Mimecast’s Email Security And Web Security Processing Details
Including Mimecast’s CyberGraph™ service (f/k/a MessageControl Codebreaker and Silencer) and MessageControl Gatekeeper
Duration of the Processing
The Personal Data Processed by Data Processor will be Processed for the duration of the Agreement.
Data Subjects
The Personal Data processed concern the following categories of individuals:
Employees, freelancers and contractors of the Data Controller;
Permitted Users and other participants from time-to-time to whom the Data Controller has granted the right to access the Services in accordance with the Agreement;
End user customers of Customers of the Data Controller and individuals with whom those end users customers communicate with by email and/or instant messaging;
Service providers of the Data Controller; and/or
Other individuals to the extent identifiable in the content of emails, instant messaging, their attachments, or in archiving content.
Categories of Data
The Personal Data processed concern the following categories of data:
Personal details, names, user names, passwords, email addresses of Permitted Users;
Personal data derived from the Permitted Users’ use of the Services such as records and business intelligence information;
Personal data within email and instant messaging content which identifies, or may reasonably be used to identify, Data Subjects; and/or
Meta data including but not limited to the following fields: sent, to, from, date, time, subject, which may include personal data.
Special Categories of Data (If Appropriate) The Personal Data processed concern the following special categories of data: No sensitive data or special categories of data are intended to be processed but may be contained in the content of or attachments to email and/or instant message.
Processing Operations
The Personal Data processed will be subject to the following basic Processing activities:
Personal Data will be Processed to the extent necessary to provide Services in accordance with the Data Processing Agreement, the Agreement and Data Controller’s Instructions. The Data Processor Processes Personal Data only on behalf of the Data Controller.
Technical support, Issue diagnosis and error correction to ensure the efficient and proper running of the systems and to identify, analyze and resolve technical issues both generally in the provision of the Services and specifically in answer to a customer query. This operation relates to all aspects of Personal Data Processed but will be limited to metadata where possible by the nature of any request.
The following does not apply to CyberGraphTM Services: Virus, anti-spam and malware checking in accordance with the Services provided. This operation relates to all aspects of Personal Data Processed.
URL scanning for the purposes of the provision of targeted threat protection and similar service which may be provided under the Agreement. This operation relates to attachments and links in emails and/or instant messaging and will relate to any Personal Data within those attachments or links which could include all categories of Personal Data.