Mimecast’s Cyber Resilience and Web Security Processing Details

Duration of the Processing

The Personal Data Processed by Data Processor will be Processed for the duration of the Agreement:

Data subjects

The Personal Data transferred concern the following categories of Data Subjects:
Employees, freelancers and contractors of the Data Controller;
Permitted Users and other participants from time-to-time to whom the Data Controller has granted the right to access the Services in accordance with the Agreement;
End user customers of Customers of the Data Controller and individuals with whom those end users customers communicate with by email and/or instant messaging;
Service providers of the Data Controller.
Other individuals to the extent identifiable in the content of emails or their attachments or in archiving content.

Categories of data

The personal data transferred concern the following categories of data (please specify):
Personal details, names, user names, passwords, email addresses of Permitted Users
Personal data derived from the Permitted Users use of the Services such as records and business intelligence information.
Personal data within email and messaging content which identifies or may reasonably be used to identify, Data Subjects.
Meta data including sent, to, from, date, time, subject, which may include personal data.

Special categories of data (if appropriate)

The personal data transferred concern the following special categories of data (please specify):
No sensitive data or special categories of data are intended to be transferred, but may be contained in the content of or attachments to email.

Processing operations

The personal data transferred will be subject to the following basic Processing activities (please specify):
Personal Data will be Processed to the extent necessary to provide Services in accordance with the Data Processing Agreement, the Agreement and Data Controller’s Instructions. The Data Processor Processes Personal Data only on behalf of the Data Controller

Technical support, Issue diagnosis and error correction to ensure the efficient and proper running of the systems and to identify, analyse and resolve technical issues both generally in the provision of the Services and specifically in answer to a customer query. This operation relates to all aspects of Personal Data Processed but will be limited to metadata where possible by the nature of any request.

Virus, anti-spam and Malware checking in accordance with the Services provided. This operation relates to all aspects of Personal Data Processed.

URL scanning for the purposes of the provision of targeted threat protection and similar service which may be provided under the Agreement. This operation relates to attachments and links in emails and will relate to any Personal Data within those attachments or links which could include all categories of Personal Data.