Privacy Policy

This Privacy Policy applies to all personal information collected by Media.com in the course of its normal business activities.

What is "personal information"?

For the purposes of this policy, "personal information" means information or an opinion about an identified individual or an individual who is reasonably identifiable, whether the information is true or not and whether the information or opinion is recorded in a material form or not.

If information does not disclose a person's identity or enable their identity to be ascertained, it will in most cases not be classified as “personal information” and will not be subject to this Privacy Policy.

The statutory definition of "personal information" may vary depending on which local data protection law applies to the handling of that information. We will treat information as "personal information" if it meets our definition, even if that information is not classifiable as "personal information" under applicable data protection laws. You should remain aware, however, that you may have enforceable rights under local law in respect of "personal information" which does not fall within our definition.

What information do we collect?

The kind of personal information that we collect from you will depend upon precisely what services you acquire from us. The personal information which we collect and hold about you may include (a) contact details (e.g. name, postal address, email address, telephone number), (b) other information which is required in order for you to use our service, which may include your photo ID, photograph, and related biometric information (as further described in our Biometric Information and Retention Policy below), employment-related information, or date of birth, and (c) such other information which you volunteer to us.

How we collect your personal information

We collect personal information directly and indirectly:

  • Direct collection. We will generally collect personal information from you when you provide us with information in the course of using our service. By voluntarily providing us with information about yourself, you are expressly consenting to our use of that data in the manner described in this policy.

  • Indirect collection. In some circumstances we may be provided with your personal information by a third party. In such a case we will take reasonable steps to ensure that you are made aware of the information provided to us by that third party. This may include, for example, information used for our legal entity verification efforts or that is provided to us by the identity verification service that you provided your information directly to (as further described in our Biometric Information and Retention Policy below).

  • Website collection/cookies. If we collect personal information from you via our website, we may use digital cookies to remember your preferences and collect online traffic data and browsing characteristics. Internet cookies are small strings of text placed on users' hard drive during the data exchange that happens when a browser points to a website. The browser stores the message in a text file which is sent back to the server each time the browser requests a page from the server. Cookies and other information collection technologies can only store information that is explicitly provided by the user or visitor in the first place, or information which is already known to the website such as your IP address. Generally, information collected in this manner is not personally identifiable. You can choose to adjust your browser to reject cookies or to notify you when they are being used, bearing in mind that rejecting cookies can result in a loss of some website functionality. Please refer to our cookie statement for further information.

Purpose of collection

The purpose for which we collect personal information is to provide you with the service you are seeking from us. We do not collect personal information which is not required in order to provide such service.

The purposes for which we process your personal information will depend on the type of personal information collected and the context in which it was collected. However, the primary purpose for which we process personal information is to deliver our service to you.

Using and sharing your personal information

Primary purpose. We will use your personal information in connection with the delivery of our service to you – that is, we use it in a manner related to the primary purpose of collection.


Secondary purposes. We may have cause to disclose personal information to our service providers who support our business model or who assist us in operating our computer systems. Your personal information may also be exposed from time to time to maintenance and support personnel acting in the normal course of their duties. In the event that we outsource part of our infrastructure, it is possible that the entity we engage for this purpose may also have access to your personal information.


Affiliated entities. We may share your personal information with affiliated entities, wherever located, for the purpose of data processing or storage, or for general operational efficiency. If this involves cross-border transmission, we will comply with any applicable cross-border transfer laws which are designed to protect your personal information in such circumstances.


Legal obligation to disclose. We may disclose your personal information to a third party if required or authorised to do so under an applicable law or by a court or tribunal order, or where disclosure is reasonably necessary for one or more enforcement related activities conducted by or on behalf of an enforcement body, or as otherwise required or permitted by law (such as the investigation of suspicious or unlawful behavior, the defence of a legal claim or for use in connection with a confidential alternative dispute resolution process).

Storing your personal information

Your personal information may be transferred to, and stored at, a destination outside the jurisdiction in which it was collected. It may also be processed by staff or our third party service providers in another jurisdiction.


Such jurisdictions may have less strict data protection laws, or no data protection laws at all. In each instance we will take any legally required steps to ensure that adequate safeguards are in place to protect your personal information and to ensure it is kept secure and handled in accordance with this Privacy Policy. You may contact us for an explanation of the basis on which we have transferred your personal information and, where relevant, to request particulars of the legal safeguards we have put in place.


For information about our retention of biometric information for identity verification purposes, please review our Biometric Information and Retention Policy below.

Direct marketing

If you use our service, you consent to the receipt of direct marketing material. We will only use your personal information for this purpose if we have collected such information direct from you, and if it is material of a type which you would reasonably expect to receive from use. We do not use sensitive personal information in direct marketing activity. Our direct marketing material will include a simple means by which you can request not to receive further communications of this nature. An alternative means of opting out is to contact us as set out below and simply request that you receive no further such communications.

Security

We take all reasonable steps to protect personal information from misuse, interference and loss, and from unauthorized access, modification or disclosure. We store your personal data on a secure server that is password protected and shielded from the outside world by a firewall. We have in place security policies that are intended to ensure, as far as possible, the security and integrity of all our information, including your personal information. If we forward personal information to any third party, we require that those third parties have appropriate technical and organisational measures in place to comply with this Privacy Policy and applicable laws.

Data Retention

We retain personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. We will delete or de-identify your personal information once the purpose of the collection and processing of such personal information has been fulfilled. If you have unsubscribed from receiving marketing information from us, we will continue to maintain your personal information for any other purpose for which we still have legal grounds for doing so. In certain cases, if no other legal grounds exist, we will maintain limited personal information (such as your email address) about you on record, so as to ensure that such marketing communications are no longer sent to you in the future.

For information about our retention of biometric information for identity verification purposes, please review our Biometric Information and Retention Policy below.

Children

Our service is not directed to children, and we do not knowingly collect personal information from persons under the age of 18 years. If a parent or legal guardian becomes aware that his or her child has provided us with personal information without their consent, the parent or legal guardian should contact us at the address indicated below, and we will take steps to delete any such personal data.

Access and correction

You are permitted to obtain access to the personal information we hold about you in certain circumstances, and you are also permitted to correct inaccurate personal information subject to certain exceptions. If you wish to seek access for this purpose, please contact us as set out below.

Biometric Information and Retention Policy

This section applies to any individuals about whom we have collected biometric data, including through your use of our website and/or by using our products and services (collectively, “you”). For purposes of this section, “biometric information” means personal information stored by us and/or our vendors about an individual’s physical characteristics that can be used to identify that person. As used in this Privacy and Security Policy, biometric information includes “biometric identifiers” and “biometric information” as defined under applicable federal, state, and local laws.


Media.com’s products and services require our ability to verify your identity. Media.com has partnered with a third party provider, Jumio, in order to support our identity verification efforts. At account creation, you may be asked to provide directly to Jumio on its owned and operated platform: government-issued photo ID (e.g., your driver’s license, state identification card, or passport); photograph of yourself; and related information. Jumio will use information captured from these images to collect, retain, and use biometric information (for example, your facial geometry) for purposes of verifying your identity and as further described in Jumio’s Privacy Policy, available here.


In addition, this biometric information may be made available by Jumio to Media.com for Media.com’s own identity verification purposes, consistent with applicable law. Media.com will not use this information for any other purpose.


In all cases, such collection, retention, and use of your biometric information will only occur after collecting your consent to collect, retain, and use your biometric information for these purposes. Media.com will not sell, lease, trade, or otherwise profit from your biometric information.


Media.com will retain such biometric information only until, and will permanently destroy such biometric information when, the first of the following occurs:


  • The initial purpose for collecting or obtaining such biometric information has been satisfied;

  • Within one (1) year of your last interaction with us.


Media.com will store, transmit, and protect from disclosure any biometric information collected using reasonable care and in a manner that is the same as or more protective than the manner in which Media.com stores, transmits, and protects from disclosure other confidential and sensitive information.

Complaint procedure

If you have a complaint concerning the manner in which we maintain the privacy of your personal information, please contact us as set out below. All complaints will be considered seriously by us and we may seek further information from you to clarify your concerns. If we agree that your complaint is well founded, we will, in consultation with you, take appropriate steps to rectify the problem. If you remain dissatisfied with the outcome, you may refer the matter to the applicable regulator.

Cross-border transfers

Your personal information may be transferred to or stored in a different jurisdiction for a variety of reasons. Depending upon the jurisdiction in which your personal information is initially collected, local data protection laws may regulate the cross-border transfer of person information. We will comply with all laws and restraints placed on the cross-border transfer of personal information. It is not practicable in this Privacy Policy to list all jurisdictions which may be involved in this manner, but we provide the following key examples:


  • Transfers from EEA, Switzerland or UK. If your personal information is transferred from the EEA, Switzerland or the UK to an outside jurisdiction, applicable laws require (with limited exceptions) that certain steps be taken to ensure appropriate safeguards are in place to protect that information. This includes the use of Standard Contractual Clauses issued pursuant to Commission Implementing Decision (EU) 2021/914 of June 4, 2021 of the European Parliament and of the Council, and for transfers from the UK, the UK International Data Transfer Addendum (IDTA).

  • Transfers from Australia. If your personal information is transferred from Australia to a recipient in a country with data protection laws which are at least substantially similar to the Australian Privacy Principles, and where there are mechanisms available for you to enforce protection of your personal information under the laws of that other country, we will not be liable for a breach of the Australian Privacy Principles if your personal information is mishandled in that jurisdiction. If your personal information is transferred to a jurisdiction which does not have data protection laws as comprehensive as Australia’s, we will take reasonable steps to secure a contractual commitment from the recipient to handle your information in accordance with the Australian Privacy Principles.

Applicable laws

The handling of your personal information may be subject to the data protection laws of a jurisdiction connected to the place of collection or the residence of the individual. This Privacy Policy does not create, extend or modify any foreign law. In some instances, however, these laws may provide you with additional rights, and place additional obligations on us when handling your personal information. It is not practicable in this Privacy Policy to list all jurisdictions which may be involved in this manner, but we provide key examples below.


Where EEC law applies. The European Union General Data Protection Regulation (“GDPR”) may provide additional protection to individuals located in Europe. Your rights under the GDPR (when applicable) include the following:


  1. right to obtain confirmation as to whether your personal data is being processed, access to your personal data, and information regarding the processing;

  2. right to rectify inaccurate or incomplete personal data concerning you;

  3. right to erasure of your personal data;

  4. right to restrict processing of your personal data;

  5. right to object to the processing of your personal data;

  6. right to object to decision making based solely on automated processing;

  7. right to receive your personal data in a structured, commonly used and machine-readable format and have the right to transmit that data to another controller (i.e., “data portability”);

  8. right to unsubscribe from marketing materials;

  9. right to withdraw consent to any consent-based processing activities; and/or

  10. right to lodge a complaint with relevant supervisory or other authorities.


Where UK law applies. The GDPR is effectively implemented in the United Kingdom by virtue of the Data Protection Act 2018. The rights described above which attach to European data subjects in certain circumstances apply equally to United Kingdom data subjects by virtue of the Data Protection Act, and are observed by us in the same manner when applicable.


Where the law of California applies. Californian residents may in some circumstances have rights under the California Consumer Privacy Act (CCPA). Your rights under the CCPA (when applicable) include the following:


  1. the right to know, via a general privacy policy or notice, what personal information we have collected about you, its source, and the purpose for which it is being used;

  2. the right to access the personal information collected by us;

  3. the right to delete personal information held by us and, by extension, any of our service providers;

  4. the right to opt-out of the sale of personal information (as distinct from the collection or other uses of that information); and

  5. the right to non-discrimination in the sense that you have the right to receive equal service and pricing from us even if you exercise your privacy rights under the CCPA. For example, we would be prohibited from denying goods or services, charging different prices, or providing a different quality of goods or services to you on this basis alone.


Where the law of other US states apply. The rights of individuals to whom the laws of Virginia, Colorado, Connecticut or Utah apply are set out, respectively, in the Virginia Consumer Data Protection Act, the Colorado Privacy Act, the Connecticut Data Privacy Act and the Utah Consumer Privacy Act. Under each of these laws (when applicable), you have the right to request that we:


  1. confirm whether or not we are processing your personal information and provide you with access to such personal information;

  2. correct inaccuracies in your personal information, taking into account the nature of the personal information and the purposes of the processing of the personal information;

  3. delete your personal information;

  4. provide you a copy of personal information that you previously provided to us in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the data to another business, where our processing is carried out by automated means; and

  5. opt you out of the processing of the personal information for purposes of targeted advertising, the sale of personal information, or profiling in furtherance of decisions that produce legal or similarly significant effects concerning you.


Other jurisdictions. Other jurisdictions may also have data protection laws which from time to time apply to us, either because we are doing business or employing individuals in that jurisdiction. Wherever that is the case, we commit to complying with our obligations under those laws.

Amendments to this policy

We reserve the right to change and modify this Privacy Policy at any time without prior notice. Your continued use of our services following the posting on our website of changes to these terms means you accept these changes. You will always have access to the most recent policy at https://www.media.com/privacy.

How to contact us about privacy

If you have any queries, or if you seek access to your personal information, or if you have a complaint about our privacy practices, you can write us at: [email protected]


This policy was last updated on 3 June 2024