(Effective as of November 1, 2012)
We recognize and respect your privacy rights with regard to Personal Information. As part of our compliance with European Union privacy laws, we participate in the International Safe Harbor Program established by the United States and the European Union (see http://www.export.gov/safeharbor) for the purpose of regulating the transfer of Personal Information from Europe to the United States. We comply with the US-EU Safe Harbor Framework as set out by the US Department of Commerce.
Mediaocean as a data processor
With respect to Personal Information that is collected, stored or used by our clients, we act only as a Data Processor. Our sole function is to provide technical support to run the systems on our mainframe and servers for the benefit of our clients. The client company is the Data Controller and is responsible for data protection obligations pertaining to its notification, collection, accuracy, and timely disposal. The client company is also responsible for arrangements to enable you to access your own Personal Information, subject to confirmation of identification, and for authorizing disclosure to Third Parties. Mediaocean’s responsibilities for this data are limited to making provisions for the security, availability and integrity of data on our systems.
In accordance with the provisions of Safe Harbor’s FAQ 10 – Article 17 contracts, we have entered into a contract with each of our clients that defines their ownership of all data which their employees enter into our systems. Under the terms of each contract, we’re obliged to process the data only in accordance with instructions from the client. Thus, we’re not required to apply the Safe Harbor principles to this information because the Data Controller remains responsible for it vis-à-vis each individual in accordance with EU provisions.
Mediaocean as a data controller
Acting as a Data Controller, we may collect and process the following information about you:
- your name, your email address and other contact details;
- your training profile, including details of courses you’ve attended and courses that you’re due to complete;
- information that you provide by filling in forms on www.mediaocean.com (our website), or on Support Central; when you contact us, or when we contact you;
- if you contact us, we may keep a record of that correspondence;
- results from surveys that we may ask you to complete for research purposes, although you don’t have to respond to them; and
- details of your visits to our website including, but not limited to, traffic data, location data, weblogs and other communication data and the resources that you access. We may collect information about your computer, including your IP address, operating system and browser type, for system administration.
We use your Personal Information in the following ways:
- to contact you where necessary or appropriate, for example if you have a query;
- to enhance or improve your experience on our website and/or with our products & services generally;
- to provide you with information, products, or services that you request from us and notify you of any changes to these;
- to help us keep the information that it holds about you up-to-date;
- to carry out obligations arising from contracts entered into between the client company and us;
- and to keep your information secure.
To minimize the risk of unauthorized access to your information, we may use some of your information to authenticate you when using our website or when you contact us by telephone.
We do not pass on your data to third parties and will notify you if this changes.
If you have any concerns or queries about how Mediaocean stores or uses your data, please contact your support team.
|Session cookie||Jsessionid||Used to track user session on website||All sites|
|Session cookie||LtpaToken, LtpaApacheToken||Authentication token that identifies user during session||DDS sites|
|Session cookie||UserName||Used in display of pages||DDS sites|
|Google Analytics cookie||_utma, _utmb, _utmz||Collects traffic data||All sites|
|Persistent cookie||DDSPersistentLoginCookie||Stores user credentials between sessions if user selects ‘Remember me’ on login page||DDS sites|
|Stores user credentials between sessions if user selects ‘Remember me’ on login page||Support Central|
|Persistent cookie||SaveStateCookie||Dojo cookie that remembers tree selections||DDS sites|
The following cookies are essential for the operation of our website and have already been set: JsessionId, LtpaToken, LtpaApacheToken. Cookies DDSPersistentLoginCookie and SPRING_SECURITY_REMEMBER_ME_COOKIE are essential if you choose the ‘Remember me’ option on the login page.
All other cookies are functional cookies (as defined by the International Chamber of Commerce). Your use of the web site is taken as consent to use these cookies.
If you would prefer to switch off the use of Google Analytics cookies, please use the Google utility cookie to opt-out of Google Analytics across all websites.
We do not use third-party cookies on our web sites.
Safe Harbor privacy principles
We handle Personal Information in accordance with the seven Safe Harbor Privacy Principles (Notice, Choice, Onward Transfer, Security, Data Integrity, Access, and Enforcement). You can find a full statement of these principles, summarized below, on the Safe Harbor website of the U.S. Dept. of Commerce at http://www.export.gov/safeharbor.
We inform you about the purposes for which we collect and use information about you, how to contact us with any inquiries or complaints, the types of Third Parties to which we disclose the information, and the choices and means we offer for limiting the use and disclosure of this information. We clearly provide this notice when you’re first asked to provide Personal Information to us or authorize us to collect the information from Third Parties (or as soon thereafter as practicable). We also provide clear notice before we use such information for a purpose other than that for which it was originally collected.
We collect and use only such Personal Information as is required to provide services to our clients. Such collection and use is subject to the Notice principle described above and in most circumstances doesn’t require your explicit consent. However, we obtain your consent before:
(a) disclosing Personal Information to a Third Party (other than disclosure to an agent or contractor processing the data solely on our behalf, or disclosure required by law).
(b) using Personal Information for a purpose that is incompatible with the purpose(s) for which it was originally collected or subsequently authorized by the individual.
Where consent is required, you are provided with clear and conspicuous, readily available, and affordable mechanisms to exercise choice. These mechanisms may normally be “opt-out” (we may proceed unless an objection from you is received within a reasonable time), but if the information includes Sensitive Information (as defined below), we won’t proceed without your express (“opt-in”) consent.
As a matter of routine business, we don’t disclose Personal Information to Third Parties, use Personal Information for purposes incompatible with the purposes for which it was originally collected or subsequently authorized, or collect Sensitive Information.
3. Onward transfer
We may disclose your Personal Information to any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries.
Before making disclosure to a Third Party, we’ll first apply the Notice and Choice principles as described above. Unless the disclosure is legally required (such as tax reporting or responding to a judicial subpoena), we also ensure that the Third Party is obliged (by law, contract, or its own Safe Harbor certification) to provide at least the same level of privacy protection as is required by these principles. Where we contract with Third Parties to process Personal Information on our behalf, our policy is to contractually oblige the Third Parties to maintain the confidentiality and security of Personal Information they receive; to act upon it only in accordance with the instructions they receive from us and/or the client company; and to handle the information strictly in accordance with these principles.
All information you provide to us is stored on our secure servers. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you’re responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we’ll do our best to protect your Personal Information, we can’t guarantee the security of your Personal Information transmitted to our website; any transmission is at your own risk. Once we have received your information, we’ll use strict procedures and security features to try to prevent unauthorised access.
Logical access tools have been put in place to ensure that access to Personal Information is appropriately restricted. Administrative access to the information is restricted to our authorised personnel. Physical and network security measures are in place to restrict access to the computing equipment. The security measures that we have in place to protect Personal Information are certified annually.
5. Integrity of Personal Information
We take reasonable steps to ensure that Personal Information is reliable for its intended use, accurate, complete, and current. We have in place procedures to ensure that Personal Information is kept up to date. Accounts may be terminated by you or at your request at any time.
You have a right to access your Personal Information. Access may be subject to a fee of $10 to meet our costs in providing you with details of the information we hold about you, subject to confirmation of identification.
We’ll correct, amend or delete Personal Information at your request, except where the burden or expense of providing access would be disproportionate to the risks to your privacy, or where the rights of persons other than you would be violated.
We use an annual self-assessment program to verify that the attestations we make under the Safe Harbor Program are true and that our privacy policies are being followed in practice.
We will cooperate with European data protection authorities, the US Dept. of Commerce, the US Federal Trade Commission, relevant state or provincial agencies, and law enforcement and judicial authorities in investigating any privacy complaints or suspected violations of privacy laws or Mediaocean’s International Safe Harbor commitments, as well as in rectifying any noncompliant practices. Employees or contractors who violate the terms of these principles may be subject to disciplinary consequences up to and including termination of employment or termination or non-renewal of contract, in addition to any other legal measures that may be taken by Mediaocean, its clients, or the affected individuals and their representatives.
- Personal Information is any information about an identified or identifiable individual, regardless of the medium or format in which the information is stored.
- A Data Controller is a party or entity that determines the purposes and means of the processing of Personal Information. A company functions as a data controller when it decides how such information is to be used, and then uses that information accordingly.
- A Data Processor is a party or entity that processes Personal Information on behalf of a Data Controller. A company functions as a Data Processor when it acts as an agent of another company, following its instructions as to how that information should be handled and processed.
- A Third Party is an entity or person other than you, Mediaocean or its clients.
- Sensitive Information is Personal Information treated in European data protection laws as posing special risks to an individual, such as information about racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, health, or sex life.