MacMillan, Sobanski & Todd, LLC - Privacy Notice
1. What This Privacy Notice Covers
The purpose of this Privacy Notice is to explain how MacMillan, Sobanski & Todd, LLC, an Ohio corporation ("MST," "we," "us," or "our"), secures, shares, and uses personal information that it collects and receives from you through its websites (www.mstfirm.com; www.mstipmanager.com; www.mstipsolutions.com), website hosting and design services, communication tools, mobile applications, app marketplace, ecommerce tools, and other services (collectively, the “Service”). If you have any questions or concerns regarding this Privacy Notice or our practices, please see the “Contact Us” section below.
For Users Outside the European Union:
For users located outside of the European Union, by submitting any personal information through our website or otherwise through our Service, you agree to the terms of this Privacy Notice and you expressly consent to the collection, use, and disclosure of your personal information in accordance with this Privacy Notice.
For all users:
We may use information shared with us for any legal purpose, including to run and improve our Service, but in each case solely in accordance with applicable law, the scope of your consent to use such information (if applicable) and, where MST acts as a data processor for a data controller, solely on the basis of instructions from such data controller. For example, with respect to some parts of our Service, such as our hosted IP Management software solutions, our user is the data controller and MST is a data processor. As a data processor, MST does not have a direct relationship with the person whose personal information we collect and process at the direction of our user (i.e. the data controller). If you are a customer of one of these users and no longer want to be contacted by that user or want to access and change the personal information we collect and process as a data processor, please contact the user you interacted with directly.
2. What Personal Information Does MST Collect?
MST may collect personal information as further described below through: (a) Personal Information provided by you, (b) Automatically Collected Information, (c) Billing Information, (d) Cookies and Other Tracking Technologies, (e) Third Party Analytics Data, (f) Mobile App-Based Data and (g) Cross-App and Cross-Device Information. We do not collect or use “sensitive consumer information” and do not offer or sell to any third party any data based on sensitive consumer information.
(a) Personal Information provided by you. We collect personal information (e.g., name, email address, phone number, and other information that we can use to identify or contact you as an individual) when you:
· register an account with us;
· sign up or log in to our Service using services such as Facebook, Google+, or other Open ID provider.
· contact our customer support services;
· sign-up as, or are invited to be, a member of an account user’s site;
· enter our promotions, contests, or sweepstakes;
· post content on a MST website or blog;
· post an App review in our App Marketplace
We use this personal information in order to provide you with our Service, to respond to billing inquiries, and keep you updated with news about MST, the Service, and our partners in accordance with your consent preferences as applicable.
(b) Automatically Collected User Information. When you access and use our Service, we automatically collect and store, in log files, your Internet Protocol (IP) address, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, clickstream data, and other user information as part of our Service analytics (individually and collectively, “Automatically Collected Information”). We do not link this Automatically Collected Information to other information we collect about you and such Automatically Collected Information does not directly identify you as a person. However, where you are a resident of the European Union, this may still be deemed to be personal information.
(c) Billing Information. If you sign up for an MST account, register a domain through us, or purchase another paid service, we require your billing information in order to process the transaction. Billing information includes your name, address, telephone number, and other information necessary to process the transaction.
First party cookies
Used to provide basic functionality of our Service, including for authentication and security purposes, configuration, and support.
Third party cookies
Used to enable certain analytics and tracking tools, as well as interest based advertising and chat functionality.
Used to enable certain analytics and tracking tools, interest based advertising, as well as for app configuration, monitoring tools, to pin user session to a specific server, and to prevent cross site request forgery.
Provides functionality of first party cookies and third party cookies across sessions.
You can control the use of certain cookies at the individual browser level or in your operating system preferences. If you opt-out of such cookies, you may still use our Service, but your ability to use some features or areas of our Service may be limited. You can find out more about your rights in relation to cookies and how to control them here: http://www.allaboutcookies.org/ .
If you are located in Europe, for more information about targeted advertising or to opt out of having your browser information used for these purposes, please click here or change your cookie preferences on your browser or device settings. Please note this does not opt you out of being served ads. You will continue to receive generic ads, but these ads will not be targeted to you based on your web browsing experiences.
(e) Third Party Analytics Services. We currently do not use third party analytic services.
(f) Do Not Track. Currently, we do not support Do Not Track or “DNT.” DNT is a preference you set in your web browser to tell visited websites you do not want to be tracked. You can enable or disable DNT through the preferences or settings of your web browser.
(g) Mobile App. When you download and use the Service through our mobile app, we automatically collect information on the type of device you use and operating system version (“Mobile App-Based Data”).
We use mobile analytics software to allow us to better understand the functionality of the Service on your device. This software may record information such as how often you use the application, the events that occur within the application, aggregated usage, content, performance data, and where the application was downloaded from.
We may also send you push notifications from time-to-time in order to update you about events or promotions. If you no longer wish to receive these types of communications, you may turn them off at the device level. To ensure that you receive proper notifications, we need to collect certain information about your device such as operating system and user identification information.
(h) Cross-App and Cross-Device Information. We, our customers, and/or our third party partners may collect information about your activity across multiple unaffiliated third-party mobile applications. This information may also be combined with a mobile identifier and or establish connections among related devices (such as mobile devices and desktop computers). We may share this information with our customers and/or our third party partners for any legal purpose. To opt out of such practices, please see the opt-out information described here (you will need to use this link on each device you use in order to opt out of such practices across all devices).
We, our customers, and/or our third party partners may use technology that establishes connections among related devices (such as mobile devices and desktop computers). This means that information about your use of websites or applications on one of your devices may be combined with information from your other devices.
(i) Sensitive Consumer Information. MST does not collect or use “sensitive consumer information” and does not offer or sell to any third party any data based on sensitive consumer information. For purposes of this Privacy Notice, “Sensitive consumer information” includes social security numbers or other government-issued identifiers, insurance plan numbers, financial account numbers, and precise information about past, present, or potential future health or medical conditions or treatments, including genetic, biometric, genomic and family medical history nor does it include racial or ethnic origin information, information about sexual orientation, criminal records or trade union membership information. MST maintains internal policies and procedures designed to safeguard against the collection or use of such information.
3. How Does MST Use Your Personal Information?
As further described below, MST may use the information it collects from you for any lawful purpose, including, without limitation, for providing products and services, identification and authentication, Service operation, analytics and improvements, support, contact (e.g., sending notifications related to use of the Service), marketing and promotions, research, and anonymous reporting. We may combine Automatically Collected Information with other information we collect about you, in each case that does not directly identify you as a person (but as explained above, may still identify your device or indirectly identify you), to improve site functionality and the services we offer you, and for Service and both internal and external marketing analytics.
In particular, we engage in the following practices with respect to the information and uses described below:
To provide a requested service or carry out a contract with you.
Personal information you provide to us. We use this personal information in order to provide you with our Service, to respond to billing inquiries, and keep you updated with news about MST, the Service, and our partners.
User Site Membership/Registration. When you register, or are invited to register, as a member of a website or application operated by one of our account users, we store and use your information solely to provide administrative services in support of our member feature (such as account set-up and password reset). Please contact the site operator directly to have your registration information removed.
Auto Renewal. If your subscription is auto-renewing, our authorized payment processor will store your payment information on their secure payment gateway for as long as necessary to carry out the terms of your subscription.
Where we have your consent
For users outside the EU: By providing us your email address, you are consenting to us or our partners contacting you via email.
For all users: MST may contact you at any email address you have provided us, including email addresses you have made available on your MST website(s) for:
Debt collection; or
As necessary to service your account or enforce our Terms of Service and policies, applicable law, or any other agreement we may have with you.
If you do not wish to receive such communications, you may change your preference by sending us an email at any time via email@example.com.
Phone Calls and Messages.
For users outside the EU: By providing us your phone number, you are consenting to us or our partners contacting you via autodialed or prerecorded calls/messages and you understand that providing your number is not a condition of purchasing any MST product or service.
For all users: MST may contact you at any telephone number you have provided us, including phone numbers you have made available on your MST website(s) for:
Debt collection; or
As necessary to service your account or enforce our Terms of Service and policies, applicable law, or any other agreement we may have with you or on behalf of your company.
If you do not wish to receive such communications, you may change your preference by sending us an email at any time via firstname.lastname@example.org.
Where we have a legitimate interest
IP addresses, browser and session information. IP addresses, browser and session information may be used to:
Diagnose and prevent service or technology problems reported by our users or engineers that are associated with the IP addresses controlled by a specific web company or ISP.
Estimate the total number of users from specific geographical regions using the Service.
Help determine which users have access privileges to certain content, services, or resources that we offer.
Monitor and prevent fraud and abuse.
Automatically collected user information. We use this personal information to analyze trends in the aggregate and administer the Service.
Cross-App and Cross-Device Information. We, our customers, and/or our third party partners use this in order to deliver advertising that may be more relevant to you, as well as for analytics and reporting purposes.
4. Who does MST share your personal information with?
MST does not share personal information we learn about you from your use of the Service with others except as described in this Privacy Notice and in connection with: (i) the completion of transactions; (ii) research, promotions, sweepstakes and contests; (iii) third party marketing; (iv) a merger or sale; (v) publicly accessible information; (vi) domain registrations; and (vii) other lawful disclosures.
Completion of Transactions. MST may share your personal information on a secured basis where it is necessary to complete a transaction; to operate, improve, or communicate to you about the Service; to detect fraud or compliance with export regulations; or to do something that you have asked us to do. We use other third parties such as payment processors to bill you for goods and services. These third parties are authorized to use your personal information only as necessary to provide these services to us and are prohibited from using your personal information for promotional purposes.
Research, Promotions, Sweepstakes and Contests. From time to time, MST or a partner may sponsor a research panel, promotion, sweepstake, or contest on MST. You may be asked to provide personal information including name, email address, or home address, or to answer questions in order to participate. This information will be used strictly for purposes of the research panel, promotion, sweepstake, or contest administration and fulfillment, as well as for internal business purposes.
Third Party Marketing. MST may share anonymized and/or aggregated information with third parties for their marketing, advertising, promotion, or other uses. In addition, from time to time we may share your personal information with third parties who want to promote goods and/or services that we think would be of interest to you. If you are located in the EU, we will only share your personal information for any marketing purposes where you have consented to this after being provided with information on the concerned third parties or where it is otherwise lawful to do so. If you want us to stop sharing your contact information with third parties, you may notify us via email at email@example.com or the details in the contact us section below.
In the Event of Merger or Sale. As we continue to develop our business, we may also buy or sell all or part of our business. In such transactions, personal information you have shared with us is generally one of the business assets that will be transferred. The transferred personal information will remain subject to the promises made in this privacy notice or subsequent notices to which you have consented. If MST is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our site of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.
Domain Registrations. Please note, standard domain registration shows your personal contact information in the public WHOIS database. You can shield your personal information from public view and help protect yourself against spam, fraud, identity theft, and more by purchasing Private Registration from us.
Lawful disclosure. MST may disclose personal information about you under the following circumstances:
In response to lawful requests by public authorities, including but not limited to national security or law enforcement requests. We may also disclose your personal information as required by law, such as to respond to subpoenas, court orders, or similar legal processes, to establish or exercise our legal rights or, defend against legal claims, or if in our judgment in such circumstances disclosure is required or appropriate.
5. How long does MST retain your personal information?
As further described below, we will retain your information for as long as your account is active or as needed to provide you the Service, but in no event longer than permitted by applicable law.
Notwithstanding the foregoing:
MST uses Automatically Collected Information and Mobile App-Based Data for no more than 13 months.
We maintain stored data for a period of up to 24 months in order to comply with audits, court order or law enforcement inquiries and for the purpose of ensuring that our technology is functioning properly, and preventing fraud across our Service.
After 24 months, all of the stored data is destroyed. Summarized data consisting of aggregated statistical data or other anonymous data may be kept indefinitely.
When determining the relevant retention periods, we will take into account factors including:
our contractual obligations and rights in relation to the personal information involved;
legal obligation(s) under applicable law to retain data for a certain period of time
statute of limitations under applicable law(s)
(potential) disputes, and
guidelines issued by relevant data protection authorities.
Otherwise, we securely erase your information once this is no longer needed.
6. Does MST Transfer Your Personal Information Outside the Country?
Where required, we may transfer your personal information to our servers located outside the country in which you live (In particular, if you are an EU resident, your personal information is automatically transferred to us in the U.S). Laws of other countries on personal information can sometimes be different from those in your country of residence. We will only transfer data where it is lawful to do so. Where your personal information is transferred outside its country of origin, we ensure security measures and appropriate safeguards are put in place to protect your personal information and ensure that all transfers of your personal information comply with applicable data protection law, and are carried out in accordance with MST’s instructions. More information on our Privacy Shield Certification can be found in the Privacy Shield Certification section 14 below. To find out more about how we safeguard your personal information (including obtaining a copy of such safeguards) in relation to transfers outside the EEA, please contact us through our help center or through the details provided in the Contact Us section below.
7. How Does MST Keep Your Personal Information Safe?
We take reasonable steps to put in place appropriate physical, electronic, and procedural safeguards to protect the integrity and security of personal information about you and to prevent unauthorized or unlawful processing of personal information and the accidental loss, destruction, or damage to personal information. These measures include internal reviews of our data collection, storage and processing practices and security measures (Strong password protection and in certain areas industry standard SSL-encryption to protect data transmissions), as well as physical security measures to guard against unauthorized access to systems where we store data.
However, data transmissions over the Internet and methods of electronic storage are not 100% secure. Consequently, we cannot guarantee or warrant the security of any information you transmit to us and you do so at your own risk.
If MST learns of a security systems breach we may attempt to notify you electronically so that you can take appropriate protective steps. We may post a notice on our applicable web sites if a security breach occurs. If this happens, you will need a web browser enabling you to view the applicable web sites. In these circumstances, we may also send an email to you at the email address you have provided to us. Depending on where you live, you may have a legal right to receive notice of a security breach in writing. To receive free written notice of a security breach (or to withdraw your consent from receiving electronic notice) submit a request via email firstname.lastname@example.org.
8. What are your Privacy Rights?
MST as Data Controller. Upon request, we will provide you with information about whether we hold or process your personal information on behalf of third parties. You can contact us via email at email@example.com, and we will respond as soon as possible, but at most within 30 days.
You can request to delete your applicable account by emailing your request to firstname.lastname@example.org; however, some personal information, primarily your contact information, may remain in our records to the extent necessary to protect our legal interests or document compliance with regulatory requirements, in each case solely to the extent permitted by applicable law.
If your personal information changes, or if you no longer wish to use our Service, you may correct, update, or delete such information by submitting a request via email to email@example.com.
MST as Data Processor. MST acknowledges you have the right to access and change the personal information we collect and process as a data processor. An individual who seeks to access or to correct, amend, or delete personal information should direct their request to the MST user who is the data controller, and not to MST directly. If the data controller requests MST remove personal information we will respond within a reasonable timeframe.
Users in the European Union only:
Under EU Regulation 2016/679 of the European Parliament and the Council; the General Data Protection Regulation (“GDPR”), you have a number of rights when it comes to your personal information. Further information and advice about your rights can be obtained from the data protection regulator in your country of residence within the EU. You can exercise any of these rights by contacting us through our help center or the details in the contact us section below:
The right to be informed. You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we’re providing you with the information in this Policy.
The right to rectification. You are entitled to have your information corrected if it is inaccurate or incomplete. You can request that we rectify any errors in personal information that we hold by writing us on the email address below.
The right to erasure. This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there is no compelling reason for us to keep using it. This is not a general right to erasure; there are exceptions.
The right to restrict processing. You have rights to ‘block’ or suppress further use of your information. When processing is restricted, we can still store your information, but may not use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in future.
The right to data portability. You have rights to obtain and reuse your personal data for your own purposes across different services. For example, if you decide to switch to a new provider, this enables you to move, copy or transfer your information easily between our IT systems and theirs safely and securely, without affecting its usability. This is not a general right however and there are exceptions.
The right to object to processing. You have the right to object to certain types of processing, including processing for direct marketing (i.e. receiving emails from us notifying you about other services we provide which we think may be of interest to you or being contacted with varying potential opportunities). You may change your preferences regarding email communications by visiting one of our preference centers listed below.
The right to lodge a complaint. You have the right to lodge a complaint about the way we handle or process your personal data with your national data protection regulator.
The right to withdraw consent. If you have given your consent to anything we do with your personal data (i.e we rely on consent as a legal basis for processing your personal information), you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal data with your consent up to that point is unlawful). You can withdraw your consent to the processing of your personal information at any time.
We usually act on requests and provide information free of charge, but may charge a reasonable fee to cover our administrative costs of providing the information for baseless or excessive/repeated requests, or further copies of the same information. Alternatively, we may be entitled to refuse to act on the request.
Please consider your request responsibly before submitting it. We will respond as soon as we can. Generally, this will be within one month from when we receive your request but, if the request is going to take longer to deal with, we’ll come back to you and let you know.
9. Third Party Features, Services, Links and Apps
Third Party Features, Services, and Apps may also support functions that require that you disclose certain personal information given your choice of participation. This information is collected in many different ways such as: forms, surveys, contests, forums, subscribing or unsubscribing to mailings and correcting or updating personal information and is only used for the purpose in which it was collected. Third Party Features, Services, and Apps may also collect sensitive information, such as financial information (credit card) to process purchases for products or services.
10. Users from the European Economic Area (“EEA”) or the EU
If you are based in a country in the EEA or EU and we hold personal information about you as a data controller, the controller of your personal information is MacMillan, Sobanski & Todd, LLC an Ohio corporation incorporated in Ohio whose principal place of business is located at One Maritime Plaza, Fifth Floor, 720 Water Street, Toledo, Ohio, 43604.
11. Users from California
Under California Civil Code sections 1798.83- 1798.84, California residents are entitled to ask us for a notice identifying the categories of personal information which we share with our affiliates and/or third parties for marketing purposes, and providing contact information for such affiliates and/or third parties. If you are a California resident and would like a copy of this notice, please submit a written request to the following address:
Legal - Privacy
MacMillan, Sobanski & Todd, LLC
One Maritime Plaza, Fifth Floor
720 Water Street
Toledo, Ohio 43604
12. Additional Privacy Information for U.S. Educational Institutions
MST does not collect pupil or educator data for U.S. educational institutions.
13. Privacy Shield Certification
MST plans to participate in and will certify its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework, see https://www.privacyshield.gov/. This policy will be updated to reflect MST’s self-certification on the Privacy Shield List once the Department of Commerce gives notice that the MST’s submission is otherwise complete.
MST is committed to subjecting all personal data received from European Union (“EU”) member countries and Switzerland, respectively, in reliance on the Privacy Shield Frameworks, to the Framework’s applicable Principles. To learn more about the Privacy Shield Frameworks, and to view our certification, visit the U.S. Department of Commerce’s Privacy Shield List.
MST is responsible for the processing of personal data it receives, under the Privacy Shield Framework, and may subsequently transfer data to a third party acting as an agent on its behalf. MST complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, MST is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.
Under certain conditions, as more fully described on the Privacy Shield website, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
14. Changes to this Privacy Notice
MST reserves the right to revise, modify, or update this notice at any time. We will notify you about material changes in the way we treat personal information by sending a notice to the primary email address specified in your particular MST account or by placing a prominent notice on our site.
15. Contact Us
If you have a privacy concern regarding MST, or this notice, and if you cannot satisfactorily resolve it through the Service, you can write to us by email at firstname.lastname@example.org or by mail at:
Legal - Privacy
MacMillan, Sobanski & Todd, LLC
One Maritime Plaza, Fifth Floor
720 Water Street
Toledo, Ohio 43604
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) here. Alternatively, you may contact your local data protection authority to raise any concerns or complaints (for example, EU data protection authorities in the EU whose contact details are available here).
May 25, 2018: Changes were made to this notice in accordance with the General Data Protection Regulation.