain your Personal Information for the period necessary to fulfill the purposes outlined in this Privacy Notice unless a longer retention period is required or permitted by law, for example, for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.
The criteria used to determine our retention periods include (i) the length of time we have an ongoing relationship with you and provide the Services to you (for example, for as long as you have an account with us or keep using the Services); (ii) whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them); or (iii) whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).
Where a legal obligation arises or retention is advisable in light of our legal position, in some circumstances, we will retain certain Personal Information, even after your account has been deleted and/or we no longer provide the Services to you; for example:
- To cooperate with law enforcement or public, regulatory and government authorities: If we receive a preservation order or search warrant, related to your Services account, we will preserve Personal Information subject to such order or warrant after you delete your Services account.
- To comply with legal provisions on tax and accounting: We may retain your Personal Information, such Relationship History, and/or transaction/financial information, for up to 10 (ten) year after you delete your Services account, as required by tax law and to comply with bookkeeping requirements, unless the account owner has made the Company aware that their country of residence requires a different maximum retention period.
- To pursue or defend a legal action: For account owners, we may retain relevant Personal Information while an account is active as well as in the event of a legal claim or complaint, including regulatory investigations or legal proceedings about a claim related to your Personal Information, or if we reasonably believe there is a prospect of litigation (whether in respect of our relationship with you or otherwise) for up to 10 years after the dispute has been settled or decided by a court or tribunal from which there is no further right of appeal.
Aggregated Information. In some circumstances, we will anonymize your Personal Information (so that it can no longer be associated with you) and aggregate the information for research or statistical purposes, in which case we may use this information indefinitely without further notice to you. We may analyze the general behavior and characteristics of users of our Services and share aggregated information like general user statistics with prospective business partners. We may collect aggregated information through the Service, through cookies, and through other means described in this Privacy Notice. We do this to understand general trends such as our website traffic by geo-location, what content website visitors find the most valuable or engaging, etc.
THIRD PARTY SERVICES
This Privacy Notice does not address, and we are not responsible for, the privacy, information, or other practices of any third parties, including any third party operating any website or service to which the Services link. The inclusion of a link on the Services does not imply endorsement of the linked site or service by us or by our affiliates.
The Services may provide functionality allowing you to make payments to the Company using third-party payment services with which you have created your own account. When you use such a service to make a payment to us, your Personal Information will be collected by such third party and not by us, and will be subject to the third party’s privacy notice, rather than this Privacy Notice. We have no control over, and are not responsible for, this third party’s collection, use, and disclosure of your Personal Information.
In addition, we are not responsible for the information collection, use, disclosure, or security policies or practices of other organizations, such as Facebook, Apple, Google, Microsoft, RIM, or any other app developer, app provider, social media platform provider, operating system provider, wireless service provider, or device manufacturer, including with respect to any Personal Information you disclose to other organizations through or in connection with the Website or our Social Media Pages.
THIRD PARTY ADVERTISING
We may use third-party advertising companies to serve advertisements regarding goods and services that may be of interest to you when you access and use the Services and other websites or online services.
You may receive advertisements based on information relating to your access to and use of the Services and other websites or online services on any of your devices, as well as on information received from third parties. These companies place or recognize a unique cookie on your browser (including through the use of pixel tags). They also use these technologies, along with information they collect about your online use, to recognize you across the devices you use, such as a mobile phone and a laptop. If you would like more information about this practice, and to learn how to opt out of it in desktop and mobile browsers on the particular device on which you are accessing this Privacy Notice, please visit http://optout.aboutads.info/#/ and http://optout.networkadvertising.org/#/. You may download the AppChoices app at www.aboutads.info/appchoices to opt out in mobile apps. Any retargeting and other interest-based advertising ad networks or other service providers will be members of the Network Advertising Initiative (NAI) or the Digital Advertising Alliance (DAA).
USE OF SERVICES BY MINORS
The Services are not directed to individuals under the age of sixteen (16), and we do not knowingly collect Personal Information from individuals under 16.
JURISDICTION AND CROSS-BORDER TRANSFER
Your Personal Information may be stored and processed in the United States, the location of the cloud infrastructure utilized for the Company product and services, unless this transfer is restricted by your country of residence. By using the Service, you understand that your Personal Information will be transferred to countries outside of your country of residence, including the United States, which may have data protection rules that are different from those of your country.
Where this will involve transferring your Personal Information outside the UK and/or EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- Adequacy Decisions: Some non-EEA countries are recognized under the UK GDPR and by the European Commission as providing an adequate level of data protection according to EEA standards (the full list of these countries is available here [hyperlink to EU Commission’s adequacy list online: https://commission.europa.eu/law/law-topic/data-protection_en.
- Standard Contractual Clauses and Binding Corporate Rules: The Company does not currently transfer Personal Information from the UK and/or EEA to any third country, which are not considered adequate under the UK GDPR and/or by the European Commission. “UK GDPR” has the meaning given to it in section 3(10) (as supplemented by section 205(4)) of the Data Protection Act 2018.
Unless we request it, we ask that you not send us, and you not disclose, any sensitive Personal Information (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background, or trade union membership) on or through the Services or otherwise to us.
UPDATES TO THIS PRIVACY NOTICE
The “Last Updated” legend at the top of this Privacy Notice indicates when this Privacy Notice was last revised. Any changes will become effective when we post the revised Privacy Notice on the Services.
Mimoto, Inc., located in San Francisco, CA, is the company responsible for collection, use, and disclosure of your Personal Information under this Privacy Notice.
If you have any questions about this Privacy Notice, please contact us at [email protected].
Because email communications are not always secure, please do not include credit card or other sensitive information in your emails to us.
You may also contact our Data Protection Officer (DPO), Douglas Coburn, at [email protected].