Marchex Safe Harbor Privacy Policy

Marchex Inc. and its U.S. affiliates (collectively “Marchex”) understand and value the importance of individual privacy.  This Privacy Policy (“Policy”) is designed to inform each applicable Data Subject (defined below) who resides in the European Union or Switzerland of: (1) how we collect, use and disclose his or her Personal Data (defined below) that is transferred to Marchex in the United States; (2) his or her choices with regard to how such Personal Data will be used or disclosed by Marchex; and (3) his or her other rights with regard to that Personal Data.

This Policy complies with the EU-U.S. and U.S.-Swiss Safe Harbor Principles as agreed upon by the U.S. Department of Commerce with the European Commission and the Swiss Federal Data Protection and Information Commissioner, respectively (“Safe Harbor Principles”), which can be found at http://www.export.gov/safeharbor.

  1. Scope of Policy

This Policy applies only to the processing of Personal Data that Marchex receives in the United States from the European Union (EU) or Switzerland about Customers and Users (both defined below) of Marchex’s call analytics and related services.  Marchex Customers are businesses, not individuals.  We provide analytics services to our Customers, and in providing these services we may collect Personal Data (as well as non-personally identifying information) about Users who reside in the EU or Switzerland.  In providing our Services to Customers, we collect Personal Data on behalf of our Customers; their collection, use and disclosure of such data is subject to their own privacy policy. 

This Policy does not cover data through which individuals are no longer identifiable, or identifiable only with a disproportionately large expense in time, cost or labor, or data combined with pseudonyms rather than actual names or other identifiable information.

This Policy does not apply to the collection of information on Marchex.com.

Capitalized terms used herein are defined at the end of this Policy.

  1. Collection and Use of Personal Data

Marchex may receive Personal Data from and on behalf of its Customers and Users, as described below.  In general, we collect data on behalf of our Customers in our capacity as a service provider to our Customers. We may also use certain de-identified or aggregate data, which does not identify a particular user or individual.

  1. Collection of Personal Data. 

Users.  In providing our services to Customers, we collect information about Users on behalf of our Customers, which may include Personal Data.  The Marchex call analytics services enable Users in Europe to directly contact a company whose products or services they are interested in by (i) clicking a phone number listed in an online advertisement, or (ii) otherwise dialing such a number listed in an online ad.  Generally, these ads are placed by other third party marketers and companies – not Marchex.  When a user calls one of these numbers, Marchex collects analytics data related to such calls on behalf of our Customers (advertisers, ad publishers or ad networks), including the call length, date and time, the name of the company called, the phone number dialed, the originating phone number, and information about the referring URL or ad.  Also, if a user clicks to call the phone number in one of the ads, we may also collect certain click information.  We collect this information on behalf of our Customers.  Our customers may also incorporate our analytics services into our website.  In such cases, we may also collect additional online analytics information for Customers who incorporate our analytics services into their websites, which includes referring URL, date and time stamp, device type, operating system, and other header information, and may also include IP address, through a Customer’s website.

Our collection of Personal Data on our Customer’s behalf is subject to that Customer’s privacy policy, not this one. We will only use such Personal Data on behalf of and under the direction of that Customer.

Other Data.  Marchex may also create, receive, store or process other Personal Data, on behalf of its Customers.  For example, Marchex may provide call recording services to Customers, who are required to notify callers, at the outset of the call, that the call may be recorded.  Marchex does not solicit any Personal Data during such calls, and, indeed, does not have a direct relationship with callers.  It is possible, however, that a caller may disclose Personal Data to a Customer during a recorded call.  In such cases, the Personal Data is governed by the Customer’s privacy policy, and Marchex will use such Personal Data only on behalf of the Customer.

Customer Personal Data Our Customers are businesses.  We collect certain information from Customers, such as contact information and other account information, which may contain Personal Data.  Typically, the types of Personal Data Marchex may receive from Customers include business contact person name, email address, mailing address and other contact information.

  1. Use of Personal Data. 

Marchex uses Personal Data to provide its analytics services to Customers, and for other legitimate business purposes.  Below we describe how we, generally, use Personal Data:

  • Analytics Services to Customers. On behalf of our Customers, to provide our analytics and other services, including to create reports and track the effectiveness of Customer campaigns; to deliver goods, provide services and process orders or requests; to communicate with or respond to Customers and Users; and to provide technical support or customer service.
  • Legitimate Business Purposes. For billing purposes; to assess and improve the quality of our services; to track aggregate, de-identified user trends, preferences and patterns, and for other research, statistical and related purposes provided the data is no longer personally identifiable; to satisfy governmental reporting and tax requirements; to plan and implement potential acquisitions and mergers; for other business-related purposes required under applicable law.
  • Other.  We may also use Personal Data for other purposes, provided we have given Users notice and the ability to-opt out, or, where required, obtained consent from Data Subjects.
  1. Choices about Use of Personal Data. 

As noted, we collect Personal Data on behalf of our Customers, and our Customers’ use of such data is subject to their privacy policies.  We have no control over how our Customers use the data they collect or receive from us.  We do not use the Personal Data we collect on behalf of our Customers for our own purposes; though, we may use aggregate and de-identified or anonymous data for our own research, analysis and statistical purposes.  However, prior to doing so, we will remove personal identifiers, such as IP address, device identifier, name, phone number, contact and similar information.

Marchex may contact its Customers about services and other information that we believe will be of interest, to send marketing information, to conduct market research, or for similar purposes.  Customers may opt-out of being contacted for such purposes by e-mailing privacy@marchex.com.  We will not contact Users for marketing purposes.

III. Disclosures/Onward Transfers

Customers. A Customer may access any of the Personal Data collected or maintained by Marchex on behalf of the Customer.  For example, Marchex may provide its Customers with their call recording data; we may also provide Customers with reports about the effectiveness and results of their advertising campaigns, which may include the phone number and duration of calls placed to through the services, and other Personal Data or associated data.  The use of such Personal Data is subject to the Customer’s Privacy Policy.

Other Business Purposes. Marchex will not sell or rent Personal Data, and it will not disclose it to third parties other than to Customers (as stated above) and as set forth below:

  • Service Providers. We may disclose Personal Data to third parties who act perform tasks on behalf of and under the instructions of Marchex, including VoIP and telecommunications providers, subject to appropriate confidentiality obligations.
  • Business Transfers. If we are acquired by or merged with another company, if substantially all of our assets are transferred to another company, or as part of a bankruptcy proceeding, we may transfer the information we have collected to the other company.
  • In Response to Legal Process. We also may disclose the information we collect in order to comply with the law, a judicial proceeding, court order, subpoena, or other legal process.
  • To Protect Us and Others. We also may disclose the information we collect where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of our Terms of Use or this Policy, or as evidence in litigation in which Marchex is involved.

Aggregate and de-identified data. We may share de-identified information about users with other third parties for marketing, advertising, research or similar purposes, if permitted by law.

  1. Sensitive Data

Marchex does not intentionally collect Sensitive Data from Users or Customers or disclose such data to any Third Party.  However, Marchex may disclose Sensitive Data to the Customer on whose behalf Marchex received the Sensitive Data, such as, if Sensitive Data was contained in a call Marchex recorded on behalf of one of its Customers.  Marchex will not use Sensitive Data for any other purpose, except with the express consent of the Data Subject, or for a purpose expressly described below.

Notwithstanding the above, Marchex may disclose Sensitive Data (and Personal Data) without prior express consent, where such disclosure or use: (a) is in the vital interests of the Data Subject, or another person; (b) is necessary for the establishment of legal claims or defenses, to obtain legal advice, or for the purposes of establishing, exercising or defending Marchex’s legal rights; (c) is required to provide medical care or diagnosis; (d) is necessary to carry out Marchex’s obligations under applicable laws; (e) is data manifestly made public by the Data Subject; or (f) as otherwise required by law.

  1. Data Integrity and Security

Marchex will use reasonable efforts to maintain the accuracy and integrity of Personal Data and update it as appropriate.  In addition, Marchex uses reasonable physical, administrative and technical safeguards designed to secure Personal Data and to prevent unauthorized access to such data.  Despite these precautions, no data security safeguards are foolproof.  Unauthorized individuals may still find ways to obtain Personal Data.

  1. Right to Access, Correct or Delete Personal Data

Upon reasonable request, Marchex allows Customers and Users reasonable access to their own Personal Data maintained by Marchex.  Individuals may request that Marchex correct, amend or delete such data where it is inaccurate.  Marchex will grant such requests, except where doing so would cause unreasonable burden or expense, or pose a risk to such individual’s privacy.

If you wish to access, delete or amend your Personal Data held by Marchex, please e-mail privacy@marchex.com.  Marchex will endeavor to respond in a timely manner to all reasonable requests.

VII. Changes to this Policy

This Policy may be amended from time to time, consistent with the EU-U.S. Safe Harbor Principles and applicable data protection and privacy laws and principles.  Changes to the Policy will be posted on Marchex’s website, found here: marchex.com/legal/safeharbor.  You should check this site regularly for any changes to this Policy.  We will also notify you if we make changes that materially affect the way we handle Personal Data previously collected, and allow you to opt-out of having your Personal Data used in any materially different manner.

VIII. Questions or Complaints

You may contact Marchex with questions or complaints concerning this Policy at privacy@marchex.com.

  1. Enforcement and Dispute Resolution

As part of our annual Safe Harbor re-certification process, we will periodically review this Policy for accuracy, as well as for conformity with the EU-U.S. and U.S.-Swiss Safe Harbor Principles and applicable data privacy and protection laws. If you have any questions, complaints or disputes regarding the manner in which Marchex handles or protects your Personal Data, please contact us at privacy@marchex.com. Marchex will promptly investigate and attempt to resolve complaints and disputes in a manner that complies with the principles described in this Policy.

With respect to any complaints related to this Policy that cannot be resolved through our internal process, we agree to participate in the dispute resolution procedures set forth by TRUSTe. In the event that we or TRUSTe conclude that we did not comply with the Policy, we will take appropriate steps to address the compliance complaint and assure our future compliance. For more information, visit http://www.truste.com/consumer-privacy/dispute-resolution/.

  1. Defined Terms

The defined terms in this Policy have the following meanings:

Data Subject” means an identified or identifiable natural living person.  An identifiable person is one who can be identified, directly or indirectly, by reference to a name, or to one or more factors unique to his or her personal physical, psychological, mental, economic, cultural or social characteristics.

Customer” means a company who is a prospective, current or former partner, vendor, supplier, customer, or client of Marchex, or a visitor to a Marchex website, or any individual agent, employee, representative, customer, or client of a Customer located in the EU or Switzerland.

Personal Data” means data that personally identifies or may be used to personally identify a Data Subject, including an individual’s name, address, phone number, e-mail address, or user ID,  and information linked to such data. Personal Data does not include data that is de-identified, anonymous or publicly available, when not combined with name or other identifying data.

Sensitive Data” means Personal Data that discloses a Data Subject’s medical or health condition; race or ethnicity; political, religious or philosophical affiliations or opinions; sexual orientation; or trade union membership.

Third Party” means any individual or entity that is neither Marchex, nor a Marchex employee, agent, contractor or representative.

User” means a Data Subject who attempts to or places calls to a number that is part of the Marchex call analytics services, and who is also a resident of a European Union country or Switzerland

Effective November 6, 2014