Effective Date: April 2018
Welcome and thank you for visiting the SessionM website (“Site”). SessionM offers a hosted software as a service platform to brands that have contracted with SessionM for consumer data orchestration and engagement (“Brands”). Brands include our partners or resellers that offer our Services in connection or combination with services they provide to their customers, most often through their mobile Brand Applications (defined below). SessionM helps Brands understand their consumers and provide their consumers with personalized offers, campaigns, and loyalty programs. Our platform includes tools for creating audience “segments” based on information about consumers (for example, segments based on age, gender, location, transaction and website or mobile application interaction history). These tools enable Brands to send relevant communications and promotions to certain audience “segments” via email, SMS, push notifications and in-app messaging. Using the tools, Brands can also generate reports on audience segments, create and run surveys, configure and manage loyalty programs, and offer and manage promotions and rewards.
This Policy only applies to Personal Data (as defined below) and other information collected by us from: (i) visitors to our Site and Brands that use our Services, and (ii) job applicants. While providing our Services to Brands, we may receive information related to the Brands’ consumers, and other third parties. Our use of information, including Personal Data on behalf of our Brands is governed by our contract with that Brand and the Brand’s own privacy policies.
Information Collected Through our Services
This section describes how we receive and use information collected through our Services on behalf of Brands. For information about how we collect and use information collected through our Site, please see the “Information we Collect Through Our Site” section below.
Through our Services we may receive information that, alone or in combination with other information, could be used to identify an individual (“Personal Data”). We may receive information (including Personal Data) in the following ways:
How We Use Information Collected Through our Services
Information Collected Through Our Site
We collect the following information from you when you visit our Site, including from Site visitors who are interested in learning more about our Services or who are interested in applying for jobs with SessionM:
How We Use Information Collected through our Site
Disclosure of Data Collected Through the Services or Site
We share information that we collect, including Personal Data, as described below:
Links to Other Websites
SessionM Services has developed or engaged technical and organization measures designed to protect Personal Data against unauthorized access or misuse. However, the Internet cannot be guaranteed to be fully secure and we cannot ensure or warrant the security of any information you provide to us. We do not accept liability for unintentional disclosure.
SessionM Services will retain Personal Data for the period necessary to provide our Services, as otherwise required by our contracts with Brands or by law.
Children Under 13
Our Services and Site are not directed at children under 13 years of age, and we do not knowingly collect or receive Personal Data from them. Our Brands are responsible for complying with applicable law regarding the collection of information from children who may be under the age of 13. If we learn that we have received Personal Data from a child who is under 13, we will delete the data. If you believe that we have received Personal Data from a child under the age of 13, you may contact us at firstname.lastname@example.org.
EU Data Subjects
This section applies if you are an EU data subject (for these purposes, reference to the EU also includes the European Economic Area countries of Iceland, Liechtenstein and Norway and, where applicable, Switzerland).
SessionM is the data controller for processing Personal Data provided to SessionM through the Site, but we act strictly as data processor on behalf of Brands for Personal Data that we process through the Services, as described under the “Information Collected Through our Services” section above.
We rely on the following legal bases for processing your Personal Data:
Subject to applicable law, and provided that, if you are a Brand’s consumer, SessionM may refer you to a particular Brand or Brand(s) where processing of Personal Data has taken place pursuant to our contract with a Brand, you have the following rights in relation to your Personal Data:
We rely on our Privacy Shield certification to transfer Personal Data and other information that we receive from the EU to SessionM in the U.S. and we process such in accordance with the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability (“Privacy Shield Principles”), as described below.
Notice and Choice. This Policy provides notice of the Personal Data collected and transferred under the Privacy Shield and the choice that you have with respect to such data. It also provides information about other Privacy Shield Principles that are set forth below. When we process Personal Data on behalf of our Brands, the Brands will be responsible for providing appropriate notice and choice to their consumers. We honor all Brands’ requests from their consumers to limit use or disclosure of consumers’ Personal Data.
Accountability for Onward Transfers: We may be accountable for the Personal Data we receive under the Privacy Shield that we may transfer to third-party service providers (as described in the “Disclosure of Data Collected Through the Services or Site” section above) if they process Personal Data in a manner inconsistent with the Privacy Shield Principles and we are responsible if they do so and for the harm caused. We will only disclose Personal Data about consumers supplied by our Brands to third parties where permitted or required by the Brand, and in accordance with the Privacy Shield Principles.
Security: We maintain security measures to protect Personal Data as described in the “Security” section of this Policy.
Data Integrity and Purpose Limitation: We will take reasonable steps to ensure that Personal Data is reliable for its intended use, and that it is accurate, complete and current for as long as long as we retain it. We will keep your Personal Data only for as long as is reasonably necessary for the purposes described in this Policy, or for the duration required by law or our contract with the Brands, whichever is the longer.
Access: You have certain rights to access, correct, amend, or delete Personal Data where it is inaccurate, or has been processed in violation of the Privacy Shield Principles. Please see the “EU Data Subjects” section above for more information on rights of EU data subjects or visit our GDPR page here. When we process Personal Data on behalf of our Brands, the Brands will be responsible to respond to requests for exercising your rights. We honor all Brands’ requests from their consumers to access, correct, amend, or delete consumers’ Personal Data.
Recourse, Enforcement, Liability: In compliance with the Privacy Shield Principles, SessionM commits to resolve complaints about our processing of your Personal Data. Individuals with inquiries or complaints regarding this Private Shield Policy should first contact SessionM at the following email address: email@example.com or by mail at: SessionM, 2 Seaport Lane, 11th Floor, Boston, MA 02210.
We have further committed to refer unresolved privacy complaints under the Privacy Shield Principles to JAMS, an alternative dispute resolution provider located in the United States, at no cost to you. If you do not receive timely acknowledgment of your complaint from us, or if we have not resolved your complaint, please visit the website https://www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint.
If your complaint is not resolved through these channels, under certain conditions a binding arbitration option may be available before a Privacy Shield Panel. For additional information, please visit: https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
We are subject to the investigatory and enforcement powers of the Federal Trade Commission with respect to Personal Data received or transferred pursuant to the Framework.
The Site also uses pixel tags, a technology similar to cookies that is placed on a website or within the body of an email for the purpose of tracking activity on websites, or when emails are opened or accessed, and is often used in combination with cookies. The Site uses pixels tags, from the below third parties, to help us improve use of our Site and the Services, and know when content has been shown to you.
Some cookies expire at the end of your visit to our website (session cookies), others remain on your computer or terminal device for a longer period (persistent cookies).
The types of cookies and similar technologies that we use are detailed below:
|We use a “session” cookie that allows SessionM to identify when a user has logged onto the SessionM platform. This cookie is essential for using and navigating the platform. Without such cookie, basic functions of our platform would not work.|
In particular, the Site uses:
Google Analytics, helps understand how visitors use the site. Google will use this information on our behalf to evaluate your use of the Site, compile reports on Site activity and similar data relating to use of the. Your IP address and other information collected by this cookie will be sent to and stored by Google on servers in the United States. You can prevent your data from being collected by Google Analytics on our Site by downloading and installing the Google Analytics Opt-out Browser Add-on for your current web browser at the following link: https://tools.google.com/dlpage/gaoptout?hl=en. Learn more about Google Analytics’ privacy practices at the following link:
Google Tag Manager, Google Tag Manager is a tag management system that allows you to quickly and easily update tags and code snippets on a website. https://www.google.com/analytics/tag-manager/use-policy/.
LinkedIn Analytics, gives us information about our use of LinkedIn. Learn more about LinkedIn’s privacy practices at the following link: https://www.linkedin.com/legal/privacy-policy and, to opt out, please visit https://www.linkedin.com/help/linkedin/answer/62931/manage-advertising-preferences?lang=en.
CrazyEgg, helps us understand how visitors engage with the Site. Learn more about CrazyEgg’s privacy practices at the following link https://www.crazyegg.com/privacy and, to opt out, please visit https://www.crazyegg.com/opt-out.
Hotjar, helps us understand how visitors engage with the Site. Learn more about HubSpot’s privacy practices at the following link https://www.hotjar.com/privacy and, to opt out, please visit https://www.hotjar.com/opt-out.
|Advertising||We may partner with one or more third parties to display advertising on our Site or manage our advertising on other sites. Our third party partner(s) may use technologies such as cookies to gather information about your activities on the Site and other websites to provide you with targeted ads based upon your browsing activities and interests. In particular, the Site uses:
AppNexus: To learn more about AppNexus privacy practices and to opt out of the use of AppNexus cookies, please visit http://appnexus.com/platform-policy#choices.
Doubleclick: Which enables Google and its partners to serve ads to you based on your visit to our Site. You may opt out of personalized advertising by visiting Google’s Ads Settings at the following link: https://adssettings.google.com/authenticated. Learn more about Google’s privacy practices at the following link: http://www.google.com/intl/en/policies/privacy/.
On most web browsers, you will find a “help” section on the toolbar. Please refer to this section for information on how to receive a notification when you are receiving a new cookie and how to turn cookies off. Please see the links below for guidance on how to modify your web browser’s settings on the most popular browsers:
To find out more about cookies and similar technologies, including how to see what cookies and similar technologies have been set and how to manage and delete them, visit www.allaboutcookies.org, and/or www.youronlinechoices.com, and/or the Network Advertising Initiative’s online resources, at http://www.networkadvertising.org and follow the opt-out instructions there or if located in the European Union, visit the European Interactive Digital Advertising Alliance’s Your Online Choices opt-out tool . By opting out of targeted advertisements you will no longer see advertisements on our Site from third-party partners that participate in the Digital Advertising Alliance; however, you may still continue to see other non-targeted advertisements on our Site. If you access the Site on your mobile device, you may not be able to control tracking technologies through the settings.
DO NOT TRACK SIGNALS
2 Seaport Lane, 11th Floor, Boston
SessionM’s data protection officer can be contacted at: firstname.lastname@example.org