Privacy Policy

Effective date: Feb 15, 2019

INTRODUCTION

This website (the “Site”) is operated, hosted and owned by Mapp Digital US, LLC and its affiliates (collectively “Mapp,” “we,” or “us”). The Site, together with any other mobile or web applications, products, or services offered to our clients (“Clients”) may be referred to herein collectively as the “Services.”

We are committed to meeting the digital marketing needs of our Clients, and to helping our Clients better engage with their customers on a personal level. We are also committed to the privacy of those customers, as well as visitors to the Site, and any other end users (collectively, “you” or “user”) who interact with our Services, in line with the European Union (EU) General Data Protection Regulation (GDPR) and other applicable data protection laws. We therefore adhere to the following data protection principles:

  • Purpose legitimacy and specification
  • Openness, transparency and notice
  • Consent and choice
  • Collection limitation
  • Data minimization
  • Use, retention and disclosure limitation
  • Accuracy and quality
  • Availability
  • Confidentiality and integrity
  • Individual participation and access

 

We provide this Privacy Policy to inform you of our policies and procedures regarding the collection, storage, use and disclosure of your Personal Information (or “Information”, “Data”) such as your name, phone number, email address, or mailing address. Please note that your use of the Services may also be subject to Mapp’s Acceptable Use Policy, available here: https://mapp.com/acceptable-use-policy/

PROVISIONING OF THE WEBSITE

Each time this Site and other web-based Services are accessed, our web servers automatically collect Information from the user’s system. This includes Information about the browser type and the version used, the operating system of the user’s terminal device, the Internet Service Provider of the user, the IP address of the user, date and time of access, and the previous website from which the user accesses our Site. Functional cookies may be placed on your computer or device to allow our Sites to remember you during your visit.

Processing this Information is necessary for Mapp to be able to provide an Internet presence and to ensure its security, and is therefore based on our “Legitimate Interest” to be “visible” to the market in accordance with Art. 6.1(f) of the GDPR.

The above-mentioned Information will be deleted as soon as it is no longer required for the purpose of its collection. When storing data in the log file for security purposes, this is generally the case after no more than 7 days. Functional cookies will be deleted once your session ended.

CONTACTING MAPP

If you contact us via contact form, support ticket or e-mail, the Data you provide will be used to process your request. Your Contact Data may be transferred to our CRM system. The Data you provide is necessary for processing and answering your enquiry – we cannot answer your enquiry without providing it, or we can only answer it to a limited extent.

Mapp has the “Legitimate Interest” as per Art. 6.1(f) of the GDPR to provide ways to be contacted and to process the Data transmitted in the course of sending a request. If the purpose of the request is to conclude a service contract or process a technical support request, the additional legal basis of the processing is “Performance of a Contract” in accordance with Art. 6.1(b) of the GDPR.

When you contact us via the website form, request a demo, register for a webinar, contests or promotions, want to download content or register for and attend events, we will ask for your “opt-in” to be contacted by Mapp. Some offerings such as whitepapers or promotions are funded based on marketing use cases, i.e. you get something for “free” in exchange for the Personal Information needed by us to follow-up with you as a potential future Client. The processing of this Information is based on your “Consent” in accordance with Art. 6.1(a) of the GDPR.

Data processed in this context will be deleted when no longer necessary to achieve the original purpose and defined retention periods expired.

You have the possibility to object to the data processing or withdraw your consent at any time. The objection must be sent to our Data Protection Officer, preferably via the following email address: privacy@mapp.com. In this case, all Personal Information stored in the course of establishing contact will be deleted unless there are any storage obligations to the contrary.

EMAIL MARKETING

We use our newsletter to keep you up to date on all the latest news connected with our business- but only if you opted in to receive such newsletters. You will have to provide us with a valid email address and basic Personal Information for personalization purposes, including at least your first name, last name, and title. When you register for our newsletters, we will also store your IP address with a time stamp to be able to prove your registration in accordance with the Double Opt-In procedure. We also use so-called pixel tracking to collect certain events when marketing emails are sent (e.g. emails received; emails opened; clicks on links) to create aggregated statistics and reports on the effectiveness of our email marketing campaigns.

Legal basis of the processing of your Information for email marketing is your “Consent” in accordance with Art. 6.1(a) of the GDPR. We do not send you newsletters unless you have affirmatively opted in to receive newsletters.

If you are an existing Client, based on our “Legitimate Interest” per Art. 6.1(f) of the GDPR to advertise our products and to maintain a good relationship with you, you may receive marketing emails from us informing you about offerings related to Services you already purchased.

You can unsubscribe from our marketing emails at any time using the link within the newsletter, or object to the data processing. The objection must be sent to our Data Protection Officer, preferably via the following email address: privacy@mapp.com.

Marketing and email contacts, including newsletter recipients, are deleted when such users become inactive, click an “unsubscribe” button, or otherwise opt out of communications unless there are any storage obligations to the contrary.

GOOGLE ANALYTICS

We use the tool Google Analytics on our Site to create analyses of the use of our web pages in order to optimize our Site. This is a service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, (“Google”). Google is certified under the EU-US Privacy Shield, which guarantees that the EU’s data protection requirements will also be met when Google processes data in the US. In Google Analytics, interactions between users of our website are primarily recorded and systematically evaluated using cookies. When details of our website are accessed, the following Information is stored: Anonymized IP address, the website accessed, the website from which the user accessed the accessed website, the subpages that are called from the page that is called, the time spent on the website, and the frequency of calling the site.  We base the use of Google Analytics on our “Legitimate Interest” as per Art. 6.1(f) of the GDPR to better understand how people interact with our website.

The Data stored through tracking will be deleted as soon as they are no longer needed for our purposes, in this case, after 14 months.

You can generally prevent Google from processing your Data on websites by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout

ADVERITISING COOKIES

Mapp uses the Google Tag Manager (which does not have access to your Personal Information) to implement our own Mapp Acquire Cookie on our Site. This cookie allows us to understand your web-browsing behavior and show you online ads that are better tailored to your needs. Mapp Acquire may collect the following types of information: IP address of the user, timestamp, unique identifier assigned to a device, information about the browser type and the version used, the operating system of the user’s terminal device, the previous website from which the user accesses our website, geographic location, and actions performed within a web page.

The processing of this Information is based on your “Consent” in accordance with Art. 6.1(a) of the GDPR given when you first visited the Site.

Processing can be contradicted at any time with effect for the future by clicking the following link: http://go.flx1.com/opt-out

In this case, a persistent opt-out cookie (name: “opt-out”) will be set in your browser, preventing your Information from being collected by Mapp Acquire in the future when you visit our Site with this browser. If you use a different browser, this service is generally enabled unless the opt-out cookie is also set in that browser. Please note that the respective service will be reactivated if you delete the corresponding opt-out cookie from your browser.

If you do not agree with this processing, you have the possibility to prevent the installation of cookies by the appropriate settings in your Internet browser.

The above-mentioned Data will be deleted as soon as they are no longer required for the purpose of their collection which is generally after 1 year.

 

 

GOOGLE MAPS

We use Google Maps on our Site to display the locations of our offices and to create route descriptions. This is a service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, (“Google”). Google is certified under the EU-US Privacy Shield, which guarantees that the EU’s data protection requirements will also be met when Google processes data in the US.

If you call the Google Maps component integrated in our Site, Google will save a cookie on your device via your Internet browser. Your user settings and data are processed in order to display our location and create a route description. We cannot exclude the possibility that Google may use servers in the USA.

Legal basis for this processing is our “Legitimate Interest” as per Art. 6.1(f) of the GDPR to optimize our Site.

You can find out which data is collected by Google and what this data is used for at https://policies.google.com/privacy

If you do not agree with this processing, you have the possibility to prevent the installation of cookies by the appropriate settings in your Internet browser.

 

 

GOOGLE FONTS

Our Site uses Google Fonts to present fonts. This is a service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, (“Google”). Google is certified under the EU-US Privacy Shield, which guarantees that the EU’s data protection requirements will also be met when Google processes data in the US. Google Fonts is used without authentication and no cookies are sent to the Google Fonts API. If you have an account with Google, none of your Google Account information will be transmitted to Google while using Google Fonts. Google only records the use of CSS and the fonts used and stores this information securely.

Legal basis for this processing is our “Legitimate Interest” in accordance with Art. 6.1(f) of the GDPR to optimize our Site.

You can find out which data is collected by Google and what this data is used for at https://policies.google.com/privacy

 

 

SOCIAL MEDIA PAGES (“FAN PAGES”)

We maintain publicly accessible profiles on the social media platforms Facebook, Twitter, YouTube, Instagram, Xing and LinkedIn (‘social media pages’ or ‘fan pages’).

If you visit one of our social media pages when you are logged in to the respective social media network, the social media provider can analyze your usage behavior and associate the Information collected with your social media account, where it may also be enriched. Even if you are not logged in or if you do not have an account with the respective social media network, the social media provider may collect your Personal Information, such as your IP address or data generated by a cookie. The operators of social media platforms can use this Data to create user profiles. Your user profile can then be used to show you ads related to your interests on social media sites as well as other websites.

If you visit one of our social media pages, we share responsibility with the social media provider for the collection and processing of your Personal Information that takes place on that platform. With regard to information about the collection and processing of your Data on such platforms, we refer you to the privacy policies published by the respective social media networks. We do not have any additional information available. The privacy policies of the various social media networks can be found on the following pages:

 

We can provide you with information about the appropriate guarantees for Data transfers to third countries in accordance with Art. 46 of the GDPR at any time on request.

You are able to assert your rights under Chapter 3 of the GDPR (right to information, rectification, erasure, restriction of processing, data portability, etc.) both against us and against the relevant social media provider. In this context and with regard to our social media pages, we would like to point out that we can only control the processing of Personal Information and the implementation of Data Subjects’ rights within the scope of the options presented to us by the respective provider.

The legal basis for our use of social media pages is our “Legitimate Interest” according to Art. 6.1(f) of the GDPR to run marketing of our events and Services on the Internet.

 

 

REGISTERED CLOUD SERVICE USERS

Mapp is a marketing technology provider and offers Cloud Services to its Clients which are the controllers of their own marketing contacts’ Personal Information. Mapp is therefore the Processor of this Personal Information; the processing is governed by a Data Processing Agreement between Mapp and its Client and not within the scope of this Privacy Policy. Mapp however remains Controller of those Personal Information related to the registration, login and usage of our Cloud Services by system users.

During the registration process basic user profile data is collected including the user’s name, business email address (used as user identifier), password (stored in hashed format), and permissions. During login you’ll be required to provide your business email address and your password. While you’re using the system, we create logs of your actions including what you accessed, from which IP address and at which time. To better understand how you use our products and to continuously improve our product offerings, we may use additional analytic tools. Additional Data may be shared when you use technical integrations of Mapp Cloud with other solutions. When you are a registered user of one of our Cloud Services, we may automatically register you in our support system, which simplifies the process for you to contact our technical support team. Furthermore, we use relevant Information for billing purposes. Without a registered user account, you cannot use our Cloud Services.

The legal basis for the processing is the “Performance of a Contract” (Art. 6.1(b) of the GDPR). The processing of any Personal Information serves the provision, maintenance and improvement of our software services, as well as the security.

The above-mentioned Data will be deleted after they are no longer necessary to achieve the purpose for which they were collected, generally upon the expiration of the underlying service contract, considering retention periods under tax and commercial law.

APPLYING FOR A JOB AT MAPP

Embedded into this Site, you’ll find our online application tool which allows you to apply for a job at Mapp.

We process the Personal Information you have sent us in connection with your application in order to assess your suitability for the position (or any other open positions in our company) and to complete the application process. Once you received and accepted an offer from Mapp, a background verification process will be initiated, which is necessary due to market requirements. Goals of the background verification check are to verify your identity and criminal record clearance, and to confirm claimed qualifications and employments within the last 5 years (as far as relevant). Candidates for financial roles may also be subject to a credit review.

The processing of your Personal Information in this application procedure is necessary for the establishment of an employment relationship, i.e. we can only hire you when you provide the Personal Information we need. Legal basis for the processing of Applicant Data is therefore “Performance of a Contract” as per Art. 6.1(b) of the GDPR. Should the Data be necessary for legal prosecution after completion of the application procedure, further processing will be based on our “Legitimate Interest” in the assertion or defense of claims as per Art. 6.1(f) of the GDPR.

In the event of rejection, your Applicant Data will be deleted 6 months after the assignment of the respective position unless you agreed on further storage in our applicant data pool and consideration for open positions in the future. These Data will be checked annually to see whether there is a need for further storage; otherwise the Data will be deleted. If you have been awarded a position as part of the application process, the data will be transferred from the applicant data system to our personnel information system.

Your Applicant Data will be viewed by the personnel department after receipt of your application. Suitable applications will then be forwarded internally to the department managers responsible for the respective open position. The rest of the process is then coordinated. Within Mapp, only those persons have access to your Personal Information who need it for the proper course of our application procedure. Furthermore, we use specialized service providers for the application process which may involve the processing of your Personal Information outside of the European Economic Area (“EEA”).

RECIPIENTS OF YOUR PERSONAL INFORMATION

Where appropriate, we may share your Personal Information with various recipients, including the following categories:

  • Our third-party service providers who process Personal Information on our behalf for IT and system administration and hosting, billing, research and analysis, marketing, customer support and other purposes (e.g. data centers, SaaS applications)
  • Affiliates within our group of companies that process Personal Information for, amongst others, customer service, marketing purposes, technical operations and account management
  • Sponsors of events, webinars and contests for which you have registered
  • Public and regulatory authorities, where we are required to disclose Personal Data in order to comply with our legal obligations

 

 

 

PROTECTING YOUR PERSONAL INFORMATION

Mapp applies effective security safeguards to protect your Personal Information and therefore complies with and is partly certified against ISO 27001.

ISO 27001 is the international standard for information security management and defines the requirements for the introduction, operation, monitoring, and continual improvement of an effective information security management system (ISMS). It systematically ensures that an organization implements and maintains commercially reasonable and industry standard technical and organizational safeguards to preserve the security of (Personal) Information.

Though we do everything we can to prevent a security breach from happening, there are no guarantees. In the case we learn of a security breach, we may attempt to notify you electronically so that you can take appropriate protective steps, by posting a notice on the Site if a security and/or sending an email to you at the email address you have previously provided to us. Depending on where you live, you may have a legal right to receive notice of a security breach in writing. To receive a free written notice of a security breach, or to withdraw your consent from receiving electronic notice, you should notify us.

 

 

INTERNATIONAL DATA TRANSFER AND PRIVACY SHIELD

Mapp is registered under the EU-U.S. Privacy Shield Framework (“Privacy Shield”), and accordingly is committed to the EU-U.S. Privacy Shield Principles. For a list of all companies participating in Privacy Shield, see here: www.privacyshield.gov/list. Mapp is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

Mapp shall remain liable under the EU-U.S. Privacy Shield Principle of Accountability for Onward Transfer if its sub-processors process your Personal Information in a manner inconsistent with the Privacy Shield Principles, unless we prove we are not responsible for the event giving rise to the damage.

If you are visiting this website from a country other than the country in which our servers are located, your communications with us will result in the transfer of information across international boundaries. By visiting this website and communicating electronically with us, you consent to such cross-border transfers. In the case of data transfers from the European Economic Area (“EEA”) the EU-U.S. Privacy Shield Framework applies.

Your Information may be transferred to and maintained on servers located outside of your country where the privacy/data protection laws may not provide the same protection level as those in your jurisdiction. If you are located outside the United States and choose to provide Information to us, we might transfer Personal Information to the United States and process it there. To ensure the safety of this transfer and the compliance with the applicable European data law, we utilize Standard Contractual Clauses, the EU-U.S. Privacy Shield (if applicable) and express consents (Data Transfer Agreements) in relation to Personal Information originating the European Union or the United States.

Details about the Standard Contractual Clauses issued by the European Commission are available here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en

YOUR RIGHTS AND HANDLING OF COMPLAINTS

EU Citizens

If Personal Information about you is processed, you are the Data Subject in the sense of the GDPR. Therefore, you are entitled to the following rights against us as Controller: Right to information, right to rectification, right to limitation of processing, right to deletion, right to data transferability, right of appeal, right to revoke the declaration of consent under data protection law. Some data processing procedures are only possible with your express consent. You can withdraw your consent under data protection law at any time, but this does not affect the legality of the consent until revocation.

Additionally, you have the right to object data processing. To the extent that your personal data is processed to protect the predominant “Legitimate Interests” of the Controller per Art. 6.1(f) of the GDPR as laid out in this Privacy Policy, you may object to such processing with effect for the future. For this purpose, please contact the Controller. As a rule, the right to object is only available to you for reasons arising from your particular situation (Art. 21.1 GDPR). Once you have exercised your right to object, your personal data will no longer be processed for these purposes unless the Controller is able to demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or if such processing serves to lodge, action or defend a legal claim. If the processing is carried out for the purposes of direct marketing, you may exercise the right to object to this at any time (Art. 21.2 GDPR), and your Personal Information will then no longer be processed for direct marketing purposes.

In compliance with the EU-U.S. Privacy Shield Principles, Mapp commits to resolve complaints about your privacy and our collection or use of your Personal Information. European Union individuals with inquiries or complaints regarding this Privacy Policy should first contact our Data Protection Officer, preferably via the following email address: privacy@mapp.com.

Please note that in the event of such a request, we are required to collect additional personal information that will enable us (a) to verify your identity before providing you with information and (b) to retain evidence of your request and how we have responded to it.

Mapp has further committed to refer unresolved privacy complaints under the EU-U.S. Privacy Shield Principles to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit JAMS’s Privacy Shield websitefor more information and to file a complaint. These dispute resolution services are provided at no cost to you.

If your complaint is not resolved after following the recourse mechanisms described above, you may have the ability to invoke binding arbitration. Additional information is available here: https://www.privacyshield.gov/article?id=ANNEX-I-introduction

Please note that, in addition, you also have the right to lodge a complaint with the supervisory authority in the relevant EU Member State. Mapp commits to cooperate with the EU supervisory authorities and comply with the advice given by such authorities. For instance, you can contact:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 27
91522 Ansbach

Non-EU Citizens

Mapp commits to resolve complaints about your privacy and our collection or use of your personal information. Non-EU citizens with inquiries or complaints regarding this Privacy Policy should first contact our Data Protection Officer, preferably via the following email address: privacy@mapp.com.

 

AUTOMATED DECISION MAKING

We do not carry out automated decision-making using profiling methods.

 

DISPUTE RESOLUTION

All disputes arising under this Privacy Policy shall be governed by and interpreted in accordance with the laws of California, without regard to principles of conflict of laws. Except as otherwise provided in the Privacy Shield section above, the parties to this Privacy Policy will submit all disputes arising under this agreement to arbitration in San Diego, California, before a single arbitrator of JAMS. The arbitrator shall be selected by application of the rules of JAMS, or by mutual agreement of the parties, except that such arbitrator shall be an attorney admitted to practice law California. No party to this Privacy Policy will challenge the jurisdiction or venue provisions as provided in this section. Nothing contained herein shall prevent the party from obtaining an injunction.

CLASS ACTION WAIVER

Any arbitration or court trial, whether before a judge or jury or pursuant to judicial reference, related to any claim under this Privacy Policy will take place on an individual basis, without resort to any form of class or representative action (“Class Action Waiver”). THIS CLASS ACTION WAIVER PRECLUDES ANY PARTY FROM PARTICIPATING IN OR BEING REPRESENTED IN ANY CLASS OR REPRESENTATIVE ACTION REGARDING A CLAIM UNDER THIS POLICY. Regardless of anything else herein, the validity and effect of the Class Action Waiver may be determined only by a court and not by an arbitrator.

 

 

CONTACT OF THE CONTROLLER AND ITS EU REPRESENTATIVE

We are the Controller of Personal Information related to our Services within the meaning of the General Data Protection Regulation (GDPR) and other data protection regulations. Comprehensive information about our company can be found in the imprint.

Controller:

Mapp Digital US, LLC
3655 Nobel Drive
Suite 500
San Diego, CA 92122, United States of America

European Union (EU) representative:

Mapp Digital Germany GmbH
Dachauer Str. 63, Nymphenburger Hoefe NY II
80335 Munich, Germany

DATA PROTECTION OFFICER

Our data protection officer can be reached by post to the Controller or its EU representative (Attn: Privacy) or via email to privacy@mapp.com

 

 

CHANGES TO THIS POLICY

We reserve the right to modify this Privacy Policy at any time. If we decide to change our Privacy Policy, we will prominently post those changes here and any other place we deem appropriate, so you are always aware of what Information we collect, how we use it, and under what circumstances, if any, we disclose it. If we make any material changes, we will notify you either by way of an email or by a notice on this Site. We will use information in accordance with the Privacy Policy as it was in effect at the time Information was collected.