COVID-19 Assets and Resources Learn More

Privacy Statement

SessionM, Inc. takes your privacy seriously. We recognize that privacy is an important issue, so we design and operate our services with the protection of your privacy in mind. Please read the following to learn more.

Effective: December 2019

Contact us
SessionM Global Privacy Statement Effective Date: December 31st, 2019 This Privacy Statement applies to Personal Information (as defined below) collected or received by us from: (i) visitors to our own websites (the “Site”) (ii) brands (“Brands”) that use the SessionM Platform, software, and applications (the “Services”) and (iii) job applicants applying for jobs with SessionM.

Privacy Statement

In this Privacy Statement we refer to the SessionM Platform, software, and applications as our “Services.”  The Brand’s services and applications are referred to as “Brand Applications”. See below for more information about how SessionM can assist Brands in complying with the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

Personal Information processed for Brands by the SessionM Services 

This section describes how we receive and use information from Brands using our Services.  Brands may share information, including Personal Information (defined below) with SessionM.  Brands may also request that their other marketing partners share information, including Personal Information, with SessionM in order to utilize the Services, pursuant to applicable law.    Through our Services, we may receive information that, alone or in combination with other information, could be used to identify an individual, or as such data is otherwise classified and defined in the GDPR, CCPA or another applicable law in jurisdictions where we provide Services (“Personal Information”). We may receive Personal Information in the following ways in connection with Brands that utilize our Services:
  • Information provided to SessionM upon interaction with Brands. We may receive Personal Information (first and last name, address, telephone number, email address, account number, location data, mobile phone unique device identifier and transaction and purchase history) when a consumer interacts with Brands’ Applications, including when consumers collect points, awards or achievements, check in to locations, subscribe to newsletters, submit postings, register for membership services, respond to polls or surveys, and register for sweepstakes, contests and other promotional opportunities. We also may receive Personal Information from Brands, for example, Personal Information collected when consumers visit a location or purchase products or services designed by Brands.
  • Mobile Phone Information. When consumers send and receive SMS messages to or from a Brand through one of the Services (or third party tools) that provides SMS functionality, we may receive and maintain information associated with those messages, such as the phone number, the wireless carrier associated with the phone number, the content of the message, and the date and time of the transaction.

How We Use Personal Information to provide Services to Brands

  • We use the information that we receive through our Services to provide our Services to Brands, including to allow Brands to offer their consumers specialized offers, campaigns, or loyalty rewards or to allow consumers to receive rewards and other promotions and to participate in contests, promotions or surveys. Our use of information on behalf of our Brands is governed by our contract with that Brand and the Brand’s own privacy policies.  
  • Pursuant to applicable law, we may de-identify and/or aggregate the information we process in connection with the Services and use such de-identified and/or aggregated data for our own internal business purposes, including but not limited to sharing anonymized and de-identified data with affiliated companies, our current and prospective Brands, business partners, agents and other third parties for commercial, statistical and market research purposes, for example to allow those parties to analyze patterns among groups of people, and conducting research on consumer demographics, interests and behavior.

Personal Information Collected Through Our Site/Job Applications

We collect the following certain limited information from you or your device when you visit our Site, including from Site visitors who are interested in learning more about our Services or who are interested in applying for jobs with SessionM:
  • Personal Information that you provide to us. We may ask you to provide Personal Information for various reasons. For example, when you request a demo of the SessionM Platform, we ask you for contact information such as your name, email address, phone number, geographic and job information. We may ask you for similar information at other times, such as when you apply for a job through our Site, or contact our customer service team. We also collect Personal Information that employees, contractors, or agents of our Brands provide to us when they register for access to the SessionM Platform. 
  • Email or other Communications. When you send email or other communications to SessionM, we may collect those communications in order to process your questions, respond to your requests and improve our Site. We may use your email address to communicate with you about our Services. 
  • Information Collected Through Cookies, Server Logs or other Site analytics Technologies. When you visit the Site, we may automatically collect information about you through server logs, cookies or other technologies. This information may include your web request, the date and time of your web request, your interaction with a web service, your Internet Protocol address, your browser type, and the domain name of your Internet service provider.  Please see the information in the “Use of Cookies or Identifiers” section below to learn more about how we use cookies.

How We Use Personal Information Collected through our Site/Job Applications

  • To Communicate with You and to Improve our Services. We use the information that we collect when you visit our Site to (i) respond to questions, comments or request for information from us in connection with request or in connection with a job application; (ii) send offers; (iii) conduct research in our Site visitor’s demographics, interests and behaviors; (iv) analyze website traffic patterns or otherwise monitor; or (v) maintain and improve our Site and Services.   
  • Aggregated Data. We may aggregate the information that we collect through our Site and use such or aggregated data for our business purposes including sending marketing messages to you.  You may opt-out at any time.

Disclosure of Personal Information

We share Personal Information as described below: 
  • Brands. Personal Information of a Brand’s customers or prospects received by SessionM will be processed and provided back to the Brand in order to perform the Services.  At a Brand’s direction only, we may share that Brand’s information, including Personal Information of a Brand’s consumers, with the Brand’s own vendors or service providers.  SessionM may share a Brand’s information, including Personal Information of a Brand’s consumers, with an implementation partner with such Brand’s direction or approval, in connection with implementing the Services.
  • Vendors and Services Providers. SessionM may share Personal Information collected via the Site or for Job Applications with  third party vendors and service providers to perform certain functions on our behalf, such as helping us collect job applications and for our own marketing communications, administering content, mailing information, processing payments or otherwise operating the Site.
  • Mastercard. SessionM is a wholly owned subsidiary of Mastercard International, Inc. (“Mastercard”) We may share data with Mastercard and its subsidiaries as necessary to provide Services in connection or in combination with other services they provide. For example, SessionM may provide Personal Information and/or aggregated data to Mastercard to enable Mastercard to provide its services and for monitoring performance metrics.  For more information about Mastercard’s commitment to privacy click here. 
  • Merger, Acquisition or Financing. We may disclose Personal Information to a successor or affiliate if we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, as part of that transaction along with other assets, including for the purposes of conducting diligence in connection with evaluating whether to proceed with any such transaction. 
  • As Required by Law. To satisfy applicable law, regulation, legal process or lawful government request of any country, or to protect the rights, property or safety of SessionM, its users or the public, or to enforce contracts.
Our Site may contain links to other websites not operated or controlled by SessionM (“Third Party Sites”). The privacy practices described in this Privacy Statement do not apply to Third Party Sites. By providing these links we do not imply that we endorse or have revised these sites. Please contact those sites directly for information on their privacy practices and policies.

Security

SessionM implements technical and organizational measures designed to protect Personal Information against unauthorized access or misuse. However, the internet cannot be guaranteed to be fully secure and we cannot ensure or warrant the security of any information you provide to us through the Site. 

Retention

SessionM Services will retain Personal Information for the period necessary to provide our Services or as otherwise required by our contracts with Brands or by law.

Children Under 13

Our Services and Site are not directed at children under 13 years of age, and we do not knowingly collect or receive Personal Information from children under 13 years of age. If we learn that we have received Personal Information from a child who is under 13, we will delete the data as permitted by law. If you believe that we have received Personal Information from a child under the age of 13, you may contact us at privacyquestions@sessionm.com.    

Region-Specific Disclosures

  This section describes your rights under the GDPR if you are an EU data subject (for these purposes, reference to the EU also includes the European Economic Area countries of Iceland, Liechtenstein and Norway and, where applicable, Switzerland) and your rights as a U.S. consumer under the CCPA.  Even though the CCPA grants rights to residents of California, SessionM currently affords such rights to all U.S. consumers.      

European Union

SessionM participates in the EU-U.S. Privacy Shield framework (“Framework”) as set forth by the U.S. Department of Commerce regarding the processing of personally identifiable information transferred from the EU to the U.S. (for these purposes, reference to the EU also includes the European Economic Area countries of Iceland, Liechtenstein and Norway). SessionM has certified that it adheres to the Privacy Shield Principles (described below). If there is any conflict between the policies in this Privacy Statement and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Framework and to view our certification page, please visit https://www.privacyshield.gov/. Please see the Privacy Shield section below for more information.   SessionM is the data controller for processing Personal Information provided to SessionM through the Site/Job Applications only, but we act strictly as data processor on behalf of Brands for Personal Information that we receive from Brands and process through the Services.    We may collect and process EU data subject Personal Information under the following circumstances and under the following legal bases:  
  • In our legitimate business interest we may process your Personal Information that you provide to us when you (a) request a demo of the SessionM platform. (b) send inquiries about our Services and we shall respond to or implement your request prior to entering into a contract with us.
 
  • In our legitimate business interest we may process your Personal Information when you apply for employment through our Site, processing of your contact details and data about your employment history and education (as needed to evaluate your job application, to conduct job interviews, and as is otherwise needed for recruitment) is necessary to respond to your request to process your application for employment. If you do not provide this data, we will not be able to process the application that you send through our Site.
 
  • In performance of a contract with our Brand clients, we use account-related data provided by Brands to set up accounts for the Brand and the Brand’s users in the SessionM Platform and to administer and support those accounts (such as usernames, email address and billing information), provide access to the Services, contact Brands  regarding use of the Services or to notify Brands of important changes to the Services. Such use is necessary for the performance of the contract between you and us.
 
  • With your consent, we will send you information by email on our new products or services or other promotions. If you do not provide us with your consent to the processing of your Personal Information for this purpose, we will not send you this information. You have the right to withdraw your consent at any time as described below.
 
  • It is necessary in our legitimate business interest to process your Personal Information relating to your use of the Site and/or the use of the Services, described above, in order to have an understanding how the Site and the Services are being used, to improve experience on it and our service offerings. We have also a legitimate interest in aggregating and/or anonymizing the information that we collect through our Site and/or the Services and using this information for our business purposes, as described above. When we process your Personal Information for our legitimate interests, we make sure to consider and balance any potential impact on you, and your rights under data protection laws. Our legitimate business interests do not automatically override your interests – we will not use your Personal Information for activities where our interests are overridden by the impact on you, unless we have your consent or those activities are otherwise required or permitted to by law. You have the right to object to processing that is based on our legitimate interests, as further described below.
  Subject to applicable law, you have the following rights in relation to your Personal Information.  Please note that, if you are a Brand’s consumer, SessionM may refer you to a particular Brand or Brand(s) where processing of Personal Information has taken place pursuant to our contract with a Brand in order to exercise the following rights:
  • Right of access: If you ask us, once the request is authenticated, we will confirm whether we are processing your Personal Information and, if so, provide you with a copy of that Personal Information (along with certain other details). If you require additional copies, we may need to charge a reasonable fee as permitted by law.
  • Right to rectification: If we are processing your Personal Information and you believe that it is inaccurate or incomplete, you are entitled to have it rectified or completed. If we have shared your Personal Information with others, we will tell them about the rectification where possible. If you ask us we will also tell you with whom SessionM shared your Personal Information so that you can contact them directly.
  • Right to erasure: You may ask us to delete or remove your Personal Information and we will do so in some circumstances, such as where we no longer need it (we may not delete your data when other interests outweigh your right to deletion, for example if we are required by law to keep it). If we have shared your data with others, we will tell them about the erasure where possible. If you ask us we will also tell you with whom we shared your Personal Information so that you can contact them directly.
  • Right to restrict processing or object to processing: You may ask us to restrict or ‘block’ the processing of your Personal Information in certain circumstances, such as where you contest the accuracy of that Personal Information or object to us processing it. We will tell you before we lift any restriction on processing. If we have shared your Personal Information with others, we will tell them about the restriction where possible. If you ask us, where possible and lawful to do so, we will also tell you with whom we shared your Personal Information so that you can contact them directly.
  • Right to data portability: You have the right to obtain your Personal Information from us that you consented to give us or that is necessary to perform a contract with you. We will give you your Personal Information in a structured, commonly used and machine-readable format. You may reuse it elsewhere.
  • Rights in relation to automated decision-making and profiling: You have the right to be free from decisions based solely on automated processing of your Personal Information, including profiling, which produce a significant legal effect on you, unless such profiling is necessary for entering into, or the performance of, a contract between you and us, or with your explicit consent. 
  • Right to withdraw consent: If we rely on your consent to process your Personal Information, you have the right to withdraw that consent at any time. Your withdrawal of consent will not apply to data that was processed prior to our receipt of your withdrawal of consent.
  • Right to lodge a complaint with the data protection authority: If you have a concern about our privacy practices, including the way we have handled your Personal Information, you can report it to the data protection authority that is authorized to hear those concerns.
You may exercise your rights or request a list of subprocessors here.

Privacy Shield

We rely on our Privacy Shield certification to transfer Personal Information and other information that we receive from the EU to SessionM in the U.S. and we process such in accordance with the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability (“Privacy Shield Principles”), as described below. Notice and Choice. This Statement provides notice of the Personal Information collected and transferred under the Privacy Shield and the choice that you have with respect to such data. It also provides information about other Privacy Shield Principles that are set forth below. When we process Personal Information on behalf of our Brands, the Brands will be responsible for providing appropriate notice and choice to their consumers. As permitted by law and where feasible, we strive to honor Brands’ requests from their consumers to limit use or disclosure of consumers’ Personal Information. Accountability for Onward Transfers: We may be accountable for the Personal Information we receive under the Privacy Shield that we may transfer to third-party service providers (as described in the “Disclosure of Data Collected Through the Services or Site” section above) if they process Personal Information in a manner inconsistent with the Privacy Shield Principles and we are responsible if they do so and for the harm caused. We will only disclose Personal Information about consumers supplied by our Brands to third parties where permitted or required by the Brand, and in accordance with the Privacy Shield Principles. Security: We maintain security measures to protect Personal Information as described in the “Security” section of this Statement. Data Integrity and Purpose Limitation: We will take reasonable steps to ensure that Personal Information is reliable for its intended use, and that it is accurate, complete and current for as long as long as we retain it. We will keep your Personal Information only for as long as is reasonably necessary for the purposes described in this Statement, or for the duration required by law or our contract with the Brands, whichever is the longer. Access: You have certain rights to access, correct, amend, or delete Personal Information where it is inaccurate, or has been processed in violation of the Privacy Shield Principles. Please see the “EU Data Subjects” section above for more information on rights of EU data subjects or visit our GDPR page here. When we process Personal Information on behalf of our Brands, the Brands will be responsible to respond to requests for exercising your rights. As permitted by law and where feasible, we strive to honor Brands’ requests from their consumers to access, correct, amend, or delete consumers’ Personal Information. Recourse, Enforcement, Liability: In compliance with the Privacy Shield Principles, SessionM commits to resolve complaints about our processing of your Personal Information. Individuals with inquiries or complaints regarding this Private Shield policy should first contact SessionM at the following email address: privacyquestions@sessionm.com or by mail at: SessionM, 2 Seaport Lane, 11th Floor, Boston, MA 02210. We have further committed to refer unresolved privacy complaints under the Privacy Shield Principles to JAMS, an alternative dispute resolution provider located in the United States, at no cost to you. If you do not receive timely acknowledgment of your complaint from us, or if we have not resolved your complaint, please visit the website https://www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint. If your complaint is not resolved through these channels, under certain conditions a binding arbitration option may be available before a Privacy Shield Panel. For additional information, please visit: https://www.privacyshield.gov. We are subject to the investigatory and enforcement powers of the Federal Trade Commission with respect to Personal Information received or transferred pursuant to the Framework.

California

We did not sell Personal Information during the preceding 12 months, and SessionM does not sell Personal Information we collect about you, as defined by the CCPA. We disclosed the following categories of Personal Information for a business purpose during the preceding 12 months:
  • Name, Email, Address
  • Identifiers
  • Commercial
  • Geolocation
  • Professional or Employment
  • Education
  • Transactions
  • Inferences
The CCPA provides California residents with specific rights regarding their Personal Information. SessionM currently affords such rights to all U.S. consumers, provided that, if you are a Brand’s consumer, SessionM may refer you to a particular Brand or Brand(s) where processing of Personal Information has taken place pursuant to our contract with a Brand in order to exercise your rights, consistent with applicable law.  For individuals whose state of residence does not afford these rights, we offer them voluntarily and at our discretion, and we reserve the right to limit or revoke any such rights at any time, as may be permitted by applicable laws. This section describes your CCPA rights and explains how to exercise those rights.
  • Right to Know: You have the right to request what Personal Information about you we collect, use, disclose, and/or sell, as applicable, over the past 12 months as follows:
    • the categories of Personal Information we collected and used about you;
    • the categories of sources from which we collected the Personal Information about you;
    • our business or commercial purpose for collecting or selling, as applicable, that Personal Information;
    • the categories of third parties with whom we share that Personal Information;
    • the specific pieces of Personal Information we collected about you; and
    • if we disclosed your Personal Information for a business purpose or otherwise sold it, information regarding such disclosures, identifying the Personal Information categories that each category of recipient obtained. 
Right to Delete: You have the right to request the deletion of your Personal Information that is collected or maintained by us. If we receive and confirm your verifiable consumer request, we shall delete (and direct our service providers to delete) your Personal Information from our records, unless an exception applies or as otherwise required by law. 
  • Right to Non-Discrimination:  You have the right not to receive discriminatory treatment by us for the exercise of the privacy rights described above.
  • Right to opt-out of the sale of personal information. You have the right to request to be opted out from the sale of your personal information, if applicable.  However, as set forth above, SessionM does not sell Personal Information.

Exercising Your Rights

To exercise the CCPA rights described above, please submit a verifiable consumer request to us by either: 
  • Emailing us at privacyquestions@sessionm.com
  • Making a submission here
  • Sending postal mail to:
SessionM, Inc. Attention: Privacy/Legal 2 Seaport Lane, 11th Floor, Boston MA 02210 United States The above rights are subject to our being able to reasonably verify your identity and authority to make these requests.  Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your Personal Information. You may also make a verifiable consumer request on behalf of your minor child, if applicable. In addition, you may also have the right to direct SessionM not to sell certain of your Personal Information that we have collected or will collect about you; however, as set forth above, SessionM does not sell Personal Information. You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you.  The above rights are also subject to various exclusions and exceptions under the law. Under certain circumstances, we may be unable to implement your request, pursuant to applicable law. We will advise you of any reason for denying or restricting a request to the extent permitted by law.

Other California Privacy Rights

California's “Shine the Light” law (Civil Code Section § 1798.83) permits California residents to request certain information regarding our disclosure of Personal Information to third parties for their direct marketing purposes. To make such a request, please send an email to privacyquestions@sessionm.com or write us at:  SessionM, Inc. Attention: Privacy/Legal 2 Seaport Lane, 11th Floor, Boston MA 02210 United States

Use of Cookies or Identifiers

SessionM uses cookies and similar technologies on the Site. A cookie is a piece of information sent to your browser from a website and stored on your computer’s hard drive. Cookies can help a website like ours recognize repeat users and allow a website to track web usage behavior. Cookies work by assigning a number to the user that has no meaning outside of the assigning website. The Site also uses pixel tags, a technology similar to cookies that is placed on a website or within the body of an email for the purpose of tracking activity on websites, or when emails are opened or accessed, and is often used in combination with cookies. The Site uses pixels tags to help us improve use of our Site and the Services and know when content has been shown to you. Upon your first connection to our Site, you will be asked to confirm whether you agree to our use of cookies and similar technologies in accordance with this Statement, and if you accept we will store cookies and such other technologies on your computer. Some cookies expire at the end of your visit to our website (session cookies), others may remain on your computer or terminal device for a longer period (persistent cookies). The types of cookies and similar technologies that we use are detailed below: 
Category/Name Purpose
SessionID We use a “session” cookie that allows SessionM to identify when a user has logged onto the SessionM Platform.  This cookie is essential for using and navigating the platform. Without such cookie, basic functions of our platform would not work.  
Analytics The Site uses cookies that allow SessionM to count the number of visitors and understand how visitors use the Site by collecting statistics as number of page views, visitors and time spent on each page as well as to communicate with users where contact information has been shared.  In particular, we use: 
  • Google Analytics, helps understand how visitors use the site. Google will use this information on our behalf to evaluate your use of the Site, compile reports on Site activity and similar data relating to use of the. Your IP address and other information collected by this cookie will be sent to and stored by Google on servers in the United States. You can prevent your data from being collected by Google Analytics on our Site by downloading and installing the Google Analytics Opt-out Browser Add-on for your current web browser at the following link: https://tools.google.com/dlpage/gaoptout?hl=en. Learn more about Google Analytics’ privacy practices at the following link:
https://support.google.com/analytics/answer/6004245?hl=en&ref_topic=2919631.
  • HubSpot, we use cookies and pixel tags which help us understand how visitors engage with the Site, and to communicate with users. Learn more about HubSpot’s privacy practices at the following link https://legal.hubspot.com/privacy-policy

Your Choices Regarding Use of Cookies or Identifiers 

  On most web browsers, you will find a “help” section on the toolbar. Please refer to this section for information on how to receive a notification when you are receiving a new cookie and how to turn cookies off.  Note, however, that if you reject our request to use cookies or turn cookies off, you may be unable to access certain parts of the Site and you may not be able to benefit from the full functionality of the Site. To find out more about cookies and similar technologies, including how to see what cookies and similar technologies have been set and how to manage and delete them, visit www.allaboutcookies.org, and/or www.youronlinechoices.com.

DO NOT TRACK SIGNALS

Our Site currently does not respond to “Do Not Track” (DNT) signals and operates as described in this Privacy Statement whether or not a DNT signal is received.

Changes to this Privacy Statement

We may change this Privacy Statement at any time. We will post all changes on this page and will indicate at the top of the page the modified policy's effective date. We therefore encourage you to refer to this page on an ongoing basis so that you are aware of our current privacy practices. If required by the applicable law, we will notify you if the changes. By continuing to use the Site and/or the Services or providing us with information following such a replacement you agree that you will be deemed to have agreed to the Privacy Statement as changed.

Contact Us

If you have any questions or suggestions regarding this Privacy Statement please contact us at the following email address: privacyquestions@sessionm.com, or send postal mail to: SessionM, Inc. Attention: Privacy/Legal 2 Seaport Lane, 11th Floor, Boston MA 02210 United States

Contact SessionM today

Contact us or request more information on your personal data.

Contact Us
Request Your Data
Contact Us