Mitratech Holdings, Inc. and ThinkSmart LLC (“Mitratech,” “we,” “us,” “our”) have adopted consistent, globally valid data protection and data security standards for processing the sensitive data of its clients, partners, prospects, and employees in line with globally accepted principles. Mitratech holds responsibilities for protecting the privacy of sensitive data, including any personal information being maintained, against threats posed by unauthorized access or misuse. In addition, Mitratech respects individual privacy and shall handle all sensitive information with care.
This statement undergirds Mitratech’s ability to adapt to a changing global marketplace and forms the basis for long-lasting business relationships built on trust. This statement also sets important basic conditions for the global exchange of data, as it guarantees a reasonable level of data protection for trans-border data flows.
This statement applies to Mitratech Holdings, Inc. as well as associated companies and their employees and covers the following: processing of sensitive data relating to clients, partners, Mitratech employees, and prospects. This includes data relating to prospects, suppliers, and shareholders.
Sensitive Data – any information relating to a person who can be identified, directly or indirectly, by reference to an identifier such as: a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person, or information that reveals race, ethnic origin, sexual orientation, political opinions, religious or philosophical beliefs, or trade union membership, or that concerns an individual’s health. Additionally, this includes any information that is intellectual property or considered confidential to Mitratech, its clients, or third parties.
Data Subject – a natural person whose personal data is processed by a controller or processor.
Data Processor – a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Data Controller – a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data
Consent – any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Personal Information We Collect
The data we collect depends on the context of your interactions with Mitratech, the choices you make, and the products and features you use. The data we collect may include the following:
Website: The information gathered on Mitratech’s website(s) generally includes company names, locations, times and dates of access, and the web pages viewed while visiting. Additionally, information is collected on the search engines and search phrases used to find our website(s). We may also collect the name of Internet Service Providers and the operating system of your computer. Mitratech’s website uses “cookies,” small text files that can be read by a web server in the domain that put the cookie on your hard drive. User registration may be required to access some of the features on our website(s). Upon registration, we require you to provide your name, title, company, e-mail address, and phone number. A Mitratech representative will contact you to set up an account. We may request additional information from you at that time.
Clients, Prospects and Partners: Mitratech collects personal information of its Clients, Prospects and Partners to facilitate sales, marketing, customer support, and related operations essential to Mitratech. This includes contact information such as name, email address, phone number, and similar data. Mitratech also collects information you provide to us and the content of messages you send to us, such as feedback and product reviews you write, or questions and information you provide for customer support. When you contact us, such as for customer support, phone conversations or chat sessions with our representatives may be monitored and recorded.
Use by Children: Mitratech, as a standard practice, does not knowingly or specifically collect, use, or require any information about minors under the age of 18. The website(s) run by Mitratech are not intended for minors under the age of 18. If you believe that we have mistakenly or unintentionally collected such information, please notify us so that we may delete the information from our servers.
How We Use Personal Information
As a policy, Mitratech uses sensitive information only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual. Mitratech takes reasonable steps to ensure that sensitive information is relevant to its intended use, accurate, complete, and current. Mitratech does not provide any of the information we collect to third parties other than to market our products and services.
Website: Mitratech uses the information we collect to identify and contact visitors to our website(s) who are seriously interested in our products and services. Cookies allow us to store user preferences and settings; enable sign-in; provide interest-based advertising; combat fraud; and analyze how our websites and online services are performing.
Applications: Using Mitratech’s Applications, information can be processed on an organization’s own computers or on computers hosted by Mitratech. In the latter case, Mitratech is an Application Service Provider (ASP), however, each client, as the collector, administrator, and user of sensitive information within applications, has primary responsibility for the privacy of that information. Mitratech, as an ASP, may collect application usage data for the purpose of product improvement and support.
Clients, Partners, and Prospects: Mitratech may collect information from Clients, Partners, and Prospects for the purposes of marketing, product support, and other appropriate channels. Mitratech takes reasonable steps to ensure that sensitive information is relevant to its intended use, accurate, complete, and current. Mitratech does not provide any of the information we collect to third parties other than to market our products and services
Transmission of Information
For some business processes, it is necessary to pass on sensitive data relating to clients or partners to third parties. If this does not occur owing to a legal obligation, it must be checked in each instance whether it is in conflict with any interest of the data subject that merits protection. If the recipient is located in a third country, he/she must guarantee an adequate level of data protection in line with this statement. This does not apply if the data transmission is carried out owing to a statutory obligation, or to any other permissible legal obligation. The recipient must be bound under contract only to use the data for the specified purpose.
Transfers to Agents: Mitratech will obtain assurances from their agents that they will safeguard sensitive information consistently with this statement. Examples of appropriate assurances that may be provided by agents include, but are not limited to: a contract obligating the agent to provide at least the same level of protection as is required by the relevant Data Privacy Principles, being subject to the EU General Data Protection Regulation (Regulation (EU) 2016/679), EU-U.S. or Swiss-U.S. Privacy Shield certification by the agent, or being subject to another European Commission adequacy finding. Where Mitratech becomes aware that an agent is using or disclosing sensitive information in a manner contrary to this statement, Mitratech will take reasonable steps to prevent or stop the use or disclosure. Mitratech may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.
International Transfer of Information: Mitratech primarily stores data about clients and visitors to the Mitratech website in the United States. To facilitate Mitratech’s global operations, Mitratech may transfer and access such information from around the world, including from other countries in which Mitratech has operations, such as the United States, United Kingdom, and Australia. A list of the Mitratech’s global offices is available upon request. This statement shall apply even if Mitratech transfers data to other countries.
In the case that data is transmitted to Mitratech by third parties, it must be ensured that the data have been collected lawfully in accordance with the relevant legal provisions, and that the use of such data for the intended data processing activities is permitted.
Notice and Consent
Mitratech will inform individuals about the type(s) of sensitive information it collects, the purposes for which it collects and uses sensitive information, and the types of non-agent third parties to which Mitratech discloses or may disclose information, and the choices and means, if any, Mitratech offers individuals for limiting the use and disclosure of their sensitive information. Notice will be provided in clear and conspicuous language before individuals are first asked to provide sensitive information to Mitratech, or as soon as practicable thereafter, and in any event before Mitratech uses or discloses the information for a purpose other than that for which it was originally collected.
Mitratech will offer individuals the opportunity to choose (opt-out) where their information is to be (a) disclosed to a non-agent third party, or (b) used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. Per the EU General Data Protection Regulation, an opt-in opportunity will be provided to applicable individuals prior to data collection.
Sensitive Personal Information may be processed only under certain conditions. Mitratech will give individuals the opportunity to affirmatively and explicitly (opt-in) consent to the disclosure of any information to a non-agent third party or the use of the information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. Mitratech will provide individuals with reasonable mechanisms to exercise their choices.
Data Processing Limitations
Mitratech will use information only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual, and will take reasonable steps to ensure that sensitive information is relevant to its intended use, accurate, complete, and current.
Before any step is taken to process sensitive data, it must be verified whether and to what extent the processing of said data is necessary in order to achieve the purpose for which it is undertaken. Where the purpose allows and where the expense involved is in proportion with the goal being pursued, anonymized or statistical data must be used. This statement does not apply to statistical analysis or studies based on anonymized data.
Information that is no longer needed for its intended purpose should be deleted in compliance with Mitratech’s existing archival guidelines. Per the EU General Data Protection Regulation, applicable sensitive information may not be collected in advance and stored for potential future purposes unless required under the law of the individual nation.
Information Security and Confidentiality
Upon request, Mitratech will grant data subjects reasonable access to sensitive data that it holds about them, including information about how the data was collected and its purpose(s).
Additionally, Mitratech will take reasonable steps to delete information if the processing of such data has no legal basis, or if the legal basis has ceased to apply. Individuals may also request the correction or amendment of information that is determined to be inaccurate or incomplete, or objection to information processing altogether.
Access and Correction
Mitratech has implemented industry standard security methods, technologies, and processes to safeguard sensitive information from unauthorized access and unlawful processing or disclosure, as well as accidental loss, modification, or destruction. All sensitive information is treated confidential; any unauthorized collection, processing, or use of such data is prohibited. In the context of increasingly flexible company organization, it must be ensured that employees have access to sensitive data on a need-to-know basis only. The need-to-know principle means that employees may have access to sensitive information only as is appropriate for the type and scope of the task in question. This requires a careful breakdown and separation, as well as implementation, of roles and responsibilities.
This statement embodies the internationally accepted principles of data protection and privacy, without replacing existing national laws. It applies in all cases as far as it is not in conflict with the respective national law; additionally, the national law shall apply if it makes greater demands. National law applies in the case that it entails a mandatory deviation from, or exceeds the scope of, this statement for data protection. This statement also applies in countries in which there is no corresponding national legislation in place.
EU GDPR: Mitratech adheres to the EU General Data Protection Regulation as set forth by the European Parliament & Council regarding the processing of personal data and the free movement of such data.
EU-U.S. and Swiss-U.S Privacy Shield: Mitratech adheres to the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. Mitratech has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. The Federal Trade Commission has jurisdiction over Mitratech’s compliance with the Privacy Shield.
If there are any conflicts between the terms in this statement and EU data privacy principles, the principles shall govern.
California Privacy Rights: Under California law, California residents may request once a year, free of charge, certain information regarding our disclosure of personal information to third parties for direct marketing purposes.
Mitratech will investigate and attempt to resolve complaints and disputes regarding the use and disclosure of sensitive information in accordance with the principles contained in this statement. European Union or Swiss individuals with inquiries or complaints regarding their personal information should first contact Mitratech at firstname.lastname@example.org.
Mitratech has further committed to refer unresolved complaints to alternative dispute resolution providers located within Switzerland and the EU. Specifically, the EU Data Protection Authorities (DPA) and the Swiss Federal Data Protection and Information Commissioner (FDPIC). The services of these authorities are provided at no cost to you.
An individual has the possibility, under certain conditions, to invoke binding arbitration for complaints regarding Privacy Shield compliance not resolved by any of the other Privacy Shield mechanisms. To learn more about the Privacy Shield program, please visit https://www.privacyshield.gov/.
This statement will be revised periodically in accordance with industry standards and changes in Mitratech’s operational environment.