To note, if your company engages Mimecast to provide Mimecast’s products and services (collectively, the “Services”), your company and Mimecast will enter into a separate user agreement that will, among other things, govern the use of all of the information and data collected and maintained by Mimecast in connection with the operation of the Services, including data collected through certain features made available to customers through the Site. Any agreement between your company and Mimecast will take precedence over any conflicting provision in this Privacy Statement. Your user agreement applies to your use of our customer portal, and any Personal Data provided or generated by creating your user account and your use of the customer portal.
If you have questions about this Privacy Statement or our practices regarding your Personal Data, you can reach us by using the contact information provided below.
This Privacy Statement was last updated on September 11, 2019.
What type of Personal Data do we collect and how do we use it?
We generally collect contact and business information as well as other details of your engagement with Mimecast and use it to provide, improve, and develop our business and the Services we offer and to provide you support when you need it. We also may use the Personal Data to communicate with you, for example, about your account, security updates and product information. We also may use aggregated security data to protect our customers and the broader internet from threats.
Collecting Personal Data
The Personal Data we collect includes:
- Your name, email address, postal address or telephone number;
- Your title, company name and address;
- Details of the resources you access on the Site and any data you download; and/or
- Details of other engagements with Mimecast, such as trade show interactions.
In some instances, we may combine one type of information with another, and store them together in our records. In all cases, however, we strive to limit the amount of Personal Data we collect and store.
We ask that you not send or otherwise share with us any sensitive Personal Data, which includes but is not limited to your government-issued ID numbers (e.g. Social Security number, national identification number, or driver’s license number), racial or ethnic information, political or religious opinions, or your health information.
We collect Personal Data in a variety of ways including:
- Through web pages on the Site (e.g. when you request a white paper or complete a form for general or partner inquiries);
- Through responses to an online email or electronic promotion or survey;
- Over the telephone.
Using Personal Data
As it is in our legitimate interest to be responsive to you and to ensure the proper functioning of our Services and organization, we will use your Personal Data in the following ways:
- To assist in responding to your inquiries, including answering your questions on pricing and technical information relating to our Services;
- To learn more about your requirements (through surveys and the like) in support of development of our Services;
- To carry out research on our users' demographics;
- To request your opinion and feedback on areas of the Site or in connection with our Services;
- At your request to register you for a trial of our Services; and
- At your request to provide you with a quote for our Services.
If you consent, or where we are permitted under applicable law, we will send you information we think you will find useful about our Services or, at your request, subscribe you to our newsletters and alerts concerning the Services we provide. You are able to change your subscription preferences anytime though our Preference Center by clicking here.
We may obtain information from third parties to combine with the Personal Data we have gathered as described in this Privacy Statement in order to improve our marketing activities and to ensure the Personal Data we hold are relevant and up-to-date. Also, if we provide a means for you to refer a third party to the Site, we will send the third party an email on your behalf with details about the Site. You can unsubscribe to emails by following the unsubscribe instructions in our Preference Center by clicking here, through marketing email communications sent to you, or you can raise a request via our dedicated online portal here or by post at the address provided below. We provide additional information about your Data Subject Rights and how you may exercise them below.
How do we share Personal Data?
We share your Personal Data as described in this Privacy Statement or as necessary to provide any Services you have requested or authorized. We share Personal Data with Mimecast-controlled affiliates, partners, properly vetted sub-processors and third party service providers throughout the world, when required by law, to protect the security our customers with respect to the information that passes through our Services, as well as to protect the rights or property of Mimecast.
Sharing and Disclosing Personal Data
We do not sell or rent your Personal Data to third parties. We do not share Personal Data, except as expressly provided in this Privacy Statement. We share your Personal Data with the following recipients for the following reasons (keep in mind that all of these third parties and reasons may not be applicable to you):
- Our reseller partners to allow them to provide marketing information on our behalf as described above.
- Third party service providers that assist us with (i) website hosting and maintenance; (ii) sending communications; (iii) updating marketing lists and database management; (iv) analyzing data; and (v) the provision of the Site and the marketing of our Services. These service providers will only use your Personal Data to the extent necessary to perform their functions and are subject to contractual obligations to maintain the security and confidentiality of all information they process.
- We may analyze some of your Personal Data and Other Data and IP Information (both described below) in aggregate form which does not identify you personally. We may share this aggregate data with our affiliates, current and prospective business partners, and to other third party service providers to disclose aggregate statistics about visitors to the Site and in order to describe our Services generally, including on our Site, but these statistics will not include Personal Data. We may also share this information with these parties for other lawful purposes.
- In addition, in the event of a corporate sale, reorganization, dissolution or the sale of any business or assets, Personal Data will be included in the transferred assets. As a result, the successor of Mimecast will continue to use your Personal Data as set forth in this Privacy Statement.
- We will disclose your Personal Data if required to do so to comply with any applicable law or regulation or in response to a legal demand, subpoena, warrant or other similar request. We will also disclose your Personal Data to any regulatory or law enforcement or governmental agency if we believe that such action is necessary to protect the rights, property or personal safety of Mimecast, its customers, the public or any third party.
Where is my Personal Data transferred?
Your Personal Data may be transferred to Mimecast-controlled affiliates and properly vetted sub-processors throughout the world. Your Personal Data may also be transferred to our third-party service providers who are under contractual obligations to ensure the safety and confidentiality of such data. Personal Data collected within the European Economic Area (“EEA”) may be transferred to countries outside of the EEA. We utilize a variety of mechanisms to ensure the security and legitimacy of these transfers.
Transferring your Personal Data
The Personal Data that we collect from you will be transferred to, stored and processed by our affiliates, properly vetted sub-processors and third party service providers. These parties are engaged in, among other things, the provision of our Services, as well as support services, and maintenance and operation of the Site. By submitting your Personal Data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your Personal Data is treated securely and in accordance with this Privacy Statement. Each Mimecast subsidiary and affiliate receiving your Personal Data is bound by an Intercompany Agreement that complies with the standard contractual clauses for the transfer of Personal Data to controllers established in third countries set out in the European Commission Decision 2010/87/EU. All sub-processors and third party service providers are under appropriate contractual obligations to ensure the safety and confidentiality of your Personal Data.
How secure is my Personal Data?
We have a dedicated internal security organization that implements and operates a comprehensive set of security controls to protect your Personal Data.
At Mimecast, we are committed to maintaining the security of the Personal Data we collect from activity on this Site and from other marketing efforts, as well as through our Services. We have therefore implemented technical and operational measures that are intended to reduce the risk of accidental destruction or loss, or the unauthorized disclosure or access to Personal Data that are collected either through our marketing efforts or the Services. You can learn more about our technical and organizational measures by clicking here.
These technical and organizational measures are periodically reviewed and enhanced as necessary and only authorized personnel have access to Personal Data. While we use all reasonable efforts to prevent the loss or misuse of your Personal Data, we cannot guarantee the security of any Personal Data you submit via the Site or that the Personal Data that you supply will not be intercepted while being transmitted to and from us over the Internet. Therefore, you acknowledge and agree that we assume no liability regarding the theft, loss, alteration, or misuse of your Personal Data, including, without limitation, such Personal Data that has been provided to third parties or other users, or with regards to the failure of a third party to abide by the agreement between us and such third party.
What kind of technical data do we collect?
In addition to the Personal Data described above, we collect technical data and other information when you use our Services or visit our Site. You provide some of this Personal Data directly, such as when you register for a webinar, administer your organization’s Mimecast account, or contact us for support. We collect some of it by recording how you interact with our Site by, for example, using technologies like cookies or collecting basic device information like your browser type. We provide more information about cookies below.
Technical information collected automatically from the Site
When you visit the Site, our systems automatically collect the following information about your visit (“Other Data”):
- the type of internet browser you use;
- the language of your browser;
- the website from which you have come to the Site;
- the webpages you view on our Site; and
- the links you clicked on our Site;
We also collect your public IP address (the unique address which identifies your computer on the internet). This IP address is typically collected on a country or regional level. We collect your IP address to verify that requests are legitimate and we may automatically cross-reference your public IP address with your domain name (identified collectively as “IP Information”). "Other Data" does not include IP Information.
We use this Other Data and IP information to assist us in:
- providing, improving, and administering the Site;
- providing customer care and support services;
- providing security and safety to our Site visitors;
- monitoring activity usage of the Site; and
- measuring the effectiveness of the content we serve.
We do not use Other Data and IP Information to learn any information about you personally but it may be associated by us or our third party service providers with Personal Data that has been provided by you or otherwise available to or held by us. The collection of this Other Data and IP Information will cease once your use of the Site has ceased, depending on your use of our Services your IP Information may still be collected. However, the Other Data and IP Information collected may be retained, accessed, and used by us as long as necessary for the purposes described herein.
What about cookies?
We (or our third party service providers) may collect your Personal Data using cookies, pixel tags, web beacons, embedded web links, and similar technologies for:
- Storing your preferences and settings - We may store Personal Data in a cookie so you will see relevant local information when you return to the Site. We also may save preferences, like language and browser so these do not have to be reset each time you return to the Site.
- Detecting abuse or fraud on the Site.
For example, we use Google Analytics, a web analytics service provided by Google, Inc., to evaluate your use of the Site, compile reports on activity, and provide other services relating to Internet usage. Google Analytics uses first-party cookies that store information, such as what time the current visit occurred, whether the visitor has been to the web page before, and what site referred the visitor to the web page.
We have also implemented Display Advertising Remarketing with Google Analytics to advertise online. This means that third-party service providers, including Google, display our ads on sites across the Internet and that we and third-party service providers, including Google, use first-party cookies (such as the Google Analytics cookie) and third-party cookies (such as the DoubleClick cookie, see: http://www.google.com/doubleclick) together to inform, optimize, and serve ads based on your past visits to the Site.
By using the Site, you consent to the processing of data about you by Google in the manner and for the purposes set out above. If you choose, you can opt out of the processing of data about you by Google for Display Advertising and/or customize the ads by using Google's Ads Settings at: http://www.google.com/settings/ads. You can opt out of the processing of Personal Data about you by Google generally by turning off cookies in the preferences settings in your browser, or by downloading and installing Google Analytics Opt-out Browser Add-on at http://tools.google.com/dlpage/gaoptout. The Google Analytics Opt-out Browser Add-on does not prevent information from being sent to the Site itself or to other web analytics services.
For more information on Google Analytics, please visit: https://www.google.com/analytics/.
You can choose to reject certain collection technologies (such as cookies) but then you might not be able to take advantage of many of our features. You can read more about cookies here.
What is your commitment to children’s online privacy?
Our Site is not directed at children. Mimecast does not knowingly accept online Personal Data from children under the age of 18 through our Site. If you are under 18 or otherwise would be required to have parent or guardian consent to share Personal Data with Mimecast through our Site, you should not send any information about yourself to us through our Site.
What about external links?
The Site shall, from time to time, contain links to external sites. Our Privacy Statement does not apply to these other sites. We are not responsible for the privacy policies or the content of such sites and you should familiarize yourself with such policies upon use of those sites.
What are my Data Subject Rights and how do I exercise them?
You have rights with respect to the processing of the Personal Data that you have provided to us. For example, you may view, edit, delete, or move your Personal Data. In certain circumstances, you may object or withdraw your consent to certain processing of your Personal Data. You may also lodge a complaint with a supervisory authority. Any of these rights may be exercised at any time. For customers of our customers, please contact your system administrator. For Mimecast direct customers/partners/contacts, you can exercise your rights via our dedicated online portal here. NOTE: We may ask you to verify your identity.
Personal Data rights. You have the right to access and receive a copy of Personal Data that we hold about you, to rectify any Personal Data held about you that is inaccurate or, in certain circumstances, request the deletion of Personal Data held about you. You also have the right of data portability for Personal Data you have provided to us – this means that you can obtain a copy of your Personal Data in a commonly used machine-readable electronic format so that you can manage and move it, or request that we send it to a third party. You may have the right to restrict or object to the processing of your Personal Data by us, including for direct marketing. You can exercise your rights via our dedicated online portal here.
Marketing. You have the right to ask us not to process your Personal Data for marketing purposes. You can exercise your right to prevent such processing at any time by contacting us at via our dedicated online portal here, or by managing your subscription preferences through our Preference Center by clicking here.
Complaints. In compliance with the Privacy Shield Principles, Mimecast commits to resolve complaints about our collection or use of your Personal Data. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact our dedicated online portal here and we will respond to your request. This is without prejudice to your right to file a claim with a supervisory authority (e.g. the Information Commissioner’s Office in the UK). If you have an unresolved concern relating to your Personal Data that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) JAMS for more information or to file a complaint.
What about changes to this Privacy Statement?
We will occasionally update this Privacy Statement. When we do, we will post a prominent notice in this section of this Privacy Statement notifying users when it is updated. For material changes (i.e., substantially new practices you wouldn’t expect from us or that we didn’t previously tell you about), we may decide to give you notice via email.
To subscribe to notifications for changes to this and other GDPR related information, please click here and subscribe to the “GDPR Documents” feed.
How do I contact you?
We have a global data protection officer and team to provide you the support you need.
General Privacy Inquiries: Please submit any questions, concerns or comments you have about this Privacy Statement or any requests concerning your Personal Data to our Data Protection Officer by email to firstname.lastname@example.org, or writing to us at:
Mimecast North America, Inc.
Attn: Trust Department
191 Spring Street
Lexington, MA 02421 USA
+1 (617) 393-7050