At mParticle, we are committed to protecting your data. We also work very hard at being transparent about the information we hold about you and our clients. Using data allows us to develop a better understanding of how you and other users interact with our communications, and in turn to provide you with relevant and timely information about the work that we do. Data also helps us to engage with current and potential customers.
mParticle collects personal data in the course of our business. The definitions of personal data vary depending on the laws where you are located. For example, in the European Union (EU), personal data is defined broadly, and would include data that may used to contact or identify a person (e.g., email, telephone number) as well as pseudonymous data that is generally only able to identify a computer, browser or a mobile device. The state of California has also adopted a broad definition of personal information. mParticle will explain the different types of personal data below, and will try to be clear when we’re describing our use of each throughout this Policy.
The purpose of this policy is to explain how information:
· is collected on www.mparticle.com, https://docs.mparticle.com/, www.growthpractice.com, https://www.acceleration2019.com/ and https://opengdpr.org (our “Sites”) and used and processed by mParticle and its subsidiaries mParticle LTD and The Growth Practice, LLC (“mParticle or “We”).
· is treated for recruiting purposes
· is collected from our clients and prospective clients,
· is collected, used and disclosed via our technology platform (the mParticle “Platform”).
Our objective is to give you a clear explanation about how we collect and process your information through your use of our Website, including any data you may provide through this Website and when you sign up to our newsletters, register for an event or ask us to get in touch with you.
If you have any questions, please contact our Data Protection Officer using the contact details at the end of this policy.
Who we are
mParticle legal entities: mParticle, Inc. and The Growth Practice, LLC in US and mParticle Ltd in UK
The customer data platform for the connected age. mParticle allows you to unify your customer data and connect it anywhere to improve marketing performance, enhance analytics, and transform the customer experience. mParticle’s website URLs (our “Sites”) are:
Information we may collect about you
Our Sites are primarily directed to our clients and prospective clients (our “Clients”) which are generally businesses. We collect personal data via the Sites that can be used to identify or contact a unique person (“PII”). We generally will only collect PII via the Sites when you provide it directly to us.
For example, you may provide PII such as an email address or a telephone number by sending us an email or filling out a form on the Site. Prospective employees may also send their resume that includes their postal address and other employment details. And our Clients may register via the Sites with their email address and other contact details.
If you fail to provide PII
Where we need to collect PII by law, or under the terms of a contract we have with you and you fail to provide that information when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with more information about an event). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
Users under 13, children
We do not knowingly contact or collect information from children under 13. If you believe we have inadvertently collected such information, please contact us so we can promptly obtain parental consent or remove the information. If you are under 16, or the age of majority in the jurisdiction in which you reside, you may only use the mParticle Sites and mParticle Services with the consent of your parent or legal guardian.
How we collect your data
We collect different information about you in a number of ways:
Information you give us
When you sign up to our newsletters, request marketing materials, register for an event or sign into the platform, we will store the PII you give to us such as your name and email address.
Automated technologies or interactions
mParticle does not sell data via the Platform and therefore does not take action in response to “Do Not Track” browser signals from users.
How we may use your information
We will only use your information when the law allows us to. Most commonly, we will use your information in the following circumstances:
- Where we need to perform the contract we are about to enter into or have entered into with you (e.g., where we process your email address in order to access our systems or for billing purposes);
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests;
- Where we need to comply with a legal or regulatory obligation;
- Where we have your explicit consent before using information. However, generally we do not rely on consent as a legal basis for processing personal data and you have the right to withdraw consent to marketing at any time by contacting us. You will find the relevant contact details at the end of this policy.
Purposes for which we will use your PII and other personal data
We use the information we collect primarily to provide, maintain, protect and improve our current products, to develop new ones and to manage Client accounts and human resources functions.
We use PII for the general purpose it was provided.
For example, if you ask a question about our products and services, we may send you an email in response, and might even have a salesperson contact you to gauge your interest in learning more about our services.
In general, we may use your information to:
- Improve our Services, Sites and how we operate our business;
- Understand and enhance your experience using our Sites, products and Services;
- Provide and deliver products and Services you request;
- Respond to your comments or questions and allow our Services team to provide service;
- Send you related information, including confirmations, invoices, technical notices, updates, security alerts and support and administrative messages;
- Communicate with you about promotions, upcoming events and news about products and services offered by mParticle and our selected partners;
- Link or combine it with other information we get from third parties, to help understand your needs and provide you with better service; and
- Protect, investigate and deter against fraudulent, unauthorized or illegal activity.
We aim to communicate with you about the work that we do in ways that you find relevant, timely, respectful, and never excessive. To do this, we use data that we have stored about you, such as which events you have booked for in the past, as well as any contact preferences you may have told us about.
We use our legitimate organizational interest as the legal basis for communications by email and for the collection of PII in the context of our sales and marketing activities where we have evaluated that our interests are not overridden by your fundamental rights. We will give you an opportunity to opt out of receiving electronic communications. If you do not opt out, we will provide you with an option to unsubscribe or manage your preferences in every email that we send you subsequently. Alternatively, you can use the contact details at the end of this policy to update your contact preferences.
Data collection and use for the mParticle platform
Our Platform is designed to allow our Clients to better understand how their customers, prospective customer and other individuals (their “Users”) utilize the products and services offered by our Clients. mParticle operates the Platform as a service provider and data processor with respect to each Client’s data. We are contractually required to only process data as directed by our Clients and for no other purpose. The Platform provides our Clients with the ability to collect information based on User interaction with their mobile application(s), mobile website(s) or other digital properties where Clients have integrated with the Platform (collectively, “Client Digital Properties”) and send communications to such Users. Some information is automatically collected from or about Users when they use Client Digital Properties. The types of information collected via Client Digital Properties for the Platform includes: the date/time for a visit to a Client Digital Property, referrer information such as what search engine and search keywords Users may have used to get to a Client Digital Property, information about the browser or device your User is on such as their Operating System, as well as the city/country location of Users, and any pseudonymous tokens and mobile advertising IDs (e.g., IDFA in iOS). In addition, our Clients can choose what other User data they want to collect and store on the Platform such as an IP address, precise location information such as lat/long, a User’s age, user names, real names, email addresses and other custom data points as determined by each Client. Each Client determines whether we transfer data off of the Platform and what specific data points are transferred.
We contractually prohibit Clients from placing onto the Platform sensitive information (e.g., passwords, authentication credentials, credit cards, social security or driver’s license numbers) or information that is deemed sensitive by applicable law or self-regulatory codes such as the Digital Advertising Alliance. mParticle functions strictly as the data processing agent of our Clients. As a data processor and agent of our Clients, mParticle processes data via the Platform as directed by our clients and for no other purposes. Accordingly, other than those aforementioned restrictions, the data stored on the Platform is subject to the privacy policies of each Client.
Disclosure of your details to third parties
Sharing of information, onward transfer
There are certain circumstances under which we may disclose your information to third parties. These are as follows:
We may share your information with certain third-parties as specified below:
- With third-party agents who work on our behalf as sub-processors, provided such third parties agree to adhere to the same privacy principles as mParticle;
- In an emergency, including protection of the personal safety of any person;
- For the purposes of a business deal (or negotiation of a business deal) involving sale or transfer of all or a part of our business or assets (business deals may include, for example, any merger, financing, acquisition, divestiture or bankruptcy transaction or proceeding);
- As required in response to a lawful request by public authorities, including meeting of national security or law enforcement requirements;
In cases of onward transfer to third parties of data of EU or Swiss resident received pursuant to the EU-US and Swiss-US Privacy Shield, mParticle is responsible for the processing of personal information it receives under the Privacy Shield and subsequently transfers to a third party acting as an agent on its behalf. mParticle shall remain liable under the Privacy Shield principles if its agent processes such personal information in a manner inconsistent with the Privacy Shield principles, unless the organization proves that it is not responsible for the event giving rise to the damage.
We do not sell PII collected via the Sites or collected pursuant to our sales and marketing activities to third parties for any purpose.
Security of your information
We take reasonable steps to help protect your information in an effort to prevent loss, misuse, unauthorized access, disclosure, alteration and destruction.
We have put in place appropriate safeguards (both in terms of our procedures and the technology we use) to keep your information as secure as possible. We will ensure that any third parties we use for processing your information do the same and that they will only process your information on our instructions. The third parties will also be subject to a duty of confidentiality.
It is your responsibility to protect your usernames and passwords to help prevent anyone from accessing or abusing your accounts and services. You should not use or reuse the same passwords you use with other accounts as your password for our services. No security or encryption method can be guaranteed to protect information from hackers or human error. Information we collect may be stored or processed on computers located in any country where we do business.
mParticle may store and process PII in the United States and the European Economic Area. By using our Platform as a Client, you consent to this transfer of your information into the U.S.
mParticle complies with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal data from the European Union and Switzerland.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
For our Platform:
mParticle retains Client data for so long as you remain are a Client and will delete Client’s information within 12 months of either party’s termination of applicable Client agreement upon written request.
We retain User-level data on the Platform as directed by our Clients and for a reasonable time thereafter for audit purposes and as otherwise required by law.
Your legal rights
California Data Subjects
Effective January 1, 2020, the California Consumer Privacy Act (CCPA) provides additional privacy protections for California data subjects and users, including: a) the right to see what data we have about you, your computer or device (i.e., the right to know), b) the right to delete the data we have about you, your computer or device (i.e., the right to delete) and c) the right to opt-out of the sale to certain third parties (i.e., the right to opt-out from sales of your information). mParticle uses the same process to honor CCPA rights of access and deletion that we use for GDPR rights for EU and Swiss data subjects. That process is described below.
Under the CCPA, your request to see the personal information that we have about you may include: (1) specific pieces of personal information that we may have about you; (2) categories of personal information we have collected about you; (3) categories of sources from which the personal information is collected; (4) categories of personal information that we sold or disclosed for a business purpose about you; (5) categories of third parties to whom the personal information was sold or disclosed for a business purpose under the CCPA; and (6) the business or commercial purpose for collecting or selling personal information.
As required by the CCPA, you may make an access or deletion request via an authorized agent by having such agent follow the process below. Please note that we will request any authorized agent demonstrate that they have been authorized by you to make a request on your behalf. And we will attempt to verify your request. We require any authorized agents to provide us with contact details such as an email address and phone number so that we may ensure a timely response to the consumer.
Individuals who have provided information directly to one of mParticle’s Clients must send follow-up requests to access or delete such information to that particular mParticle Client.
EU and Swiss Individuals
mParticle acknowledges that EU and Swiss individuals have certain legal rights including the right to complain to an EU supervisory authority and the right to access the personal data that we maintain about them. An EU or Swiss individual who seeks access, or who seeks to correct, amend, or delete inaccurate data, should direct their query to firstname.lastname@example.org. If requested to remove data, we will respond within 30 days. Please note that mParticle is a processor of the data contained on the Platform. If you seek to exercise data subject access rights for data processed via the Platform, we ask that you reach out to mParticle’s Clients.
Under these circumstances, you have rights under data protection laws in relation to your personal data, as follows:
a) Request access to your personal data
You have a right to request a copy of the personal data that we hold about you. Please use the contact details at the end of this policy if you would like to exercise this right, or any of the rights listed below. If you are a European resident and consider our use of your personal data to be unlawful, you have the right to lodge a complaint with the relevant supervisory authority.
b) Request correction of your personal data
You have the right to request that we correct the personal data we hold about you, although we may need to verify the accuracy of the new information you provide to us as well as possibly your identity, depending upon your request.
c) Request erasure of your personal data
You have the right to request that we delete or remove personal data where there is no good reason for us continuing to process it. Please note that we may not always be able to comply with your request for erasure if there are specific legal reasons- which will be notified to you at the time of your request.
d) Object to processing of your personal data
You have the right to object to the processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
e) Request restriction of processing your personal data
You have the right to request that we suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
f) Request transfer of your personal data
You have the right to request that the personal data we hold about you is transferred to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Please note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
g) Right to withdraw consent
In circumstances where we are relying on your consent to process your personal data, you have the right to withdraw your consent at any time. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
Please also note the following:
No fee usually required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, under EU law, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Access to your personal data
If you are a mParticle Client, you can sign into your account to see any PII we have stored, such as your name, email, address or phone number. You can also contact us by email to request to see this information.
If you are a job applicant and have provided this kind of information, you can also contact us via e-mail to request to see the information we have in our systems.
Your information choices and changes
You may opt out of receiving promotional emails from mParticle by following the instructions in those emails. If you opt out, we may still send you non-promotional emails, such as emails about your mParticle projects or our ongoing business relationship. An individual wishing to limit the use or sharing of their data should contact email email@example.com.
Individuals who have provided information directly to one of mParticle’s Clients must send follow-up requests to change or delete such information to that particular mParticle Client.
mParticle may change this Policy from time to time. If we make any changes to this Policy, we will change the “Last Updated” date above.
You agree that your continued use of our Sites and/or Services after such changes to our privacy practice have been published will constitute your acceptance of such revised Policy.
Contact details and further information
Please also contact us if you have any questions about the information we hold about you, or to change your contact preferences with us:
Email us: firstname.lastname@example.org
Our data protection officer is Aurélie Pols, she may be contacted at email@example.com
Contacting mParticle and dispute resolution
- Email: firstname.lastname@example.org
- Postal mail: mParticle Inc., 257 Park Avenue South, Floor 9, New York, NY 10010
For complaints that cannot be resolved between mParticle and the individual concerned, mParticle has further committed to refer unresolved privacy complaints under the EU-US and Swiss-US Privacy Shield Principles to BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you are an EU or Swiss individual and you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint.
If your complaint is not satisfactorily addressed, and your inquiry or complaint involves human resource data, you may have your complaint considered by an independent recourse mechanism: for EU/EEA Data Subjects, a panel established by the EU data protection authorities (“DPA Panel”), and for Swiss Data Subjects, the Swiss Federal Data Protection and Information Commissioner (“FDPIC”). To do so, you should contact the state or national data protection or labor authority in the jurisdiction where you work. mParticle agrees to cooperate with the relevant national DPAs and to comply with the decisions of the DPA Panel and the FDPIC.
Should your complaint remain fully or partially unresolved after a review by mParticle, BBB EU Privacy Shield and the relevant DPA, you may be able to, under certain conditions, seek arbitration before the Privacy Shield Panel. For more information, please visit www.privacyshield.gov. mParticle is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
If you have any questions or concerns about this policy, please contact us:
257 Park Avenue South
New York, NY 10010
3 Waterhouse Square
London EC1N 2SW