(Effective as of May 2016)
Information we collect about you
We may collect and process the following information about you:
- your name, your email address and other contact details;
- your training profile, including details of courses you’ve attended and courses that you’re due to complete;
- information that you provide by filling in forms on www.mediaocean.com (our website), or on Mediaocean Support; when you contact us, or when we contact you;
- if you contact us, we may keep a record of that correspondence;
- results from surveys that we may ask you to complete for research purposes, although you don’t have to respond to them; and
- details of your visits to our website including, but not limited to, traffic data, location data, weblogs and other communication data and the resources that you access. We may collect information about your computer, including your IP address, operating system and browser type, for system administration.
We use your Personal Information in the following ways:
- to enhance or improve your experience on our website and/or with our products & services generally;
- to contact you where necessary or appropriate, for example if you have a query;
- to provide you with information, products, or services that you request from us and notify you of any changes to these;
- to help us keep the information that we hold about you up-to-date;
- to carry out obligations arising from contracts entered into between the client company and us;
- and to keep your information secure.
To minimize the risk of unauthorized access to your information, we may use some of your information to authenticate you when using our website or when you contact us by telephone.
You won’t be able to use our online support services if you are not willing to provide this information.
Personal data collected from users in the EU, Australia, Canada and other territories will be transferred from time to time to the USA and UK, and may be transferred to any other countries where Mediaocean group companies have offices (Australia, Canada, France, Germany, India, UK, USA). Data transfer agreements (including the EU model clauses) have been put in place within the group to ensure protection of Personal Information in line with European data protection requirements.
Mediaocean uses cloud-base software solutions for customer relationship management, support and incident management, and marketing communications. These run at Tier III, SSAE-16, or ISO 27001 compliant data centers which may be located in the USA. Mediaocean shares your name, email address and company information with these providers for the purpose of operating the website, and it is used strictly for the purposes described above. All Personal Information transferred by Mediaocean to the providers is covered by contractual clauses which govern the transfer, processing and use of the data and prohibit any further onward transfer of the data. Mediaocean may use additional hosted or cloud-based software solutions to facilitate internal processes. Where this is the case, Mediaocean will only transfer your Personal Information under similar data transfer agreements.
If you have any concerns or queries about how Mediaocean stores or uses your data, please contact your support team. Please see the Support tab on the web site for details on how to contact Support.
Your rights under this Policy
You have the right to opt-out of any use of your Personal Information for marketing purposes by contacting us or by unsubscribing using the link provided at the bottom of our emails. You may also demand access to, deletion or correction of the Personal Information we hold about you. In addition, you have a right, on certain grounds, to object to the processing of your Personal Information. For more information about how to do this, please see the section on Complaints below.
Services hosted by Mediaocean
Most of the services which Mediaocean provides in North America and Europe run on our mainframe and servers located in one of our secure data centers in the USA. Where Personal Information is collected, stored or used by our client companies using these hosted systems, please note that we act only as a Data Processor. Our sole function is to provide technical support to run the systems for the benefit of our clients. The client company is the Data Controller and is responsible for data protection obligations pertaining to its notification, collection, accuracy, and timely disposal. The client company is also responsible for arrangements to enable you to access your own Personal Information, subject to confirmation of identification, and for authorizing disclosure to Third Parties. Mediaocean’s responsibilities for this data are limited to making provisions for the security, availability and integrity of data on our systems and to processing Personal Information solely in accordance with the instructions of our clients. Mediaocean staff responsible for this processing may be located at Mediaocean group companies in North America, Europe and India, and the data is backed up to Mediaocean’s back-up data centers which are located in the USA and in the UK.
Children under the Age of 13
Our website is not intended for children under 13 years of age. No one under age 13 may provide any Personal Information to or on the website. We do not knowingly collect Personal Information from children under 13. If you are under 13, do not use or provide any information on this website or on or through any of its features. If we learn we have collected or received Personal Information from a child under 13 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 13, please contact us at Infosec&Compliance@mediaocean.com.
Mediaocean applies the following privacy principles to the processing of your Personal Information.
We inform you about the purposes for which we collect and use information about you, how to contact us with any inquiries or complaints, the types of Third Parties to which we disclose the information, and the choices and means we offer for limiting the use and disclosure of this information. We clearly provide this notice when you’re first asked to provide Personal Information to us or authorize us to collect the information from Third Parties (or as soon thereafter as practicable). We also provide clear notice before we use such information for a purpose other than that for which it was originally collected.
We collect and use only such Personal Information as is required to provide services to our clients. Such collection and use is subject to the Notice principle described above and in most circumstances doesn’t require your explicit consent. However, we obtain your consent before:
- a) disclosing Personal Information to a Third Party (other than disclosure to an agent or contractor processing the data solely on our behalf, or disclosure required by law).
- b) using Personal Information for a purpose that is incompatible with the purpose(s) for which it was originally collected or subsequently authorized by the individual.
Where consent is required, you are provided with clear and conspicuous, readily available, and affordable mechanisms to exercise choice.
As a matter of routine business, we don’t disclose Personal Information to Third Parties, use Personal Information for purposes incompatible with the purposes for which it was originally collected or subsequently authorized, or collect Sensitive Information.
3. Onward Transfer
Before making disclosure to a Third Party, we’ll first apply the Notice and Choice principles as described above. Unless the disclosure is legally required (such as tax reporting or responding to a judicial subpoena), we also ensure that the Third Party is obliged (by law or contract) to provide at least the same level of privacy protection as is required by these principles and applicable laws. Where we contract with Third Parties to process Personal Information on our behalf, our policy is to contractually oblige the Third Parties to maintain the confidentiality and security of Personal Information they receive; to act upon it only in accordance with the instructions they receive from us and/or the client company; and to handle the information strictly in accordance with these principles.
All information you provide to us is stored on our secure servers. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website or to use Mediaocean applications, you’re responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we’ll do our best to protect your Personal Information, we can’t guarantee the security of your Personal Information transmitted to our website; any transmission is at your own risk. Once we have received your information, we’ll use strict procedures and security features to try to prevent unauthorised access.
Logical access tools have been put in place to ensure that access to Personal Information is appropriately restricted. Administrative access to the information is restricted to our authorized personnel. Physical and network security measures are in place to restrict access to the computing equipment. The security measures that we have in place to protect Personal Information are certified annually.
5. Integrity of Personal Information
We take reasonable steps to ensure that Personal Information is reliable for its intended use, accurate, complete, and current. We have in place procedures to ensure that Personal Information is kept up to date. Accounts may be terminated by you or at your request at any time.
6. Access and Timely Disposal
There is no charge for this access. If the personal data are being stored for business reasons in accordance with the purpose of transmission, the user may request access to his or her data in written form once every calendar year without charge. A charge may be made for additional requests, if the user may be able to use the data for business purposes with a third party.
Subject to confirmation of identification, we’ll take reasonable steps to correct, amend or delete Personal Information at your request, where appropriate.
7. Queries and Complaints
Mediaocean GmbH has appointed an external Data Protection Officer who is responsible for compliance with and monitoring of data protection policies & procedures at the company.
For more information on data protection, please contact:
c/o Althammer & Kill GmbH & Co. KG
Neuer Zollhof 3
Telefon +49 211 936748-0
Telefax +49 211 936748-48
We will cooperate with European data protection authorities, the US Dept. of Commerce, the US Federal Trade Commission, the Office of the Australian Information Commissioner, the New Zealand Privacy Commissioner, the Office of the Privacy Commissioner of Canada, relevant state or provincial agencies, and law enforcement and judicial authorities in investigating any privacy complaints or suspected violations of privacy laws or Mediaocean’s privacy commitments, as well as in rectifying any noncompliant practices. Employees or contractors who violate the terms of these principles may be subject to disciplinary consequences up to and including termination of employment or termination or non-renewal of contract, in addition to any other legal measures that may be taken by Mediaocean, its clients, or the affected individuals and their representatives.
- Personal Information is any information about an identified or identifiable individual, regardless of the medium or format in which the information is stored.
- A Data Controller is a party or entity that determines the purposes and means of the processing of Personal Information. A company functions as a data controller when it decides how such information is to be used, and then uses that information accordingly.
- A Data Processor is a party or entity that processes Personal Information on behalf of a Data Controller. A company functions as a Data Processor when it acts as an agent of another company, following its instructions as to how that information should be handled and processed.
- A Third Party is an entity or person other than you, Mediaocean or its clients. Third party data recipients with whom personal Information may be shared include service providers, accountants and auditors, and external legal counsels.
- Sensitive Information is Personal Information treated in European data protection laws as posing special risks to an individual, such as information about racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, health, or sex life.