This Policy complies with the EU-U.S. and U.S.-Swiss Safe Harbor Principles as agreed upon by the U.S. Department of Commerce with the European Commission and the Swiss Federal Data Protection and Information Commissioner, respectively (“Safe Harbor Principles”), which can be found at http://www.export.gov/safeharbor.
- Scope of Policy
This Policy does not cover data through which individuals are no longer identifiable, or identifiable only with a disproportionately large expense in time, cost or labor, or data combined with pseudonyms rather than actual names or other identifiable information.
This Policy does not apply to the collection of information on Marchex.com.
Capitalized terms used herein are defined at the end of this Policy.
- Collection and Use of Personal Data
Marchex may receive Personal Data from and on behalf of its Customers and Users, as described below. In general, we collect data on behalf of our Customers in our capacity as a service provider to our Customers. We may also use certain de-identified or aggregate data, which does not identify a particular user or individual.
- Collection of Personal Data.
Users. In providing our services to Customers, we collect information about Users on behalf of our Customers, which may include Personal Data. The Marchex call analytics services enable Users in Europe to directly contact a company whose products or services they are interested in by (i) clicking a phone number listed in an online advertisement, or (ii) otherwise dialing such a number listed in an online ad. Generally, these ads are placed by other third party marketers and companies – not Marchex. When a user calls one of these numbers, Marchex collects analytics data related to such calls on behalf of our Customers (advertisers, ad publishers or ad networks), including the call length, date and time, the name of the company called, the phone number dialed, the originating phone number, and information about the referring URL or ad. Also, if a user clicks to call the phone number in one of the ads, we may also collect certain click information. We collect this information on behalf of our Customers. Our customers may also incorporate our analytics services into our website. In such cases, we may also collect additional online analytics information for Customers who incorporate our analytics services into their websites, which includes referring URL, date and time stamp, device type, operating system, and other header information, and may also include IP address, through a Customer’s website.
Customer Personal Data. Our Customers are businesses. We collect certain information from Customers, such as contact information and other account information, which may contain Personal Data. Typically, the types of Personal Data Marchex may receive from Customers include business contact person name, email address, mailing address and other contact information.
- Use of Personal Data.
Marchex uses Personal Data to provide its analytics services to Customers, and for other legitimate business purposes. Below we describe how we, generally, use Personal Data:
- Analytics Services to Customers. On behalf of our Customers, to provide our analytics and other services, including to create reports and track the effectiveness of Customer campaigns; to deliver goods, provide services and process orders or requests; to communicate with or respond to Customers and Users; and to provide technical support or customer service.
- Legitimate Business Purposes. For billing purposes; to assess and improve the quality of our services; to track aggregate, de-identified user trends, preferences and patterns, and for other research, statistical and related purposes provided the data is no longer personally identifiable; to satisfy governmental reporting and tax requirements; to plan and implement potential acquisitions and mergers; for other business-related purposes required under applicable law.
- Other. We may also use Personal Data for other purposes, provided we have given Users notice and the ability to-opt out, or, where required, obtained consent from Data Subjects.
- Choices about Use of Personal Data.
As noted, we collect Personal Data on behalf of our Customers, and our Customers’ use of such data is subject to their privacy policies. We have no control over how our Customers use the data they collect or receive from us. We do not use the Personal Data we collect on behalf of our Customers for our own purposes; though, we may use aggregate and de-identified or anonymous data for our own research, analysis and statistical purposes. However, prior to doing so, we will remove personal identifiers, such as IP address, device identifier, name, phone number, contact and similar information.
Marchex may contact its Customers about services and other information that we believe will be of interest, to send marketing information, to conduct market research, or for similar purposes. Customers may opt-out of being contacted for such purposes by e-mailing firstname.lastname@example.org. We will not contact Users for marketing purposes.
III. Disclosures/Onward Transfers
Other Business Purposes. Marchex will not sell or rent Personal Data, and it will not disclose it to third parties other than to Customers (as stated above) and as set forth below:
- Service Providers. We may disclose Personal Data to third parties who act perform tasks on behalf of and under the instructions of Marchex, including VoIP and telecommunications providers, subject to appropriate confidentiality obligations.
- Business Transfers. If we are acquired by or merged with another company, if substantially all of our assets are transferred to another company, or as part of a bankruptcy proceeding, we may transfer the information we have collected to the other company.
- In Response to Legal Process. We also may disclose the information we collect in order to comply with the law, a judicial proceeding, court order, subpoena, or other legal process.
Aggregate and de-identified data. We may share de-identified information about users with other third parties for marketing, advertising, research or similar purposes, if permitted by law.
- Sensitive Data
Marchex does not intentionally collect Sensitive Data from Users or Customers or disclose such data to any Third Party. However, Marchex may disclose Sensitive Data to the Customer on whose behalf Marchex received the Sensitive Data, such as, if Sensitive Data was contained in a call Marchex recorded on behalf of one of its Customers. Marchex will not use Sensitive Data for any other purpose, except with the express consent of the Data Subject, or for a purpose expressly described below.
Notwithstanding the above, Marchex may disclose Sensitive Data (and Personal Data) without prior express consent, where such disclosure or use: (a) is in the vital interests of the Data Subject, or another person; (b) is necessary for the establishment of legal claims or defenses, to obtain legal advice, or for the purposes of establishing, exercising or defending Marchex’s legal rights; (c) is required to provide medical care or diagnosis; (d) is necessary to carry out Marchex’s obligations under applicable laws; (e) is data manifestly made public by the Data Subject; or (f) as otherwise required by law.
- Data Integrity and Security
Marchex will use reasonable efforts to maintain the accuracy and integrity of Personal Data and update it as appropriate. In addition, Marchex uses reasonable physical, administrative and technical safeguards designed to secure Personal Data and to prevent unauthorized access to such data. Despite these precautions, no data security safeguards are foolproof. Unauthorized individuals may still find ways to obtain Personal Data.
- Right to Access, Correct or Delete Personal Data
Upon reasonable request, Marchex allows Customers and Users reasonable access to their own Personal Data maintained by Marchex. Individuals may request that Marchex correct, amend or delete such data where it is inaccurate. Marchex will grant such requests, except where doing so would cause unreasonable burden or expense, or pose a risk to such individual’s privacy.
If you wish to access, delete or amend your Personal Data held by Marchex, please e-mail email@example.com. Marchex will endeavor to respond in a timely manner to all reasonable requests.
VII. Changes to this Policy
This Policy may be amended from time to time, consistent with the EU-U.S. Safe Harbor Principles and applicable data protection and privacy laws and principles. Changes to the Policy will be posted on Marchex’s website, found here: marchex.com/legal/safeharbor. You should check this site regularly for any changes to this Policy. We will also notify you if we make changes that materially affect the way we handle Personal Data previously collected, and allow you to opt-out of having your Personal Data used in any materially different manner.
VIII. Questions or Complaints
You may contact Marchex with questions or complaints concerning this Policy at firstname.lastname@example.org.
- Enforcement and Dispute Resolution
As part of our annual Safe Harbor re-certification process, we will periodically review this Policy for accuracy, as well as for conformity with the EU-U.S. and U.S.-Swiss Safe Harbor Principles and applicable data privacy and protection laws. If you have any questions, complaints or disputes regarding the manner in which Marchex handles or protects your Personal Data, please contact us at email@example.com. Marchex will promptly investigate and attempt to resolve complaints and disputes in a manner that complies with the principles described in this Policy.
With respect to any complaints related to this Policy that cannot be resolved through our internal process, we agree to participate in the dispute resolution procedures set forth by TRUSTe. In the event that we or TRUSTe conclude that we did not comply with the Policy, we will take appropriate steps to address the compliance complaint and assure our future compliance. For more information, visit http://www.truste.com/consumer-privacy/dispute-resolution/.
- Defined Terms
The defined terms in this Policy have the following meanings:
“Data Subject” means an identified or identifiable natural living person. An identifiable person is one who can be identified, directly or indirectly, by reference to a name, or to one or more factors unique to his or her personal physical, psychological, mental, economic, cultural or social characteristics.
“Customer” means a company who is a prospective, current or former partner, vendor, supplier, customer, or client of Marchex, or a visitor to a Marchex website, or any individual agent, employee, representative, customer, or client of a Customer located in the EU or Switzerland.
“Personal Data” means data that personally identifies or may be used to personally identify a Data Subject, including an individual’s name, address, phone number, e-mail address, or user ID, and information linked to such data. Personal Data does not include data that is de-identified, anonymous or publicly available, when not combined with name or other identifying data.
“Sensitive Data” means Personal Data that discloses a Data Subject’s medical or health condition; race or ethnicity; political, religious or philosophical affiliations or opinions; sexual orientation; or trade union membership.
“Third Party” means any individual or entity that is neither Marchex, nor a Marchex employee, agent, contractor or representative.
“User” means a Data Subject who attempts to or places calls to a number that is part of the Marchex call analytics services, and who is also a resident of a European Union country or Switzerland
Effective November 6, 2014