Legal
|
Effective May 22nd, 2020

Privacy Policy

At mParticle, we are committed to protecting your data. We also work very hard at being transparent about the information we hold about you and our clients. View our Cookie Policy.

Purpose of this privacy policy

At mParticle, we are committed to protecting your data. We also work very hard at being transparent about the information we hold about you and our clients. Using data allows us to develop a better understanding of how you and other users interact with our communications, and in turn to provide you with relevant and timely information about the work that we do. Data also helps us to engage with current and potential customers.

mParticle collects personal data in the course of our business. The definitions of personal data vary depending on the laws where you are located. For example, in the European Union (EU), personal data is defined broadly, and would include data that may be used to contact or identify a person (e.g., email, telephone number) as well as pseudonymous data that is generally only able to identify a computer, browser or a mobile device. The state of California has also adopted a broad definition of personal information. mParticle will explain the different types of personal data below, and will try to be clear when we’re describing our use of each throughout this Policy.

The purpose of this policy is to explain how information:

·       is collected on www.mparticle.comhttps://docs.mparticle.com/www.growthpractice.comhttps://www.acceleration2019.com/ and https://opengdpr.org (our “Sites”) and used and processed by mParticle and its subsidiaries mParticle LTD and The Growth Practice, LLC (“mParticle or “We”).

·       is treated for recruiting purposes

·       is collected from our clients and prospective clients,

·       is collected, used and disclosed via our technology platform (the mParticle “Platform”).

Our objective is to give you a clear explanation about how we collect and process your information through your use of our Website, including any data you may provide through this Website and when you sign up to our newsletters, register for an event or ask us to get in touch with you.

It is important that you read this privacy policy together with any other notices we may provide on specific occasions when we are collecting or processing information about you, so that you are aware of how and why we are using your information. This privacy policy supplements our other policies and is not intended to override them.

If you have any questions, please contact our Data Protection Officer using the contact details at the end of this policy.

+ Expand

Who we are

mParticle legal entities: mParticle, Inc. and The Growth Practice, LLC in US and mParticle Ltd in UK

The customer data platform for the connected age. mParticle allows you to unify your customer data and connect it anywhere to improve marketing performance, enhance analytics, and transform the customer experience. mParticle’s website URLs (our “Sites”) are:

  1. https://www.mparticle.com
  2. https://docs.mparticle.com
  3. https://www.growthpractice.com
  4. https://opengdpr.org
  5. https://www.acceleration2019.com/
+ Expand

Information we may collect about you

Our Sites are primarily directed to our clients and prospective clients (our “Clients”) which are generally businesses. We collect personal data via the Sites that can be used to identify or contact a unique person (“PII”). We generally will only collect PII via the Sites when you provide it directly to us.

For example, you may provide PII such as an email address or a telephone number by sending us an email or filling out a form on the Site. Prospective employees may also send their resume that includes their postal address and other employment details. And our Clients may register via the Sites with their email address, creating their own password and providing other contact details such as their name, company and title.

If you fail to provide PII

Where we need to collect PII by law, or under the terms of a contract we have with you and you fail to provide that information when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with more information about an event). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.

Users under 13, children

We do not knowingly contact or collect information from children under 13. If you believe we have inadvertently collected such information, please contact us so we can promptly obtain parental consent or remove the information. If you are under 16, or the age of majority in the jurisdiction in which you reside, you may only use the mParticle Sites and mParticle Services with the consent of your parent or legal guardian.

+ Expand

How we collect your data

We collect different information about you in a number of ways:

Information you give us

When you sign up to our newsletters, request marketing materials, register for an event or sign into the Platform, we will store the PII you give to us such as your name and email address.

Automated technologies or interactions

When you visit our Sites, some information is automatically collected. This may include information such as the Operating System running on your device, Internet Protocol address, access times, browser type and language, and the website you visited before visiting our Sites. In many jurisdictions, this type of pseudonymous information is considered personal data. In this privacy policy, we’ll refer to this type of pseudonymous information as “Pseudonymous Personal Data.”

If you live outside of the US or Canada, please visit our cookie policy.

We automatically collect information using “cookies” and Web beacons. Cookies are small data files stored on your hard drive by a website and web beacons are electronic images that may be used on our Sites or in our emails. Among other things, cookies help us improve our Site, our marketing activities, and your experience. We use cookies to see which areas and features are popular and to count visits to our Site. Most Web browsers are set to accept cookies by default. If you prefer, you can choose to set your browser to remove cookies and / or to reject cookies. If you choose to remove cookies or reject cookies, this could affect certain features or services of our Site. For more information about cookies and web beacons, please visit http://www.allaboutcookies.org.

mParticle does not sell data via the Platform and therefore does not take action in response to “Do Not Track” browser signals from users.

We use a number of third-party tools on the Sites. Please visit our cookie policy to find out more.

+ Expand

How we may use your information

We will only use your information when the law allows us to. Most commonly, we will use your information in the following circumstances:

  • Where we need to perform the contract we are about to enter into or have entered into with you (e.g., where we process your email address in order to access our systems or for billing purposes);
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests;
  • Where we need to comply with a legal or regulatory obligation;
  • Where we have your explicit consent before using information. However, generally we do not rely on consent as a legal basis for processing personal data and you have the right to withdraw consent to marketing at any time by contacting us. You will find the relevant contact details at the end of this policy

Purposes for which we will use your PII and other personal data

We use the information we collect primarily to provide, maintain, protect and improve our current products, to develop new ones and to manage Client accounts and human resources functions.

We use PII for the general purpose it was provided.

For example, if you ask a question about our products and services, we may send you an email in response, and might even have a salesperson contact you to gauge your interest in learning more about our services.

In general, we may use your information to:

  • Improve our Services, Sites and how we operate our business;
  • Understand and enhance your experience using our Sites, products and Services;
  • Provide and deliver products and Services you request;
  • Respond to your comments or questions and allow our Services team to provide service;
  • Send you related information, including confirmations, invoices, technical notices, updates, security alerts and support and administrative messages;
  • Communicate with you about promotions, upcoming events and news about products and services offered by mParticle and our selected partners;
  • Link or combine it with other information we get from third parties, to help understand your needs and provide you with better service; and
  • Protect, investigate and deter against fraudulent, unauthorized or illegal activity.

Marketing communications

We aim to communicate with you about the work that we do in ways that you find relevant, timely, respectful, and never excessive. To do this, we use data that we have stored about you, such as which events you have booked for in the past, as well as any contact preferences you may have told us about.

We use our legitimate organizational interest as the legal basis for communications by email and for the collection of PII in the context of our sales and marketing activities where we have evaluated that our interests are not overridden by your fundamental rights. We will give you an opportunity to opt out of receiving electronic communications. If you do not opt out, we will provide you with an option to unsubscribe or manage your preferences in every email that we send you subsequently. Alternatively, you can use the contact details at the end of this policy to update your contact preferences.

+ Expand

Data collection and use for the mParticle platform

Our Platform is designed to allow our Clients to better understand how their customers, prospective customer and other individuals (their “Users”) utilize the products and services offered by our Clients. mParticle operates the Platform as a service provider and data processor with respect to each Client’s data. We are contractually required to only process data as directed by our Clients and for no other purpose. The Platform provides our Clients with the ability to collect information based on User interaction with their mobile application(s), mobile website(s) or other digital properties where Clients have integrated with the Platform (collectively, “Client Digital Properties”) and send communications to such Users. Some information is automatically collected from or about Users when they use Client Digital Properties. The types of information collected via Client Digital Properties for the Platform includes: the date/time for a visit to a Client Digital Property, referrer information such as what search engine and search keywords Users may have used to get to a Client Digital Property, information about the browser or device your User is on such as their Operating System, as well as the city/country location of Users, and any pseudonymous tokens and mobile advertising IDs (e.g., IDFA in iOS). In addition, our Clients can choose what other User data they want to collect and store on the Platform such as an IP address, precise location information such as lat/long, a User’s age, user names, real names, email addresses and other custom data points as determined by each Client. Each Client determines whether we transfer data off of the Platform and what specific data points are transferred.

We contractually prohibit Clients from placing onto the Platform sensitive information (e.g., passwords, authentication credentials, credit cards, social security or driver’s license numbers) or information that is deemed sensitive by applicable law or self-regulatory codes such as the Digital Advertising Alliance. mParticle functions strictly as the data processing agent of our Clients. As a data processor and agent of our Clients, mParticle processes data via the Platform as directed by our clients and for no other purposes. Accordingly, other than those aforementioned restrictions, the data stored on the Platform is subject to the privacy policies of each Client.

+ Expand

Disclosure of your details to third parties

Sharing of information, onward transfer

There are certain circumstances under which we may disclose your information to third parties. These are as follows:

We may share your information with certain third-parties as specified below:

  • With third-party agents who work on our behalf as sub-processors, provided such third parties agree to adhere to the same privacy principles as mParticle;
  • Our Clients may request that we send their data to integration partners – some of which may be found at https://docs.mparticle.com/integrations/. Please note that each Client determines which integration partners to use (if any) and what data gets transferred subject to each Client’s privacy policy; 
  • To protect the rights and property of mParticle, our agents, Clients and others including enforcement of our agreements, policies and terms of use;
  • In an emergency, including protection of the personal safety of any person;
  • For the purposes of a business deal (or negotiation of a business deal) involving sale or transfer of all or a part of our business or assets (business deals may include, for example, any merger, financing, acquisition, divestiture or bankruptcy transaction or proceeding);
  • As required in response to a lawful request by public authorities, including meeting of national security or law enforcement requirements;

In cases of onward transfer to third parties of data of EU or Swiss resident received pursuant to the EU US and Swiss-US Privacy Shield, mParticle is responsible for the processing of personal information it receives under the Privacy Shield and subsequently transfers to a third party acting as an agent on its behalf. mParticle shall remain liable under the Privacy Shield principles if its agent processes such personal information in a manner inconsistent with the Privacy Shield principles, unless the organization proves that it is not responsible for the event giving rise to the damage.

Our privacy policy does not cover any third-party websites services. To learn about those third parties’ privacy practices, please visit their privacy policies.

We do not sell PII collected via the Sites or collected pursuant to our sales and marketing activities to third parties for any purpose.

+ Expand

Security of your information

We take reasonable steps to help protect your information in an effort to prevent loss, misuse, unauthorized access, disclosure, alteration and destruction.

We have put in place appropriate safeguards (both in terms of our procedures and the technology we use) to keep your information as secure as possible. We will ensure that any third parties we use for processing your information do the same and that they will only process your information on our instructions. The third parties will also be subject to a duty of confidentiality.

It is your responsibility to protect your usernames and passwords to help prevent anyone from accessing or abusing your accounts and services. You should not use or reuse the same passwords you use with other accounts as your password for our services. No security or encryption method can be guaranteed to protect information from hackers or human error. Information we collect may be stored or processed on computers located in any country where we do business.

mParticle may store and process PII in the United States and the European Economic Area. By using our Platform as a Client, you consent to this transfer of your information into the U.S.

mParticle complies with the EU US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal data from the European Union and Switzerland.

mParticle has certified that it adheres to the Privacy Shield Privacy Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. If there is any conflict between the policies of this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov

+ Expand

Data retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

For our Platform:

mParticle retains Client data for so long as you remain are a Client and will delete Client’s information within 12 months of either party’s termination of applicable Client agreement upon written request.

We retain User level data on the Platform as directed by our Clients and for a reasonable time thereafter for audit purposes and as otherwise required by law.

+ Expand

California Data Subjects

Effective January 1, 2020, the California Consumer Privacy Act (CCPA) provides additional privacy protections for California data subjects and users, including: a) the right to see what data we have about you, your computer or device (i.e., the right to know), b) the right to delete the data we have about you, your computer or device (i.e., the right to delete) and c) the right to opt-out of the sale to certain third parties (i.e., the right to opt-out from sales of your information). mParticle uses the same process to honor CCPA rights of access and deletion that we use for GDPR rights for EU and Swiss data subjects. That process is described below.

We do not discriminate against you if you exercise any of the above rights. Moreover, we may not be able to honor a right if doing so would violate applicable law. mParticle may transfer data to third parties pursuant to operating our Site and as such are considered to have sold data over the past twelve months pursuant to the CCPA. You may view the entities collected data via the site and any choices provided by viewing our Cookie Policy. We do not sell data via our Platform.

Under the CCPA, your request to see the personal information that we have about you may include: (1) specific pieces of personal information that we may have about you; (2) categories of personal information we have collected about you; (3) categories of sources from which the personal information is collected; (4) categories of personal information that we sold or disclosed for a business purpose about you; (5) categories of third parties to whom the personal information was sold or disclosed for a business purpose under the CCPA; and (6) the business or commercial purpose for collecting or selling personal information.

As required by the CCPA, you may make an access or deletion request via an authorized agent by having such agent follow the process below. Please note that we will request any authorized agent demonstrate that they have been authorized by you to make a request on your behalf. And we will attempt to verify your request. We require any authorized agents to provide us with contact details such as an email address and phone number so that we may ensure a timely response to the consumer.

Individuals who have provided information directly to one of mParticle’s Clients must send follow-up requests to access or delete such information to that particular mParticle Client.

If you have any questions, or to make a CCPA access or deletion request, please contact mParticle at privacy@mparticle.com, via the toll-free number at (888) 441-2022 or via the postal addresses at the bottom of this privacy policy.

EU and Swiss Individuals

mParticle acknowledges that EU and Swiss individuals have certain legal rights including the right to complain to an EU supervisory authority and the right to access the personal data that we maintain about them. An EU or Swiss individual who seeks access, or who seeks to correct, amend, or delete inaccurate data, should direct their query to privacy@mparticle.com. If requested to remove data, we will respond within 30 days. Please note that mParticle is a processor of the data contained on the Platform. If you seek to exercise data subject access rights for data processed via the Platform, we ask that you reach out to mParticle’s Clients.

Under these circumstances, you have rights under data protection laws in relation to your personal data, as follows:

a) Request access to your personal data

You have a right to request a copy of the personal data that we hold about you. Please use the contact details at the end of this policy if you would like to exercise this right, or any of the rights listed below. If you are a European resident and consider our use of your personal data to be unlawful, you have the right to lodge a complaint with the relevant supervisory authority.

b) Request correction of your personal data

You have the right to request that we correct the personal data we hold about you, although we may need to verify the accuracy of the new information you provide to us as well as possibly your identity, depending upon your request.

c) Request erasure of your personal data

You have the right to request that we delete or remove personal data where there is no good reason for us continuing to process it. Please note that we may not always be able to comply with your request for erasure if there are specific legal reasons- which will be notified to you at the time of your request.

d) Object to processing of your personal data

You have the right to object to the processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

e) Request restriction of processing your personal data

You have the right to request that we suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

f) Request transfer of your personal data

You have the right to request that the personal data we hold about you is transferred to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Please note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

g) Right to withdraw consent

In circumstances where we are relying on your consent to process your personal data, you have the right to withdraw your consent at any time. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

Please also note the following:

No fee usually required

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, under EU law, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Time limit to respond

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Access to your personal data

If you are a mParticle Client, you can sign into your account to see any PII we have stored, such as your name, email, address or phone number. You can also contact us by email to request to see this information.

If you are a job applicant and have provided this kind of information, you can also contact us via e-mail to request to see the information we have in our systems.

Your information choices and changes

You may opt out of receiving promotional emails from mParticle by following the instructions in those emails. If you opt out, we may still send you non-promotional emails, such as emails about your mParticle projects or our ongoing business relationship. An individual wishing to limit the use or sharing of their data should contact email privacy@mparticle.com.

Individuals who have provided information directly to one of mParticle’s Clients must send follow-up requests to change or delete such information to that particular mParticle Client.

+ Expand

Notification of changes to our privacy policy

mParticle may change this Policy from time to time. If we make any changes to this Policy, we will change the “Last Updated” date above.

You agree that your continued use of our Sites and/or Services after such changes to our privacy practice have been published will constitute your acceptance of such revised Policy.

Please visit this section of our website periodically in order to keep up to date with changes in our privacy policy.

+ Expand

Contact details and further information

Please get in touch with us if you have any questions about any aspect of this privacy policy, and in particular if you would like to object to any processing of your personal data that we carry out for our legitimate organizational interests.

Please also contact us if you have any questions about the information we hold about you, or to change your contact preferences with us:

Email us: privacy@mparticle.com

Our data protection officer is Aurélie Pols, she may be contacted at v-apols@mparticle.com

Contacting mParticle and dispute resolution

mParticle provides periodic training for its employees involved in the collection and dissemination of data. In addition, mParticle’s internal policies and procedures provide for disciplinary action if our employees fail to follow this Privacy Policy. We periodically self-assess and review these internal policies and procedures to review compliance.

In compliance with the US EU and Swiss-US Privacy Shield Principles, mParticle commits to resolve complaints about your privacy and our collection or use of your personal data. European Union or Swiss individuals with inquiries or complaints regarding this privacy policy should first contact mParticle at:

  1. Email: privacy@mparticle.com
  2. Postal mail: mParticle Inc., 257 Park Avenue South, Floor 9, New York, NY 10010

For complaints that cannot be resolved between mParticle and the individual concerned, mParticle has further committed to refer unresolved privacy complaints under the EU US and Swiss-US Privacy Shield Principles to BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you are an EU or Swiss individual and you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint.

If your complaint is not satisfactorily addressed, and your inquiry or complaint involves human resource data, you may have your complaint considered by an independent recourse mechanism: for EU/EEA Data Subjects, a panel established by the EU data protection authorities (“DPA Panel”). To do so, you should contact the state or national data protection or labor authority in the jurisdiction where you work. mParticle agrees to cooperate with the relevant national DPAs and to comply with the decisions of the DPA Panel.

Should your complaint remain fully or partially unresolved after a review by mParticle, BBB EU Privacy Shield and the relevant DPA, you may be able to, under certain conditions, seek binding arbitration before the Privacy Shield Panel. For more information, please visit www.privacyshield.gov. mParticle is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

Privacy inquiries

If you have any questions or concerns about this policy, please contact us:

privacy@mparticle.com


mParticle, Inc

257 Park Avenue South

Floor 9

New York, NY 10010

2 Riding House St #704

Marylebone

London W1W 7FA

United Kingdom

+ Expand