VIDORA PRIVACY POLICY
Last Updated: August 16, 2022
Vidora, LLC (“we”, “us”, “our” or “Vidora”) is a wholly owned subsidiary of mParticle, Inc. (“mParticle”). We offer a machine learning platform and service that enables our customers to more effectively process their customer data. At Vidora, we are committed to protecting your data.
Vidora collects personal data in the course of our business. The definitions of personal data vary depending on the laws where you are located. For example, in the European Union (EU), personal data is defined broadly, and would include data that may be used to contact or identify a person (e.g., email, telephone number), as well as pseudonymous data that is generally only able to identify a computer, browser or a mobile device. The state of California has also adopted a broad definition of personal information. We will explain the different types of personal data below, and will try to be clear when we’re describing our use of each throughout this Privacy Policy (this “Policy”).
The purpose of this Policy is to explain how information:
- is collected on www.vidora.com and app.vidora.com (our “Sites”) and used and processed by Vidora;
- is collected from our customers and prospective customers (our “Customers”); and
- is collected, used and disclosed via our technology platform (the “Platform”) and to provide Customers with the services we offer (our “Services”).
Our objective is to give you a clear explanation about how we collect and process your information through your use of our Sites, Platform and Services, including any data you may provide through our Sites and when you sign up to our newsletters, register for an event or ask us to get in touch with you.
It is important that you read this Policy together with any other notices we may provide on specific occasions when we are collecting or processing information about you, so that you are aware of how and why we are using your information. This Policy supplements our other policies and is not intended to override them.
If you have any questions, please contact our Data Protection Officer using the contact details at the end of this Policy.
Information we collect via our Sites and in the course of running our business
Our Sites are primarily directed to our Customers, companies that provide services to us (our “Vendors”) and companies that we partner with on things like industry events (our “Partners”) and current and prospective employees. Customers, Vendors and Partners are generally businesses. We collect personal data via the Sites that can be used to identify or contact a unique person (“PII”). We generally will only collect PII via the Sites when you provide it directly to us.
For example, you may provide PII such as an email address or a telephone number by sending us an email or filling out a form on the Site. Prospective employees may also send their resume that includes their postal address and other employment details.
If you fail to provide PII
Where we need to collect PII by law, or under the terms of a contract we have with you and you fail to provide that information when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with more information about an event). In this case, we may have to cancel a product or service you have in place with us, but we will notify you if this is the case at the time.
Information you provide to us
When you sign up to our newsletters, request marketing materials, register for an event or sign into the Platform, we will store the PII you give to us, such as your name and email address.
Automated technologies or interactions
When you visit our Sites, some information is automatically collected. This may include information such as the Operating System running on your device, Internet Protocol address, access times, browser type and language, and the website you visited before visiting our Sites. In many jurisdictions, this type of pseudonymous information is considered personal data.
We automatically collect information using “cookies” and Web beacons via the Sites. Cookies are small data files stored on your hard drive by a website and web beacons are electronic images that may be used on our Sites or in our emails. Among other things, cookies help us improve our Sites, our marketing activities, and your experience. We use cookies to see which areas and features are popular and to count visits to our Sites. Most Web browsers are set to accept cookies by default. If you prefer, you can choose to set your browser to remove cookies and / or to reject cookies. If you choose to remove cookies or reject cookies, this could affect certain features of our Site. For more information about cookies and web beacons, please visit http://www.allaboutcookies.org.
Vidora does not take action in response to “Do Not Track” browser signals from users in connection with the Sites.
Vidora’s Platform and Services
Overview of the Vidora Platform and Services
The Vidora Platform and Services are designed to allow our Customers to better understand how their customers, prospective customers, and other individuals (their “Users”) utilize the products and services offered by our Customers. Vidora operates the Platform and provides the Services as a service provider and data processor with respect to each Customers’s data. We are contractually required to only process data as directed by our Customers and for no other purpose.
Vidora Customers use Vidora’s Platform and Services to obtain information regarding how their Users interact with their web pages. This allows Vidora’s Customers to evaluate and, if necessary or beneficial, modify its website to improve the functions of its website, the design of its website (including how content and advertisements are displayed), and make it easier and more valuable for Users to use.
The data Vidora collects via the Platform and Services may include customized data that varies from Customer to Customer but typically includes information about Users’ activities on the Customer’s website, such as how Users navigate around a web page and the most commonly clicked links on a specific web page.
Vidora Customers use customized and proprietary JavaScript tracking code provided by Vidora to collect and transmit User Information to Vidora’s servers. When a User visits a website that uses Vidora’s Services, this code contacts Vidora’s servers and enables Vidora to collect and analyze the User’s activity while visiting our Customer’s website. This information is then stored on Vidora’s web servers and databases for use in performing analysis and producing reports for the Vidora Customer.
Data Collected via the Vidora Platform and Services
The Vidora Platform and Services generally collect pseudonymous personal data, such as:
- Browser Information
- Operating System Information
- Mobile Device Information (e.g., your unique device identifier, mobile operating system, other similar information)
- IP Address
- Page Accessed
- Geographic Location
- Time of Visit
- Referring Site, Application, or Service
Vidora’s Platform and Services are not designed to collect identifiable personal data such as your name, address or phone number. However, please be aware that Vidora may enable its Customers to provide it with customized data that may, depending on the choices of the Customer, contain identifiable personal data (i.e., PII).
Vidora’s Disclosure of User Information via the Platform
Vidora acts as a data processor of the data that goes through our Platform and Services and therefore only processes that data as directed by our Customers. As such, Vidora does not sell data or share any data processed via the Platform and Services except as directed by our Customers.
Use of Cookies for the Platform and Services
It is Vidora’s policy to use first-party cookies (small text files that Vidora stores locally on your computer) on Customer websites in connection with the Platform and Services. Such cookies are used for one or more of the following purposes: to help identify users; assess usage patterns and perform traffic analysis; identify preferences; diagnose problems with our servers; analyze trends; and otherwise administer Vidora’s Service. Cookies placed by Vidora on the computers of Users of its Customers’ websites do not include PII such as name, phone number, e-mail address or mailing address, and Vidora does not link cookies to such PII in its servers or databases.
Customer Information
When individuals or companies register to use the Vidora Platform and Services, register to use a trial version of Vidora, or request additional information about Vidora, Vidora may require PII, such as name, e-mail mailing address, phone number, and/or website to be tracked, to process the registration or request (“Customer Information“). When a Customer registers for the Vidora Service, some of these pieces of information may be temporarily stored in encrypted format in a session cookie (but are never stored or linked to a permanent cookie). Vidora may use this information to process and fulfill your request, register your account, check your qualifications for registration and/or to bill you for products and services.
Vidora may also use PII you submit to us to provide Vidora’s products and services, personalize and tailor your experience on Vidora, operate our business, understand how Customers are engaging with Vidora, request additional information necessary to process or fulfill your order; determine if you are satisfied with the Vidora service; inform you that an upgrade is available; or to contact you with information about Vidora, including information about new or existing products and services or special offers. For example, we may periodically send promotional materials or notifications related to our products and services to the email address associated with your account.
Additional Privacy Consideration for Vidora
Sharing of information, onward transfer
Vidora may process and store information in the United States, Australia and the European Economic Area. By using our Platform as a Customer or visiting our Sites, you consent to this transfer of your information into the U.S. and Australia. Our Customers require a valid data transfer mechanism such as the Standard Contractual Clauses to address cross-border transfers of EU personal data via the Platform.
There are certain circumstances under which we may disclose your information to third parties. These are as follows:
We may share your information with certain third-parties as specified below:
- With third-party Vendors who work on our behalf as sub-processors, provided such third parties agree to adhere to the same privacy principles as Vidora;
- With Partners, such as companies that we think offer complementary services as Vidora, provided such Partners agree to adhere to the same privacy principles as Vidora (e.g., marketing events at industry trade shows) where we have your permission;
- Our Customers may request that we send their data to integration partners; however –please note that each Customer determines which integration partners to use (if any) and what data gets transferred subject to each Customer’s privacy policy;
- To protect the rights and property of Vidora, our agents, employees, Partners, Vendors, Customers, and others including enforcement of our agreements, policies, and terms of use;
- In an emergency, including protection of the personal safety of any person;
- For the purposes of a business deal (or negotiation of a business deal) involving sale or transfer of all or a part of our business or assets (business deals may include, for example, any merger, financing, acquisition, divestiture, or bankruptcy transaction or proceeding); and/or
- As required in response to a lawful request by public authorities, including meeting of national security or law enforcement requirements.
This Policy does not cover the practices of any websites we do not own or control. To learn about those third parties’ privacy practices, please visit their privacy policies.
As of the date set forth above, mParticle, Vidora and Indicative, Inc., a wholly owned subsidiary of mParticle (“Indicative”), have separate Privacy Policies. The Privacy Policy for the mParticle service can be found here and the Privacy Policy for the Indicative service can be found here.
We do not sell PII collected via the Sites or collected pursuant to our sales and marketing activities to third parties for any purpose.
Security
We take reasonable steps to help protect your information in an effort to prevent loss, misuse, unauthorized access, disclosure, alteration, and destruction. We have put in place appropriate safeguards (both in terms of our procedures and the technology we use) to keep your information as secure as possible. We will ensure that any third parties we use for processing your information do the same and that they will only process your information on our instructions. The third parties will also be subject to a duty of confidentiality.
It is your responsibility to protect your usernames and passwords to help prevent anyone from accessing or abusing your accounts and services. You should not use or reuse the same passwords you use with other accounts as your password for our services. No security or encryption method can be guaranteed to protect information from hackers or human error. Information we collect may be stored or processed on computers located in any country where we do business.
Data Retention
Sites and general business operations: We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Customer Data: Vidora retains Customer data for so long as you remain a Customer and will delete data within 12 months (or sooner as directed by the Customer) of either party’s termination of applicable Customer agreement upon written request.
Platform Data: We retain User level data on the Platform as directed by our Customers and for a reasonable time thereafter for audit purposes and as otherwise required by law.
California Data Subjects
The California Consumer Privacy Act (CCPA) provides additional privacy protections for California consumers, including: (a) the right to see what data we have about you, your computer or device (i.e., the right to know), (b) the right to delete the data we have about you, your computer or device (i.e., the right to delete) and (c) the right to opt-out of the sale to certain third parties (i.e., the right to opt-out from sales of your information). Vidora uses the same process to honor CCPA rights of access and deletion that we use for GDPR rights for EU and Swiss data subjects. That process is described below.
We do not discriminate against you if you exercise any of the above rights. Moreover, we may not be able to honor a right if doing so would violate applicable law. Vidora may transfer data to third parties pursuant to operating our Sites and as such are considered to have sold data over the past twelve months pursuant to the CCPA. We do not sell data via our Platform.
Under the CCPA, your request to see the personal information that we have about you may include: (1) specific pieces of personal information that we may have about you; (2) categories of personal information we have collected about you; (3) categories of sources from which the personal information is collected; (4) categories of personal information that we sold or disclosed for a business purpose about you; (5) categories of third parties to whom the personal information was sold or disclosed for a business purpose under the CCPA; and (6) the business or commercial purpose for collecting or selling personal information. Please note that in 2021, Vidora did not receive any requests to know, to delete or requests to opt-out from California consumers.
As required by the CCPA, you may make an access or deletion request via an authorized agent by having such agent follow the process below. Please note that we will request any authorized agent demonstrate that they have been authorized by you to make a request on your behalf. And we will attempt to verify your request. We require any authorized agents to provide us with contact details such as an email address and phone number so that we may ensure a timely response to the consumer.
Individuals who have provided information directly to one of Vidora’s Customers must send follow-up requests to access or delete such information to that particular Vidora Customer.
If you have any questions, or to make a CCPA access or deletion request, please contact Vidora at privacy@mparticle.com, via the toll-free number at (888) 441-2022 or via the postal addresses at the bottom of this policy.
EU, UK, Brazil and Swiss Individuals
Vidora acknowledges that EU, UK, Swiss and Brazil individuals have certain legal rights including the right to complain to a local supervisory authority (e.g., the ICO in the UK) and the right to access the personal data that we maintain about them. An EU, UK or Swiss individual who seeks access, or who seeks to correct, amend, or delete inaccurate data, should direct their query to privacy@mparticle.com. If requested to remove data, we will respond within the legally mandated time. In the EEA, mP responds within 30 days. Please note that Vidora is a processor of the data contained on the Platform. If you seek to exercise data subject access rights for data processed via the Platform, we ask that you reach out to that particular Vidora Customer.
Under these circumstances, you have rights under data protection laws in relation to your personal data, as follows:
a) Request access to your personal data
You have a right to request a copy of the personal data that we hold about you. Please use the contact details at the end of this Policy if you would like to exercise this right, or any of the rights listed below. If you are a European resident and consider our use of your personal data to be unlawful, you have the right to lodge a complaint with the relevant supervisory authority.
b) Request correction of your personal data
You have the right to request that we correct the personal data we hold about you, although we may need to verify the accuracy of the new information you provide to us as well as possibly your identity, depending upon your request.
c) Request erasure of your personal data
You have the right to request that we delete or remove personal data where there is no good reason for us continuing to process it. Please note that we may not always be able to comply with your request for erasure if there are specific legal reasons, which will be notified to you at the time of your request.
d) Object to processing of your personal data
You have the right to object to the processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
e) Request restriction of processing your personal data
You have the right to request that we suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
f) Request transfer of your personal data
You have the right to request that the personal data we hold about you is transferred to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Please note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
g) Right to withdraw consent
In circumstances where we are relying on your consent to process your personal data, you have the right to withdraw your consent at any time. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent. Please also note the following:
No fee usually required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, under EU law, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond
We try to respond to all legitimate requests within one month unless a shorter time period is required by applicable law. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Access to your personal data
If you are a Vidora Customer, you can contact your customer service contact within Vidora to see what information we have stored, such as your name, email, address or phone number. You can also contact us by email to request to see this information.
If you are a job applicant or a Vendor or Partner of Vidora and have provided this kind of information, you can also contact us via e-mail to request to see the information we have in our systems.
Your information choices
You may opt out of receiving promotional emails from Vidora by following the instructions in those emails. If you opt out, we may still send you non-promotional emails, such as emails about your Vidora projects or our ongoing business relationship. An individual wishing to limit the use or sharing of their data should contact email privacy@mparticle.com.
Individuals who have provided information directly to one of Vidora’s Customers must send follow-up requests to change or delete such information to that particular Vidora Customer.
Notification of changes to our privacy policy
Vidora may change this Policy from time to time. If we make any changes to this Policy, we will change the “Last Updated” date above. You agree that your continued use of our Sites and/or Services after such changes to our privacy practice have been published will constitute your acceptance of such revised Policy. Please visit this section of our Site periodically in order to keep up to date with changes in our privacy policy.
Questions and Contact Information for Vidora
Please get in touch with us if you have any questions about any aspect of this Policy, and in particular if you would like to object to any processing of your personal data that we carry out for our legitimate organizational interests.
Please also contact us if you have any questions about the information we hold about you, or to change your contact preferences with us:
Email us: privacy@mparticle.com
Postal mail: mParticle, Inc., 257 Park Avenue South, Floor 9, New York, NY 10010
Our data protection officer is Aurélie Pols, she may be contacted at dpo@mparticle.com.
EU Data Subjects
EU Data Subjects may contact the mParticle Representative in the EU, ePrivacy
UK Data Subjects
UK Data Subjects may contact the mParticle Representative in the UK, Karen Gallantry.
Karen Gallantry, Secretary
mParticle, UK Ltd.
2 Riding House St #704
Marylebone
London 2127FA
United Kingdom
UKRepresentative@mparticle.com