Privacy Policy

Last updated: March 11, 2021

This Privacy Policy describes Our policies and procedures on the collection, use and disclosure of Your information when You use the Service and tells You about Your privacy rights and how the law protects You.

We use Your Personal data to provide and improve the Service. By using the Service, You agree to the collection and use of information in accordance with this Privacy Policy.

Interpretation and Definitions

Interpretation

The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

Definitions

For the purposes of this Privacy Policy:

Account means a unique account created for You to access our Service or parts of our Service.

Business, for the purpose of the CCPA (California Consumer Privacy Act), refers to the Company as the legal entity that collects Consumers’ personal information and determines the purposes and means of the processing of Consumers’ personal information, or on behalf of which such information is collected and that alone, or jointly with others, determines the purposes and means of the processing of consumers’ personal information, that does business in the State of California.

Company (referred to as either “the Company”, “We”, “Us” or “Our” in this Agreement) refers to International Yacht Arbitration Council, 1845 Cordova Rd, Fort Lauderdale, FL 33316.

For the purpose of the GDPR, the Company is the Data Controller.

Consumer, for the purpose of the CCPA (California Consumer Privacy Act), means a natural person who is a California resident. A resident, as defined in the law, includes (1) every individual who is in the USA for other than a temporary or transitory purpose, and (2) every individual who is domiciled in the USA who is outside the USA for a temporary or transitory purpose.

Cookies are small files that are placed on Your computer, mobile device or any other device by a website, containing the details of Your browsing history on that website among its many uses.

Country refers to: Florida, United States

Data Controller, for the purposes of the GDPR (General Data Protection Regulation), refers to the Company as the legal person which alone or jointly with others determines the purposes and means of the processing of Personal Data.

Device means any device that can access the Service such as a computer, a cellphone or a digital tablet.

Do Not Track (DNT) is a concept that has been promoted by US regulatory authorities, in particular the U.S. Federal Trade Commission (FTC), for the Internet industry to develop and implement a mechanism for allowing internet users to control the tracking of their online activities across websites.

Personal Data is any information that relates to an identified or identifiable individual.

For the purposes for GDPR, Personal Data means any information relating to You such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity.

For the purposes of the CCPA, Personal Data means any information that identifies, relates to, describes or is capable of being associated with, or could reasonably be linked, directly or indirectly, with You.

Sale, for the purpose of the CCPA (California Consumer Privacy Act), means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a Consumer’s personal information to another business or a third party for monetary or other valuable consideration.

Service refers to the Website.

Service Provider means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service or to assist the Company in analyzing how the Service is used. For the purpose of the GDPR, Service Providers are considered Data Processors.

Third-party Social Media Service refers to any website or any social network website through which a User can log in or create an account to use the Service.

Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).

Website refers to IYAC, accessible from www.iyac.org

You means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.

Under GDPR (General Data Protection Regulation), You can be referred to as the Data Subject or as the User as you are the individual using the Service.

Collecting and Using Your Personal Data

Types of Data Collected

Personal Data

While using Our Service, We may ask You to provide Us with certain personally identifiable information that can be used to contact or identify You. Personally identifiable information may include, but is not limited to:

Email address

First name and last name

Phone number

Address, State, Province, ZIP/Postal code, City

Usage Data

Usage Data

Usage Data is collected automatically when using the Service.

Usage Data may include information such as Your Device’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

When You access the Service by or through a mobile device, We may collect certain information automatically, including, but not limited to, the type of mobile device You use, Your mobile device unique ID, the IP address of Your mobile device, Your mobile operating system, the type of mobile Internet browser You use, unique device identifiers and other diagnostic data.

We may also collect information that Your browser sends whenever You visit our Service or when You access the Service by or through a mobile device.

Tracking Technologies and Cookies

We use Cookies and similar tracking technologies to track the activity on Our Service and store certain information. Tracking technologies used are beacons, tags, and scripts to collect and track information and to improve and analyze Our Service. The technologies We use may include:

• Cookies or Browser Cookies. A cookie is a small file placed on Your Device. You can instruct Your browser to refuse all Cookies or to indicate when a Cookie is being sent. However, if You do not accept Cookies, You may not be able to use some parts of our Service. Unless you have adjusted Your browser setting so that it will refuse Cookies, our Service may use Cookies.
• Flash Cookies. Certain features of our Service may use local stored objects (or Flash Cookies) to collect and store information about Your preferences or Your activity on our Service. Flash Cookies are not managed by the same browser settings as those used for Browser Cookies. For more information on how You can delete Flash Cookies, please read “Where can I change the settings for disabling, or deleting local shared objects?” available at https://helpx.adobe.com/flash-player/kb/disable-local-shared-objects-flash.html#main_Where_can_I_change_the_settings_for_disabling__or_deleting_local_shared_objects_
• Web Beacons. Certain sections of our Service and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of a certain section and verifying system and server integrity).

Cookies can be “Persistent” or “Session” Cookies. Persistent Cookies remain on Your personal computer or mobile device when You go offline, while Session Cookies are deleted as soon as You close Your web browser. You can learn more about cookies here: All About Cookies by TermsFeed.

We use both Session and Persistent Cookies for the purposes set out below:

Necessary / Essential Cookies

Type: Session Cookies

Administered by: Us

Purpose: These Cookies are essential to provide You with services available through the Website and to enable You to use some of its features. They help to authenticate users and prevent fraudulent use of user accounts. Without these Cookies, the services that You have asked for cannot be provided, and We only use these Cookies to provide You with those services.

Cookies Policy / Notice Acceptance Cookies

Type: Persistent Cookies

Administered by: Us

Purpose: These Cookies identify if users have accepted the use of cookies on the Website.

Functionality Cookies

Type: Persistent Cookies

Administered by: Us

Purpose: These Cookies allow us to remember choices You make when You use the Website, such as remembering your login details or language preference. The purpose of these Cookies is to provide You with a more personal experience and to avoid You having to re-enter your preferences every time You use the Website.

For more information about the cookies we use and your choices regarding cookies, please visit our Cookies Policy or the Cookies section of our Privacy Policy.

Use of Your Personal Data

The Company may use Personal Data for the following purposes:

To provide and maintain our Service, including to monitor the usage of our Service.

To manage Your Account: to manage Your registration as a user of the Service. The Personal Data You provide can give You access to different functionalities of the Service that are available to You as a registered user.

For the performance of a contract: the development, compliance and undertaking of the purchase contract for the products, items or services You have purchased or of any other contract with Us through the Service.

To contact You: To contact You by email, telephone calls, SMS, or other equivalent forms of electronic communication, such as a mobile application’s push notifications regarding updates or informative communications related to the functionalities, products or contracted services, including the security updates, when necessary or reasonable for their implementation.

To provide You with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless You have opted not to receive such information.

To manage Your requests: To attend and manage Your requests to Us.

For business transfers: We may use Your information to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by Us about our Service users is among the assets transferred.

For other purposes: We may use Your information for other purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns and to evaluate and improve our Service, products, services, marketing and your experience.

We may share Your personal information in the following situations:

• With Service Providers: We may share Your personal information with Service Providers to monitor and analyze the use of our Service, for payment processing, to contact You.
• For business transfers: We may share or transfer Your personal information in connection with, or during negotiations of, any merger, sale of Company assets, financing, or acquisition of all or a portion of Our business to another company.
• With Affiliates: We may share Your information with Our affiliates, in which case we will require those affiliates to honor this Privacy Policy. Affiliates include Our parent company and any other subsidiaries, joint venture partners or other companies that We control or that are under common control with Us.
• With business partners: We may share Your information with Our business partners to offer You certain products, services or promotions.
• With other users: when You share personal information or otherwise interact in the public areas with other users, such information may be viewed by all users and may be publicly distributed outside. If You interact with other users or register through a Third-Party Social Media Service, Your contacts on the Third-Party Social Media Service may see Your name, profile, pictures and description of Your activity. Similarly, other users will be able to view descriptions of Your activity, communicate with You and view Your profile.
• With Your consent: We may disclose Your personal information for any other purpose with Your consent.

Retention of Your Personal Data

The Company will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use Your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

The Company will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of Our Service, or We are legally obligated to retain this data for longer time periods.

Transfer of Your Personal Data

Your information, including Personal Data, is processed at the Company’s operating offices and in any other places where the parties involved in the processing are located. It means that this information may be transferred to — and maintained on — computers located outside of Your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from Your jurisdiction.

Your consent to this Privacy Policy followed by Your submission of such information represents Your agreement to that transfer.

The Company will take all steps reasonably necessary to ensure that Your data is treated securely and in accordance with this Privacy Policy and no transfer of Your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of Your data and other personal information.

Disclosure of Your Personal Data

Business Transactions

If the Company is involved in a merger, acquisition or asset sale, Your Personal Data may be transferred. We will provide notice before Your Personal Data is transferred and becomes subject to a different Privacy Policy.

Law enforcement

Under certain circumstances, the Company may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

Other legal requirements

The Company may disclose Your Personal Data in the good faith belief that such action is necessary to:

• Comply with a legal obligation
• Protect and defend the rights or property of the Company
• Prevent or investigate possible wrongdoing in connection with the Service
• Protect the personal safety of Users of the Service or the public
• Protect against legal liability

Security of Your Personal Data

The security of Your Personal Data is important to Us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While We strive to use commercially acceptable means to protect Your Personal Data, We cannot guarantee its absolute security.

Detailed Information on the Processing of Your Personal Data

The Service Providers We use may have access to Your Personal Data. These third-party vendors collect, store, use, process and transfer information about Your activity on Our Service in accordance with their Privacy Policies.

Email Marketing

We may use Your Personal Data to contact You with newsletters, marketing or promotional materials and other information that may be of interest to You. You may opt-out of receiving any, or all, of these communications from Us by following the unsubscribe link or instructions provided in any email We send or by contacting Us.

We may use Email Marketing Service Providers to manage and send emails to You.

Sendgrid

Their Privacy Policy can be viewed at [We understand that when you use Twilio’s platform you are placing your trust in us to handle your data appropriately, including the personal information of you and your end-users. That is why we take a “No Shenanigans” approach to data protection. Part of our “No Shenanigans” approach is to make sure that you, the developer, have information about how we process personal information in connection with your use of our products and services, including our website. We want to enable you to make informed decisions about your personal information when building your software applications on Twilio’s platform. We also want to provide you with relevant information to help your end-users make informed decisions about their personal information when they use your software applications built on Twilio’s platform. We’re realists here. And, as much as our Privacy Team wishes it were otherwise, we know that most developers don’t spend their time reading privacy notices… But they do read API docs! So, we’ve added information to our Twilio API docs and SendGrid Documentation about personal information processing to give you information to help you build in a smarter, more privacy-aware way. So, let’s say you’ve read everything here and you’ve checked out our product-specific API docs, but you still have more questions or concerns about how we’re processing personal information, or you would like to know more about how to exercise your rights. You can contact our Privacy Team in the Office of the Data Protection Officer by either emailing us at privacy@twilio.com or, by writing to us at: WORLDWIDE HEADQUARTERS Map to our headquarter in San-Francisco 375 Beale Street, Suite 300, San Francisco, CA 94105](We understand that when you use Twilio’s platform you are placing your trust in us to handle your data appropriately, including the personal information of you and your end-users. That is why we take a “No Shenanigans” approach to data protection. Part of our “No Shenanigans” approach is to make sure that you, the developer, have information about how we process personal information in connection with your use of our products and services, including our website. We want to enable you to make informed decisions about your personal information when building your software applications on Twilio’s platform. We also want to provide you with relevant information to help your end-users make informed decisions about their personal information when they use your software applications built on Twilio’s platform. We’re realists here. And, as much as our Privacy Team wishes it were otherwise, we know that most developers don’t spend their time reading privacy notices… But they do read API docs! So, we’ve added information to our Twilio API docs and SendGrid Documentation about personal information processing to give you information to help you build in a smarter, more privacy-aware way. So, let’s say you’ve read everything here and you’ve checked out our product-specific API docs, but you still have more questions or concerns about how we’re processing personal information, or you would like to know more about how to exercise your rights. You can contact our Privacy Team in the Office of the Data Protection Officer by either emailing us at privacy@twilio.com or, by writing to us at: WORLDWIDE HEADQUARTERS Map to our headquarter in San-Francisco 375 Beale Street, Suite 300, San Francisco, CA 94105)

MailChimp

Their Privacy Policy can be viewed at [Updated February 17, 2021 Mailchimp takes data privacy seriously. This privacy policy explains who we are, how we collect, share and use Personal Information, and how you can exercise your privacy rights. We recommend that you read this privacy policy in full to ensure you are fully informed. However, to make it easier for you to review the parts of this privacy policy that apply to you, we have divided up the document into sections that are specifically applicable to Members (Section 2), Contacts (Section 3), and Visitors (Section 4). Sections 1 and 5 are applicable to everyone. If you have any questions or concerns about our use of your Personal Information, then please contact us using the contact details provided at the end of Section 5. To the extent we provide you with notice of different or additional privacy policies, those policies will govern such interactions. TRUSTe 1. The Basics A. About Us Mailchimp is an online marketing platform operated by The Rocket Science Group LLC, a company headquartered in the State of Georgia in the United States (“we,” “us,” “our,” and “Mailchimp”). Our Service enables our Members to, among other things, send and manage email campaigns across channels, serve advertisements, and create Websites and Landing Pages. We also provide other related services, such as real-time data analytics and insights to help our Members track and personalize their marketing activities. Find out more about our Service here. B. Key Terms In this privacy policy, these terms have the following meanings: “Affiliate” means an entity that directly or indirectly Controls, is Controlled by or is under common Control with an entity. “Contact” is a person a Member may contact through our Service. In other words, a Contact is anyone on a Member’s Distribution List about whom a Member has given us information or is anyone who has otherwise interacted with a Member via the Service. For example, if you are a Member, a subscriber to your email marketing campaigns or a shopper to your Website or Landing Page would be considered a Contact. “Control” means an ownership, voting or similar interest representing fifty percent (50%) or more of the total interests then outstanding of the entity in question. The term “Controlled” shall be construed accordingly. “Distribution List” is a list of Contacts a Member may upload or manage on our platform and all associated information related to those Contacts (for example, email addresses). “Mailchimp Site(s)” has the meaning given to it in our Standard Terms of Use. “Member” means any person or entity that is registered with us to use the Service. “Mobile App(s)” means any one or all of the Mailchimp applications available for Members to use on their mobile devices. “Personal Information” means any information that identifies or can be used to identify an individual directly or indirectly. Examples of Personal Information include, but are not limited to, first and last name, date of birth, email address, gender, occupation, or other demographic information. “Service” has the meaning given to it in our Standard Terms of Use. “Visitor” means, depending on the context, any person who visits any of our Mailchimp Sites, offices, or otherwise engages with us at our events or in connection with our marketing or recruitment activities. “you” and “your” means, depending on the context, either a Member, a Contact, or a Visitor. 2. Privacy for Members This section applies to the Personal Information we collect and process from a Member or potential Member through the provision of the Service. If you are not a Member, the Visitors or Contacts section of this policy may be more applicable to you and your data. In this section, “you” and “your” refer to Members and potential Members. A. Information We Collect The Personal Information that we collect depends on the context of your interactions with Mailchimp, your Mailchimp account settings, the products and features you use, your location, and applicable law. However, the Personal Information we collect broadly falls into the following categories: (i) Information you provide to us: You (or your organization) may provide certain Personal Information to us when you sign up for a Mailchimp account and use the Service, consult with our customer service team, send us an email, integrate the Service with another website or service (for example, when you choose to connect your e-commerce account with Mailchimp), or communicate with us in any other way. This information may include: Business contact information (such as your name, job title, organization, location, phone number, email address, and country); Marketing information (such as your contact preferences); Account log-in credentials (such as your email address or username and password when you sign up for an account with us); Troubleshooting and support data (which is data you provide or we otherwise collect in connection with support queries we receive from you. This may include contact or authentication data, the content of your chats and other communications with us, and the product or service you are using related to your help inquiry); and Payment information (including your credit card numbers and associated identifiers and billing address). (ii) Information we collect automatically: When you use the Service, we and our third-party partners may automatically collect or receive certain information about your device and usage of the Service (collectively “Service Usage Data”). In some (but not all) countries, including countries in the European Economic Area (“EEA”), this information is considered Personal Information under applicable data protection laws. We and our third-party partners use cookies and other tracking technologies to collect some of this information. If you are using our Mobile App, we may collect this information using our software development kits (“SDKs”) or APIs the first time the SDK or API is initiated on your Mobile App. For further information, please review the section below and our Cookie Statement available here. Service Usage Data may include: Device information: We collect information about the device and applications you use to access the Service, such as your IP address, your operating system, your browser ID, viewfinder size, and other information about your system and connection. If you are using our Mobile App, we may also collect information about the cellular network associated with your mobile device, your mobile device’s operating system or platform, the type of mobile device you use, your mobile device’s name and unique device ID, and information about the features of our Mobile App that you accessed. Log data: Our web servers keep log files that record data each time a device accesses those servers and the nature of each access, including originating IP addresses and your activity in the Service (such as the date/time stamps associated with your usage, pages and files viewed, searches and other actions you take (for example, which features you used)), device event information (such as system activity, error reports (sometimes called ‘crash dumps’)), and hardware settings. We may also access metadata and other information associated with files that you upload into our Service. Usage data: We collect usage data about you whenever you interact with our Service, which may include the dates and times you access the Service and your browsing activities (such as what portions of the Service you used, session duration, links clicked, non-sensitive text entered, and mouse movements). We also collect information regarding the performance of the Service, including metrics related to the deliverability of emails and other communications you send through the Service. If you are using our Mobile App, we may collect information about how often you use the Mobile App and other performance data. This information allows us to improve the content and operation of the Service, and facilitate research and analysis of the Service. (iii) Information we collect from other sources: From time to time, we may obtain information about you from third-party sources, such as public databases, social media platforms, third-party data providers, and our joint marketing partners. Examples of the information we receive from other sources include demographic information (such as age and gender), device information (such as IP addresses), location (such as city and state), and online behavioral data (such as information about your use of social media websites, page view information and search results and links). We use this information, alone or in combination with other Personal Information we collect, to enhance our ability to provide relevant marketing and content to you and to develop and provide you with more relevant products, features, and service. B. Use of Personal Information We may use the Personal Information we collect or receive through the Service (alone or in combination with other data we source) for the purposes and on the legal bases identified below: To bill and collect money owed to us by you to perform our contract with you for the use of the Service or where we have not entered into a contract with you, in accordance with our legitimate interests to operate and administer our Service. This includes sending you emails, invoices, receipts, notices of delinquency, and alerting you if we need a different credit card number. We use third parties for secure credit card transaction processing, and those third parties collect billing information to process your orders and credit card payments. To learn more about the steps we take to safeguard that data, see the “Our Security” section of this privacy policy. To send you system alert messages in reliance on our legitimate interests in administering the Service and providing certain features. For example, we may inform you about temporary or permanent changes to our Service, such as planned outages, or send you account, security or compliance notifications, such as new features, version updates, releases, abuse warnings, and changes to this privacy policy. To communicate with you about your account and provide customer support to perform our contract with you for the use of the Service or where we have not entered into a contract with you, in reliance on our legitimate interests in administering and supporting our Service. For example, if you use our Mobile Apps, we may ask you if you want to receive push notifications about activity in your account. If you have opted in to these push notifications and no longer want to receive them, you may turn them off through your operating system. To enforce compliance with our Standard Terms of Use and applicable law, and to protect the rights and safety of our Members in reliance on our legitimate interest to protect against misuse or abuse of our Service and to pursue remedies available. This may include developing tools and algorithms that help us prevent violations. For example, sometimes we review the content our Members send or display to ensure it complies with our Standard Terms of Use. To improve that process, we have software that helps us find content that may violate our Standard Terms of Use. We may or our third-party service provider may also review content that our Members send or display. This benefits all Members who comply with our Standard Terms of Use because it reduces abuse and helps us maintain a reliable platform. Please do not use Mailchimp to send or display confidential information. To meet legal requirements, including complying with court orders, valid discovery requests, valid subpoenas, and other appropriate legal mechanisms. To provide information to representatives and advisors, including attorneys and accountants, to help us comply with legal, accounting, or security requirements in reliance on our legitimate interests. To prosecute and defend a court, arbitration, or similar legal proceeding. To respond to lawful requests by public authorities, including to meet national security or law enforcement requirements. To provide, support and improve the Service to perform our contract with you for the use of the Service or where we have not entered into a contract with you, in reliance on our legitimate interests in administering and improving the Service and providing certain features. For example, this may include improving the navigation and content of the Service and sharing your information with third parties in order to provide and support our Service or to make certain features of the Service available to you. When we share your Personal Information with third parties, we take steps to protect your information in a manner that is consistent with our obligations under applicable privacy laws. For further information about how we share your information, refer to Section 5 below. To provide suggestions to you and to provide tailored features within our Service that optimize and personalize your experience in reliance on our legitimate interests in administering the Service and providing certain features. This includes adding features that compare Members’ email campaigns, using data to suggest other publishers your Contacts may be interested in, or using data to recommend products or services that you may be interested in or that may be relevant to you or your Contacts. Some of these suggestions are generated through analysis of the data used in our data analytics projects, as described below. To perform data analytics projects in reliance on our legitimate business interests in improving and enhancing our products and services for our Members. Our data analytics projects use data from Mailchimp accounts, including Personal Information of Contacts, to provide and improve the Service. We use information like your sending habits and your Contacts’ purchase history, so we can make more informed predictions, decisions, and products for our Members. For example, we use data from Mailchimp accounts to enable product recommendation, audience segmentation, and predicted demographics features for our Members. If you or your Contact prefers not to have their data used for this purpose, you can alter the settings on your account (as described here) to opt out of data analytics projects, or your Contact can opt out of data analytics projects at any time by visiting this page or emailing us at personaldatarequests@mailchimp.com. As always, we take the privacy of Personal Information seriously, and will continue to implement appropriate safeguards to protect this Personal Information from misuse or unauthorized disclosure. To combine and anonymize data about our Members and our Member’s use of the Service in order to create aggregate, anonymized statistics which we may use to provide certain features within the Service and for promoting and improving the Service in reliance on our legitimate interests. To personalize the Service, content and advertisements we serve to you in reliance on our legitimate interests in supporting our marketing activities and providing certain features within the Service. We may use your Personal Information to serve you specifically, such as to deliver marketing information, product recommendations and non-transactional communications (e.g., email, telemarketing calls, SMS, or push notifications) about us, in accordance with your marketing preferences and this privacy policy. C. Third-Party Integrations We may use the Personal Information we collect or receive through the Service, as a processor and as otherwise stated in this privacy policy, to enable your use of the integrations and plugins you choose to connect to your Mailchimp account. For instance, if you choose to connect a Google integration to your Mailchimp account, we’ll ask you to grant us permission to view and/or download, as applicable, your Google Sheets, Google Contacts, Google Analytics and Google Drive. This allows us to configure your Google integration(s) in accordance with your preferences. For example, if you wanted to use the Google Contacts integration to share the templates in your Mailchimp account with contacts in your Google address book, we would need to access your Google Contacts to share your templates. D. Cookies and Tracking Technologies We and our third-party partners may use various technologies to collect and store Service Usage Data when you use our Service (as discussed above), and this may include using cookies and similar tracking technologies, such as pixels, web beacons, and if you use our Mobile Apps, through our SDKs deployed on your mobile device. For example, we use web beacons in the emails we send on your behalf, which enable us to track certain behavior, such as whether the email sent through the Service was delivered and opened and whether links within the email were clicked. Both web beacons and SDKs allow us to collect information such as the recipient’s IP address, browser, email client type and other similar data as further described above details. We use this information to measure the performance of your email campaigns, to provide analytics information, enhance the effectiveness of our Service, and for other purposes described above. Reports are also available to us when we send email to you, so we may collect and review that information. Our use of cookies and other tracking technologies is discussed in more detail in our Cookie Statement available here. E. Member Distribution Lists In order to send an email campaign or use certain features in your account, you need to upload a Distribution List that provides us information about your Contacts, such as their names and email addresses. We use and process this information to provide the Service in accordance with our contract with you or your organization and this privacy policy. A Distribution List can be created in a number of ways, including by importing Contacts, such as through a CSV or directly from your email client. We do not, under any circumstances, sell your Distribution Lists. If someone on your Distribution List complains or contacts us, we might then contact that person. You may export (download) your Distribution Lists from Mailchimp by accessing the “Audience” tab from within your account. If we detect abusive or illegal behavior related to your Distribution List, we may share your Distribution List or portions of it with affected ISPs or anti-spam organizations to the extent permitted or required by applicable law. If a Contact chooses to use the Forward to a Friend (FTF) link in an email campaign a Member sends, it will allow the Contact to share the Member’s email content with individuals not on the Member’s Distribution List. When a Contact forwards an email to a friend, we do not store the Contact’s email address or their friend’s email address, and no one is added to any Distribution List as a result of the FTF link. The Member who created the email campaign only sees an aggregate number of times their email campaign was forwarded by a Contact and does not have access to the email addresses used to share or receive that forwarded content. F. Your Data Protection Rights Depending on the country in which you reside, you may have the following data protection rights: To access; correct; update; port; delete; restrict; or object to our processing of your Personal Information. You can manage your individual account and profile settings within the dashboard provided through the Mailchimp platform, or you may contact us directly by emailing us at personaldatarequests@mailchimp.com. You can also manage information about your Contacts within the dashboard provided through the Mailchimp platform to assist you with responding to requests to access, correct, update, port or delete information that you receive from your Contacts. Note, if any of your Contacts wish to exercise any of these rights, they should contact you directly, or contact us as described in the “Privacy for Contacts” section below. You can also contact us at any time to update your own marketing preferences (see Section 5. General Information, C. Your Choices and Opt-Outs below). Mailchimp takes reasonable steps to ensure that the data we collect is reliable for its intended use, accurate, complete and up to date. The right to complain to a data protection authority about the collection and use of Personal Information. For more information, please contact your local data protection authority. Contact details for data protection authorities in the EEA and UK are available here and Switzerland are available here. Similarly, if Personal Information is collected or processed on the basis of consent, the data subject can withdraw their consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect the processing of your Personal Information conducted in reliance on lawful processing grounds other than consent. If you receive these requests from Contacts, you can segment your lists within the Mailchimp platform to ensure that you only market to Contacts who have not opted out of receiving such marketing. We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection law. We may ask you to verify your identity in order to help us respond efficiently to your request. If we receive a request from one of your Contacts, we will either direct the Contact to reach out to you, or, if appropriate, we may respond directly to their request. 3. Privacy for Contacts This section applies to the information we process about our Members’ Contacts as a data controller. Our Service is intended for use by our Members. As a result, for much of the Personal Information we collect and process about Contacts through the Service, we act as a processor on behalf of our Members. Mailchimp is not responsible for the privacy or security practices of our Members, which may differ from those set forth in this privacy policy. Please check with individual Members about the policies they have in place. For purposes of this section, “you” and “your” refer to Contacts. A. Information We Collect The Personal Information that we may collect or receive about you broadly falls into the following categories: (i) Information we receive about Contacts from our Members: A Member may provide Personal Information about you to us through the Service. When a Member uploads their Distribution List or integrates the Service with another website or service (for example, when a Member chooses to connect their e-commerce account with Mailchimp), or when you sign up for a Member’s Distribution List on a Mailchimp or other signup form, the Member may provide us with certain contact information or other Personal Information about you such as your name, email address, address, or telephone number. You may have the opportunity to update some of this information by electing to update or manage your preferences via an email you receive from a Member. (ii) Information we collect automatically: When you interact with an email campaign that you receive from a Member or browse or purchase from a Member’s connected store, we may collect information about your device and interaction with an email. We use cookies and other tracking technologies to collect some of this information. Our use of cookies and other tracking technologies is discussed more below and in more detail in our Cookie Statement available here. Device information: We collect information about the device and applications you use to access emails sent through our Service, such as your IP address, your operating system, your browser ID, and other information about your system and connection. Usage data: It is important for us to ensure the security and reliability of the Service we provide. Therefore, we also collect usage data about your interactions with campaigns (and/or emails) sent through the Service, which may include dates and times you access campaigns (and/or emails) and your browsing activities (such as what pages are viewed and which emails are opened). This information also allows us to ensure compliance with our Standard Terms of Use and Acceptable Use Policy, to monitor and prevent service abuse, and to ensure we attain certain usage standards and metrics in relation to our Service. We also collect information regarding the performance of the Service, including metrics related to the deliverability of emails and other electronic communications that our Members send through the Service. This information allows us to improve the content and operation of the Service and facilitate research and perform analysis into the use and performance of the Service. (iii) Information we collect from other sources: From time to time, we may obtain information about you from third-party sources, such as social media platforms, and third-party data providers. B. Use of Personal Information We may use the Personal Information we collect or receive about you in reliance on our (and where applicable, our Members’) legitimate interests for the following purposes: To enforce compliance with our Standard Terms of Use and applicable law. This may include utilizing usage data and developing tools and algorithms that help us prevent violations. To protect the rights and safety of Members, third parties, or Mailchimp. For example, sometimes we review the content of our Members’ email campaigns to make sure they comply with our Standard Terms of Use. To improve that process, we have software that helps us find email campaigns that may violate our Standard Terms of Use. We, or our third-party service provider, may review those particular email campaigns, which may include your contact information. This reduces the amount of spam being sent through our servers and helps us maintain high deliverability. To meet legal requirements, including complying with court orders, valid discovery requests, valid subpoenas, and other appropriate legal mechanisms. To provide information to representatives and advisors, including attorneys and accountants, to help us comply with legal, accounting, or security requirements. To prosecute and defend a court, arbitration, or similar legal proceeding. To respond to lawful requests by public authorities, including to meet national security or law enforcement requirements. To provide, support and improve the Service. For example, this may include sharing your information with third parties in order to provide and support our Service or to make certain features of the Service available to our Members. When we share Personal Information with third parties, we take steps to protect your information in a manner that is consistent with applicable privacy laws. For further information about how we share information, refer to Section 5 below. To perform data analytics projects. Our data analytics projects use data from Mailchimp accounts, including your Personal Information, to provide and improve the Service. We use information, like your purchase history, provided to us by Members, so we can make more informed predictions, decisions, and products for our Members. For example, we use data from Mailchimp accounts to enable product recommendation, audience segmentation, and predicted demographics features for our Members. If you prefer your data not to be used in this manner, you can opt out of data analytics projects at any time by completing this form or emailing us at personaldatarequests@mailchimp.com. To carry out other business purposes. To carry out other legitimate business purposes, as well as other lawful purposes about which we will notify you. C. Cookies and Tracking Technologies We and our third-party partners may use various technologies to automatically collect and store certain device and usage information (as discussed above) when you interact with a Member’s email campaign or connected store, and this may include using cookies and similar tracking technologies, such as pixels and web beacons or if a Member is using our Mobile App, we may collect this information through our SDKs deployed on our Members mobile device. For example, we use web beacons in the emails we send on behalf of our Members. When you receive and engage with a Member’s campaign, web beacons track certain behavior such as whether the email sent through the Mailchimp platform was delivered and opened and whether links within the email were clicked. Both web beacons and SDKs allow us to collect information such as your IP address, browser, email client type, and other similar data as further described above. We use this information to measure the performance of our Members’ email campaigns, and to provide analytics information and enhance the effectiveness of our Service, and for the other purposes described above. Our use of cookies and other tracking technologies is discussed in more detail in our Cookie Statement available here. D. Your Data Protection Rights Depending on the country in which you reside, you may have the following data protection rights: To access; correct; update; port; delete; restrict or object to our processing of your Personal Information. For more information about how you can exercise these rights, please see our Privacy Rights Requests form. You also have the right to complain to a data protection authority about our collection and use of your Personal Information. For more information, please contact your local data protection authority. Contact details for data protection authorities in the EEA are available here. As described above, for much of the Personal Information we collect and process about Contacts through the Service, we act as a processor on behalf of our Members. In such cases, if you are a Contact and want to exercise any data protection rights that may be available to you under applicable law or have questions or concerns about how your Personal Information is handled by Mailchimp as a processor on behalf of our individual Members, you should contact the relevant Member that is using the Mailchimp Service, and refer to their separate privacy policies. If you no longer want to be contacted by one of our Members through our Service, please unsubscribe directly from that Member’s newsletter or contact the Member directly to update or delete your data. If you contact us directly, we may either forward your request to the relevant Member or provide you with the identity of the Member to enable you to contact them directly. We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. We may ask you to verify your identity in order to help us respond efficiently to your request. 4. Privacy for Visitors This section applies to Personal Information that we collect and process when you visit the Mailchimp Sites, and in the usual course of our business, such as in connection with our recruitment, events, sales and marketing activities or when you visit our offices. In this section, “you” and “your” refer to Visitors. A. Information We Collect (i) Information you provide to us on the Mailchimp Sites or otherwise: Our Mailchimp Sites offer various ways to contact us, such as through form submissions, email or phone, to inquire about our company and Service. For example, we may ask you to provide certain Personal Information when you express an interest in obtaining information about us or our Service, take part in surveys, subscribe to marketing, apply for a role with Mailchimp, or otherwise contact us. We may also collect Personal Information from you in person when you attend our events or trade shows, if you visit our offices (where you will be required to register as a visitor and provide us with certain information that may also be shared with our service providers) or via a phone call with one of our sales representatives. You may choose to provide additional information when you communicate with us or otherwise interact with us, and we may keep copies of any such communications for our records. The Personal Information we collect may include: Business contact information (such as your name, phone number, email address and country); Professional information (such as your job title, institution or company); Nature of your communication; Marketing information (such as your contact preferences); and Any information you choose to provide to us when completing any ‘free text’ boxes in our forms. (ii) Information we collect automatically through the Mailchimp Sites: When you visit our Mailchimp Sites or interact with our emails, we and our third-party partners use cookies and similar technologies such as pixels or web beacons, alone or in conjunction with cookies, to collect certain information automatically from your browser or device. In some countries, including countries in the EEA, this information may be considered Personal Information under applicable data protection laws. Our use of cookies and other tracking technologies is discussed more below, and in more detail in our Cookie Statement available here. The information we collect automatically includes: Device information: such as your IP address, your browser, operating system, device information, unique device identifiers, mobile network information, request information (speed, frequency, the site from which you linked to us (“referring page”), the name of the website you choose to visit immediately after ours (called “exit page”), information about other websites you have recently visited, the web browser you used (software used to browse the internet) including its type and language), and viewfinder size and scripts errors. Usage data: such as information about how you interact with our emails, Mailchimp Sites, and other websites (such as the pages and files viewed, session duration, links clicked, searches, non-sensitive text entered, mouse movements, operating system and system configuration information and date/time stamps associated with your usage). B. Use of Personal Information We may use the information we collect through our Mailchimp Sites and in connection with our events and marketing activities (alone or in combination with other data we collect) for a range of reasons in reliance on our legitimate interests, including: To provide, operate, optimize, and maintain the Mailchimp Sites. To send you marketing information, product recommendations and non-transactional communications (e.g., email, telemarketing calls, SMS, or push notifications) about us, in accordance with your marketing preferences, including information about our products, services, promotions or events as necessary for our legitimate interest in conducting direct marketing or to the extent you have provided your prior consent. For recruitment purposes if you have applied for a role with Mailchimp. To respond to your online inquiries and requests, and to provide you with information and access to resources or services that you have requested from us. To manage the Mailchimp Sites and system administration and security. To manage event registrations and attendance, including sending related communications to you. To register visitors to our offices for security reasons and to manage non-disclosure agreements that visitors may be required to sign. To improve the navigation and content of the Mailchimp Sites. To identify any server problems or other IT or network issues. To process transactions and to set up online accounts. To compile aggregated statistics about site usage and to better understand the preferences of our Visitors. To help us provide, improve and personalize our marketing activities. To facilitate the security and continued proper functioning of the Mailchimp Sites. To carry out research and development to improve our Mailchimp Sites, products and services. To conduct marketing research, advertise to you, provide personalized information about us on and off our Mailchimp Sites, and to provide other personalized content based on your activities and interests to the extent necessary for our legitimate interests in supporting our marketing activities or advertising our Service or instances where we seek your consent. To carry out other legitimate business purposes, as well as other lawful purposes, such as data analysis, fraud monitoring and prevention, identifying usage trends and expanding our business activities in reliance on our legitimate interests. To cooperate with public and government authorities, courts or regulators in accordance with our legal obligations under applicable laws to the extent this requires the processing or disclosure of Personal Information to protect our rights or is necessary for our legitimate interest in protecting against misuse or abuse of our Mailchimp Sites and Service, protecting personal property or safety, pursuing remedies available to us and limiting our damages, complying with judicial proceedings, court orders or legal processes, or responding to lawful requests. C. Public Information and Third-Party Websites Blog. We have public blogs on the Mailchimp Sites. Any information you include in a comment on our blog may be read, collected, and used by anyone. If your Personal Information appears on our blogs and you want it removed, contact us here. If we are unable to remove your information, we will tell you why. Social media platforms and widgets. The Mailchimp Sites include social media features, such as the Facebook Like button. These features may collect information about your IP address and which page you are visiting on our Mailchimp Site, and they may set a cookie to make sure the feature functions properly. Social media features and widgets are either hosted by a third party or hosted directly on our Mailchimp Site. We also maintain presences on social media platforms, including Facebook, Twitter, and Instagram. Any information, communications, or materials you submit to us via a social media platform is done at your own risk without any expectation of privacy. We cannot control the actions of other users of these platforms or the actions of the platforms themselves. Your interactions with those features and platforms are governed by the privacy policies of the companies that provide them. Links to third-party websites. The Mailchimp Sites include links to other websites, whose privacy practices may be different from ours. If you submit Personal Information to any of those sites, your information is governed by their privacy policies. We encourage you to carefully read the privacy policy of any website you visit. Contests and sweepstakes. We may, from time to time, offer surveys, contests, sweepstakes, or other promotions on the Mailchimp Sites or through social media (collectively, “Promotions”). Participation in our Promotions is completely voluntary. Information requested for entry may include Personal Information such as your name, address, date of birth, phone number, email address, username, and similar details. We use the information you provide to administer our Promotions. We may also, unless prohibited by the Promotion’s rules or law, use the information provided to communicate with you, or other people you select, about our Service. We may share this information with our subsidiaries or Affiliates and other organizations or service providers in line with this privacy policy and the rules posted for our Promotions. D. Cookies and Tracking Technologies We and our third-party partners use cookies and similar tracking technologies to collect and use Personal Information about you, including to serve interest-based advertising about Mailchimp and its Affiliates. For further information about the types of cookies and tracking technologies we use, why, and how you can control them, please see our Cookie Statement available here. E. Other Data Protection Rights Depending on the country in which you reside, you may have the following data protection rights: To access; correct; update; port; delete; restrict or object to our processing of your Personal Information. You can exercise these rights by visiting this page or by emailing personaldatarequests@mailchimp.com. You may also have the right to complain to a data protection authority about our collection and use of your Personal Information. For more information, please contact your local data protection authority. Contact details for data protection authorities in the EEA are available here. Similarly, if we have collected and processed your Personal Information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect the processing of your Personal Information conducted in reliance on lawful processing grounds other than consent. You can also contact us at any time to update your marketing preferences (see Section 5. General Information, C. Your Choices and Opt-Outs below). We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. We may ask you to verify your identity in order to help us respond efficiently to your request. 5. General Information A. How We Share Information We may share and disclose your Personal Information with our subsidiaries or Affiliates and to the following types of third parties for the purposes described in this privacy policy (for purposes of this section, “you” and “your” refer to Members, Contacts, and Visitors unless otherwise indicated). Our subsidiaries and Affiliates include Courier Holdings Ltd. located in the United Kingdom. You can learn more about Courier and its privacy practices here. (i) Our service providers: Sometimes, we share your information with our third-party service providers working on our behalf for the purposes described in this privacy policy. For example, companies we’ve hired to help us provide and support our Service or assist in protecting and securing our systems and services and other business-related functions. Other examples include analyzing data, hosting data, engaging technical support for our Service, processing payments, and delivering content. We use YouTube’s API services in connection with our Service to provide certain features. As such, you acknowledge and agree that by signing up for an account and using the Service, you are also bound by Google’s Privacy Policy. In addition to the rights set forth in Section 2, you may manage your YouTube API data by visiting Google’s security settings page at https://security.google.com/settings/security/permissions In connection with our Service, we also use a third-party service provider, Twilio, Inc. We use Twilio’s API, which allows us to build features into our Mailchimp application to enable us to communicate with our Members through texting and calling, and their “Authy” product, which we use for two-factor authentication for our application. If you are a Member, Twilio may need to collect and process certain Personal Information about you as a controller to provide such services. To learn more about Twilio’s privacy practices, please visit https://www.twilio.com/legal/privacy (ii) Advertising partners: We may partner with third-party advertising networks, exchanges, and social media platforms (like Facebook) to display advertising on the Mailchimp Sites or to manage and serve our advertising on other sites, and we may share Personal Information of Members and Visitors with them for this purpose. We and our third-party partners may use cookies and other similar tracking technologies, such as pixels and web beacons, to gather information about your activities on the Mailchimp Sites and other sites in order to provide you with targeted advertising based on your browsing activities and interests. For more information, please see our Cookie Statement available here. (iii) Any competent law enforcement body, regulatory body, government agency, court or other third party where we believe disclosure is necessary (a) as a matter of applicable law or regulation, (b) to exercise, establish, or defend our legal rights, or (c) to protect your vital interests or those of any other person. (iv) A potential buyer (and its agents and advisors) in the case of a sale, merger, consolidation, liquidation, reorganization, or acquisition. In that event, any acquirer will be subject to our obligations under this privacy policy, including your rights to access and choice. We will notify you of the change either by sending you an email or posting a notice on our Mailchimp Site. (v) Any other person with your consent. We may also share anonymized, aggregated information with selected third parties for statistical purposes. B. Legal Basis for Processing Personal Information (EEA and UK Persons Only) If you are located in the EEA or UK, our legal basis for collecting and using the Personal Information described above will depend on the Personal Information concerned and the specific context in which we collect it. However, we will normally collect and use Personal Information from you where the processing is in our legitimate interests and not overridden by your data-protection interests or fundamental rights and freedoms. Our legitimate interests are described in more detail in this privacy policy in the sections above titled “Use of Personal Information”, but they typically include improving, maintaining, providing, and enhancing our technology, products, and services; ensuring the security of the Service and our Mailchimp Sites; and supporting our marketing activities. If you are a Member, we may need the Personal Information to perform a contract with you. In some limited cases, we may also have a legal obligation to collect Personal Information from you. If we ask you to provide Personal Information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your Personal Information is mandatory or not, as well as of the possible consequences if you do not provide your Personal Information. Where required by law, we will collect Personal Information only where we have your consent to do so. If you have questions or need further information concerning the legal basis on which we collect and use your Personal Information, please contact us using the contact details provided in the “Questions and Concerns” section below. C. Your Choices and Opt-Outs Members and Visitors who have opted in to our marketing emails can opt out of receiving marketing emails from us at any time by clicking the “unsubscribe” link at the bottom of our marketing messages. Also, all opt-out requests can be made by emailing us using the contact details provided in the “Questions and Concerns” section below. Please note that some communications (such as service messages, account notifications, billing information) are considered transactional and necessary for account management, and Members cannot opt out of these messages unless you cancel your Mailchimp account. D. Our Security We take appropriate and reasonable technical and organizational measures designed to protect Personal Information from loss, misuse, unauthorized access, disclosure, alteration, and destruction, taking into account the risks involved in the processing and the nature of the Personal Information. For further information about our security practices, please see our Security page available here. If you have any questions about the security of your Personal Information, you may contact us at privacy@mailchimp.com. Mailchimp accounts require a username and password to log in. Members must keep their username and password secure, and never disclose it to a third party. Because the information in a Member’s Mailchimp account is private, account passwords are hashed, which means we cannot see a Member’s password. We cannot resend forgotten passwords either. We will only provide Members with instructions on how to reset them. E. International Transfers (i) We operate in the United States Our servers and offices are located in the United States, so your information may be transferred to, stored, or processed in the United States. While the data protection, privacy, and other laws of the United States might not be as comprehensive as those in your country, we take many steps to protect your privacy, including offering our Members a Data Processing Agreement available here. (ii) Data transfers from Switzerland, United Kingdom, or the EEA to the United States Mailchimp participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. We are committed to subjecting all Personal Information received from EEA member countries, United Kingdom, and Switzerland, respectively, in reliance on each Privacy Shield Framework, to each Framework’s applicable Principles. To learn more about the Privacy Shield Frameworks, and to view our certification, visit the U.S. Department of Commerce’s Privacy Shield website available here. A list of Privacy Shield participants is maintained by the Department of Commerce and is available here. Mailchimp is responsible for the processing of Personal Information we receive under each Privacy Shield Framework and subsequently transfer to a third party acting as an agent on our behalf. We comply with the Privacy Shield Principles for all onward transfers of Personal Information from the EEA, United Kingdom, and Switzerland, including the onward transfer liability provisions. With respect to Personal Information received or transferred pursuant to the Privacy Shield Frameworks, we are subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge to you) at https://feedback-form.truste.com/watchdog/request. Under certain conditions, more fully described on the Privacy Shield website, here, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted. Members located in Switzerland, United Kingdom, and the EEA are subject to our Data Processing Addendum available here, as described in our Standard Terms of Use. (iii) Members, Contacts and Visitors located in Australia If you are a Member, Contact or Visitor who accesses our Service in Australia, this section applies to you. We are subject to the operation of the Privacy Act 1988 (“Australian Privacy Act”). Here are the specific points you should be aware of: As stated in our Acceptable Use Policy available here, sensitive personal information is not permitted on Mailchimp’s platform and Members are prohibited from importing or incorporating any sensitive personal information into their Mailchimp accounts or uploading any sensitive personal information to Mailchimp’s servers. Please note that if you do not provide us with your Personal Information or if you withdraw your consent for us to collect, use and disclose your Personal Information, we may be unable to provide the Service to you. Where we collect Personal Information of our Visitors, the Personal Information we ask you to provide will be information that is reasonably necessary for, or directly related to, one or more of our functions or activities. Please see Section 4, of this privacy policy for examples of the types of Personal Information we may ask Visitors to provide. Where we say we assume an obligation about Personal Information, we will also require our contractors and subcontractors to undertake a similar obligation. We will not use or disclose Personal Information for the purpose of our direct marketing to you unless: you have consented to receive direct marketing; you would reasonably expect us to use your personal details for marketing; or we believe you may be interested in the material but it is impractical for us to obtain your consent. You may opt out of any marketing materials we send to you through an unsubscribe mechanism. If you have requested not to receive further direct marketing messages, we may continue to provide you with messages that are not regarded as “direct marketing” under the Australian Privacy Act, including changes to our terms, system alerts, and other information related to your account as permitted under the Australian Privacy Act and the Spam Act 2003 (Cth). Our servers are located in the United States. In addition, we or our subcontractors may use cloud technology to store or process Personal Information, which may result in storage of data outside Australia. It is not practicable for us to specify in advance which country will have jurisdiction over this type of offshore activity. All of our subcontractors, however, are required to comply with the Australian Privacy Act in relation to the transfer or storage of Personal Information overseas. We may also share your Personal Information outside of Australia to our business operations in other countries. While it is not practicable for us to specify in advance each country where your Personal Information may be disclosed, typically we may disclose your Personal Information to the United States, Canada and the European Union. You may access the Personal Information we hold about you. If you wish to access your Personal Information, you may do so by visiting this page, or by emailing us at personaldatarequests@mailchimp.com. We will respond to all requests for access within a reasonable time. If you think the information we hold about you is inaccurate, out of date, incomplete, irrelevant, or misleading, we will take reasonable steps, consistent with our obligations under the Australian Privacy Act, to correct that information upon your request. If you find that the information we have is not up to date or is inaccurate or incomplete, please contact us in writing at dpo@mailchimp.com, so we can update our records. We will respond to all requests for correction within a reasonable time. If you are unsatisfied with our response to a privacy matter, you may consult either an independent advisor or contact the Office of the Australian Information Commissioner for additional help. We will provide our full cooperation if you pursue this course of action. F. Retention of Data We retain Personal Information where we have an ongoing legitimate business or legal need to do so. Our retention periods will vary depending on the type of data involved, but, generally, we’ll refer to these criteria in order to determine retention period: Whether we have a legal or contractual need to retain the data. Whether the data is necessary to provide our Service. Whether our Members have the ability to access and delete the data within their Mailchimp accounts. Whether our Members would reasonably expect that we would retain the data until they remove it or until their Mailchimp accounts are closed or terminated. When we have no ongoing legitimate business need to process your Personal Information, we will either delete or anonymize it or, if this is not possible (for example, because your Personal Information has been stored in backup archives), then we will securely store your Personal Information and isolate it from any further processing until deletion is possible. G. California Privacy The California Consumer Privacy Act (“CCPA”) provides consumers with specific rights regarding their Personal Information. You have the right to request that businesses subject to the CCPA (which may include our Members with whom you have a relationship) disclose certain information to you about their collection and use of your Personal Information over the past 12 months. In addition, you have the right to ask such businesses to delete Personal Information collected from you, subject to certain exceptions. If the business sells Personal Information, you have a right to opt-out of that sale. Finally, a business cannot discriminate against you for exercising a CCPA right. When offering services to its Members, Mailchimp acts as a “service provider” under the CCPA and our receipt and collection of any consumer Personal Information is completed on behalf of our Members in order for us to provide the Service. Please direct any requests for access or deletion of your Personal Information under the CCPA to the Member with whom you have a direct relationship. Consistent with California law, if you choose to exercise your applicable CCPA rights, we won’t charge you different prices or provide you a different quality of services. If we ever offer a financial incentive or product enhancement that is contingent upon you providing your Personal Information, we will not do so unless the benefits to you are reasonably related to the value of the Personal Information that you provide to us. H. Do not Track Certain state laws require us to indicate whether we honor “Do Not Track” settings in your browser. Mailchimp adheres to the standards set out in this Privacy Policy and does not monitor or follow any Do Not Track browser requests. I. Changes to this Policy We may change this privacy policy at any time and from time to time. The most recent version of the privacy policy is reflected by the version date located at the top of this privacy policy. All updates and amendments are effective immediately upon notice, which we may give by any means, including, but not limited to, by posting a revised version of this privacy policy or other notice on the Mailchimp Sites. We encourage you to review this privacy policy often to stay informed of changes that may affect you. Our electronically or otherwise properly stored copies of this privacy policy are each deemed to be the true, complete, valid, authentic, and enforceable copy of the version of this privacy policy that was in effect on each respective date you visited the Mailchimp Site. J. Questions & Concerns If you have any questions or comments, or if you have a concern about the way in which we have handled any privacy matter, please use our contact form to send us a message. You may also contact us by postal mail or email at: For EEA, Swiss and UK Residents: For the purposes of EU data protection legislation, The Rocket Science Group LLC d/b/a Mailchimp is the controller of your Personal Information. Our Data Protection Officer can be contacted at dpo@mailchimp.com. For any other Residents: The Rocket Science Group LLC d/b/a Mailchimp Attn. Privacy Officer privacy@mailchimp.com 675 Ponce de Leon Ave NE, Suite 5000 Atlanta, GA 30308 ](Updated February 17, 2021 Mailchimp takes data privacy seriously. This privacy policy explains who we are, how we collect, share and use Personal Information, and how you can exercise your privacy rights. We recommend that you read this privacy policy in full to ensure you are fully informed. However, to make it easier for you to review the parts of this privacy policy that apply to you, we have divided up the document into sections that are specifically applicable to Members (Section 2), Contacts (Section 3), and Visitors (Section 4). Sections 1 and 5 are applicable to everyone. If you have any questions or concerns about our use of your Personal Information, then please contact us using the contact details provided at the end of Section 5. To the extent we provide you with notice of different or additional privacy policies, those policies will govern such interactions. TRUSTe 1. The Basics A. About Us Mailchimp is an online marketing platform operated by The Rocket Science Group LLC, a company headquartered in the State of Georgia in the United States (“we,” “us,” “our,” and “Mailchimp”). Our Service enables our Members to, among other things, send and manage email campaigns across channels, serve advertisements, and create Websites and Landing Pages. We also provide other related services, such as real-time data analytics and insights to help our Members track and personalize their marketing activities. Find out more about our Service here. B. Key Terms In this privacy policy, these terms have the following meanings: “Affiliate” means an entity that directly or indirectly Controls, is Controlled by or is under common Control with an entity. “Contact” is a person a Member may contact through our Service. In other words, a Contact is anyone on a Member’s Distribution List about whom a Member has given us information or is anyone who has otherwise interacted with a Member via the Service. For example, if you are a Member, a subscriber to your email marketing campaigns or a shopper to your Website or Landing Page would be considered a Contact. “Control” means an ownership, voting or similar interest representing fifty percent (50%) or more of the total interests then outstanding of the entity in question. The term “Controlled” shall be construed accordingly. “Distribution List” is a list of Contacts a Member may upload or manage on our platform and all associated information related to those Contacts (for example, email addresses). “Mailchimp Site(s)” has the meaning given to it in our Standard Terms of Use. “Member” means any person or entity that is registered with us to use the Service. “Mobile App(s)” means any one or all of the Mailchimp applications available for Members to use on their mobile devices. “Personal Information” means any information that identifies or can be used to identify an individual directly or indirectly. Examples of Personal Information include, but are not limited to, first and last name, date of birth, email address, gender, occupation, or other demographic information. “Service” has the meaning given to it in our Standard Terms of Use. “Visitor” means, depending on the context, any person who visits any of our Mailchimp Sites, offices, or otherwise engages with us at our events or in connection with our marketing or recruitment activities. “you” and “your” means, depending on the context, either a Member, a Contact, or a Visitor. 2. Privacy for Members This section applies to the Personal Information we collect and process from a Member or potential Member through the provision of the Service. If you are not a Member, the Visitors or Contacts section of this policy may be more applicable to you and your data. In this section, “you” and “your” refer to Members and potential Members. A. Information We Collect The Personal Information that we collect depends on the context of your interactions with Mailchimp, your Mailchimp account settings, the products and features you use, your location, and applicable law. However, the Personal Information we collect broadly falls into the following categories: (i) Information you provide to us: You (or your organization) may provide certain Personal Information to us when you sign up for a Mailchimp account and use the Service, consult with our customer service team, send us an email, integrate the Service with another website or service (for example, when you choose to connect your e-commerce account with Mailchimp), or communicate with us in any other way. This information may include: Business contact information (such as your name, job title, organization, location, phone number, email address, and country); Marketing information (such as your contact preferences); Account log-in credentials (such as your email address or username and password when you sign up for an account with us); Troubleshooting and support data (which is data you provide or we otherwise collect in connection with support queries we receive from you. This may include contact or authentication data, the content of your chats and other communications with us, and the product or service you are using related to your help inquiry); and Payment information (including your credit card numbers and associated identifiers and billing address). (ii) Information we collect automatically: When you use the Service, we and our third-party partners may automatically collect or receive certain information about your device and usage of the Service (collectively “Service Usage Data”). In some (but not all) countries, including countries in the European Economic Area (“EEA”), this information is considered Personal Information under applicable data protection laws. We and our third-party partners use cookies and other tracking technologies to collect some of this information. If you are using our Mobile App, we may collect this information using our software development kits (“SDKs”) or APIs the first time the SDK or API is initiated on your Mobile App. For further information, please review the section below and our Cookie Statement available here. Service Usage Data may include: Device information: We collect information about the device and applications you use to access the Service, such as your IP address, your operating system, your browser ID, viewfinder size, and other information about your system and connection. If you are using our Mobile App, we may also collect information about the cellular network associated with your mobile device, your mobile device’s operating system or platform, the type of mobile device you use, your mobile device’s name and unique device ID, and information about the features of our Mobile App that you accessed. Log data: Our web servers keep log files that record data each time a device accesses those servers and the nature of each access, including originating IP addresses and your activity in the Service (such as the date/time stamps associated with your usage, pages and files viewed, searches and other actions you take (for example, which features you used)), device event information (such as system activity, error reports (sometimes called ‘crash dumps’)), and hardware settings. We may also access metadata and other information associated with files that you upload into our Service. Usage data: We collect usage data about you whenever you interact with our Service, which may include the dates and times you access the Service and your browsing activities (such as what portions of the Service you used, session duration, links clicked, non-sensitive text entered, and mouse movements). We also collect information regarding the performance of the Service, including metrics related to the deliverability of emails and other communications you send through the Service. If you are using our Mobile App, we may collect information about how often you use the Mobile App and other performance data. This information allows us to improve the content and operation of the Service, and facilitate research and analysis of the Service. (iii) Information we collect from other sources: From time to time, we may obtain information about you from third-party sources, such as public databases, social media platforms, third-party data providers, and our joint marketing partners. Examples of the information we receive from other sources include demographic information (such as age and gender), device information (such as IP addresses), location (such as city and state), and online behavioral data (such as information about your use of social media websites, page view information and search results and links). We use this information, alone or in combination with other Personal Information we collect, to enhance our ability to provide relevant marketing and content to you and to develop and provide you with more relevant products, features, and service. B. Use of Personal Information We may use the Personal Information we collect or receive through the Service (alone or in combination with other data we source) for the purposes and on the legal bases identified below: To bill and collect money owed to us by you to perform our contract with you for the use of the Service or where we have not entered into a contract with you, in accordance with our legitimate interests to operate and administer our Service. This includes sending you emails, invoices, receipts, notices of delinquency, and alerting you if we need a different credit card number. We use third parties for secure credit card transaction processing, and those third parties collect billing information to process your orders and credit card payments. To learn more about the steps we take to safeguard that data, see the “Our Security” section of this privacy policy. To send you system alert messages in reliance on our legitimate interests in administering the Service and providing certain features. For example, we may inform you about temporary or permanent changes to our Service, such as planned outages, or send you account, security or compliance notifications, such as new features, version updates, releases, abuse warnings, and changes to this privacy policy. To communicate with you about your account and provide customer support to perform our contract with you for the use of the Service or where we have not entered into a contract with you, in reliance on our legitimate interests in administering and supporting our Service. For example, if you use our Mobile Apps, we may ask you if you want to receive push notifications about activity in your account. If you have opted in to these push notifications and no longer want to receive them, you may turn them off through your operating system. To enforce compliance with our Standard Terms of Use and applicable law, and to protect the rights and safety of our Members in reliance on our legitimate interest to protect against misuse or abuse of our Service and to pursue remedies available. This may include developing tools and algorithms that help us prevent violations. For example, sometimes we review the content our Members send or display to ensure it complies with our Standard Terms of Use. To improve that process, we have software that helps us find content that may violate our Standard Terms of Use. We may or our third-party service provider may also review content that our Members send or display. This benefits all Members who comply with our Standard Terms of Use because it reduces abuse and helps us maintain a reliable platform. Please do not use Mailchimp to send or display confidential information. To meet legal requirements, including complying with court orders, valid discovery requests, valid subpoenas, and other appropriate legal mechanisms. To provide information to representatives and advisors, including attorneys and accountants, to help us comply with legal, accounting, or security requirements in reliance on our legitimate interests. To prosecute and defend a court, arbitration, or similar legal proceeding. To respond to lawful requests by public authorities, including to meet national security or law enforcement requirements. To provide, support and improve the Service to perform our contract with you for the use of the Service or where we have not entered into a contract with you, in reliance on our legitimate interests in administering and improving the Service and providing certain features. For example, this may include improving the navigation and content of the Service and sharing your information with third parties in order to provide and support our Service or to make certain features of the Service available to you. When we share your Personal Information with third parties, we take steps to protect your information in a manner that is consistent with our obligations under applicable privacy laws. For further information about how we share your information, refer to Section 5 below. To provide suggestions to you and to provide tailored features within our Service that optimize and personalize your experience in reliance on our legitimate interests in administering the Service and providing certain features. This includes adding features that compare Members’ email campaigns, using data to suggest other publishers your Contacts may be interested in, or using data to recommend products or services that you may be interested in or that may be relevant to you or your Contacts. Some of these suggestions are generated through analysis of the data used in our data analytics projects, as described below. To perform data analytics projects in reliance on our legitimate business interests in improving and enhancing our products and services for our Members. Our data analytics projects use data from Mailchimp accounts, including Personal Information of Contacts, to provide and improve the Service. We use information like your sending habits and your Contacts’ purchase history, so we can make more informed predictions, decisions, and products for our Members. For example, we use data from Mailchimp accounts to enable product recommendation, audience segmentation, and predicted demographics features for our Members. If you or your Contact prefers not to have their data used for this purpose, you can alter the settings on your account (as described here) to opt out of data analytics projects, or your Contact can opt out of data analytics projects at any time by visiting this page or emailing us at personaldatarequests@mailchimp.com. As always, we take the privacy of Personal Information seriously, and will continue to implement appropriate safeguards to protect this Personal Information from misuse or unauthorized disclosure. To combine and anonymize data about our Members and our Member’s use of the Service in order to create aggregate, anonymized statistics which we may use to provide certain features within the Service and for promoting and improving the Service in reliance on our legitimate interests. To personalize the Service, content and advertisements we serve to you in reliance on our legitimate interests in supporting our marketing activities and providing certain features within the Service. We may use your Personal Information to serve you specifically, such as to deliver marketing information, product recommendations and non-transactional communications (e.g., email, telemarketing calls, SMS, or push notifications) about us, in accordance with your marketing preferences and this privacy policy. C. Third-Party Integrations We may use the Personal Information we collect or receive through the Service, as a processor and as otherwise stated in this privacy policy, to enable your use of the integrations and plugins you choose to connect to your Mailchimp account. For instance, if you choose to connect a Google integration to your Mailchimp account, we’ll ask you to grant us permission to view and/or download, as applicable, your Google Sheets, Google Contacts, Google Analytics and Google Drive. This allows us to configure your Google integration(s) in accordance with your preferences. For example, if you wanted to use the Google Contacts integration to share the templates in your Mailchimp account with contacts in your Google address book, we would need to access your Google Contacts to share your templates. D. Cookies and Tracking Technologies We and our third-party partners may use various technologies to collect and store Service Usage Data when you use our Service (as discussed above), and this may include using cookies and similar tracking technologies, such as pixels, web beacons, and if you use our Mobile Apps, through our SDKs deployed on your mobile device. For example, we use web beacons in the emails we send on your behalf, which enable us to track certain behavior, such as whether the email sent through the Service was delivered and opened and whether links within the email were clicked. Both web beacons and SDKs allow us to collect information such as the recipient’s IP address, browser, email client type and other similar data as further described above details. We use this information to measure the performance of your email campaigns, to provide analytics information, enhance the effectiveness of our Service, and for other purposes described above. Reports are also available to us when we send email to you, so we may collect and review that information. Our use of cookies and other tracking technologies is discussed in more detail in our Cookie Statement available here. E. Member Distribution Lists In order to send an email campaign or use certain features in your account, you need to upload a Distribution List that provides us information about your Contacts, such as their names and email addresses. We use and process this information to provide the Service in accordance with our contract with you or your organization and this privacy policy. A Distribution List can be created in a number of ways, including by importing Contacts, such as through a CSV or directly from your email client. We do not, under any circumstances, sell your Distribution Lists. If someone on your Distribution List complains or contacts us, we might then contact that person. You may export (download) your Distribution Lists from Mailchimp by accessing the “Audience” tab from within your account. If we detect abusive or illegal behavior related to your Distribution List, we may share your Distribution List or portions of it with affected ISPs or anti-spam organizations to the extent permitted or required by applicable law. If a Contact chooses to use the Forward to a Friend (FTF) link in an email campaign a Member sends, it will allow the Contact to share the Member’s email content with individuals not on the Member’s Distribution List. When a Contact forwards an email to a friend, we do not store the Contact’s email address or their friend’s email address, and no one is added to any Distribution List as a result of the FTF link. The Member who created the email campaign only sees an aggregate number of times their email campaign was forwarded by a Contact and does not have access to the email addresses used to share or receive that forwarded content. F. Your Data Protection Rights Depending on the country in which you reside, you may have the following data protection rights: To access; correct; update; port; delete; restrict; or object to our processing of your Personal Information. You can manage your individual account and profile settings within the dashboard provided through the Mailchimp platform, or you may contact us directly by emailing us at personaldatarequests@mailchimp.com. You can also manage information about your Contacts within the dashboard provided through the Mailchimp platform to assist you with responding to requests to access, correct, update, port or delete information that you receive from your Contacts. Note, if any of your Contacts wish to exercise any of these rights, they should contact you directly, or contact us as described in the “Privacy for Contacts” section below. You can also contact us at any time to update your own marketing preferences (see Section 5. General Information, C. Your Choices and Opt-Outs below). Mailchimp takes reasonable steps to ensure that the data we collect is reliable for its intended use, accurate, complete and up to date. The right to complain to a data protection authority about the collection and use of Personal Information. For more information, please contact your local data protection authority. Contact details for data protection authorities in the EEA and UK are available here and Switzerland are available here. Similarly, if Personal Information is collected or processed on the basis of consent, the data subject can withdraw their consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect the processing of your Personal Information conducted in reliance on lawful processing grounds other than consent. If you receive these requests from Contacts, you can segment your lists within the Mailchimp platform to ensure that you only market to Contacts who have not opted out of receiving such marketing. We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection law. We may ask you to verify your identity in order to help us respond efficiently to your request. If we receive a request from one of your Contacts, we will either direct the Contact to reach out to you, or, if appropriate, we may respond directly to their request. 3. Privacy for Contacts This section applies to the information we process about our Members’ Contacts as a data controller. Our Service is intended for use by our Members. As a result, for much of the Personal Information we collect and process about Contacts through the Service, we act as a processor on behalf of our Members. Mailchimp is not responsible for the privacy or security practices of our Members, which may differ from those set forth in this privacy policy. Please check with individual Members about the policies they have in place. For purposes of this section, “you” and “your” refer to Contacts. A. Information We Collect The Personal Information that we may collect or receive about you broadly falls into the following categories: (i) Information we receive about Contacts from our Members: A Member may provide Personal Information about you to us through the Service. When a Member uploads their Distribution List or integrates the Service with another website or service (for example, when a Member chooses to connect their e-commerce account with Mailchimp), or when you sign up for a Member’s Distribution List on a Mailchimp or other signup form, the Member may provide us with certain contact information or other Personal Information about you such as your name, email address, address, or telephone number. You may have the opportunity to update some of this information by electing to update or manage your preferences via an email you receive from a Member. (ii) Information we collect automatically: When you interact with an email campaign that you receive from a Member or browse or purchase from a Member’s connected store, we may collect information about your device and interaction with an email. We use cookies and other tracking technologies to collect some of this information. Our use of cookies and other tracking technologies is discussed more below and in more detail in our Cookie Statement available here. Device information: We collect information about the device and applications you use to access emails sent through our Service, such as your IP address, your operating system, your browser ID, and other information about your system and connection. Usage data: It is important for us to ensure the security and reliability of the Service we provide. Therefore, we also collect usage data about your interactions with campaigns (and/or emails) sent through the Service, which may include dates and times you access campaigns (and/or emails) and your browsing activities (such as what pages are viewed and which emails are opened). This information also allows us to ensure compliance with our Standard Terms of Use and Acceptable Use Policy, to monitor and prevent service abuse, and to ensure we attain certain usage standards and metrics in relation to our Service. We also collect information regarding the performance of the Service, including metrics related to the deliverability of emails and other electronic communications that our Members send through the Service. This information allows us to improve the content and operation of the Service and facilitate research and perform analysis into the use and performance of the Service. (iii) Information we collect from other sources: From time to time, we may obtain information about you from third-party sources, such as social media platforms, and third-party data providers. B. Use of Personal Information We may use the Personal Information we collect or receive about you in reliance on our (and where applicable, our Members’) legitimate interests for the following purposes: To enforce compliance with our Standard Terms of Use and applicable law. This may include utilizing usage data and developing tools and algorithms that help us prevent violations. To protect the rights and safety of Members, third parties, or Mailchimp. For example, sometimes we review the content of our Members’ email campaigns to make sure they comply with our Standard Terms of Use. To improve that process, we have software that helps us find email campaigns that may violate our Standard Terms of Use. We, or our third-party service provider, may review those particular email campaigns, which may include your contact information. This reduces the amount of spam being sent through our servers and helps us maintain high deliverability. To meet legal requirements, including complying with court orders, valid discovery requests, valid subpoenas, and other appropriate legal mechanisms. To provide information to representatives and advisors, including attorneys and accountants, to help us comply with legal, accounting, or security requirements. To prosecute and defend a court, arbitration, or similar legal proceeding. To respond to lawful requests by public authorities, including to meet national security or law enforcement requirements. To provide, support and improve the Service. For example, this may include sharing your information with third parties in order to provide and support our Service or to make certain features of the Service available to our Members. When we share Personal Information with third parties, we take steps to protect your information in a manner that is consistent with applicable privacy laws. For further information about how we share information, refer to Section 5 below. To perform data analytics projects. Our data analytics projects use data from Mailchimp accounts, including your Personal Information, to provide and improve the Service. We use information, like your purchase history, provided to us by Members, so we can make more informed predictions, decisions, and products for our Members. For example, we use data from Mailchimp accounts to enable product recommendation, audience segmentation, and predicted demographics features for our Members. If you prefer your data not to be used in this manner, you can opt out of data analytics projects at any time by completing this form or emailing us at personaldatarequests@mailchimp.com. To carry out other business purposes. To carry out other legitimate business purposes, as well as other lawful purposes about which we will notify you. C. Cookies and Tracking Technologies We and our third-party partners may use various technologies to automatically collect and store certain device and usage information (as discussed above) when you interact with a Member’s email campaign or connected store, and this may include using cookies and similar tracking technologies, such as pixels and web beacons or if a Member is using our Mobile App, we may collect this information through our SDKs deployed on our Members mobile device. For example, we use web beacons in the emails we send on behalf of our Members. When you receive and engage with a Member’s campaign, web beacons track certain behavior such as whether the email sent through the Mailchimp platform was delivered and opened and whether links within the email were clicked. Both web beacons and SDKs allow us to collect information such as your IP address, browser, email client type, and other similar data as further described above. We use this information to measure the performance of our Members’ email campaigns, and to provide analytics information and enhance the effectiveness of our Service, and for the other purposes described above. Our use of cookies and other tracking technologies is discussed in more detail in our Cookie Statement available here. D. Your Data Protection Rights Depending on the country in which you reside, you may have the following data protection rights: To access; correct; update; port; delete; restrict or object to our processing of your Personal Information. For more information about how you can exercise these rights, please see our Privacy Rights Requests form. You also have the right to complain to a data protection authority about our collection and use of your Personal Information. For more information, please contact your local data protection authority. Contact details for data protection authorities in the EEA are available here. As described above, for much of the Personal Information we collect and process about Contacts through the Service, we act as a processor on behalf of our Members. In such cases, if you are a Contact and want to exercise any data protection rights that may be available to you under applicable law or have questions or concerns about how your Personal Information is handled by Mailchimp as a processor on behalf of our individual Members, you should contact the relevant Member that is using the Mailchimp Service, and refer to their separate privacy policies. If you no longer want to be contacted by one of our Members through our Service, please unsubscribe directly from that Member’s newsletter or contact the Member directly to update or delete your data. If you contact us directly, we may either forward your request to the relevant Member or provide you with the identity of the Member to enable you to contact them directly. We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. We may ask you to verify your identity in order to help us respond efficiently to your request. 4. Privacy for Visitors This section applies to Personal Information that we collect and process when you visit the Mailchimp Sites, and in the usual course of our business, such as in connection with our recruitment, events, sales and marketing activities or when you visit our offices. In this section, “you” and “your” refer to Visitors. A. Information We Collect (i) Information you provide to us on the Mailchimp Sites or otherwise: Our Mailchimp Sites offer various ways to contact us, such as through form submissions, email or phone, to inquire about our company and Service. For example, we may ask you to provide certain Personal Information when you express an interest in obtaining information about us or our Service, take part in surveys, subscribe to marketing, apply for a role with Mailchimp, or otherwise contact us. We may also collect Personal Information from you in person when you attend our events or trade shows, if you visit our offices (where you will be required to register as a visitor and provide us with certain information that may also be shared with our service providers) or via a phone call with one of our sales representatives. You may choose to provide additional information when you communicate with us or otherwise interact with us, and we may keep copies of any such communications for our records. The Personal Information we collect may include: Business contact information (such as your name, phone number, email address and country); Professional information (such as your job title, institution or company); Nature of your communication; Marketing information (such as your contact preferences); and Any information you choose to provide to us when completing any ‘free text’ boxes in our forms. (ii) Information we collect automatically through the Mailchimp Sites: When you visit our Mailchimp Sites or interact with our emails, we and our third-party partners use cookies and similar technologies such as pixels or web beacons, alone or in conjunction with cookies, to collect certain information automatically from your browser or device. In some countries, including countries in the EEA, this information may be considered Personal Information under applicable data protection laws. Our use of cookies and other tracking technologies is discussed more below, and in more detail in our Cookie Statement available here. The information we collect automatically includes: Device information: such as your IP address, your browser, operating system, device information, unique device identifiers, mobile network information, request information (speed, frequency, the site from which you linked to us (“referring page”), the name of the website you choose to visit immediately after ours (called “exit page”), information about other websites you have recently visited, the web browser you used (software used to browse the internet) including its type and language), and viewfinder size and scripts errors. Usage data: such as information about how you interact with our emails, Mailchimp Sites, and other websites (such as the pages and files viewed, session duration, links clicked, searches, non-sensitive text entered, mouse movements, operating system and system configuration information and date/time stamps associated with your usage). B. Use of Personal Information We may use the information we collect through our Mailchimp Sites and in connection with our events and marketing activities (alone or in combination with other data we collect) for a range of reasons in reliance on our legitimate interests, including: To provide, operate, optimize, and maintain the Mailchimp Sites. To send you marketing information, product recommendations and non-transactional communications (e.g., email, telemarketing calls, SMS, or push notifications) about us, in accordance with your marketing preferences, including information about our products, services, promotions or events as necessary for our legitimate interest in conducting direct marketing or to the extent you have provided your prior consent. For recruitment purposes if you have applied for a role with Mailchimp. To respond to your online inquiries and requests, and to provide you with information and access to resources or services that you have requested from us. To manage the Mailchimp Sites and system administration and security. To manage event registrations and attendance, including sending related communications to you. To register visitors to our offices for security reasons and to manage non-disclosure agreements that visitors may be required to sign. To improve the navigation and content of the Mailchimp Sites. To identify any server problems or other IT or network issues. To process transactions and to set up online accounts. To compile aggregated statistics about site usage and to better understand the preferences of our Visitors. To help us provide, improve and personalize our marketing activities. To facilitate the security and continued proper functioning of the Mailchimp Sites. To carry out research and development to improve our Mailchimp Sites, products and services. To conduct marketing research, advertise to you, provide personalized information about us on and off our Mailchimp Sites, and to provide other personalized content based on your activities and interests to the extent necessary for our legitimate interests in supporting our marketing activities or advertising our Service or instances where we seek your consent. To carry out other legitimate business purposes, as well as other lawful purposes, such as data analysis, fraud monitoring and prevention, identifying usage trends and expanding our business activities in reliance on our legitimate interests. To cooperate with public and government authorities, courts or regulators in accordance with our legal obligations under applicable laws to the extent this requires the processing or disclosure of Personal Information to protect our rights or is necessary for our legitimate interest in protecting against misuse or abuse of our Mailchimp Sites and Service, protecting personal property or safety, pursuing remedies available to us and limiting our damages, complying with judicial proceedings, court orders or legal processes, or responding to lawful requests. C. Public Information and Third-Party Websites Blog. We have public blogs on the Mailchimp Sites. Any information you include in a comment on our blog may be read, collected, and used by anyone. If your Personal Information appears on our blogs and you want it removed, contact us here. If we are unable to remove your information, we will tell you why. Social media platforms and widgets. The Mailchimp Sites include social media features, such as the Facebook Like button. These features may collect information about your IP address and which page you are visiting on our Mailchimp Site, and they may set a cookie to make sure the feature functions properly. Social media features and widgets are either hosted by a third party or hosted directly on our Mailchimp Site. We also maintain presences on social media platforms, including Facebook, Twitter, and Instagram. Any information, communications, or materials you submit to us via a social media platform is done at your own risk without any expectation of privacy. We cannot control the actions of other users of these platforms or the actions of the platforms themselves. Your interactions with those features and platforms are governed by the privacy policies of the companies that provide them. Links to third-party websites. The Mailchimp Sites include links to other websites, whose privacy practices may be different from ours. If you submit Personal Information to any of those sites, your information is governed by their privacy policies. We encourage you to carefully read the privacy policy of any website you visit. Contests and sweepstakes. We may, from time to time, offer surveys, contests, sweepstakes, or other promotions on the Mailchimp Sites or through social media (collectively, “Promotions”). Participation in our Promotions is completely voluntary. Information requested for entry may include Personal Information such as your name, address, date of birth, phone number, email address, username, and similar details. We use the information you provide to administer our Promotions. We may also, unless prohibited by the Promotion’s rules or law, use the information provided to communicate with you, or other people you select, about our Service. We may share this information with our subsidiaries or Affiliates and other organizations or service providers in line with this privacy policy and the rules posted for our Promotions. D. Cookies and Tracking Technologies We and our third-party partners use cookies and similar tracking technologies to collect and use Personal Information about you, including to serve interest-based advertising about Mailchimp and its Affiliates. For further information about the types of cookies and tracking technologies we use, why, and how you can control them, please see our Cookie Statement available here. E. Other Data Protection Rights Depending on the country in which you reside, you may have the following data protection rights: To access; correct; update; port; delete; restrict or object to our processing of your Personal Information. You can exercise these rights by visiting this page or by emailing personaldatarequests@mailchimp.com. You may also have the right to complain to a data protection authority about our collection and use of your Personal Information. For more information, please contact your local data protection authority. Contact details for data protection authorities in the EEA are available here. Similarly, if we have collected and processed your Personal Information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect the processing of your Personal Information conducted in reliance on lawful processing grounds other than consent. You can also contact us at any time to update your marketing preferences (see Section 5. General Information, C. Your Choices and Opt-Outs below). We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. We may ask you to verify your identity in order to help us respond efficiently to your request. 5. General Information A. How We Share Information We may share and disclose your Personal Information with our subsidiaries or Affiliates and to the following types of third parties for the purposes described in this privacy policy (for purposes of this section, “you” and “your” refer to Members, Contacts, and Visitors unless otherwise indicated). Our subsidiaries and Affiliates include Courier Holdings Ltd. located in the United Kingdom. You can learn more about Courier and its privacy practices here. (i) Our service providers: Sometimes, we share your information with our third-party service providers working on our behalf for the purposes described in this privacy policy. For example, companies we’ve hired to help us provide and support our Service or assist in protecting and securing our systems and services and other business-related functions. Other examples include analyzing data, hosting data, engaging technical support for our Service, processing payments, and delivering content. We use YouTube’s API services in connection with our Service to provide certain features. As such, you acknowledge and agree that by signing up for an account and using the Service, you are also bound by Google’s Privacy Policy. In addition to the rights set forth in Section 2, you may manage your YouTube API data by visiting Google’s security settings page at https://security.google.com/settings/security/permissions In connection with our Service, we also use a third-party service provider, Twilio, Inc. We use Twilio’s API, which allows us to build features into our Mailchimp application to enable us to communicate with our Members through texting and calling, and their “Authy” product, which we use for two-factor authentication for our application. If you are a Member, Twilio may need to collect and process certain Personal Information about you as a controller to provide such services. To learn more about Twilio’s privacy practices, please visit https://www.twilio.com/legal/privacy (ii) Advertising partners: We may partner with third-party advertising networks, exchanges, and social media platforms (like Facebook) to display advertising on the Mailchimp Sites or to manage and serve our advertising on other sites, and we may share Personal Information of Members and Visitors with them for this purpose. We and our third-party partners may use cookies and other similar tracking technologies, such as pixels and web beacons, to gather information about your activities on the Mailchimp Sites and other sites in order to provide you with targeted advertising based on your browsing activities and interests. For more information, please see our Cookie Statement available here. (iii) Any competent law enforcement body, regulatory body, government agency, court or other third party where we believe disclosure is necessary (a) as a matter of applicable law or regulation, (b) to exercise, establish, or defend our legal rights, or (c) to protect your vital interests or those of any other person. (iv) A potential buyer (and its agents and advisors) in the case of a sale, merger, consolidation, liquidation, reorganization, or acquisition. In that event, any acquirer will be subject to our obligations under this privacy policy, including your rights to access and choice. We will notify you of the change either by sending you an email or posting a notice on our Mailchimp Site. (v) Any other person with your consent. We may also share anonymized, aggregated information with selected third parties for statistical purposes. B. Legal Basis for Processing Personal Information (EEA and UK Persons Only) If you are located in the EEA or UK, our legal basis for collecting and using the Personal Information described above will depend on the Personal Information concerned and the specific context in which we collect it. However, we will normally collect and use Personal Information from you where the processing is in our legitimate interests and not overridden by your data-protection interests or fundamental rights and freedoms. Our legitimate interests are described in more detail in this privacy policy in the sections above titled “Use of Personal Information”, but they typically include improving, maintaining, providing, and enhancing our technology, products, and services; ensuring the security of the Service and our Mailchimp Sites; and supporting our marketing activities. If you are a Member, we may need the Personal Information to perform a contract with you. In some limited cases, we may also have a legal obligation to collect Personal Information from you. If we ask you to provide Personal Information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your Personal Information is mandatory or not, as well as of the possible consequences if you do not provide your Personal Information. Where required by law, we will collect Personal Information only where we have your consent to do so. If you have questions or need further information concerning the legal basis on which we collect and use your Personal Information, please contact us using the contact details provided in the “Questions and Concerns” section below. C. Your Choices and Opt-Outs Members and Visitors who have opted in to our marketing emails can opt out of receiving marketing emails from us at any time by clicking the “unsubscribe” link at the bottom of our marketing messages. Also, all opt-out requests can be made by emailing us using the contact details provided in the “Questions and Concerns” section below. Please note that some communications (such as service messages, account notifications, billing information) are considered transactional and necessary for account management, and Members cannot opt out of these messages unless you cancel your Mailchimp account. D. Our Security We take appropriate and reasonable technical and organizational measures designed to protect Personal Information from loss, misuse, unauthorized access, disclosure, alteration, and destruction, taking into account the risks involved in the processing and the nature of the Personal Information. For further information about our security practices, please see our Security page available here. If you have any questions about the security of your Personal Information, you may contact us at privacy@mailchimp.com. Mailchimp accounts require a username and password to log in. Members must keep their username and password secure, and never disclose it to a third party. Because the information in a Member’s Mailchimp account is private, account passwords are hashed, which means we cannot see a Member’s password. We cannot resend forgotten passwords either. We will only provide Members with instructions on how to reset them. E. International Transfers (i) We operate in the United States Our servers and offices are located in the United States, so your information may be transferred to, stored, or processed in the United States. While the data protection, privacy, and other laws of the United States might not be as comprehensive as those in your country, we take many steps to protect your privacy, including offering our Members a Data Processing Agreement available here. (ii) Data transfers from Switzerland, United Kingdom, or the EEA to the United States Mailchimp participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. We are committed to subjecting all Personal Information received from EEA member countries, United Kingdom, and Switzerland, respectively, in reliance on each Privacy Shield Framework, to each Framework’s applicable Principles. To learn more about the Privacy Shield Frameworks, and to view our certification, visit the U.S. Department of Commerce’s Privacy Shield website available here. A list of Privacy Shield participants is maintained by the Department of Commerce and is available here. Mailchimp is responsible for the processing of Personal Information we receive under each Privacy Shield Framework and subsequently transfer to a third party acting as an agent on our behalf. We comply with the Privacy Shield Principles for all onward transfers of Personal Information from the EEA, United Kingdom, and Switzerland, including the onward transfer liability provisions. With respect to Personal Information received or transferred pursuant to the Privacy Shield Frameworks, we are subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge to you) at https://feedback-form.truste.com/watchdog/request. Under certain conditions, more fully described on the Privacy Shield website, here, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted. Members located in Switzerland, United Kingdom, and the EEA are subject to our Data Processing Addendum available here, as described in our Standard Terms of Use. (iii) Members, Contacts and Visitors located in Australia If you are a Member, Contact or Visitor who accesses our Service in Australia, this section applies to you. We are subject to the operation of the Privacy Act 1988 (“Australian Privacy Act”). Here are the specific points you should be aware of: As stated in our Acceptable Use Policy available here, sensitive personal information is not permitted on Mailchimp’s platform and Members are prohibited from importing or incorporating any sensitive personal information into their Mailchimp accounts or uploading any sensitive personal information to Mailchimp’s servers. Please note that if you do not provide us with your Personal Information or if you withdraw your consent for us to collect, use and disclose your Personal Information, we may be unable to provide the Service to you. Where we collect Personal Information of our Visitors, the Personal Information we ask you to provide will be information that is reasonably necessary for, or directly related to, one or more of our functions or activities. Please see Section 4, of this privacy policy for examples of the types of Personal Information we may ask Visitors to provide. Where we say we assume an obligation about Personal Information, we will also require our contractors and subcontractors to undertake a similar obligation. We will not use or disclose Personal Information for the purpose of our direct marketing to you unless: you have consented to receive direct marketing; you would reasonably expect us to use your personal details for marketing; or we believe you may be interested in the material but it is impractical for us to obtain your consent. You may opt out of any marketing materials we send to you through an unsubscribe mechanism. If you have requested not to receive further direct marketing messages, we may continue to provide you with messages that are not regarded as “direct marketing” under the Australian Privacy Act, including changes to our terms, system alerts, and other information related to your account as permitted under the Australian Privacy Act and the Spam Act 2003 (Cth). Our servers are located in the United States. In addition, we or our subcontractors may use cloud technology to store or process Personal Information, which may result in storage of data outside Australia. It is not practicable for us to specify in advance which country will have jurisdiction over this type of offshore activity. All of our subcontractors, however, are required to comply with the Australian Privacy Act in relation to the transfer or storage of Personal Information overseas. We may also share your Personal Information outside of Australia to our business operations in other countries. While it is not practicable for us to specify in advance each country where your Personal Information may be disclosed, typically we may disclose your Personal Information to the United States, Canada and the European Union. You may access the Personal Information we hold about you. If you wish to access your Personal Information, you may do so by visiting this page, or by emailing us at personaldatarequests@mailchimp.com. We will respond to all requests for access within a reasonable time. If you think the information we hold about you is inaccurate, out of date, incomplete, irrelevant, or misleading, we will take reasonable steps, consistent with our obligations under the Australian Privacy Act, to correct that information upon your request. If you find that the information we have is not up to date or is inaccurate or incomplete, please contact us in writing at dpo@mailchimp.com, so we can update our records. We will respond to all requests for correction within a reasonable time. If you are unsatisfied with our response to a privacy matter, you may consult either an independent advisor or contact the Office of the Australian Information Commissioner for additional help. We will provide our full cooperation if you pursue this course of action. F. Retention of Data We retain Personal Information where we have an ongoing legitimate business or legal need to do so. Our retention periods will vary depending on the type of data involved, but, generally, we’ll refer to these criteria in order to determine retention period: Whether we have a legal or contractual need to retain the data. Whether the data is necessary to provide our Service. Whether our Members have the ability to access and delete the data within their Mailchimp accounts. Whether our Members would reasonably expect that we would retain the data until they remove it or until their Mailchimp accounts are closed or terminated. When we have no ongoing legitimate business need to process your Personal Information, we will either delete or anonymize it or, if this is not possible (for example, because your Personal Information has been stored in backup archives), then we will securely store your Personal Information and isolate it from any further processing until deletion is possible. G. California Privacy The California Consumer Privacy Act (“CCPA”) provides consumers with specific rights regarding their Personal Information. You have the right to request that businesses subject to the CCPA (which may include our Members with whom you have a relationship) disclose certain information to you about their collection and use of your Personal Information over the past 12 months. In addition, you have the right to ask such businesses to delete Personal Information collected from you, subject to certain exceptions. If the business sells Personal Information, you have a right to opt-out of that sale. Finally, a business cannot discriminate against you for exercising a CCPA right. When offering services to its Members, Mailchimp acts as a “service provider” under the CCPA and our receipt and collection of any consumer Personal Information is completed on behalf of our Members in order for us to provide the Service. Please direct any requests for access or deletion of your Personal Information under the CCPA to the Member with whom you have a direct relationship. Consistent with California law, if you choose to exercise your applicable CCPA rights, we won’t charge you different prices or provide you a different quality of services. If we ever offer a financial incentive or product enhancement that is contingent upon you providing your Personal Information, we will not do so unless the benefits to you are reasonably related to the value of the Personal Information that you provide to us. H. Do not Track Certain state laws require us to indicate whether we honor “Do Not Track” settings in your browser. Mailchimp adheres to the standards set out in this Privacy Policy and does not monitor or follow any Do Not Track browser requests. I. Changes to this Policy We may change this privacy policy at any time and from time to time. The most recent version of the privacy policy is reflected by the version date located at the top of this privacy policy. All updates and amendments are effective immediately upon notice, which we may give by any means, including, but not limited to, by posting a revised version of this privacy policy or other notice on the Mailchimp Sites. We encourage you to review this privacy policy often to stay informed of changes that may affect you. Our electronically or otherwise properly stored copies of this privacy policy are each deemed to be the true, complete, valid, authentic, and enforceable copy of the version of this privacy policy that was in effect on each respective date you visited the Mailchimp Site. J. Questions & Concerns If you have any questions or comments, or if you have a concern about the way in which we have handled any privacy matter, please use our contact form to send us a message. You may also contact us by postal mail or email at: For EEA, Swiss and UK Residents: For the purposes of EU data protection legislation, The Rocket Science Group LLC d/b/a Mailchimp is the controller of your Personal Information. Our Data Protection Officer can be contacted at dpo@mailchimp.com. For any other Residents: The Rocket Science Group LLC d/b/a Mailchimp Attn. Privacy Officer privacy@mailchimp.com 675 Ponce de Leon Ave NE, Suite 5000 Atlanta, GA 30308 )

Payments

We may provide paid products and/or services within the Service. In that case, we may use third-party services for payment processing (e.g. payment processors).

We will not store or collect Your payment card details. That information is provided directly to Our third-party payment processors whose use of Your personal information is governed by their Privacy Policy. These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of payment information.

Authorize.net

Their Privacy Policy can be viewed at https://www.authorize.net/company/privacy/

GDPR Privacy

Legal Basis for Processing Personal Data under GDPR

We may process Personal Data under the following conditions:

• Consent: You have given Your consent for processing Personal Data for one or more specific purposes.
• Performance of a contract: Provision of Personal Data is necessary for the performance of an agreement with You and/or for any pre-contractual obligations thereof.
• Legal obligations: Processing Personal Data is necessary for compliance with a legal obligation to which the Company is subject.
• Vital interests: Processing Personal Data is necessary in order to protect Your vital interests or of another natural person.
• Public interests: Processing Personal Data is related to a task that is carried out in the public interest or in the exercise of official authority vested in the Company.
• Legitimate interests: Processing Personal Data is necessary for the purposes of the legitimate interests pursued by the Company.

In any case, the Company will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.

Your Rights under the GDPR

The Company undertakes to respect the confidentiality of Your Personal Data and to guarantee You can exercise Your rights.

You have the right under this Privacy Policy, and by law if You are within the EU, to:

• Request access to Your Personal Data. The right to access, update or delete the information We have on You. Whenever made possible, you can access, update or request deletion of Your Personal Data directly within Your account settings section. If you are unable to perform these actions yourself, please contact Us to assist You. This also enables You to receive a copy of the Personal Data We hold about You.
• Request correction of the Personal Data that We hold about You. You have the right to have any incomplete or inaccurate information We hold about You corrected.
• Object to processing of Your Personal Data. This right exists where We are relying on legitimate interest as the legal basis for Our processing and there is something about Your particular situation, which makes You want to object to our processing of Your Personal Data on this ground. You also have the right to object where We are processing Your Personal Data for direct marketing purposes.
• Request erasure of Your Personal Data. You have the right to ask Us to delete or remove Personal Data when there is no good reason for Us to continue processing it.
• Request the transfer of Your Personal Data. We will provide to You, or to a third-party You have chosen, Your Personal Data in a structured, commonly used, machine-readable format. Please note that this right only applies to automated information which You initially provided consent for Us to use or where We used the information to perform a contract with You.
• Withdraw Your consent. You have the right to withdraw Your consent on using your Personal Data. If You withdraw Your consent, We may not be able to provide You with access to certain specific functionalities of the Service.

Exercising of Your GDPR Data Protection Rights

You may exercise Your rights of access, rectification, cancellation and opposition by contacting Us. Please note that we may ask You to verify Your identity before responding to such requests. If You make a request, We will try our best to respond to You as soon as possible.

You have the right to complain to a Data Protection Authority about Our collection and use of Your Personal Data. For more information, if You are in the European Economic Area (EEA), please contact Your local data protection authority in the EEA.

CCPA Privacy

This privacy notice section for California residents supplements the information contained in Our Privacy Policy and it applies solely to all visitors, users, and others who reside in the State of California.

Categories of Personal Information Collected

We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular Consumer or Device. The following is a list of categories of personal information which we may collect or may have been collected from California residents within the last twelve (12) months.

Please note that the categories and examples provided in the list below are those defined in the CCPA. This does not mean that all examples of that category of personal information were in fact collected by Us, but reflects our good-faith belief to the best of our knowledge that some of that information from the applicable category may be and may have been collected. For example, certain categories of personal information would only be collected if You provided such personal information directly to Us.

Category A: Identifiers.

Examples: A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, driver’s license number, passport number, or other similar identifiers.

Collected: Yes.

Category B: Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).

Examples: A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.

Collected: Yes.

Category C: Protected classification characteristics under California or federal law.

Examples: Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).

Collected: No.

Category D: Commercial information.

Examples: Records and history of products or services purchased or considered.

Collected: Yes.

Category E: Biometric information.

Examples: Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.

Collected: No.

Category F: Internet or other similar network activity.

Examples: Interaction with our Service or advertisement.

Collected: Yes.

Category G: Geolocation data.

Examples: Approximate physical location.

Collected: No.

Category H: Sensory data.

Examples: Audio, electronic, visual, thermal, olfactory, or similar information.

Collected: No.

Category I: Professional or employment-related information.

Examples: Current or past job history or performance evaluations.

Collected: No.

Category J: Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).

Examples: Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.

Collected: No.

Category K: Inferences drawn from other personal information.

Examples: Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

Collected: No.

Under CCPA, personal information does not include:

• Publicly available information from government records
• Deidentified or aggregated consumer information
• Information excluded from the CCPA’s scope, such as:
• Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data
• Personal Information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994

Sources of Personal Information

We obtain the categories of personal information listed above from the following categories of sources:

• Directly from You. For example, from the forms You complete on our Service, preferences You express or provide through our Service, or from Your purchases on our Service.
• Indirectly from You. For example, from observing Your activity on our Service.
• Automatically from You. For example, through cookies, We or our Service Providers set on Your Device as You navigate through our Service.
• From Service Providers. For example, third-party vendors for payment processing, or other third-party vendors that We use to provide the Service to You.

Use of Personal Information for Business Purposes or Commercial Purposes

We may use or disclose personal information We collect for “business purposes” or “commercial purposes” (as defined under the CCPA), which may include the following examples:

• To operate our Service and provide You with our Service.
• To provide You with support and to respond to Your inquiries, including to investigate and address Your concerns and monitor and improve our Service.
• To fulfill or meet the reason You provided the information. For example, if You share Your contact information to ask a question about our Service, We will use that personal information to respond to Your inquiry. If You provide Your personal information to purchase a product or service, We will use that information to process Your payment and facilitate delivery.
• To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
• As described to You when collecting Your personal information or as otherwise set forth in the CCPA.
• For internal administrative and auditing purposes.
• To detect security incidents and protect against malicious, deceptive, fraudulent or illegal activity, including, when necessary, to prosecute those responsible for such activities.

Please note that the examples provided above are illustrative and not intended to be exhaustive. For more details on how we use this information, please refer to the “Use of Your Personal Data” section.

If We decide to collect additional categories of personal information or use the personal information We collected for materially different, unrelated, or incompatible purposes We will update this Privacy Policy.

Disclosure of Personal Information for Business Purposes or Commercial Purposes

We may use or disclose and may have used or disclosed in the last twelve (12) months the following categories of personal information for business or commercial purposes:

• Category A: Identifiers
• Category B: Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))
• Category D: Commercial information
• Category F: Internet or other similar network activity

Please note that the categories listed above are those defined in the CCPA. This does not mean that all examples of that category of personal information were in fact disclosed but reflects our good-faith belief to the best of our knowledge that some of that information from the applicable category may be and may have been disclosed.

When We disclose personal information for a business purpose or a commercial purpose, We enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.

Sale of Personal Information

As defined in the CCPA, “sell” and “sale” mean selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to a third party for valuable consideration. This means that We may have received some kind of benefit in return for sharing personal information, but not necessarily a monetary benefit.

Please note that the categories listed below are those defined in the CCPA. This does not mean that all examples of that category of personal information were in fact sold, but reflects our good-faith belief to the best of our knowledge that some of that information from the applicable category may be and may have been shared for value in return.

We may sell and may have sold in the last twelve (12) months the following categories of personal information:

• Category A: Identifiers
• Category B: Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))
• Category D: Commercial information
• Category F: Internet or other similar network activity

Share of Personal Information

We may share Your personal information identified in the above categories with the following categories of third parties:

• Service Providers
• Payment processors
• Our affiliates
• Our business partners
• Third-party vendors to whom You or Your agents authorize Us to disclose Your personal information in connection with products or services We provide to You

Sale of Personal Information of Minors Under 16 Years of Age

We do not knowingly collect personal information from minors under the age of 16 through our Service, although certain third party websites that we link to may do so. These third-party websites have their own terms of use and privacy policies and we encourage parents and legal guardians to monitor their children’s Internet usage and instruct their children to never provide information on other websites without their permission.

We do not sell the personal information of Consumers We actually know are less than 16 years of age, unless We receive affirmative authorization (the “right to opt-in”) from either the Consumer who is between 13 and 16 years of age, or the parent or guardian of a Consumer less than 13 years of age. Consumers who opt-in to the sale of personal information may opt-out of future sales at any time. To exercise the right to opt-out, You (or Your authorized representative) may submit a request to Us by contacting Us.

If You have reason to believe that a child under the age of 13 (or 16) has provided Us with personal information, please contact Us with sufficient detail to enable Us to delete that information.

Your Rights under the CCPA

The CCPA provides California residents with specific rights regarding their personal information. If You are a resident of California, You have the following rights:

• The right to notice. You have the right to be notified which categories of Personal Data are being collected and the purposes for which the Personal Data is being used.
• The right to request. Under CCPA, You have the right to request that We disclose information to You about Our collection, use, sale, disclosure for business purposes and share of personal information. Once We receive and confirm Your request, We will disclose to You:
• The categories of personal information We collected about You
• The categories of sources for the personal information We collected about You
• Our business or commercial purpose for collecting or selling that personal information
• The categories of third parties with whom We share that personal information
• The specific pieces of personal information We collected about You
• If we sold Your personal information or disclosed Your personal information for a business purpose, We will disclose to You:
• The categories of personal information categories sold
• The categories of personal information categories disclosed
• The right to say no to the sale of Personal Data (opt-out). You have the right to direct Us to not sell Your personal information. To submit an opt-out request please contact Us.
• The right to delete Personal Data. You have the right to request the deletion of Your Personal Data, subject to certain exceptions. Once We receive and confirm Your request, We will delete (and direct Our Service Providers to delete) Your personal information from our records, unless an exception applies. We may deny Your deletion request if retaining the information is necessary for Us or Our Service Providers to:
• Complete the transaction for which We collected the personal information, provide a good or service that You requested, take actions reasonably anticipated within the context of our ongoing business relationship with You, or otherwise perform our contract with You.
• Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
• Debug products to identify and repair errors that impair existing intended functionality.
• Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
• Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
• Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if You previously provided informed consent.
• Enable solely internal uses that are reasonably aligned with consumer expectations based on Your relationship with Us.
• Comply with a legal obligation.
• Make other internal and lawful uses of that information that are compatible with the context in which You provided it.
• The right not to be discriminated against. You have the right not to be discriminated against for exercising any of Your consumer’s rights, including by:
• Denying goods or services to You
• Charging different prices or rates for goods or services, including the use of discounts or other benefits or imposing penalties
• Providing a different level or quality of goods or services to You
• Suggesting that You will receive a different price or rate for goods or services or a different level or quality of goods or services

Exercising Your CCPA Data Protection Rights

In order to exercise any of Your rights under the CCPA, and if You are a California resident, You can contact Us:

• By email: info@iyac.org

Only You, or a person registered with the California Secretary of State that You authorize to act on Your behalf, may make a verifiable request related to Your personal information.

Your request to Us must:

• Provide sufficient information that allows Us to reasonably verify You are the person about whom We collected personal information or an authorized representative
• Describe Your request with sufficient detail that allows Us to properly understand, evaluate, and respond to it

We cannot respond to Your request or provide You with the required information if We cannot:

• Verify Your identity or authority to make the request
• And confirm that the personal information relates to You

We will disclose and deliver the required information free of charge within 45 days of receiving Your verifiable request. The time period to provide the required information may be extended once by an additional 45 days when reasonable necessary and with prior notice.

Any disclosures We provide will only cover the 12-month period preceding the verifiable request’s receipt.

For data portability requests, We will select a format to provide Your personal information that is readily useable and should allow You to transmit the information from one entity to another entity without hindrance.

Do Not Sell My Personal Information

You have the right to opt-out of the sale of Your personal information. Once We receive and confirm a verifiable consumer request from You, we will stop selling Your personal information. To exercise Your right to opt-out, please contact Us.

“Do Not Track” Policy as Required by California Online Privacy Protection Act (CalOPPA)

Our Service does not respond to Do Not Track signals.

However, some third party websites do keep track of Your browsing activities. If You are visiting such websites, You can set Your preferences in Your web browser to inform websites that You do not want to be tracked. You can enable or disable DNT by visiting the preferences or settings page of Your web browser.

Children’s Privacy

Our Service does not address anyone under the age of 13. We do not knowingly collect personally identifiable information from anyone under the age of 13. If You are a parent or guardian and You are aware that Your child has provided Us with Personal Data, please contact Us. If We become aware that We have collected Personal Data from anyone under the age of 13 without verification of parental consent, We take steps to remove that information from Our servers.

If We need to rely on consent as a legal basis for processing Your information and Your country requires consent from a parent, We may require Your parent’s consent before We collect and use that information.

Your California Privacy Rights (California’s Shine the Light law)

Under California Civil Code Section 1798 (California’s Shine the Light law), California residents with an established business relationship with us can request information once a year about sharing their Personal Data with third parties for the third parties’ direct marketing purposes.

If you’d like to request more information under the California Shine the Light law, and if You are a California resident, You can contact Us using the contact information provided below.

California Privacy Rights for Minor Users (California Business and Professions Code Section 22581)

California Business and Professions Code section 22581 allow California residents under the age of 18 who are registered users of online sites, services or applications to request and obtain removal of content or information they have publicly posted.

To request removal of such data, and if You are a California resident, You can contact Us using the contact information provided below, and include the email address associated with Your account.

Be aware that Your request does not guarantee complete or comprehensive removal of content or information posted online and that the law may not permit or require removal in certain circumstances.

Links to Other Websites

Our Service may contain links to other websites that are not operated by Us. If You click on a third party link, You will be directed to that third party’s site. We strongly advise You to review the Privacy Policy of every site You visit.

We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

Changes to this Privacy Policy

We may update Our Privacy Policy from time to time. We will notify You of any changes by posting the new Privacy Policy on this page.

We will let You know via email and/or a prominent notice on Our Service, prior to the change becoming effective and update the “Last updated” date at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Contact Us

If you have any questions about this Privacy Policy, You can contact us:

• By email: info@iyac.org