MacMillan, Sobanski &
Todd, LLC - Privacy Notice
1. What This Privacy Notice Covers
The purpose of this Privacy Notice is to
explain how MacMillan, Sobanski & Todd, LLC, an Ohio corporation
("MST," "we," "us," or "our"), secures,
shares, and uses personal information that it collects and receives from you
through its websites (www.mstfirm.com; www.mstipmanager.com;
www.mstipsolutions.com), website hosting and design services, communication
tools, mobile applications, app marketplace, ecommerce tools, and other
services (collectively, the “Service”). If you have any questions or
concerns regarding this Privacy Notice or our practices, please see the “Contact
Us” section below.
For Users Outside the European Union:
For users located outside of the European
Union, by submitting any personal information through our website or otherwise
through our Service, you agree to the terms of this Privacy Notice and you
expressly consent to the collection, use, and disclosure of your personal
information in accordance with this Privacy Notice.
For all users:
We may use information shared with us for any
legal purpose, including to run and improve our Service, but in each case
solely in accordance with applicable law, the scope of your consent to use such
information (if applicable) and, where MST acts as a data processor for a data
controller, solely on the basis of instructions from such data controller. For
example, with respect to some parts of our Service, such as our hosted IP
Management software solutions, our user is the data controller and MST is a
data processor. As a data processor, MST does not have a direct
relationship with the person whose personal information we collect and process
at the direction of our user (i.e. the data controller). If you are a
customer of one of these users and no longer want to be contacted by that user
or want to access and change the personal information we collect and process as
a data processor, please contact the user you interacted with directly.
2. What Personal Information Does MST
Collect?
MST may collect personal information as
further described below through: (a) Personal Information provided by you, (b)
Automatically Collected Information, (c) Billing Information, (d) Cookies and
Other Tracking Technologies, (e) Third Party Analytics Data, (f) Mobile
App-Based Data and (g) Cross-App and Cross-Device Information. We do not
collect or use “sensitive consumer information” and do not offer or sell to any
third party any data based on sensitive consumer information.
(a)
Personal Information provided by you. We collect personal information (e.g.,
name, email address, phone number, and other information that we can use to
identify or contact you as an individual) when you:
·
register
an account with us;
·
sign
up or log in to our Service using services such as Facebook, Google+, or other
Open ID provider.
·
contact
our customer support services;
·
sign-up
as, or are invited to be, a member of an account user’s site;
·
enter
our promotions, contests, or sweepstakes;
·
post
content on a MST website or blog;
·
post
an App review in our App Marketplace
We use this personal information in order to
provide you with our Service, to respond to billing inquiries, and keep you
updated with news about MST, the Service, and our partners in accordance with
your consent preferences as applicable.
(b) Automatically Collected User
Information. When you access and use our Service, we automatically
collect and store, in log files, your Internet Protocol (IP) address, browser
type, internet service provider (ISP), referring/exit pages, operating system,
date/time stamp, clickstream data, and other user information as part of our
Service analytics (individually and collectively, “Automatically Collected
Information”). We do not link this Automatically Collected Information to other
information we collect about you and such Automatically Collected Information
does not directly identify you as a person. However, where you are a resident
of the European Union, this may still be deemed to be personal information.
(c) Billing Information. If
you sign up for an MST account, register a domain through us, or purchase
another paid service, we require your billing information in order to process
the transaction. Billing information includes your name, address, telephone
number, and other information necessary to process the transaction.
(d) Cookies and Tracking
Technologies. MST and our affiliates, partners, and service providers
(such as marketing, analytics, and customer support partners) may use cookies,
pixels, and similar technologies for analyzing trends, site administration,
tracking mobile application installations, understanding how users interface
with our site(s), and to gather demographic information about our user base as
a whole. We may receive reports based on the use of these technologies by these
companies on an individual, device specific and/or in an aggregated basis.
UNLESS YOU ARE AN EU RESIDENT,
VISITING MST WITH YOUR BROWSER SET TO ACCEPT COOKIES OR USING OUR MOBILE
APPLICATIONS OR OTHER SOFTWARE TELLS US YOU WANT TO USE OUR SERVICE AND YOU
CONSENT TO OUR USE OF COOKIES AND OTHER TECHNOLOGIES TO PROVIDE YOU OUR
SERVICE.
We use cookies for a number of
purposes, some of which are strictly necessary, to remember user settings such
as language preferences, and for authentication as follows:
|
First
party cookies |
Used
to provide basic functionality of our Service, including for authentication
and security purposes, configuration, and support. |
|
Third
party cookies |
Used
to enable certain analytics and tracking tools, as well as interest based
advertising and chat functionality. |
|
Session
cookies |
Used
to enable certain analytics and tracking tools, interest based advertising,
as well as for app configuration, monitoring tools, to pin user session to a
specific server, and to prevent cross site request forgery. |
|
Persistent
cookies |
Provides
functionality of first party cookies and third party cookies across sessions. |
You can control the use of certain
cookies at the individual browser level or in your operating system
preferences. If you opt-out of such cookies, you may still use our
Service, but your ability to use some features or areas of our Service may be
limited. You can find out more about your rights in relation to cookies
and how to control them here: http://www.allaboutcookies.org/ .
If you are located in
Europe, for more information about targeted advertising or to opt out of having
your browser information used for these purposes, please click here or change your cookie
preferences on your browser or device settings. Please note this does not opt
you out of being served ads. You will continue to receive generic ads, but
these ads will not be targeted to you based on your web browsing experiences.
(e) Third Party Analytics Services. We
currently do not use third party analytic services.
(f) Do Not Track. Currently, we do not support
Do Not Track or “DNT.” DNT is a preference you set in your web browser to tell
visited websites you do not want to be tracked. You can enable or disable DNT
through the preferences or settings of your web browser.
(g) Mobile App. When you
download and use the Service through our mobile app, we automatically collect
information on the type of device you use and operating system version (“Mobile
App-Based Data”).
We use mobile analytics software to allow
us to better understand the functionality of the Service on your device. This
software may record information such as how often you use the application, the
events that occur within the application, aggregated usage, content,
performance data, and where the application was downloaded from.
We may also send you push notifications
from time-to-time in order to update you about events or promotions. If you no
longer wish to receive these types of communications, you may turn them off at
the device level. To ensure that you receive proper notifications, we need to
collect certain information about your device such as operating system and user
identification information.
(h) Cross-App and Cross-Device
Information. We, our customers, and/or our third party partners may
collect information about your activity across multiple unaffiliated
third-party mobile applications. This information may also be combined with a
mobile identifier and or establish connections among related devices (such as
mobile devices and desktop computers). We may share this information
with our customers and/or our third party partners for any legal
purpose. To opt out of such practices, please see the opt-out
information described here (you will need to use this
link on each device you use in order to opt out of such practices across all
devices).
We, our customers, and/or our third
party partners may use technology that establishes connections among related
devices (such as mobile devices and desktop computers). This means that information about your use of
websites or applications on one of your devices may be combined with
information from your other devices.
(i) Sensitive Consumer Information. MST
does not collect or use “sensitive consumer information” and does not offer or
sell to any third party any data based on sensitive consumer information.
For purposes of this Privacy Notice, “Sensitive consumer information” includes
social security numbers or other government-issued identifiers, insurance plan
numbers, financial account numbers, and precise information about past,
present, or potential future health or medical conditions or treatments,
including genetic, biometric, genomic and family medical history nor does it include
racial or ethnic origin information, information about sexual orientation,
criminal records or trade union membership information. MST maintains internal
policies and procedures designed to safeguard against the collection or use of
such information.
3. How Does MST Use Your Personal
Information?
As further described below, MST may use the
information it collects from you for any lawful purpose, including, without
limitation, for providing products and services, identification and
authentication, Service operation, analytics and improvements, support, contact
(e.g., sending notifications related to use of the Service), marketing and
promotions, research, and anonymous reporting. We may combine Automatically
Collected Information with other information we collect about you, in each case
that does not directly identify you as a person (but as explained above, may
still identify your device or indirectly identify you), to improve site
functionality and the services we offer you, and for Service and both internal
and external marketing analytics.
In particular, we engage in the following
practices with respect to the information and uses described below:
To provide a requested service or carry out a
contract with you.
Personal information you
provide to us. We
use this personal information in order to provide you with our Service, to
respond to billing inquiries, and keep you updated with news about MST, the
Service, and our partners.
User Site
Membership/Registration. When you register, or are invited to register, as a
member of a website or application operated by one of our account users, we
store and use your information solely to provide administrative services in
support of our member feature (such as account set-up and password reset).
Please contact the site operator directly to have your registration information
removed.
Auto Renewal. If your subscription is
auto-renewing, our authorized payment processor will store your payment
information on their secure payment gateway for as long as necessary to carry
out the terms of your subscription.
Where we have your consent
Email Messages
For users outside the EU: By providing us your email
address, you are consenting to us or our partners contacting you via email.
For all users: MST
may contact you at any email address you have provided us, including email
addresses you have made available on your MST website(s) for:
Account
notifications;
Account
troubleshooting;
Dispute
resolution;
Debt
collection; or
As necessary
to service your account or enforce our Terms of Service and policies,
applicable law, or any other agreement we may have with you.
If you do not wish to
receive such communications, you may change your preference by sending us an
email at any time via privacy@mstfirm.com.
Phone Calls and Messages.
For users outside the
EU: By
providing us your phone number, you are consenting to us or our partners
contacting you via autodialed or prerecorded calls/messages and you understand
that providing your number is not a condition of purchasing any MST product or
service.
For all users: MST
may contact you at any telephone number you have provided us, including phone
numbers you have made available on your MST website(s) for:
Account
notifications;
Account
troubleshooting;
Dispute
resolution;
Debt
collection; or
As
necessary to service your account or enforce our Terms of Service and policies,
applicable law, or any other agreement we may have with you or on behalf of
your company.
If you do not wish to
receive such communications, you may change your preference by sending us an
email at any time via privacy@mstfirm.com.
Where we have a legitimate interest
IP addresses, browser and
session information.
IP addresses, browser and session information may be used to:
Diagnose
and prevent service or technology problems reported by our users or engineers
that are associated with the IP addresses controlled by a specific web company
or ISP.
Estimate
the total number of users from specific geographical regions using the Service.
Help
determine which users have access privileges to certain content, services, or
resources that we offer.
Monitor
and prevent fraud and abuse.
Automatically
collected user information. We use this personal information to
analyze trends in the aggregate and administer the Service.
Cross-App and Cross-Device
Information. We, our customers, and/or our third party partners use this
in order to deliver advertising that may be more relevant to you, as well as
for analytics and reporting purposes.
Third Parties
Our Service includes links
to other websites whose privacy practices may differ from ours. If you submit
personal information to any of those sites, your information is governed by
their privacy policies. We encourage you to carefully read the privacy policy
of any website you visit.
4. Who does MST share your personal
information with?
MST does not share personal information we
learn about you from your use of the Service with others except as described in
this Privacy Notice and in connection with: (i) the completion of transactions;
(ii) research, promotions, sweepstakes and contests; (iii) third party
marketing; (iv) a merger or sale; (v) publicly accessible information; (vi)
domain registrations; and (vii) other lawful disclosures.
Completion of Transactions. MST may share your
personal information on a secured basis where it is necessary to complete a transaction;
to operate, improve, or communicate to you about the Service; to detect fraud
or compliance with export regulations; or to do something that you have asked
us to do. We use other third parties such as payment processors to bill you for
goods and services. These third parties are authorized to use your personal
information only as necessary to provide these services to us and are
prohibited from using your personal information for promotional purposes.
Research,
Promotions, Sweepstakes and Contests. From time to time, MST or a
partner may sponsor a research panel, promotion, sweepstake, or contest on MST.
You may be asked to provide personal information including name, email address,
or home address, or to answer questions in order to participate. This
information will be used strictly for purposes of the research panel,
promotion, sweepstake, or contest administration and fulfillment, as well as
for internal business purposes.
Third Party
Marketing. MST may share anonymized and/or aggregated information with
third parties for their marketing, advertising, promotion, or other uses. In
addition, from time to time we may share your personal information with third
parties who want to promote goods and/or services that we think would be of
interest to you. If you are located in the EU, we will only share your personal
information for any marketing purposes where you have consented to this after
being provided with information on the concerned third parties or where it is
otherwise lawful to do so. If you want us to stop sharing your contact
information with third parties, you may notify us via email at
privacy@mstfirm.com or the details in the contact us section below.
In the Event of Merger or
Sale.
As we continue to develop our business, we may also buy or sell all or
part of our business. In such transactions, personal information you have
shared with us is generally one of the business assets that will be
transferred. The transferred personal information will remain subject to the
promises made in this privacy notice or subsequent notices to which you have
consented. If MST is involved in a merger, acquisition, or sale of all or a
portion of its assets, you will be notified via email and/or a prominent notice
on our site of any change in ownership or uses of your personal information, as
well as any choices you may have regarding your personal information.
Domain Registrations. Please note, standard
domain registration shows your personal contact information in the public WHOIS
database. You can shield your personal information from public view and help
protect yourself against spam, fraud, identity theft, and more by purchasing
Private Registration from us.
Lawful disclosure.
MST may disclose personal information about you under the following
circumstances:
In
response to lawful requests by public authorities, including but not limited to
national security or law enforcement requests. We may also disclose your
personal information as required by law, such as to respond to subpoenas, court
orders, or similar legal processes, to establish or exercise our legal rights
or, defend against legal claims, or if in our judgment in such circumstances
disclosure is required or appropriate.
If
we believe it is necessary in order to investigate, prevent, or take action
regarding illegal activities, suspected fraud, situations involving potential
threats to the physical safety of any person, violations of our various terms
of use, or as otherwise required by law.
5. How long does MST retain your personal
information?
As further described below, we will retain
your information for as long as your account is active or as needed to provide
you the Service, but in no event longer than permitted by applicable law.
Notwithstanding the foregoing:
MST
uses Automatically Collected Information and Mobile App-Based Data for no more
than 13 months.
We
maintain stored data for a period of up to 24 months in order to comply with
audits, court order or law enforcement inquiries and for the purpose of
ensuring that our technology is functioning properly, and preventing fraud
across our Service.
After
24 months, all of the stored data is destroyed. Summarized data
consisting of aggregated statistical data or other anonymous data may be kept
indefinitely.
When determining the relevant retention
periods, we will take into account factors including:
our
contractual obligations and rights in relation to the personal information involved;
legal
obligation(s) under applicable law to retain data for a certain period of time
statute
of limitations under applicable law(s)
(potential)
disputes, and
guidelines
issued by relevant data protection authorities.
Otherwise, we securely erase your
information once this is no longer needed.
6. Does MST Transfer Your Personal
Information Outside the Country?
Where required, we may transfer your personal
information to our servers located outside the country in which you live (In
particular, if you are an EU resident, your personal information is
automatically transferred to us in the U.S). Laws of other countries on
personal information can sometimes be different from those in your country of
residence. We will only transfer data where it is lawful to do so. Where
your personal information is transferred outside its country of origin, we
ensure security measures and appropriate safeguards are put in place to protect
your personal information and ensure that all transfers of your personal
information comply with applicable data protection law, and are carried out in
accordance with MST’s instructions. More information on our Privacy Shield
Certification can be found in the Privacy Shield Certification section 14
below. To find out more about how we safeguard your personal information
(including obtaining a copy of such safeguards) in relation to transfers
outside the EEA, please contact us through our help center or through the
details provided in the Contact Us section below.
7. How Does MST Keep Your Personal
Information Safe?
We take reasonable steps to put in place
appropriate physical, electronic, and procedural safeguards to protect the
integrity and security of personal information about you and to prevent
unauthorized or unlawful processing of personal information and the accidental
loss, destruction, or damage to personal information. These measures
include internal reviews of our data collection, storage and processing
practices and security measures (Strong password protection and in certain
areas industry standard SSL-encryption to protect data transmissions), as well
as physical security measures to guard against unauthorized access to systems
where we store data.
However, data transmissions over the
Internet and methods of electronic storage are not 100% secure. Consequently,
we cannot guarantee or warrant the security of any information you transmit to
us and you do so at your own risk.
If MST learns of a security systems
breach we may attempt to notify you electronically so that you can take
appropriate protective steps. We may post a notice on our applicable web sites
if a security breach occurs. If this happens, you will need a web browser
enabling you to view the applicable web sites. In these circumstances, we may
also send an email to you at the email address you have provided to us.
Depending on where you live, you may have a legal right to receive notice of a
security breach in writing. To receive free written notice of a security breach
(or to withdraw your consent from receiving electronic notice) submit a request
via email privacy@mstfirm.com.
8. What are your Privacy Rights?
MST as Data Controller. Upon request, we will
provide you with information about whether we hold or process your personal
information on behalf of third parties. You can contact us via email at
privacy@mstfirm.com, and we will respond as soon as possible, but at most
within 30 days.
You can request to delete your applicable
account by emailing your request to privacy@mstfirm.com; however, some personal
information, primarily your contact information, may remain in our records to
the extent necessary to protect our legal interests or document compliance with
regulatory requirements, in each case solely to the extent permitted by
applicable law.
If your personal information changes, or if
you no longer wish to use our Service, you may correct, update, or delete such
information by submitting a request via email to privacy@mstfirm.com.
MST as Data Processor.
MST acknowledges you have the right to access and change the personal
information we collect and process as a data processor. An individual who
seeks to access or to correct, amend, or delete personal information should
direct their request to the MST user who is the data controller, and not to MST
directly. If the data controller requests MST remove personal information we
will respond within a reasonable timeframe.
Users in the European Union only:
Under EU Regulation 2016/679 of the European
Parliament and the Council; the General Data Protection Regulation (“GDPR”),
you have a number of rights when it comes to your personal information. Further
information and advice about your rights can be obtained from the data
protection regulator in your country of residence within the EU. You can
exercise any of these rights by contacting us through our help center or the details in the contact us section
below:
The right to be informed. You have
the right to be provided with clear, transparent and easily understandable
information about how we use your information and your rights. This is why
we’re providing you with the information in this Policy.
The right of access. You have
the right to obtain access to your information (if we’re processing it), and
certain other information (similar to that provided in this Privacy Policy).
This is so you’re aware and can check that we’re using your information in
accordance with data protection law. You can do this by writing us on the email
address below.
The right to rectification. You
are entitled to have your information corrected if it is inaccurate or
incomplete. You can request that we rectify any errors in personal information
that we hold by writing us on the email address below.
The right to erasure. This is
also known as ‘the right to be forgotten’ and, in simple terms, enables you to
request the deletion or removal of your information where there is no
compelling reason for us to keep using it. This is not a general right to
erasure; there are exceptions.
The right to restrict processing.
You have rights to ‘block’ or suppress further use of your information. When
processing is restricted, we can still store your information, but may not use
it further. We keep lists of people who have asked for further use of their
information to be ‘blocked’ to make sure the restriction is respected in
future.
The right to data portability.
You have rights to obtain and reuse your personal data for your own purposes
across different services. For example, if you decide to switch to a new
provider, this enables you to move, copy or transfer your information easily
between our IT systems and theirs safely and securely, without affecting its
usability. This is not a general right however and there are exceptions.
The right to object to processing.
You have the right to object to certain types of processing, including
processing for direct marketing (i.e. receiving emails from us notifying you
about other services we provide which we think may be of interest to you or
being contacted with varying potential opportunities). You may change your
preferences regarding email communications by visiting one of our preference
centers listed below.
The right to lodge a complaint.
You have the right to lodge a complaint about the way we handle or process your
personal data with your national data protection regulator.
The right to withdraw consent.
If you have given your consent to anything we do with your personal data (i.e
we rely on consent as a legal basis for processing your personal information),
you have the right to withdraw your consent at any time (although if you do so,
it does not mean that anything we have done with your personal data with your
consent up to that point is unlawful). You can withdraw your consent to the
processing of your personal information at any time.
We usually act on requests and provide
information free of charge, but may charge a reasonable fee to cover our
administrative costs of providing the information for baseless or
excessive/repeated requests, or further copies of the same information.
Alternatively, we may be entitled to refuse to act on the request.
Please consider your request
responsibly before submitting it. We will respond as soon as we can. Generally,
this will be within one month from when we receive your request but, if the
request is going to take longer to deal with, we’ll come back to you and let
you know.
9. Third Party Features, Services, Links and
Apps
Our Service includes various third party
features, services, and apps, including but not limited social media features,
apps you may add to your Site via the App Marketplace, links to public and
private third party data providers, back end service providers, and Widgets,
such as interactive mini-programs that run on our Service (“Third Party
Features, Services, and Apps”). These Third Party Features, Services, and Apps
may collect your IP address, which page you are visiting on our site, and may
set a cookie to enable the Third Party Features, Services, and Apps to function
properly. Third Party Features, Services, and Apps are either hosted by a third
party or hosted directly on our Service. Your interactions with these Third
Party Features, Services, and Apps may be governed by the privacy policy of the
company providing the Third Party Features, Services, and Apps, and you are
responsible for viewing that company’s relevant privacy policy.
Third Party Features, Services, and Apps may
also support functions that require that you disclose certain personal
information given your choice of participation. This information is collected
in many different ways such as: forms, surveys, contests, forums, subscribing
or unsubscribing to mailings and correcting or updating personal information
and is only used for the purpose in which it was collected. Third Party
Features, Services, and Apps may also collect sensitive information, such as
financial information (credit card) to process purchases for products or
services.
Our Service includes links to other
websites whose privacy practices may differ from ours. If you submit personal
information to any of those sites, your information is governed by their
privacy policies. We encourage you to carefully read the privacy policy of any
website you visit.
10. Users from the European Economic
Area (“EEA”) or the EU
If you are based in a country in the EEA or
EU and we hold personal information about you as a data controller, the
controller of your personal information is MacMillan, Sobanski & Todd, LLC
an Ohio corporation incorporated in Ohio whose principal place of business is
located at One Maritime Plaza, Fifth Floor, 720 Water Street, Toledo, Ohio,
43604.
11. Users from California
Under California Civil Code sections 1798.83-
1798.84, California residents are entitled to ask us for a notice identifying
the categories of personal information which we share with our affiliates
and/or third parties for marketing purposes, and providing contact information
for such affiliates and/or third parties. If you are a California resident and
would like a copy of this notice, please submit a written request to the
following address:
Attention:
Legal - Privacy
MacMillan, Sobanski & Todd, LLC
One
Maritime Plaza, Fifth Floor
720
Water Street
Toledo,
Ohio 43604
12. Additional Privacy Information for
U.S. Educational Institutions
MST does not collect pupil or educator data
for U.S. educational institutions.
13. Privacy Shield Certification
MST
plans to participate in and will certify its compliance with the EU-U.S.
Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework, see https://www.privacyshield.gov/.
This policy will be updated to reflect
MST’s self-certification on the Privacy Shield List once the Department of
Commerce gives notice that the MST’s submission is otherwise complete.
MST is committed to subjecting all
personal data received from European Union (“EU”) member countries and
Switzerland, respectively, in reliance on the Privacy Shield Frameworks, to the
Framework’s applicable Principles. To learn more about the Privacy Shield
Frameworks, and to view our certification, visit the U.S.
Department of Commerce’s Privacy Shield List.
MST is responsible for the processing
of personal data it receives, under the Privacy Shield Framework, and may
subsequently transfer data to a third party acting as an agent on its behalf.
MST complies with the Privacy Shield Principles for all onward transfers of
personal data from the EU and Switzerland, including the onward transfer
liability provisions.
With respect to personal data received or
transferred pursuant to the Privacy Shield Frameworks, MST is subject to the
regulatory enforcement powers of the U.S. Federal Trade Commission.
Under certain conditions, as more fully
described on the Privacy
Shield website,
you may invoke binding arbitration when other dispute resolution procedures
have been exhausted.
14. Changes to this Privacy
Notice
MST reserves the right to revise, modify, or
update this notice at any time. We will notify you about material changes in the
way we treat personal information by sending a notice to the primary email
address specified in your particular MST account or by placing a prominent
notice on our site.
15. Contact Us
If you have a privacy concern regarding MST,
or this notice, and if you cannot satisfactorily resolve it through the
Service, you can write to us by email at privacy@mstfirm.com or by mail at:
Attention:
Legal - Privacy
MacMillan, Sobanski & Todd, LLC
One Maritime Plaza, Fifth Floor
720
Water Street
Toledo,
Ohio 43604
If you have an unresolved privacy or
data use concern that we have not addressed satisfactorily, please contact our
U.S.-based third-party dispute resolution provider (free of charge) here. Alternatively, you
may contact your local data protection authority to raise any concerns or
complaints (for example, EU data protection authorities in the EU whose contact
details are available here).
Change Log:
May 25, 2018: Changes were made to this
notice in accordance with the General Data Protection Regulation.