MACH Alliance Privacy Notice

Last updated 29 April 2021

This privacy notice explains how we, MACH Alliance, Inc. of 48 Wall Street, Suite 1100, New York, NY 10005, USA (“MACH Alliance”, “we”, “us”, “our”) process your personal information (“you”, “your”) when you use our website or services.

Individuals in the European Economic Area (EEA) and the UK should also read our section about “Your EEA & UK Rights”.

  1. Who does this privacy notice apply to?

    This notice applies to:

    • our website users;

    • our members, ambassadors and other service users; and

    • persons who interact with us, when you call us, chat with us, or email us.

      This notice applies to you whether you act in your personal capacity or as employee or agent of an organisation.

  2. What types of information do we collect?

    Generally, “personal information”, “personal data” or similar terms refer to any information that identifies you or relates to you. However, the exact meaning of personal information may be determined by the law of the country of your residence.

    We will process the following information which may be considered personal information:

    • Your user details when you sign up for membership or our services, such as your name, professional and academic details, year of birth, interests, details of your role if you act on behalf of an organisation, contact details such as your personal or professional postal address, email address and telephone number as well as your professional social media details.

    • Your proof of identity and proof of address for the purposes of due diligence.

    • When accessing our website and our services, your device and browser will automatically provide unique information such as mobile device ID, internet protocol (IP) address, cookie ID or online identifiers, geolocation data, operating

      system, browser type, time zone setting and date and time of access.

    • Our systems may record usage data about how you navigate and engage with our website and services, download materials or use our features, security logs, and online activity data such as clickstream data with URLs visited previously, page interaction information (such as scrolling, clicks, and mouse-overs), your preferences (including country and language), and methods used to browse

      away from our content or services, and interests observed or inferred.

  • We may keep activity records in relation to our members, ambassadors and service users about the services provided, issues reported, resolution offered, etc.

  • third party data such as your interaction with our posts and content and ‘likes’ on social media platforms, profile information from advertising and analytics partners and information from our suppliers;

  • When we send you emails, we may collect technical email interaction information, such as open rates and if you clicked on any content.

  • When you contact or visit us, we may process the details of your request, communications, complaints or other interaction.

    We may be unable to provide our services or respond to your enquiries unless you provide the relevant personal information, and some personal information will be mandatory for our compliance with the law.

  1. Data accuracy

    We will rely on the information provided by you as accurate, complete and up to date, and we would be grateful if you could inform us of any changes.

  2. What information do we collect and why?

    Generally, we will use your personal information to (i) deliver our website and services; (ii) respond to your queries; (iii) develop and promote our organisation, website and services; (iv) ensure the security and technical availability of our website and services; and (v) comply with the law.

    * If you are an individual in the EEA or the UK, we have to inform you about the “legal ground” for us to use your “personal data”. This will typically be our legitimate interest to use your personal data to ensure that our website and services are provided properly, efficiently and securely, as is further explained in the table below.


Personal information

Legal ground for processing*

(for individuals in the EEA and UK only)

To assist and contact you in relation to your
or to send you information which you have requested about our services if you contact us.

  • user details

  • contact details

  • activity records

  • details of your


Necessary for our legitimate interest in responding to maintaining relationships administering our business or to take necessary steps at your request prior to entering into a contract with you. 

To register you as a member, ambassador or service user when you sign up for our services.

user details contact details due diligence information

Necessary for the performance of our
with you and for our legitimate interest in administering our user base and fulfilling requests.

To manage our relationship with you as a member, ambassador or user and send you service communications about matters relevant to your use of our services and your engagement with us, such as events, surveys, changes in our terms, etc.

  • user details

  • contact details

  • device & browser data

  • activity records

  • usage data

Service communications are necessary for the performance of our contract
with you. Other notifications are necessary for our legitimate interest in satisfying your requests, facilitating our services and organising related business activities.

To send you promotional information
through various marketing channels including post, email, social media, telephone, SMS, etc. about our services and our organisation, reviewing and
optimising campaign performance
and profiling information about your interests known, observed or inferred for direct
marketing purposes

For example, we may send you our email newsletter if you subscribe or we may use your contact details to display relevant ads
through Facebook, LinkedIn, Twitter or other social media platforms. Social media and advertising providers may use their own information about you to help us make our ads most relevant.

Our targeted online advertising relies on interests known, observed or inferred about you from our information as well as third
party data
to send you ads that you might be interested in. In this regard, we rely on Google AdWords, Dynamic Remarketing,
Twitter, Facebook and LinkedIn
Advertising, Hubspot, Google Analytics,
Tag Manager, Ad Manager
and other advertising partners for targeted advertising, activity monitoring and optimisation of our direct marketing efforts.

  • user details

  • contact details             

  • usage data

  • activity record

  • email interaction


  • device & browser


  • third party data

We will use your information as is necessary for our legitimate interest in understanding your interests for direct marketing purposes from the information available to us, information observed or inferred and third party information, in promoting our business and understanding campaign metrics.

We will obtain your consent where required by law. For example, your consent will be required to place cookies or similar technologies on your device or to read information on your device.

To improve and develop our website and
service functionality
, including to:

  • obtain feedback;

  • conduct statistical analysis

  • use Google Analytics to understand the demographics of our website users;

  • make services and features more


  • improve user experience; and

  • work with third parties and evaluate data

    to improve and develop our services.

usage data
device & browser

anonymised data

Necessary for our legitimate interest in delivering our services properly, efficiently and understanding our users’ needs.

We will use cookies and similar technologies if you provided your consent.

To ensure proper administration of our
, including to:

  • keep appropriate records about how our

    services are used;

  • resolve complaints;

  • conduct troubleshooting;

  • manage our business relationships and

    identify opportunities;

  • register interactions with our

    communications, such as emails; and

  • debt collection.

  • user details

  • contact details

  • usage data

  • activity records

  • details of your


  • anonymised data

Necessary for our legitimate interest in the proper administration of our business, dispute resolution, ensuring technical operation of our website and services and debt collection and necessary for compliance with a legal
to which we are subject.

To engage our third party service
who may process your information on our behalf to facilitate the provision of our services and the fulfilment of essential service functions, such as web hosting, cloud storage, analytics, payments, plugins, communications, accounting,

security and others.

all information necessary to enable the relevant service

Some activities are necessary for the performance of our contract with you, others are necessary for our legitimate
in ensuring the proper operation of our website and services.

To monitor our networks, website and systems for suspicious activities, test and audit our systems and

  • activity records

  • usage data

Necessary for our legitimate interest
to ensure the security of our organisation, people and services and

deploy appropriate security

device & browser data

security logs

necessary for compliance with a legal
to which we are subject.

To monitor operations, user activity and networks for fraud prevention
and crime detection purposes, including information from third
who may help us verify your identity or alert us about

suspicious activities.

  • client details

  • activity & usage


  • browser & device


  • interaction data

Necessary for our legitimate interest in detecting and preventing fraud and illegal conduct and necessary for compliance with a legal obligation to which we are subject.

To share information with our member

any necessary information on a proportionate and lawful basis

Necessary for our legitimate interest in using our group’s resources to organise, develop and deliver our website and services, run our organisation and decide on future strategies.

To share data with another organisation in accordance with the law for the purposes of a joint venture, collaboration, financing,
sale, merger, reorganisation
or similar event relating to our business.

data necessary in connection with the event

Necessary for our legitimate interest in acting in the best interest of our shareholders and investors and complying with our legal obligations.

To process information as is required for our compliance with the law or to establish, exercise or defend legal claims.

To process and share information with other third parties where required by law, such as regulators, law enforcement agencies or where mandatory under a court order.

Any information subject mandatory processing or disclosure, where this is proportionate and lawful

Where processing or sharing your data is necessary for compliance with a legal
to which we are subject, to establish, exercise or defend legal claims or, where necessary and proportionate, in order to satisfy our legitimate interest in complying with best practice or applicable laws.

  1. Sharing your information

    We will generally not share your information except with (i) our third party service providers who may process personal information on our behalf, (ii) our advertising, marketing and analytics partners, as explained above, (ii) our member companies for the purposes set out above, (iii) persons or authorities where we are compelled by law, and (iv) other third parties where you have provided your consent.

  2. Third parties may process your information

    Our website may contain links to other websites, third party services and plugins. You should check the privacy statements of these third party providers before you use them as MACH Alliance is not responsible for how they may process your personal information.

  3. How long is your information kept?

    We will keep your personal information for as long as is necessary for the purposes listed above or longer if required by law. Generally, we will keep your personal information for 6 years from collection or for one year after you ceased to be a member, ambassador or user, but often earlier deletion will be mandated by our retention policy. Please get in touch for more information.

    After the retention period, your personal information will either be securely deleted or anonymised and it may be used for analytical purposes. You must back up your data if you wish to keep it for longer.

  1. How do we secure your information?

    We maintain appropriate organisational and technological safeguards to help protect against unauthorised use, access to or accidental loss, alteration or destruction of the personal information we hold. We also seek to ensure our third-party service providers do the same.

    We will endeavour to use the least amount of personal information as is required for each purpose. We will employ pseudonymisation and anonymisation techniques, where appropriate.

    Our staff will access your personal information on a “need to know” basis.

  2. How do we use cookies?

    We use cookies and similar technologies to capture online activity data when you access our website or interact with our emails. For further information on our use of cookies, please see our cookie notice.

10. Where is your information processed?

We may transfer your personal information to our member companies, suppliers and other third parties in countries different to your country of residence. Generally, your information is held in the United States.

We will comply with applicable rules about international transfer of personal information.

11. Opt-out

If you would like us to stop sending you marketing communications and to process your personal information for direct marketing purposes, please let us know.

You can request to stop receiving our marketing communications at any time by clicking on the unsubscribe link at the bottom of each marketing message.

12. Contactus

Please email us if you have any queries or concerns about how we use your personal information. We will try to resolve your query without undue delay.

E-mail: 13. Updates

If we make any changes to our notice you will be able to see them on this page. You should regularly check for updates, as indicated by the “Last updated” date at the top.

If you do not agree with the changes, please do not continue to use our website or services. Of course, if any such changes significantly affect you, we will ask for your prior consent where we are required to do so by law.

14. YourEEA&UKRights

This section provides further disclosures and describes the rights in relation to
your personal data that you may have under The General Data Protection
Regulation (“GDPR”) if you are an individual in the EEA or the UK.

A. Personal data
Personal data” means any information relating to an identified or identifiable natural person; such person is known as a ‘data subject’. In practice, almost all information relating to you will be your personal data.

B. How do we process your information and why?
We will process your personal data as “controller” for the purposes and on the legal grounds for processing set out above.

We will update you about any new purposes of processing of your personal data from time to time, and we will obtain your prior consent for such new purposes where we are required to do so at law.

C. Data subject rights

Subject to certain exemptions, limitations and appropriate proof of identity, as a data subject, you will generally have numerous rights in relation to your personal data that you may exercise with the controller, including the following:

  • Right to information about matters set out in this notice. You may also contact us for further details about our retention policy and international data transfers.

  • Right to make an access request to receive copies of personal data.

  • Right to rectification of any inaccurate or incomplete personal data.

  • Right to withdraw consent previously provided.

  • Right to object to our processing of personal data based on our legitimate

    interests, and any automated processing and profiling.

  • Right to erasure of personal data, within limited circumstances.

  • Restriction on the processing of personal data.

  • Right to data portability from one service provider to another, where


  • Right to lodge a complaint with your country’s supervisory authority, such as

    the Information Commissioner’s Office in the UK.

    All requests will be processed in a timely manner, generally within one month. If we cannot process your request within this period we shall explain why and process it as soon as possible thereafter.

    D. Contact us about data protection

    Please contact MACH Alliance if you have any queries or concerns about how we use your personal data. You can contact us using the details above or the details of our representative below. We will try to resolve your query without undue delay.

E-mail: MACH