Directors & Boards Privacy Notice
Date Last Updated: May 21, 2018
Information Collection and Use
Collection and Processing of Personal Data
Personal Data is any piece of data about a person that can, in any way, identify them or allow someone to contact them. This may include, but is not limited to, names, mailing or email address, and phone numbers. Examples of sources from which we may collect Personal Data include the following:
- We may obtain your Personal Data when you provide it to us (e.g. where you contact us via email or telephone, or by any other means).
- We may collect your Personal Data in the ordinary course of our relationship with you (e.g. in the course of administering your MLR Holdings account).
- We may collect Personal Data that you manifestly choose to make public, including via our Site.
- We may receive your Personal Data from third parties who provide it to us (e.g. social media platforms via plugins).
- We may collect or obtain Personal Data when you visit our Site, or use any features or resource available on or through our Site. When you visit our Site, your device and browser will automatically disclose certain information, some of which may constitute Personal Data (see below).
Creation of Personal Data
We may also create Personal Data about you, such as records of your interaction using our Site, and details of your account history.
Categories of Personal Data
The categories of Personal Data about you that we may Process include, but may not be limited to:
- Personal details: given name(s); preferred name; gender; date of birth/age: nationality; preferences and account settings.
- Contact details: telephone number; email address; and social media profile details.
- Professional details: professional profile details; association memberships; qualifications and company insight data.
- Device details: device type, operating system, browser type, browser settings, IP address, language settings, dates and times of connecting to our Site and other technical communications information.
- Payment details: billing address; bank account number or credit card number; cardholder or accountholder name; card or account security details; card ‘valid from’ date: card expiration date.
- Usage details: records of your use of our Site and other services, including: registrations; details of content with which you interact; questions; downloads; feedback; profile views; search queries; anonymous viewings; and page views.
- Views, opinions and interests: any comments, rating, views or opinions that you choose to send to us, post via our Site, via a survey, or publicly post via social media platforms.
Lawful Basis for Processing Personal Data
In processing your Personal Data in connection with this Policy, we may rely on one or more of the following legal basis:
- we have obtained your prior express consent to the Processing (this legal basis is only used in relation to Processing that is entirely voluntary. It is not used for Processing that is necessary or obligatory in any way);
- the Processing is necessary in connection with any contract that you may enter into with us;
- the Processing is required by applicable law;
- the Processing is necessary to protect the vital interests of any individual; or
- we have a legitimate interest in carrying out the Processing for the purpose of managing, operating or promoting our business.
Processing your Sensitive Personal Data
We do not seek to collect or otherwise Process your Sensitive Personal Data, except where:
- the Processing is required or permitted by applicable law;
- the Processing is necessary for the detection or prevention of crime (including the prevention of fraud);
- the Processing is necessary for the establishment, exercise or defense of legal rights; or
- we have, in accordance with applicable law, obtained your prior explicit consent prior to Processing your Sensitive Personal Data (as above, this legal basis is only used in relation to Processing that is entirely voluntary.).
Purposes for which we may Process your Personal Data
The purposes for which we may Process Personal Data, subject to applicable law, include:
- Our Site: operating and managing our Site; providing content to you; and communicating and interacting with you via Site.
- Provision of services to you: providing our Site and other services to you (including suggesting content that may be of interest to you, based on your past activity); communicating with you in relation to those services; recommending content that may be of interest to you; and recommending your content to others.
- Marketing communications: communicating with you via any means (including via email, telephone, text message, social media, post or in person) news items and other information in which you may be interested, subject to ensuring that such communications are provided to you in compliance with applicable law.
- Disclosing Personal Data to our customers: in accordance with the provisions of this Policy and applicable law, we may disclose certain Personal Data to our customers. With your prior express consent, we may provide your personal data to our customers for the purposes of enabling them to contact you with information that may be of interest to you. Additionally, our may contact you with information that may be of interest to you provided that such communication is not otherwise in breach of applicable laws.
- Communications and IT Operations: management of our communications systems; operation of IT security; and IT security audits.
- Improving our Site and our services: identifying issues with existing Site and our services; planning improvements to existing Site and our services; creating new Site and our services.
Individual Rights Section
· You have the right to access your personal data.
· You can make a subject access request verbally or in writing.
· You can have inaccurate personal data rectified, or completed if it is incomplete.
· You can make a request to us for rectification verbally or in writing.
· You have the right to have personal data erased.
· You can make a request to us for erasure verbally or in writing.
· The right to data portability allows you to obtain and reuse your personal data for your own purposes across different services.
· Data portability allows you to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without affecting its usability.
· You have the right to object to the processing of your personal data in certain circumstances.
Disclosure of Personal Data to third parties
We may disclose your Personal Data to other Affiliates within MLR Holdings, for reasonable business purposes (including providing services to you and operating our Site), in accordance with applicable law. In addition, we may disclose your Personal Data to:
- legal and regulatory authorities, upon request, or for the purposes of reporting any actual or suspected breach of applicable law or regulation;
- accountants, auditors, lawyers and other outside professional advisors to us, subject to binding contractual obligations or confidentiality;
- third party Processors (such as IT service providers; social media plug in providers; etc.), located anywhere in the world, subject to the requirements noted below;
- any relevant party, law enforcement agency or court, to the extent necessary for the establishment, exercise or defense of legal rights;
- any relevant party for the purposes of prevention, investigation, detection or prosecution of criminal offenses or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security;
- any relevant third part acquirer(s), in the event that we sell or transfer all or any relevant portion of our business or assets (including in the event of a reorganization, dissolution or liquidation); and
- our Site may use third party plugins or content (e.g. social media plugins). If you choose to interact with any such plugins or content, your Personal Data may be shared with the third party provider of the relevant social media platform.
If we appoint a third-party Processor to Process your Personal Data, the Processor will be subject to binding contractual obligations to: (i) only Process the Personal Data in accordance with our prior written instructions; and (ii) use measures to protect the confidentiality and security of the Personal Data; together with any additional requirements under applicable law.
International transfer of Personal Data
As a result of the international nature of our business, we may need to transfer your Personal Data within MLR Holdings, and to third parties, in connection with this Policy. Due to this, we may transfer your Personal Data to other countries that may have different laws and data protection compliance requirements to those that apply in the country in which you are located.
While using our systems, infrastructure or the like, we have employed appropriate technical and organizational security measures designed to protect your Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, unauthorized access, and other unlawful or unauthorized forms of Processing, in accordance with applicable law.
You are responsible for the ensuring that any Personal Data that you send to us are sent securely. If you send us any Personal Data through a mechanism that is not part of our infrastructure, you are responsible for securing the Personal Data.
We take reasonable steps to ensure that:
- your Personal Data that we Process are accurate and, where necessary, kept up to date; and
- any of your Personal Data that we Process that are inaccurate (having regard to the purposes for which they are Processed) are erased or rectified without delay.
From time to time we may ask you to confirm the accuracy of your Personal Data.
The criteria for determining the period of time for which we will keep your Personal Data are as follows: we will retain copies of your Personal Date in a form that permits identification only for as long as is necessary in connection with the purposes set out in this Policy, unless applicable law requires a longer retention period. We may retain your Personal Data for the duration of any period necessary to establish, exercise or defend any legal rights.
Personally Linked Information
Personally linked information is data that does not identify a specific individual, but is linked to the individual through a unique alpha numeric string devoid of personal information. This includes Web site logins, customer support requests and product usage statistics, Web site traffic, activity and viewing habits.
Personally linked information is not shared with advertisers, outside agencies, clients or undisclosed third parties. Entities outside of us and our Affiliates will not see or obtain specific individually identifying. data about a particular person’s viewing habits on our Web site. Non identifying, personally linked information such as but not limited to anonymized product or website usage information may be shared with MLR Holdings Affiliates or service providers. This information is used to help us and our Affiliates improve our product and service offerings, as well as to provide more personalized content to our clients.
Like most Web sites, we automatically gather and store certain personal information and aggregated, non-personally identifiable information in order to provide you with a better experience when using our Web sites. Aggregated information is information that has been collected, compiled and summed in the aggregate, and bears no connection to any specific person.
This information might include total views of a particular report or a total number of logins in a 24-hour period. Aggregated information is always anonymous by its very nature. Aggregated information is used for any number of purposes, including future research direction, press releases and customer relations. There are no limitations on the use of aggregated information as exist with personally identifiable and personally linked information. Aggregated information does not identify individual users, and we do not link aggregated information to your personal information.
Additional Information Usage
We do not market to children, and we do not knowingly collect personal information from children. You can find out more about online privacy for children from the Federal Trade Commission at www.ftc.gov/kidzprivacy.
When you register for a MLR Holdings event, we may request additional information such as a credit card number and expiration date. This information is used for confirmation and billing purposes at the time of use and is not retained in our systems. Also, when you register for an event, we may request additional information about your hotel, meal and other travel preferences. This information is used only for the specific event. We use third-party service providers such as credit card processing companies, shipping companies, mailing houses and event coordinators, together with other service providers as required to satisfy client requests.
A cookie is a small piece of computer code that is stored by a user’s Web browser and enables our Web servers to “identify” unique visitors and provide personalized content. Each time you log in to our Web sites, a cookie is stored in order to identify you, determine your appropriate access privileges, and serve you the appropriate content. Cookies do not store any of the information that you have provided to the site. They are simply anonymous identifiers.
You can set your browser to not accept cookies, but doing so may prevent your ability to access or use certain portions of our Web sites. We use cookie technology to enable registered users to move quickly and securely through access-controlled areas of the site.
Links to Other Web Sites
Our sites contain links to other Web sites. Please be advised that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our sites and to read the privacy statements of each and every Web site that collects personally identifiable information. This privacy statement applies solely to information collected by our Web sites.
IP addresses are logged by our systems for logins, report views and other Web-site-based activities. This is done for administration purposes and to aggregate information about our users’ browsing habits.
We provide our users with a secure online experience that meets or exceeds industry standards. To do this, we use a number of security measures to maintain the safety and confidentiality of personal information about you, including, but not limited to, the installation of a software-based intrusion-detection device. All user registration data is contained behind a firewall and is accessible only by a limited number of our employees who have administrative access rights to our production systems. Confidential personal information is fully encrypted for the entirety of its transmission from the client to our systems. Furthermore, access to our servers is controlled by limiting personnel through keycard entry, biometric scanning protocols and around-the-clock interior and exterior surveillance. If you have any questions about the security of our Web sites, please send an email to: email@example.com.
Updating Your Password
You may update or change your password at any time by going to the Account Settings (https://www.directorsandboards.com/user) section of the MLR Holdings Dashboard and requesting a password reset. A password reset email containing a unique onetime link used to reset your password will then be sent to the email associated with your account. Any change you make to your password will be updated immediately and across all systems for which it may be used.
Notification or Policy Changes
Affiliate means, at any time, and with respect to any corporation, partnership, limited liability company, person or other entity, any other corporation, partnership, limited liability company, person or entity that at such time, directly or indirectly through one or more intermediaries, controls, or is controlled by, or is under common control with us.
Controller means the entity that decides how and why Personal Data is Processed. In many jurisdictions, the Controller has primary responsibility for complying with applicable data protection laws.
Personal Data means information that is about any individual, or from which any individual is identifiable.
Process, Processing or Processed means anything that is done with any Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Processor means any person or entity that Processes Personal Data on behalf of the Controller.
Sensitive Personal Data means Personal Data about race or ethnicity, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health, sexual life, any actual or alleged criminal offenses or penalties, national identification number, or any other information that may be deemed to be sensitive under applicable law.
Site means any web-based platform used to access our data.