Our lawyers made the below nice and legal (because that’s their job). They did let us put together this summary though, which lets us boil down everything you’re about to read in a nice, easy to understand context. Do your diligence on the below though (that’s your job). If anything doesn’t make sense or you’d like to put together custom terms, email us at hello@matterlens.com. For most companies we’re happy to oblige to fulfill your security, compliance, and privacy requirements.
WE DO NOT AND WILL NOT SELL YOUR DATA
To be crystal clear – MatterLens DOES SHARE YOUR DATA WITH THE MUSEUM’S YOU VISIT AND MUSUEM’S WITHIN THE MatterLens NETWORK.
Further, your data is rarely accessed with the only reasons we’d ever look at your data is if there’s a QA or security issue, or if you give us permission for the purposes of analysis and helping you with identifying problems/opportunities in your business. We do study data in aggregate to improve our products, security, and knowledge of the market to help you. If you’d like to opt out of this, you can through signing a custom Terms of Use with us. Just email hello@matterlens.com to get the ball rolling.
WHAT ABOUT GDPR AND EU DATA PROTECTION?
We have you all taken care of on the GDPR front. You can check out more information our GDPR practices below, but you can also sign our Data Processing Addendum. We’re also fully certified under the US-EU and US-Swiss Privacy Shield, which you can learn more about below.
HOW’S MatterLens’S SECURITY?
When it comes to security we do a lot, this is an area that’s extremely important to our continued success. There’s a full write up here on our security page, but if you’d like our full security risk assessment, send us an email at hello@matterlens.com. This Privacy Policy applies to the websites: www.goMatterLens.com (the “Sites”) owned and operated by MatterLens, Inc. (collectively, “MatterLens”, “we”, “us”, or “our”). This Privacy Policy describes how MatterLens collects, uses, shares and secures the personal information you provide, as well as the human resources data transferred to us for processing on behalf of our customers. It also describes your choices regarding use, access and correction of your personal information.
EU-U.S. AND SWISS-U.S. PRIVACY SHIELD FRAMEWORKS
MatterLens, Inc. complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. MatterLens Inc. has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.
MatterLens is responsible for the processing of personal data it receives, under each Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. MatterLens complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, MatterLens is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, MatterLens may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
In compliance with the Privacy Shield Principles, MatterLens, Inc. commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact MatterLens, Inc. at hello@matterlens.com.
MatterLens, Inc. has further committed to refer unresolved Privacy Shield complaints to an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, you may visit https://www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint (free of charge).
To facilitate fast and convenient resolution of complaints, you agree to participate in on-line dispute resolution through JAMS Online Mediation (Endispute).
Under certain conditions, Privacy Shield provides the right to invoke binding arbitration when other dispute resolution procedures have not provided resolution.
COLLECTION:
We may collect the following personal information from you:
- Contact Information, such as name, email address, mailing address, or phone number;
- Demographic information, such as age, education, gender, interests and zip code;
- Billing Information, such as credit card number and billing address;
- Unique Identifiers, such as username, account number or password;
- Geo location based on IP address;
We may also collect, from you, personal information about your contacts such as Name and email address where we can send receipts of your purchases. When you provide us with personal information about your contacts we will only use this information for the specific reason for which it is provided. If you believe that one of your contacts has provided us with your personal information and you would like to request that it be removed from our database, please contact us at the contact information below.
As is true of most websites, we gather certain information automatically. This information may include Internet protocol (IP) addresses, browser type, Internet service provider (ISP), referring/exit pages, the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, and/or clickstream data to analyze trends in the aggregate and administer the site
MatterLens and its partners use cookies or similar technologies to analyze trends, administer the website, track users’ movements around the website, and to gather demographic information about our user base as a whole. You can control the use of cookies at the individual browser level, but if you choose to disable cookies, it may limit your use of certain features or functions on our website or service.
USE:
The personal information as indicated being collected above is used for billing, identification, authentication, service improvement, research, and contact.
INFORMATION SHARING
1. With Third Parties:
We may share your information with third-party business partners including museums, for instance, for the purpose of enhancing our products and services. If you do not want us to share your personal information with these companies, contact us at the contact information below.
2. With Service Providers:
We may share your information with third parties who provide services on our behalf to help with our business activities. These companies are authorized to use your personal information only as necessary to provide these services to us, to which these services may include:
- Payment processing
- Providing customer service
- Sending marketing communications
- Conducting research and analysis
- Providing cloud computing infrastructure
3. With Public Authorities or Law Enforcement:
In certain situations, MatterLens may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We may also disclose your personal information as required by law, such as to comply with a subpoena or other legal process, when we believe in good faith that disclosure is necessary to protect our rights, when we believe there is a violation to our Terms of Service (see MatterLens Terms of Service), protect your safety or the safety of others, investigate fraud, or respond to a government request. If MatterLens is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our website, of any change in ownership, uses of your personal information, and choices you may have regarding your personal information. We do not sell, rent or share personal information with third parties without your prior consent.
SECURITY
The security of your personal information is important to us. We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once it is received. MatterLens, Inc. ensures that all source code, files and data remain private and confidential. Due to the sensitive nature of source code we take this very seriously and make it our primary concern for all customers. We restrict access to personal information to MatterLens employees, contractors and agents who need to know that information in order to operate, develop, or improve our service. These individuals are bound by confidentiality obligations and may be subject to discipline, including termination and criminal prosecution, if they fail to meet these obligations.
If you have any questions about the security of your personal information, you can contact us at the contact information below. We may retain your information for as long as your account is active or as needed to provide you services, comply with our legal obligations, resolve disputes and enforce our agreements.
ACCESS
Upon request MatterLens will provide you with information about whether we hold any of your personal information. You may access, correct, or request deletion of your personal information by logging into your account or by contacting us at the contact information below. We will respond to your request within a reasonable timeframe. In certain circumstances we may be required by law to retain your personal information, or may need to retain your personal information in order to continue providing a service.
MatterLens, Inc. acknowledges that you have the right to access your personal information. MatterLens has no direct relationship with the individuals whose personal data it processes. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct their query to the MatterLens, Inc.’s Client (the data controller). If requested to remove data we will respond within a reasonable timeframe. In certain circumstances we may be required by law to retain your personal information, or may need to retain your personal information in order to continue providing a service.
CHOICE
We partner with a third party to display advertising on our website or to manage our advertising on other sites. Our third party partner may use cookies or similar technologies in order to provide you advertising based upon your browsing activities and interests. You may sign-up to receive email or newsletter or other communications from us. If you would like to discontinue receiving this information, you may update your email preferences by using the “Unsubscribe” link found in emails we send to you or by contacting us at the contact information below.
CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Policy to reflect changes to our information practices. If we make any material changes we will notify you by email (sent to the e-mail address specified in your account) or by means of a notice on this website prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.
PRIVACY QUESTIONS / FEEDBACK
If you have questions or concerns about MatterLens Privacy Policy please contact us at hello@matterlens.com.
EU GENERAL DATA PROTECTION REGULATION
There have been countless articles written on what GDPR is, but overall GDPR is a big update in data regulations in the EU that adds some new requirements regarding how companies should protect individuals’ data that they process. GDPR also increases the penalties for non-compliance by imposing greater fines for breaches.
There are 99 articles in the regulation setting out the rights of individuals and obligations placed on organizations covered by the regulation. I’d encourage you to consult your own lawyer (we’ve spoken to plenty to get this right), but essentially GDPR raises the stakes on the use, ownership, and protection of personal data.
Personal data can be anything that allows an individual to be directly or indirectly identified (name, address, IP address, etc.) and can also encompass pseudonymized data if you can back into identifying someone. GDPR wraps this concept up to giving people the “right to be forgotten.”
GDPR also requires much more transparency for businesses to make it clear on how you’re using personal data. All of these obligations are required for any company with any connection to EU citizens, which means that US companies need to comply, as well (unless they’ve made the decision of not allowing EU citizens to use their products).
DON’T YOUR DATA CENTERS NEED TO BE IN THE EU NOW?
No. GDPR does not require that our data centers be in the EU. GDPR allows a company to transfer data outside of the EU as long as practices are put in place to make sure that personal data is properly protected. We’ve certified under the EU-U.S. and Swiss-U.S. Privacy Shield frameworks to satisfy this requirement and also offer up our DPA.
WHERE CAN I FIND YOUR DPA?
Our compliance, data protection, and information security teams have collaborated to construct a Data Processing Agreement so you can rest assured your data is safe with us. We started from the ground up to review all our data processing activities and security processes to meet, and often exceed, GDPR security requirements.
HOW DOES MatterLens HANDLE PRIVACY UNDER GDPR?
To be crystal clear – MatterLens does not and will not ever sell your data to third parties. Your data is your data. Further, your data is rarely accessed with the only reasons we’d ever look at your data is if there’s a QA or security issue, or if you give us permission for the purposes of analysis and helping you with identifying problems/opportunities in your business.
On the GDPR front, there are some provisions on international data transfer mechanisms. To comply with these we certified under the EU-U.S. and Swiss-U.S. Privacy Shield frameworks, a mechanism that had been approved for cross border transfer of personal data under the Directive.
From a product perspective, you have the ability to anonymize a user through the Customer section, which allows you to maintain their data in your numbers for consistency and legal/regulatory purposes, but evaporates their identification from our databases. We’ve also added the ability to completely delete a user and their history from our databases (including all of their financial history).
WHAT IF I HAVE MORE QUESTIONS?
If you have any questions or concerns regarding how we protect personal data to comply with GDPR, please don’t hesitate to contact us at hello@matterlens.com.