Last updated: August 20, 2018
1.1. Personal Information
1.2. Non-Personal Information
2.1. Personal Information You Provide To Us
2.2. Personal Information Collected via Technology
2.3. Personal Information Collected By Third Parties
3.1 Use of Personal Information
3.2 Use of Non-Personal Information
3.3 Use of Feedback 3.4 Use of Profiles
4.1. The legal basis for processing your Personal Information
4.2. How Long We Hold Your Personal Information
4.3. Consequences of not providing Personal Information
4.4. Transfer of Personal Information outside the EEA
4.5. EEA Data Subject Rights in Personal Information
5.1. With Respect to Direct Marketing Communications
5.2. With Respect to Your Account
5.3. With Respect to Cookies
5.4. With Respect to Advertising
5.5. With Respect to Testimonials
6.1. Collection of Technical Information
6.2. Use of Technical Information
6.3. Disclosure of Technical Information
6.4. Access to Personal Information Included in Technical Information
1. TYPES OF INFORMATION COLLECTED
When you use the ATS, access the Site, or otherwise communicate with us via the Services we collect both your Personal Information and Non-Personal Information in various ways as described below in Section 2.
“Personal Information” is data or information that can be used to uniquely identify or contact a single person including, for example, your name, mailing address, email address, phone number, and zip or post code. Further information about the types of Personal Information that we collect and where we collect it from is set out below in Section 2.
“Non-Personal Information” is data in a form that does not permit direct association with any specific individual. We may also create Non-Personal Information from Personal Information by excluding information (such as your name) that makes the information personally identifiable to you in accordance with applicable privacy laws.
2. TYPES OF PERSONAL INFORMATION AND HOW IT IS COLLECTED
2.1 Personal Information You Provide To Us.
2.2 Personal Information Collected via Technology.
Browser and Device Data, such as IP address, domain name, device type, operating system and Internet browser type, screen resolution, operating system name and version, device manufacturer and model.
Usage Data, such as time spent on the Site, pages visited, links clicked, language preferences, and the pages that led or referred you to our Site.
A further description of certain of the technologies we use follows:
To Improve Performance: Cookies are used for operational purposes including improving performance through load balancing to help ensure that our Site remains up and running.
Sign-In and Authentication: When you sign into the Site with your user ID and password we store an encrypted Cookie on your device. This Cookie allows you to move from page to page within our Site without having to sign in again on each page. You can also save your sign-in information so you do not have to sign in each time you return to the Site.
Information Storage: When you make a purchase on our Site, we store the data in a Cookie to remember the applicable subscription terms and related information.
Implementing Opt-Out Choices: When you opt-out of tracking on the Site, a Cookie is stored that blocks other Cookies from being stored.
Third parties may also set Cookies when you visit the Site. In some cases, that is because we have hired the third party to provide services on our behalf, such as Stripe for payment processing services, and Google Analytics for analytical services to help us analyze your use of the Site and diagnose technical issues. In other cases, it is because our web pages contain content or ads from third parties, such as videos, news content or ads delivered by other ad networks; or provide for sharing of information via third party social media features or interactive programs that run on our Site. Because your browser connects to those third parties’ web servers to retrieve and/or share that content, those third parties are able to set or read their own Cookies on your device and may collect information about your online activities across websites or online services. To control Cookies from those third parties, please visit their sites.
“Web beacons” are tiny graphic images with a unique identifier, similar in function to Cookies that are used to track online movements of web users. In contrast to Cookies, which are stored on a user’s computer hard drive, web beacons are embedded in web pages. Web beacons also allow us to send email messages (subject to your prior consent as applicable if you are based in the EEA) and determine whether those emails have been opened, to ensure that we are sending only messages that are of interest to our customers. We may use this information to reduce or eliminate messages sent to a user.
3. HOW WE USE YOUR INFORMATION AND WHO WE DISCLOSE IT TO
3.1 Use of Personal Information.
3.2 Use of Non-Personal Information.
We may collect and use Non-Personal information, including, but not limited to, customer-supplied automated test scripts and metadata, for any purpose, including so that we can better understand customer behavior and usage patterns to improve our products and services, and to enhance Site navigation. We may aggregate Non-Personal Information across multiple accounts and use this information to create and publish industry benchmarks or comparative performance metrics.
3.3 Use of Feedback.
3.4 Use of Profiles.
When you and others interact with our Site we will collect your Personal Information and analyze your information to build individual profiles based on factors such as company size and industry. These profiles will be used to help us predict future interest in our services, or to determine what offers are most likely to be of interest to companies based, for instance, on their size, industry or geographic location so that we may tailor our marketing communications to include offers and content that are relevant to them; provided that if a company is based in the European Economic Area, we would only communicate with it about such offers with their prior permission. This profiling is based on your activity on our Site (e.g., what you are reading or downloading) and is updated in real-time based on your activity on the Site.
You can let us know at any time and free of charge, if you would like us to stop using your Personal Information in this way by contacting us at firstname.lastname@example.org.
4. INFORMATION FOR INDIVIDUALS IN THE EUROPEAN ECONOMIC AREA (“EEA”)
4.1 The legal basis for processing your Personal Information.
Use of Personal Information under European data protection law must be based on one of the following legal bases:
Consent: processing your Personal Information on the basis of consent means that you have provided your prior consent to our use of your Personal Information (e.g., in relation to direct marketing). You may withdraw your consent to the use of your Personal Information at any time by contacting us at email@example.com.
Contract performance: processing your Personal Information on the basis of contract performance means that we are required to collect and handle your Personal Information in order to provide you with the services that we have contractually agreed to provide to you (e.g. use of the ATS under the TOS).
Legal obligation: processing your Personal Information on the basis of legal obligation means we need to use your Personal Information to comply with our obligations under applicable laws, regulations, or judicial or regulatory actions or rulings.
Legitimate interests: processing your Personal Information on the basis of legitimate interests means we have a genuine, lawful, valid or bonafide interest in using your Personal Information (e.g. to promote or manage our business, or to allow us to provide or improve our products and services, or to promote the “public interest”) taking into account your countervailing interests, rights and freedoms.
4.2 Retention of Your Personal Information.
We keep your Personal Information for no longer than necessary for our business needs for which it is processed and/or as required to comply with applicable laws. The length of time for which we retain Personal Information for our business needs includes the period of time within which a claim can be made after our contract with a customer ceases and, if a claim is timely threatened or made, for longer in connection with such claim.
4.3 Consequences of not providing Personal Information.
Should you choose not to share your Personal Information with us, you will not be able to create an account with us, use the ATS, or receive any other service or communication that your Personal Information is required for us to provide.
4.4 Transfer of Personal Information outside the EEA.
mabl is based in the United States (“U.S.”). If you are based in the EEA, your Personal Information will be accessed by staff or suppliers, transferred, and/or stored outside the EEA, including in/to the U.S. and other countries, which have a lower level of data protection than under EU Data Protection Law. Given this, we must comply with specific rules when we transfer Personal Information from inside the EEA to outside the EEA.
To comply with these rules mabl participates in, and has certified its compliance with, the EU-U.S. Privacy Shield Framework (“Framework”). See our listing at (https://www.privacyshield.gov/participant?id=a2zt0000000CdA2AAK). mabl is committed to subjecting all Personal Information received from EU member countries, in reliance on the Framework, to the Framework’s applicable principles (“Principles”). To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield website at (https://www.privacyshield.gov/Program-Overview).
mabl is responsible for the processing of Personal Information it receives, under the Framework, and subsequently transfers to a third party acting as an agent on its behalf. mabl complies with the Principles for all onward transfers of Personal Information from the EU, including the onward transfer liability provisions.
With respect to Personal Information received or transferred pursuant to the Framework, mabl is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, mabl may be required to disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Please direct any inquiries or complaints regarding our compliance with the Principles to us at firstname.lastname@example.org.
Please direct any inquiries or complaints regarding our compliance with the Principles to us at email@example.com. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Under certain conditions specified by the Principles and more fully described on the Privacy Shield website at (https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint), you may also be able to invoke binding arbitration to resolve your complaint when other dispute resolution procedures have been exhausted.
4.5 EEA Data Subject Rights in Personal Information.
If you are an identified or identifiable individual (natural person) based in the EEA (a “Data Subject”), in addition to the rights outlined elsewhere herein including in Section 5 (“Your Choices Regarding Your Information”) below, under certain conditions, you may have the right under EU data protection laws:
(a) to request:
i. Further information on how we use and process your Personal Information.
ii. A copy of your Personal Information that we hold.
iii. We update any inaccuracies in your Personal Information that we hold.
iv. We erase your Personal Information that we no longer have grounds to process.
v. We restrict processing your Personal Information during our consideration of your inquiry.
vi. “Data Portability” – that we transfer your information to another provider.
vii. Object to any processing of your Personal Information that we process on the “legitimate interests” or “public interests” grounds, unless our reasons for the underlying processing outweigh your interests, rights and freedoms.
viii. Object to direct marketing including any related “profiling” (please see Section 3.4 above for description of profiling) at any time.
ix. Withdraw your consent at any time where we are processing your Personal Information on the basis of your prior consent, after which we shall stop processing your applicable Personal Information.
x. Lodge a complaint with the Information Commissioner’s Office or your local EU supervisory authority if we are unable to resolve a query or complaint you have about any processing of your Personal Information by us.
5. YOUR CHOICES REGARDING YOUR INFORMATION
We offer you choices regarding the collection, use and sharing of your information
5.1 With Respect to Direct Marketing Communications.
5.2 With Respect to Your Account.
Unless you make or request changes as follows, we retain your Personal Information for as long as your account is active or as needed to provide the ATS or other products or services to you as well as is necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. You may access, update or change any of your Personal Information by logging into your account and editing your profile within the registration portion of our Site or by emailing us at firstname.lastname@example.org. Also, subject to the terms of the TOS, you may request deletion of your account and related Personal Information by emailing us at email@example.com. Please note that we may be required by law or otherwise to retain certain Personal Information and not delete it. We will only retain such information for as long as required, and we will comply with your deletion request after we have fulfilled such requirements. We may retain archived or cached copies of Personal Information.
5.3 With Respect to Cookies.
5.4 With Respect to Advertising.
We partner with the following ad networks to manage our advertising on third party websites including to serve advertisements on our behalf across the Internet and in applications: Google AdWords, Google analytics, Segment, HubSpot, Twitter, Facebook, Adroll, Linkedin, and Reddit. These entities use technologies including Cookies, web beacons, device identifiers and other tools to collect information about your use of the Site and other websites and applications. This information may be used by mabl and its service providers to, among other things, analyze and track data, determine the popularity of certain content, deliver advertising and content targeted to your interests on our services and better understand your online activity. If you wish to not have this information used for the purpose of serving you targeted ads or content, you may opt-out of third party targeting Cookies on the Digital Advertising Alliance’s consumer choice page at (http://optout.aboutads.info), or the Network Advertising Initiative’s consumer choice page at (http://optout.networkadvertising.org), or the European Interactive Digital Advertising Alliance consumer choice page at (http://youronlinechoices.eu). Please note that opting out of the use of your information for targeted ads or content does not opt you out of being served generic advertising. You will continue to receive generic ads.
5.5 With Respect to Testimonials. Subject to first obtaining consent, from time to time we may use Personal Information (e.g., customer’s name) in customer testimonials posted on our Site. If you want your testimonial removed, please contact us at firstname.lastname@example.org.
6. TECHNICAL INFORMATION
6.1 Collection of Technical Information.
6.2 Use of Technical Information.
We process your Technical Information under your instructions and pursuant to the terms in our TOS. We collect Technical Information primarily so that we may make available performance metrics and statistics to you, and to answer questions that you may have about your account. We may also use Technical Information to improve our ATS, and/or develop related or new products and services. We may also aggregate Technical Information across multiple accounts and use this data to create and publish industry benchmarks or comparative performance metrics.
6.3 Disclosure of Technical Information.
You have the right to access your Personal Information that may be contained in Technical Information. If Personal Information pertaining to you has been submitted to us in Technical Information by our customer and you wish to exercise any rights you may have with regards to access, correct, amend, or delete such Personal Information, please inquire with that customer directly. If you wish to make a request directly to mabl, please provide the name of our customer who submitted your Personal Data to us via their use of the ATS so that we may refer your request to that customer. We will support such customer as needed in responding to your request within a reasonable timeframe.
7. SECURITY OF YOUR PERSONAL INFORMATION AND TECHNICAL INFORMATION
Mabl is committed and takes precautions including a variety of industry standard administrative, technical and physical measures to protect your Personal Information and Technical Information (collectively, “P&T Information”) from unauthorized access, use or disclosure. For instance, we encrypt the transmission of all P&T Information electronically collected by us from you and all P&T Information transmitted by us to you using secure socket layer technology (SSL). Also, in order to use the ATS we require customers to first complete a registration to establish an account wherein authorized users are designated. Access to each customer’s account and use of the ATS is restricted to such authorized users by requiring them to first enter both a user ID and password. It is crucial to the protection of your P&T information that you protect both your user ID and password to help prevent anyone from accessing or abusing your account and services, including not using the same user ID or password for the ATS that you use with accounts for services provided by others. If an account/profile was created without your knowledge/authorization, please notify us immediately at email@example.com so that we may remove such account/profile. Despite these measures, mabl cannot fully eliminate security risks associated with your P&T Information as in using the ATS and/or accessing our Site your P&T Information may travel through third party infrastructures that are not under mabl’s control and security breaches and mistakes may occur.
If you have any questions about the security of our Services, you can contact us at firstname.lastname@example.org.
8. CERTAIN OTHER PRIVACY MATTERS
8.1 Third Party Websites.
8.2 California Privacy Rights.
California’s Shine the Light law provides California residents with the right to receive certain disclosures about sharing of their Personal Information with other companies. If you are a California resident, you may request and obtain from us once a year, free of charge, certain information about the Personal Information (if any) we disclosed to third parties for direct marketing purposes in the immediately preceding calendar year. If applicable, this information would include a list of the categories of Personal Information that was shared along with the names and addresses of all third parties with which this information was shared. If you are a California resident and would like to make such a request, please submit your request by emailing us at email@example.com.
8.3 “Do Not Track” Signals.
Some web browsers may transmit signals instructing websites and other online services to not track information. There is no common standard adopted by industry groups, technology companies or regulators that governs what, if anything, websites should do if they receive these signals. Given this, we currently do not respond to such browser signals or similar mechanisms instructing us not to track information. mabl takes privacy, and choices regarding privacy, seriously. If and when a standard is established, we may revise our position on responding to these do not track signals. Third parties may collect information about your online activities over time and across sites when you visit our Site or use the ATS.
8.4 Use by Minors.
The Services are not directed to or intended for individuals under the age of thirteen (13), and if you are under 13 you are not permitted to submit any Personal Information to mabl. If we learn that a child under this age has submitted Personal Information, we will delete such information promptly. If you believe that we might have any Personal Information from a child under the age of 13, please contact us at firstname.lastname@example.org.
10. HOW TO CONTACT mabl