Mitratech Holdings, Inc. and ThinkSmart LLC (“Mitratech,” ”we,” “us,” “our”) have adopted consistent, globally valid data protection and data security standards for processing the sensitive data of its clients, partners, prospects, and employees in line with globally accepted principles. Mitratech holds responsibilities for protecting the privacy of sensitive data, including any personal information being maintained, against threats posed by unauthorized access or misuse. In addition, Mitratech respects individual privacy and shall handle all sensitive information with care.
This statement undergirds Mitratech’s ability to adapt to a changing global marketplace and forms the basis for long-lasting business relationships built on trust. This statement also sets important basic conditions for the global exchange of data, as it guarantees a reasonable level of data protection for trans-border data flows.
This statement applies to Mitratech Holdings, Inc. as well as associated companies and their employees and covers the following: processing of sensitive data relating to clients, partners, Mitratech employees, and prospects. This includes data relating to prospects, suppliers, and shareholders.
Sensitive Data – any information relating to a person who can be identified, directly or indirectly, by reference to an identifier such as: a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person, or information that reveals race, ethnic origin, sexual orientation, political opinions, religious or philosophical beliefs, or trade union membership, or that concerns an individual’s health. Additionally, this includes any information that is intellectual property or considered confidential to Mitratech, its clients, or third parties.
Data Subject – a natural person whose personal data is processed by a controller or processor
Data Processor – a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller
Data Controller – a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data
Consent – any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her
Personal Information We Collect
The data we collect depends on the context of your interactions with Mitratech, the choices you make, and the products and features you use. The data we collect may include the following:
Website: The information gathered on Mitratech’s website(s) generally includes company names, locations, times and dates of access, and the web pages viewed while visiting. Additionally, information is collected on the search engines and search phrases used to find our website(s). We may also collect the name of Internet Service Providers and the operating system of your computer. Mitratech’s website uses “cookies,” small text files that can be read by a web server in the domain that put the cookie on your hard drive. User registration may be required to access some of the features on our website(s). Upon registration, we require you to provide your name, title, company, e-mail address, and phone number. A Mitratech representative will contact you to set up an account. We may request additional information from you at that time.
Clients, Prospects and Partners: Mitratech collects personal information of its Clients, Prospects and Partners to facilitate sales, marketing, customer support, and related operations essential to Mitratech. This includes contact information such as name, email address, phone number, and similar data. Mitratech also collects information you provide to us and the content of messages you send to us, such as feedback and product reviews you write, or questions and information you provide for customer support. When you contact us, such as for customer support, phone conversations or chat sessions with our representatives may be monitored and recorded.
Use by Children: Mitratech, as a standard practice, does not knowingly or specifically collect, use, or require any information about minors under the age of 18. The website(s) run by Mitratech are not intended for minors under the age of 18. If you believe that we have mistakenly or unintentionally collected such information, please notify us so that we may delete the information from our servers.
How We Use Personal Information
As a policy, Mitratech uses sensitive information only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual. Mitratech takes reasonable steps to ensure that sensitive information is relevant to its intended use, accurate, complete, and current. Mitratech does not provide any of the information we collect to third parties other than to market our products and services.
Website: Mitratech uses the information we collect to identify and contact visitors to our website(s) who are seriously interested in our products and services. Cookies allow us to store user preferences and settings; enable sign-in; provide interest-based advertising; combat fraud; and analyze how our websites and online services are performing.
Applications: Using Mitratech’s Applications, information can be processed on an organization’s own computers or on computers hosted by Mitratech. In the latter case, Mitratech is an Application Service Provider (ASP), however, each client, as the collector, administrator, and user of sensitive information within applications, has primary responsibility for the privacy of that information. Mitratech, as an ASP, may collect application usage data for the purpose of product improvement and support.
Clients, Partners, and Prospects: Mitratech may collect information from Clients, Partners, and Prospects for the purposes of marketing, product support, and other appropriate channels. Mitratech takes reasonable steps to ensure that sensitive information is relevant to its intended use, accurate, complete, and current. Mitratech does not provide any of the information we collect to third parties other than to market our products and services.
Transmission of Information
For some business processes, it is necessary to pass on sensitive data relating to clients or partners to third parties. If this does not occur owing to a legal obligation, it must be checked in each instance whether it is in conflict with any interest of the data subject that merits protection. If the recipient is located in a third country, he/she must guarantee an adequate level of data protection in line with this statement. This does not apply if the data transmission is carried out owing to a statutory obligation, or to any other permissible legal obligation. The recipient must be bound under contract only to use the data for the specified purpose.
Transfers to Agents: Mitratech will obtain assurances from their agents that they will safeguard sensitive information consistently with this statement. Examples of appropriate assurances that may be provided by agents include, but are not limited to: a contract obligating the agent to provide at least the same level of protection as is required by the relevant Data Privacy Principles, being subject to the EU General Data Protection Regulation (Regulation (EU) 2016/679), EU-U.S. or Swiss-U.S. Privacy Shield certification by the agent, or being subject to another European Commission adequacy finding. Where Mitratech becomes aware that an agent is using or disclosing sensitive information in a manner contrary to this statement, Mitratech will take reasonable steps to prevent or stop the use or disclosure. Mitratech may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.
International Transfer of Information: Mitratech primarily stores data about clients and visitors to the Mitratech website in the United States. To facilitate Mitratech’s global operations, Mitratech may transfer and access such information from around the world, including from other countries in which Mitratech has operations, such as the United States, United Kingdom, and Australia. A list of the Mitratech’s global offices is available upon request. This statement shall apply even if Mitratech transfers data to other countries.
In the case that data is transmitted to Mitratech by third parties, it must be ensured that the data have been collected lawfully in accordance with the relevant legal provisions, and that the use of such data for the intended data processing activities is permitted.
Notice and Consent
Mitratech will inform individuals about the type(s) of sensitive information it collects, the purposes for which it collects and uses sensitive information, and the types of non-agent third parties to which Mitratech discloses or may disclose information, and the choices and means, if any, Mitratech offers individuals for limiting the use and disclosure of their sensitive information. Notice will be provided in clear and conspicuous language before individuals are first asked to provide sensitive information to Mitratech, or as soon as practicable thereafter, and in any event before Mitratech uses or discloses the information for a purpose other than that for which it was originally collected.
Mitratech will offer individuals the opportunity to choose (opt-out) where their information is to be (a) disclosed to a non-agent third party, or (b) used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. Per the EU General Data Protection Regulation, an opt-in opportunity will be provided to applicable individuals prior to data collection.
Sensitive Personal Information may be processed only under certain conditions. Mitratech will give individuals the opportunity to affirmatively and explicitly (opt-in) consent to the disclosure of any information to a non-agent third party or the use of the information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. Mitratech will provide individuals with reasonable mechanisms to exercise their choices.
Data Processing Limitations
Mitratech will use information only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual, and will take reasonable steps to ensure that sensitive information is relevant to its intended use, accurate, complete, and current.
Before any step is taken to process sensitive data, it must be verified whether and to what extent the processing of said data is necessary in order to achieve the purpose for which it is undertaken. Where the purpose allows and where the expense involved is in proportion with the goal being pursued, anonymized or statistical data must be used. This statement does not apply to statistical analysis or studies based on anonymized data.
Information that is no longer needed for its intended purpose should be deleted in compliance with Mitratech’s existing archival guidelines. Per the EU General Data Protection Regulation, applicable sensitive information may not be collected in advance and stored for potential future purposes unless required under the law of the individual nation.
Access and Correction
Upon request, Mitratech will grant data subjects reasonable access to sensitive data that it holds about them, including information about how the data was collected and its purpose(s).
Additionally, Mitratech will take reasonable steps to delete information if the processing of such data has no legal basis, or if the legal basis has ceased to apply. Individuals may also request the correction or amendment of information that is determined to be inaccurate or incomplete, or objection to information processing altogether.
Information Security and Confidentiality
Mitratech has implemented industry standard security methods, technologies, and processes to safeguard sensitive information from unauthorized access and unlawful processing or disclosure, as well as accidental loss, modification, or destruction. All sensitive information is treated confidential; any unauthorized collection, processing, or use of such data is prohibited. In the context of increasingly flexible company organization, it must be ensured that employees have access to sensitive data on a need-to-know basis only. The need-to-know principle means that employees may have access to sensitive information only as is appropriate for the type and scope of the task in question. This requires a careful breakdown and separation, as well as implementation, of roles and responsibilities.
This statement embodies the internationally accepted principles of data protection and privacy, without replacing existing national laws. It applies in all cases as far as it is not in conflict with the respective national law; additionally, the national law shall apply if it makes greater demands. National law applies in the case that it entails a mandatory deviation from, or exceeds the scope of, this statement for data protection. This statement also applies in countries in which there is no corresponding national legislation in place.
EU GDPR: Mitratech adheres to the EU General Data Protection Regulation as set forth by the European Parliament & Council regarding the processing of personal data and the free movement of such data.
EU-U.S. and Swiss-U.S Privacy Shield: Mitratech adheres to the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. Mitratech has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. The Federal Trade Commission has jurisdiction over Mitratech’s compliance with the Privacy Shield. Mitratech complies with the Privacy Shield Principles for all onward transfers of Personal Information from the EU and Switzerland, including the onward transfer liability provisions
If there are any conflicts between the terms in this statement and EU data privacy principles, the principles shall govern.
California Privacy Rights: Under California law, California residents may request once a year, free of charge, certain information regarding our disclosure of personal information to third parties for direct marketing purposes.
Mitratech will investigate and attempt to resolve complaints and disputes regarding the use and disclosure of sensitive information in accordance with the principles contained in this statement. European Union or Swiss individuals with inquiries or complaints regarding their personal information should first contact Mitratech at firstname.lastname@example.org.
Mitratech has further committed to refer unresolved complaints to alternative dispute resolution providers located within Switzerland and the EU. Specifically, the EU Data Protection Authorities (DPA) and the Swiss Federal Data Protection and Information Commissioner (FDPIC). The services of these authorities are provided at no cost to you.
An individual has the possibility, under certain conditions, to invoke binding arbitration for complaints regarding Privacy Shield compliance not resolved by any of the other Privacy Shield mechanisms. To learn more about the Privacy Shield program, please visit https://www.privacyshield.gov/.
This statement will be revised periodically in accordance with industry standards and changes in Mitratech’s operational environment.
Pursuant to the California Consumer Privacy Act of 2018 (CCPA), California residents have specific rights regarding your personal information as described below.
Information We Collect
Mitratech collects information under the direction of our Customers and has no direct relationship with individuals whose personal information we process in connection with our Customer’s use of our services and websites. If you are an individual who interacts with a Customer using our services and websites (such as an end-client of one of our Customers) and would either like to amend your contact information or no longer wish to be contacted by one of our Customers that use our services and websites, please contact the Customer that you interact with directly.
In the past twelve (12) months, we have collected and disclosed personal information for a business purpose consisting of the following categories of personal information:
- Identifiers such as your real name, alias, postal address, online identifier, Internet Protocol address, email address, account name, or other similar identifiers.
- Geolocation data such as physical location or movements of you or your device.
We disclose your personal information for a business purpose to service providers. In the past twelve (12) months, we have not sold personal information.
To view the information PC Legal Tools Inc., dba Tracker Corp (“Tracker”) collects please visit the following link: Information Tracker Collects
To view the information INSZoom, Inc. (“INSZoom”) collects please visit the following link: Information INSZoom Collects
To view the information Acuity ELM (“Acuity ELM”) collects please visit the following link: Information Acuity ELM Collects
Use of Personal Information
We may disclose your personal information to a third party for a business purpose. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.
We share your personal information with the following categories of third parties:
- Service providers.
- Data aggregators.
Your choice in information use
Opt out of non-essential electronic communications: You may opt out of receiving newsletters and other non-essential messages by using the ‘unsubscribe’ function included in all such messages. However, you will continue to receive notices and essential transactional emails.
Disable cookies: You can disable browser cookies before visiting our websites. However, if you do so, you may not be able to use certain features of the websites properly.
Optional information: You can choose not to provide optional profile information such as your photo. You can also delete or change your optional profile information. You can always choose not to fill in non-mandatory fields when you submit any form linked to our websites.
Your rights with respect to information we hold about you as a business
You have the following rights with respect to information that Mitratech holds about you.
Right to access: You have the right to access (and obtain a copy of, if required) the categories of personal information that we hold about you, including the information’s source, purpose and period of processing, and the persons to whom the information is shared.
Right to rectification: You have the right to update the information we hold about you or to rectify any inaccuracies. Based on the purpose for which we use your information, you can instruct us to add supplemental information about you in our database.
Right to erasure: You have the right to request that we delete your personal information in certain circumstances, such as when it is no longer necessary for the purpose for which it was originally collected.
Right to restriction of processing: You may also have the right to request to restrict the use of your information in certain circumstances, such as when you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Right to data portability: You have the right to transfer your information to a third party in a structured, commonly used and machine-readable format, in circumstances where the information is processed with your consent or by automated means.
Right to object: You have the right to object to the use of your information in certain circumstances, such as the use of your personal information for direct marketing.
Your Rights and Choices under the CCPA
Pursuant to the CCPA, consumers have specific rights regarding your personal information. You have the right to access your personal information and the right request that Mitratech disclose certain information to you about our collection and use of your personal information over the past twelve (12) months. You have the right to request that we delete your personal information that we have collected and retained, subject to certain exceptions. Mitratech may deny your deletion request if retaining the information is necessary for us or our service provider(s) to complete certain business purposes or to comply with legal obligations.
You have the right to direct Mitratech to not sell your personal information at any time.
How to Exercise Access and Deletion Rights
If you would like more information or would like to exercise the access and deletion rights described above, please submit a privacy-related request by doing the following:
- Calling us at this toll-free phone number: 1 888 784 7224;
- Emailing us at email@example.com describing the nature of your request; or
- Completing this online form.
Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, which will require proof that the person is authorized to act on your behalf. Additionally, the verifiable consumer request must describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. We will only use personal information provided in a request only to verify the requestor’s identity or authority to make the request. We endeavor to comply with a request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you, in writing, the reason for the delay. Any information we provide will only cover the 12-month period preceding the request’s receipt.
Retention of information
Children’s personal information
Our services are not directed to individuals under 16. Mitratech does not knowingly collect personal information from children who are under 16 years of age. If we become aware that a child under 16 has provided us with personal information, we will take steps to delete such information. If you believe that a child under 16 years has provided personal information to us, please write to firstname.lastname@example.org with the details, and we will take the necessary steps to delete the information we hold about that child.
We will not discriminate against you for exercising your CCPA rights.
Your Rights to Information Shared
California residents may request, pursuant to California’s “Shine the Light” law (Civil Code Section § 1798.83), certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please contact us by using the information listed below.
Mitratech Holdings, Inc.
Attn: Legal Department
5001 Plaza on the Lake
Austin, TX 78746