MessageGears, LLC (“MessageGears”, “we”, “our”, and “us”) respects and is committed to protecting your privacy. MessageGears provides enterprise marketing automation solutions and other related services (the “Services”) to organizations that have registered with MessageGears to use the Services (“Customers”).
Our Contact Information:
1360 Peachtree Street NE
Atlanta, GA 30309
Telephone: (888) 352-0886
This Privacy Notice explains what personal data we collect about you, how it is used, and with whom it is shared, and the choices you can make and rights you can exercise in relation to your personal data. This Privacy Notice applies to our website and all personal data we directly receive or collect from you in the course of doing business. We recommend that you carefully review this Privacy Notice before providing us with your personal data.
This Privacy Notice addresses the following topics:
Data We Collect
Data You Provide to Us
Data We Automatically Collect
Data We Process On Behalf of Customers
Data We Collect From Third Party Sources
How We Use Your Data
How We Share Your Personal Data
Legal Basis for Processing Personal Data
International Data Transfers
Choosing Your Privacy Preferences and Exercising Your Rights
How We Keep you Data Secure
Direct Marketing and Do Not Track Signals
Changes To Our Privacy Notice
For the purposes of applicable data protection laws, MessageGears is the controller of the personal data you provide directly to us. As the controller, we process personal data in accordance with this Privacy Notice. This Privacy Notice does not apply to personal data that our Customers collect or receive. In such cases, we are acting as a data processor. It is the Customer who will remain responsible for the handling of personal data that the Customer collects and for compliance with any applicable data protection and/or privacy laws. You should refer to the Customer’s privacy notice for more information on the Customer’s privacy practices.
This Privacy Notice also does not apply to third-party websites or social media features that may be accessed through links that we provide for your convenience and information. Accessing those links will cause you to leave MessageGears’ website and may result in the collection or sharing of personal data about you by a third party. We do not control, endorse or make any representations about those third party websites or their privacy practices, which may differ from ours. We encourage you to review the privacy notice of any site you interact with before allowing the collection and use of your personal data.
Data We Collect
As used in this Privacy Notice, “personal data” is any information that personally identifies you or from which you could be identified either directly or indirectly. The personal data that we may collect from or about you depends on the interaction, but broadly falls into the following categories:
Data You Provide to Us: You may provide us with personal data when you sign up for events (e.g., through Eventbrite) or interact with our website, emails you receive from us, other advertisements or marketing communications or interact with us in-person interactions at trade or industry events. For example, when you request more information or a demo, you will be asked to provide your name, email address, company name, and work phone. We will need your name and email to sign up for webinars and access publications.
You may provide personal data through use of our Services such as when you sign up for the Services, work with our customer success team, or submit a support ticket. When you set up an account, you may be asked to provide certain basic personal data such as your name, email address, username, password, company name, occupation, phone number, billing and shipping address, billing / payment instruction details.
The personal data collected may include your IP address, your operating system, your device ID, your browsing activities (such as what pages are viewed), and other information about your system and connection.
We also collect data regarding the performance of the Services. This information allows us to improve the content and operation of the Services, and facilitate research and analysis of the Services.
Data We Process On Behalf of Customers: Customers may also upload personal data to the MessageGears platform which we will process as a data processor on our Customer’s behalf. When automating marketing campaigns for Customers, we will act as a processor and only process any personal data on our Customer’s behalf and pursuant to written instructions.
Data We Collect From Third Party Sources: Third Parties are used to enrich contact information and provide external analysis of services MessageGears provides. Enriched contact information includes completing contact profiles for improved relevancy and targeting of communications. We use certain third parties to assist our Customers in rendering emails prior to sending that may use personal data provided by such Customers in connection with those services. Third parties assist in simulating experiences end user’s will receive through our service delivery.
How We Use Your Data
We may use the personal data we collect for a range of reasons and examples include:
- Marketing. Sending you information for marketing purposes (in accordance with your marketing preferences).
- Advertising. Combining personal data with other information we obtain about you for advertising or targeting purposes.
- Customer Support. Sending Customers updates about our Services, communicating with Customers about their account, and providing Customer support.
- Transaction Support. Assisting you in completing orders of our Services, administering your account, and processing payments.
- Assist Customers. Fulfilling our Customers’ specific directions in connection with a Service we are providing on behalf of our Customers.
- Security and Technical Fixes. Protecting the security and integrity of the website and our Services, and correcting technical problems and malfunctions in how the website operates or processes visitors’ information.
- Product Improvement. Compiling aggregated statistics about the operation and use of our Services to improve our Services.
- Compliance with Law. Complying with applicable laws, regulations, court orders, government and law enforcement requests, operating our services and products properly, protecting ourselves, and solving any disputes with Customers.
- Administrative Communications. Communications required by law or in connection with a merger, consolidation or sale of all or substantially all of the stock or assets of one or more of our businesses.
How We Share Your Personal Data
- Marketing and Advertising Operations. We may share your name, email, phone number, public social media profile and cookies with third parties for marketing and advertising (for example, Facebook, Inc.) so that they can assist us in promoting our services to current and future customers through targeted advertisements and lookalike audiences. Any personal information pertaining to your mobile number will not be used for other commercial purposes and will not be sold, rented, leased or forwarded to any third party.
- Sharing with Customers. If you are a customer of a Customer, we will share your personal data with the Customer to fulfill your request any request to not receive further communications from our Customer or from us.
- Law Enforcement, Government or Regulatory Bodies or Lawful Authorities. We may disclose personal data to comply with laws, regulations or other legal obligations, to assist in an investigation, to protect and defend our rights and property, or the rights or safety of third parties, to enforce this Privacy Notice or agreement with third parties, or for crime-prevention purposes.
- Change in Control or Sale. We can also share your personal data as part of a sale, merger or change in control, or in preparation for any of these events. Any other entity which buys us or part of our business will have the right to continue to use your personal data, but only in the manner set out in this Privacy Notice unless you agree otherwise.
Legal Basis For Processing Personal Data
We will only collect and process personal data about you where we have a legal basis. Legal bases include consent (where you have given consent), contract (where processing is necessary for entering into or the performance of a contract with you), and “legitimate interests”.
Where we process personal data based on consent, we will ask for your explicit consent. You may withdraw your consent at any time, but that will not affect the lawfulness of the processing of your personal data prior to such withdrawal. Where we rely on contract, we will ask that you agree to the processing of personal data that is necessary for entering into or the performance of your contract with us or the Customer.
We may process your personal data for the purposes of our legitimate interests, provided that such processing does not outweigh your rights and freedoms. Where we rely on legitimate interests, you have the right to object. We process your personal data based on legitimate interests in order to:
- Market our Services;
- Protect you, us, or others from security threats;
- Comply with laws that apply to us;
- Enable or administer our business, such as for invoicing Customers and platform maintenance; and
- Understand and improve our business or customer relationships generally.
International Data Transfers
Our servers operate in the United States and Europe and our offices are located in the United States, so your personal data may be transferred to, stored, or processed in the United States. We will rely on legally-provided mechanisms to lawfully transfer personal data across borders.
In many cases, we will use European Commission-approved Standard Contractual Clauses as a legal mechanism for data transfers from the EU. You can find more information about Standard Contractual Clauses here on the European Commission website. These clauses are contractual commitments between companies transferring personal data, binding them to protect the privacy and security of the data.
Choosing Your Privacy Preferences And Exercising Your Rights
You can opt out of receiving marketing emails from us at any time. You can opt out of our marketing emails by clicking the “unsubscribe” link at the bottom of our marketing messages. Opt-out requests can also be made by emailing us using the contact details provided under the “Contact Information” heading above. Please note that it may take up to 10 calendar days to remove your contact information from our marketing communications lists, so you may receive correspondence from us for a short time after you make your request.
Please note that some Customer communications (such as billing information) are considered transactional and necessary for account management and you cannot opt out of these messages unless you cancel your Services.
By contacting us using the contact details provided under the “Contact Information” heading above, for personal data that we have about you when we act as a controller, you can:
- Access Your Data. You can ask us for a copy of your personal data.
- Correct or Update Your Personal Data. You can also ask us to change, update, or fix your personal data. Using the contact details provided under the “Contact Information” heading above, if you are an EEA resident, for personal data that we have about you can also:
- Deletion. You can ask us to erase or delete all or some of your personal data (e.g., if it is no longer necessary to provide Services to you).
- Object to, or Limit or Restrict, Use of Data. You can ask us to stop using all or some of your personal data (e.g., if we have no legal right to keep using it) or to limit our use of it (e.g., if your personal data is inaccurate or unlawfully held).
- Take Your Data. You can ask us for a copy of your personal data provided in a machine readable form.
If you are a customer of one of our Customers, you should send the requests above to the applicable Customer.
If we have collected and processed your personal data with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal data conducted in reliance on lawful processing grounds other than consent.
You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority. (Contact details for data protection authorities in the EEA and Switzerland are available here.)
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. We may ask you to verify your identity in order to help us respond efficiently to your request.
Data Retention Policy
This policy covers all data collected by MessageGears and stored on MessageGears owned or leased systems and media, regardless of location. It applies to data collected and held electronically. The need to retain certain information may be mandated by federal or local law, federal regulations, and legitimate business purposes, as well as the EU General Data Protection Regulation (GDPR).
MessageGears shall retain data as long as the company has a need for its use in effectively conducting its program activities, or to meet contractual or legal requirements. Once data is no longer needed, it shall be securely archived or deleted depending on the applicable legal or contractual requirements.
If not expressly determined within MessageGears, data owners, in consultation with legal counsel, may determine retention periods for the data. Retention periods shall be documented in the Data Retention Matrix below.
MessageGears seeks to avoid duplication in data storage whenever possible, though there may be instances in which for programmatic or other business reasons it is necessary for data to be held in more than one place. This policy applies to all data in MessageGears’s possession, including duplicate copies of data.Policy Compliance
MessageGears will regularly measure and verify compliance to this policy through various methods, including but not limited to, business tool reports, and both internal and external audits.
Data destruction ensures that MessageGears manages the data it controls and processes it in an efficient and responsible manner. When the retention period for the data as outlined in the Data Retention Matrix expires, MessageGears will actively destroy the data covered by this policy. If a MessageGears employee believes that there exists a legitimate business reason why certain data should not be destroyed at the end of a retention period, he or she should identify this data to his or her supervisor and provide information as to why the data should not be destroyed. Any exceptions to this data retention policy must be approved by MessageGears’s Chief Technology Officer in consultation with legal counsel. In rare circumstances, a litigation hold may be issued by legal counsel prohibiting the destruction of certain documents. A litigation hold remains in effect until released by legal counsel and prohibits the destruction of data subject to the hold.
Information Request Protocol
When the data subject requests any and all information MessageGears stores related directly to the data subject, MessageGears will comply with the request via email within 30 days of acknowledging the receipt of the request. The data owner(s) will collect any and all information regarding the data subject and submit the data to him or her.
An information request may be submitted by filling out this form on the MessageGears website.
Right to be Forgotten Protocol
When the data subject requests any and all information MessageGears stores related directly to the data subject to be erased, MessageGears will comply with the request within 30 days of acknowledging the receipt of the request via email. The data owner(s) will collect any and all information regarding the data subject and permanently delete the data from all MessageGears systems and applications. Confirmation of the deletion will be sent to the data subject via email.
A right to be forgotten request may be submitted by filling out this form on the MessageGears website.
How We Keep You Data Secure
MessageGears utilizes reasonable and appropriate protections to ensure that personal data in our care is not misused or accessed without authorization. Personal data is stored on our own platforms or on the platforms of our agents/contractors, with access restricted to those employees or contractors who have a need for such access to perform a legitimate business function relating to the services or for maintenance, internal security or related issues. All personal data is encrypted during all data transfer operations to and from our Service. Moreover, we generate audit logs that record all access and use of personal data stored in our databases. Any contractor whom we retain to provide services for us and who will have access to personal data must generally agree to abide by the terms of this Privacy Notice.
We do not knowingly collect any personally identifiable information from children under 16 years old through the website. However, if the parent or guardian of a child under 16 believes that the child has provided us with personal data, the parent or guardian of that child should contact us using the contact details provided under the “Contact Information” heading above if they want this information deleted from our files. If we obtain knowledge that we have personal data about a child under 16 in retrievable form in our files, we will delete that information from our existing files. In addition, anyone under 16 years old should seek their parent’s or guardian’s permission prior to using or disclosing any personal information on the website.
Direct Marketing And Do Not Track Signals
We currently do not share personal data with third parties for their direct marketing purposes without your permission.
California and Delaware laws require that we indicate whether we honor “Do Not Track” settings in your browser concerning targeted advertising. “Do Not Track” is a standard that is currently under development. As it is not yet finalized, we adhere to the standards set out in this Privacy Notice and do not monitor or follow any Do Not Track browser requests.
Changes To Our Privacy Notice
If we modify our Privacy Notice, we will post the revised statement here, with an updated revision date. All such updates and amendments are effective immediately upon notice thereof, which we may give by any means, including, but not limited to, posting a revised version of this Privacy Notice on our website or presenting a pop-up notification. You should view this Privacy Notice often to stay informed of changes that may affect you.
Last Updated: January 19, 2024