(Effective as of December 1, 2015)
Mediaocean as a Data Processor
With respect to Personal Information that is collected, stored or used by our clients, we act only as a Data Processor. Our sole function is to provide technical support to run the systems on our mainframe and servers at our data centers in the United States of America for the benefit of our clients. The client company is the Data Controller and is responsible for data protection obligations pertaining to its notification, collection, accuracy, and timely disposal. The client company is also responsible for arrangements to enable you to access your own Personal Information, subject to confirmation of identification, and for authorizing disclosure to Third Parties. Mediaocean’s responsibilities for this data are limited to making provisions for the security, availability and integrity of data on our systems and to processing personal data solely in accordance with the instructions of our clients. Mediaocean staff responsible for this processing may be located at Mediaocean group companies in North America, Europe and India.
Mediaocean as a Data Controller
Acting as a Data Controller, we may collect and process the following information about you:
- your name, your email address and other contact details;
- your training profile, including details of courses you’ve attended and courses that you’re due to complete;
- information that you provide by filling in forms on www.mediaocean.com (our website), or on Mediaocean Support; when you contact us, or when we contact you;
- if you contact us, we may keep a record of that correspondence;
- results from surveys that we may ask you to complete for research purposes, although you don’t have to respond to them; and
- details of your visits to our website including, but not limited to, traffic data, location data, weblogs and other communication data and the resources that you access. We may collect information about your computer, including your IP address, operating system and browser type, for system administration.
We use your Personal Information in the following ways:
- to enhance or improve your experience on our website and/or with our products & services generally;
- to contact you where necessary or appropriate, for example if you have a query;
- to provide you with information, products, or services that you request from us and notify you of any changes to these;
- to help us keep the information that it holds about you up-to-date;
- to carry out obligations arising from contracts entered into between the client company and us;
- and to keep your information secure.
To minimize the risk of unauthorized access to your information, we may use some of your information to authenticate you when using our website or when you contact us by telephone.
Personal data collected from users in the EU will be transferred from time to time out of the European Union, in particular to the United States of America and any other countries where Mediaocean group companies have offices. Data transfer agreements (based on the EU model clauses) have been put in place within the group to ensure protection of personal data in line with European data protection requirements.
Mediaocean also uses a further cloud-based software solution, Marketo, to manage marketing emails to groups of users. All personal data transferred by Mediaocean to Marketo is similarly covered by contractual clauses which govern the transfer, processing and use of the data and prohibit any further onward transfer of the data.
Mediaocean may use additional hosted or cloud-based software solutions to facilitate internal processes, such as Salesforce for key contact information management. Where this is the case, Mediaocean will only transfer your personal data under similar data transfer agreements.
If you have any concerns or queries about how Mediaocean stores or uses your data, please contact your support team.
- to save your user credentials, if you’ve opted to have the web site store your user details so that you don’t have to log in every time you visit the site
- to track your user details while you visit the site, so that we can show you information that’s relevant to you, your job and your interests
We also use Google Analytics cookies to collect traffic data which tells us how our site is being used. The information generated by these cookies is usually sent to a Google server in the USA, where it is stored. However, because IP anonymisation is activated on this website, your IP address is first abbreviated by Google within the Member States of the European Union or in other Contracting States of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address sent to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activities, and to provide the website operator with additional services connected with website and Internet use. The IP address transmitted by your browser in connection with Google Analytics is not collated with other data by Google. You can prevent the cookies from being stored by setting your browser software accordingly. However, please note that you may not then be able to make full use of all the website's functions. Furthermore, you also have the option of preventing transmission of the data created by the cookie, relating to your use of the website (including your IP address) to Google, and its processing by Google. To do this, you need to download and install the browser plug-in available at the following link (http://tools.google.com/dlpage/gaoptout?hl=en).
We do not use third-party cookies on our web sites.
Your rights under this Policy
You have the right to opt-out of any use of your personal data for marketing purposes by contacting us. You may also demand access to, deletion or correction of the personal data we hold about.
Mediaocean applies the following privacy principles to the processing of your personal information.
We inform you about the purposes for which we collect and use information about you, how to contact us with any inquiries or complaints, the types of Third Parties to which we disclose the information, and the choices and means we offer for limiting the use and disclosure of this information. We clearly provide this notice when you’re first asked to provide Personal Information to us or authorize us to collect the information from Third Parties (or as soon thereafter as practicable). We also provide clear notice before we use such information for a purpose other than that for which it was originally collected.
We collect and use only such Personal Information as is required to provide services to our clients. Such collection and use is subject to the Notice principle described above and in most circumstances doesn’t require your explicit consent. However, we obtain your consent before:
(a) disclosing Personal Information to a Third Party (other than disclosure to an agent or contractor processing the data solely on our behalf, or disclosure required by law).
(b) using Personal Information for a purpose that is incompatible with the purpose(s) for which it was originally collected or subsequently authorized by the individual.
Where consent is required, you are provided with clear and conspicuous, readily available, and affordable mechanisms to exercise choice. These mechanisms may normally be “opt-out” (we may proceed unless an objection from you is received within a reasonable time), but if the information includes Sensitive Information (as defined below), we won’t proceed without your express (“opt-in”) consent.
As a matter of routine business, we don’t disclose Personal Information to Third Parties, use Personal Information for purposes incompatible with the purposes for which it was originally collected or subsequently authorized, or collect Sensitive Information.
3. Onward transfer
Before making disclosure to a Third Party, we’ll first apply the Notice and Choice principles as described above. Unless the disclosure is legally required (such as tax reporting or responding to a judicial subpoena), we also ensure that the Third Party is obliged (by law or contract) to provide at least the same level of privacy protection as is required by these principles. Where we contract with Third Parties to process Personal Information on our behalf, our policy is to contractually oblige the Third Parties to maintain the confidentiality and security of Personal Information they receive; to act upon it only in accordance with the instructions they receive from us and/or the client company; and to handle the information strictly in accordance with these principles.
All information you provide to us is stored on our secure servers. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website or to use Mediaocean applications, you’re responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we’ll do our best to protect your Personal Information, we can’t guarantee the security of your Personal Information transmitted to our website; any transmission is at your own risk. Once we have received your information, we’ll use strict procedures and security features to try to prevent unauthorised access.
Logical access tools have been put in place to ensure that access to Personal Information is appropriately restricted. Administrative access to the information is restricted to our authorised personnel. Physical and network security measures are in place to restrict access to the computing equipment. The security measures that we have in place to protect Personal Information are certified annually.
5. Integrity of Personal Information
We take reasonable steps to ensure that Personal Information is reliable for its intended use, accurate, complete, and current. We have in place procedures to ensure that Personal Information is kept up to date. Accounts may be terminated by you or at your request at any time.
You have a right to access your Personal Information. Access may be subject to a fee of $10 to meet our costs in providing you with details of the information we hold about you, subject to confirmation of identification.
We’ll correct, amend or delete Personal Information at your request, except where the burden or expense of providing access would be disproportionate to the risks to your privacy, or where the rights of persons other than you would be violated.
We will cooperate with European data protection authorities, the US Dept. of Commerce, the US Federal Trade Commission, relevant state or provincial agencies, and law enforcement and judicial authorities in investigating any privacy complaints or suspected violations of privacy laws or Mediaocean’s privacy commitments, as well as in rectifying any noncompliant practices. Employees or contractors who violate the terms of these principles may be subject to disciplinary consequences up to and including termination of employment or termination or non-renewal of contract, in addition to any other legal measures that may be taken by Mediaocean, its clients, or the affected individuals and their representatives.
- Personal Information is any information about an identified or identifiable individual, regardless of the medium or format in which the information is stored.
- A Data Controller is a party or entity that determines the purposes and means of the processing of Personal Information. A company functions as a data controller when it decides how such information is to be used, and then uses that information accordingly.
- A Data Processor is a party or entity that processes Personal Information on behalf of a Data Controller. A company functions as a Data Processor when it acts as an agent of another company, following its instructions as to how that information should be handled and processed.
- A Third Party is an entity or person other than you, Mediaocean or its clients.
- Sensitive Information is Personal Information treated in European data protection laws as posing special risks to an individual, such as information about racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, health, or sex life.