Marigold’s Privacy Notices
LAST UPDATED: May 23, 2024
Site Privacy Notice
We recommend that you read this entire Notice to ensure you are fully informed. However, to make it easier for you to review those parts of this Notice which apply to you, we have divided up the document into the following sections:
WEBSITE VISITORS and PROSPECTS Managing cookies deployed by this site Controlling Your Personal Data Data Protection Rights for EEA and UK Residents How Do We Keep Your Personal Data Secure? |
OVERVIEW
Iris Holdings L.P. and its subsidiaries (collectively d/b/a “Marigold”, “we,” or “us”) is a provider of Software-as-a-Service (SaaS) marketing technologies (our “Services”) to our customers and clients (“Customers”). While each of our product offerings is unique, we are one organization. This Privacy Notice (“Notice”) applies to the Processing of Personal Data by Marigold and explains who we are, how we collect, use and share information that identifies you (directly or indirectly) (“Personal Data”), and how you can exercise your privacy rights. Marigold’s current product offerings include the following:
- Marigold Engage +
- Marigold Engage
- Marigold Loyalty
- Campaign Monitor by Marigold
- Emma by Marigold
- Marigold Liveclicker
- Marigold Engage by Sailthru
- Marigold Engage by Vuture
For information about how our Services Process Personal Data, please visit the Services Privacy Notice.
SUMMARY OF THIS NOTICE
It’s important that any individual to whom this Notice applies is able to understand how we Process Personal Data related to the operation of our business. The most complete way to do this is to read the Notice in its entirety. However, here’s a quick summary of the information provided in this notice.
- What is Marigold? Marigold is headquartered in Nashville, TN. We provide SaaS marketing software products and services that allow our Customers to engage with their customers through email, SMS, loyalty programs, and other online experiences.
- What does “process” mean, and whose Personal Data is processed? The simplest way to encapsulate what is meant by process/processed/processing is to say that it’s any action taken which involves Personal Data. This covers everything from the initial collection, observation, and storage of Personal Data, to the eventual deletion or anonymisation of the Personal Data. The types of data subjects impacted by this Notice are described below.
- What Personal Data is Processed and for what purpose(s)? At minimum, we will typically process your email, name, and other information submitted by you through forms on this site. We may also collect and store information using cookies. You can control this at any time by visiting the cookie preference center located in the footer of this site. Our primary purposes for collecting your personal data are to market our services to you as a Website Visitor, to consider Applicants for employment by a Marigold entity, and to support our own business purposes and legal obligations. If it is necessary to collect sensitive Personal Data, we will only Process that Personal Data in compliance with applicable data protection laws.
- How long do you retain Personal Data? The retention period for Personal Data depends on the purpose(s) for its Processing. We retain Personal Data we collect from you only for as long as reasonably necessary to achieve that purpose. In some cases, we may retain Personal Data for a specific time period based on a legal obligation, contractual obligation, or other operational factors. On the other hand, we may have a variable data retention period where we rely on our legitimate interest and several factors determine the completion of our purpose for Processing the Personal Data. Regardless, when the purpose is achieved, we will delete or anonymize the Personal Data.
- Do you transfer my personal data outside the EEA,Switzerland, or UK? In most cases, yes. Marigold is a global organization, with Processing occurring in many jurisdictions, including the United States, United Kingdom, European Union, and Australia.
- What are my privacy rights? An increasing number of global privacy laws are providing individuals with privacy rights. Notable among these laws are the GDPR and its various implementing laws, UK GDPR, and CPRA. Please review the “Data Protection Rights for EEA,Switzerland, and UK Residents” or “California Privacy Rights” sections of this Notice to learn more about your specific rights and how to exercise them.
- Selling and Sharing under the California Privacy Rights Act. The CPRA defines specific rights for California residents to know about and control selling or sharing of their Personal Data. For more information about Marigold’s selling or sharing of Personal Data, if any, please visit the “California Privacy Rights” section of this Notice.
- Selling: Under the CPRA, “selling” means “renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to another business or a third party for monetary or other valuable consideration.” Marigold does not sell Personal Data covered by this Notice.
- Sharing: Under the CPRA, “sharing” means making a consumer’s personal information available to a third party for cross-context behavioral advertising, whether or not for monetary or other valuable consideration. Marigold may share your Personal Data via cookies. To opt out of sharing, navigate to the cookie preference center and turn off “Advertising Cookies.”
- How can I contact you with questions about my privacy? The easiest way to get in touch is through the Contact Us details below. Additionally, you may contact our data protection officer with any privacy concerns at [email protected].
CATEGORIES OF DATA SUBJECTS
This Notice applies to the following categories of individuals:
- Customers of Marigold. A Customer could be any individual who uses the Services, or in some cases a user who no longer uses the Services but whose data is being retained for other purposes under this Notice.
- Website Visitors. A Website Visitor is any individual who interacts with MeetMarigold.com (the “Website”), regardless of whether they may be a Customer, Prospect, Applicant, or have any other direct relationship with us.
- Prospects. A Prospect is any individual who has expressed interest in Marigold’s Services who is not yet a Customer. For the purposes of this Notice, Prospects are included as a subset of Website Visitors.
- Applicants for employment. Applicant means an individual who has applied for a position with a Marigold entity, but who is not currently employed by us.
If you are resident in the EEA or California, please review the section headed “Controlling Your Personal Data” for further information about the privacy rights available to you.
PROCESSING DETAILS
CUSTOMERS
- Collection of Personal Data
- Information You Provide To Us. You may provide Personal Data to us through the Services – for example, when you are assigned or create credentials to access the Services, consult with our customer success or support teams, send us an email or communicate with us in any other way. We will usually let you know prior to collection whether the provision of Personal Data we are collecting is compulsory or may be provided on a voluntary basis and the consequences, if any, of not providing the information. The information you provide to us, may include:
- Account Information. As a Customer, we may collect information such as your name, email address, title, phone number, and other information related to establishing and maintaining a relationship between you and us.
- Billing Information. If you purchase our Services, you may also need to provide us with payment and billing information such as your credit card details and billing address. We will also maintain a record of your purchases, transactional information, your Services history and usage, and any communications and responses.
- User Surveys. We may offer you opportunities to participate in Customer surveys. These surveys will gather your opinions on the effectiveness and/or current state of our Services, as well as your opinions on future functionality and the direction of our product offering.
- Information Collected Automatically. When you use the Website or Services, or when you receive marketing emails from us, we automatically collect certain information about your device and interactions with us. We may use cookies and other tracking technologies to collect some of this information. Our use of cookies and other tracking technologies is discussed in more detail below.
- Information You Provide To Us. You may provide Personal Data to us through the Services – for example, when you are assigned or create credentials to access the Services, consult with our customer success or support teams, send us an email or communicate with us in any other way. We will usually let you know prior to collection whether the provision of Personal Data we are collecting is compulsory or may be provided on a voluntary basis and the consequences, if any, of not providing the information. The information you provide to us, may include:
-
-
- When you receive marketing emails from us. We collect device information such as your IP address, device attributes (for example: hardware model, operating system, web browser version, as well as unique device identifiers and characteristics), connection information (for example, name of your mobile operator or Internet Service Provider, browser type, language and time zone, and mobile phone number); and device locations (for example, internet protocol (IP) addresses and Wi-Fi information).
- Information relating to your use of the Services. We collect usage data about whenever you interact with our Services, as described in the Services Privacy Notice.
- Information We Obtain From Third Party Sources. We may receive information about you from other sources, including publicly available databases or third parties from whom we have purchased data, and combine this data with information we already have about you. This helps us to update, expand and analyze our records and better market services that may be of interest to you. This Personal Data may include (for example), information such as your name, employer, job title, email address, phone numbers, and other company, contact, and/or employment information.
-
- Purposes for Processing your Personal Data. We process your Personal Data for our legitimate interests, which include:
- To Provide You With Information You Have Requested. To respond to your requests or provide you with information requested by you, including where you exercise your privacy rights as detailed in this notice or request information about our products or Services.
- To Market To You. To contact you with marketing and promotional information (in accordance with your marketing preferences) about products and services that Marigold offers, to provide advertising to you on third party sites (based on your browsing activities on the Website), and to send you information regarding Marigold and/or our partners (see the section headed “Controlling Your Personal Data” for information about how you can opt-out of receiving marketing communications from us at any time). Marketing data purchased from third parties may be combined with information we already have about you and may be used to create more tailored advertising and products.
- For Business Analytics. To infer your geographic location based on your IP address; to track behavior at the aggregate/anonymous level to identify and understand trends in the various interactions with our Services; and to conduct internal business analysis based on meta-data about usage, feature adoption and forecasting.
- For Legal Records. To identify who you are, including both identification and authentication purposes; to carry out our obligations and enforce our rights arising from any contracts entered into between you and us (including for billing and collection); and to respond to legal requests or prevent fraud. If we receive a subpoena or other legal request, we may need to inspect the data we hold to determine how to respond.
- Disclosures. In the following limited situations, we may disclose information that we collect or that you provide to us:
- to our contractors, service providers and other third parties who provide data processing services to us and with whom the sharing of your Personal Data is necessary to undertake the work e.g. to process billing, to analyze data, host data, to provide customer support and to deliver online and offline marketing communications about Marigold that we think will interest you.
- as required by law, such as to comply with any court order, subpoena or other law or legal process, when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a governmental or regulatory request.
- to enforce our rights arising from any contracts entered into between you and us and for billing and collection.
- to employees within Marigold for customer support, marketing, technical operations, and account management purposes.
- to a buyer or other successor in the event of a merger, sale or transfer of some or all of Marigold’s assets.
- Lawful Basis.
- If you are a Customer resident in the EEA, Switzerland, or UK, then our legal basis for Processing Personal Data described above will depend on the Personal Data concerned and the specific context in which we collect it. However, where we are Processing your Personal Data for our own purposes we normally rely on our legitimate interest to collect Personal Data from you, except where such interests are overridden by your data protection interests or fundamental rights and freedoms. Where we rely on our legitimate interests to Process your Personal Data, they include the interests described in the sections above headed “Why We Process Your Information“.
- In some cases, we may rely on your consent or have a legal obligation to collect Personal Data from you or may otherwise need the Personal Data to protect your vital interests or those of another person. If we rely on consent to collect and/or Process your Personal Data, we will obtain such consent in compliance with applicable laws.
- If you have questions about or need further information concerning the legal basis on which we collect and use your Personal Data, please contact us using the contact details provided under the “Contact Us” heading below.
- Data Retention. We retain Personal Data we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with information you have requested or to comply with applicable legal, tax or accounting requirements).When we have no ongoing legitimate business need to process your Personal Data, we will either delete or anonymise it or, if this is not possible (for example, because your Personal Data has been stored in backup archives), then we will securely store your Personal Data and isolate it from any further processing until deletion is possible.
WEBSITE VISITORS and PROSPECTS
- Collection of Personal Data
- Information You Provide To Us. Certain parts of our site may ask you to voluntarily provide Personal Data (such as your name, contact details and company name). For example, when you express interest in obtaining additional information about a Marigold entity, download content or request a demo, or otherwise contact us. We may also collect Personal Data, such as your contact and professional background details and feedback, when you attend our events, take part in surveys, or through other business or marketing interactions we may have with you. You may choose to provide additional information when you communicate with us or otherwise interact with us, and we will keep copies of any such communications for our records.
- Information Collected Automatically. When you visit the Website, or when you receive marketing emails from us, we automatically collect certain information about your device and interactions with us. We may use cookies and other tracking technologies to collect some of this information.
- When you receive marketing emails from us. We collect device information such as your IP address, device attributes (for example: hardware model, operating system, web browser version, as well as unique device identifiers and characteristics), connection information (for example, name of your mobile operator or Internet Service Provider, browser type, language and time zone, and mobile phone number); and device locations (for example, internet protocol (IP) addresses and Wi-Fi information).
- Cookies and tracking technologies. When you visit our Websites, like most website owners, we may also collect certain information automatically from your device, such as your device type, browser type, broad geographic location (e.g. country or city-level location), the referring website, what pages your device visited, and the time that your device visited our Website. In some countries, including countries in the European Economic Area, this information may be considered Personal Data under applicable data protection laws. We (including our service providers) may use cookies, pixel tags and other similar tracking technologies to collect this information. Our use of cookies and other tracking technologies is discussed more below, in more detail below.
- Information We Obtain From Third Party Sources. We may receive information about you from other sources, including publicly available databases or third parties from whom we have purchased data, and combine this data with information we already have about you. This helps us to update, expand and analyze our records and better market services that may be of interest to you. This Personal Data may include (for example), information such as your name, employer, job title, email address, phone numbers, and other company, contact, and/or employment information.
- Purposes for Processing Your Personal Data. We process your Personal Data for our legitimate interests, which include:
- To Provide You With Information You Have Requested. To respond to your requests or provide you with information requested by you, including where you exercise your privacy rights as detailed in this notice or request information about our products or Services.
- To Market To You. To contact you with marketing and promotional information (in accordance with your marketing preferences) about products and services that Marigold offers, to provide advertising to you on third party sites (based on your browsing activities on the Website), and to send you information regarding Marigold and/or our partners (see the section headed “Controlling Your Personal Data” for information about how you can opt-out of receiving marketing communications from us at any time). Marketing data purchased from third parties may be combined with information we already have about you and may be used to create more tailored advertising and products.
- For Business Analytics. To infer your geographic location based on your IP address; to track behavior at the aggregate/anonymous level to identify and understand trends in the various interactions with our Services; and to conduct internal business analysis based on meta-data about usage, feature adoption and forecasting.
- For Legal Records. To identify who you are, including both identification and authentication purposes; to carry out our obligations and enforce our rights arising from any contracts entered into between you and us (including for billing and collection); and to respond to legal requests or prevent fraud. If we receive a subpoena or other legal request, we may need to inspect the data we hold to determine how to respond.
- Disclosures. In the following limited situations, we may disclose information that we collect or that you provide to us:
- to our contractors, service providers and other third parties who provide data processing services to us and with whom the sharing of your Personal Data is necessary to undertake the work e.g. to process billing, to analyze data, host data, to provide customer support and to deliver online and offline marketing communications about Marigold that we think will interest you.
- as required by law, such as to comply with any court order, subpoena or other law or legal process, when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a governmental or regulatory request.
- to enforce our rights arising from any contracts entered into between you and us and for billing and collection.
- to employees within Marigold for customer support, marketing, technical operations, and account management purposes.
- to a buyer or other successor in the event of a merger, sale or transfer of some or all of Marigold’s assets.
- Lawful Basis.
- If you are a Customer resident in the EEA or UK, then our legal basis for Processing Personal Data described above will depend on the Personal Data concerned and the specific context in which we collect it. However, where we are Processing your Personal Data for our own purposes we normally rely on our legitimate interest to collect Personal Data from you, except where such interests are overridden by your data protection interests or fundamental rights and freedoms. Where we rely on our legitimate interests to Process your Personal Data, they include the interests described in the sections above headed “Purposes for Processing Your Personal Data”.
- In some cases, we may rely on your consent or have a legal obligation to collect Personal Data from you or may otherwise need the Personal Data to protect your vital interests or those of another person. If we rely on consent to collect and/or Process your Personal Data, we will obtain such consent in compliance with applicable laws.
- If you have questions about or need further information concerning the legal basis on which we collect and use your Personal Data, please contact us using the contact details provided under the “Contact Us” heading below.
- Data Retention. We retain Personal Data we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with information you have requested or to comply with applicable legal, tax or accounting requirements).When we have no ongoing legitimate business need to process your Personal Data, we will either delete or anonymise it or, if this is not possible (for example, because your Personal Data has been stored in backup archives), then we will securely store your Personal Data and isolate it from any further processing until deletion is possible.
APPLICANTS FOR EMPLOYMENT
- Information We Process
- Information You Provide To Us. As an Applicant, you will provide certain Personal Data to us – for example, when you submit an application for employment, as needed during the hiring process, or when you send us an email or communicate with us in any other way. This information could include, but is not limited to, your name, email address, telephone number, and a copy of your resume. We will usually let you know prior to collection whether the provision of Personal Data we are collecting is compulsory or may be provided on a voluntary basis and the consequences, if any, of not providing the information.
- Information Collected Automatically. When you browse the Website, we automatically collect certain information about your device. We may use cookies and other tracking technologies to collect some of this information. Our use of cookies and other tracking technologies is discussed more below, in more detail below.
- Device Information. We collect information from your device and applications you use to access our Websites, such as your IP address, device attributes (for example: hardware model, operating system, web browser version, as well as unique device identifiers and characteristics), connection information (for example, name of your mobile operator or Internet Service Provider, browser type, language and time zone, and mobile phone number); and device locations (for example, internet protocol (IP) addresses and Wi-Fi information).
- Information We Obtain From Third Party Sources. We may receive information about you from other sources, including but not limited to information we obtain from hiring agencies acting on our behalf, and combine this data with information we collect directly from you during the application process. This helps us to better evaluate you as an Applicant. Examples of the types of Personal Data that may be obtained from public sources or purchased from third parties and combined with information we already have about you, may include name, employer, job title, email address, phone numbers, and other company, contact, and/or employment information.
- Purposes for Processing Your Personal Data. We process your Personal Data for our legitimate interests, which include:
- To Evaluate Your Application for Employment. To better understand your qualifications as an Applicant.
- To Improve Our Hiring Process. To evaluate the effectiveness of our job descriptions and to measure the overall effectiveness of our hiring process.
- For Legal Records. To identify who you are, including both identification and authentication purposes; to carry out our obligations and enforce our rights arising from any agreement to work entered into between you and us (including for billing and collection); and to respond to legal requests or prevent fraud. If we receive a subpoena or other legal request, we may need to inspect the data we hold to determine how to respond.
- Disclosures. In the following limited situations, we may disclose information that we collect or that you provide to us:
- to our contractors, service providers and other third parties who provide data processing services to us and with whom the sharing of your Personal Data is necessary to undertake the work e.g. to process billing, to analyze data, host data, to provide customer support and to deliver online and offline marketing communications about Marigold that we think will interest you.
- as required by law, such as to comply with any court order, subpoena or other law or legal process, when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a governmental or regulatory request.
- to enforce our rights arising from any contracts entered into between you and us and for billing and collection.
- to employees within Marigold for customer support, marketing, technical operations, and account management purposes.
- to a buyer or other successor in the event of a merger, sale or transfer of some or all of Marigold’s assets.
- Lawful Basis.
- If you are resident in the EEA, Switzerland, or UK, then our legal basis for collecting and using Personal Data described above will be our legitimate interests to collect Personal Data from you, except where such interests are overridden by your data protection interests or fundamental rights and freedoms. Where we rely on our legitimate interests to process your Personal Data, they include the interests described in the sections above headed “Purposes for Processing Your Personal Data”.
- In some cases, we may rely on your consent or have a legal obligation to collect Personal Data from you or may otherwise need the Personal Data to protect your vital interests or those of another person. If we rely on consent to collect and/or process your Personal Data, we will obtain such consent in compliance with applicable laws.
- If you have questions about or need further information concerning the legal basis on which we collect and use your Personal Data, please contact us using the contact details provided under the “Contact Us” heading below.
- Data Retention. We retain Personal Data we collect from you where we have an ongoing legitimate business need to do so (for example, to contact you for future employment opportunities or to comply with applicable legal, tax or accounting requirements). When we have no ongoing legitimate business need to process your Personal Data, we will either delete or anonymise it or, if this is not possible (for example, because your Personal Data has been stored in backup archives), then we will securely store your Personal Data and isolate it from any further processing until deletion is possible.
COOKIES
What are cookies?
Cookies are small data files that are placed on your computer or mobile device when you visit a website. Cookies are widely used by website owners in order to make their websites work, or to work more efficiently, as well as to provide reporting information. A full list of our cookies can be found by accessing the Cookie Preferences center provided in the footer of this Website.
We refer to cookies created by us as “first party cookies”. We refer to cookies that we set on our website but that are created by parties other than us as “third party cookies”. Third party cookies enable third party features or functionality to be provided on or through the website (e.g. like advertising, interactive content and analytics). The parties that provide these third party cookies can recognise your computer both when it visits the website in question and also when it visits certain other websites.
Managing cookies deployed by this site.
To control the cookies placed on your device by this site, please visit the Cookie Preferences center located in the footer of any page.
Electronic devices and software applications on these devices may offer you tools to opt out of or block advertisements on the device or in specific applications. Consult the help documentation and settings specific to your devices and applications to learn more about your options. You have the right to decide whether to accept or reject cookies. Should you choose to remove or block cookies, some website functionality may become unavailable or unreliable.
In addition, most advertising networks offer you a way to opt out of targeted advertising. If you would like to find out more information, please visit http://www.aboutads.info/choices/ or http://www.youronlinechoices.com.
Controlling Your Personal Data
Maintaining the privacy and security of Personal Data processed by Marigold subject to this privacy notice is one of our core values and vital to creating trust between us and our customers, or any other individual with whom we interact. To ensure that individuals have appropriate control of their Personal Data, we extend the ability to retrieve, access, amend, or delete Personal Data to any individual whose Personal Data is Processed in accordance with this Notice. US-based Marigold affiliates may adhere to the EU-US and Swiss Data Privacy Frameworks, as well as the UK Extension of the Data Privacy Framework. To learn more, please visit the Data Privacy Framework section of this privacy notices page.
To retrieve, access, amend, or delete your Personal Data, please access our individual rights portal using the button provided in this section of the Notice. We may ask you to provide additional verification in order to complete any request made to retrieve, access, amend, or delete Personal Data.
Data Protection Rights for EEA, Switzerland and UK Residents.
Marigold is an organization which operates marketing technology companies across the globe and is established within the EU by its control of Selligent SA, a public limited company based in Belgium. If it is necessary to direct any inquiry to Marigold’s EU entity, rather than Marigold itself, please send such communication to [email protected].
If you are resident in the EEA, Switzerland, or UK, you have the following data protection rights:
- You can access, review, change, update or delete your Personal Data at any time by submitting a request via the support form provided in this section.
- To remove your Personal Data from a Website testimonial or request removal of your Personal Data from our blog or community forum, please submit a request to support via this support form. In some cases, we may not be able to remove your Personal Data, in which case we will let you know if we are unable to do so and why.
- In addition, you can object to processing of your Personal Data, ask us to restrict Processing of your Personal Data, or request portability of your Personal Data. To exercise these rights, please submit a request to support via this support form.
Submit Request - You can opt out of receiving marketing communication we send you at any time. You can exercise this right by clicking on the “unsubscribe” link in the emails we send you or by replying to us at [email protected]. To opt-out of other forms of marketing (such as postal marketing or telemarketing), please contact us at [email protected]. For data privacy concerns, use the contact details provided under the “Contact Us” heading below.
- If we have Processed your Personal Data with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal Data conducted in reliance on lawful processing grounds other than consent.
- You have the right to complain to a data protection authority about our Processing of your Personal Data. For more information, please contact your local data protection authority. Contact details for data protection authorities in the European Economic Area (“EEA”), are available here. For UK residents, the ICO can be contacted here.
Please note that because most of the information we store can only identify a particular browser or device, and cannot identify you individually, you will need to provide us with some additional information to enable us to identify the Personal Data we hold about you and ensure that we accurately fulfill your request. You may also be required to provide ID.
Marigold has appointed HewardMills as Data Protection Officer. You may contact them regarding data protection concerns at:
HewardMills
77 Farringdon Road
London EC1M 3JU
[email protected]
California Residents Privacy.
Please note that this Notice uses the term Personal Data, but for the purpose of this section, the term “personal information” will be used to align with the California Privacy Rights Act (“CPRA”).
For Marigold’s Notice at Collection of Personal Data for California residents, please refer to the Summary above. CPRA provides “consumers,” as defined by the CPRA, the following privacy rights:
- The right to know what personal information is being collected about them;
- The right to know whether their personal information is sold, shared, or disclosed and to whom;
- The right to opt out of the sale or sharing of personal information;
- The right to access their personal information;
- The right to equal service and price, as well as to not receive discriminatory treatment, even if they exercise their privacy rights;
- The right to correct inaccurate personal information; and
- The right to limit the use or disclosure of sensitive personal information, if we use or disclose sensitive personal information for reasons other than those set forth in Section 7027 of the CPRA.
Notice. This Notice, under the headings pertaining to each category of data subject, serves to describe the categories of data collected, our practices when Processing such Personal Data, and how we share the Personal Data, including categories of recipients of your Personal Data.
Access, Correction, and Deletion. California consumers whose Personal Data is Processed by Marigold or any Marigold entity acting as a business under CPRA may, no more than twice in a 12 month period and at no cost to them, request a report from us which details the Personal Data collected about them and the recipients, if any, of that information, as well as the business or commercial purpose for collecting personal information and the categories of sources from which the personal information is collected. Requests may be sent via this support request form or direct mail to the address below. California consumers may, at any time, request that we correct or delete their Personal Data via the same form or direct mail address.
Choice. Individuals to whom this Notice applies may request to access and amend Personal Data by request to us via the privacy rights form at any time and may revoke any consent provided by using the unsubscribe mechanism provided in any email received or by request to [email protected].
Selling and Sharing of California Consumer Personal Data. The CPRA requires that we disclose any sale or sharing, as defined by the law, pertaining to your Personal Data. We do not believe that our Processing activities conducted by the Marigold family of brands constitutes selling under the CPRA. When you visit one of our Websites, you are interacting with Marigold, and Marigold employees Process Personal Data under a unified strategy to meet Marigold’s objectives.
We engage in online “sharing” (as such term is defined by the CPRA), which is otherwise known as cross-context behavioral advertising or targeted advertising. This form of “sharing” involves collecting certain personal information using cookies and other tracking technologies. We detail the use of Cookies in this Notice. Some of these cookies provide information to advertising networks (i.e., “share” such information) for the purpose of tracking and serving ads to you across the Internet. You may, at any time, opt out of the online “sharing” of your Personal Data by using the Cookie Preferences center provided in the footer of this site to turn off “Advertising” cookies.
Note. We may at times partner with third parties for the purpose of marketing our services. In these cases, will provide clear notice of the identity of our partners and provide a consent mechanism for sharing your Personal Data to any third party partners.
Verifying California Consumer Requests. Pursuant to California law, we will verify a California resident’s identity as required before complying with their consumer request under the CPRA. We are required to verify certain consumer requests to a reasonable degree of certainty, which may include matching at least two data points provided by the consumer with data points maintained by us, or to a reasonably high degree of certainty, which may include matching at least three data points provided by the consumer with data points maintained by us, depending on the sensitivity of the personal information and the potential risk of harm to the consumer. Any information you send for us to verify your identity will be used for this purpose only.
California Consumer Requests and Authorized Agents. A California resident may use an authorized agent to submit a right to know request or a request to delete. To use an authorized agent, the California resident must provide the agent with written authorization. In addition, the California resident may be required to verify their own identity with us. We may deny a request from an agent that does not submit proof that they have been authorized by the California resident to act on their behalf. Such requirements, however, will not apply where a California resident has provided the authorized agent with power of attorney pursuant to Cal. Prob. Code Sections 4000 to 4465. Authorized agents should submit their requests via the form provided above.
Sensitive Personal Information. We do not collect, use, or disclose sensitive personal information about California residents for purposes other than those specified in Section 7027(m) of the CPRA.
GENERAL INFORMATION
Children
Our Website is not intended for and may not be used by minors. “Minors” are individuals under the age of 13 (or under a higher age if permitted by the laws of their residence). We do not knowingly collect Personal Data from Minors or allow them to register. If it comes to our attention that we have collected Personal Data from a Minor, we may delete this information without notice. If you have reason to believe that this has occurred, please contact customer support.
Third-Party Websites And Apps
This Notice only applies to the Website. We are not responsible for the privacy practices or disclosures of third parties that use or access the Website. In addition, the Website may contain links to third-party websites and apps. Any access to and use of such linked websites or apps is not governed by this Notice, but instead is governed by the privacy policies of those third parties. We are not responsible for the information practices of such third parties.
How Do We Keep Your Personal Data Secure?
We use appropriate technical and organizational security measures to protect any Personal Data we process against unauthorized access, disclosure, alteration, and destruction.
Unfortunately, nobody is truly and completely safe from hackers. Although we do our best to protect your Personal Data, we cannot guarantee security, no Internet transmission can ever be guaranteed 100% secure, and so we encourage you to take care when disclosing Personal Data online and to use readily available tools, such as Internet firewalls, secure e-mail and similar technologies to protect yourself online.
International Data Transfers
Marigold is established in the United States and may Process Personal Data in the United States. If you are using the Website from outside the United States, be aware that your information may be transferred to, stored, and processed by us in our facilities and by those third parties with whom we may share your Personal Data, in the United States and other countries. These countries may have data protection laws that are different to the laws of your country.
However, we have taken appropriate measures to require that your Personal Data will remain protected in accordance with this Notice and have implemented appropriate safeguards to require that your Personal Data will remain protected in accordance with this Notice. These include implementing the European Commission’s Standard Contractual Clauses for transfers of Personal Data between our group companies, which require all group companies to protect Personal Data they process from the EEA or UK in accordance with European Union and UK data protection law. We have implemented similar safeguards with our third party service providers and partners. Further details can be provided upon request.
Changes To This Privacy Notice
We may revise this Notice from time to time in response to changing legal, technical or business developments. The most current version of this Notice will govern our use of your Personal Data. When we update our Site Privacy Notice, we will take appropriate measures to inform you, consistent with the significance of the changes we make. We will obtain your consent to any material Site Privacy Notice changes if and where this is required by applicable data protection laws. You can see when this Notice was last updated by checking the “last updated” date displayed at the top of this Notice.
CONTACT US
Thanks for taking the time to learn about our Site Privacy Notice. We hope it was clear and reassuring. If you have any questions, please contact us:
Marigold
ATTN: VP of Global Data Privacy
11 Lea Ave
Nashville, TN 37210
Email: [email protected]
Important Note: If you are resident in the EEA or UK, the “data controller” of the Personal Data described in this Privacy Notice is Marigold.
Services Privacy Notice
LAST UPDATED: May 23, 2024
OVERVIEW
Marigold Entities as Data Controllers How Do We Keep Your Personal Information Secure? |
OVERVIEW
This Services Privacy Notice exists to provide details regarding the Processing of Personal Data Related to Services provided by Marigold entities (“Marigold,” “we,” or “us”), as governed by the Services Agreement. Marigold also provides a Site Privacy Notice which covers our Processing of Personal Data pertaining to Customers, Website Visitors and Prospects, and Applicants for employment, which you can find here.
This Notice serves two purposes:
- It supplements our Services Agreement by providing details of how our Services Process Personal Data on behalf of our Customers.
- It provides notice and transparency regarding our Processing of Personal Data pertaining to our Customer’s Data Subjects, who themselves might not otherwise be aware of the processing.
To execute a Data Protection Agreement (often referred to as a “Data Processing Agreement” or “DPA”), please submit a request to [email protected], indicating your entity’s legal name and that of the Marigold entity with which you have an Agreement.
Further Information for Customer Data Subjects: As described in this Notice, in most cases where your Personal Data is Processed by the Services, we act as a Processor on behalf of our Customers. In such cases, if you want to exercise any individual privacy rights that may be available to you under applicable Law or have questions or concerns about how your Personal Data is handled by Marigold as a Processor on behalf of our Customers, you should contact the relevant Customer that has contracted with Marigold for use of the Services, and refer to their separate privacy policies. If you are having difficulties finding this Customer, you can contact us by writing to [email protected].
SUMMARY OF THIS NOTICE
It’s important that any individual to whom this notice applies is able to understand how our Services Process Personal Data. The most complete way to do this is to read the notice in its entirety. However, here’s a quick summary of the information provided in this notice.
- What are the Services? Marigold entities’ Services are Software-as-a-Service marketing products designed to allow our customers to engage with individuals through electronic messaging channels (email, SMS), as well as their own websites, landing pages, and other technologies. We offer additional features that provide analytics and insights based on your interactions with a Customer’s marketing efforts.
- What does “Process” mean, and whose Personal Data is Processed? The simplest way to encapsulate what is meant by Process/Processed/Processing is to say that it’s any action taken which involves Personal Data. This covers everything from the initial collection, observation, and storage of Personal Data, to the eventual deletion or anonymisation of the Personal Data. The types of data subjects impacted by this notice are described below. Typically, our Users are employees of organizations utilizing our services; Customer Data Subjects encompasses many different individuals, but the key similarity is that there is an established relationship between you and our Customer.
- What Personal Data is processed and for what purpose(s)? At minimum, the Services will typically process your email, name, and IP address, and in the case of our Users, we will process additional information to provide access to the Services. Other personal data processed by the Services is determined by our Customer, who may be a data controller or processor under EEA, Swiss, or UK Law, or a similar term provided by other data privacy laws.
- For how long is Personal Data retained? Personal Data is retained within the Services according to our Agreement with the Customer, including our provision of assistance with regard to any individual’s request to have their Personal Data deleted.
- Do you transfer my personal data outside the EEA, Switzerland, or UK? In most cases, yes. Processing may occur in any jurisdiction in which Marigold is established, including the United States, United Kingdom, European Union, and Australia. Our sub-processors may Process Personal Data in additional jurisdictions. The actual locations of Processing depend on the Customer’s implementation of the Services. If you’re a Customer, please consult your Ordering Document or Agreement. For Customer Data Subjects, all aforementioned jurisdictions apply to a Marigold entity’s Processing of Service Logs.
- What are my privacy rights? An increasing number of global privacy laws are providing individuals with privacy rights. Notable among these laws are the GDPR and its various implementing laws, UK GDPR, and CPRA. Each jurisdiction provides distinct rights to the individual, so please review the Data Protection Rights for EEA, Switzerland, and UK Residents and California Privacy Rights sections of this notice to learn more about your specific rights and how to exercise them.
- Selling and Sharing under California law. The CPRA defines specific rights for California residents to know about and control selling or sharing of their Personal Data. For more information about Marigold’s selling or sharing of Personal Data, if any, please visit the “California Privacy Rights” section of this Notice.
- Selling: Under the CPRA, “selling” means “renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to another business or a third party for monetary or other valuable consideration.”
- Sharing: Under the CPRA, “sharing” means making a consumer’s personal information available to a third party for cross-context behavioral advertising, whether or not for monetary or other valuable consideration.
Marigold and Marigold entities do not sell or share your Personal Data in the provision of their Services.
CATEGORIES OF DATA SUBJECTS
This notice applies to the following categories of individuals:
- Users of the Services. According to the Services Agreement, a User is “any person, other than Company employees or agents engaged in providing Professional Services to Customer, accessing and/or using the Services through Customer’s Account.” For instance, if your employer, our Customer, has provided you with access to the Services, this is you. This might also be you if you’re an individual, sole proprietor, or other individual who uses a Marigold entity’s Services.
- Customer Data Subjects. Marigold’s Customers have the ability to Process Personal Data via the Services in order to market their own goods and services to individuals who may be their prospective or current customers, or who have an otherwise established relationship with a Marigold entity’s Customer. If you receive email newsletters, SMS messages, or use our Customer’s website and/or mobile app, this might be you. Keep in mind that this list is not exhaustive, and Marigold’s product offerings may change over time.
PROCESSING DETAILS
USERS
- Collection of Personal Data
- Information You Provide To Us. You may submit Personal Data through the Services – for example, when you create an account to access the Services, consult with our customer success or support teams, send us an email or communicate with us in any other way. We will usually let you know prior to collection whether the provision of Personal Data we are collecting is compulsory or may be provided on a voluntary basis and the consequences, if any, of not providing the information. The information you provide to us, may include name, email address, a password, telephone number, job title, and organization name.
- Information Collected Automatically. When you use the Services, we automatically collect certain information about your device and use of the Services. We may use cookies and other tracking technologies to collect some of this information. Our use of cookies and other tracking technologies is discussed in more detail below. To control the use of cookies, please visit the cookie preference center here.
- Device Information. We collect information from your device and applications you use to access our Services, such as your IP address, device attributes (for example: hardware model, operating system, web browser version, as well as unique device identifiers and characteristics), connection information (for example, name of your mobile operator or Internet Service Provider, browser type, language and time zone, and mobile phone number); and device locations (for example, internet protocol (IP) addresses and Wi-Fi information).
- Log data. Our web servers keep log files that record data each time a device accesses those servers and those log files contain data about the nature of each access, including originating IP addresses. We may also access metadata and other information associated with files that you upload into our Services, such as images.
- Information relating to your use of the Services. We collect usage data about whenever you interact with our Services, which may include the dates and times you access the Services, page views, which activities and features are used of our Services, crash logs, storage configuration settings, and technical data relating to the device(s) you are using to access and use the Services and the performance of the Services in doing so.
- Purposes for Processing your Personal Data
- To Provide the Services. We process your Personal Information to provide the Services as follows: i) to identify who you are, including both for identification and authentication purposes; ii) to enable you to login and access your account; iii) to respond to your inquiries; iv) to provide you with customer support; v) to send you information as part of the Services; and vi) to provide you with information about your account, including renewals and changes in Services or your account status.
- To Customize Services to You. To help us deliver a better and more personalized experience (for example, it enables us to tailor the Services according to your interests); and to build a profile about you so as to help direct you to other relevant features and Services we offer and help you in using our Services, by making recommendations for you to optimize use of the Services.
- To Improve Our Services. To create new Services, features, content or make recommendations; improve our Services for you and all Users; and to fix bugs and troubleshoot product functionality.
- For Business Analytics. To infer your geographic location based on your IP address; to track behavior at the aggregate/anonymous level to identify and understand trends in the various interactions with the Services; and to conduct internal business analysis based on meta-data about usage, feature adoption and forecasting.
- To Prevent Abuse/Illegal Activities. To screen for and prevent undesirable or abusive activity. For example, we have automated systems that screen content for phishing activities, spam, and fraud.
- For Legal Records. To identify who you are, including both identification and authentication purposes; to carry out our obligations and enforce our rights arising from any contracts entered into between you and us (including for billing and collection); and to respond to legal requests or prevent fraud. If we receive a subpoena or other legal request, we may need to inspect the data we hold to determine how to respond.
- Disclosures. In the following limited situations, we may disclose information that we collect or that you provide to us:
- to our contractors, service providers and other third parties who provide data processing services to us and with whom the sharing of your Personal Data is necessary to undertake the work e.g. to process billing, to analyze data, host data, to provide customer support and to deliver online and offline marketing communications about Marigold that we think will interest you.
- as required by law, such as to comply with any court order, subpoena or other law or legal process, when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a governmental or regulatory request.
- to enforce our rights arising from any contracts entered into between you and us and for billing and collection.
- to employees within Marigold for customer support, marketing, technical operations, and account management purposes.
- to a buyer or other successor in the event of a merger, sale or transfer of some or all of Marigold’s assets.
- Lawful Basis. If you are a User resident in the EEA, Switzerland, or UK, then our legal basis for collecting and using Personal Data described above will depend on the Personal Data concerned and the specific context in which we collect it. However, where we are Processing your Personal Data for our own purposes, we normally rely on our legitimate interest to collect Personal Data from you, except where such interests are overridden by your data protection interests or fundamental rights and freedoms. Where we rely on our legitimate interests to Process your Personal Data, they include the interests described in the sections above headed “2.Purposes for Processing your Personal Data”.
In some cases, we may rely on your consent or have a legal obligation to collect Personal Data from you or may otherwise need the Personal Data to protect your vital interests or those of another person. If we rely on consent to collect and/or Process your Personal Data, we will obtain such consent in compliance with applicable laws.
If you have questions about or need further information concerning the legal basis on which we collect and use your Personal Data, please contact us using the contact details provided under the “Contact Us” heading below.
- Data Retention. We retain Personal Data we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with a Service you have requested or to comply with applicable legal, tax or accounting requirements). When we have no ongoing legitimate business need to Process your Personal Data, we will either delete or anonymise Personal Data. If this is not possible (for example, because your Personal Data has been stored in backup archives), then we will securely store your Personal Data and isolate it from any further Processing until deletion is possible. We will retain information we Process on behalf of our Customers as a Data Processor for as long as needed to provide Services to our Customers (unless deletion is requested at an earlier time by the Customer) and as necessary to comply with our legal obligations, resolve disputes and enforce our agreements.
CUSTOMER DATA SUBJECTS
- ELECTRONIC MESSAGES SENT USING THE SERVICES. This section applies when a Marigold entity’s Customer uses the Services to send electronic messages, as defined by various Laws, to its Customer Data Subjects. These messages may come in the form of emails, SMS and MMS, and other Customer messages sent via the Services.
- Collection of Personal Data. Sending electronic messages requires the Processing of Personal Data.
- Information provided to us as a service provider. In order to send electronic messages, Customers provide us with email addresses, phone numbers, and other unique identifiers required to send and receive electronic messages. Additionally, Customers may provide other Personal Data, as determined by their own identified purposes, in order to:
- customize electronic messages sent using the Services;
- maintain their records pertaining to your Personal Data;
- for other purposes related to their use of the Services.
- Information collected automatically. When electronic messages are sent, certain data is observed in the connection between the sending infrastructure (our Services) and the receiving device (your mobile device or computer). Such data includes:
- IP Address;
- device attributes (for example: hardware model, operating system, web browser version, as well as unique device identifiers and characteristics);
- connection information (for example, name of your mobile operator or Internet Service Provider, browser type, language and time zone, and mobile phone number);
- and device locations (for example, internet protocol (IP) addresses and Wi-Fi information).
- Information provided to us as a service provider. In order to send electronic messages, Customers provide us with email addresses, phone numbers, and other unique identifiers required to send and receive electronic messages. Additionally, Customers may provide other Personal Data, as determined by their own identified purposes, in order to:
- Purposes for Processing your Personal Data. With respect to the Processing of your Personal Data to send electronic messages, we are the Data Processor and act solely on the instructions of our Customers. Therefore, our purpose is limited to carrying out the Services. Marigold entities do not determine the Processing of this Personal Data, except to the extent we must enforce the Services Agreement and/or Acceptable Use Policy. More details on how we may use this data can be found under Service Logs below. Customers may use electronic messages to:
- Market and sell their own services to you;
- Send transactional notifications;
- Otherwise support their relationship with you as their customer; and
- Other purposes as defined by the Customer as data controller.
- Collection of Personal Data. Sending electronic messages requires the Processing of Personal Data.
- TRACKING TECHNOLOGIES DEPLOYED BY THE SERVICES
- Collection of Personal Data.
- Cookies. The Services allow Customers to use cookies to collect information such as your IP address, browser, email client type and other details of your interactions with the Services.
- Other Related Technologies. When you receive and engage with a User’s campaign, web beacons track certain behavior such as whether the email sent through the Services was delivered and opened. They also allow us to collect information such as your IP address, browser, email client type and other similar details. Links within these emails are tracked to show individual recipient’s clicks.
- Purposes for Processing your Personal Data. Our Customers use this information to measure the performance of their use Services, and as otherwise determined by the Customer. Marigold does not determine the Processing of this Personal Data, except to the extent we must enforce the Services Agreement and/or Acceptable Use Policy. More details on how we may use this data can be found under Service Logs below. Customers may use tracking technologies to:
- Analyze and report on the success of their marketing efforts;
- Target you with marketing or advertising; and
- Other purposes as defined by the Customer as data controller.
- Collection of Personal Data.
- DATA COLLECTION
- Collection of Personal Data.
-
-
- Information you provide to the Services. The Services allow Customers to collect Personal Data directly from you through mechanisms such as landing pages, mobile applications, forms, surveys, loyalty programs, and other user experiences. Typically, this information will begin with your name and email address, extending to other Personal Data as deemed relevant by the Customer and in compliance with our Acceptable Use Policy.
- Information observed through your interactions with the Services. When you interact with the above listed mechanisms, Customers may collect information about your interaction with them. This observed information may inform future interactions and Processing of Personal Data.
- Purposes for Processing your Personal Data. With respect to the Processing of your Personal Data to send electronic messages, we are the Data Processor and act solely on the instructions of our Customers. Therefore, our purpose is limited to carrying out the Services requested by our Customer. Customers may use Personal Data collected by the Services to:
- Identify and segment their Customer Data Subjects;
- Target advertisements to Customer Data Subjects;
- Analyze and evaluate trends in their marketing activities; and
- Other purposes as defined by the Customer as data controller.
-
- Disclosures of Customer Data Subject Personal Data. In the following limited situations, we may disclose Customer Data Subject Personal Data to someone other than the Customer or their User(s):
- to our contractors, service providers and other third parties who provide data processing services to us and with whom the sharing of your Personal Data is necessary to undertake the work e.g. to process billing, to analyze data, host data, to provide customer support and to deliver online and offline marketing communications about Marigold that we think will interest you.
- as required by law, such as to comply with any court order, subpoena or other law or legal process, when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a governmental or regulatory request.
- to enforce our rights arising from any contracts entered into between you and us and for billing and collection.
- to employees within Marigold for customer support, marketing, technical operations, and account management purposes.
- to a buyer or other successor in the event of a merger, sale or transfer of some or all of Marigold’s assets.
- Lawful Basis. In the provision of its Services, Marigold entities act as data processors, service providers, or other similarly defined parties in the Law. This means that we do not determine the lawful basis when our Customers Process Personal Data using Our Services. We rely on the Customer’s instructions when Processing and intercede only when necessary to enforce our Agreement and Acceptable Use Policy, or as required by Law.
- Data Retention. Personal Data collected in the provision of our Services is retained in accordance with the Customer’s instructions. Typically, this means it is retained for the duration of the Agreement or until we receive a valid request to delete the data. If you are a Customer Data Subject and wish to have your Personal Data deleted, please contact the Customer directly so we may assist them in carrying out your request.
Marigold Entities as Data Controllers
The Services described in this notice are provided within Processing environments controlled by each Marigold entity. These environments may be cloud-based or physical infrastructure, single or multi-tenant, and in almost every circumstance, require additional Processing by sub-contractors or sub-processors engaged by each Marigold entity as a data processor. The proper working of these various systems necessitates the creation of Service Logs, and in limited circumstances, a Marigold entity may process Personal Data in Service Logs as a data controller.
What are Service Logs? Service Logs are factual records of system events, created (for instance):
- When a User accesses the Services;
- When a Customer Data Subject receives an electronic message and/or interacts with the Services; or
- When a User modifies or accesses Customer Data Subject Personal Data.
Why are Service Logs created? Service Logs are created for a variety of reasons – e.g., to monitor the proper function of the system(s) and diagnostics, to create an auditable record of system events to assist with system security and reliability, and as best-practice for software development – but the overall idea is that without them, we would have no way to know what’s going on within the systems. Verifying that the Services are operating normally and in a secure manner, planning for current and future resource allocation, and ensuring compliance with our legal obligations and industry best practices are all functions which rely heavily on Service Logs.
- Our Collection of Personal Data. Personal Data is collected in Service Logs automatically whenever Personal Data is Processed by the Services software architecture. Examples of this automatic collection include:
- Security and threat detection systems. As part of its technical and organisational measures, each Marigold entity’s Services employ hardware and software designed to detect and/or prevent unauthorized access to the Services. These logs contain Personal Data in the form of unique system IDs, IP addresses, browser and operating system information, and other data transmitted automatically as part of the connection to our servers.
- Transactional server logs. Within the Services, logs are kept of User logins, User actions within an account, API calls, and other system events. These logs contain unique system IDs for Users and Customer Data Subjects, IP address, browser and operating system information, and other data transmitted automatically as part of the connection to our servers.
- Electronic message transmission. When the Services are used to deliver electronic messages, logs are created in a standardized format within the message delivery server. These logs contain email address, IP address, information about your ISP or phone carrier, as well as metadata related to the message being sent.
- Our purposes for Processing your Personal Data. Personal Data is recorded in Service Logs to serve purposes vital to the effective and secure operation of the Services. Our purposes for Processing this Personal Data include:
- To Improve Our Services. To create new Services, features, content or make recommendations; improve our Services for you and all Users; and to fix bugs and troubleshoot product functionality.
- For Business Analytics. To infer your geographic location based on your IP address; to track behavior at the aggregate/anonymous level to identify and understand trends in the various interactions with the Services; and to conduct internal business analysis based on meta-data about usage, feature adoption and forecasting.
- To Prevent Abuse/Illegal Activities. To screen for and prevent undesirable or abusive activity. For example, we have automated systems that screen content for phishing activities, spam, and fraud.
- For Legal Records. To identify who you are, including both identification and authentication purposes; to carry out our obligations and enforce our rights arising from any contracts entered into between you and us (including for billing and collection); and to respond to legal requests or prevent fraud. If we receive a subpoena or other legal request, we may need to inspect the data we hold to determine how to respond.
- Disclosures. In the following limited situations, we may disclose Customer Data Subject information to someone other than the Customer or their Users:
- to our contractors, service providers and other third parties who provide data processing services to us and with whom the sharing of your Personal Data is necessary to undertake the work e.g. to process billing, to analyze data, host data, to provide customer support and to deliver online and offline marketing communications about Marigold that we think will interest you.
- as required by law, such as to comply with any court order, subpoena or other law or legal process, when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a governmental or regulatory request.
- to enforce our rights arising from any contracts entered into between you and us and for billing and collection.
- to employees within Marigold for customer support, marketing, technical operations, and account management purposes.
- to a buyer or other successor in the event of a merger, sale or transfer of some or all of Marigold’s assets.
- Lawful Basis
- If you are a User or Customer Data Subject who is a resident in the EEA, Switzerland or UK, then our legal basis for collecting and using Personal Data described above will depend on the Personal Data concerned and the specific context in which we collect it. However, where we are processing your Personal Data for our own purposes we normally rely on our legitimate interest to collect Personal Data from you, except where such interests are overridden by your data protection interests or fundamental rights and freedoms.
- In some cases, we may have a legal obligation to collect Personal Data from you or may otherwise need the Personal Data to protect your vital interests or those of another person.
- If you have questions about or need further information concerning the legal basis on which we collect and use your Personal Data, please contact us using the contact details provided under the “Contact Us” heading below.
- Data Retention
- We retain Personal Data we collect from you where we have an ongoing legitimate business need to do so (for example, to prevent abuse or illegal activities, retain our legal records, or to comply with other applicable legal, tax or accounting requirements).
- When we have no ongoing legitimate business need to Process your Personal Data, we will either delete or anonymise Personal Data. If this is not possible (for example, because your Personal Data has been stored in backup archives), then we will securely store your Personal Data and isolate it from any further Processing until deletion is possible.
- To exercise your privacy rights, please follow the instructions in this notice here.
GENERAL
Children
Our Services are not intended for and may not be used by minors. “Minors” are individuals under the age of 13 (or under a higher age if permitted by the laws of their residence). We do not knowingly collect Personal Data from Minors or allow them to register for our Services. If it comes to our attention that we have collected Personal Data from a Minor, we may delete this information without notice. If you have reason to believe that this has occurred, please contact customer support.
Customers and their Users are responsible for ensuring that their emails and data collection practices comply fully with applicable children’s data privacy protection legislation, such as the United States’ Children’s Online Privacy Protection Act (“COPPA”), including where relevant by obtaining parental consent prior to the collection of Personal Data. We rely upon our Customers to disclose whether or not their use of the Services is subject to COPPA.
Third-Party Websites And Apps
This Notice only applies to the Services. We are not responsible for the privacy practices or disclosures of third parties that use or access the Services. In addition, the Services may contain links to third-party websites and apps. Any access to and use of such linked websites or apps is not governed by this Notice, but instead is governed by the privacy policies of those third parties. We are not responsible for the information practices of such third parties.
Product-Specific Notices
Liveclicker uses the Youtube API services, which are governed by Google’s privacy policy, available at http://www.google.com/policies/privacy.
Marigold Engage + receives information from Google APIs and its use or transfer that information will adhere to Google APIs Services User Data Policy, including the Limited Use Requirements.
How Do We Keep Your Personal Information Secure?
We use appropriate technical and organizational security measures to protect any Personal Data we Process against unauthorized access, disclosure, alteration, and destruction.
Unfortunately, nobody is truly and completely safe from hackers. Although we do our best to protect your Personal Data, we cannot guarantee security; no Internet transmission can ever be guaranteed 100% secure, and so we encourage you to take care when disclosing Personal Data online and to use readily available tools, such as Internet firewalls, secure email and similar technologies to protect yourself online.
Individual Privacy Rights
For the purpose of providing its Services, each Marigold entity acts as a data processor or service provider. It is vital that we provide appropriate technical and organizational measures to support our Customers’ obligations to an individual’s privacy rights. If you are a User of the Services and you have a question about how to facilitate individual privacy rights on behalf of a Customer Data Subject, you can find resources here. If you are a Customer Data Subject, please note that, as the data processor of your Personal Data, we are not authorized to take any action unless instructed to do so by the Data Controller.
If you believe that a Marigold entity acts as a Data Controller of your Personal Data, you can find information on exercising your rights in the Marigold Privacy Notice here.
International Data Transfers
Subject to the Service Agreement and any applicable Ordering Document(s), the Services may be provided, supported, and hosted in the United States. If you are a resident of a country which requires special protections for Personal Data Processed in third countries, be aware that your information may be transferred to, stored, and processed by us in our facilities and by those third parties with whom we may share your Personal Data, in the United States and other countries. These countries may have data protection laws that are different to the laws of your country.
However, we have taken appropriate steps to require that your Personal Data will remain protected in accordance with this Notice and have implemented appropriate safeguards to require that your Personal Data will remain protected in accordance with this Privacy Notice. These include:
- Implementing the European Commission’s Standard Contractual Clauses (“EU SCCs”) for transfers of Personal Data between our group companies, which require all group companies to protect Personal Data they process from the EEA or UK in accordance with European Union and UK data protection law.
- US-based Marigold affiliates may adhere to the EU-US and Swiss Data Privacy Frameworks, as well as the UK Extension of the Data Privacy Framework. To learn more, please visit the Data Privacy Framework section of this privacy notices page.
We have implemented similar safeguards with our third party service providers and partners. Further details can be provided upon request.
Changes To This Privacy Notice
We may revise this Notice from time to time in response to changing legal, technical or business developments. The most current version of this Notice will govern our use of your Personal Data. When we update our Privacy Notice, we will take appropriate measures to inform you, consistent with the significance of the changes we make. We will obtain your consent to any material Privacy Notice changes if and where this is required by applicable data protection laws. You can see when this Notice was last updated by checking the “last updated” date displayed at the top of this Notice.
CONTACT
For general data privacy questions related to the Campaign Monitor Services, please email [email protected]. To communicate with our Data Protection Officer, please email [email protected].
If you have any questions, please contact us:
Marigold
ATTN: VP of Global Data Privacy
11 Lea Ave
Nashville, TN 37210
Email: [email protected]
Data Privacy Framework
EU, UK, and Swiss Data Protection Framework
This section of Marigold’s privacy notices is relevant to both the Site and Services Privacy Notices (the “Notices”) above. To understand how we Process your Personal Data (or “Personal Information”), your privacy rights, how to exercise them, and who to contact, please refer to the Notices themselves.
Where eligible, Marigold’s US Affiliates (hereafter “us” or “we”) participate in and have certified their compliance with the EU-U.S. Data Privacy Framework, the UK extension to the EU-US Data Privacy Framework, and the Swiss-US Data Privacy Framework (altogether “the Framework”). Marigold is committed to subjecting all Personal Information received from European Union (EU) member countries, United Kingdom, and Switzerland to the Framework’s applicable Principles. To learn more about the Data Privacy Framework, visit the U.S. Department of Commerce’s website here. The complete list of Framework participants is here. Each Marigold US Affiliate listed below, acting independently of any other affiliate, agrees to adhere to the Principles which follow:
- CM Acquisitions Holdings Inc. and its subsidiaries (Emma Inc., Sailthru Inc., Liveclicker Inc., and Vuture Inc.)
If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and the Swiss-U.S. DPF Principles, the Principles shall govern.
Data Privacy Framework Principles
- We are responsible for the Processing of Personal Information we receive under the Framework, as well as any Personal Information subsequently transferred to any third party acting as an agent on our behalf.
- We comply with the Framework Principles for all onward transfers of Personal Information from the EU, UK, or Switzerland including the onward transfer liability provisions. For more information about your rights under the principles of access, choice, and your right to seek recourse for Marigold’s non-compliance with the Framework Principles, please review the information under Controlling Your Personal Data here.
- The description of Personal Information processed, purposes for which it is processed, and categories of third party recipients of Personal Information are detailed in the Notices.
- With respect to Personal Information received or transferred pursuant to the Framework, Marigold is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
- Where we determine the purposes of processing Personal Information originating in the EU, UK, or Switzerland, the data subject who the Personal Information is about may access that Personal Information by contacting [email protected] with a clear request for disclosure. We may ask the requestor to verify their identity when reasonable to do so. We will make any reasonable effort, in concert with the relevant customer(s) involved (if any), to address and correct the issue, including editing or removing any data stored pertaining to that individual.
- Marigold agrees to:
- cooperate with the EU Data Protection Authorities (“EU DPAs”), or as applicable the UK Information Commissioner’s Office (“ICO”) or the Swiss Data Protection Authorities, as its independent recourse mechanism with regard to any unresolved disputes under the Framework.
- cooperate with the EU DPAs, or as applicable the UK Information Commissioner’s Office (“ICO”) or the Swiss Data Protection Authorities, in the investigation and resolution of complaints brought under the Principles; and
- comply with any advice given by the EU DPAs, or as applicable the UK Information Commissioner’s Office (“ICO”) or the Swiss Data Protection Authorities, where these data protection authorities take the view that the organization needs to take specific action to comply with the Principles, including remedial or compensatory measures for the benefit of individuals affected by any non-compliance with the Principles, and will provide the relevant data protection authorities with written confirmation that such action has been taken.
- Further, individuals may, under certain conditions, invoke binding arbitration, as allowed and defined by the Framework. All of these remedies are offered at no cost to the complainant, as long as the complainant is an individual.