This policy applies (i) immediately to new users who use or access the Service on or after the Effective Date and (ii) on the Effective Date to users who use or access the Service before the Effective Date.
Please contact us if you have any questions or comments about our privacy practices. You can reach us online at firstname.lastname@example.org.
The Service is hosted and operated in the United States (“U.S.”), with development, support and maintenance operations in other countries, through Maestra and its service providers. If you do not reside in the U.S., laws in the U.S. (and other countries) may differ from the laws where you reside. By using the Service, you acknowledge that any Personal Data about you, regardless of whether provided by you or obtained from a third party, is being provided to Maestra in the U.S. and will be hosted on U.S. servers, and you authorize Maestra to transfer, store, host and process your information to and in the U.S., and possibly other countries. You hereby consent to transfer of your data to the U.S. pursuant to either, at Maestra’s discretion, the EU-U.S. or Swiss-U.S. Privacy Shield Framework, the details of which are further set forth below, or the standard data protection clauses promulgated by the European Commission, a copy of which can be obtained at https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32010D0087.
If you are located in the EU, you may have additional rights under the EU General Data Protection Regulation (the “GDPR”) related to your Personal Data, as further described below. Maestra will be the controller of your Personal Data processed in connection with the Service, unless you access the Service through an enterprise account, or other Maestra account that is controlled by a third party (e.g. your employer).
Maestra collects Personal Data about you when you provide it directly to us, when third parties such as our business partners (e.g. companies with whom we integrate our Service), service providers (such as our advertising service providers) provide us with Personal Data about you, or when Personal Data about you is automatically collected in connection with your use of our Service. We collect the following Personal Data from you in connection with the Service:
We also may collect usage and performance information that is not Personal Data or that we aggregate or de-identify so that it no longer personally identifies an individual. We also associate some data that is not Personal Data with Personal Data.
We may collect Personal Data when a user (i) creates an account (a “User Account”); (ii) logs into the Service; (iii) interacts with the Service; (iv) uploads or generates User Content; (v) communicates with us; and (vi) responds to a communication or interaction from us. Some of the methods and tools we use to collect Personal Data are:
Unique Identifiers: We may use unique identifiers such as cookies, e-mail or your pseudonymized customer ID to track individual usage behavior on our Service, such as the length of time spent on a particular page and the pages viewed during a particular log-in period. Unique identifiers collect information about a user’s use of our Service on an individual basis.
Mobile Device Identifiers: Mobile device identifiers are identifiers stored on your mobile device that track certain data and activities occurring on or through your device. Mobile device identifiers enable collection of Personal Data (such as media access controls) as well as non-personally identifiable information (such as usage and traffic data).
Cookies, Web Beacons, and Other Tracking Tools: We and our third party service providers may collect information about you, your device, and your use of the Service through cookies, clear gifs (a.k.a. web beacons/web bugs) (“Web Beacons”), and other tracking tools and technological methods (collectively, “Tracking Tools”). Tracking Tools collect information such as computer or device operating system type, IP address, browser type, browser language, mobile device ID, device hardware type, the website or application visited or used before or after accessing our Service, the parts of the Service accessed, the length of time spent on a page or using a feature, and access times for a webpage or feature. These Tracking Tools help us learn more about our users and analyze how users use the Service, such as how often users visit our Service, what features they use, what pages they visit, what emails they open, and what other sites or applications they used prior to and after visiting the Service.
Cookies: Like many websites and mobile application operators, we may collect certain information through the use of “cookies,” which are small text files that are saved by your browser when you access our Service. Cookies can either be “session cookies” or “persistent cookies”. Session cookies are temporary cookies that are stored on your device while you are visiting our Website or using our Service, whereas “persistent cookies” are stored on your device for a period of time after you leave our Website or Service. We may use persistent cookies to store your preferences so that they are available for the next visit, and to keep a more accurate account of how often you visit our Service, and how your use of the Service varies over time. We also use persistent cookies to measure the effectiveness of advertising efforts. Through these cookies, we may collect information about your online activity after you leave our Service. For more information on cookies, including how to control your cookie settings and preferences, visit http://ec.europa.eu/ipg/basics/legal/cookies/index_en.htm, https://ico.org.uk/for-the-public/online/cookies/ and http://www.allaboutcookies.org/.
Web Beacons: Web Beacons help us better manage content on our Service by informing us what content is effective. Web Beacons are embedded in, or otherwise associated with, certain emails or other communications that you receive from us or our partners. Web Beacons help us track your responses and interests and deliver relevant content and services to you. For example, they may let us know when you take actions based on the emails that we send. Web Beacons also allow us to enhance our Behavioral Advertising (defined below), which is further discussed below in the section titled “Online Behavioral Advertising” below.
Third Party Sources: We may use third-party services, such as open search tools and social networks, to obtain information about you (such as your name or company) and to enrich your personal information by obtaining publicly available information about you, such as your job title, employment history and contact information.
Online Behavioral Advertising: Some of our advertising (“Behavioral Advertising”) involves using Tracking Tools to collect information about a user’s online activities over time and across non-affiliated websites and applications and providing ads to the user based the user’s interests (as inferred from the user’s online activity) or use of our Service. Behavioral Advertising may appear on our Service or on other websites or services. We work with third parties to provide Behavioral Advertising, such as advertising networks, data exchanges, traffic measurement service providers, marketing analytics service providers, and other third-party service providers (collectively, “Advertising Service Providers”). Advertising Service Providers perform services such as facilitating targeting of advertisements and measuring and analyzing advertising effectiveness on the Service (collectively, all such services, “Targeting Services”). Targeting Services help us display Behavioral Advertising, prevent you from seeing repeated ads, and enable us to research the usefulness of ads.
Maestra uses Personal Data to: (i) provide, administer, and improve our Service; (ii) better understand your needs and interests; (iii) fulfill requests you make; (iv) personalize your experience; (v) provide Service announcements; (vi) provide you with information and offers from Maestra, Maestra Affiliates, and our business partners; (vii) protect, investigate, and deter against fraudulent, harmful, unauthorized, or illegal activity and (viii) comply with legal obligations.
For example, we use Personal Data to:
We will only use your Personal Data if we have a lawful basis for doing so. Lawful bases for processing include consent, contractual necessity, and our “legitimate interests” or the legitimate interest of others, as further described below.
Examples of these legitimate interests include:
We share Personal Data with vendors, third party service providers, and agents who work on our behalf and provide us with services related to the Service. These parties include:
We also share Personal Data with third party service providers and agents when necessary to complete a transaction initiated or authorized by you or provide you with a product or service you have requested. In addition to those set forth above, these parties also include:
We share Personal Data with presenters, sponsors, or other conference participants or organizers if you register for or attend a conference we are involved with.
We also share Personal Data when we believe it is necessary to:
We also share information with third parties when you have given us consent to do so.
Use of Third-Party E-mail Address
If you register for the Service using an e-mail address that we recognize to be either a part of a third-party enterprise account for the Service (an “Enterprise Account”) or a potential enterprise Service purchaser (for example, your employer’s) (each, an “E-Mail Holder”), we may provide your name and email address to the E-Mail Holder and their administrator. In some cases, we will also consolidate your account(s) with the accounts of the E-Mail Holder and we provide your E-Mail Holder and their administrator with access to your User Account information and User Content. This may happen when the E-Mail Holder’s account is established after you register for your individual User Account. We make these transfers to allow users who are part of a larger organization to take advantage of the special features and security enjoyed by our enterprise Account holders, and in order to help you and your organization comply with its internal security and email usage obligations. Please note that all accounts for the Service, and all applicable subaccounts (which may include your User Account), are controlled by the account administrator. In certain cases (e.g. when we are aggregating all of the accounts under a current or potential Enterprise Account), we will provide you with the ability to opt-out of consolidation with an E-Mail Holder’s Account (typically by changing the email address on your account to a non-E-Mail Holder email address).
Additionally, when an E-Mail Holder creates an Account, we may notify any individuals already using the Services under an email address with the same company domain as yours so that they can be migrated to your enterprise Account.
Emails: We will give you the ability to opt-out of marketing-related emails by clicking on a link at the bottom of each such email, or if there is no link, then you can reply that you want to opt out, and we will do our best to process the request. You cannot opt-out of receiving certain non-marketing emails regarding the Service.
We believe the security of your information is a serious issue and we are committed to protecting the information we receive from you. We use commercially reasonable security measures to protect against the loss, misuse, and alteration of your information under our control based on the type of Personal Data and applicable processing activity, such as data encryption in transit, data encryption at rest (for customers that elect to purchase our “private cloud” solution), pseudonymization, and enforcement of least privilege and need-to-know principles.
To the extent the Service requires you to provide any Financial Account Information, such as when you purchase subscriptions to the Service, that information will be collected and processed by third-party PCI-compliant service providers. We do not store Financial Account Information transmitted through the Service, provided that we do store (or our payment processor on our behalf will store) just the last four digits of your credit card number, if you provide this to us, to comply with credit card processing requirements of authorizations, charges and chargebacks.
We retain Personal Data about you for as long as you have an open account with us or as otherwise necessary to provide you with the Service, and thereafter as set forth in our Service agreement with you (typically 30 days after termination of the Service, or sooner upon request (except as required by law)). In some cases we retain Personal Data for longer, if doing so is necessary to comply with our legal obligations, resolve disputes or collect fees owed, or is otherwise permitted or required by applicable law, rule, or regulation. Upon disposal, we will destroy or render unreadable any such Personal Data. Afterwards, we retain some information in a depersonalized or aggregated form but not in a way that would identify you personally.
The Service contains areas where you may be able to publicly post information, communicate with others, submit media content, and/or review goods, services, or vendors, such as discussion boards or blogs. Any information, including Personal Data that you post there, will be public and can be viewed by the public at large, and therefore anyone who accesses such postings will have the ability to read, collect, and further disseminate such information. We have no control over, and take no responsibility for, the use, storage, or dissemination of information posted or otherwise made available on such portions of the Service. By posting Personal Data online in public forums, you may receive unsolicited messages from other parties.
You have certain rights with respect to your Personal Data, and we want to help you review and update your information to ensure it is accurate and up-to-date.We may limit or reject your request in certain cases, such as if it is frivolous or extremely impractical, if it jeopardizes the rights of others, if it is not required by law, or if the burden or expense of providing access would be disproportionate to the risks to your privacy in the case in question. In some cases, we may also need you to provide us with additional information, which may include Personal Data, to verify your identity and the nature of your request. We will take reasonable steps to respond to all requests within 30 days (or less!).
If you are an Maestra Account holder, you can accomplish most of the following by logging into your User Account. For more information as to tools available to you and your account administrator, you can contact us directly at support@MaestraSuite.com if you have any additional requests or questions:
For the following, please email us at support@MaestraSuite.com:
You also have the right to lodge a complaint about Maestra’s practices with respect to your Personal Data with the supervisory authority of your country or EU Member State.
Closing Your Account
You may close an account, and upon termination of your User Account, we will take reasonable steps to provide, modify, or delete your Personal Data as soon as is practicable. However, Maestra may nevertheless retain your Personal Data to protect the business interests of Maestra, Maestra Affiliates, vendors, and other users, and some information may remain in archived/backup copies for our records or as otherwise required by law. Those interests include without limitation the completion of transactions, maintaining records for financial reporting purposes, complying with our legal obligations, resolving disputes, and enforcing agreements.
California Privacy Rights
Pursuant to Section 1798.83 of the California Civil Code, residents of California can obtain certain information about the types of Personal Data that companies with whom they have an established business relationship have shared with third parties for direct marketing purposes during the proceeding calendar year. In particular, the law provides that companies must inform consumers about the categories of Personal Data that have been shared with third parties, the names and addresses of those third parties, and examples of the types of services or products marketed by those third parties. To request a copy of the information disclosure provided by Maestra pursuant to Section 1798.83 of the California Civil Code, please contact as set forth above.
ENFORCEMENT AND RECOURSE
Our Service is not intended for children under the age of 13 (16 in the EU, United Kingdom, Lichtenstein, Norway, or Iceland) and therefore, Maestra does not knowingly acquire or receive Personal Data from children under the age of 13 (16 in the EU, United Kingdom, Lichtenstein, Norway, or Iceland). If we later learn that any user of our Service is under the age of 13 (16 in the EU, United Kingdom, Lichtenstein, Norway, or Iceland), we will take appropriate steps to remove that user’s information from our account database and will restrict that individual from future access to the Service.