Effective: May 25, 2018
When we talk about “ITSMA,” “we,” “our,” or “us” in this policy, we are referring to ITSMA (which is a DBA for The Munn Group), the company which provides a range of Membership and Custom Services for marketers. When we talk about the “Services” in this policy, we are referring to our membership offerings, marketing events, consulting, training, and custom research, and online access to marketing research and content documents. Our Services are currently available for use via a web browser specific to your desktop or mobile device.
Data Controller Details
For the purposes of the General Data Protection Regulation or “GDPR”, ITSMA is the data controller. Our address is 91 Hartwell Avenue, Suite 1, Lexington, MA 02421 and we may be contacted at email@example.com. Our representative in the EU for the purposes of the GDPR is Vincent Rousselet who may be contacted at firstname.lastname@example.org.
An individual’s personal data means any information relating to a person who can be identified either directly or indirectly; it may include name, address, email address, phone number, credit / debit card number, IP address, location data, etc.
Basis of processing
We will only collect and process personal data about you where we have a lawful basis for doing so. Lawful bases include consent, contract (where processing is necessary for the performance of a contract with you (e.g. to provide Services you have requested from us), legitimate interests and compliance with legal obligations to which we are subject.
Where we rely on your consent to process personal data, you have the right to withdraw or decline your consent at any time and where we rely on legitimate interests, you have the right to object.
Information we collect and receive
1. Customer Data
Content and information submitted by users (members, clients, and website visitors) in relation to or on behalf of recipients of our Services is referred to in this policy as “Customer Data.” As further explained below, Customer Data is controlled by the organization or individual that created the online account (the “Customer”). Where ITSMA collects or processes Customer Data, it does so on behalf of the Customer to provide them access to our Services, deliver purchased reports or to attend one of our events.
If you create a user account, you are a “User,” as further described in the User Terms of Service. If you are using the Services by invitation of an ITSMA Customer, whether that Customer is your employer, another organization, or an individual, that Customer determines its own policies regarding storage, access, modification, deletion, sharing, and retention of Customer Data which may apply to your use of the Services. Please check with the Customer about the policies and settings it has in place.
2. Other information
ITSMA may also collect and receive the following information:
- Account creation information. Users may provide information such as an email address, phone number, and password to create an account.
- Personal preferences information. This may include information about meal preferences or requirements or allergies where you are attending an event, or any other information about Users or Customers that helps us provide tailored Services.
- Member Company setup information. When a Customer creates a member company account using the Services, we may collect an email address, a company name, company logo, and domain details (such as company.com). We may also collect administrative team contact info, such as a mailing address and telephone number.
- Billing and other information. For Customers that purchase a Product or Service on our website, we process all credit card transactions through Stripe (click here to see their privacy policies) but we do not store or keep any credit card information ourselves.
- Services usage information. This is information about how you are accessing and using the Services, which may include administrative and support communications with us and information about the events, documents, content, and links you interact with.
- Log data. When you use the Services our servers automatically record information, including information that your browser sends whenever you visit a website or your mobile app sends when you are using it. This log data may include your Internet Protocol address, the address of the web page you visited before using the Services, your browser type and settings, the date and time of your use of the Services, information about your browser configuration and plug-ins, language preferences, and cookie data.
- Device information. We may collect information about the device you are using the Services on, including what type of device it is, what operating system you are using, device settings, application IDs, unique device identifiers, and crash data. Whether we collect some or all of this information often depends on what type of device you are using and its settings.
- Geo-location information. IP addresses received from your browser or device may be used to determine approximate location. We will only gather and process this information with your consent.
- Services integrations. If, when using the Services, through a third party provider (e.g. to register for an event or pay for a product or service) they may share certain information about your business contact information with ITSMA. However, we do not receive or store your passwords for any of these third party services.
- Third party data. ITSMA may also receive information from our partners, or third parties that may make our own information better or more useful. This might be aggregate level information, such as which IP addresses go with which zip codes, or it might be more specific information, such as about how well an online marketing or email campaign performed.
How we use your information
We use your information to provide and improve the Services.
1. Customer Data
ITSMA may access and use Customer Data as reasonably necessary and in accordance with Customer’s instructions to (a) provide, maintain and improve the Services; (b) to prevent or address service, security, technical issues or at a Customer’s request in connection with customer support matters; (c) as required by law and (d) as set forth in our agreement with the Customer or as expressly permitted in writing by the Customer.
2. Other information
We use other kinds of information in providing the Services. Specifically:
- To understand and improve our Services. We carry out research and analyze trends to better understand how Users are using the Services and make improvements.
- To communicate with you by:
- Responding to your requests. If you contact us with a problem or question, we will use your information to respond.
- Sending emails and ITSMA messages. We may send you Service and administrative emails and messages. We may also contact you to inform you about changes in our Services, our Service offerings, and important Service related notices. These emails and messages are considered part of the Services and you may not opt-out of them. In addition, we sometimes send emails about new product features, events, or other news about ITSMA. You can opt out of these at any time.
- Billing and account management. We use account data to administer accounts and keep track of payments.
- Communicating with you and marketing. We may need to contact you for invoicing, account management and similar reasons. We may also use your contact information for our own marketing purposes. You can opt out of our marketing at any time.
This policy is not intended to place any limits on what we do with data that is aggregated and/or de-identified so it is no longer associated with an identifiable user or Customer of the Services.
1. Customer Data
Customer provides us with instructions on what to do with Customer Data. A Customer has choices and control over Customer Data.
2. Other information
If you have any questions about your information, our use of this information, or your rights when it comes to any of the foregoing, contact us at email@example.com.
In addition, the browser you use may provide you with the ability to control cookies or other types of local data storage. Your mobile device may provide you with choices around how and whether location or other data is collected and shared. ITSMA does not control these choices, or default settings, which are offered by makers of your browser or mobile device operating system.
Sharing and Disclosure
1. Customer Data
ITSMA may share Customer Data in accordance with our agreement with the Customer and the Customer’s instructions, including:
- With third-party service providers and agents. We may engage third-party companies or individuals to process Customer Data.
- With affiliates. We may engage affiliates in our corporate group to process Customer Data.
- With third-party integrations. ITSMA may, acting on our Customer’s behalf, share Customer Data with the provider of an integration added by the Customer. ITSMA is not responsible for how the provider of an integration may collect, use, and share Customer Data.
2. Other information
ITSMA may share other information as follows:
- About you with the Customer. There may be times when you contact ITSMA to help resolve an issue specific to a Service of which you are a member. In order to help resolve the issue and given our relationship with our Customer, we may share your concern with our Customer.
- With third-party service providers and agents. We may engage third-party companies or individuals, such as third party payment processors, to process information on our behalf.
3. Other types of disclosure
ITSMA may share or disclose Customer Data and other information as follows:
- In relation to changes to our business structure. If we engage in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of ITSMA’s assets, financing, acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities (e.g. due diligence).
- To comply with laws. To comply with legal or regulatory requirements and to respond to lawful requests, court orders and legal process.
- To enforce our rights, prevent fraud and for safety. To protect and defend the rights, property, or safety of us or third parties, including enforcing contracts or policies, or in connection with investigating and preventing fraud.
- Where you have consented. To any other third party where you have provided your consent.
We may disclose or use aggregate or de-identified information for any purpose. We may share aggregated or de-identified information with our partners or others for business or research purposes. Example, we may share your title and company after attending an event but not your name, contact information or any other data, to help recruit sponsors or speakers.
ITSMA takes security seriously. We take various steps to protect information you provide to us from loss, misuse, and unauthorized access or disclosure. These steps take into account the sensitivity of the information we collect, process and store, and the current state of technology.
Our Services are not directed to children. If you learn that a child has provided us with personal information without consent, please contact us.
Retention of personal data
Customer Data or other information about you will be retained until your last use or purchase of our Services or Goods and normally for a period of three years thereafter, unless longer retention is required by applicable local law or where we have a legitimate and lawful purpose to do so. However, we will not retain beyond this period any of that data that is no longer required for the purposes set out in this Policy. The retention of this data will be subject to periodic review.
We may keep an anonymised form of data about you, which will no longer refer to you, for statistical purposes without time limits.
To the extent that you are based in the European Economic Area (“EEA”) or are dealing with any of our consultants in the EEA, then the law provides you with numerous rights, including the right to: access, rectify, erase, restrict, transport, and object to the processing of, Customer Data or other information about you. You also have the right to lodge a complaint with the relevant data protection authority if you believe that your data is not being processed in accordance with applicable data protection laws.
- Right to make subject access request (SAR). You may, where permitted by applicable law, request copies of your personal data. If you would like to make a SAR, (i.e. a request for copies of the data we hold about you) you may do so by writing to us using the heading “Subject Access Request” at the address above or at firstname.lastname@example.org. You may also be required to submit a proof of your identity and a fee.
- Right to rectification. You may request that we rectify any inaccurate and/or complete any incomplete data about you. You can also access your own account details and amend them yourself at any time by going to “My account”.
- Right to withdraw consent. You may, as permitted by applicable law, withdraw your consent to the processing of data about you at any time. Such withdrawal will not affect the lawfulness of processing based on your previous consent. Please note that if you withdraw your consent, you or the Customer may not be able to benefit from certain features of our Services for which the processing of personal data is essential.
- Right to object to processing, including automated processing and profiling. You may, as permitted by applicable law, request that we stop processing data about you. In relation to automated processing and profiling, you may object to the processing.
- Right to erasure. You may request that we erase data about you and we will comply, unless there is a lawful reason for not doing so. For example, there may be an overriding legitimate ground for keeping your data, such as, a legal obligation that we have to comply with, or if retention is necessary for us to comply with our legal obligations.
- Right to data portability. In certain circumstances, you may request that we provide your data to you in a structured, commonly used and machine readable format and have it transferred to another provider of the same or similar services. We will comply with such transfer obligations as far as it is technically feasible. Please note that a transfer to another provider does not imply erasure of your data which may still be required for legitimate and lawful purposes.
- Your right to lodge a complaint with the supervisory authority. We suggest that you contact us about any questions or if you have a complaint in relation to how we process your data. However, you do have the right to contact the relevant supervisory authority directly. To contact the Information Commissioner’s Office in the United Kingdom, please visit the ICO website for instructions.
We may change this policy from time to time, and if we do we will post any changes on this page. If you continue to use the Services after those changes are in effect, you agree to the revised policy.
91 Hartwell Avenue, Suite 1
Lexington, MA 02421