Effective Date: This Policy was last updated in July 2020.
Personally Identifiable Information That We Collect:
We may ask you for, or you may voluntarily submit, personally identifiable information when you are using the Service. The personally identifiable information which you may provide to us could include, but is not limited to:
Non-Personal Or Aggregate Information That We Collect:
When you access our Service, we may automatically collect non-personally identifiable information from you, such as IP host address, web pages viewed, browser type, operating system, referring service, search information, device type, page views, usage and browsing habits on the Service and similar data. We may also aggregate demographic information collected from our users (such as the number of users in a particular geographical location) in a manner which does not identify any one individual. We may also aggregate information collected offline in connection with the Service, obtain non-personally identifiable information from third party sources and develop aggregate information by anonymizing previously collected personally identifiable information.
It is possible at times when collecting non-personally identifiable information through automatic means that we may unintentionally collect or receive personally identifiable information that is mixed in with the non-personally identifiable information. While we will make reasonable efforts to prevent such incidental data collection, the possibility still exists. If you believe that we have inadvertently collected your personal information, please notify us at firstname.lastname@example.org.
We will only use your personally identifiable information as described below, unless you have specifically consented to another type of use, either at the time the personally identifiable information is collected from you or through some other form of consent from you or notification to you:
We may share your personally identifiable information collected in connection with providing the Service.
We may use your personally identifiable information to respond to your inquires or requests.
We do not sell your personally identifiable information to any Third Party.
We may share your personally identifiable information with third parties (collectively, the “Third-Party Vendors”) to further the purpose for which you provided such information to us. For example, we may share your information with Elastic Email, for the purpose of sending emails. We urge you to read the privacy practices of all of our Third-Party Vendors before submitting any personally identifiable information through the Service.
We may disclose personally identifiable information as required by law or legal process.
We may disclose personally identifiable information to investigate suspected fraud, harassment or other violations of any law, rule or regulation, or the terms or policies for our services or our sponsors.
We may transfer your personally identifiable information in connection with the sale or merger or change of control of MGO or the division responsible for the services with which your personally identifiable information is associated.
We may share your personally identifiable information with an affiliate of MGO who is in the same corporate family as us as long as their privacy practices are substantially similar to ours.
Non-personally identifiable or aggregate information may be used by us for any purposes permitted by law and may be shared with any number of parties, provided that such information shall not specifically identify you.
Cookies and Similar Technologies:
If you delete your cookies, change browsers or use a different cookie, our cookie (or an opt-out cookie) may no longer work and you will have to re-input (or opt-out) again.
Analytics and Conversion Tracking:
We may collect information about your computer, including your IP address, operating system and browser type, for system administration and in order to create reports. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual.
Like many services, the Analytics Service uses first-party cookies to track visitor interactions as in our case, where they are used to collect information about how visitors use our site. We then use the information to compile reports and to help us improve our site.
Cookies contain information that is transferred to your computer’s hard drive. These cookies are used to store information, such as the time that the current visit occurred, whether the visitor has been to the site before and what site referred the visitor to the web page.
The Analytics Service collects information anonymously. They report website trends without identifying individual visitors. You can opt out of the Analytics Service without affecting how you visit our site. For more information on opting out of being tracked by Google Analytics across all websites you use, visit https://tools.google.com/dlpage/gaoptout.
We may also use Google conversion tracking and/or similar services to help us understand your and other users’ use of the Service.
Automatically Collected Information:
When you access the Service or open one of our HTML emails, we may automatically record certain information from your system by using cookies and other types of tracking technologies. This “automatically collected” information may include, but is not limited to, Internet Protocol address (“IP Address”), a unique user ID, device type, device identifiers, browser types and language, referring and exit pages, platform type, version of software installed, system type, the content and pages that you access on the Service, the number of clicks, the amount of time spent on pages, the dates and times that you visit the Service, and other similar information. Depending on the law of your country of residence, your IP address may legally be considered personally identifiable information.
The security of your personally identifiable information is very important to us. When we collect your personally identifiable information online, we use reasonable efforts to protect it from unauthorized access. However, due to the inherent open nature of the Internet, we cannot guarantee that your personally identifiable information will be completely free from unauthorized access by third parties such as hackers and your use of our Service demonstrates your assumption of this risk. We have put in place reasonable physical, electronic, and managerial procedures to safeguard the information we collect. Only those employees who need access to your information in order to perform their duties are authorized to have access to your personally identifiable information. For more information on protecting your privacy, please visit www.ftc.gov/privacy.
Your Disclosures In Blogs And Other Social Media:
You should be aware that personally identifiable information which you voluntarily include and transmit online through the Service or in a publicly accessible blog, chat room, social media platform or otherwise online, or that you share in an open forum such as an in-person panel or survey, may be viewed and used by others without any restrictions. We are unable to control such uses of your personally identifiable information, and by using the Service or any other online services you assume the risk that the personally identifiable information provided by you may be viewed and used by third parties for any number of purposes.
Protection for Children:
We generally do not collect personally identifiable information from children under the age of 13. If at any time in the future we plan to collect personally identifiable information from children under 13, such collection and use, to the extent applicable, shall, when required, be done in compliance with the Children’s Online Privacy Protection Act (“COPPA”) and appropriate consent from the child’s parent or guardian will be sought where required by COPPA. When we become aware that personally identifiable information from a child under 13 has been collected without such child’s parent or guardian’s consent, we will use all reasonable efforts to delete such information from our database.
As a convenience to you, we may provide links to third-party Services from within our Service. We are not responsible for the privacy practices or content of these third-party sites. When you link away from our Service, you do so at your own risk.
Communications with MGO:
By using the Service, you expressly consent to receive in-product communications from us (including, without limitation, push notifications on the App).
Any phone calls and/or text messages delivered to your phone or device may cause you to incur extra data, text messaging, or other charges from your wireless carrier. MESSAGE AND DATA RATES MAY APPLY. You are solely responsible for any carrier charges incurred as a result of phone and/or text communications from MGO.
California Consumer Privacy Act (CCPA) Requests:
In order to access your rights under the CCPA to access data, and or request deletion, described in this policy, you must fill out the Personal Data Request Form linked below or call MGO at 1-888-959-2115.
Only you, the consumer, or a person registered with the secretary of state authorized to act on your behalf, may make a verifiable CCPA request related to your personal information. You may also make a request on behalf of your minor child.
The verifiable consumer request must:
MGO is unable to respond to your request or provide you with personal information, if it cannot verify your identify or authority to make the request, and confirm the personal information relates to you.
You may only make such a request twice with a twelve (12) month period.
(If applicable) Making a verifiable consumer request does not require you to create an account with MGO, however, requests made through your password protected account are considered to be sufficiently verified when the request relates to personal information associated with your specific account. The information you provide in order to make the request will only be used to verify your identity or authority to make the request.
MGO LLP, (MGO), complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data (as defined below) from European Union member countries and Switzerland. MGO has certified that it adheres to the Privacy Shield Principles of Notice; Choice; Accountability for Onward Transfer; Security; Data Integrity and Purpose Limitation; Access; and Recourse, Enforcement, and Liability. If there is any conflict between the policies in this MGO LLP (U.S.) Privacy Shield Policy (“Privacy Shield Policy”) and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/.
“Data Subject” means the individual to whom any given Personal Data covered by this Privacy Shield Policy refers.
“Personal Data” means any information relating to an individual residing in the European Union and Switzerland that can be used to identify that individual either on its own or in combination with other readily available data.
“Sensitive Personal Data” means Personal Data regarding an individual’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, physical or mental health, or sexual life.
Scope and Responsibility
This Privacy Shield Policy applies to Personal Data transferred from European Union member countries and Switzerland to MGO’s operations in the U.S. in reliance on the respective Privacy Shield framework and does not apply to Personal Data transferred under Standard Contractual Clauses or any approved derogation from the EU Directive.
Some types of Personal Data may be subject to other privacy-related requirements and policies. For example:
All employees of MGO that have access in the U.S. to Personal Data covered by this Privacy Shield Policy are responsible for conducting themselves in accordance with this Privacy Shield Policy. Adherence by MGO to this Privacy Shield Policy may be limited to the extent required to meet legal, regulatory, governmental, or national security obligations, but Personal Data covered by this Privacy Shield Policy shall not be collected, used, or disclosed in a manner contrary to this policy without the prior written permission of MGO’s Chief Risk Officer.
MGO employees responsible for engaging third parties to which Personal Data covered by this Privacy Shield Policy will be transferred are responsible for obtaining appropriate assurances that such third parties have an obligation to conduct themselves in accordance with the applicable provisions of this Privacy Shield Principles, including any applicable contractual assurances required by Privacy Shield.
Privacy Shield Principles
MGO and all other U.S. subsidiaries of the organization, outlined below, commit to subject to the Privacy Shields’ Principles all Personal Data received by MGO in the U.S. from European Union member countries and Switzerland in reliance on the respective Privacy Shield framework.
MGO notifies Data Subjects covered by this Choice Privacy Shield Policy about its data practices regarding Personal Data received by MGO in the U.S. from European Union member countries and Switzerland in reliance on the respective Privacy Shield framework, including the types of Personal Data it collects about them, the purposes for which it collects and uses such Personal Data, the types of third parties to which it discloses such Personal Data and the purposes for which it does so, the rights of Data Subjects to access their Personal Data, the choices and means that MGO offers for limiting its use and disclosure of such Personal Data, how MGO’s obligations under the Privacy Shield are enforced, and how Data Subjects can contact MGO with any inquiries or complaints.
If Personal Data covered by this Privacy Shield Policy is to be used for a new purpose that is materially different from that for which the Personal Data was originally collected or subsequently authorized, or is to be disclosed to a non-agent third party, MGO will provide Data Subjects with an opportunity to choose whether to have their Personal Data so used or disclosed. Requests to opt out of such uses or disclosures of Personal Data should be sent to: email@example.com.
If Sensitive Personal Data covered by this Privacy Shield Policy is to be used for a new purpose that is different from that for which the Personal Data was originally collected or subsequently authorized, or is to be disclosed to a third party, MGO will obtain the Data Subject’s explicit consent prior to such use or disclosure.
3. Accountability for Onward Transfer
In the event we transfer Personal Data covered by this Privacy Shield Policy to a third party acting as a controller, we will do so consistent with any notice provided to Data Subjects and any consent they have given, and only if the third party has given us contractual assurances that it will (i) process the Personal Data for limited and specified purposes consistent with any consent provided by the Data Subjects, (ii) provide at least the same level of protection as is required by the Privacy Shield Principles and notify us if it makes a determination that it cannot do so; and (iii) cease processing of the Personal Data or take other reasonable and appropriate steps to remediate if it makes such a determination. If MGO has knowledge that a third party acting as a controller is processing Personal Data covered by this Privacy Shield Policy in a way that is contrary to the Privacy Shield Principles, MGO will take reasonable steps to prevent or stop such processing.
With respect to our agents, we will transfer only the Personal Data covered by this Privacy Shield Policy needed for an agent to deliver to MGO the requested product or service. Furthermore, we will (i) permit the agent to process such Personal Data only for limited and specified purposes; (ii) require the agent to provide at least the same level of privacy protection as is required by the Privacy Shield Principles; (iii) take reasonable and appropriate steps to ensure that the agent effectively processes the Personal Data transferred in a manner consistent with MGO’s obligations under the Privacy Shield Principles; and (iv) require the agent to notify MGO if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the Privacy Shield Principles. Upon receiving notice from an agent that it can no longer meet its obligation to provide the same level of protection as is required by the Privacy Shield Principles, we will take reasonable and appropriate steps to stop and remediate unauthorized processing.
MGO remains liable under the Privacy Shield Principles if an agent processes Personal Data covered by this Privacy Shield Policy in a manner inconsistent with the Principles, except where MGO is not responsible for the event giving rise to the damage.
MGO takes reasonable and appropriate measures to protect Personal Data covered by this Privacy Shield Policy from loss, misuse, and unauthorized access, disclosure, alteration, and destruction, taking into due account the risks involved in the processing and the nature of the Personal Data.
5. Data Integrity and Purpose Limitation
MGO limits the collection of Personal Data covered by this Privacy Shield Policy to information that is relevant for the purposes of processing. MGO does not process such Personal Data in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by the Data Subject.
MGO takes reasonable steps to ensure that such Personal Data is reliable for its intended use, accurate, complete, and current. MGO takes reasonable and appropriate measures to comply with the requirement under the Privacy Shield to retain Personal Data in identifiable form only for as long as it serves a purpose of processing, which includes MGO’s obligations to comply with professional standards, MGO’s business purposes and unless a longer retention period is permitted by law, and it adheres to the Privacy Shield Principles for as long as it retains such Personal Data.
Data Subjects whose Personal Data is covered by this Privacy Shield Policy have the right to access such Personal Data and to correct, amend, or delete such Personal Data if it is inaccurate or has been processed in violation of the Privacy Shield Principles (except when the burden or expense of providing access, correction, amendment, or deletion would be disproportionate to the risks to the Data Subject’s privacy, or where the rights of persons other than the Data Subject would be violated). Requests for access, correction, amendment, or deletion should be sent to: firstname.lastname@example.org.
7. Recourse, Enforcement, and Liability
MGO commits to cooperate with EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with the advice given by such authorities with regard to human resources data transferred from the EU and Switzerland in the context of the employment relationship.
MGO’s participation in the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework is subject to investigation and enforcement by the Federal Trade Commission.
In compliance with the Privacy Shield Principles, MGO commits to resolve complaints about your privacy and our collection or use of your Personal Data. Data Subjects with inquiries or complaints regarding this Privacy Shield Policy should first contact MGO at: email@example.com
MGO has further committed to refer unresolved privacy complaints under the EU-U.S. and Swiss-U.S. Privacy Shield Principles to an independent dispute resolution mechanism, PrivacyTrust (eTrust), an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, https://www.privacytrust.com/privacyshield/disputeresolution/index.html
Under certain conditions detailed in the Privacy Shield, Data Subjects may be able to invoke binding arbitration before the Privacy Shield Panel to be created by the U.S. Department of Commerce and the European Commission.
MGO agrees to periodically review and verify its compliance with the Privacy Shield Principles, and to remedy any issues arising out of failure to comply with the Privacy Shield Principles. MGO acknowledges that its failure to provide an annual self-certification to the U.S. Department of Commerce will remove it from the Department’s list of Privacy Shield participants.
Changes to this Privacy Shield Policy
This Privacy Shield Policy may be amended from time to time consistent with the requirements of the Privacy Shield. Appropriate notice regarding such amendments will be given.
For questions or concerns relating to privacy, we can be contacted at firstname.lastname@example.org or call +1-415-963-3781.