This Privacy Notice was last updated on December 1, 2019
Midigator LLC (“Midigator”) complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Economic Area (EEA) and Switzerland to the United States. Midigator has certified to the Department of Commerce that it adheres to the Privacy Shield Principles and is subject to the investigatory and enforcement powers of the Federal Trade Commission (the “FTC”). A list of all organizations participating in the Privacy Shield Program can be found here https://www.privacyshield.gov/list along with all other program requirements available on the following site located here: https://www.privacyshield.gov.
Midigator (“we”, “us” and “our”) respects your privacy and we are committed to protecting the privacy of your personal information through our compliance with this Privacy Notice. This Privacy Notice applies to the personal information we receive from: (i) visitors to our website, www.midigator.com, (“Website”), (ii) our business clients (“Clients”) or entities that use our products and services (“Services”) through our applications, (“Platform”), and (iii) the individuals that provide us with their information relating to our marketing activities.
Information We Obtain
Personal Information that we obtain originating in the United States or that is transferred to us from the EEA and Switzerland fall into three categories:
- Personal Information from our Clients, such as name, email address, telephone number and credit card payment or bank draft information required for payment of requested Services or use of our Platform; and
- Credit card transaction data containing Personal Information, such as name, email address, telephone number, partial credit card payment information, billing address, shipping address and IP address that our Clients submit to us for processing and of which our Clients process on behalf of their end users; and
- Personal Information, such as your name, address, telephone number, email address, mailing address and other (contact) information that you voluntarily give through, for example, an input form on our Website, an input form in our Platform, through surveys, at a live event, through a contractual arrangement you have for co-managed services, or through other means.
We may collect Non-Personal information regarding activities on our Website to improve our Services and advertising through the use of commonly used information-gathering tools, such as cookies. This information is aggregated and used to help us provide more useful information to our customers and to understand which parts of our Website and Services are of most interest. Aggregated data is considered “Non-personal information” for the purposes of this Privacy Notice.
Purpose of Information Collection and Use
The information we obtain, including Personal Information, allows us to:
- Perform the requirements of a service agreement with you for information, resources, products or services that you’ve requested from us;
- Send customer service-related communications or request your feedback;
- Send service-related information, including confirmations, invoices, technical notices, software updates, security alerts, and administrative messages;
- Communicate with you about product announcements and upcoming events offered by us and our selected partners;
- To operate and improve the business, Website, and Platform including to administer, protect, and improve Services and systems;
- To compile aggregated statistics about usage of our Services, and help personalize your experience of the Website and Services;
- For internal purposes such as auditing, data analysis, and research;
- and to conduct a prospective or actual sale, investment opportunity, merger, transfer or other reorganization of all or parts of the business.
If we intend to use your Personal Information for a purpose that is materially different from the purposes stated above or if we intend to disclose it to a third party not previously identified, we will obtain consent of such uses and/or disclosures in advance.
When we act as a Data Processor on behalf of our Clients, we will only process Personal Information for the purposes requested by our Client.
Information We Share
We sometimes contract with other companies and individuals to perform functions or services on our behalf such as website hosting, data analysis, payment processing, information technology and related infrastructure provision, customer service, email delivery, auditing and other services. They may have access to Personal Information needed to perform their functions but are restricted from using the Personal Information for purposes other than providing a service to us. We are responsible for ensuring that our agents, service providers and other third parties to whom we disclose your Personal Information process the information in a manner consistent with our obligations under the EU-U.S. and Swiss-U.S. Privacy Shield Principles.
Periodically, we may partner with other companies to jointly offer products or services. If you register for or specifically express interest in a jointly offered product or service from us, we may share data about you with our joint promotion partner(s). We do not control these business partners use of your data, and their use of the information will be in accordance with their own privacy policies. If you do not wish for your information to be shared in this manner, you may opt not to purchase or specifically express interest in a jointly offered product or services.
Except as otherwise described in this Privacy Notice, we will not disclose personal information to any third party unless we are required to do so in response to lawful requests, including national security requirements or if we believe that such action is necessary to conform to the law or comply with the legal process.
Your Legal Rights
Midigator as a Data Controller
This section “Midigator as a Data Controller,” shall apply solely to the extent your Personal Information is collected by us directly and is not submitted by our Clients for processing and of which our Clients process on behalf of their end users.
You have the following rights in relation to personal data that we hold about you:
- To request confirmation of whether we process personal data relating to you, and if so, to request a copy of that personal data;
- To request that we rectify or update your personal data that is inaccurate, incomplete or outdated.
- To request that we erase your personal data in certain circumstances, such as where we collect personal data on the basis of your consent and you withdraw your consent;
- To request that we restrict the use of your personal data in certain circumstances, such as while we consider another request that you have submitted, for example, a request that we update your personal data;
- Where you have given us consent to process your personal data, to withdraw your consent; and
- To request that we provide a copy of your personal data to you in a structured, commonly used and machine-readable format in certain circumstances.
You may contact us by e-mail at firstname.lastname@example.org to exercise your rights described above.
Midigator as a Data Processor
In circumstances where we are the Data Processor, Personal Information is under the control of our Clients; appropriate notice and choice to an individual is provided by the Client, as they are the Data Controller. As the Data Processor, we do not typically have a direct relationship with our Client’s end users. We will assist the Data Controller (our “Client”) in responding to individuals exercising their rights under the Privacy Shield Principles.
How We Protect Personal Information
We have put in place reasonable and appropriate physical, electronic, and managerial controls in an effort to help safeguard the information we obtain. We will protect all personal information we obtain in accordance with this Privacy Notice and take reasonable steps to ensure that it is treated lawfully. Midigator will make every attempt to ensure that our current or future “affiliates” (which means a parent company, any subsidiaries, joint ventures, or other companies under common control) or service providers honor this Privacy Notice.
In the case of a personal data breach,
Personal Information we obtain may be retained for as long as needed to fulfill legitimate business purposes in accordance with our data retention policies, including the purposes outlined in this Privacy Notice, or for a period of time specifically required or allowed by applicable regulations or laws.
The Personal Information we collect in connection with your use of our Website, Platform or related Service, or in connection with a contractual agreement that you have with us will be held on our computers and systems within our offices and data centers in the United States and may be accessed by or given to our staff working outside of the EEA and Switzerland.
Our Services are not directed or intended for use by minors. We do not knowingly accept or process Personal Information of persons under the age of eighteen (18) years old.
Changes to Our Privacy Notice
We reserve the right to modify, add, or remove portions of this Privacy Notice at any time without advance notice, therefore, we encourage you to periodically review this Privacy Notice to be informed of how we are protecting your information. Unless additional notice or consent is required by applicable laws, this will serve as your notification of these changes.
Recourse and Dispute Resolution
In compliance with the Privacy Shield Principles, Midigator commits to resolve complaints about our collection or use of your personal information. All US, EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Midigator. All such communications are examined and replies issued where appropriate as soon as possible.
By Phone at (800) 960-2184
By email at email@example.com
If your complaint regarding our Privacy Shield compliance is not resolved by contacting us, you may contact JAMS, which provides an independent third-party dispute resolution body based in the United States, at our sole cost and expense. Under certain conditions, more fully described on the Privacy Shield website, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
You also have the right to lodge a complaint with the data protection supervisory authority in your country. You can find the contact information of the data protection supervisory authority in your country:
Data Protection Authorities in the Europe Economic Area
Swiss Federal Data Protection and Information Commissioner
‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
‘controller’ means a person or organization which, alone or jointly with others, determines the purposes and means of the processing of personal data;
‘processor’ is the entity that processes data on behalf of the Data Controller;
‘non-personal information’ means data in a form that does not permit direct association with any specific individual;
‘to process’ and ‘processing’ personal data means any operation or set of operations which is performed upon personal data, whether or not by automated means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure or dissemination, and erasure or destruction;
‘personal data breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed;
‘personal Information’ is any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person;
‘third party’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.