Content

Privacy Policy

Last updated on August 12, 2025

INTRODUCTION

Welcome to Mitratech Holdings, Inc., (“Mitratech”, “Our”, “We”, or “Us”)! We understand the impact Our privacy practices may have on You when You share data with Us, and therefore we are committed to protecting Your privacy in all aspects of Our business. This Privacy Policy explains what information We collect from Our end-users, clients, partners and Site visitors (“You”, “Yours”); how We use that information; and the rights You may have with respect to Your Data. This Policy applies to Mitratech and its subsidiaries (a list of all subsidiaries can be found at https://mitratech.com/legal-notice/entity-and-subsidiaries/.

To use certain features of Our Site or access specific services and/or products available through the Site, We may process certain Personal Data. You will be provided with the mechanisms necessary to manage your preferences regarding the processing of Personal Data that is not necessary for the provision of the Services, such mechanisms are described in this Privacy Policy. If you do not agree to the processing of Personal Data essential to the functionalities of the Site or the Services You request, You might not be able to use those specific features or Services.

YOUR ACCEPTANCE OF THIS POLICY AND MODIFICATIONS

WE MAY CHANGE THIS PRIVACY POLICY FROM TIME TO TIME IN OUR SOLE AND REASONABLE DISCRETION. IF WE MAKE MATERIAL CHANGES THAT ALTER YOUR RIGHTS OR IMPACT YOUR PERSONAL OR SENSITIVE DATA WITH US, WE WILL NOTIFY YOU BY REVISING THE DATE AT THE TOP OF THIS WEBPAGE AND PROVIDING YOU WITH WRITTEN NOTICE (SUCH AS ADDING A STATEMENT TO OUR HOMEPAGE AND SENDING YOU AN EMAIL OR NOTIFICATION). ANY AMENDED PRIVACY POLICY SHALL SUPERSEDE ALL PRIOR VERSIONS AND SHALL BE DEEMED ACCEPTED UPON YOUR CONTINUED USE OF THE SITES AND/OR SERVICES, UNLESS AGREED OTHERWISE IN AN ENFORCEABLE AND VALID WRITTEN AGREEMENT BETWEEN US AND YOU.

IMPORTANT PRIVACY PRACTICE NOTES

First and foremost, We do not sell or share Your Data with any third-party that is not required to provide You with the Services and/or Site.

Some of Our subsidiary Services may collect, store, require, transmit, or otherwise process sensitive data, individually identifiable health information or PHI via the Site or Services in connection with use of the Sites and/or Services.

Our Site, Services, and communications may involve interactions with various third parties regarding Your Personal Information. We engage trusted Sub processors to perform specific services on Our behalf. Your data, when processed by these providers acting as Sub processors, is covered by the terms of this Privacy Policy.

Mitratech’s Sites, Services and/or communications may contain, for your convenience, links to websites or other online services or products provided by third parties, when You click on such links and leave our Site, any information you provide directly to those third parties, or that they collect from you, will be governed by their respective privacy policies. We are not responsible for the content, privacy practices, or data security of these independent third-party sites or services, and we encourage you to review their policies before sharing any Personal Information.

Mitratech may use SSO integrations to offer third party solutions and/or products, and such links and integrations do not mean that (a) We endorse such websites, products, and/or services; (b) We represent and/or warrant the quality, usability and/or accuracy of the information presented by the third party provider; nor (c) We represent and/or warrant their privacy practices and data security. You acknowledge and agree that We are not liable or responsible, fully or in part, for the collection and/or use of Your information by third parties and/or third-party websites, offerings, services and/or products, even if such offerings are made through Mitratech’s Sites and/or Services. The privacy and data practices of third parties are governed by their respective privacy policies.

Mitratech, as a standard practice, does not knowingly or specifically collect, use or require any Data about minors under the age of 18. Mitratech Sites are not intended for minors under the age of 18, and the Services should not be used by individuals under the age of 18. Consistent with the COPPA requirements, if You believe We have mistakenly or unintentionally collected such information without first receiving a parent or legal guardian’s verified consent, please notify Us so that We may delete the information from Our servers. We will use any collected information solely to inform the child that use of the Site and Services is prohibited, and any collected Data will be immediately deleted.

LASTLY, MITRATECH DOES NOT PROVIDE PROFESSIONAL LEGAL, TAX OR ACCOUNTING ADVICE AND/OR SERVICES. YOU SHOULD SEEK INDEPENDENT PROFESSIONAL ADVICE IN THESE AREAS IF NEEDED.

  1. DEFINITIONS
    The following terms are frequently used in this Policy and are defined here for Your reference.“Affiliate” includes any entity owned, whether wholly or partially, by Mitratech Holdings, Inc.“Business Information” ​includes ​Your job title or department; Your employer’s name, phone number, postal address, payment information, type of company, company industry, and company size.“COPPA” means the Children’s Online Privacy Protection Act.“Data” means, collectively, the following information: Order Information, Payment Information, Personal Information, Usage Data, Business Information, User Information, Sensitive Data, and User Content.“Data Controller” is the entity or natural person that determines the purpose(s) for which and the means by which personal data is processed. In this instance, Mitratech may be the Data Controller.“Data Processor” means an entity or natural person, public authority, agency or other body which processes personal data on behalf of a controller. In some instances, Mitratech may be the Data Processor.“Data Subject” means a natural person whose personal data is processed by Us.“Consent” is any freely given, specific, informed, and unambiguous indication of the data subject’s wishes, by a statement or by a clear affirmative action, written or verbal, that signifies agreement to the processing of personal data relating to the You.“Cookies” means small text files that can be read by a web server in the domain that put the cookie on your hard drive.“Client” means, a customer that is authorized by Us to access and use the Services or a portion thereof or a customer directly contracted with Us for Mitratech Services.“EEA” means the European Economic Area.“FDPA” means the Swiss Federal Data Protection Act.“Mitratech” means, Mitratech Holdings, Inc., and its Affiliates, “Mitratech” or “We”, or “Us”.“GDPR” means the UK/EEA General Data Protection Regulation.“Order Information” may include company names, contact name and information, products/services purchased, shipping address, telephone number, email address, billing address.“Partner” means an entity purchasing subscriptions to the Services and authorized by Us to provide access to and use of the Services or a portion thereof to a Client, or on behalf of a Partner’s Client.“Payment Information” means information required to process any orders for the Services, such as Your name, credit card information, billing information, address, expiration dates and processing codes.“Personal Information” means information associated with or used to identify You, such as: (a) Your first and last name, email address, postal address, phone number, and some Usage Data under applicable law.“PIPEDA” means the Personal Information Protection and Electronic Documents Act.“PHI” means protected health information as defined under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Privacy Rule.

    “Policy” means this Privacy Policy as updated and amended from time-to-time.

    “Sensitive Data” any information relating to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person, or information that reveals race, ethnic origin, sexual orientation, political opinions, religious or philosophical beliefs, or trade union membership, or that concerns an individual’s health.

    “Services” means the Mitratech services, solutions, applications, and products.

    “Sites” means Mitratech’s website located at www.mitratech.com and its subpages and Affiliate subdomains.

    “Third-Party Service Provider” means a third-party performing work for Us or a portion of the Services on Our behalf.

    “Usage Data” means information about Your activity on the Site or Services that, by itself, does not identify You, such as: (a) browser type, operating system, webpages visited, access times, links clicked, and the page visited before navigating to Our Site or Services; (b) technical information about the computer or mobile device You use to access Our Site or Services, including hardware model, operating system and version, unique device identifiers, location data, IP address, domain name, internet service provider, or network information; (c) information searched for, observed, or accessed while using the Services; or (d) metadata related to User Content, such as date, time, or location.

    “User Content” means content uploaded or submitted by Users such as information, documents, images, photographs, videos, notes, sounds, data, and posts.

    “UDID” means Your city location, device model and version, and device identifier.

    “User Information” means information such as name, username, password, email address, phone number, and address.

    “User” means any individual or entity that uses the Site and/or Services or a portion thereof on behalf of a Client or Partner or through the account or passwords of either, whether authorized or not, including without limitation the employees, contractors and/or agents of either.

    “You” or “Your” means the individual visiting, accessing, or using the Site and/or Services in his/her/their individual capacity or as a User, Partner, or Client, as the context requires.

Data We Collect and How We Use It

  1. When We Collect Data From You
    We may collect Data from You when You:

    1. Visit Our Site and/or use Our Services;
    2. Interact with one of Our chatbots or digital assistants;
    3. Interact with one of Our artificial intelligence (AI), generative artificial intelligence (GenAI), large language model (LLM), and/or machine learning (ML) powered features, tools, solutions, products and/or services;
    4. Interact with Us online, through a webinar, on the phone, hotlines, customer support, customer services, correspondence through email or through Our Site;
    5. Interact with Us (including any of Our employees, agents, representatives, partners, Affiliates and/or contractors) in person, at an event or trade show;
    6. Opt-in to Our direct marketing campaigns, newsletters, alerts, notifications, promotions, offers and deals;
    7. Submit User Content to Us directly or through Our Sites and/or Services;
    8. Submit a form or contact Us on Our Sites;
    9. Post information, comments, testimonials, or reviews online about Us;
    10. Interact with targeted online content that We or Our Third-Party Service Providers provide to You via third-party websites, communications or applications;
    11. When You are referred to Us by an Affiliate or a third-party with Your consent; and
    12. When You interact with third-party social media accounts of Ours, such as Facebook and Instagram.
  2. Data We Collect and How We Use It
    Depending on the way You use Our Sites and/or Services, We may collect Data for the following purposes:

    1. Personal Information and Business Information
      We collect Personal Information that You voluntarily provide to Us when (1) You create an account to use the Services or sign an order form; (2) when You express an interest in obtaining information about Us or Our Services, or when You sign up to receive emails, marketing, and promotional information from Us; (3) when You fill out a form or contact customer support on Our Site or otherwise contact Us, both online or offline, such as at trade shows or fairs; (4) when a Partner who gives You access to the Sites and Services shares such information with Us in order to provide You with the Sites and Services; and/or (5) when an Affiliate or third party, with Your consent, shares Your Personal Information with Us in order to provide You with marketing and/or transactional Services. All Personal Information that You provide to Us must be true, complete and accurate, and You must notify Us of any changes to such Personal Information.We may also collect Business Information provided to Us directly by a Partner that is sponsoring Your access to the Services, or an Affiliate or third party that has referred You to Us. We may also collect Personal Information, Business Information, User Information and/or Order Information from an Affiliate in order to process a referral, cross-sell and/or partnership requested by You.We use Your Personal Information solely to provide You with the Services and/or Site, and We do not share such Personal Information with any third-party not required to provide You with the Services and/or Site. We may, upon Your request or Consent, share Your Personal Information with Our Affiliates for the purposes outlined herein. You own Your Personal Information – We only process it to provide You the Services.
  3. Payment Information
    When You purchase Services on Our Sites, sign up to use the Services or enter into an order form with Us, We may collect Payment Information required to process Your order(s). We do not store any Payment Information. Instead, We use third-party payment gateways to process Your Payment Information. You (1) represent and warrant that the Payment Information provided is accurate and that You have the right and/or authorization to use and provide Us with that Payment Information; (2) agree to the collection of Your Payment Information for the purposes outlined herein; and (3) when applicable, agree to the applicable automatic renewal and charges to the payment method provided if You have voluntarily opted into automatic renewal services and/or subscriptions. All Payment Information is stored by a secure third-party payment gateway that is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS).If You enable any applications, products, services, or content that integrate with the Services and/or Sites, and that are provided by a third-party for use with the Services: (a) any use by Your or an end user of such third-party products and content is solely Your responsibility (b) You acknowledge that the third-party may have access to Your Data only in connection with the integration of the Services and the third-party services, and Mitratech will only be responsible for its collection, control, sharing, use, disclosure, modification or deletion of Your Data.We are not liable or responsible for payment issues, security incidents or data breaches and associated losses that occur to third-party payment gateways.
  4. Usage Data and UDID
    If You are visiting the Sites and/or using the Services, We may automatically collect Usage Data, such as Your IP address, the date and time of the visit and how long You remained on Our Site, the referral URL, the pages visited on Our Site or related third-party applications, and information about the device and browser (such as, browser type and version and operating system). We may also collect visitor data through third party services such as Google Analytics, in order to better understand visitor behavior, demographics, locations, page views, time spent on the Site or affiliated third-party applications, and other metrics and analytics used to provide and improve the Site and Services. In addition to the information We collect on Our Site, We may also collect Your city location, device model and version, device identifier (or “UDID”), and OS version.This information is collected to maintain the security and operation of Services, and for Our internal analytics and reporting purposes. We do not share or sell Usage Data. We use this information to help diagnose problems with and secure Our servers, to administer the proper functioning and legitimate use of Our websites, and to improve the nature and marketing of the Services. Your IP address is also used to gather broad demographic information that does not personally identify You.
  5. User Content
    We may collect User Content that You provide to Us through Our Sites and/or Services. By uploading or providing Us with User Content, You represent and warrant that You have the rights, consents, authorities and/or licenses required to upload such User Content. We collect User Content solely to provide You with the Services. We do not share User Content with any third party not required to provide You with the Services.We may, depending on the Services You are subscribed for, and by which means You are able to access the Services, share User Content with affiliates , administrators, employers, sponsor, broker or Partner authorized by You. You may have the right to opt-out of that sharing in certain circumstances. We do not own any User Content uploaded to or created through the Sites and Services. Clients own the User Content uploaded to or created through the Sites and Services.
  6. Online Identifiers and Cookies
    We may use cookies, web beacons, server logs, and similar tracking technologies (“Data Collection Tools”) to collect Usage Data so that We may improve Your experience with the Sites or Services. We may also collect information using web beacons (also known as “tracking pixels”). Web beacons are electronic images that may be used with Our Site, Services, or emails. We collect devices, cookie identifiers, or others such as the ones used for analytics and marketing, and other similar data. The information We receive via cookies and similar technology do not contain any personally identifying information, but they do enable Us to improve Your experience using the Services. Most web browsers are set to accept cookies by default. If You prefer, You can usually choose to set Your browser to remove cookies and to reject cookies. If You choose to remove cookies or reject cookies, this could affect certain features or services of the Services or third-party applications. We encourage anyone who uses cookies to follow appropriate privacy standards and policies but is not responsible for cookies placed by third parties.We use this information to help Us improve Your experience with the Site or Services; see which areas and features of the Site or Services are popular; count Site visits; help deliver cookies; understand usage and campaign effectiveness; and determine whether an email has been opened and acted upon. We also use the information We collect to market Our Site to those who have shown interest in Our Services. Cookies allow Us to store user preferences and settings; enable sign-in; provide interest-based advertising; combat fraud; and analyze how Our websites and online services are performing. For more information visit Our ​​Cookie Notice.
  7. Feedback
    We may collect Your Data when You provide Us with any feedback relating to the Sites and/or Services. Feedback that You provide to Us is owned exclusively by Us, except for any portion that contains Your owned Data. Feedback and/or testimonials can be provided to Us online, by phone or by email. We only use feedback to analyze, develop and/or improve Our business, Sites, Services and customer support. You will not have any ownership, credit and/or royalty rights, titles or interests in and to any work product created, whether directly or indirectly, by Us from Your feedback, or a portion thereof.
  8. Mobile Device Data
    We may automatically collect device information (such as Your mobile device ID, model and manufacturer), operating system, version information and IP address. We use Mobile Device Data for internal analytics purposes only. We do not sell or share this data with any third-party, unless required to provide You the Services or Site.
  9. Order Information
    When You sign an order form with Us to purchase and use the Services, We collect Your Order Information. This Order Information is necessary for Us to process Your order, track, calculate and apply any applicable credits, offers or promotions, and to contact You with invoices, billing information and account information.
  10. Third Parties
    In the case that Data is transmitted to Us by third parties, We will take measures to ensure that the Data have been collected lawfully in accordance with the relevant legal provisions, and that the use of such data for the intended data processing activities is permitted. We will do this by implementing contractual safeguards, performing due diligence and process data pursuant to applicable laws. If We did not obtain Personal Information directly from You, We will inform You about the type(s) of Personal Information We received from the Third Parties, the purposes for which it collects and uses Personal Information, and the types of non-agent third parties to which Mitratech discloses or may disclose information, and the choices and means Mitratech offers individuals for limiting the use and disclosure of their Personal Data.

 

GENERAL USE OF DATA; PROCESSING; AND TRANSFERS

  1. Use of Data
    In general, We use Data to provide Our Sites and Services, to perform Our contractual agreements with Our Partners, Clients and Users, and for related business purposes, such as, product development, marketing, legal compliance, and other similar business and legal purposes, such as: 

    1. To provide the Site and Services;
    2. To operate, maintain, develop, improve, or personalize the Services or other products and services We offer;
    3. To provide customer service or support, or to respond to Your comments, questions and requests;
    4. To send technical notices, updates, security alerts, and support or transactional messages relating to Your account;
    5. To share aggregate, de-identified or anonymized Data with authorized third-parties;
    6. To communicate with You about products, offers, promotions, rewards, and events We or others offer, or provide news and information We think will be of interest to You, unless You have opted-out;
    7. To monitor and analyze trends, usage, and activities in connection with Our Services;
    8. To provide advertisements about content or features more relevant to You, unless You have opted-out;
    9. To assess the effectiveness of and improve advertising and other marketing and promotional activities on or in connection with the Services;
    10. To process Your transactions and send You related information, such as confirmations and invoices;
    11. To refer You to Affiliates to which You request or Consent;
    12. To help Us develop new products and services or improve Our existing Services;
    13. To power, provide and/or develop solutions, offerings, products and/or services powered by artificial intelligence and/or machine learning;
    14. To improve Mitratech’s artificial intelligence models, services and features that are intended for Your use with the Services;
    15. To provide data insights to a Client’s Partner or sponsor;
    16. To enforce Our Terms of Service and other applicable agreements or policies; and
    17. To carry out any other lawful purpose for which information was collected.We may derive information or draw inferences based on information collected when You access or use the Services. For example, We may make inferences about Your interest in Our products and services based on Your location, browsing behavior, usage behavior, and past purchases. To improve the Services, information collected may be used in an aggregated or deidentified manner. We may combine Data provided to Us directly by You with information from other sources, such as social media or data brokers, and use the combined information as described in this Policy.
  2. Machine Learning. Your Personal Information may also be used by Us and its Affiliates, or shared with authorized Subprocessors, contractors and/or agents to:
    1. develop, train (unless otherwise provided), or enhance artificial intelligence or machine learning models, products, services, features, and/or intellectual property, that are part of or may become part of Our Services, including third-party components of the Services (collectively referred to as, “AI Services”); and
    2. analyze, assess and/or gather information related to Your outputs, inputs, usage, functionality, and/or feedback relating to the AI Services, which shall be used in an aggregate or deidentified form.Nothing in this section will reduce or limit Our obligations to comply with applicable data protection and privacy laws. You represent and warrant that You have all rights, titles, interests or licenses in and to the Data, and You authorize Us to process Your Data for the purposes listed herein
  3. Processing of Data
    We will only process Your Data as outlined in this Policy and for the purposes indicated herein. We may process Your Data in the following countries:

    United States  Hosting, processing 
    Australia  Hosting, processing 
    India  Hosting, processing 
    Mexico  Hosting, processing 
    European Union  Hosting, processing 

    Nonetheless, We require that all hosting services, sub-processors, and third-party Service Providers are limited in their access, usage, sharing and disclosure through contractual commitments and required security and privacy standards and measures.

  4. Onward Transfers of Data
    You understand and agree that Mitratech may transfer Your Data to authorized third party providers in the following territories outlined in the preceding clause.For some business processes, it is necessary to pass on Data relating to clients or partners to third parties. If the recipient is located in a third country, he/she must guarantee an adequate level of data protection in line with this statement. This does not apply if the data transmission is carried out owing to a statutory obligation, or to any other permissible legal obligation. The recipient must be bound under contract only to use the data for the specified purpose.

Mitratech will obtain assurances from their agents that they will safeguard sensitive information consistently with this statement. Examples of appropriate assurances that may be provided by agents include but are not limited to: a contract obligating the agent to provide at least the same level of protection as is required by the relevant Data Privacy Principles, being subject to the EU General Data Protection Regulation (Regulation (EU) 2016/679), or being subject to another European Commission adequacy finding. When Mitratech becomes aware that an agent is using or disclosing sensitive information in a manner contrary to this statement, Mitratech will take reasonable steps to prevent or stop the use or disclosure. Mitratech may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements. 

Mitratech primarily stores data about clients and visitors to the Mitratech website in the United States. To facilitate Mitratech’s global operations, Mitratech may transfer and access such information from around the world, including from other countries in which Mitratech has operations, such as the United States, Mexico, United Kingdom, countries within the European Union, Singapore and Australia. A list of the Mitratech’s global offices is available upon request. This statement shall apply even if Mitratech transfers data to other countries. 

In the case that data is transmitted to Mitratech by third parties, it must be ensured that the data have been collected lawfully in accordance with the relevant legal provisions, and that the use of such data for the intended data processing activities is permitted.

 

SECURITY, INCIDENTS, DISCLOSURE AND RETENTION

  1. How We Keep Your Data Safe
    We are committed to protecting Your Data and We implement appropriate and industry standard administrative, technical, organizational and physical safeguards designed to safeguard the information that We collect such as:

    1. Secure Sockets Layer (SSL) technology protects Data on Our Site using both server authentication and data encryption, ensuring that user data is safe, secure, and available only to authorized persons. Every time You send Us Your credit card number and Your billing and shipping information, We use the industry-standard SSL technology to prevent the information from being intercepted. We also encrypt Your credit card number when We store Your order.
    2. Our computer systems are hosted in cloud services that We have selected, in part, based on their representation that they use a firewall, intrusion detection systems, and other advanced technology to prevent interference or access from outside intruders.
    3. We store Your Data in a secure operating environment and is only accessible to Mitratech employees, agents and contractors on a need-to-know basis. Contracts are in place that require others to keep Your Personal Information private and secure. This requires a careful breakdown and separation, as well as implementation, of roles and responsibilities.
    4. Our technical safeguards include:
      1. Unique password requirements and limited employee access;
      2. Destruction, deletion or de-identification of Data, when permissible and applicable;
      3. Industry standard security protocols;
      4. Employee training on how to handle sensitive data, breach notice and procedures;
      5. Secure Technology (SSL), server authentication and Data encryption and use of firewall to host data;
      6. Designated security coordinator on the Mitratech team;
      7. Sub-processors, sub-contractors and third-parties are bound to same security practice obligations;
      8. Backups; and
      9. Periodic audits and penetration testing.
      10. Network IsolationMitratech has implemented industry standard security methods, technologies, and processes to safeguard sensitive information from unauthorized access and unlawful processing or disclosure, as well as accidental loss, modification, or destruction.Nonetheless, no information system can be made 100% secure. This means that Mitratech cannot guarantee the absolute security of Your Data. Moreover, We are not responsible for the security of information You transmit to Us over networks that Mitratech does not control, including the internet and wireless networks, or the data that is stored on Your device. You should only access the Services within a secure environment.

 

YOUR DATA RIGHTS

  1. Your Data Rights (All U.S. Residents)
    You have certain rights with respect to Your Data, and We want to help You review and update Your information to ensure it is accurate and up-to-date. We may limit or reject Your request in certain cases, such as if it is frivolous, unverified or unduly burdensome, if it jeopardizes the rights of others, if it is not required by law, or if the burden or expense of providing access would be disproportionate to the risks to Your privacy in the case in question, or if it materially alters the way We provide the Mitratech Services to You. In some cases, We may also need You to provide Us with additional information, which may include personal information, to verify Your identity and the nature of Your request. We will take reasonable steps to respond to all requests within 45 calendar days.If You wish to exercise any of the following rights, You may do so by contacting Us at [email protected]:

    1. Access
      You can request more information about the Data We hold about You and request a copy of such Data.
    2. Rectification
      If You believe that any Personal Information that We hold about You is incorrect or incomplete, You can request that We correct, edit or supplement such information.
    3. Erasure
      You can request that We delete some or all of Your Personal Information from our systems. Please note that if You request the deletion of information required to provide the Service to You, Your Account will be deactivated and You will lose access to the Service, forfeiting all refunds, credits and other outstanding or earned items. If any personally identifiable data is collected through the use of the Services, We will ensure that it is destroyed, returned, or modified to make it unreadable or indecipherable, at the end of Your use of the Services, unless required to be retained and maintained in original form pursuant to law enforcement, legal proceeding, court order or subpoena. Disposition shall include (1) the shredding of any hard copies of any Personal Information or Data; (2) erasure, freezing, anonymization or de-identification; or (3) otherwise modifying the Personal Information in those records to make it unreadable or indecipherable.
    4. Portability
      You can ask for a copy of Your Personal Information to be provided to You in a machine-readable format. You can also request that We transmit the data to another controller where technically feasible.
    5. Withdrawal of Consent
      If We are processing Your Personal Information based on Your consent (as indicated at the time of collection of such data), You have the right to withdraw Your consent at any time by writing to Us. Please note, however, that if You exercise this right, You may have to then provide express consent on a case-by-case basis for the use or disclosure of certain of Your Personal Information, if such use or disclosure is necessary to enable You to utilize some or all of Our Services.In some cases, We serve just as Data Processors on behalf of Client. If applicable, all requests to withdraw Consent of the Data Subject shall be directed to and completed by Client. All withdrawal of Consent requests addressed to Us will be redirected to Client. After receiving and validating a request to delete Your information or to withdraw consent from You, Client shall instruct Us to process this request. If We are processing Data based on Your consent obtained by the Client (as indicated at the time of collection of such data), Client shall confirm to Us Your withdrawal of consent. Please note, however, that if You exercise this right, You may have to then provide express consent to Client on a case-by-case basis for the use or disclosure of certain Data, if such use or disclosure is necessary to enable Client to utilize some or all of the Services.Excluding the section above, all Data Subjects that are Users of the Services shall have the right to withdraw their Consent from the processing of their Data. For all questions related to the end Users’ rights over their Data, You may email Us at [email protected].
    6. Objection
      You can contact Us to let Us know that You object to the further use or disclosure of Your Personal Information for certain purposes, such as for marketing purposes.
    7. Restriction of processing
      You can ask Us to restrict further processing of Your Personal Information.
    8. Opt out of marketing electronic communications
      You may opt out of receiving newsletters and other marketing communications sent directly from Us by using the “unsubscribe” function included in all marketing emails. You will not be able to unsubscribe from transactional Mitratech emails or emails containing important information regarding Your account, rights and/or responsibilities with respect to Our Services.Therefore, You will continue to receive account notices and transactional emails so long as You have an account with Mitratech.
    9. Disable cookies
      You can disable cookies before visiting the Sites. However, if You do so, You may not be able to use certain features of the website properly.
    10. Right to file a complaint
      You also have the right to file a complaint about Mitratech’s data and/or privacy practices with respect to Your Personal Information with the supervisory authority of Your jurisdiction.
    11. Exercising your rights
      If you would like more information or would like to exercise the access and deletion rights described above, please submit a privacy-related request by doing the following:

      1. Calling us at this toll-free phone number: 1 888 784 7224; or
      2. Emailing us at [email protected] describing the nature of your request;Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must provide sufficient information that allows us to reasonably verify you are the person about whom We collected personal information or an authorized representative, which will require proof that the person is authorized to act on your behalf. Additionally, the verifiable consumer request must describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. We cannot respond to your request or provide you with Personal Data if We cannot verify your identity or authority to make the request and confirm the personal information relates to you. We will only use personal information provided in a request to verify the requestor’s identity or authority to make the request. We endeavor to comply with a request within 45 days of its receipt. If We require more time (up to 90 days), We will inform you, in writing, the reason for the delay. Any information We provide will only cover the 12-month period preceding the request’s receipt.
  2. Links to Other Websites
    The Mitratech Sites and/or products may contain links to other sites, products, services, offerings and/or information, operated by independent third parties, that We think may be of interest to You or are offered as part of our Services. Mitratech encourages third parties to follow appropriate privacy standards and policies. Mitratech makes no warranties and/or representations regarding the privacy and data practices of any third party website You may access through Our websites, platform, applications, or communications.

      1. This statement embodies the internationally accepted principles of data protection and privacy, without replacing existing national laws. It applies in all cases as far as it is not in conflict with the respective national law; additionally, the national law shall apply if it makes greater demands. National law applies in the case that it entails a mandatory deviation from, or exceeds the scope of, this statement for data protection. This statement also applies in countries in which there is no corresponding national legislation in place.

 

Supplemental Rights for California Residents 

  1. California Disclosures
    If You are a California resident, You have certain additional rights concerning Your data under the California Consumer Privacy Act of 2018 (“CCPA”), as amended by the California Privacy Rights Act (CPRA), as further described below.
  2. Personal Information Collected
    We will never sell for monetary remuneration Your Personal Information without Your prior written consent. We only share Data and information so that We can provide the Services and help Our partners and third-party affiliates provide the Services to You. We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular user, household or device (“CCPA Personal Information”). In particular, We have collected the categories of personal information from Our Sites Users within the last 12 months outlined in Appendix A, for the purposes described in this Policy.Personal Information does not include publicly available information, information from public government records, de-identified or aggregated consumer information, or other information excluded from the CCPA’s scope. We will not collect additional categories of Personal Information or use the Personal Information We collected for materially different, unrelated, or incompatible purposes without providing You with notice.
  3. Disclosing Personal Information
    In the preceding 12 months, We have disclosed the following categories of customers’ CCPA Personal Information (as defined above) for the purposes described in this Policy: identifiers; and California Customer Records personal information categories:

    1. Sale of Personal Information
      In the preceding 12 months, We have not sold any of Our Users’ Personal Information.
  4. Collection, Disclosure and Use Rights
    Pursuant to the California Consumer Privacy Act of 2018 (CCPA) and the California Privacy Rights Act (CPRA), service users, consumers and website visitors who are California residents have the following specific rights regarding Your Personal Information:(1) Right to Notice; (2) Right to Access/Right to Request; (3) Right to Know; (4) Right to Delete or Anonymize; (5) Right to Opt-Out; (6) Right to Not Be Discriminated Against Right to Notice of Financial Incentive. Mitratech may deny Your deletion request if retaining the information is necessary for Us or Our service provider(s) to complete certain business purposes, contractual obligations or to comply with legal obligations.You can exercise these data rights by writing to Us at [email protected]

    1. Access To Specific Information and Data Portability Rights
      You have the right to request that We disclose certain information to You about Our collection and use of Your Personal Information over the past 12 months. Once We receive and confirm Your verifiable consumer request, We will disclose to You:

      • The categories of Personal Information We collected about You.
      • The categories of sources for the Personal Information We collected about You.
      • Our business or commercial purpose for collecting or sharing that Personal Information.
      • The categories of third parties with whom We share that Personal Information.
      • The specific pieces of Personal Information We collected about You (also called a data portability request).
      • If We disclosed Your Personal Information for a business purpose, the personal information categories that each category of recipient obtained.
    2. Deletion Request Rights
      You have the right to request that We delete any of Your Personal Information that We collected from You and retained, subject to certain exceptions. Once We receive and confirm Your verifiable consumer request, We will delete or make Your Personal Information de-identified or anonymous (and direct Our Service Providers to do the same) Your Personal Information from Our records, unless an exception applies. Upon deletion, de-identification or anonymization, We shall not be able to honor any outstanding or earned credits, refunds, points or other promotions and offers. We may deny Your deletion request if retaining the information is necessary for Us or Our service providers to:

      • Complete the transaction for which We collected the Personal Information, provide a good or service that You requested, take actions reasonably anticipated within the context of Our ongoing business relationship with You, or otherwise perform Our contract with You.
      • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
      • Debug to identify and repair errors that impair existing intended functionality.
      • Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law;
      • Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
      • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if You previously provided informed consent.
      • Enable solely internal uses that are reasonably aligned with consumer expectations based on Your relationship with Us; or
      • Comply with a legal obligation.
    3. How to Exercise Your Rights
      To exercise the access, data portability, and/or deletion rights described above, or if You would like more information about Your rights, please submit a verifiable consumer request to Us by:

      • emailing [email protected] with “Mitratech – California Privacy Rights Request” in the subject line.
      • Calling Us at this toll-free phone number: (+1) 888 784 7224Only You, or someone legally authorized to act on Your behalf, may make a verifiable consumer request related to Your Personal Information. You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must provide sufficient information that allows Us to reasonably verify You are the person about whom We collected personal information or an authorized representative, which will require proof that the person is authorized to act on Your behalf. Additionally, the verifiable consumer request must describe Your request with sufficient detail that allows Us to properly understand, evaluate, and respond to it.
    4. Limits on Requests
      You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must (i) provide sufficient information that allows us to reasonably verify You are the person about whom We collected Personal Information or an authorized representative, and (ii) describe Your request with sufficient detail that allows Us to properly understand, evaluate, and respond to it.We will not be able to respond to Your request or provide You with Personal Information if We cannot verify Your identity or authority to make the request and confirm the Personal Information relates to You.Making a verifiable consumer request does not require You to create an account with Us. However, if You do have an account with Us, You can make a verifiable request through Your account.  We will only use Personal Information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request. In Your request to Us, please DO NOT submit more personally identifiable information than You have already provided to Us.
    5. Response Timing and Format
      We endeavor to respond to a verifiable consumer request within 45 days of its receipt. If We require more time (up to 90 days total), We will inform You of the reason and extension period in writing.  We will deliver Our written response by email electronically, at Your option. Any disclosures We provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response We provide will also explain the reasons We cannot comply with a request, if applicable. For data portability requests, We will select a format to provide Your Personal Information that is readily useable and should allow You to transmit the information from one entity to another entity without hindrance.By writing to Us, You agree to receive communication from Us seeking information from You in order to verify You to be the consumer from whom We have collected the data from and such other information as reasonably required to enable Us to honor Your request.We do not charge a fee to process or respond to Your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded.  If We determine that the request warrants a fee, We will tell You why We made that decision and provide You with a cost estimate before completing Your request.We will not discriminate against You for exercising any of Your CCPA rights. If You request to delete, stop processing or anonymize or de-identify Your Personal Information or delete Your account, You may not be entitled to any outstanding and/or earned credits, refunds, returns, or similar offers or promotions, and You will no longer have access to the Services.
  5. Service Providers Obligations
    Only to the extent that Mitratech, or its Affiliates, are considered a Service Provider and You are considered a data controller or processor under applicable law(s), the below obligations are enforceable:

    1. The Personal Data We receive from or on behalf of You will only be used for the specific business purposes outlined in the agreement.
    2. Service Provider shall not:
      1. Sell or share personal information.
      2. Retain, use, or disclose personal information for any purpose other than for the business purposes specified in the contract with You, including retaining, using, or disclosing the Personal Data for a commercial purpose other than the business purposes specified in the contract with You, or as otherwise permitted under applicable privacy laws.
      3. Retain, use, or disclose Personal Data outside of the direct business relationship between You and Us.
      4. Combine Personal Data received from, or on behalf of, You with Personal Data received from, or on behalf of, another person or persons, or collect Personal Data from its own interactions with the consumer, except as necessary to perform the business purpose specified in the written contract and as permitted by applicable regulations; and
      5. Engage any third party sub-processor to assist in processing Personal Data for Our business purposes without notice to You and without a written contract with sub-processor that imposes the same obligations on the sub-processor as set forth in this Policy.
    3. You may, subject to the terms of any agreement with Us, monitor Our compliance with the terms of this Policy. This may include ongoing manual reviews, automated scans, and regular assessments, audits, or other technical and operational testing at least once every 12 months, to ensure that We are adhering to the obligations set forth in this Policy and any corresponding data processing agreement.
    4. The Service Provider agrees to comply with all other applicable requirements under the California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA), and other relevant privacy regulations to ensure the protection and confidentiality of consumer personal information.

Mitratech may, subject to agreement with the Service Provider, monitor the Service Provider’s compliance with the terms of this Policy. This may include ongoing manual reviews, automated scans, and regular assessments, audits, or other technical and operational testing at least once every 12 months, to ensure that the Service Provider is adhering to the obligations set forth in this Policy and the corresponding Data Processing Agreement.

 

Supplemental Information for the EEA, Switzerland, and the U.K. 

In the event Data is transferred and collected from a data subject outside of the United States, then Mitratech addresses this Supplemental Notice to individuals located in the EEA, Swiss and United Kingdom (UK), as required by the GDPR. In the event of any conflict or inconsistency between the other parts of this Policy and the terms of this section, this section shall govern and prevail with regard to the processing of EEA, Swiss, and U.K. Personal Information, to the extent applicable.

  1. Applicable Laws
    If You are located in the EEA, the GDPR applies to the processing of Your Personal Information. If You are located in the UK, the UK GDPR applies to the processing of Your personal data. If You are located in Switzerland, the provisions of the FDPA apply to You, and references to the GDPR below shall be interpreted analogously for the purposes of applying the FDPA.
  2. Legal Basis for Processing
    Mitratech only process Personal Information to operate Our business and provide the Services requested by You. We also use Personal Information to comply with applicable legal obligations and protect Our legitimate interests, including communicating with Clients and others, improving the Services and personalizing Our Services.
  3. International Data Transfers
    As a global business, We may transfer Personal Information outside the EU/EEA, Switzerland, and the UK to countries that have been determined by the European Commission to offer an adequate level of data protection. Such transfers are made pursuant to the requirements of applicable adequacy decisions. We make these transfers when necessary to provide Our Services, to perform Our contract with You, or when We have Your consent to transfer Your Personal Information to another country.For transfers from the EU/EEA and Switzerland to countries that have not been deemed to offer an adequate level of data protection, We transfer Personal Information pursuant to a data protection addendum with standard contractual clauses and appropriate supplementary measures including, appropriate technical and organizational measures.
  4. Your Data Protection Rights
    In the EEA, Switzerland and the UK You have the following rights, subject to the conditions under the GDPR and/or local data protection law:

    1. Right to Access. You have the right to confirm from Mitratech whether We are processing Your Data and related information, and, where that is the case, to request access to details about how We process Your Data and copies of the Data.
    2. Right to Data Portability. You have the right to receive Your personal data which You have provided to Us in a structured, commonly used and machine-readable format and You have the right to transmit the personal data to another entity without hindrance from Us.
    3. Right to Rectification. You have the right to request the rectification or completion of inaccurate or incomplete Data.
    4. Right to Objection. You have the right to object to the processing of Your Data in certain cases.
    5. Right to Restrict Processing. In limited circumstances, you have the right to request that We restrict processing of Your Data.
    6. Right to Erasure. You may request that We erase Your Data in certain cases.
    7. Right to Lodge a Complaint. To lodge a complaint with a supervisory authority (only for EEA and UK).
    8. Right to Refuse or Withdraw Consent. In case We ask for Your consent to process Your personal data, You are free to refuse to give it. If you have declared your Consent for any Data processing activities, you can withdraw this consent at any time with future effect.To exercise Your rights under applicable privacy law, to raise a privacy concern, or to make a data-related request, please contact Us at the contact information further below and describe Your request. We may ask for additional information from You to clarify Your request and verify that You are authorized to make Your request. We will respond to requests to exercise privacy rights according to applicable laws.
  5. Disclosure and Assessment
    Mitratech may be required to disclose Personal Information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.Mitratech will assess its adherence to its privacy policies annually. This assessment will include the following:

    1. A review of Mitratech privacy policies for ongoing conformance with applicable law.
    2. Review of the Personal Data that Mitratech collects and means of collecting this data.
    3. Inclusion of mechanisms, and related communications, that individuals can review their Personal Data, correct it, ask questions or file a complaint.
    4. Training for Mitratech employees, based on their degree of involvement with Personal Data.

 

 

Our commitment to Canadian Privacy (PIPEDA) 

Mitratech is committed to protecting the privacy of personal information in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and its ten Fair Information Principles, which form the ground rules for the collection, use, and disclosure of personal information in Canada.

  1. Your Data Rights
    You have certain rights with respect to Your Data, and We want to help You review and update Your information to ensure it is accurate and up-to-date. We may limit or reject Your request in certain cases, such as if it is frivolous, unverified or unduly burdensome, if it jeopardizes the rights of others, if it is not required by law, or if the burden or expense of providing access would be disproportionate to the risks to Your privacy in the case in question, or if it materially alters the way We provide the Mitratech Services to You. In some cases, We may also need You to provide Us with additional information, which may include personal information, to verify Your identity and the nature of Your request. We will take reasonable steps to respond to all requests within 45 calendar days.If You wish to exercise any of the following rights, You may do so by contacting Us at [email protected]:

    1. Access
      You can request more information about the Data We hold about You and request a copy of such Data.
    2. Excercising your rights
      If you would like more information or would like to exercise the access and deletion rights described above, please submit a privacy-related request by doing the following: (1) Calling us at this toll-free phone number: 1 888 784 7224; or (2) Emailing us at [email protected] describing the nature of your request;
    3. The information We gather, and share is outlined in Appendix A.

 

Contact Us 

If you have any questions or complaints regarding this Privacy Policy, please feel free to contact Us at:

Mitratech Holdings, Inc.

Attn: Legal Department – Mitratech

13301 Galleria Circle Bldg. B Suite 200
Bee Cave, TX 78738
Phone: (+1) 888 784 7224

Email: [email protected]

Appendix A 

The list of categories of data collected in the previous twelve months available here is subject to change from time to time in Mitratech’s sole discretion and without notice to You, unless agreed upon in writing otherwise.  

Do Not Sell My Personal Information  

Cookie Policy