This Privacy Notice is provided for the Mavens website (https://mavens.com) by Mavens Komodo Health LLC and Mavens Limited (Mavens, ‘we‘ or ‘us‘). We are a ‘controller’ for the purposes of the General Data Protection Regulation (EU) 2016/679 and the UK’s Data Protection Act 2018 (the “GDPR and UK DPA”), and a ‘business’ for the purposes of the California Consumer Privacy Act (the “CCPA”, and collectively with the GDPR and UK DPA referred to as the “Data Protection Laws“). However, we may be acting as a ‘processor’ when we are processing personal data on behalf of a controller (for example, if you are one of our customers and we process personal data under your instructions to provide our services). This notice explains how we process your data when we are a controller.
We take your privacy very seriously. We ask that you read this Privacy Notice carefully as it contains important information about our processing and your rights.
How to contact us
If you have any questions about this Privacy Notice, how we handle your personal data, or would like to exercise any of your rights, please contact:
In the United Kingdom
Chief Privacy Officer | |
Address: | Holborn Town Hall, 193 – 197 High Holborn, London, WC1V 7BD United Kingdom |
Telephone number: | +44 207 242 1411 |
Email: | trust-and-safety@komodohealth.com |
Global
Chief Privacy Officer | |
Address: | 680 Folsom Street Suite 500 San Francisco, CA 94107 United States |
Telephone number: | (888) 919-1959 |
Email: | trust-and-safety@komodohealth.com |
Changes to the Privacy Notice
The latest version of the Privacy Notice can be found here on our website at [https://www.mavens.com/privacy-policy]. We may change this Privacy Notice from time to time so we encourage you to periodically review this Privacy Notice to be informed about how we are protecting your personal data.
Current version: March 2021
USEFUL WORDS AND PHRASES
We have listed below certain words and phrases that have particular meanings in the Data Protection Laws and are used throughout this Privacy Notice:
Term | Definition |
controller | This means any person who determines the purposes for which, and the manner in which, any personal data is processed. For the purpose of this Privacy Notice, we are acting as the controller. |
Data Protection Laws | This means the laws which govern the handling of personal data. This includes the General Data Protection Regulation (EU) 2016/679, the Data Protection Act 2018, the California Consumer Privacy Act and further laws and statutory instruments relating to such regulations from time to time. |
data subject | This means the person to whom the personal data relates. |
ICO | This means the UK Information Commissioner’s Office, which is responsible for implementing, overseeing and enforcing the Data Protection Laws in the UK. |
personal data | This means any information from which a living individual can be identified.
This will include information such as telephone numbers, names, addresses, e-mail addresses, photographs and voice recordings. It will also include expressions of opinion and indications of intentions about data subjects (and their own expressions of opinion/intentions).
It will also cover information which on its own does not identify someone but which would identify them if put together with other information which we have or are likely to have in the future. |
processing | This covers virtually anything anyone can do with personal data, including:
|
special categories of personal data | This means any information relating to:
|
WHAT PERSONAL DATA WE COLLECT AND WHAT WE USE IT FOR:
We may collect, use, store and transfer different kinds of personal data about you, which we have been provided with as follows:
- Direct Interactions: You may give us your personal data by filling in forms or by corresponding with us by post, phone, and email or otherwise. This includes personal data you provide when you
- Procure our services: When you procure our services, we collect information from you including:
- your name, the name of your company, your job title, your geographic location, area of responsibility, your professional email address, your professional phone number (including your work mobile number),
- your billing address and payment information (including credit card numbers, account details and payment information);
- Give us feedback or contact us: When you contact us, we will collect your name, your email address, your phone number and any other information you may provide us with.
- Job application: When you apply for a job vacancy through the careers section of our website or submit an open application, we will collect your name, email address and any information that you may provide on your CV and application form. Please see our Career section https://mavens.com/careers/ for further details.
- Procure our services: When you procure our services, we collect information from you including:
- Information automatically collected when you use our website: As you interact with our website, we will automatically collect information about your device, browsing actions and patterns, IP address, time zone and some of the cookies that are installed on your device (“Device Information”). We collect this personal data by using cookies server logs, web beacons, tags, pixels and other similar technologies. We may also receive information about you if you visit other websites employing our cookies. Please see our cookie policy below for further details.
- Third parties or publicly available sources. We will receive personal data about you from various third parties as set out below:
- Technical Data from the following parties:
- Analytics providers such as Google Analytics based outside the EU: Google Analytics sets cookies (small text files stored via a user’s browser, which are set and read by Google) on your device via a browser. We use the data collected by these cookies to determine the number of people using our website, to better understand how they find and use our web pages and to see their journey through the website.Although Google Analytics records data such as your geographical location, device, internet browser and operating system, none of this information personally identifies you to us. Google Analytics also records your computer’s IP address, which could be used to personally identify you, but Google does not grant us access to this. Please refer to Google’s privacy policy for more information. Google Analytics makes use of cookies, details of which can be found on Google’s developer guides.Disabling cookies on your internet browser will stop Google Analytics from tracking any part of your visit to pages within this website. For more information please see our cookie policy below.
- Technical Data from the following parties:
-
-
- advertising networks such as LinkedIn based outside the EU; and
- search information providers such as Zoom info based outside the EU.
-
We do not knowingly process any special categories of personal data and you agree that you shall not upload such special categories of personal data to our website without our prior authorization.
HOW WE KEEP YOUR PERSONAL DATA SECURE:
We implement appropriate technical and organizational measures, including encryption of the personal data you provide us with, in order to protect your personal data against accidental or unlawful destruction, accidental loss or alteration, unauthorized disclosure or access and any other unlawful forms of processing. We aim to ensure that the level of security and the measures adopted to protect your personal data are appropriate for the risks presented by the nature and use of your personal data.
WHY DO WE PROCESS YOUR PERSONAL DATA:
We use your personal data for the following purposes listed in this section. We are allowed to do so on certain legal bases (please see section ‘How is processing your data lawful‘ for further detail):
Type of data | Why do we need it? | Lawful basis for processing |
Direct Information collected from you when you procure our services | To fulfil any service procurement request placed through our website or via email or the phone (including processing your payment information, the provision of our services and providing you with invoices and/or order confirmations). | 1. Processing is necessary for the performance of a contract we have with you;
2. Processing is necessary to fulfil our legitimate business interests; and 3. Processing is necessary to comply with a legal obligation (Tax and VAT collection for example). |
To communicate with you | 1. We have you consent to do so;
2. Processing is necessary for the performance of a contract we have with you; 3. Processing is necessary to fulfill our legitimate business interests. |
|
To provide you with our newsletter/ information or advertisements relating to our services when in line with the preferences you have shared with us | 1. We have you consent to do so;
2. Processing is necessary for the performance of a contract we have with you; and 3. Processing is necessary to fulfill our legitimate business interests. |
|
Device Information | To help us screen for potential risk and fraud (in particular, your IP address) | Processing is necessary to fulfill our legitimate business interests. |
To improve and optimize our Site (for example by generating analytics about how our customers browse and interact with the Site, and to assess the success of our marketing and advertising campaigns. | Processing is necessary to fulfill our legitimate business interests. | |
Job Application | To help us consider your suitability in respect of the role for which you have applied or to consider your application in respect of other roles at Mavens, both at present and in the future. | 1. Processing is necessary to fulfill our legitimate business interests; and
2. We have you consent to do so. |
HOW IS PROCESSING YOUR PERSONAL DATA LAWFUL:
We are allowed to process your personal data based on the following legal bases for the purposes explained in this Website Privacy Notice:
- Legitimate Interests – We are permitted to process your personal data if it is based on our ‘legitimate interests’ i.e. we have good, sensible, practical reasons for processing your personal data which is in our interests. To do so, we have considered the impact on your interests and rights, and have placed appropriate safeguards to ensure that the intrusion on your privacy is reduced as much as possible. The table in the previous section “Why do we process your personal data” explains the personal data processed on this basis.You can object to processing that we carry out on the grounds of legitimate interests. See the section headed “Your Rights” to find out how.
- Contract It is necessary for our performance of the contract you have agreed to enter with us. If you do not provide your personal data to us, we will not be able to carry out our obligations under the terms of your contract.
- Legal obligation – We are subject to legal obligations to process your personal data for the purposes of complying with applicable regulatory rules (e.g. to collect VAT on behalf of HMRC in the UK) and to make mandatory disclosures to government bodies and law enforcement agencies.
- Consent – Sometimes we want to use your personal data in a way that is entirely optional for you, such as when you give consent for us to place cookies on your device or when you give consent for us to send you our newsletter or marketing information about our services and business updates. On these occasions, we will ask for your consent to use your information. You can withdraw this consent at any time.
ORGANIZATIONS THAT WE MAY SHARE YOUR DATA WITH:
We use processors to support our IT systems and operate our website, such as website hosting, enquiry functionality and support for our customers when using our services. Some of these service providers will process your data as part of the services they offer to us. We take steps to ensure that our service providers treat your data in accordance with the law, only use it in accordance with our contract with them and keep it secure. Mavenplus Private Limited (India) for example provides support to our customers by testing our customers’ application and for account payable review processing on our behalf. To do so, this service provider has access to our Customer Relationship Management and Sales force database.
If you would like to know the names of our other service providers, please contact us (see section “How to Contact Us“).
Your personal data is transferred outside of the UK and the EEA (mainly to the USA) in order for our service providers, including Mavenplus Private Limited, which is located in India, to provide services to us. Any transfer of your data outside the UK and the EEA will be carried out in accordance with the law to safeguard your privacy rights and give you remedies in the unlikely event of a security breach or to any other similar approved mechanisms.
RETENTION AND DELETION OF YOUR PERSONAL DATA:
We only retain your personal data for as long as we need it by law. The following categories of personal data will be kept for the following periods and will be securely deleted/ destroyed after the expiry of the retention period:
Data we process | How long this will be held for |
Device Information (cookies/analytics data) | Please see our cookie policy below for the retention period for each type of cookie. |
Service procurement Information | 6 years after termination of our contractual relationship. |
Information from enquiry forms | Until the enquiry has been completed and no further responses are received for a reasonable period. If you are an existing customer, the enquiry may be added to other information that we hold about you as a customer. |
Complaints data | For a period of up to 6 years after resolution of the complaint. If you are an existing customer, the complaint and its resolution may be added to other information that we hold about you as a customer. |
Newsletter / marketing requests | Until you tell us that you no longer wish to receive our newsletter or marketing material. |
Job Application data | 12 months from your last interaction with us.
If you are successful, the data we collected during the application and hiring process may be added to your employee file, that we will retain for a period of 6 years after termination of your employment with us. |
YOUR RIGHTS UNDER THE GDPR AND UK DPA:
As a European data subject, you have the following legal rights under the GDPR and UK DPA in relation to your personal data. You can exercise these rights free of charge, by contacting us (please see “How to contact us“). We will respond to any rights that you exercise within a month of receiving the request unless the request is particularly complex, in which case we will respond within three months.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response
Please be aware that there are exceptions and exemptions that apply to some of these rights, which we will apply in accordance with the GDPR and UK DPA, as applicable.
YOUR DATA PROTECTION RIGHTS | WHAT DOES THIS MEAN? |
1. Right to be informed | You have the right to be provided with clear, transparent and easily understandable information about how we use your personal data and what your rights are. This is why we are providing you this Privacy Notice. |
2. Right of access | You have the right to obtain access to your personal data we process and certain other information (similar to that provided in this Privacy Notice).
This is so you are aware and can check that we are using your information in accordance with the GDPR and UK DPA.
You may ask for:
· A copy of your information; · Details of the purpose for which it is being processed; · Details of the recipients or classes of recipients to whom it is or could be disclosed, including if they are overseas and what protections they have in place; · The period for which it is held (or the criteria which determines this); · Any information available about the source of the data; and · Whether we carry out any automated decision-making or profiling, and where we do information about the logic involved and the outcome or consequences of that decision or profiling.
To help us find the information, please give us as much information as possible about the type of personal data you would like to see. |
3. Right to rectification | You are entitled to have your information corrected if it is inaccurate or incomplete. If you would like us to do this, please contact us (see section “How to Contact Us“). |
4. Rights to ask us to stop contact you with direct marketing | You can ask us to stop contacting you for direct marketing purposes. If you would like to do so, please contact us. |
5. Right to erasure | This is also known as the ‘right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where:
· You do not believe that we need your data in order to process it for the purposes set out in this Privacy Notice; · If you had given us consent to process your data, you withdraw that consent and we cannot otherwise legally process your data; · You object to our processing and we do not have any legitimate interests that mean we can continue to process your data; or · Your data has been processed unlawfully or have not been erased when it should have been. |
6. Right to restrict processing | You have rights to ‘block’ or suppress further use of your information. When processing is restricted we can still store your information, but may not use it further. You may request that we stop processing your personal data temporarily if:
· You do not think your data is accurate. We will start processing again once we have checked whether or not the data is accurate; · The processing is unlawful but you do not want to erase your data; · We no longer need the personal data for our processing, but you need the data to establish, exercise or defend legal claims; or · You have objected to the processing because you believe that your interests should override our legitimate interests. |
7. Right to data portability | You have rights in certain circumstances to obtain and reuse your personal data for your own purposes across different services. |
8. Right to object to processing | You have the right to object to certain types of processing, including processing based on our legitimate interests and processing for direct marketing. |
9. Right to withdraw consent | If you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time (although if you do so, that does not mean anything we have done with your personal data with your consent up to that point is unlawful.)
We make this withdrawal easy for you by contacting you via email to allow you to assess the consent which you have given us. |
You may be entitled to compensation for damage caused by contravention of the GDPR and UK DPA.
Complaints to the regulator
It is important that you ensure you have read this Privacy Notice. If you do not think that we have processed your data in accordance with this Privacy Notice, you should let us know as soon as possible. You also have the right to complain to the Information Commissioner’s Office (ICO). Information about how to do this is available on its website at www.ico.org.uk.
CALIFORNIA PRIVACY RIGHTS
a) Introduction
If you are a California resident you may also have the right:
- To request disclosure of the categories and specific pieces of Personal Information collected about you;
- To request the disclosure of the business purpose for collecting or selling Personal Information, the categories of third parties with whom it is shared, and the categories of sources from which Personal Information is collected;
- To request the deletion of Personal Information, subject to the limitations set forth in California Civil Code Section 1798.105(d); not to be discriminated against for exercising the rights guaranteed by California Civil Code Section 1798.100 et seq.
For a list of categories of Personal Information collected and the purposes for the processing of that Personal Information, please refer to Sections II and IV above.
b) Requests to Know
You have the right to request that we disclose:
- The categories of Personal Information we collect;
- The categories of Personal Information we have sold or disclosed for a business purpose;
- The categories of sources from which we collect Personal Information about you;
- Our business or commercial purpose for selling or collecting Personal Information;
- The categories of Personal Information sold or shared about you, as well as the categories of third parties to whom the Personal Information was sold, by category of Personal Information for each party to whom information was sold;
- The specific pieces of Personal Information collected about you.
Delivery may take place electronically or by mail. We are not required to respond to requests relating to Personal Information more than twice in a 12-month period.
c) Requests to Delete
With certain exceptions, you have the right to request that we delete any Personal Information we have collected about you. Upon receiving a verified request to delete Personal Information about you, we will do so unless otherwise authorized by law.
d) Verifiable Requests
We will acknowledge the receipt of requests to know or requests to delete Personal Information free of charge, within 10 business days. In order to protect your privacy and the security of Personal Information, we may verify your request by asking you to provide additional Personal Information for us to verify your identity. We will respond to your request within 45 calendar days of receipt, provided that we have been able to successfully verify your identity.
You may submit a request to know or a request to delete Personal Information via (888) 919-1959 or Request for Access.
e) Sale of Personal Information
In the last 12 months, we have not sold Personal Information collected in and through the Site or Personal Information relating to our customers. With respect to our practices relating to Personal Information collected and used as an element of our Services, we sell the following categories of Personal Information concerning specific health care providers:
- Identifiers or professional information including name, business address, and contact information;
professional or employment-related information such as field of specialty; associated patient outcomes. - If you would like to opt out of the sale of your information, you may submit an opt out request via (888) 919-1959 or Request for Deletion.
f) The Right to Non-discrimination
You have a right not to receive discriminatory treatment for the exercise of your California privacy rights.
g) Authorized Agents
You may designate an authorized agent to make requests on your behalf. You must provide an authorized agent written permission to submit a request on your behalf, and we may require that you verify your identity directly with us. Alternatively, an authorized agent that has been provided power of attorney pursuant to Probate Code sections 4000-4465 may submit a request on your behalf.
COOKIE POLICY
We use cookies on our website, which amongst other things, help us to improve your experience of our website and to ensure that it performs as you expect it to. Cookies are text files containing small amounts of information, which are downloaded to your computer or mobile device by websites that you visit. They can improve your experience of using a website, for example, by remembering your preference settings and tracking your use of a website so that it can be improved to meet your needs.
Websites must get consent to send cookies to your computer or mobile device unless the cookies are strictly necessary to provide services to you.
You can set your cookie preferences when you arrive at our website.
You can also set your preferences and block certain types of cookies that are not necessary by changing the settings on your browser. Learn how to do this here.
Unless the cookie is a strictly necessary cookie, you can withdraw your consent to our cookies at any time even if you have previously consented. Although, please do remember that if you do not consent to our functionality cookies, parts of our website will not work.
The table below explains what cookies we use on our website, why we use them and whether they are strictly necessary or another type of cookie e.g. “functionality” or “performance” cookies. We also state in the table whether a cookie is a “persistent” or “session” cookie. The difference is that:
- Persistent cookies remain on your device between browsing sessions. They are activated each time you visit the website that created that particular cookie. For example, where a “persistent cookie” is used on a website to remember your log-in details, you will not need to enter those details each time you visit that website.
- Session cookies allow website operators to link the actions of a user during a browser session. A browser session starts when you open the browser window and finishes when you close the browser window. Session cookies are created temporarily. Once you close the browser, all session cookies are deleted.
Some of the cookies listed below are those set by our own website when you visit – www.mavens.com. However, we also have cookies on our website that are set by third parties – not Mavens. For example, to enable us to measure site performance, Google places cookies on www.mavens.com (for more information about how Google uses cookies and what information they collect, visit http://www.google.com/policies/privacy/).
Strictly necessary
Strictly necessary cookies are essential to enable you to receive a service on a website. For example, cookies to operate online shopping baskets, do your internet banking or to comply with the law (e.g. such as to keep your information safe). We would not be able to operate our website without using the “strictly necessary” cookies listed below.
Cookie | Name | Purpose | Persistent/ Session | More information |
Cookie Consent | OptanonAlertBoxClosed (OneTrust Cookie Consent) | This cookie is set by websites using certain versions of the cookie law compliance solution from OneTrust. It is set after visitors have seen a cookie information notice and in some cases only when they actively close the notice down. It enables the website not to show the message more than once to a user. The cookie contains no personal information. | Persistent (2 years) | Click here for an overview of privacy at OneTrust |
Cookie Consent | OptanonConsent | This cookie is set by the cookie compliance solution from OneTrust. It stores information about the categories of cookies the site uses and whether visitors have given or withdrawn consent for the use of each category. This enables site owners to prevent cookies in each category from being set in the user’s browser, when consent is not given. It contains no information that can identify the site visitor. | Persistent (one year) | Click here for an overview of privacy at OneTrust |
Performance
Performance cookies collect information about how visitors use a website, for instance, which pages visitors go to most often and if they get error messages from web pages. These cookies do not collect information that identifies a visitor. Any information collected by these cookies is anonymous. We only use such information to improve our website.
Cookie | Name | Purpose | Persistent/ Session | More information |
Google Analytics | _utmv
_utmz _utma _utmv######### _utmb |
These cookies are used to collect anonymous information about how visitors use our site. We use the information to compile analytical reports which help us improve our website. The cookies collect information such as the number of visitors to our website, how they arrived there (e.g. directly from the internet or through linking from another website) and tracking which webpages they visited. | Persistent (2 years) | Click here for an overview of privacy at Google |
Functionality
Functionality cookies allow the website to remember choices you make (such as your log in details) and customized preference settings (e.g. text size). They also enable enhanced, more personal features, e.g. a website may be able to provide you with local weather reports or traffic news by using a cookie to remember which region you are in. These cookies are also used to provide services you have asked for such as watching a video. Information collected by “functionality” cookies may or may not be anonymized, but they cannot track your browsing activity on other websites. The “functionality” cookies on our website collect anonymous information. We do not use functionality cookies on our website.
Targeting
These cookies collect information about your browsing habits to make advertising relevant to you and your interests. These cookies collect the most information about users. We do not use targeting cookies on our website.