Privacy Notice

Effective date: November 2, 2020

1. INTRODUCTION

This website is operated, hosted and owned by Mapp Digital US, LLC and its affiliates (collectively “Mapp,” “we,” or “us”). The website, together with any other mobile or web applications, products, or services offered to our clients may be referred to herein collectively as the “Services.”

We are committed to meeting the digital marketing needs of our Clients, and to helping our Clients better engage with their customers on a personal level. We are also committed to the privacy of those customers, as well as visitors to the Site, and any other end users (collectively, “you” or “user”) who interact with our Services, in line with the European Union (EU) General Data Protection Regulation (“GDPR”), the California Consumer Privacy Act (“CCPA”) and other applicable data protection laws. We therefore adhere to the following data protection principles:

  • Purpose legitimacy and specification
  • Openness, transparency and notice
  • Consent and choice
  • Collection limitation
  • Data minimization
  • Use, retention and disclosure limitation
  • Accuracy and quality
  • Availability
  • Confidentiality and integrity
  • Individual participation and access

We provide this privacy notice to inform you of our policies and procedures regarding the collection, storage, use and disclosure of your Personal Information (or “Information”, “Data”) such as your name, phone number, email address, or mailing address. Please note that your use of the Services may also be subject to Mapp’s Acceptable Use Policy, available here: https://mapp.com/acceptable-use-policy/

 

2. Essential Website Functions

2.1 PROVISIONING OF THE WEBSITE

Each time this website and other web-based services are accessed, our web servers automatically collect Information from the user’s system. This includes Information about the browser type and the version used, the operating system of the user’s terminal device, the Internet Service Provider of the user, the IP address of the user, date and time of access, and the previous website from which the user accesses our website.

Additionally, essential cookies may be placed on your computer or device to allow our website to remember you during your visit, to ensure it is functioning properly, to protect the confidentiality, integrity and availability of the website and your data, and for compliance purposes.

This website is hosted by a service provider in the United States. A Data Processing Agreement in line with Art. 28 of the GDPR including the EU Standard Contractual Clauses is executed.

Processing this Information is necessary for Mapp to be able to provide an Internet presence and to ensure its security and is therefore based on our “Legitimate Interest” to be “visible” to the market in accordance with Art. 6.1(f) of the GDPR.

The above-mentioned Information will be deleted as soon as it is no longer required for the purpose of its collection.

2.2 CONTACTING MAPP

If you contact us via contact form, support ticket or e-mail, the Data you provide will be used to process your request. Your contact data may be transferred to our CRM system. The Data you provide is necessary for processing and answering your enquiry – we cannot answer your enquiry without providing it, or we can only answer it to a limited extent.

Mapp has the “Legitimate Interest” as per Art. 6.1(f) of the GDPR to provide ways to be contacted and to process the Data transmitted in the course of sending a request. If the purpose of the request is to conclude a service contract or process a technical support request, the additional legal basis of the processing is “Performance of a Contract” in accordance with Art. 6.1(b) of the GDPR.

When you contact us via the website form, request a demo, register for a webinar, contests or promotions, want to download content or register for and attend events, we may ask for your “opt-in” to be contacted by Mapp. Some goodies such as whitepapers or promotions are funded based on marketing use cases, i.e. you get something for “free” in exchange for the Personal Information needed by us to follow-up with you as a potential future Client. The processing of this Information is based on your “Consent” in accordance with Art. 6.1(a) of the GDPR. It is your choice.

When you contact us, your data may be processed inside and outside the EU. Data Processing Agreements in line with Art. 28 of the GDPR including the EU Standard Contractual Clauses are executed with all involved organizations.

Data processed in this context will be deleted when no longer necessary to achieve the original purpose and defined retention periods expired.

You have the possibility to object to the data processing or withdraw your consent at any time. The objection must be sent to our Data Protection Officer, preferably via the following email address: privacy@mapp.com. In this case, all Personal Information stored in the course of establishing contact will be deleted unless there are any storage obligations to the contrary.

2.3 CONSENT MANAGEMENT (USERCENTRICS)

In order to manage your preferences with regards to the usage of cookies on this website, we use a consent management solution operated by Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich in Germany. The following information is collected as part of the solution:

  • Device information
  • Browser information
  • Anonymized IP Address
  • Opt-in and opt-out data
  • Date and time of visit
  • Request URLs of the webpage
  • Page path of the webpage
  • Geographic location

The data is processed within the EU. We executed a Data Processing Agreements with the service provider in line with Art. 28 of the GDPR.

Legal basis for the processing of the data is “Compliance with legal obligations” per Art. 6.1(c) of the GDPR.

The Consent data (given consent and the consent revocation) will be kept for a period of three years.

2.4 MAPP INTELLIGENCE

We use Mapp Intelligence on our website to create analyses of the use of our website for optimization purposes. Mapp Intelligence is our very own tool and is operated by Mapp Digital c/o Webtrekk GmbH, Robert-Koch-Platz 4, 10115 Berlin, Germany and hosted in Germany. It uses a script to load necessary cookies which are placed at your device unless you implemented controls to prevent this. This may include cookies for the following purposes:

  • Session cookie for session recognition, lifetime: one session (simple flag with value “1”)
  • Long-term cookie to recognize new/regular customers: 6 months
  • Opt-out cookie in case of opposition to tracking, minimum lifetime: 60 months

The script then downloads a Tracking Pixel from a Mapp Intelligence server to the website. Each download of the Tracking Pixel involves a request of the client’s browser and contains the following data elements which are stored by us for 12 months:

  • IP address – will be immediately anonymized and deleted
  • Cookie Identifiers
  • Request (e.g. file name of the requested file)
  • Browser type/version (e.g. Firefox 61.0)
  • Browser language (e.g. German)
  • Operating system used (e.g. Windows 10)
  • Internal resolution of the browser window Screen resolution
  • Referrer URL (the previously visited page)
  • Time of access

The legal basis for using Mapp Intelligence is our “Legitimate Interest” as per Art. 6.1(f) of the GDPR to optimize our website based on our visitors’ needs.

You can stop the tracking at any time by using this opt-out link:

 

2.5 GOOGLE MAPS

We use Google Maps on selected subsections of our website (e.g., “About Us”) to display the locations of our offices and to create route descriptions. This is a service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, and its parent company Alphabet Inc. (“Google”).

If you call the Google Maps component integrated in our Site, Google will save a cookie on your device via your Internet browser. Your user settings and data are processed in order to display our location and create a route description. We cannot exclude the possibility that Google may use servers in the USA.

Legal bases for this processing are our “Legitimate Interest” as per Art. 6.1(f) of the GDPR to optimize our website based on the needs and expectations of our visitors in combination with Art. 49 of the GDPR.

You can find out which data is collected by Google and what this data is used for at https://policies.google.com/privacy

If you do not agree with this processing, you have the possibility to prevent the installation of cookies by the appropriate settings in your Internet browser, or by not navigating to any subsections of this website.

2.6 YOUTUBE VIDEOS

We use videos from YouTube on our Website. YouTube (“YouTube”) is a service of YouTube LLC, 901 Cherrry Ave. San Bruno, CA, 94066, USA and is provided by them. YouTube is a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, and its parent company Alphabet Inc. (“Google”).

Each time you access a page that offers one or more YouTube video clips, a direct connection is established between your browser and a YouTube server in the USA. Information about your visit and your IP address may be stored there.

If you are logged in to YouTube at the same time, YouTube will assign the connection information to your YouTube account. If you wish to prevent this, you must either log out of YouTube before visiting our website or make the appropriate settings in your YouTube user account.

YouTube permanently stores cookies on your terminal device via your Internet browser for the purpose of functionality and analysis of user behavior. If you do not agree with this processing, you have the option of preventing the cookies from being saved by making a setting in your Internet browser, or by not navigating to any subsections of this website that may embed videos.

You can find YouTube’s privacy policy at https://policies.google.com/privacy

Legal bases for this processing are our “Legitimate Interest” as per Art. 6.1(f) of the GDPR to optimize our website based on the needs and expectations of our visitors in combination with Art. 49 of the GDPR.

2.7 GOOGLE TAG MANAGER

We use the tool Google Tag Manager, a service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, and its parent company Alphabet Inc. (“Google”), to manage the use of the tools on the different web pages of our web portal. For this purpose, a tag is defined for each page. The tag can then be used to determine which tracking tools should be used for this page. By using the Google Tag Manager the tracking can be controlled so that the tools are only used where they make sense. The service does neither collect data nor set cookies on your device.

2.8 SOCIAL MEDIA PAGES (“FAN PAGES”)

We maintain publicly accessible profiles on the social media platforms Facebook, Twitter, YouTube, Instagram, Xing and LinkedIn (‘social media pages’ or ‘fan pages’).

If you visit one of our social media pages when you are logged in to the respective social media network, the social media provider can analyze your usage behavior and associate the Information collected with your social media account, where it may also be enriched. Even if you are not logged in or if you do not have an account with the respective social media network, the social media provider may collect your Personal Information, such as your IP address or data generated by a cookie. The operators of social media platforms can use this Data to create user profiles. Your user profile can then be used to show you ads related to your interests on social media sites as well as other websites.

If you visit one of our social media pages, we share responsibility with the social media provider for the collection and processing of your Personal Information that takes place on that platform. With regard to information about the collection and processing of your Data on such platforms, we refer you to the privacy policies published by the respective social media networks. We do not have any additional information available. The privacy policies of the various social media networks can be found on the following pages:

You are able to assert your rights under Chapter 3 of the GDPR (right to information, rectification, erasure, restriction of processing, data portability, etc.) both against us and against the relevant social media provider. In this context and with regard to our social media pages, we would like to point out that we can only control the processing of Personal Information and the implementation of Data Subjects’ rights within the scope of the options presented to us by the respective provider.

Please note that all these platforms except Xing are hosted in the USA. It is your own decision if you want to visit these pages or not.

The legal basis for our use of social media pages is our “Legitimate Interest” according to Art. 6.1(f) of the GDPR to run marketing of our events and Services on the Internet.

 

3. MARKETING FUNCTIONS

3.1 EMAIL MARKETING AND ANALYTICS

We use our newsletter to keep you up to date on all the latest news connected with our business- but only if you opted in to receive such newsletters. You will have to provide us with a valid email address and basic information for personalization purposes, including at least your first name, last name, and title. When you register for our newsletters, we may also store your IP address with a time stamp to be able to prove your registration. We also use pixel tracking to collect certain events when marketing emails are sent (e.g. emails received; emails opened; clicks on links) to create aggregated statistics and reports on the effectiveness of our email marketing campaigns.

For the management of email subscriptions, messaging, and performance measurement, we use HubSpot, a tool operated by our service provider HubSpot Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141, USA. A Data Processing Agreement in line with Art. 28 of the GDPR including the EU Standard Contractual Clauses is executed.

Legal basis of the processing of your Information for email marketing is your “Consent” in accordance with Art. 6.1(a) of the GDPR. We do not send you newsletters unless you have affirmatively opted in to receive newsletters.

If you are an existing Client, based on our “Legitimate Interest” per Art. 6.1(f) of the GDPR to advertise our products and to maintain a good relationship with you, you may receive marketing emails from us informing you about offerings related to Services you already purchased.

You can unsubscribe from our marketing emails at any time using the link within the newsletter, or object to the data processing. The objection must be sent to our Data Protection Officer, preferably via the following email address: privacy@mapp.com.

Marketing and email contacts, including newsletter recipients, are deleted when such users become inactive, click an “unsubscribe” button, or otherwise opt out of communications unless there are any storage obligations to the contrary.

In order to analyze the performance of our marketing efforts, we use HubSpot’s campaign analytics functionality on our Landing and Subscription Pages. Therefore, the cookies may be set by HubSpot that help to remember you for up to 13 months.

In this context, HubSpot may collect the following information:

  • Geographical location
  • Browser type
  • Navigational information
  • Referral URL
  • Performance data
  • How often the application is used
  • Mobile apps data
  • Files viewed on site
  • Domain names
  • Pages viewed
  • Aggregated usage
  • OS version
  • Internet service provider
  • IP address
  • Device identifier
  • Length of visit
  • Where the application was downloaded from
  • Operating system
  • Events occurring within application
  • Access times
  • Clickstream data
  • Device model and version

HubSpot is hosted in the USA. A Data Processing Agreement in line with Art. 28 of the GDPR including the EU Standard Contractual Clauses is executed.

The processing of this Information is based on your “Consent” in accordance with Art. 6.1(a) of the GDPR given when you first visited a HubSpot-enabled section on our website.

3.2 GOOGLE ANALYTICS, OPTIMIZE AND AD MANAGER

We use the tool Google Analytics and the related service Google Optimize on our website to create analyses of the use of our web pages in order to optimize our Internet presence. This is a service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, and its parent company Alphabet Inc. (“Google”). In Google Analytics, interactions between users of our website are primarily recorded and systematically evaluated using cookies with a duration up to 24 months to distinguish and remember visitors and do divide visitors into groups for A/B testing. When details of our website are accessed, the following information is stored: Anonymized IP address, the website accessed, the website from which the user accessed the accessed website, the subpages that are called from the page that is called, the time spent on the website, and the frequency of calling the site. The data stored through tracking will be deleted as soon as they are no longer needed for our purposes, in this case, after 14 months.

Google processes data in the USA. A Data Processing Agreement in line with Art. 28 of the GDPR including the EU Standard Contractual Clauses is executed to limit the use of analytic data collected on our websites.

We also use Google Ad Manager (formerly: DoubleClick For Publishers), another offer from “Google”. This platform enables the placement, control and optimization of advertisements on websites. For this purpose, further cookies may be used. Conclusions about your person are generally excluded.

For more information about Google’s privacy practices and the usage of your data for advertising purposes, please visit Google’s Privacy Policy: https://policies.google.com/privacy

The legal basis for using Google Analytics and Google Ad Manager is your “Consent” as per Art. 6.1(a) of the GDPR.

You can generally prevent Google from processing your Data on websites by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout

3.3 LEADFEEDER

We use Leadfeeder, a tool provided by Liidio Oy / Leadfeeder Mikonkatu 17 C 00100 Helsinki, Finland, to collect and analyze behavioral data of all website visitors, including pages viewed, visitor source, anonymized IP address and time spent on the site. Leadfeeder enriches that company data with contact data for individuals from publicly available data sources.

Leadfeeder tracker adds a visitor cookie with a duration of 24 months to our website domain in order to remember previous visitors.
The legal basis for using Leadfeeder is your “Consent” as per Art. 6.1(a) of the GDPR.

The data is processed within the EU. We executed a Data Processing Agreements with the service provider in line with Art. 28 of the GDPR.

3.4 ZOOMINFO

We use a plugin of ZoomInfo Technologies LLC, 805 Broadway St Suite 800, Vancouver, WA 98660, US, which collects your IP address to match it against an internal database of company IP address ranges. This allows us to see which companies are interested in our website and our product offerings, which ultimately helps us to improve both.

ZoomInfo is hosted in the USA. A Data Processing Agreement in line with Art. 28 of the GDPR including the EU Standard Contractual Clauses is executed.

Data processed in this context will be deleted when no longer necessary to achieve the original purpose and defined retention periods expired.

The legal basis for using ZoomInfo is your “Consent” as per Art. 6.1(a) of the GDPR.

3.5 HOTJAR

We use HotJar, a tool provided by Hotjar Ltd, Level 2 St Julians Business Centre, 3, Elia Zammit Street St Julians STJ 3155, Malta, to better understand the needs of our users and to optimize the offerings and experience on this website. Hotjar’s technology helps us gain a better understanding of our users’ experiences (e.g. how much time users spend on which pages, which links they click, what they like and what they don’t like, etc.) and this helps us to tailor our offering to our users’ feedback.

Hotjar uses cookies with a duration of up to 12 months and other technologies to collect information about our users’ behavior and about their end devices, in particular IP address of the device (is only collected and stored in anonymous form during your use of the website), screen size, device type (Unique Device Identifiers), information about the browser used, location (country only), preferred language for viewing our website. Hotjar stores this information on our behalf in a pseudonymized user profile.

The legal basis for using HotJar is your “Consent” as per Art. 6.1(a) of the General Data Protection Regulation. If you want to opt-out, you can do so by following this link: https://www.hotjar.com/legal/compliance/opt-out

The data is processed within the EU. We executed a Data Processing Agreements with the service provider in line with Art. 28 of the GDPR.

3.6 LINKEDIN MARKETING

Our Website uses LinkedIn Insights Tracking, an analytics and retargeting service provided by LinkedIn (“LinkedIn”) Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA. With your consent, the LinkedIn Insight Tag matches visitors of this Website with registered LinkedIn members in order to provide us with anonymous statistics, for instance about our website users’ demographics, and to allow us to run personalized online ads within the LinkedIn network. Therefore, LinkedIn may set cookies to remember and distinguish website visitors and to match them to registered LinkedIn users.

LinkedIn processes the data in the USA. A Data Processing Agreement in line with Art. 28 of the GDPR including the EU Standard Contractual Clauses is executed.

Legal basis for the use of this tracking technology is your “Consent” as per Art. 6.1(a) of the GDPR.

LinkedIn members have the option to opt out of LinkedIn Conversion Tracking and block and delete cookies at https://www.linkedin.com/psettings/advertising/ or disable demographic features. There is no separate opt-out option in LinkedIn’s settings for third-party impressions or click tracking for campaigns running on LinkedIn, as all underlying campaigns respect LinkedIn member settings.

If you are using LinkedIn, their Privacy Policy applies: https://www.linkedin.com/legal/privacy-policy

3.7 APPVIZER

We use the tool Appvizer, operated by Cloud is Mine SAS, Rond Point Benjamin Franklin CS 39521, 34960 Montpellier Cedex 2 in France, on our website for conversion tracking, i.e. to analyze how many visitors of this site have read specific product recommendations published on Appvizer before.

The legal basis for transferring data to Appvizer is your “Consent” as per Art. 6.1(a) of the GDPR.

Appvizer’s privacy policy is available here: https://www.appvizer.com/about/privacy-policy.

 

4. REGISTERED MAPP CLOUD SERVICE USERS

Mapp is a marketing technology provider and offers Cloud Services to its Clients which are the controllers of their own marketing contacts’ Personal Information. Mapp is therefore the Processor of this Personal Information; the processing is governed by a Data Processing Agreement between Mapp and its Client and not within the scope of this Privacy Notice. Mapp however remains Controller of those Personal Information related to the registration, login and usage of our Cloud Services by system users.

During the registration process basic user profile data is collected including the user’s name, business email address (used as user identifier), password (stored in hashed format), and permissions. During login you will be required to provide your business email address and your password. While you are using the system, we create logs of your actions including what you accessed, from which IP address and at which time. Additional Data may be shared when you use technical integrations of Mapp Cloud with other solutions. When you are a registered user of one of our Cloud Services, we may automatically register you in our support system, which simplifies the process for you to contact our technical support team. Furthermore, we use relevant Information for billing purposes. Without a registered user account, you cannot use our Cloud Services.

Registered users will receive emails with information that is relevant for the Mapp Cloud Services, such as updates of functionality or details about planned or unplanned downtimes. You can unsubscribe from such updates if you want.

The legal basis for the processing described is the “Performance of a Contract” per Art. 6.1(b) of the GDPR. The processing of any Personal Information serves the provision, maintenance, and improvement of our software services, as well as the security.

The above-mentioned data will be deleted after they are no longer necessary to achieve the purpose for which they were collected, generally upon the expiration of the underlying service contract, considering retention periods under tax and commercial law.

 
4.1 PRODUCT ANALYTICS

To better understand how you use our products and to continuously improve our product offerings, we may use the following analytic tools within our product software based on this “Legitimate Interest” as per Art. 6.1(f):

Mapp Intelligence
We use our very own tool Mapp Intelligence on our website to create analyses of the use of our website to optimize our Mapp Cloud Services. Mapp Intelligence is operated by Mapp Digital c/o Webtrekk GmbH, Robert-Koch-Platz 4, 10115 Berlin, Germany and hosted in Germany.

Mapp Intelligence is our very own tool to analyze website usage. It uses a script to load necessary cookies which are placed at your device unless you implemented controls to prevent this. This may include cookies for the following purposes:

  • Session cookie for session recognition, lifetime: one session (simple flag with value “1”)
  • Long-term cookie to recognize new/regular customers: 6 months
  • Opt-out cookie in case of opposition to tracking, minimum lifetime: 60 months

The script then downloads a Tracking Pixel from a Mapp Intelligence server to the website. Each download of the Tracking Pixel involves a request of the client’s browser and contains the following data elements which are stored by us for 12 months:

  • IP address – will be immediately anonymized and deleted
  • Cookie Identifiers
  • Request (e.g. file name of the requested file)
  • Browser type/version (e.g. Firefox 61.0)
  • Browser language (e.g. German)
  • Operating system used (e.g. Windows 10)
  • Internal resolution of the browser window Screen resolution
  • Referrer URL (the previously visited page)
  • Time of access

You can stop the tracking at any time by using this opt-out link:

 

Gainsight
Gainsight is a tool provided by Gainsight Inc, 655 Montgomery St, San Francisco, CA 94111, United States, which allows us to quantitatively analyze how you use our products and certain features (e.g. click path analysis, error tracking), and to allow you to provide valuable qualitative feedback which helps us to build the products you want. The data collected will be linked to your account, i.e. your name and your email address as provided in the course of your account registration.

GainSight is hosted in the USA. A Data Processing Agreement in line with Art. 28 of the GDPR including the EU Standard Contractual Clauses is executed between Mapp and the service provider.

You can stop the tracking at any time by using this opt-out link:

 

 

5. Applying for a job at Mapp

Embedded into this Site, you’ll find our online application tool provided by our service provider Prescreen International GmbH, Mariahilfer Straße 17, 1060 Vienna, Austria (hereafter “Prescreen”), which allows you to see open positions and to apply for a job at Mapp. Prescreen processes the Applicant Data on behalf of Mapp based on a Data Processing Agreement and does not use the Data for its own purposes. In connection with the operation of this Site, the processing of certain Data by Prescreen is required. For details, please visit: https://prescreen.io/en/privacy-policy/

We process the Personal Information you have sent us in connection with your application in order to assess your suitability for the position (or any other open positions in our company) and to complete the application process. Once you received and accepted an offer from Mapp, a background verification process will be initiated, which is necessary due to market requirements.

In the course of your online application, the following information might be collected and processed:

  • First name, last name, home address, e-mail, date of birth, gender, telephone number, citizenship
  • Additional questions depending on the respective job offer (e.g. driving license)
  • Professional experience and training
  • Skills (e.g. Photoshop, MS Office)
  • Qualifications, awards, and language abilities
  • Application photo
  • Cover letter

The processing of your Personal Information in this application procedure is necessary for the establishment of an employment relationship, i.e. we can only hire you when you provide the Personal Information we need. Processing of Applicant Data is therefore “Performance of a Contract” as per Art. 6.1(b) of the GDPR. Should the Data be necessary for legal prosecution after completion of the application procedure, further processing will be based on our “Legitimate Interest” in the assertion or defense of claims as per Art. 6.1(f) of the GDPR.

In the event of rejection, your Applicant Data will be deleted 6 months after the assignment of the respective position unless you agreed on further storage in our applicant data pool and consideration for open positions in the future. In this case, your Data will be retained for up to 12 months based on your “Consent” per Art. 6.1(a) of the GDPR. This “Consent” can be revoked at any time.

If you have been awarded a position as part of the application process, the data will be transferred from the applicant data system to our personnel information system, and a background verification process will be initiated, which is necessary for the “Performance of a Contract” as per Art. 6.1(b) of the GDPR. Goals of the background verification check are to verify your identity and criminal record clearance, and to confirm claimed qualifications and employments within the last 5 years – as far as this is relevant for your role. Candidates for financial roles may also be subject to a credit review.

Your Applicant Data will be viewed by the Human Resources department after receipt of your application. Suitable applications will then be forwarded internally to the department managers responsible for the respective open position. The rest of the process is then coordinated. Within Mapp, only those persons have access to your Personal Information who need it for the proper course of our application procedure. Furthermore, we use specialized service providers for the application process which may involve the processing of your Personal Information outside of the EU or European Economic Area (“EEA”) where proper safeguards are in place.

 

6. MARKETING EVENTS

Mapp regularly runs or sponsors Marketing Events, where we might collect, use and store the following kinds of Data about you:

Data Categories Type of Data Source of the Data
Registration data First name, last name, job title, employer name, work address, work email, and work phone number We collect this data directly from you through your registration for a Mapp marketing event
Business card data First name, last name, job title, employer name, work address, work email, and work phone number We collect this data directly from you when you intentionally give us your business card.
Feedback information First name, last name, job title, employer name, work email, work phone number, your personal satisfaction from the event and your preferences for future Mapp events We collect this data directly from you when you fill in a feedback from at a Mapp event.
Photographs and video recordings Your image alone or with other people in the context of the Mapp marketing event, taken during the official part as well as the networking/informal part of the event. We either take photographs and make videos ourselves or engage a third party – professional service provider who will process the data under our instructions and only for our purposes.

 

Mapp will process your Registration Data to administer your participation at Mapp events, for security purposes, and, upon your request – to issue an invoice, based on the Legal Ground “Performance of a Contract” in accordance with Art. 6.1(b) of the GDPR.

We will use your business card data to reach out to you and establish a professional contact with a view to cooperate in the future and will send to your email address a proposal to join our data base and receive marketing communication from us (also see section “Contacting Mapp”). You are free to accept or decline this proposal. Once subscribed you can always unsubscribe from the emails you receive from us at any time by clicking the unsubscribe link located at the bottom of the email (also see section “Email Marketing”).

We will process your data in relation to the feedback that you have provided to us for the purposes of measuring your satisfaction and improving the quality of Mapp events. If, in the feedback form, you have specifically requested Mapp to contact, we will use your data to reach out to you to discuss our services and how Mapp can support your organization (also see section “Contacting Mapp”).

We will publish the photographs and video recordings from Mapp marketing events (on which you might appear on the front line or in the background) on the Mapp Website, Social Media or on other electronic or paper media based on our “Legitimate Interest” to promote our services and strengthen our market presence in accordance with Art. 6.1(f) of the GDPR. We will inform you already at the invitation for the event, with the registration form as well as by placing explicit signs at the event location that photographs and videos, with intention to making them public, will be taken. If you would not want to be photographed or video recorded at the Mapp event, or if you do not want us to publish any picture or other visual media on which you may appear, please let us know (at the event registration or by sending an email to us) before the event, and we will conform.

If you are a speaker on the stage at a Mapp marketing event, we will publish the pictures and videos on which you appear after obtaining your consent to do that. You can withdraw this consent at any time by sending an email to us.

Data processed in this context will be deleted when no longer necessary to achieve the original purpose and defined retention periods expired.

 

7. RECIPIENTS OF YOUR PERSONAL INFORMATION

Where appropriate, we may share your Personal Information with various recipients, including the following categories:

  • Our third-party service providers who process Personal Information on our behalf for IT and system administration and hosting, billing, research and analysis, marketing, customer support and other purposes (e.g. data centers, SaaS applications) in line with Art. 28 GDPR.
  • Tools and service providers used by this website for marketing purposes as described in this notice.
  • Affiliates within our group of companies that process Personal Information for, amongst others, customer service, marketing purposes, technical operations and account management.
  • Sponsors of events, webinars and contests for which you have registered.
  • Public and regulatory authorities, where we are required to disclose Personal Data in order to comply with our legal obligations.

 

8. PROTECTING YOUR PERSONAL INFORMATION

Mapp applies effective security safeguards to protect your Personal Information and therefore complies with and is partly certified against ISO 27001.

ISO 27001 is the international standard for information security management and defines the requirements for the introduction, operation, monitoring, and continual improvement of an effective information security management system (ISMS). It systematically ensures that an organization implements and maintains commercially reasonable and industry standard technical and organizational safeguards to preserve the security of (Personal) Information.

Furthermore, your Personal Data will be deleted as soon as it is no longer required for the purpose of its collection.

Though we do everything we can to prevent a security breach from happening, there are no guarantees. In the case we learn of a security breach, we may attempt to notify you electronically so that you can take appropriate protective steps, by posting a notice on the Site if a security and/or sending an email to you at the email address you have previously provided to us. Depending on where you live, you may have a legal right to receive notice of a security breach in writing. To receive a free written notice of a security breach, or to withdraw your consent from receiving electronic notice, you should notify us.

 

9. INTERNATIONAL DATA TRANSFER

Since Mapp is a global company, when you use our website or contact us, your data may be processed worldwide, for example on servers in the United States. We apply highest EU data protection standards in compliance with the GDPR and will also make sure that your Data is properly protected. Mapp utilizes EU Standard Contractual Clauses (internally and externally), Binding Corporate Rules and express consents (Data Transfer Agreements) in relation to Personal Information originating the European Union or the United States.

 

10. YOUR RIGHTS AND HANDLING OF COMPLAINTS

10.1 EU Citizens
If Personal Information about you is processed, you are the Data Subject in the sense of the GDPR. Therefore, you are entitled to the following rights against us as Controller: Right to information, right to rectification, right to limitation of processing, right to deletion, right to data transferability, right of appeal, right to revoke the declaration of consent under data protection law. Some data processing procedures are only possible with your express consent. You can withdraw your consent under data protection law at any time, but this does not affect the legality of the consent until revocation.

Additionally, you have the right to object data processing. To the extent that your personal data is processed to protect the predominant “Legitimate Interests” of the Controller per Art. 6.1(f) of the GDPR as laid out in this privacy notice, you may object to such processing with effect for the future. For this purpose, please contact the Controller. As a rule, the right to object is only available to you for reasons arising from your particular situation (Art. 21.1 GDPR). Once you have exercised your right to object, your personal data will no longer be processed for these purposes unless the Controller is able to demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or if such processing serves to lodge, action or defend a legal claim.

If the processing is carried out for the purposes of direct marketing, you may exercise the right to object to this at any time (Art. 21.2 GDPR), and your Personal Information will then no longer be processed for direct marketing purposes.

In compliance with the EU-U.S. Privacy Shield Principles, Mapp commits to resolve complaints about your privacy and our collection or use of your Personal Information. European Union individuals with inquiries or complaints regarding this Privacy Notice should first contact our Data Protection Officer, preferably via the following email address: privacy@mapp.com.

Please note that in the event of such a request, we are required to collect additional personal information that will enable us (a) to verify your identity before providing you with information and (b) to retain evidence of your request and how we have responded to it.

Please note that, in addition, you also have the right to lodge a complaint with the supervisory authority in the relevant EU Member State. Mapp commits to cooperate with the EU supervisory authorities and comply with the advice given by such authorities.

10.2 Non-EU Citizens
Mapp commits to resolve complaints about your privacy and our collection or use of your personal information. Non-EU citizens with inquiries or complaints regarding this Privacy Notice should first contact our Data Protection Officer, preferably via the following email address: privacy@mapp.com

 

11. AUTOMATED DECISION MAKING

We do not carry out automated decision-making using profiling methods.

 

12. CALIFORNIAN CONSUMER DATA PROTECTION ACT (CCPA)

Mapp is a Business-to-Business (“B2B”) business and therefore does not interact with Consumers directly. We also do not sell any Consumer Data. If you want to notify us about a potential violation, please contact us via one of the means provided below.

 

13. CONTACT OF THE CONTROLLER AND ITS EU REPRESENTATIVE

We are the Controller of Personal Information related to our Services within the meaning of the EU GDPR and other data protection regulations. Comprehensive information about our company can be found in the imprint.

Controller:

Mapp Digital US, LLC
3655 Nobel Drive
Suite 500
San Diego, CA 92122, United States of America

EU representative:

Mapp Digital Germany GmbH
Dachauer Str. 63, Nymphenburger Höfe NY II
80335 Munich, Germany

 

14. DATA PROTECTION OFFICER

Our data protection officer can be reached by post to the Controller or its EU representative (Attn: Privacy) or via email to privacy@mapp.com

 

15. CHANGES TO THIS NOTICE

We reserve the right to modify this Privacy Notice at any time. If we decide to change our Privacy Notice, we will prominently post those changes here and any other place we deem appropriate, so you are always aware of what Information we collect, how we use it, and under what circumstances, if any, we disclose it. If we make any material changes, we will notify you either by way of an email or by a notice on this Site. We will use information in accordance with the Privacy Notice as it was in effect at the time Information was collected.