The Information We Collect
In the course of operating the Website, Monetate will collect the following types of information.
How We Use your Personal Data (purposes and legal basis)
Personal Data that we collect from your activity on our website is processed for the system administration (e.g. to improve the Website and services to you) and for statistical or security proposes of the Website as well as to solicit your feedback. The processing of this Personal Data for these purposes is based on our legitimate interests (Art. 6(1) lit. f GDPR).
Personal Data that you have provided in the Website’s contact forms is processed for the purposes specified in the consent declaration, e.g. for the purposes of direct marketing, to inform you about our products and services, and to provide you with our newsletter and invitations to upcoming events.
For the purposes of direct marketing, processing of some your Personal Data involves profiling-based decision-making. When you fill out a request form, sign up for a webinar or download any other products from our website (behavioral data) we score your activities as well as your respective demographic data (title, job role, function, industry, company and country and create a profile from this data by using automated decision-making (“lead scoring”). We use these profiles to automatically determine your level of interest in Monetate’s products and services. You receive points for your behavioral and demographic data. Once you have amassed a certain number of points, Monetate will call you to see if you would like to schedule a demo of Monetate’s products and services or to see if you would like more information on Monetate and its products and services. Thus, these profiling activities do not target you as an individual but in regard to your function as an employee of a company that may utilize our products and services. It therefore does not significantly affect you as a person and the profiling may be considered as within our legitimate interests according to Art. 6 (1) lit. f GDPR.
We also use and/or share your Personal Data as described below.
To the extent permitted by law, we may also disclose your Personal Data: (i) when required by law, court order, or other government or law enforcement authority or regulatory agency; or (ii) whenever we believe that disclosing such Personal Data is necessary or advisable, for example, to protect the rights, property, or safety of Monetate or others.
Your Rights in Respect to Your Personal Data
You have the right to access, remove, review, and/or make changes to the Personal Data processed by us by following the instructions found on the Website or by sending a request by e-mail to email@example.com. Furthermore, you have a right to restrict the processing of your Personal Data and a right to data portability which may be requested in the same way as described before.
In addition, you may manage your receipt of marketing and communications by visiting the Monetate Subscription Preference Center at https://info.monetate.com/Subscription-Preferences-Center.html. We will process such requests no later than 25 days from receipt.
The foregoing rights are without prejudice to your right to launch a claim with your data protection authority, if applicable.
AS FAR AS WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR LEGITIMATE INTERESTS (ART. 6(1) LIT. F) GDPR), YOU MAY OBJECT TO PROCESSING (ART. 21(1) GDPR). WE PROCESS ON THE BASIS OF OUR LEGITIMATE INTERESTS WHERE THE PROCESSING IS NOT NECESSARY TO FULFIL A CONTRACT WITH YOU. YOU MAY FIND A DETAILED DESCRIPTION OF OUR PROCESSING ACTIVITIES AND THE LEGAL BASIS IN THE SECTION ABOVE (UNDER HOW WE USE THE PERSONAL DATA (PURPOSES AND LEGAL BASIS). IF YOU OBJECT TO SUCH PROCESSING, WE ASK YOU TO STATE THE GROUNDS OF YOU OBJECTION IN ORDER FOR US TO EXAMINE THE PROCESSING OF YOUR PERSONAL DATA AND DECIDE WHETHER TO ADJUST THE PROCESSING ACCORDINGLY.
FURTHERMORE, AS FAR AS YOUR PERSONAL DATA IS PROCESSED FOR THE PURPOSES OF DIRECT MARKETING (LEAD SCORING), YOU HAVE A RIGHT TO OBJECT TO ANY OF THIS DATA PROCESSING FREE OF CHARGE AT ANY TIME WITHOUT PROVIDING A REASON BY EMAILING PRIVACY@MONETATE.COM (ART. 21(2) GDPR).
How Long We Store Your Personal Data
We maintain your Personal Data until you have requested that we stop processing it or for so long as needed in order to fulfil the purpose for which you provided your Personal Data, whichever comes first. Following either your request to cease processing or once this purpose is no longer relevant, we will permanently erase your Personal Data from our computer systems and cease all further processing of your Personal Data.
How We Protect your Personal Data
We take all necessary steps to protect your Personal Data from loss, misuse, and unauthorized access, disclosure, alteration, or destruction as required by applicable law or the EU-US or Swiss-US Privacy Shield Principles. We have appropriate technical and organizational measures to ensure a level of security appropriate to the risk of varying likelihood and severity for the rights and freedoms of you and other Users. We maintain these technical and organizational measures and may amend them from time to time to improve the overall security of our systems. Please understand, however, that no security system is impenetrable. We cannot guarantee the security of our databases, nor can we guarantee that your Personal Data will not be intercepted while being transmitted to and from us over the Internet. In particular, e-mail sent to or from the Website may not be secure, and you should therefore take special care in deciding what information you send to us via e-mail.
Important Notices to Non-U.S. Residents/EU-US and Swiss-US Privacy Shield
Monetate will process your Personal Data received under the EU-US or Swiss-US Privacy Shield only in ways that are compatible with the purpose for which it was collected, or for purposes authorized by you later on. We will provide you with the possibility to opt out in case we want to (i) disclose your Personal Data to a third party that is not acting as an agent to perform tasks on our behalf and under our instructions or (ii) use your Personal Data for a purpose materially different from the purpose for which it was initially collected or subsequently authorized by you.
Monetate has further committed to refer unresolved privacy complaints under the EU-US and Swiss-US Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, a non-profit independent dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/for more information and to file a complaint (free of charge).
Under certain conditions you have the possibility to invoke binding arbitration in order to determine whether Monetate has violated its obligations under the EU-US or Swiss-US Privacy Shield Principles as to you, and whether such any such violation remains fully or partially unremedied. You must take following steps prior to initiating an arbitration claim: (1) raise the claimed violation directly with Monetate and afford us an opportunity to resolve the issue within 45 days of receiving your complaint; (2) make use of the independent dispute resolution mechanism, which is at no cost to you; and (3) raise the issue through your Data Protection Authority to the Department of Commerce and afford the Department of Commerce an opportunity to use best efforts to resolve the issue, at no cost to for you. Please check https://www.privacyshield.gov and Annex I (Binding Arbitration) of the EU-US Privacy Shield Framework for further information.
You may have the right under the EU-US and Swiss-US Privacy Shield to access the Personal Data that we hold about you and to request that we correct, amend or delete it if it is inaccurate or processed in violation of the EU-US or Swiss-US Privacy Shield. These access rights may not apply in some cases, including where providing access is unreasonably burdensome or expensive under the circumstances or where it would violate the rights of someone other than the individual requesting access. We will respond to access requests within a reasonable time period, in a reasonable manner and readily intelligible form. We may charge a fee that is not excessive to cover the costs for providing access. We may also set reasonable limits on the number of times within a given period in which access requests from a particular individual will be met. We may request specific information from you to confirm your identity.
Please note that Monetate may be required to disclose an individual’s Personal Data in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.
As set out above, Monetate may transfer Personal Data to SalesForce, Marketo and Monetate UK who perform functions on our behalf. Where required by the EU-US and Swiss-US Privacy Shields, we will enter into written agreements with those third-party agents requiring them to provide the same level of protection each of the EU-US and Swiss-US Privacy Shield requires and limiting their use of the Personal Data to the specified services provided on our behalf. We take reasonable and appropriate steps to ensure that third-party agents process Personal Data received in reliance of the EU-US and Swiss-US Privacy Shield in accordance with our EU-US and Swiss-US Privacy Shield obligations and to stop and remediate any unauthorized processing. We shall remain liable under each of the EU-US and Swiss-US Privacy Shield Principles if our agent processes Personal Data in a manner inconsistent with the EU-US and Swiss-US Privacy Shield Principles, as applicable, unless we can prove that we are not responsible for the event giving rise to the damage.
Under the conditions set out above, we may also transfer Personal Data received under each of the EU-US and Swiss-US Privacy Shield to SalesForce and Marketo. We will only provide such Personal Data to third-party data controllers where you have not opted-out of such disclosures. Where required by the EU-US or Swiss-US Privacy Shield, we will enter into written contracts with such third-party data controllers requiring them to provide the same level of protection the EU-US or Swiss-US Privacy Shield requires. We also limit their use of such Personal Data so that it is consistent with any consent you have provided and with the notices you have received.
Monetate is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
Monetate does not monitor, recognize, or honor any opt-out or do not track mechanisms, including general web browser “Do Not Track” settings and/or signals.
How to Contact Us
Data Protection Officer
1001 E. Hector Street, Suite 401
Conshohocken, PA 19428 U.S.A.