MACH Alliance Privacy Notice
Last updated 29 April 2021
This privacy notice explains how we, MACH Alliance, Inc. of 48 Wall Street, Suite 1100, New York, NY 10005, USA (“MACH Alliance”, “we”, “us”, “our”) process your personal information (“you”, “your”) when you use our website or services.
Individuals in the European Economic Area (EEA) and the UK should also read our section about “Your EEA & UK Rights”.
Who does this privacy notice apply to?
This notice applies to:
our website users;
our members, ambassadors and other service users; and
persons who interact with us, when you call us, chat with us, or email us.
This notice applies to you whether you act in your personal capacity or as employee or agent of an organisation.
What types of information do we collect?
Generally, “personal information”, “personal data” or similar terms refer to any information that identifies you or relates to you. However, the exact meaning of personal information may be determined by the law of the country of your residence.
We will process the following information which may be considered personal information:
Your user details when you sign up for membership or our services, such as your name, professional and academic details, year of birth, interests, details of your role if you act on behalf of an organisation, contact details such as your personal or professional postal address, email address and telephone number as well as your professional social media details.
Your proof of identity and proof of address for the purposes of due diligence.
When accessing our website and our services, your device and browser will automatically provide unique information such as mobile device ID, internet protocol (IP) address, cookie ID or online identifiers, geolocation data, operating
system, browser type, time zone setting and date and time of access.
Our systems may record usage data about how you navigate and engage with our website and services, download materials or use our features, security logs, and online activity data such as clickstream data with URLs visited previously, page interaction information (such as scrolling, clicks, and mouse-overs), your preferences (including country and language), and methods used to browse
away from our content or services, and interests observed or inferred.
We may keep activity records in relation to our members, ambassadors and service users about the services provided, issues reported, resolution offered, etc.
third party data such as your interaction with our posts and content and ‘likes’ on social media platforms, profile information from advertising and analytics partners and information from our suppliers;
When we send you emails, we may collect technical email interaction information, such as open rates and if you clicked on any content.
When you contact or visit us, we may process the details of your request, communications, complaints or other interaction.
We may be unable to provide our services or respond to your enquiries unless you provide the relevant personal information, and some personal information will be mandatory for our compliance with the law.
We will rely on the information provided by you as accurate, complete and up to date, and we would be grateful if you could inform us of any changes.
What information do we collect and why?
Generally, we will use your personal information to (i) deliver our website and services; (ii) respond to your queries; (iii) develop and promote our organisation, website and services; (iv) ensure the security and technical availability of our website and services; and (v) comply with the law.
* If you are an individual in the EEA or the UK, we have to inform you about the “legal ground” for us to use your “personal data”. This will typically be our legitimate interest to use your personal data to ensure that our website and services are provided properly, efficiently and securely, as is further explained in the table below.
Legal ground for processing*
(for individuals in the EEA and UK only)
To assist and contact you in relation to your
Necessary for our legitimate interest in responding to maintaining relationships administering our business or to take necessary steps at your request prior to entering into a contract with you.
To register you as a member, ambassador or service user when you sign up for our services.
user details contact details due diligence information
Necessary for the performance of our
To manage our relationship with you as a member, ambassador or user and send you service communications about matters relevant to your use of our services and your engagement with us, such as events, surveys, changes in our terms, etc.
Service communications are necessary for the performance of our contract
To send you promotional information
For example, we may send you our email newsletter if you subscribe or we may use your contact details to display relevant ads
Our targeted online advertising relies on interests known, observed or inferred about you from our information as well as third
We will use your information as is necessary for our legitimate interest in understanding your interests for direct marketing purposes from the information available to us, information observed or inferred and third party information, in promoting our business and understanding campaign metrics.
We will obtain your consent where required by law. For example, your consent will be required to place cookies or similar technologies on your device or to read information on your device.
To improve and develop our website and
Necessary for our legitimate interest in delivering our services properly, efficiently and understanding our users’ needs.
To ensure proper administration of our
Necessary for our legitimate interest in the proper administration of our business, dispute resolution, ensuring technical operation of our website and services and debt collection and necessary for compliance with a legal
To engage our third party service
security and others.
all information necessary to enable the relevant service
Some activities are necessary for the performance of our contract with you, others are necessary for our legitimate
To monitor our networks, website and systems for suspicious activities, test and audit our systems and
Necessary for our legitimate interest
deploy appropriate security
device & browser data
necessary for compliance with a legal
To monitor operations, user activity and networks for fraud prevention
Necessary for our legitimate interest in detecting and preventing fraud and illegal conduct and necessary for compliance with a legal obligation to which we are subject.
To share information with our member
any necessary information on a proportionate and lawful basis
Necessary for our legitimate interest in using our group’s resources to organise, develop and deliver our website and services, run our organisation and decide on future strategies.
To share data with another organisation in accordance with the law for the purposes of a joint venture, collaboration, financing,
data necessary in connection with the event
Necessary for our legitimate interest in acting in the best interest of our shareholders and investors and complying with our legal obligations.
To process information as is required for our compliance with the law or to establish, exercise or defend legal claims.
To process and share information with other third parties where required by law, such as regulators, law enforcement agencies or where mandatory under a court order.
Any information subject mandatory processing or disclosure, where this is proportionate and lawful
Where processing or sharing your data is necessary for compliance with a legal
Sharing your information
We will generally not share your information except with (i) our third party service providers who may process personal information on our behalf, (ii) our advertising, marketing and analytics partners, as explained above, (ii) our member companies for the purposes set out above, (iii) persons or authorities where we are compelled by law, and (iv) other third parties where you have provided your consent.
Third parties may process your information
Our website may contain links to other websites, third party services and plugins. You should check the privacy statements of these third party providers before you use them as MACH Alliance is not responsible for how they may process your personal information.
How long is your information kept?
We will keep your personal information for as long as is necessary for the purposes listed above or longer if required by law. Generally, we will keep your personal information for 6 years from collection or for one year after you ceased to be a member, ambassador or user, but often earlier deletion will be mandated by our retention policy. Please get in touch for more information.
After the retention period, your personal information will either be securely deleted or anonymised and it may be used for analytical purposes. You must back up your data if you wish to keep it for longer.
How do we secure your information?
We maintain appropriate organisational and technological safeguards to help protect against unauthorised use, access to or accidental loss, alteration or destruction of the personal information we hold. We also seek to ensure our third-party service providers do the same.
We will endeavour to use the least amount of personal information as is required for each purpose. We will employ pseudonymisation and anonymisation techniques, where appropriate.
Our staff will access your personal information on a “need to know” basis.
10. Where is your information processed?
We may transfer your personal information to our member companies, suppliers and other third parties in countries different to your country of residence. Generally, your information is held in the United States.
We will comply with applicable rules about international transfer of personal information.
If you would like us to stop sending you marketing communications and to process your personal information for direct marketing purposes, please let us know.
You can request to stop receiving our marketing communications at any time by clicking on the unsubscribe link at the bottom of each marketing message.
Please email us if you have any queries or concerns about how we use your personal information. We will try to resolve your query without undue delay.
E-mail: email@example.com 13. Updates
If we make any changes to our notice you will be able to see them on this page. You should regularly check for updates, as indicated by the “Last updated” date at the top.
If you do not agree with the changes, please do not continue to use our website or services. Of course, if any such changes significantly affect you, we will ask for your prior consent where we are required to do so by law.
This section provides further disclosures and describes the rights in relation to
your personal data that you may have under The General Data Protection
Regulation (“GDPR”) if you are an individual in the EEA or the UK.
A. Personal data
“Personal data” means any information relating to an identified or identifiable natural person; such person is known as a ‘data subject’. In practice, almost all information relating to you will be your personal data.
B. How do we process your information and why?
We will process your personal data as “controller” for the purposes and on the legal grounds for processing set out above.
We will update you about any new purposes of processing of your personal data from time to time, and we will obtain your prior consent for such new purposes where we are required to do so at law.
C. Data subject rights
Subject to certain exemptions, limitations and appropriate proof of identity, as a data subject, you will generally have numerous rights in relation to your personal data that you may exercise with the controller, including the following:
Right to information about matters set out in this notice. You may also contact us for further details about our retention policy and international data transfers.
Right to make an access request to receive copies of personal data.
Right to rectification of any inaccurate or incomplete personal data.
Right to withdraw consent previously provided.
Right to object to our processing of personal data based on our legitimate
interests, and any automated processing and profiling.
Right to erasure of personal data, within limited circumstances.
Restriction on the processing of personal data.
Right to data portability from one service provider to another, where
Right to lodge a complaint with your country’s supervisory authority, such as
the Information Commissioner’s Office in the UK.
All requests will be processed in a timely manner, generally within one month. If we cannot process your request within this period we shall explain why and process it as soon as possible thereafter.
D. Contact us about data protection
Please contact MACH Alliance if you have any queries or concerns about how we use your personal data. You can contact us using the details above or the details of our representative below. We will try to resolve your query without undue delay.
E-mail: MACH firstname.lastname@example.org