Privacy policy

Last updated December 03, 2024

This Privacy Policy outlines how Mitigrate (referred to as "we," "us," or "our") gathers, utilizes, retains, and shares ("processes") your personal data when you engage with our services ("Services"). This includes situations where you:

  • Access our website at http://www.mitigrate.com or any affiliated website linking to this Privacy Policy.
  • Interact with us in other ways, such as through sales, marketing initiatives, or events.

Have questions or concerns? By reading this Privacy Policy, you will gain a clear understanding of your privacy rights and options. We are committed to making decisions about your personal data responsibly. If you disagree with our policies or methods, please refrain from using our Services. For additional inquiries or concerns, reach out to us at email@mitigrate.com.

Key Highlights

Below is a summary of our Privacy Policy. For more comprehensive details, follow the included links or refer to the table of contents below.

  1. What types of personal data do we collect? The personal data we process depends on how you interact with us and our Services, as well as the features and products you use.
  2. Do we process any sensitive personal information? Certain jurisdictions consider some personal information, like racial or ethnic origin, sexual orientation, or religious beliefs, as sensitive. We do not process such sensitive information.
  3. Do we collect any information from third parties? No, we do not collect data from third-party sources.
  4. How is your data used? We use your information to deliver and improve our Services, communicate with you, ensure security, prevent fraud, and comply with legal requirements. Processing may also occur with your explicit consent.
  5. When and with whom do we share data? Data sharing occurs only in specific situations with designated third parties. Learn more about when and with whom we share your information.
  6. How do we keep your information safe? We use robust organizational and technical measures to protect your personal data. However, due to the inherent risks of internet-based data transmissions, we cannot guarantee that your data will always be 100% secure. We cannot guarantee that unauthorized third parties, such as hackers or cybercriminals, will not be able to circumvent our security measures and gain access to, steal, alter, or misuse your information. Learn more about our data protection measures.
  7. What are your rights? Your privacy rights vary depending on your location. Learn more about your rights.
  8. How do you exercise your rights? The simplest way to exercise your rights is by emailing us at email@mitigrate.com. We will handle all requests as per applicable laws.

Table of Contents

  1. What information do we collect?
  2. How do we process your information?
  3. What legal bases do we rely on to process your personal information?
  4. When and with whom do we share your personal information?
  5. Do we use cookies and other tracking technologies?
  6. Is your information transferred internationally?
  7. How long do we retain your data?
  8. How do we keep your information secure?
  9. Do we collect data from minors?
  10. What are your privacy rights?
  11. Controls for do-not-track features
  12. Do United States residents have specific privacy rights?
  13. Will this policy be updated?
  14. How can you contact us regarding this policy?
  15. How can you review, update, or delete your data?

1. What information do we collect?

Personal information you disclose to us

In summary: We collect personal details that you choose to share with us.

Personal data is collected when you express interest in our Services, engage in activities on our platform, or contact us directly. The type of personal information we gather depends on your interactions with us and includes:

  • Names
  • Phone numbers
  • Email addresses
  • Job titles
  • Contact preferences
Sensitive information: We do not process sensitive personal data.

To ensure accuracy, all information you provide must be truthful, complete, and up-to-date. Notify us promptly of any changes to your personal data.

2. How do we process your information?

In short: We use your data for service delivery, improvements, communication, security, fraud prevention, and legal compliance. We may also process your information for other purposes with your consent.

The reasons for processing your personal information include:

  • To request feedback. We may process your information when necessary to request feedback and to contact you about your use of our Services.
  • To save or protect an individual's vital interest. We may process data to safeguard your vital interests or those of others.

3. What legal bases do we rely on to process your information?

In summary: Processing occurs only when legally justified under applicable laws, such as your consent, compliance with obligations, or legitimate interests.

For EU and UK residents, this section applies to you.

Under the General Data Protection Regulation (GDPR) and UK GDPR, we are required to specify the legal bases upon which we rely to process your personal data. Accordingly, we may process your personal information based on the following grounds:

  • Consent. We process your data when you provide explicit permission for a specific purpose. You may withdraw your consent at any time.
  • Legitimate interests. We process your data to pursue our legitimate business interests, provided these do not override your rights and freedoms. For instance, we may use your personal information to:
    • Understand user behavior and improve the user experience with our services.
  • Legal obligations. We may process your data where required to comply with legal obligations, such as cooperating with law enforcement or regulatory authorities, exercising or defending our legal rights, or providing evidence in litigation.
  • Vital interests. We may process your data if necessary to protect your vital interests or those of another individual, such as in emergency situations where safety is at risk.
For residents of Canada, this section applies to you.

We may process your personal data if you have provided us with express consent for a particular purpose, or in cases where consent can be reasonably inferred (implied consent). You have the right to withdraw your consent at any time.

In specific circumstances, we may be permitted by law to process your information without your consent, including:

  • When the collection of data is clearly in the individual’s best interest, and obtaining consent in a timely manner is not possible.
  • For the detection and prevention of fraud.
  • In connection with business transactions, where certain conditions are met.
  • If the data is contained in a witness statement and its processing is necessary to assess, process, or resolve an insurance claim.
  • To identify and contact the next of kin of individuals who are injured, ill, or deceased.
  • If we have reasonable grounds to believe that an individual is or may be a victim of financial abuse.
  • When it is reasonable to collect and use the data without consent in cases where consent would compromise the availability or accuracy of the information, such as for investigating breaches of legal agreements or violations of Canadian law.
  • If required by law, such as complying with subpoenas, warrants, or court orders.
  • When the information was provided in the course of an individual’s employment, business, or profession, and the collection is consistent with the purpose for which the data was originally provided.
  • If the data is collected for journalistic, artistic, or literary purposes.
  • When the information is publicly available, as specified by relevant laws or regulations.

4. When and with whom do we share your personal information?

Summary: We may disclose your personal information in certain circumstances, as outlined in this section, and with the following third parties.

Your personal information may be shared in the following situations:

  • Business transactions. We may share or transfer your data in connection with, or during discussions of, any merger, acquisition, sale of company assets, financing, or other transactions involving all or part of our business.
  • Affiliated entities. We may share your data with our affiliates, who are required to adhere to this Privacy Notice. Affiliates include our parent company, subsidiaries, joint ventures, and any other entities under common control with us.
  • Business partners. We may disclose your information to trusted business partners in order to provide you with certain products, services, or promotional offers.

5. Do we use cookies and other tracking technologies?

Summary: We may use cookies and similar tracking technologies to collect and store information about your interactions with our Services.

We utilize cookies and other tracking technologies, such as web beacons and pixels, to gather information when you engage with our Services. These technologies help us improve the security of our Services, prevent disruptions, fix errors, remember your preferences, and ensure smooth operation of the site.

Additionally, we allow third parties and service providers to use tracking technologies on our Services for purposes like analytics and advertising. This includes displaying personalized ads based on your interests, managing advertising campaigns, or sending reminders for abandoned shopping carts, depending on your communication preferences. These third parties may use the data collected to deliver targeted advertisements about products and services, both on our Services and on other websites.

If the use of these tracking technologies is considered a "sale" or "sharing" under applicable US state laws (which includes targeted advertising), you may opt out of them by submitting a request as described in the section "Do United States residents have specific privacy rights?"

For more details on how we use tracking technologies and how you can manage or decline cookies, please refer to our Cookie Notice.

6. Is your information transferred internationally?

Summary: Your information may be transferred, stored, and processed in countries other than your own.

Our servers are based in the United States. If you are accessing our Services from outside the United States, please note that your data may be transferred, stored, and processed by us in the U.S. or other countries where our facilities and third-party service providers (as detailed in "When and with whom do we share your personal information?") operate.

If you reside in the European Economic Area (EEA), the United Kingdom (UK), or Switzerland, please be aware that these countries may not have data protection laws as comprehensive as those in your home country. However, we will implement appropriate safeguards to ensure your personal information is handled in accordance with this Privacy Notice and applicable data protection laws.

7. How long do we keep your information?

Summary: We retain your information only for as long as necessary to fulfill the purposes outlined in this Privacy Notice, unless a longer retention period is mandated by law.

We will retain your personal information only for as long as required to fulfill the purposes described in this Privacy Notice, unless a longer retention period is needed or allowed by law (for example, for tax, accounting, or other legal obligations).

When we no longer have a legitimate business need to process your personal information, we will either delete or anonymize it. If deletion is not possible (e.g., if the data is stored in backup systems), we will securely store your personal information and prevent it from being used for further processing until it can be safely deleted.

8. How do we keep your information safe?

Summary: We implement various organisational and technical measures to protect your personal information.

We have established appropriate technical and organizational security measures to safeguard your personal information. While we strive to maintain the highest level of security, it is important to note that no electronic communication or data storage system can be fully guaranteed to be 100% secure. As such, we cannot guarantee that unauthorized third parties, such as hackers or cybercriminals, will not be able to bypass our security and improperly access, steal, or alter your data.

Although we make every effort to secure your personal information, any transmission of data to and from our Services is at your own risk. We recommend accessing our Services only from a secure environment.

9. Do we collect information from minors?

Summary: We do not intentionally collect data from or target children under the age of 18.

We do not knowingly collect, request, or market personal information to children under 18, nor do we sell such information. By using our Services, you affirm that you are at least 18 years old or that you are the parent or guardian of a minor and consent to their use of the Services. If we become aware that personal information has been collected from users under 18, we will promptly deactivate the account and take reasonable steps to delete the data. If you believe we have collected information from a child under 18, please contact us at email@mitigrate.com.

10. What are your privacy rights?

In summary: Your rights regarding access, control, and management of your personal data depend on your location, such as in the United States, the European Economic Area (EEA), the United Kingdom (UK), Switzerland, or Canada. These rights may allow you to review, update, or delete your personal information, based on the relevant laws in your country, state, or province.

If you reside in the EEA, UK, Switzerland, or Canada, you are entitled to specific rights under applicable data protection laws. These rights may include:

  • Requesting access to your personal information, and obtaining a copy.
  • Requesting corrections to inaccurate data or requesting its deletion.
  • Limiting the processing of your personal information in certain circumstances.
  • Exercising data portability (where applicable).
  • Opposing automated decision-making, including profiling.

You may also have the right to object to the processing of your data in specific situations. To exercise any of these rights, please contact us using the details in the ‘How can you contact us about this notice?’ section below.

We will evaluate and respond to any request in compliance with applicable data protection laws.

If you are in the EEA or UK and believe we are processing your personal information unlawfully, you also have the right to file a complaint with the relevant data protection authority in your country.

If you are located in Switzerland, you may contact the Federal Data Protection and Information Commissioner.

Withdrawing your consent: If we rely on your consent to process your personal information (either explicit or implied based on the applicable laws), you have the right to withdraw it at any time. You can do so by contacting us using the details provided in the 'How can you contact us about this notice?' section below.

Please note that withdrawing your consent will not affect the processing that occurred prior to its withdrawal, nor will it impact the processing based on other legal grounds as permitted by applicable law.

Cookies and similar technologies: Most web browsers are configured to accept cookies by default. However, you can usually modify your browser settings to reject or remove cookies. Keep in mind that rejecting cookies may impact some features or functionalities of our Services.

If you have questions or concerns about your privacy rights, please reach out to us at email@mitigrate.com.

11. Controls for do-not-track features

Many web browsers, as well as certain mobile operating systems and applications, offer a Do-Not-Track (DNT) feature that allows you to signal your preference not to have data about your online activities collected or monitored. However, as of now, no industry-wide standard for recognizing and implementing DNT signals has been established. Therefore, we do not currently respond to DNT signals or other mechanisms that communicate your preference not to be tracked online. Should a recognized standard for online tracking be adopted in the future, we will update this Privacy Notice accordingly to reflect these changes.

In compliance with California law, we are obligated to disclose how we respond to DNT signals. As there is no universally accepted legal or industry standard for handling DNT signals at this time, we do not currently take action based on these signals.

12. Do United States residents have specific privacy rights?

In summary: Residents of certain U.S. states, including California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah, and Virginia, may have specific rights regarding their personal information. These rights include the ability to request access to, receive details about, correct inaccuracies in, obtain a copy of, or request the deletion of personal information we hold about you. Additionally, you may have the right to withdraw your consent for the processing of your personal information. However, these rights may be subject to certain limitations based on applicable laws. Further details are provided below.

Categories of personal information we collect

We have collected the following categories of personal information in the past twelve (12) months:

Category Examples Collected
A. Identifiers Contact details, such as real name, alias, postal address, telephone or mobile contact number, unique personal identifier, online identifier, Internet Protocol address, email address, and account name NO
B. Personal information as defined in the California Customer Records statute Name, contact information, education, employment, employment history, and financial information NO
C. Protected classification characteristics under state or federal law Gender, age, date of birth. race and ethnicity, national origin, marital status, and other demographic data NO
D. Commercial information Transaction information, purchase history, financial details, and payment information NO
E. Biometric information Fingerprints and voiceprints NO
F. Internet or other similar network activity Browsing history, search history, online behaviour, interest data, and interactions with our and other websites, applications, systems, and advertisements NO
G. Geolocation data Device location NO
H. Audio, electronic, sensory, or similar information Images and audio, video or call recordings created in connection with our business activities NO
I. Professional or employment-related information Business contact details in order to provide you our Services at a business level or job title, work history, and professional qualifications if you apply for a job with us NO
J. Education Information Student records and directory information NO
K. Inferences drawn from collected personal information Inferences drawn from any of the collected personal information listed above to create a profile or summary about, for example, an individual's preferences and characteristics NO
L. Sensitive personal Information   NO

In addition to the categories outlined above, we may collect personal information through interactions in various contexts, including but not limited to:

  • Seeking support via our customer service channels;
  • Participating in customer surveys, promotions, or contests;
  • Assisting with the delivery of our Services and addressing your inquiries.

We will retain and use any personal information collected as required for the provision of our Services or as necessary for the following purpose:

  • Category H: Retained for a duration of 6 months.
Sources of personal information

For further details about the sources from which we collect personal information, please refer to the section titled "What information do we collect?"

How we use and share personal information

For detailed information on how we process your personal information, please refer to the section titled "How do we process your information?"

Will your information be shared with anyone else?

We may share your personal information with our service providers, in accordance with written agreements between us and each provider. To learn more about how and with whom we share personal information, please refer to the section "When and with whom do we share your personal information?"

We may also use your personal information for our internal business purposes, including conducting research for technological development and demonstration. This is not considered the "sale" of your personal information.

To clarify, we have not disclosed, sold, or shared any personal information with third parties for business or commercial purposes in the past twelve (12) months. Moving forward, we will not sell or share the personal information of our website visitors, users, or consumers.

Your rights

Under certain U.S. state data protection laws, you have specific rights regarding your personal information. Please note, these rights are not absolute, and in certain circumstances, we may decline your request as permitted by applicable law. These rights include:

  • The right to know whether we are processing your personal data
  • The right to access your personal data
  • The right to request corrections to any inaccuracies in your personal data
  • The right to request the deletion of your personal data
  • The right to obtain a copy of the personal data you have previously shared with us
  • The right to be free from discrimination for exercising your rights
  • The right to opt-out of the processing of your personal data if it is used for targeted advertising (or sharing as defined under California’s privacy law), the sale of personal data, or profiling that leads to decisions with legal or similarly significant effects (e.g., automated profiling)

Depending on your state of residence, you may also have the following rights:

  • Right to access the categories of personal data being processed (as permitted by applicable law, including Minnesota's privacy law)
  • Right to obtain a list of the categories of third parties to which we have disclosed personal data (as permitted by applicable law, including California's and Delaware's privacy law)
  • Right to obtain a list of specific third parties to which we have disclosed personal data (as permitted by applicable law, including Minnesota's and Oregon's privacy law)
  • Right to review, understand, question, and correct how personal data has been profiled (as permitted by applicable law, including Minnesota's privacy law)
  • Right to limit the use and disclosure of sensitive personal data (as permitted by applicable law, including California's privacy law)
  • Right to opt-out of the collection of sensitive data and personal data collected through the operation of voice or facial recognition features (as permitted by applicable law, including Florida's privacy law)
How to exercise your rights

To exercise any of your rights, please contact us via the following methods:

Under certain U.S. state data protection laws, you may designate an authorized agent to make a request on your behalf. We may deny a request from an agent who cannot provide valid proof of authorization to act on your behalf as required by applicable laws.

Request verification

Upon receiving your request, we will need to verify your identity to confirm that you are the individual to whom the information pertains. We will use only the personal information provided in your request for verification purposes. If we are unable to verify your identity with the information we already have, we may ask you for additional details to complete the verification process and ensure security and fraud prevention.

If the request is submitted through an authorized agent, we may require further verification and a signed permission from you granting the agent authority to act on your behalf.

Appeals

In accordance with certain U.S. state data protection laws, if we deny your request, you have the right to appeal our decision. To appeal, please email us at email@mitigrate.com. We will notify you in writing about the outcome of your appeal and provide an explanation if the request was denied. If your appeal is rejected, you may file a complaint with your state attorney general.

California 'shine the light' law

Under California Civil Code Section 1798.83, known as the "Shine The Light" law, California residents may request, once annually and free of charge, information regarding the categories of personal information (if any) that we have disclosed to third parties for direct marketing purposes. Additionally, residents may request the names and addresses of all third parties with whom we have shared personal information in the previous calendar year. To submit such a request, please send it in writing using the contact details provided in the section "How can you contact us about this notice?"

13. Do we make updates to this notice?

In short: Yes, we may update this notice to remain compliant with applicable laws.

We may update this privacy notice periodically. Any updates will be reflected by an updated "Revised" date at the top of the document. In the event of significant changes to this privacy notice, we will notify you either by prominently posting a notice about the changes or by directly sending you a notification. We encourage you to regularly review this privacy notice to stay informed about how we are protecting your information.

14. How can you contact us about this notice?

If you have any questions or comments about this privacy notice, please feel free to reach out to us:

  • Email: email@mitigrate.com
  • Postal address: Mitigrate, One Lime Street, London EC3M 7HA, United Kingdom

15. How can you review, update, or delete the data we collect from you?

Depending on the applicable laws of your country, state, or region, you may have the right to request access to, correct inaccuracies in, or delete the personal information we hold about you. You may also have the right to withdraw your consent for us to process your personal information. These rights may be subject to certain limitations based on applicable law.

To request a review, update, or deletion of your personal data, please contact us at: email@mitigrate.com.