WEBSITE PRIVACY STATEMENT
Welcome to Mimecast! Mimecast is a global company, with offices in Europe, North America, Australia and South Africa. We serve companies that have offices in those jurisdictions and across the world. Our website (the “Site”), located at www.mimecast.com, provides information about our service and is operated by Mimecast UK Limited. Mimecast UK Limited is established in the United Kingdom with registered office at 6th Floor, Citypoint, One Ropemaker Street, London, United Kingdom, EC2Y 9AW and is the data controller for the purposes of the GDPR.
This Privacy Statement describes how Mimecast uses and protects information collected through the Site and our marketing practices generally. If you do not agree with this Privacy Statement in general or any part of it, you should not access the website.
If you have questions about this Privacy Statement or otherwise, you can reach us using the contact information provided below. We reserve the right to change this Privacy Statement from time to time.
This Privacy Statement was last updated on February 7, 2018.
Technical information collected automatically
When you visit the Site, our systems automatically collect the following information about your visit:
- the type of internet browser you use;
- the language of your browser;
- the website from which you have come to the Site;
- the webpages you view on our site;
- the links you clicked on our site; and
- your IP address (the unique address which identifies your computer on the internet).
We use automatically collected information to assist us in:
- providing, improving, and administering the Site;
- providing customer care and support services;
- providing security and safety to our Site visitors;
- monitoring activity usage of the Site; and
- measuring the effectiveness of the content we serve;
We do not use automatically collected information to learn any information about you personally.
We (or our vendors) may collect your information using cookies, pixel tags, web beacons, embedded web links, and similar technologies.
- Store your preferences and Settings – We may store data in a cookie so you will see relevant local information when you return to the site. We also may save preferences, like language and browser so these do not have to be reset each time you return to the site.
- Detection of abuse or fraud on the Site
- Social Media - Our Site includes certain social media features (such as a “share” or “like” button). Those features are provided by the applicable social media platform (such as Twitter or Facebook). Where information is collected through the social media feature, the use of that information is governed by the privacy statement published by the social media platform that provides the feature
- Internet-Based Advertising - We also use automatically collected information to target advertising for our service on third party sites
You can choose to reject certain collection technologies (such as cookies) but then you might not be able to take advantage of many of our features. You can read more about cookies here. Mimecast does not collect information about your online activities across different web sites, over time. Accordingly, Mimecast does not currently respond to “do not track” browser requests.
Collecting Personal Data
We collect information relating to an identified or identifiable natural person (Personal Data) in a variety of ways including:
- Through web pages on the Site (e.g. when you request a white paper or complete a form for general or partner inquiries);
- Through responses to an online, email or electronic promotion or survey; or
- Over the telephone.
Such personal data includes:
- Your name, job level, email address, postal address or telephone number;
- Your title, company name and address;
- Details of the resources you access on the Site and any data you download;
- Details of other engagements with Mimecast, such as trade show interactions.
Using Personal Data
As it is in our legitimate interests to be responsive to you and to ensure the proper functioning of our products and organization, we will use your personal data in the following ways:
- To assist in responding to your inquiries, including answering your questions on pricing and technical information relating to Mimecast's services;
- To learn more about your requirements (through surveys and the like) in support of development of our service;
- To carry out research on our users' demographics;
- To request your opinion and feedback on areas of the Site or in connection with our services;
- At your request to register you for a trial of our Services; and
- At your request to provide you with a quote for our Services.
If you opt-in, we will send you information we think you will find useful about our services or, at your request, subscribe you to our newsletter and alerts concerning the services we provide.
We may obtain information from third parties to combine with the Personal Information we have gathered as described in this Policy, in order to improve our marketing activities and to ensure the details we hold are relevant and up-to-date. Also, if we provide a means for you to refer a third party to the Site, we will send the third party an email on your behalf with details about the Site. You can unsubscribe to emails by following the unsubscribe instructions on any email communications sent to you, or you can email us at firstname.lastname@example.org or by post at the address provided below. We provide additional information about your controls below.
Information Sharing and Disclosure
- Prospective partners and other third parties to disclose aggregate statistics about visitors to the Site in order to describe our services generally, including on our web site, but these statistics will not include Personal Information.
- Our reseller partners to allow them to provide marketing information on our behalf as described above.
- IT Service providers located in United States, United Kingdom, South Africa, and Australia that provide us with (i) website hosting and maintenance; (ii) sending communications; (iii) updating marketing lists and database management; (iv) analyzing data; and (v) the provision of the Site and the marketing of our services.
- Our service providers will only use your personal data to the extent necessary to perform their functions and will be subject to contractual obligations to maintain the security and confidentiality of all information they process.
- We will disclose your personal data if required to do so to comply with any applicable law or regulation or in response to a legal demand, subpoena, warrant or other similar request. We will also disclose your personal data to any regulatory or law enforcement agency if we believe that such action is necessary to protect the rights, property or personal safety of Mimecast, its customers, the public or any third party.
Transfer of your Personal Data
The information that we collect from you will be transferred to, and stored at/processed in the United States, United Kingdom, South Africa, and Australia. Your personal data is also processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff are engaged in, among other things, the provision of support services, maintain and operating the Site, and providing Security services. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your personal data is treated securely and in accordance with this policy. Each affiliate or supplier receiving your Personal Data is bound by Standard Contractual Clauses thatcomply with thestandard contractual clauses for the transfer of Personal Data to controllers established in third countries set out in the European Commission Decision 2010/87/EU.
Storage of your Personal Data
We will retain your Personal Data as follows:
- Technical Information – We will keep this data for 18 months after visiting our Site.
- Contact Information – We will keep this data for 18 months after our last contact with you.
- Company Information – We will keep this data for 36 months after our last contact with someone from your organization.
- Trade Show Attendance- We will keep this data for 24 months after our last contact with you.
At Mimecast, we are committed to maintaining the security of the information we collect from activity on this website and from other marketing efforts. We have therefore implemented technology and security policies and procedures that are intended to reduce the risk of accidental destruction or loss, or the unauthorized disclosure or access to such information
We have security measures in place to help protect against the loss or misuse of personal data under our control. Our security practices are periodically reviewed and enhanced as necessary and only authorized personnel have access to personal data. While we use all reasonable efforts to prevent the loss or misuse of your personal data, we cannot guarantee the security of any personal data you submit via the Site.
The Site shall, from time to time, contain links to external sites. We are not responsible for the privacy policies or the content of such sites and you should familiarize yourself with such policies upon use of such sites.
Data rights. In certain circumstances, you have the right to access and receive a copy of information we hold about you, to rectify any personal data held about you that is inaccurate and to request the deletion of personal data held about you. You also have the right to data portability for information you provide to us – this means that you can obtain a copy of your data in a commonly used electronic format so that you can manage and move it, or request we send it to a third party. You may have the right to restrict or object to the processing of your personal data by us including for direct marketing. You can exercise your rights by contacting us at email@example.com. NOTE: We may ask you to verify your identity before responding.
Marketing. You have the right to ask us not to process your personal data for marketing purposes. You can exercise your right to prevent such processing at any time by contacting us at firstname.lastname@example.org or by opting out of any of our emails.
Complaints. In the event that you wish to make a complaint about how we process your personal data, please contact us in the first instance at email@example.com we will endeavor to deal with your request as soon as possible. This is without prejudice to your right to launch a claim with a supervisory authority (e.g. the Information Commissioner’s Office in the UK).
General Privacy Inquiries: Please submit any questions, concerns or comments you have about this Privacy Statement or any requests concerning your personal data to our Data Protection Officer by email to firstname.lastname@example.org.
Mimecast North America, Inc.
Attn: Privacy Department
191 Spring Street
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.