Effective date: April 23, 2019
This website (the “Site”) is operated, hosted and owned by Mapp Digital US, LLC and its affiliates (collectively “Mapp,” “we,” or “us”). The Site, together with any other mobile or web applications, products, or services offered to our clients (“Clients”) may be referred to herein collectively as the “Services.”
We are committed to meeting the digital marketing needs of our Clients, and to helping our Clients better engage with their customers on a personal level. We are also committed to the privacy of those customers, as well as visitors to the Site, and any other end users (collectively, “you” or “user”) who interact with our Services, in line with the European Union (EU) General Data Protection Regulation (GDPR), the Californian Consumer Privacy Act (CCPA) and other applicable data protection laws. We therefore adhere to the following data protection principles:
- Purpose legitimacy and specification
- Openness, transparency and notice
- Consent and choice
- Collection limitation
- Data minimization
- Use, retention and disclosure limitation
- Accuracy and quality
- Confidentiality and integrity
- Individual participation and access
We provide this Privacy Notice to inform you of our policies and procedures regarding the collection, storage, use and disclosure of your Personal Information (or “Information”, “Data”) such as your name, phone number, email address, or mailing address. Please note that your use of the Services may also be subject to Mapp’s Acceptable Use Policy, available here: https://mapp.com/acceptable-use-policy/
2. Essential Website Functions
2.1. PROVISIONING OF THE WEBSITE
Each time this Site and other web-based Services are accessed, our web servers automatically collect Information from the user’s system. This includes Information about the browser type and the version used, the operating system of the user’s terminal device, the Internet Service Provider of the user, the IP address of the user, date and time of access, and the previous website from which the user accesses our Site.
Additionally, essential cookies may be placed on your computer or device to allow our Site to remember you during your visit, to ensure it is functioning properly, and for compliance purposes.
Processing this Information is necessary for Mapp to be able to provide an Internet presence and to ensure its security and is therefore based on our “Legitimate Interest” to be “visible” to the market in accordance with Art. 6.1(f) of the GDPR.
The above-mentioned Information will be deleted as soon as it is no longer required for the purpose of its collection. When storing data in the log file for security purposes, this is generally the case after no more than 7 days.
2.2. CONTACTING MAPP
If you contact us via contact form, support ticket or e-mail, the Data you provide will be used to process your request. Your Contact Data may be transferred to our CRM system. The Data you provide is necessary for processing and answering your enquiry – we cannot answer your enquiry without providing it, or we can only answer it to a limited extent.
Mapp has the “Legitimate Interest” as per Art. 6.1(f) of the GDPR to provide ways to be contacted and to process the Data transmitted in the course of sending a request. If the purpose of the request is to conclude a service contract or process a technical support request, the additional legal basis of the processing is “Performance of a Contract” in accordance with Art. 6.1(b) of the GDPR.
When you contact us via the website form, request a demo, register for a webinar, contests or promotions, want to download content or register for and attend events, we will ask for your “opt-in” to be contacted by Mapp. Some offerings such as whitepapers or promotions are funded based on marketing use cases, i.e. you get something for “free” in exchange for the Personal Information needed by us to follow-up with you as a potential future Client. The processing of this Information is based on your “Consent” in accordance with Art. 6.1(a) of the GDPR.
Data processed in this context will be deleted when no longer necessary to achieve the original purpose and defined retention periods expired.
You have the possibility to object to the data processing or withdraw your consent at any time. The objection must be sent to our Data Protection Officer, preferably via the following email address: privacy(at)mapp.com. In this case, all Personal Information stored in the course of establishing contact will be deleted unless there are any storage obligations to the contrary.
The following cookies might be set by Mapp Intelligence:
|wtstp_eid||This cookie is used to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in each page request in a site and used to calculate visitor, session and campaign data for the Mapp Intelligence analyses.||6 months|
|wtstp_sid||This cookie is used to bind a request to a certain session in Mapp Intelligence.||session|
|wt_ngb_Q3||This cookie is used to create a sticky session for the Mapp Intelligence load balancers.||session|
|wtstp_rla||This cookie is used to ensure a maximum of 1000 requests every thirty minutes is sent to Mapp Intelligence.||30 minutes|
|webtrekkOptOut||This cookie is used to prevent sending requests to Mapp Intelligence in case you opted out of being tracked.||5 years|
The legal basis for using Mapp Intelligence is your “Consent” as per Art. 6.1(a) of the General Data Protection Regulation.
You can generally prevent Mapp Intelligence from processing your data on our website by opting out of tracking via Mapp Intelligence by clicking the button below.
2.3 DRIFT CHATBOT
We use a chatbot tool provided by Drift.com Inc. 222 Berkeley Street, Suite 600 Boston, MA 02116, United States on our website in order to provide you with real-time answers to your business requirements. It will be possible for you to chat with one of our sales reps directly on Mapp’s homepage, as soon as you reply to a few yes-no questions in the chatbot that help us understand your needs. When the chatbot is loaded your IP address will transferred to Drift.com.
Furthermore, the following essential cookies are set to help remember you when you return to our Website:
|driftt_aid||This is the anonymous identifier token. It is used to tie the visitor on your website with the profile within the Drift system. This allows Drift to remember the information that this site visitor has provided through the chat on subsequent site visits.||2 years|
|driftt_sid||This is the session identifier token. It is used to tie the visitor on your website with a current website session within the Drift system. This is enables session-specific features, such as popping up a messaging only once during a 30 minute session as to prevent a disruptive experience.||30 Minutes|
|driftt_wmd||This cookie marks when the Drift welcome message has been interacted with. It is used so the welcome message is not displayed subsequently.||2 years|
When you use the chatbot to communicate with us, we will record the chat history.
The use of Drift.com is based on our Legitimate Interest per Art 6.1(f) of the GDPR to improve your website experience and to communicate effectively with you – if you want. If you actively provide contact data in the chat to request a demo or speak to a Mapp Salesperson directly, we will further process this data based on your Consent per Art. 6.1(a) of the GDPR. Drift.com is subject to the EU-US Privacy Shield and does not use the collected Data for its own purposes.
2.4 GOOGLE MAPS
We use Google Maps on our Site to display the locations of our offices and to create route descriptions. This is a service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, and its parent company Alphabet Inc. (“Google”). Google is certified under the EU-US Privacy Shield, which guarantees that the EU’s data protection requirements will also be met when Google processes data in the US.
If you call the Google Maps component integrated in our Site, Google will save a cookie on your device via your Internet browser. Your user settings and data are processed in order to display our location and create a route description. We cannot exclude the possibility that Google may use servers in the USA.
Legal basis for this processing is our “Legitimate Interest” as per Art. 6.1(f) of the GDPR to optimize our Site.
You can find out which data is collected by Google and what this data is used for at https://policies.google.com/privacy
If you do not agree with this processing, you have the possibility to prevent the installation of cookies by the appropriate settings in your Internet browser.
2.5 GOOGLE FONTS
Our Site uses Google Fonts to present fonts. This is a service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, and its parent company Alphabet Inc. (“Google”). Google is certified under the EU-US Privacy Shield, which guarantees that the EU’s data protection requirements will also be met when Google processes data in the US. Google Fonts is used without authentication and no cookies are sent to the Google Fonts API. If you have an account with Google, none of your Google Account information will be transmitted to Google while using Google Fonts. Google only records the use of CSS and the fonts used and stores this information securely.
Legal basis for this processing is our “Legitimate Interest” in accordance with Art. 6.1(f) of the GDPR to optimize our Site.
You can find out which data is collected by Google and what this data is used for at https://policies.google.com/privacy.
2.6 YOUTUBE VIDEOS
We use videos from YouTube on our Website. YouTube (“YouTube”) is a service of YouTube LLC, 901 Cherrry Ave. San Bruno, CA, 94066, USA and is provided by them. YouTube is a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, and its parent company Alphabet Inc. (“Google”).
Each time you access a page that offers one or more YouTube video clips, a direct connection is established between your browser and a Youtube server in the USA. Information about your visit and your IP address may be stored there.
If you are logged in to YouTube at the same time, YouTube will assign the connection information to your YouTube account. If you wish to prevent this, you must either log out of YouTube before visiting our website or make the appropriate settings in your YouTube user account.
YouTube permanently stores cookies on your terminal device via your Internet browser for the purpose of functionality and analysis of user behavior. If you do not agree with this processing, you have the option of preventing the cookies from being saved by making a setting in your Internet browser.
Legal basis for this processing is our “Legitimate Interest” as per Art. 6.1(f) of the GDPR to optimize our Site. By incorporating YouTube videos, we aim to provide you with various videos on our website so that we can make our website even more attractive and informative for you.
2.7 GOOGLE TAG MANAGER
We use the tool Google Tag Manager, a service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, and its parent company Alphabet Inc. (“Google”), to manage the use of the tools on the different web pages of our web portal. For this purpose, a tag is defined for each page. The tag can then be used to determine which tracking tools should be used for this page. By using the Google Tag Manager the tracking can be controlled so that the tools are only used where they make sense. The service does neither collect data nor set cookies on your device.
2.8 SOCIAL MEDIA PAGES (“FAN PAGES”)
We maintain publicly accessible profiles on the social media platforms Facebook, Twitter, YouTube, Instagram, Xing and LinkedIn (‘social media pages’ or ‘fan pages’).
If you visit one of our social media pages when you are logged in to the respective social media network, the social media provider can analyze your usage behavior and associate the Information collected with your social media account, where it may also be enriched. Even if you are not logged in or if you do not have an account with the respective social media network, the social media provider may collect your Personal Information, such as your IP address or data generated by a cookie. The operators of social media platforms can use this Data to create user profiles. Your user profile can then be used to show you ads related to your interests on social media sites as well as other websites.
If you visit one of our social media pages, we share responsibility with the social media provider for the collection and processing of your Personal Information that takes place on that platform. With regard to information about the collection and processing of your Data on such platforms, we refer you to the privacy policies published by the respective social media networks. We do not have any additional information available. The privacy policies of the various social media networks can be found on the following pages:
- Facebook: https://www.facebook.com/about/privacy/
- Twitter: https://twitter.com/en/privacy
- YouTube: https://support.google.com/youtube/topic/2803240?hl=en&ref_topic=6151248
- Instagram: https://help.instagram.com/155833707900388
- LinkedIn: https://www.linkedin.com/legal/privacy-policy
- Xing: https://privacy.xing.com/
We can provide you with information about the appropriate guarantees for Data transfers to third countries in accordance with Art. 46 of the GDPR at any time on request.
You are able to assert your rights under Chapter 3 of the GDPR (right to information, rectification, erasure, restriction of processing, data portability, etc.) both against us and against the relevant social media provider. In this context and with regard to our social media pages, we would like to point out that we can only control the processing of Personal Information and the implementation of Data Subjects’ rights within the scope of the options presented to us by the respective provider.
The legal basis for our use of social media pages is our “Legitimate Interest” according to Art. 6.1(f) of the GDPR to run marketing of our events and Services on the Internet.
3. MARKETING FUNCTIONS
3.1. EMAIL MARKETING AND ANALYTICS
We use our newsletter to keep you up to date on all the latest news connected with our business- but only if you opted in to receive such newsletters. You will have to provide us with a valid email address and basic Personal Information for personalization purposes, including at least your first name, last name, and title. When you register for our newsletters, we may also store your IP address with a time stamp to be able to prove your registration. We also use so-called pixel tracking to collect certain events when marketing emails are sent (e.g. emails received; emails opened; clicks on links) to create aggregated statistics and reports on the effectiveness of our email marketing campaigns.
For the management of email subscriptions, messaging and performance measurement, we use HubSpot, a tool operated by our service provider HubSpot Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141, USA. HubSpot is certified the EU-US Privacy Shield and does not use the collected Data for its own purposes.
Legal basis of the processing of your Information for email marketing is your “Consent” in accordance with Art. 6.1(a) of the GDPR. We do not send you newsletters unless you have affirmatively opted in to receive newsletters.
If you are an existing Client, based on our “Legitimate Interest” per Art. 6.1(f) of the GDPR to advertise our products and to maintain a good relationship with you, you may receive marketing emails from us informing you about offerings related to Services you already purchased.
You can unsubscribe from our marketing emails at any time using the link within the newsletter, or object to the data processing. The objection must be sent to our Data Protection Officer, preferably via the following email address: privacy(at)mapp.com.
Marketing and email contacts, including newsletter recipients, are deleted when such users become inactive, click an “unsubscribe” button, or otherwise opt out of communications unless there are any storage obligations to the contrary.
In order to analyze the performance of our marketing efforts, we use HubSpot’s campaign analytics functionality on our Landing and Subscription Pages. Therefore, the following cookies may be set by HubSpot:
|__hstc||The main cookie for tracking visitors. It contains the domain, utk, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).||13 months|
|hubspotutk||This cookie is used to keep track of a visitor’s identity. This cookie is passed to HubSpot on form submission and used when deduplicating contacts.||13 months|
|_hssc||This cookie keeps track of sessions. This is used to determine if HubSpot should increment the session number and timestamps in the __hstc cookie. It contains the domain, viewCount (increments each pageView in a session), and session start timestamp.||30 minutes|
The processing of this Information is based on your “Consent” in accordance with Art. 6.1(a) of the GDPR given when you first visited a HubSpot-enabled section on our Website.
3.2. GOOGLE ANALYTICS AND AD MANAGER
We use the tool Google Analytics on our Site to create analyses of the use of our web pages in order to optimize our Site. This is a service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, and its parent company Alphabet Inc. (“Google”). In Google Analytics, interactions between users of our website are primarily recorded and systematically evaluated using cookies. When details of our website are accessed, the following Information is stored: Anonymized IP address, the website accessed, the website from which the user accessed the accessed website, the subpages that are called from the page that is called, the time spent on the website, and the frequency of calling the site. The Data stored through tracking will be deleted as soon as they are no longer needed for our purposes, in this case, after 14 months.
The following cookies might be set by Google:
|This cookie is used to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in each page request in a site and used to calculate visitor, session and campaign data for the sites analytics reports.||24 months|
|_gid||This cookie stores and updates a unique value for each page visited.||24 hours|
On our website we also use the service Google Ad Manager (formerly: DoubleClick For Publishers), an offer from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) (“Google”). This platform enables the placement, control and optimization of advertisements on websites. For this purpose, the listed cookies may be used. Conclusions about your person are generally excluded.
The legal basis for using Google Analytics and Google Ad Manager is your “Consent” as per Art. 6.1(a) of the GDPR.
You can generally prevent Google from processing your Data on websites by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout
3.3. Leadfeeder Analytics
We use Leadfeeder, a tool provided by Liidio Oy / Leadfeeder Mikonkatu 17 C 00100 Helsinki, Finland, to collect and analyze behavioral data of all website visitors, including pages viewed, visitor source, anonymized IP address and time spent on the site. Leadfeeder enriches that company data with contact data for individuals from publicly available data sources.
Leadfeeder tracker adds a visitor cookie to our website domain:
|_lfa||Visitor cookie for usage analytics||24 months|
The legal basis for using Leadfeeder is your “Consent” as per Art. 6.1(a) of the General Data Protection Regulation.
3.4. Adtaxi Analytics
The legal basis for using AdTaxi is your “Consent” as per Art. 6.1(a) of the General Data Protection Regulation.
For more information, please visit: https://www.adtaxi.com/privacy-policy
3.5. Hotjar Analytics
|_hjClosedSurveyInvites||This cookie is set once a visitor interacts with a Survey invitation modal popup. It is used to ensure that the same invite does not re-appear if it has already been shown.||12 months|
|_hjDonePolls||This cookie is set once a visitor completes a poll using the Feedback Poll widget. It is used to ensure that the same poll does not re-appear if it has already been filled in.||12 months|
|_hjMinimizedPolls||This cookie is set once a visitor minimizes a Feedback Poll widget. It is used to ensure that the widget stays minimizes when the visitor navigates through your site.||12 months|
|_hjDoneTestersWidgets||This cookie is set once a visitor submits their information in the Recruit User Testers widget. It is used to ensure that the same form does not re-appear if it has already been filled in.||12 months|
|_hjIncludedInSample||This session cookie is set to let Hotjar know whether that visitor is included in the sample which is used to generate funnels.||12 months|
|_hjShownFeedbackMessage||This cookie is set when a visitor minimizes or completes Incoming Feedback. This is done so that the Incoming Feedback will load as minimized immediately if they navigate to another page where it is set to show.||12 months|
|_hjid||This cookie is set when the customer first lands on a page with the Hotjar script. It is used to persist the Hotjar User ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID.||12 months|
The legal basis for using HotJar is your “Consent” as per Art. 6.1(a) of the General Data Protection Regulation. If you want to opt-out, you can do so by following this link: https://www.hotjar.com/legal/compliance/opt-out
3.6. LINKEDIN MARKETING
Our Website uses LinkedIn Insights Tracking, an analytics and retargeting service provided by LinkedIn (“LinkedIn”) Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA. With your consent, the LinkedIn Insight Tag matches visitors of this Website with registered LinkedIn members in order to provide us with anonymous statistics, for instance about our website users’ demographics, and to allow us to run personalized online ads within the LinkedIn network. Therefore, LinkedIn may set the following cookies:
|bscookie||Secure LinkedIn Browser ID cookie for share buttons and ad tags.||12 months|
|bcookie||LinkedIn Browser ID cookie for share buttons and ad tags.||12 months|
|li_sugr||Used by the social networking service, LinkedIn, for tracking the use of embedded services||3 months|
|Lidc||LinkedIn cookie used for routing from share buttons and ad tags||24 hours|
|UserMatchHistory||LinkedIn insights and ads tags used to track visitors so that more relevants ads can be presented based on visitor’s preferences||1 month|
Legal basis for the use of this tracking technology is your “Consent” as per Art. 6.1(a) of the General Data Protection Regulation.
LinkedIn is certified under the EU-US Privacy Shield. More information about the processing of your Data by LinkedIn is available here: http://www.linkedin.com/legal/privacy-policy
Legal basis for the use of this tracking technology is your “Consent” as per Art. 6.1(a) of the General Data Protection Regulation.
You can deactivate tracking at any time by clicking on the link https://www.taboola.com/privacy-policy in the “User Choices” section. After you have successfully opted out, no user-specific content will be played out to you.
4. Registered Mapp Cloud service users
Mapp is a marketing technology provider and offers Cloud Services to its Clients which are the controllers of their own marketing contacts’ Personal Information. Mapp is therefore the Processor of this Personal Information; the processing is governed by a Data Processing Agreement between Mapp and its Client and not within the scope of this Privacy Notice. Mapp however remains Controller of those Personal Information related to the registration, login and usage of our Cloud Services by system users.
During the registration process basic user profile data is collected including the user’s name, business email address (used as user identifier), password (stored in hashed format), and permissions. During login you’ll be required to provide your business email address and your password. While you’re using the system, we create logs of your actions including what you accessed, from which IP address and at which time. Additional Data may be shared when you use technical integrations of Mapp Cloud with other solutions. When you are a registered user of one of our Cloud Services, we may automatically register you in our support system, which simplifies the process for you to contact our technical support team. Furthermore, we use relevant Information for billing purposes. Without a registered user account, you cannot use our Cloud Services.
The legal basis for the processing is the “Performance of a Contract” (Art. 6.1(b) of the GDPR). The processing of any Personal Information serves the provision, maintenance, and improvement of our software services, as well as the security.
The above-mentioned Data will be deleted after they are no longer necessary to achieve the purpose for which they were collected, generally upon the expiration of the underlying service contract, considering retention periods under tax and commercial law.
To better understand how you use our products and to continuously improve our product offerings, we may use the following analytic tools within our product software based on this “Legitimate Interest” as per Art. 6.1(f):
4.1. Mapp Intelligence
Mapp Intelligence is our very own tool to analyze website usage. It uses a script to load necessary cookies which are placed at your device unless you implemented controls to prevent this. This may include cookies for the following purposes:
- Session cookie for session recognition, lifetime: one session (simple flag with value “1”)
- Long-term cookie to recognize new/regular customers: 6 months
- Opt-out cookie in case of opposition to tracking, minimum lifetime: 60 months
The script then downloads a Tracking Pixel from a Mapp Intelligence server to the website. Each download of the Tracking Pixel involves a request of the client’s browser and contains the following data elements which are stored by us for 12 months:
- IP address – will be immediately anonymized and deleted
- Cookie Identifiers
- Request (e.g. file name of the requested file)
- Browser type/version (e.g. Firefox 61.0)
- Browser language (e.g. German)
- Operating system used (e.g. Windows 10)
- Internal resolution of the browser window Screen resolution
- Referrer URL (the previously visited page)
- Time of access
You can stop the tracking at any time by using this opt-out link:
Gainsight is a tool provided by Gainsight Inc, 655 Montgomery St, San Francisco, CA 94111, United States, which allows us to quantitatively analyze how you use our products and certain features (e.g. click path analysis, error tracking), and to allow you to provide valuable qualitative feedback which helps us to build the products you want. The data collected will be linked to your account, i.e. your name and your email address as provided in the course of your account registration.
Gainsight is certified under the EU-US Privacy Shield, which guarantees that the EU’s data protection requirements will also be met when Gainsight processes data on our behalf in the US.
You can stop the tracking at any time by using this opt-out link:
5. Applying for a job at Mapp
Embedded into this Site, you’ll find our online application tool provided by our service provider Prescreen International GmbH, Mariahilfer Straße 17, 1060 Vienna, Austria (hereafter “Prescreen”), which allows you to see open positions and to apply for a job at Mapp. Prescreen processes the Applicant Data on behalf of Mapp based on a Data Processing Agreement and does not use the Data for its own purposes. In connection with the operation of this Site, the processing of certain Data by Prescreen is required. For details, please visit: https://prescreen.io/en/privacy-policy/
We process the Personal Information you have sent us in connection with your application in order to assess your suitability for the position (or any other open positions in our company) and to complete the application process. Once you received and accepted an offer from Mapp, a background verification process will be initiated, which is necessary due to market requirements.
In the course of your online application, the following information might be collected and processed:
- First name, last name, home address, e-mail, date of birth, gender, telephone number, citizenship
- Additional questions depending on the respective job offer (e.g. driving license)
- Professional experience and training
- Skills (e.g. Photoshop, MS Office)
- Qualifications, awards, and language abilities
- Application photo
- Cover letter
The processing of your Personal Information in this application procedure is necessary for the establishment of an employment relationship, i.e. we can only hire you when you provide the Personal Information we need. Processing of Applicant Data is therefore “Performance of a Contract” as per Art. 6.1(b) of the GDPR. Should the Data be necessary for legal prosecution after completion of the application procedure, further processing will be based on our “Legitimate Interest” in the assertion or defense of claims as per Art. 6.1(f) of the GDPR.
In the event of rejection, your Applicant Data will be deleted 6 months after the assignment of the respective position unless you agreed on further storage in our applicant data pool and consideration for open positions in the future. In this case, your Data will be retained for up to 12 months based on your “Consent” per Art. 6.1(a) of the GDPR. This “Consent” can be revoked at any time.
If you have been awarded a position as part of the application process, the data will be transferred from the applicant data system to our personnel information system, and a background verification process will be initiated, which is necessary for the “Performance of a Contract” as per Art. 6.1(b) of the GDPR. Goals of the background verification check are to verify your identity and criminal record clearance, and to confirm claimed qualifications and employments within the last 5 years – as far as this is relevant for your role. Candidates for financial roles may also be subject to a credit review.
Your Applicant Data will be viewed by the Human Resources department after receipt of your application. Suitable applications will then be forwarded internally to the department managers responsible for the respective open position. The rest of the process is then coordinated. Within Mapp, only those persons have access to your Personal Information who need it for the proper course of our application procedure. Furthermore, we use specialized service providers for the application process which may involve the processing of your Personal Information outside of the European Economic Area (“EEA”) where proper safeguards are in place.
6. Marketing events
Mapp regularly runs or sponsors Marketing Events, where we might collect, use and store the following kinds of Data about you:
|Data Categories||Type of Data||Source of the Data|
|Registration data||First name, last name, job title, employer name, work address, work email, and work phone number||We collect this data directly from you through your registration for a Mapp marketing event|
|Business card data||First name, last name, job title, employer name, work address, work email, and work phone number||We collect this data directly from you when you intentionally give us your business card.|
|Feedback information||First name, last name, job title, employer name, work email, work phone number, your personal satisfaction from the event and your preferences for future Mapp events||We collect this data directly from you when you fill in a feedback from at a Mapp event.|
|Photographs and video recordings||Your image alone or with other people in the context of the Mapp marketing event, taken during the official part as well as the networking/informal part of the event.||We either take photographs and make videos ourselves or engage a third party – professional service provider who will process the data under our instructions and only for our purposes.|
Mapp will process your Registration Data to administer your participation at Mapp events, for security purposes, and, upon your request – to issue an invoice, based on the Legal Ground “Performance of a Contract” in accordance with Art. 6.1(b) of the GDPR.
We will use your business card data to reach out to you and establish a professional contact with a view to cooperate in the future and will send to your email address a proposal to join our data base and receive marketing communication from us (also see section “Contacting Mapp”). You are free to accept or decline this proposal. Once subscribed you can always unsubscribe from the emails you receive from us at any time by clicking the unsubscribe link located at the bottom of the email (also see section “Email Marketing”).
We will process your data in relation to the feedback that you have provided to us for the purposes of measuring your satisfaction and improving the quality of Mapp events. If, in the feedback form, you have specifically requested Mapp to contact, we will use your data to reach out to you to discuss our services and how Mapp can support your organization (also see section “Contacting Mapp”).
We will publish the photographs and video recordings from Mapp marketing events (on which you might appear on the front line or in the background) on the Mapp Website, Social Media or on other electronic or paper media based on our “Legitimate Interest” to promote our services and strengthen our market presence in accordance with Art. 6.1(f) of the GDPR. We will inform you already at the invitation for the event, with the registration form as well as by placing explicit signs at the event location that photographs and videos, with intention to making them public, will be taken. If you would not want to be photographed or video recorded at the Mapp event, or if you do not want us to publish any picture or other visual media on which you may appear, please let us know (at the event registration or by sending an email to us) before the event, and we will conform.
If you are a speaker on the stage at a Mapp marketing event, we will publish the pictures and videos on which you appear after obtaining your consent to do that. You can withdraw this consent at any time by sending an email to us.
Data processed in this context will be deleted when no longer necessary to achieve the original purpose and defined retention periods expired.
7. RECIPIENTS OF YOUR PERSONAL INFORMATION
Where appropriate, we may share your Personal Information with various recipients, including the following categories:
- Our third-party service providers who process Personal Information on our behalf for IT and system administration and hosting, billing, research and analysis, marketing, customer support and other purposes (e.g. data centers, SaaS applications)
- Tools used by this Website for marketing purposes as described in this notice
- Affiliates within our group of companies that process Personal Information for, amongst others, customer service, marketing purposes, technical operations and account management
- Sponsors of events, webinars and contests for which you have registered
- Public and regulatory authorities, where we are required to disclose Personal Data in order to comply with our legal obligations
8. PROTECTING YOUR PERSONAL INFORMATION
Mapp applies effective security safeguards to protect your Personal Information and therefore complies with and is partly certified against ISO 27001.
ISO 27001 is the international standard for information security management and defines the requirements for the introduction, operation, monitoring, and continual improvement of an effective information security management system (ISMS). It systematically ensures that an organization implements and maintains commercially reasonable and industry standard technical and organizational safeguards to preserve the security of (Personal) Information.
Furthermore, your Personal Data will be deleted as soon as it is no longer required for the purpose of its collection.
Though we do everything we can to prevent a security breach from happening, there are no guarantees. In the case we learn of a security breach, we may attempt to notify you electronically so that you can take appropriate protective steps, by posting a notice on the Site if a security and/or sending an email to you at the email address you have previously provided to us. Depending on where you live, you may have a legal right to receive notice of a security breach in writing. To receive a free written notice of a security breach, or to withdraw your consent from receiving electronic notice, you should notify us.
9. INTERNATIONAL DATA TRANSFER AND PRIVACY SHIELD
Since Mapp is a global company, when you use our Sites or contact us, your data may be processed worldwide, for example on servers in the United States. We generally apply highest EU data protection standards in compliance with the GDPR and will also make sure that your Data is properly protected. Therefore we utilize Standard Contractual Clauses (internally and externally), the EU-U.S. Privacy Shield (if applicable) and express consents (Data Transfer Agreements) in relation to Personal Information originating the European Union or the United States.
Mapp is registered under the EU-U.S. Privacy Shield Framework (“Privacy Shield”), and accordingly is committed to the EU-U.S. Privacy Shield Principles. The EU-U.S. Privacy Shield Framework applies whenever you use this Website or contact us.
For a list of all companies participating in Privacy Shield, see here: www.privacyshield.gov/list. Mapp is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
Mapp shall remain liable under the EU-U.S. Privacy Shield Principle of Accountability for Onward Transfer if its sub-processors process your Personal Information in a manner inconsistent with the Privacy Shield Principles, unless we prove we are not responsible for the event giving rise to the damage.
Details about the Standard Contractual Clauses issued by the European Commission are available here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en
10. YOUR RIGHTS AND HANDLING OF COMPLAINTS
If Personal Information about you is processed, you are the Data Subject in the sense of the GDPR. Therefore, you are entitled to the following rights against us as Controller: Right to information, right to rectification, right to limitation of processing, right to deletion, right to data transferability, right of appeal, right to revoke the declaration of consent under data protection law. Some data processing procedures are only possible with your express consent. You can withdraw your consent under data protection law at any time, but this does not affect the legality of the consent until revocation.
Additionally, you have the right to object data processing. To the extent that your personal data is processed to protect the predominant “Legitimate Interests” of the Controller per Art. 6.1(f) of the GDPR as laid out in this Privacy Notice, you may object to such processing with effect for the future. For this purpose, please contact the Controller. As a rule, the right to object is only available to you for reasons arising from your particular situation (Art. 21.1 GDPR). Once you have exercised your right to object, your personal data will no longer be processed for these purposes unless the Controller is able to demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or if such processing serves to lodge, action or defend a legal claim. If the processing is carried out for the purposes of direct marketing, you may exercise the right to object to this at any time (Art. 21.2 GDPR), and your Personal Information will then no longer be processed for direct marketing purposes.
In compliance with the EU-U.S. Privacy Shield Principles, Mapp commits to resolve complaints about your privacy and our collection or use of your Personal Information. European Union individuals with inquiries or complaints regarding this Privacy Notice should first contact our Data Protection Officer, preferably via the following email address: privacy(at)mapp.com.
Please note that in the event of such a request, we are required to collect additional personal information that will enable us (a) to verify your identity before providing you with information and (b) to retain evidence of your request and how we have responded to it.
Mapp has further committed to refer unresolved privacy complaints under the EU-U.S. Privacy Shield Principles to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit JAMS’s Privacy Shield website for more information and to file a complaint. These dispute resolution services are provided at no cost to you.
If your complaint is not resolved after following the recourse mechanisms described above, you may have the ability to invoke binding arbitration. Additional information is available here: https://www.privacyshield.gov/article?id=ANNEX-I-introduction
Please note that, in addition, you also have the right to lodge a complaint with the supervisory authority in the relevant EU Member State. Mapp commits to cooperate with the EU supervisory authorities and comply with the advice given by such authorities. For instance, you can contact:
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Mapp commits to resolve complaints about your privacy and our collection or use of your personal information. Non-EU citizens with inquiries or complaints regarding this Privacy Notice should first contact our Data Protection Officer, preferably via the following email address: privacy(at)mapp.com.
AUTOMATED DECISION MAKING
We do not carry out automated decision-making using profiling methods.
All disputes arising under this Privacy Notice shall be governed by and interpreted in accordance with the laws of California, without regard to principles of conflict of laws. Except as otherwise provided in the Privacy Shield section above, the parties to this Privacy Notice will submit all disputes arising under this agreement to arbitration in San Diego, California, before a single arbitrator of JAMS. The arbitrator shall be selected by application of the rules of JAMS, or by mutual agreement of the parties, except that such arbitrator shall be an attorney admitted to practice law California. No party to this Privacy Notice will challenge the jurisdiction or venue provisions as provided in this section. Nothing contained herein shall prevent the party from obtaining an injunction.
CLASS ACTION WAIVER
Any arbitration or court trial, whether before a judge or jury or pursuant to judicial reference, related to any claim under this Privacy Notice will take place on an individual basis, without resort to any form of class or representative action (“Class Action Waiver”). THIS CLASS ACTION WAIVER PRECLUDES ANY PARTY FROM PARTICIPATING IN OR BEING REPRESENTED IN ANY CLASS OR REPRESENTATIVE ACTION REGARDING A CLAIM UNDER THIS NOTICE. Regardless of anything else herein, the validity and effect of the Class Action Waiver may be determined only by a court and not by an arbitrator.
CALIFORNIAN CONSUMER DATA PROTECTION ACT (CCPA)
Mapp is a B2B business and therefore does not directly interact with Consumers directly. We also do not sell any Consumer Data. If you want to notify us about a potential violation, please contact us via one of the means provided below.
CONTACT OF THE CONTROLLER AND ITS EU REPRESENTATIVE
We are the Controller of Personal Information related to our Services within the meaning of the General Data Protection Regulation (GDPR) and other data protection regulations. Comprehensive information about our company can be found in the imprint.
Mapp Digital US, LLC
3655 Nobel Drive
San Diego, CA 92122, United States of America
European Union (EU) representative:
Mapp Digital Germany GmbH
Dachauer Str. 63, Nymphenburger Hoefe NY II
80335 Munich, Germany
DATA PROTECTION OFFICER
Our data protection officer can be reached by post to the Controller or its EU representative (Attn: Privacy) or via email to privacy(at)mapp.com
CHANGES TO THIS NOTICE
We reserve the right to modify this Privacy Notice at any time. If we decide to change our Privacy Notice, we will prominently post those changes here and any other place we deem appropriate, so you are always aware of what Information we collect, how we use it, and under what circumstances, if any, we disclose it. If we make any material changes, we will notify you either by way of an email or by a notice on this Site. We will use information in accordance with the Privacy Notice as it was in effect at the time Information was collected.