Mimecast's Brand Exploit Protect Services Processing Details
Duration of the Processing
The Personal Data Processed by Data Processor will be Processed for the duration of the Agreement.
The Personal Data processed concern the following categories:
Employees, freelancers and contractors of the Data Controller;
Permitted Users and other participants from time-to-time to whom the Data Controller has granted the right to access the Services in accordance with the Agreement; and/or
Service providers of the Data Controller.
Categories of data
The Personal Data processed concern the following categories of data:
Personal details: names, user names, passwords, telephone numbers, email addresses, IP addresses of Permitted Users;
Third party personal data derived from monitoring via Brand Exploit Protect Services (name, physical addresses, telephone numbers, email addresses, IP addresses);
Personal data derived from the Permitted Users’ use of the Services such as records and business intelligence information;
Personal data within email and messaging content which identifies or may reasonably be used to identify Data Subjects if a Takedown is requested; and/or
Meta data including sent, to, from, date, time, subject, which may include personal data.
Special categories of data (if appropriate)
The personal data processed concern the following special categories of data:
No sensitive data or special categories of data are intended to be processed.
The Personal Data processed will be subject to the following basic Processing activities:
Personal Data will be Processed to the extent necessary to provide Services in accordance with the Data Processing Agreement, the Agreement and Data Controller’s Instructions. The Data Processor Processes Personal Data only on behalf of the Data Controller.
Technical support, Issue diagnosis and error correction to ensure the efficient and proper running of the systems and to identify, analyse and resolve technical issues both generally in the provision of the Services and specifically in answer to a customer query. This operation relates to all aspects of Personal Data Processed but will be limited to metadata where possible by the nature of any request.
URL scanning for the purposes of the provision of targeted threat protection and similar service which may be provided under the Agreement. This operation can relate to attachments and links in emails and will relate to any Personal Data within those attachments or links which could include all categories of Personal Data.