Last Updated: January 13, 2021
Effective: January 20, 2021
Types of Data We Collect
How We Use and Process Your Personal Data
How We Share Your Personal Data
Access, Integrity, Choice & Deletion
How We Protect Your Personal Information
How You Can Contact Us
Transmission to Other Countries
Third Party Apps & Websites
Cookies & Clear Gifs
Changes to policy
Appendix A: California Information Sharing Disclosure
Types of Data We Collect
We may collect personal information: from you (for example, when you order a product or service, fill out a form, contact us, register an account, apply for a job, or sign up for a newsletter); from your employer; from publicly available information; and by automated means when you visit or use our products or services on any Sites or interact with online advertisements we place.
The following provides examples of the type of information we collect from you and how we use that information:
Account Registration – We may collect your name and contact information when you create an account. We also collect information relating to the actions that you perform while logged into your account. We have a legitimate interest in providing account related functionalities to our users. Accounts can be used to track orders or to track support tickets.
Audio and Video Recordings – We may collect audio and video information that you submit, that is captured through our surveillance cameras on our property, or that is captured during support calls. Our use of recordings submitted by you is based on your consent. We have a legitimate interest in ensuring the security of our properties and quality of our products and services.
Client Information – We collect the name and contact information of our clients and their employees with whom we may interact. We may process this information to perform our contract with the client. We also have a legitimate interest in contacting our clients and communicating with them concerning normal business administration such as projects, services, and billing.
Customer Support/Feedback – If you provide us feedback or contact us for support we will collect your name and e-mail address, as well as any other content that you send to us, in order to reply. If you contact us for customer support, we also may ask you to provide information about your computer or about the issues you are trying to resolve. We have a legitimate interest in receiving, and acting upon, your feedback or issues. In some circumstances, we may process this information in order to perform our contract with you.
Distance Information – When you use our Sites or mobile applications, we may collect your location from the GPS, Wi-Fi, and/or cellular technology in your device to determine your location. We have a legitimate interest in understanding our users and providing tailored services. In some contexts, our use is also based upon your consent to provide us with geo location information.
Web Interactions – When you use our Sites and any services provided through the Sites, we may automatically collect information, using cookies and similar technologies, such as:
- your browser type and operating system;
- site pages you view;
- links you click;
- your IP address;
- the location from which you access our website;
- the date and time of your visit to our website;
- your internet service provider;
- the website you visited before coming to our Site;
- the number of links you click within the site;
- the pages you viewed on the site;
- certain searches/queries that you conducted via our product(s) and/or website(s); and
- mobile device identifiers such as IMEI and Device ID.
We have a legitimate interest in making our website operate effectively, monitoring our networks, and monitoring the visitors to our websites. Where required by law, we base the use of third-party cookies and similar tracking technology upon consent.
Mobile Devices – For users of our mobile applications, we may use mobile analytics software. This software may record information such as how often you use the application, the events that occur within the application, aggregated usage, performance data, and where the application was downloaded from. We have a legitimate interest in identifying unique visitors, and in understanding how users interact with us on their mobile devices.
Newsletters – When you sign up for one of our mailing lists we collect your email address or postal address. If you receive a newsletter from us, we may use certain tools to capture data related to when you open our message, click on any links or banners it contains and make purchases. We have a legitimate interest in sharing information about our products or services and understanding how you interact with our communications to you. In certain circumstances, our collection of information is based on your consent.
Online Message Board – If you use message boards provided by us or others, any information you submit may be collected and used by others. We are not obligated to monitor these public message boards, and we take no responsibility for the security or confidentiality of any information posted on such boards. Our use of your information provided to message boards is based upon your consent.
Order Placement – We collect your name, billing address, shipping address, e-mail address, phone number, and credit card number when you place an order. We use your information to perform our contract to provide you with products or services.
Employment – If you apply for a job posting, or become an employee, we will collect personal information necessary to process your application or perform our contract of employment. This may include, among other things, your tax identification number, birth date, or, in some countries, your religion. We may collect your education or employment history to evaluate you for a position or your bank or credit account information to pay or reimburse you. In some locations, we may have collected an algorithm from a fingertip scan or we may have collected biometric or similar information to perform our employment contract. Employee use of company systems also may be monitored for security purposes. We also may have video cameras at a location for security purposes.
We use information about current employees to perform our contract of employment, or the anticipation of a contract of employment with you. In some contexts, we are also required by law to collect information about our employees. We also have a legitimate interest in using your information to have efficient staffing and workforce operations.
How We Use and Process Your Personal Data
In addition to those purposes outlined above, the Company may collect your personal information for a variety of reasons.
The information we collect in usage or web server logs helps us: administer the Sites you visit; analyze Site usage; assist us with the products and services you buy; protect the Sites and their content from inappropriate use; and improve the user’s experience.
We may use your personal information for our internal business purposes, which could include, for example, to complete a transaction with you. We also may use this information to contact you for various other business reasons, such as to:
- market our products and services to you or send a newsletter;
- set up your user account;
- contact you on behalf of our affiliated companies or external business partners about an offering that may interest you;
- ask you about your experience with our company, the Sites, or our products and services;
- protect against or identify possible fraudulent transactions;
- determine the effectiveness of our advertising;
- allow you to register for MiTek University; and
- administer the Sites, to assess the traffic to our Sites, to maintain and improve the Sites and our services, and to analyze trends in the aggregate.
We may also use statistics regarding Site and product usage for product development and enhancement purposes.
When you post an ad on our Site for machinery that you wish to sell, we may ask you for contact information (such as name and email address) so you can be contacted through the Site regarding your ad.
We draw inferences from the personal information we collect, and we use such inferences for the same purposes as the purposes for which the information was collected.
When you use our Sites and otherwise provide us personal information, you acknowledge and agree that we will use that information for our business and legal purposes as outlined above.
How We Share Your Personal Data
If another company acquires, or plans to acquire, our company, business, or our assets, we will share information with that company, including at the negotiation stage.
We also may disclose personal information as necessary to comply with the law, such as to comply with a subpoena or other legal process, or when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
In some instances, job application information may be collected on our behalf by our contracted third-party administrator(s), who are permitted to process the information you provide only for purposes of providing services to us.
We may ask if you would like us to share your information with other unaffiliated third parties who are not described elsewhere in this policy.
Access, Integrity, Choice & Deletion
If we collect or use your personal information, we want that information to be reliable, accurate, complete, timely, and relevant to its intended use. To accomplish this, we provide individuals with the ability to access their data and request data corrections or deletions. In some cases, we may limit or deny your request if the law permits or requires us to do so or if we are unable to adequately verify your identity.
Access & Integrity
We ask that you keep your personal information current and make or advise us of any changes to it.
Some employee personal information can be updated directly in Workday.
To update your customer preferences for email communications for our products, services, news updates, bulletins, and reports please go to the preference link found on each specific email communication.
If you believe we hold personal information about you that is, in context, inaccurate, incomplete, untimely, or not relevant to its intended use, you may contact us and request that we correct, update, or delete this information. We will take reasonable steps, as appropriate to the context, to correct inaccurate or incomplete information, or to delete untimely or irrelevant information, upon reasonable demonstration that the information is inaccurate, incomplete, untimely, or not relevant to its intended use. In connection with such requests, we will comply with legal requirements, where applicable.
We reserve the right to: (1) request and obtain reasonable information from you confirming your identity; (2) request and obtain information from you necessary to correct or update the information; (3) reject and/or ignore requests if we determine that such requests are repetitively made, or otherwise lack a good faith basis; and (4) take no further action with respect to your request if you fail to reasonably provide the information described in (1) or (2). We will respond to your request in a timely manner.
For Human Resources data
We will retain personal information of employees and applicants for as long as needed to comply with our legal obligations, resolve disputes, and enforce our agreements.
As a general matter, we must use your personal information for communicating with you and processing any transactions or instructions. In other respects, you may have choices about how we use your information, whether we communicate with you and, if we do communicate with you, what form that communication takes. You may object to our use or disclosure of your personal information by contacting us as set forth in this Policy.
If you do not want us to continue using your personal information for our internal business purposes or wish to revoke your prior consent to do so, you may request that we stop doing so (opt-out) by contacting us as set forth in this Policy. We will honor your opt-out request where required by law, and in many cases even where not legally required. We may not honor your request if there is a need to further use your personal information, for example, if we are compelled by law to provide your personal information, or we require the use of your personal information for purposes of litigation or investigation, or for other legal or business purposes. We may also need to keep the information we have collected about you for internal use only, such as for statistical analytics and compliance reasons, to the extent permitted by law.
As a general rule, we only send you promotional email messages or text messages with your (opt-in) consent. You can stop receiving promotional email messages from us by following the instructions provided in connection with such messages, including at the footer of the email message you receive, or by contacting our Data Privacy Officer at firstname.lastname@example.org
In certain countries, if you are an employee of a customer and use our products and/or services in the course of your employment, we may send you unsolicited marketing via email if your employer has given its consent for you to receive email communications from us, or if your employer has allowed us to contact you directly and gain your consent to receive marketing.
You can also stop receiving promotional email or postal communication from us by contacting our Data Privacy Officer. Please provide your contact details to enable the Data Privacy Officer to identify you and complete your request. If you choose to stop receiving promotional messages from us, we will honor your request. However, we will continue to send you product or service related communications to fulfill our agreement with you.
Typically, we retain your personal information for the period necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by law. Any biometric or similar information we collect, if any, will be deleted no later than the first anniversary of the date the purpose for collecting the identifier expires unless a different period is required by law.
Some users may have the right to request that we delete their personal information. All deletion requests must be directed to the Data Privacy Officer. We may also decide to delete your data if we believe it is incomplete, inaccurate, or that our continued use and storage are contrary to our obligations to other individuals or third parties. When we delete personal information, it will be removed from our active database, but it may remain in archives where it is not practical or possible to delete it. In addition, we may keep your personal information as needed to comply with our legal obligations, resolve disputes, and/or enforce any of our agreements.
How We Protect Your Personal Information
The security of your personal information is important to us.
We follow generally accepted security standards, taking into account the relative risks and nature of the personal information to employ reasonable and appropriate physical, technical, and administrative safeguards to protect against its loss, misuse, tampering, and unauthorized access, alteration, destruction or disclosure, both internally and from outsiders.
Unfortunately, with any transmission over the Internet, there is always some element of risk involved in submitting personal information. In the event that we are required by law to inform you of a breach to your personal information we may notify you electronically, in writing, or by telephone, if permitted to do so by law.
You are responsible for maintaining the secrecy of your passwords and any account information. Please be aware that we will never ask you for your password in an unsolicited phone call or e-mail.
How You Can Contact Us
By mail at:
Data Privacy Officer
Grazebrook Industrial Park
By email at: email@example.com
Through the web page located at: https://privacyportal-uk-cdn.onetrust.com/dsarwebform/b8e7571f-5f8e-40aa-9ba3-bba5557bd7ad/bf36bd66-b8be-4b31-aa89-d28ff573db1e.html
Through our toll-free phone number at +1 (888) 914-9661 and please use the PIN 425 782
If you have an unresolved privacy or personal information use concern that we have not addressed satisfactorily, please contact our U. S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request. Employees should use the following procedures:
If you are not satisfied with our response, and are in the European Union, you may have a right to lodge a complaint with your local Data Protection Authority.
Privacy Concern Handling Process for Human Resource Data
In compliance with the Privacy Shield Principles, we are committed to ensuring that your concerns regarding your Personal Information are investigated and quickly resolved. For this reason, we have developed a privacy concern handling process. It is our intention to resolve all concerns related to your privacy and our privacy practices through this process.
MiTek encourages free and open communication between employees, Human Resources and other management employees. MiTek employees have a responsibility to report any and all concerns related to data privacy or any behavior which they believe is the inappropriate use of Personal Information. Most incidents can be effectively addressed with minimum disruption, if they are promptly reported. The following process will apply for employee disputes or complaints about the use of Personal Information:
- Employees who have a concern about MiTek’s use of Personal Information or a potential data breach should notify their supervisor representative. If such employee is a member of a European Works Council, or Union the employee should follow the designated grievance process. If an employee feels it would be inappropriate to discuss the incident with the supervisor, or if the supervisor is the subject of the complaint, the employee can report such conduct/comment(s) to their Human Resources representative or any other member of management. Employees are encouraged to use the MiTek Open Door Policy. We also have the Ethics & Compliance Hotline available for more serious issues: toll-free 800-261-8651 or at www.brk-hotline.com.
- Any management employee who becomes aware of any data breach or complaint about conduct which may constitute inappropriate use of Personal Information will immediately notify the Data Protection Officer at firstname.lastname@example.org. Failure to do so may result disciplinary action, up to and including termination.
- Any applicant who believes that he/she has observed the inappropriate use of Personal Information or been subjected to data breach should immediately notify the Data Protection Officer at email@example.com. The complaint should be as specific as possible and should generally include the names of individuals involved and any witnesses.
Reports and complaints of the inappropriate use of Personal Information will be investigated promptly and in an objective, impartial manner. MiTek will conduct investigations in a confidential manner, to the extent possible. Disclosure of information regarding such matters will be made on a “need-to-know” basis, consistent with the rights of the individuals involved and MiTek’s obligation to investigate. If MiTek determines that unlawful use of Personal Information occurred, it will take prompt remedial action in accordance with applicable law.
Any employee who believes he/she is being retaliated against should promptly contact their Human Resources representative, his/her supervisor or another member of MiTek management so that concerns can be promptly and thoroughly reviewed. Any employee who engages in unlawful retaliation is subject to disciplinary action, up to and including termination.
Inquiries from Local Data Protection Agencies, Works Councils and the U.S. Department of Commerce Reports and complaints received from Local Data Protection Agencies, Works Councils, the U.S. Department of Commerce or any other local, regional or federal agency should immediately be directed to the Data Protection Officer at firstname.lastname@example.org.
In each case, above, we will respond to you within forty-five (45) days of receipt of your submission and will do our best to address your concerns.
Employees in the EU have the right to contact their local Data Protection Authority where resolution through our internal process is not achievable, or where you may wish to pursue independent resolution mechanisms. To locate the DPA in your jurisdiction, please visit http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index.
Transmission to Other Countries
We may store and process your personal information in systems located outside of your home country. We also may transfer your personal information to countries that may not guarantee the same level of protection for personal information as the one in which you reside. By giving us your personal information, you consent to these transfers.
Third Party Apps & Websites
Cookies & Clear Gifs
A “cookie” is a small text file sent to your device that is used to store limited information about your use of a product or website.
We may use analytics tools provided by Google, Inc. (“Google”) or other similar providers. Analytics tools serve cookies through our products or website and collect aggregated data about users’ and visitors’ use of the product or website. The data collected enables us to understand aggregated user or visitor activity and how we may improve our product or website offering. This data is collected and used on an aggregated basis only and is not used to identify any individual user or visitor.
We also may use marketing automation tools offered by third parties (specific company information can be given upon request). These companies serve cookies to profile a user’s or visitor’s interests and activity. We use data collected through these cookies to serve users or visitors with information, new articles and advertising tailored to their specific needs and requirements.
By using our products and websites you agree that we can place these types of cookies on your device.
We do not currently recognize automated browser signals regarding tracking mechanisms, which may include “Do Not Track” instructions.
Our email and promotional communications to customers and other third parties may also include “Clear Image” gifs to track results of an email campaign.
You have the right to refuse or disable cookies and clear gifs served through our products or website although, if you choose to do so, certain functionality may become unavailable to you.
You can turn off gifs within an email and can visit your email client’s help menu for further information. You can also disable gifs in your browser settings. As the means by which you may do this vary from browser to browser, we recommend you visit your browser’s help menu for further information.
Please note that if you do not set your browser and e-mail settings to disable cookies and clear gifs, you will be indicating your consent to receive them.
You may learn more about how to opt-out of receiving personalized advertisements on this browser or device from advertisers who are members of the Network Advertising Initiative or who subscribe to the Digital Advertising Alliance’s Self-Regulatory Principles for Online Behavioral Advertising by visiting the opt-out options of each of those organizations.
Links to those sites are here:
Network Advertising Initiative: Browser Opt-Out: https://www.networkadvertising.org/choices/
Digital Advertising Alliance: Browser Opt-Out: https://www.aboutads.info/choices/
Both Network Advertising Initiative and Digital Advertising Alliance: App Opt-Out: https://youradchoices.com/appchoices
Your mobile device may include a feature (“Limit Ad Tracking” on iOS or “Opt Out of Interest-Based Ads” on Android) that allows you to opt-out of having certain information collected through apps used for interest-based advertising purposes, or notify interest-based advertising companies that you do not want to be tracked. When you opt-out of personalized advertising, you may continue to see online advertising on the services or our ads on other websites.
This section applies to the personal information of California (U.S.A.) residents as governed by California law including the California Consumer Privacy Act (“CCPA”).
We do not “sell” your personal information. We also do not rent, sell, or share personal information (as defined by California Civil Code § 1793.83) about you that we collect with other people or unaffiliated companies for their direct marketing purposes, unless we have your permission.
Under the CCPA, a California resident has the following rights: to request additional information about our data collection, use, disclosure, and sales practices in connection with the consumer’s personal information; to request the specific personal information collected about them during the previous 12 months; and to request the deletion of the personal information we have about them. A California resident may not be discriminated against for exercising their California privacy rights.
Under the CCPA, California residents may use an authorized agent to make privacy rights requests. We require the authorized agent to provide us with proof of the California consumer’s written permission (for example, a power of attorney) that demonstrates authorization to submit a request on their behalf. We will also (a) require the authorized agent to verify their own identity and (b) confirm the agent’s authority with the California consumer about whom the request was made.
Please see Appendix A for a description of the categories of information which are (1) collected and (2) transferred for an organization’s “business purpose” (as that term is defined under California law) in the past 12 months.
Changes to policy
Appendix A: California Information-Sharing Disclosure
California Civil Code 1798.115(c), 1798.130(a)(5)(c), 1798.130(c), and 1798.140 indicates that companies should disclose whether the following categories of information are collected, transferred for consideration, or transferred for an organization’s “business purpose” as that term is defined under California law (or were collected or transferred in the past 12 months). We do not “sell” your personal information. Note that while a category may be marked, that does not necessarily mean we have information in that category about you. For example, while we transfer bank account numbers for our business purpose in paying our employees (e.g., direct deposit) we do not collect or transfer bank account numbers of individuals that submit questions on a Site’s “contact us” page.
Categories of Personal Information We Collect
Identifiers – this may include real name, alias, postal address, unique personal identifier, online identifier, email address, account name, social security number, driver’s license number, passport number or other similar identifiers.
Additional categories of personal information described in the California Customer Records statute (Cal. Civ. Code § 1798.80(e) – this may include signature, physical characteristics or description, state identification card number, insurance policy number, education, bank account number, credit card number, debit card number, and other financial information, medical information, and health insurance information.
Characteristics of protected classifications – this may include age, sex, race, ethnicity, physical or mental handicap, etc.
Commercial information – this may include information about products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
Internet or other electronic network activity information – this may include browsing history, search history, and information regarding an individual’s interaction with an internet website, application, or advertisement.
Audio, electronic, visual, thermal, olfactory, or similar information
Professional or employment-related information
Inferences drawn from any of the information listed above
To Whom We Disclose Personal Information for a Business Purpose
• Advertising networks
• Affiliates or subsidiaries
• Business partners
• Data analytics providers
• Data brokers
• Government entities, as may be needed to comply with law or prevent illegal activity
• Internet service providers
• Joint marketing partners
• Operating systems and platforms
• Other Service Providers
• Payment processors and financial institutions
• Professional services organizations, this may include auditors and law firms
• Social networks