Last update: May 2018
For the purposes of this policy, MARA defines the term “Customer” or “Client” as an entity with which MARA has an established relationship, the term “Customer Visitor” as any individual who visits any website of our Customers powered by MARA or who is included as a contact in a Customer’s account, and the term “Visitor” as an individual that visits our front-end website (for example getmara.com).
Any information stored on MARA’s platform is treated as confidential. All information is stored securely and is accessed by authorized personnel only. MARA implements and maintains appropriate technical, security and organisational measures to protect Personal Data against unauthorized or unlawful processing and use, and against accidental loss, destruction, damage, theft or disclosure.
2. Collection and use
The following sections cover the specifics of each of the three groups from which data is collected: website Visitors, Customer Visitors and Visitors.
2.2 Website Visitors
If you are a Visitor to our website only, then this section is relevant for you.
By visiting this website, you consent to the collection and use of your Personal Data as described herein. If you do not agree with the terms set out herein, please do not visit this website. If required by applicable law, we will seek your explicit consent to process Personal Data collected on this website or volunteered by you. Kindly note that any consent will be entirely voluntary. However, if you do not grant the requested consent to the processing of your Personal Data, the use of this website may not be possible.
Such Personal Data may comprise your IP address, first and last name, your postal and email address, your telephone number, your job title, data for social networks, your areas of interest, interest in MARA products, and certain information about the company you are working for (company name and address), as well as information as to the type of relationship that exists between MARA and yourself.
MARA gathers data about visits to the website, including numbers of Visitors and visits, Geo-location data, length of time spent on the site, pages clicked on or where Visitors have come.
2.2.1 Purpose of processing personal data
MARA uses the collected data to communicate with Visitors, to customize content for Visitors, to show ads on other websites to Visitors, and to improve its website by analyzing how Visitors navigate its website.
2.2.2 Sharing personal data
MARA may also share such information with service vendors or contractors in order to provide a requested service or transaction or in order to analyze the Visitor behavior on its website.
2.2.4 Links to other sites
2.3 Customer Visitors
If you wish to inquire about your Personal Data that may have been collected by MARA, we recommend that you contact the entity that created or has connections to it. As MARA is a Data Processor, it only controls the Personal Data sent by Cusomers and it is processed on behalf of its Customers. If you are unsure of who is responsible of creating it, you may contact us for further clarification.
In order to provide services to its Customers, MARA collects certain types of data from them. Furthermore, MARA’s Customers collect information from Customers’ Visitors when they visit or interact with digital or offline properties integrated with MARA platform. This section will describe how these two types of data are collected and used by MARA as well as geographical differences that effect this policy. Data entered or transferred into MARA by Customers such as texts, questions, contacts, media files, etc., remains the property of the Customer and may not be shared with a third party by MARA without express consent from the Customer.
2.4.2 Collection of Customer data
During a Customer’s registration and later on MARA’s platform, they provide information such as name, company name, email, address, telephone, credit-card number and other relevant data. This information is used by MARA to identify the Customer and provide them with support, services, mailings, sales and marketing actions, billing and to meet contractual obligations.
MARA Customers can at any time access and edit, update or delete their contact details by logging in with their username and password to MARA’s platform. MARA Customer may create more Customer accounts with different privilege levels within their account. It is the responsibility of the Customer that creates other Customer accounts, to choose the level of access each Customer should have. Once these new Customer log into MARA, they meet the definition of Customer in this policy. MARA will not retain Customer data longer than is necessary to fulfill the purposes for which it was collected or as required by applicable laws or regulations.
2.4.3 Collection of Customer Visitor data
Campaigns, emails, interactions, websites, site interactions or surveys used for gathering data are created by Customers, who make them available to relevant businesses, organizations, and individuals. It is the Customer’s responsibility to ensure that collection and processing of data is done in accordance with applicable law. MARA will not process Personal Data for other purposes or by other means than instructed by its Customers.
Customer visitors data includes data from individuals being tracked, uploaded, transferred or manually entered by a MARA Customer into their account for marketing or business purposes to the Customer. Personal Data may include, personal contact information such as name, home address, home telephone or mobile number, email address, information concerning family, lifestyle and social circumstances including age, date of birth, marital status, number of children, employment details, education/qualification, business contact details, gender, religion, race, health detail and other sensitive Personal Data. Answers to questions by Customers Visitors, may also include Personal Data.
The purpose of collecting Personal Data will vary depending on each customer business and marketing needs, as set up by MARA’s Customers. As MARA provides services to a wide group of customers and businesses, the purpose may vary greatly. For Customers in the EEA, or for Customers providing services to people in the EEA, the Customers will be the “Data Controller”, as defined in the Directive and the GDPR. The purpose will consequently be defined by MARA’s Customer.
If you or your organization are required under the European Union’s General Data Protection Regulation (GDPR) to enter into a contract, or other binding legal act under EU or Member State law, with your data processors, review and accept MARA’s Data Processing Agreement in your MARA account.
2.4.4. Geographical location
MARA offers a number of data regions. A MARA “Data Region” is a set of data centers located within a defined geographical area where Customer and Customer Visitor data is stored. Personal Data might be transmitted between Data Regions. For MARA Customers with accounts located in MARA’s European Data Region, all Personal Data is processed in the EEA. For Customers with accounts in the Data Regions: United States of America (US) and Canada, all Personal Data is processed in the EEA or United States of America or Canada. For Customers with accounts in our Asia Pacific Data Region, all Personal Data is processed in Singapore, EEA or United States of America.
220.127.116.11 Processing in the European Economic Area (EEA)
For Customers with accounts located in MARA’s European Data Region, all processing of Personal Data is performed in accordance with privacy rights and regulations following the EU Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 (the Directive), and the implementations of the Directive in local legislation. From May 25th, 2018, the Directive and local legislation based on the Directive will be replaced by the Regulations (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, known as the General Data Protection Regulation (GDPR), and MARA’s processing will take place in accordance with the GDPR.
MARA processes Personal Data both as a Processor and as a Controller, as defined in the Directive and the GDPR:
The MARA entity which you as a Customer entered an agreement with when using MARA’s platform, will be the Controller for Customer data, as outlined above in “Collection of Customer data” section.
For Customer Visitor data, as outlined in the “Collection of Customer Visitor data” section, the Customer will be the Controller in accordance with Directive and GDPR, and MARA will be the Processor.
MARA adheres to the Directive of 1995 and the GDPR from May 25th, 2018. Consequently, MARA processes all data provided by its Customers with accounts in its European Data Region, in the European Economic Area (EEA) only.
All data collected by MARA Customers through our platform will be stored exclusively in secure hosting facilities provided by Amazon, Google Microsoft Azure or Digital Ocean. MARA has a data processing agreement in place with its providers, ensuring compliance with the Directive. All hosting is performed in accordance with the highest security regulations. All transfers of data internally in the EEA is done in accordance with this data processing agreement.
18.104.22.168 Processing data
For Customers with accounts in the MARA US Data Region, MARA processes data in data centers located in the US as well as EEA. MARA has adopted reasonable physical, technical and organizational safeguards which substantially mirror the EU safeguards against accidental, unauthorized or unlawful destruction, loss, alteration, disclosure, access, use or processing of the Customers’ data in MARA’s possession. MARA will promptly notify the Customer in the event of any known unauthorized access to, or use of, the Customers’ data.
All data collected by MARA Customers through our platform will be stored exclusively in secure hosting facilities provided by Amazon Web Services, Google Cloud, Microsoft Azure or Digital Ocean. MARA’s contract with its hosting provider ensures that all hosting is performed in accordance with the highest security regulations. MARA’s policy is to protect and safeguard any personal information obtained by MARA in accordance with United States state or federal laws governing the protection of personal information and data. Accordingly, MARA adheres to practices and policies that aim to safeguard the data.
All data collected by MARA Customers through surveys will be stored exclusively in secure hosting facilities provided by Amazon Web Services, Google Cloud, Microsoft Azure or Digital Ocean. MARA’s contract with its hosting provider ensures that all hosting is performed in accordance with the highest security regulations. MARA’s policy is to protect and safeguard any personal information obtained by MARA in accordance with Canadian laws governing the protection of personal information and data. Accordingly, MARA adheres to practices and policies that aim to safeguard the data.
22.214.171.124 Processing in other regions
For Customers with accounts in our Asian Pacific Data Region, MARA processes data in data centers located in Singapore, United States or EEA. MARA has adopted reasonable physical, technical and organizational safeguards which substantially mirror the EU safeguards against accidental, unauthorized or unlawful destruction, loss, alteration, disclosure, access, use or processing of the Customers data in MARA’s possession. MARA will promptly notify the Customer in the event of any known unauthorized access to, or use of, the Customer’s data.
All data collected by MARA Customers through it’s platform will be stored exclusively in secure hosting facilities provided by Amazon Web Services, Google Cloud, Microsoft Azure or Digital Ocean. MARA’s contract with its hosting provider ensures that all hosting is performed in accordance with the highest security regulations. Accordingly, MARA adheres to practices and policies that aim to safeguard the data.
3. Retention and deletion
MARA will not retain data longer than is necessary to fulfill the purposes for which it was collected or as required by applicable laws or regulations. For Customer Visitor data, MARA’s Customers have control of the purpose for collecting data, and the duration for which the Personal Data may be kept. For Customer Visitor data, Customers with an active account will therefore have the responsibility to delete data when required. When a Customer’s account is terminated or expired, all Personal Data collected through the platform will be deleted, as required by applicable law.
4. Acceptance of these Conditions
5. Our Legal Obligation to Disclose Personal Information
We will reveal a user’s personal information without his/her prior permission only when we have reason to believe that the disclosure of this information is required to establish the identity of, to contact or to initiate legal proceedings against a person or persons who are suspected of infringing rights or property belonging to MARA or to others who could be harmed by the user’s activities or of persons who could (deliberately or otherwise) transgress upon these rights and property. We are permitted to disclose personal information when we have good reason to believe that this is legally required.
6. For Further Information
If you have any further questions regarding the data MARA collects, or how we use it, then please feel free to contact us by email at: firstname.lastname@example.org