Welcome and thank you for visiting the SessionM website (“Site”). SessionM offers a hosted software as a service platform to brands that have contracted with SessionM for consumer data orchestration and engagement (“Brands”). Brands include our partners or resellers that offer our Services in connection or combination with services they provide to their customers, most often through their mobile Brand Applications (defined below). SessionM helps Brands understand their consumers and provide their consumers with personalized offers, campaigns, and loyalty programs. Our platform includes tools for creating audience “segments” based on information about consumers (for example, segments based on age, gender, location, transaction and website or mobile application interaction history). These tools enable Brands to send relevant communications and promotions to certain audience “segments” via email, SMS, push notifications and in-app messaging. Using the tools, Brands can also generate reports on audience segments, create and run surveys, configure and manage loyalty programs, and offer and manage promotions and rewards.
This Policy only applies to Personal Data (as defined below) and other information collected by us from: (i) visitors to our Site and Brands that use our Services, and (ii) job applicants. While providing our Services to Brands, we may receive information related to the Brands’ consumers, and other third parties. Our use of information, including Personal Data on behalf of our Brands is governed by our contract with that Brand and the Brand’s own privacy policies.
SessionM participates in the EU-U.S. Privacy Shield framework (“Framework
Information Collected Through our Services
This section describes how we receive and use information collected through our Services on behalf of Brands. For information about how we collect and use information collected through our Site, please see the “Information we Collect Through Our Site” section below.
Through our Services we may receive information that, alone or in combination with other information, could be used to identify an individual (“Personal Data”). We may receive information (including Personal Data) in the following ways:
- Information provided upon interaction with Brands: We may receive Personal Data (first and last name, address, telephone number, email address, account number, location data, mobile phone unique device identifier and transaction and purchase history) when a consumer interacts with Brands’ Applications, including when consumers collect points, awards or achievements, check in to locations, subscribe to newsletters, submit postings, register for membership services, respond to polls or surveys, and register for sweepstakes, contests and other promotional opportunities. We also may receive the following Personal Data when consumers visit a location or purchase products or services designed by Brands.
- Mobile Phone Information: When consumers send and receive SMS messages to or from a Brand through one of the Services (or integrated tools) that provides SMS functionality, we may receive and maintain information associated with those messages, such as the phone number, the wireless carrier associated with the phone number, the content of the message, and the date and time of the transaction.
How We Use Information Collected Through our Services
- To Provide our Services. We use the information that we obtain through our Services to provide our Services to our Brands, including to allow Brands to offer their consumers specialized offers, campaigns, or loyalty rewards or to allow consumers to receive rewards and other promotions and to participate in contests, promotions or surveys. Our use of information on behalf of our Brands is governed by our contract with that Brand and the Brand’s own privacy policies.
- Aggregated Data. We may anonymize, de-identify and/or aggregate the information that we collect and use such anonymized, de-identified and/or aggregated data for our own internal business purposes, including but not limited to sharing anonymized and de-identified data with our current and prospective Brands, business partners, affiliates, agents and other third parties for commercial, statistical and market research purposes, for example to allow those parties to analyze patterns among groups of people, and conducting research on consumer demographics, interests and behavior.
Information Collected Through Our Site
We collect the following information from you when you visit our Site, including from Site visitors who are interested in learning more about our Services or who are interested in applying for jobs with SessionM:
- Personal Data that you provide to us. We may ask you to provide Personal Data for various reasons. For example, when you request a demo of the SessionM platform, we ask you for contact information such as your name, email address, phone number, geographic and job information. We may ask you for similar information at other times, such as when you apply for a job through our Site, or contact our customer service team. We also collect Personal Data that employees, contractors, or agents of our Brands provide to us when they register for access to the SessionM platform. The information we may collect includes name, address, company name, location, email address, phone number and account password.
- Brand User Communications. When you send email or other communications to SessionM, we may keep those communications in order to process your questions, respond to your requests and improve our Site. We may use your email address to communicate with you about our Services.
How We Use Information Collected through our Site
- To Communicate with You and to Improve our Services. We use the information that we collect when you visit our Site to (i) respond to questions, comments or request for information from us; (ii) send offers; (iii) conduct research in our Site visitor’s demographics, interests and behaviors; (iv) analyze website traffic patterns or otherwise monitor; or (v) improve our Site.
- Aggregated Data. We may anonymize, de-identify and/or aggregate the information that we collect through our Site and use such anonymized, de-identified and/or aggregated data for our business purposes, including but not limited to sharing anonymized and de-identified data with our current and prospective Brands, our business partners, affiliates, agents and other third parties, for commercial, statistical and market research purposes, for example to allow those parties to analyze patterns among groups of people.
Disclosure of Data Collected Through the Services or Site
We share information that we collect, including Personal Data, as described below:
- Brands. Personal Data of a Brand’s consumers will be analyzed and provided back to the Brand in order to perform the Services.
- Vendors and Services Providers. To third party vendors and service providers to perform certain functions on our behalf, such as hosting specific portions of the Service, maintaining databases, helping us collect job applications, delivering content, sending SMS and emails on behalf of our customers and for our own marketing communications, administering content, mailing information, processing payments or otherwise operating the Services or the Site.
- Partners and Resellers. To partners and resellers who provide our Services in connection or in combination with other services they provide, for example SessionM can provide Personal Data and/or aggregated data to those partners and resellers to enable them to provide Services and for monitoring performance metrics.
- Merger, Acquisition or Financing. To a successor or affiliate if we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, as part of that transaction along with other assets.
- As Required by Law. To satisfy applicable law, regulation, legal process or lawful government request of any country, or to protect the rights, property or safety of SessionM, its users or the public, or to enforce SessionM’s Terms and Conditions.
Links to Other Websites
Our Site may contain links to other websites not operated or controlled by SessionM (“Third Party Sites
SessionM Services has developed or engaged technical and organization measures designed to protect Personal Data against unauthorized access or misuse. However, the Internet cannot be guaranteed to be fully secure and we cannot ensure or warrant the security of any information you provide to us. We do not accept liability for unintentional disclosure.
SessionM Services will retain Personal Data for the period necessary to provide our Services, as otherwise required by our contracts with Brands or by law.
Children Under 13
Our Services and Site are not directed at children under 13 years of age, and we do not knowingly collect or receive Personal Data from them. Our Brands are responsible for complying with applicable law regarding the collection of information from children who may be under the age of 13. If we learn that we have received Personal Data from a child who is under 13, we will delete the data. If you believe that we have received Personal Data from a child under the age of 13, you may contact us at email@example.com
EU Data Subjects
This section applies if you are an EU data subject (for these purposes, reference to the EU also includes the European Economic Area countries of Iceland, Liechtenstein and Norway and, where applicable, Switzerland).
SessionM is the data controller for processing Personal Data provided to SessionM through the Site, but we act strictly as data processor on behalf of Brands for Personal Data that we process through the Services, as described under the “Information Collected Through our Services
” section above.
We rely on the following legal bases for processing your Personal Data:
- Processing of your Personal Data that you provide to us when you request a demo of the SessionM platform or when you otherwise send inquiries about our Services is necessary to respond to or implement your request prior to entering into a contract with us.
- When you apply for employment through our Site, processing of your contact details and data about your employment history and education (as needed to evaluate your job application, to conduct job interviews, and as is otherwise needed for recruitment) is necessary to respond to your request to process your application for employment. If you do not provide this data, we will not be able to process the application that you send through our Site.
- We use account-related data provided by Brands to set up accounts for the Brand and the Brand’s users in the SessionM platform and to administer and support those accounts (such as usernames, email address and billing information), provide you with access to the Services, contact you regarding your use of the Services or to notify you of important changes to the Services. Such use is necessary for the performance of the contract between you and us.
- We will send you information by email on our new products or services or other promotions only with your consent. If you do not provide us with your consent to the processing of your Personal Data for this purpose, we will not send you this information. You have the right to withdraw your consent at any time as described below.
- Our use of data relating to your use of the Site and/or the Services, described above, is necessary for our legitimate interests in understanding how the Site and the Services are being used by you, to improve your experience on it and our service offerings. We have also a legitimate interest in aggregating and/or anonymizing the information that we collect through our Site and/or the Services and using this information for our business purposes, as described above. When we process your Personal Data for our legitimate interests, we make sure to consider and balance any potential impact on you, and your rights under data protection laws. Our legitimate business interests do not automatically override your interests – we will not use your Personal Data for activities where our interests are overridden by the impact on you, unless we have your consent or those activities are otherwise required or permitted to by law. You have the right to object to processing that is based on our legitimate interests, as further described below.
Subject to applicable law, and provided that, if you are a Brand’s consumer, SessionM may refer you to a particular Brand or Brand(s) where processing of Personal Data has taken place pursuant to our contract with a Brand, you have the following rights in relation to your Personal Data:
- Right of access: If you ask us, we will confirm whether we are processing your Personal Data and, if so, provide you with a copy of that Personal Data (along with certain other details). If you require additional copies, we may need to charge a reasonable fee.
- Right to rectification: If your Personal Data is inaccurate or incomplete, you are entitled to have it rectified or completed. If we have shared your Personal Data with others, we will tell them about the rectification where possible. If you ask us, where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so that you can contact them directly.
- Right to erasure: You may ask us to delete or remove your Personal Data and we will do so in some circumstances, such as where we no longer need it (we may not delete your data when other interests outweigh your right to deletion, for example if we are required by law to keep it). If we have shared your data with others, we will tell them about the erasure where possible. If you ask us, where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so that you can contact them directly.
- Right to restrict processing: You may ask us to restrict or ‘block’ the processing of your Personal Data in certain circumstances, such as where you contest the accuracy of that Personal Data or object to us processing it. We will tell you before we lift any restriction on processing. If we have shared your Personal Data with others, we will tell them about the restriction where possible. If you ask us, where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so that you can contact them directly.
- Right to data portability: Effective 25 May 2018, you have the right to obtain your Personal Data from us that you consented to give us or that is necessary to perform a contract with you. We will give you your Personal Data in a structured, commonly used and machine-readable format. You may reuse it elsewhere.
- Right to object: You may ask us at any time to stop processing your Personal Data, and we will do so if we are processing your Personal Data for direct marketing and otherwise. However, if we are relying on a legitimate interest to process your Personal Data and we demonstrate compelling legitimate grounds for the processing we may continue; or*
- Rights in relation to automated decision-making and profiling: You have the right to be free from decisions based solely on automated processing of your Personal Data, including profiling, which produce a significant legal effect on you, unless such profiling is necessary for entering into, or the performance of, a contract between you and us, or with your explicit consent.
- Right to withdraw consent: If we rely on your consent to process your Personal Data, you have the right to withdraw that consent at any time. Your withdrawal of consent will not affect apply to data that was processed prior to our receipt of your withdrawal of consent.
- Right to lodge a complaint with the data protection authority: If you have a concern about our privacy practices, including the way we have handled your Personal Data, you can report it to the data protection authority that is authorized to hear those concerns.
*You may exercise your rights by contacting us as indicated under “Contact Us
” or visiting our GDPR Page here
. For a list of subprocessors, click here
We rely on our Privacy Shield certification to transfer Personal Data and other information that we receive from the EU to SessionM in the U.S. and we process such in accordance with the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability (“Privacy Shield Principles
”), as described below.
Notice and Choice
. This Policy provides notice of the Personal Data collected and transferred under the Privacy Shield and the choice that you have with respect to such data. It also provides information about other Privacy Shield Principles that are set forth below. When we process Personal Data on behalf of our Brands, the Brands will be responsible for providing appropriate notice and choice to their consumers. We honor all Brands’ requests from their consumers to limit use or disclosure of consumers’ Personal Data.
Accountability for Onward Transfers
: We may be accountable for the Personal Data we receive under the Privacy Shield that we may transfer to third-party service providers (as described in the “Disclosure of Data Collected Through the Services or Site
” section above) if they process Personal Data in a manner inconsistent with the Privacy Shield Principles and we are responsible if they do so and for the harm caused. We will only disclose Personal Data about consumers supplied by our Brands to third parties where permitted or required by the Brand, and in accordance with the Privacy Shield Principles.
: We maintain security measures to protect Personal Data as described in the “Security
” section of this Policy.
- Data Integrity and Purpose Limitation: We will take reasonable steps to ensure that Personal Data is reliable for its intended use, and that it is accurate, complete and current for as long as long as we retain it. We will keep your Personal Data only for as long as is reasonably necessary for the purposes described in this Policy, or for the duration required by law or our contract with the Brands, whichever is the longer.
- Access: You have certain rights to access, correct, amend, or delete Personal Data where it is inaccurate, or has been processed in violation of the Privacy Shield Principles. Please see the “EU Data Subjects” section above for more information on rights of EU data subjects or visit our GDPR page here. When we process Personal Data on behalf of our Brands, the Brands will be responsible to respond to requests for exercising your rights. We honor all Brands’ requests from their consumers to access, correct, amend, or delete consumers’ Personal Data.
- Recourse, Enforcement, Liability: In compliance with the Privacy Shield Principles, SessionM commits to resolve complaints about our processing of your Personal Data. Individuals with inquiries or complaints regarding this Private Shield Policy should first contact SessionM at the following email address: firstname.lastname@example.org or by mail at: SessionM, 2 Seaport Lane, 11th Floor, Boston, MA 02210.
We have further committed to refer unresolved privacy complaints under the Privacy Shield Principles to JAMS, an alternative dispute resolution provider located in the United States, at no cost to you. If you do not receive timely acknowledgment of your complaint from us, or if we have not resolved your complaint, please visit the website https://www.jamsadr.com/eu-us-privacy-shield
for more information or to file a complaint.
If your complaint is not resolved through these channels, under certain conditions a binding arbitration option may be available before a Privacy Shield Panel. For additional information, please visit: https://www.privacyshield.gov/article?id=ANNEX-I-introduction
We are subject to the investigatory and enforcement powers of the Federal Trade Commission with respect to Personal Data received or transferred pursuant to the Framework.
The Site also uses pixel tags, a technology similar to cookies that is placed on a website or within the body of an email for the purpose of tracking activity on websites, or when emails are opened or accessed, and is often used in combination with cookies. The Site uses pixels tags, from the below third parties, to help us improve use of our Site and the Services, and know when content has been shown to you.
Some cookies expire at the end of your visit to our website (session cookies), others remain on your computer or terminal device for a longer period (persistent cookies).
The types of cookies and similar technologies that we use are detailed below:
|We use a “session” cookie that allows SessionM to identify when a user has logged onto the SessionM platform. This cookie is essential for using and navigating the platform. Without such cookie, basic functions of our platform would not work.
In particular, the Site uses:
Google Analytics, helps understand how visitors use the site. Google will use this information on our behalf to evaluate your use of the Site, compile reports on Site activity and similar data relating to use of the. Your IP address and other information collected by this cookie will be sent to and stored by Google on servers in the United States. You can prevent your data from being collected by Google Analytics on our Site by downloading and installing the Google Analytics Opt-out Browser Add-on for your current web browser at the following link: https://tools.google.com/dlpage/gaoptout?hl=en. Learn more about Google Analytics’ privacy practices at the following link:
Google Tag Manager, Google Tag Manager is a tag management system that allows you to quickly and easily update tags and code snippets on a website. https://www.google.com/analytics/tag-manager/use-policy/.
LinkedIn Analytics, gives us information about our use of LinkedIn. Learn more about LinkedIn’s privacy practices at the following link: https://www.linkedin.com/legal/privacy-policy and, to opt out, please visit https://www.linkedin.com/help/linkedin/answer/62931/manage-advertising-preferences?lang=en.
CrazyEgg, helps us understand how visitors engage with the Site. Learn more about CrazyEgg’s privacy practices at the following link https://www.crazyegg.com/privacy and, to opt out, please visit https://www.crazyegg.com/opt-out.
Hotjar, helps us understand how visitors engage with the Site. Learn more about HubSpot’s privacy practices at the following link https://www.hotjar.com/privacy and, to opt out, please visit https://www.hotjar.com/opt-out.
||We may partner with one or more third parties to display advertising on our Site or manage our advertising on other sites. Our third party partner(s) may use technologies such as cookies to gather information about your activities on the Site and other websites to provide you with targeted ads based upon your browsing activities and interests. In particular, the Site uses:
AppNexus: To learn more about AppNexus privacy practices and to opt out of the use of AppNexus cookies, please visit http://appnexus.com/platform-policy#choices.
Doubleclick: Which enables Google and its partners to serve ads to you based on your visit to our Site. You may opt out of personalized advertising by visiting Google’s Ads Settings at the following link: https://adssettings.google.com/authenticated. Learn more about Google’s privacy practices at the following link: http://www.google.com/intl/en/policies/privacy/.
On most web browsers, you will find a “help” section on the toolbar. Please refer to this section for information on how to receive a notification when you are receiving a new cookie and how to turn cookies off. Please see the links below for guidance on how to modify your web browser’s settings on the most popular browsers:
To find out more about cookies and similar technologies, including how to see what cookies and similar technologies have been set and how to manage and delete them, visit www.allaboutcookies.org
, and/or www.youronlinechoices.com
, and/or the Network Advertising Initiative’s online resources, at http://www.networkadvertising.org
and follow the opt-out instructions there or if located in the European Union, visit the European Interactive Digital Advertising Alliance’s Your Online Choices opt-out tool . By opting out of targeted advertisements you will no longer see advertisements on our Site from third-party partners that participate in the Digital Advertising Alliance; however, you may still continue to see other non-targeted advertisements on our Site. If you access the Site on your mobile device, you may not be able to control tracking technologies through the settings.
DO NOT TRACK SIGNALS
, or send postal mail to:
2 Seaport Lane, 11th
SessionM's data protection officer can be contacted by filling out the form here