Privacy Statement

• Overview

MyOutreach Ltd, its subsidiaries and affiliates (collectively, “MyOutreach”, or “we”, “us”, “our”) respect the privacy and security of your personal data. This Privacy Policy details the information that we may collect through registration forms, resource libraries, advertising units, widgets, websites and web pages, whether accessed via computer, mobile, tablet device or ­­­­­­other technology (collectively, the “Platform”) as well as the collection and licensing of data through our third-party partners. It also sets out how such information may be used and/or shared with others, how such information is stored and safeguarded by us, and your rights in relation to its use in connection with our marketing activities. For the purpose of this Privacy Policy, personal data refers to information or pieces of information that could identify you, such as your name, job description, date of birth, e-mail address or mailing address (“Personal Data”). If you are a California resident, please review the “Additional Information for California Residents” [LINK] below for important information, as required by California privacy laws, about the categories of personal information we collect and disclose and your rights under California privacy laws. By interacting with us, whether on the phone or online through this website, you agree to the collection, use and processing of your personal data in the manner and for the purposes described in this Privacy Policy.

2. Data Collection

Our purpose in collecting information is to help us provide you with better service, for example through notifications about special offers and promotions or other relevant content delivered through targeted advertising. You may choose to use our services or to receive additional information from us, for example by submitting a registration form containing certain information in order to access free content. When you request our services or register to receive information, we collect the following Personal Data: your name, address, email address, and telephone number. We may also receive this information through one of our business partners. To help us to promote content that is relevant to you, we may add to this data any business profile information that we receive about you from other sources, such as your industry, company size and job title.

3. Data usage

MyOutreach may use the information we obtain, license and collect about and from you for a number of business purposes, including, for example, to: better tailor our website and promotional content to visitor interests; verify your profile information; deliver targeted advertising; inform our partners and Clients of your business-related interests; improve the Platform for internal business purposes; help our advertising partners and Clients better understand the audience they are reaching; and for any purposes we disclose at the time you provide your Personal Data or your consent to our use of the same. We will only ask for Personal Data that is adequate, relevant and not excessive for these purposes.

4. Legal basis and purposes of data processing

Whenever we process your Personal Data, we do so for a specific purpose on the basis of a legal justification. Processing of your Personal Data may be justified on one or several of the following bases: 1) Performance of a contract with you In order to perform the services you request from us, as set out in the section “MyOutreach Services”, we use in particular the following data:

• Contact details: your name, telephone number and e-mail address.
• Account data: your Platform account data and other electronic identification data such as IP address and the data you add to your account such as your password, date of birth, gender and other information you share with us.
• Communication data: your requests, any complaints you might have as well as any data you share with us if we communicate with you via e-mail, telephone or social media.

2) Legitimate interest of us or a third party: Beyond the processing of your Personal Data for the performance of a contract with you, we process your Personal Data to safeguard our or third parties’ legitimate interests provided such interests are not overridden by your fundamental rights or freedoms. Therefore, we process your Personal Data in particular for the following purposes:

• advertising and market- and opinion research purposes, provided you did not object against such use of your data (see section “Updating Personal Data and your Data Subject Rights” below);
• improvement of our products and services including our website;
• prevention and investigation of criminal offences (in particular fraud); and
• defense or enforcement of legal claims.

3) Your consent As far as you provide us with your explicit, informed consent (e.g. when you have consented to receive marketing e-mails from us and/or third parties we work with for certain products and services) for the processing of Personal Data, such consent presents the legal basis for the processing. You may withdraw your consent at any time by following the steps outlined below in the section “Updating Personal Data and your Data Subject Rights”. Please note that the withdrawal of your consent only has effect for the future and does not affect the lawfulness of processing based on consent before your withdrawal. 4) Compliance with a legal obligation Any information referred to above under the section “Data Collection” may be used to maintain appropriate business records, to comply with lawful requests by public authorities and to comply with applicable laws and regulations or as otherwise required by law.

5. Tracking Technologies and Usage Information

We, MyOutreach, and our publishing partners, Clients, affiliates, or analytics or service providers, use technologies such as cookies, beacons, tags, and scripts, to analyze trends, administer websites, track users’ movements around websites, and to gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies by these companies on an individual and aggregated basis.  As to information submitted to, through or on our website, we may likewise use service providers to host content, host or implement blogs and forums, or conduct data and marketing analytics with respect to information captured. MyOutreach may use a variety of technologies, including “cookies” that automatically or passively collect information from your computer, mobile device or other technology, when you visit MyOutreach, partner or Client websites. We may also collect information in this way on a third party’s behalf when we serve advertisements and store your Personal Data in log files. Information collected may include your IP address, browser type, operating system, your responses to advertisements delivered by us, date and time, referring URLs and other information normally transmitted in HTTP requests (“Usage Information”). Usage Information may also be associated with anonymous business profile information about you, such as your industry, company size, and job title. The purpose of this information is to keep the Platform updated and interesting to our users and to tailor content to each individual’s interests. My Outreach does not use this information to discern your identity or to disclose your identity to any third party. MyOutreach stores Personal Data in a separate database from any Usage Information. A cookie is a small file stored on a user’s device containing information about the user. We may use cookies to reduce or pre-populate registration fields so that you can receive free content more easily, deliver targeted advertising, or understand your interests and focus areas of research. We believe this enables us to provide users with a more meaningful online experience. We use Local Storage Objects (“LSOs”) such as Flash to store content information and preferences. Third parties with whom we partner to provide certain features on our site or to display advertising based upon your web browsing activity also use LSOs such as HTML5 and Flash to collect and store information. Various browsers may offer their own management tools for removing HTML5 LSOs. To learn how to manage privacy and storage settings for Flash cookies click here: https://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager.html#117118

6. Advertising / Behavioral Targeting; How to Opt-Out

We may use third-party vendors to enhance the Platform (e.g. for purposes of retargeting). We do not share Personal Data with these third parties, but they may set and access their own cookies, pixel tags and similar technologies on your device and they may otherwise collect or have access to anonymous Usage Information. When you use the opt-out mechanism, MyOutreach will no longer use or share any of your Personal Data or anonymous Usage Information, with the exception of Personal Data submitted within the last 30 days to access free content, which the Content Provider may access. When you opt out of the Platform, we place a cookie on or otherwise identify your browser or device (and/or employ similar technology) to prevent future collection of Usage Information. Opting out of the Platform is not the same as blocking cookies. When you opt out of MyOutreach’s Platform, we will place a special MyOutreach cookie on (or otherwise identify) your device or browser in a way that informs our systems not to record information related to your business research activities. If you browse the web from multiple devices or browsers, you will need to opt out from each device or browser to ensure that we prevent personalization tracking on all of them. For the same reason, if you procure a new device, change browsers or delete the MyOutreach opt-out cookie (or clear all cookies), you will need to perform this opt-out task again. Please note: This opt-out relies on a cookie and so if you wipe all of your cookies, we will no longer know that you have opted out.

7. Disabling Cookies

If you would prefer not to accept certain cookies, you may be able to do the following:

• change your browser settings to notify you when you receive a cookie, which lets you choose whether or not to accept it; or
• set your browser to automatically not accept any cookies.

However, not all browsers offer these features for all types of cookies and these techniques may not always work. Please note:  As cookies are used for a variety of reasons, not all of which are marketing-related, disabling cookies may adversely impact your online experience.

8. Sharing of Personal Data

Except as set out in this Privacy Policy, we will not provide any of your Personal Data to any partners or other third parties without your consent. We may share Personal Data and Usage Information with Clients.  We may also share with third parties: information other than Personal Data, such as aggregated demographics, user statistics, interest categories and Usage Information with third parties. We may combine your Usage Information with those of other users of the Platform in order to share trend information with third parties. Where we do so, this information will always be in aggregated and anonymous form. We may aggregate Usage Information associated with your Personal Data into business-related research events, which include the form of engagement and content type, topics derived from the content of the event, and date/timestamp of when the event occurred, in anonymous form. An interest event may be, for example, the downloading of a whitepaper on cloud computing, or clicking on an advertisement related to SSL certificates. We may also share information with trusted companies that assist us in the operation of our business or provide services such as our blog and career pages. These companies are not authorized to use the Personal Data we share with them for any other purposes than those set forth in this Privacy Policy or to send you any unsolicited e-mails. In certain situations, we may be required to disclose Personal Data: (a) to protect the legal rights, privacy or safety of MyOutreach or our employees, agents or contractors; (b) in response to lawful requests from government or by public authorities in any country in which we operate, including for national security or law enforcement requirements; (c) to permit us to pursue available remedies or limit the damages that we may sustain; or (d) as required by law, for example to comply with a subpoena, bankruptcy proceedings, or similar legal process. .

9. Updating Personal Data and your Data Subject Rights 

Upon request, we will provide you with information about whether we hold, or process on behalf of a third party, any Personal Data relating to you to the extent required by applicable legal requirements. You may also request that we verify, correct, or update Personal Data collected through the Platform. We will respond to such request within a reasonable time frame. However, please note that we may delete certain records that contain Personal Data that you have submitted through the Platform in accordance with our routine record keeping. We are under no obligation to store Personal Data indefinitely and disclaim any liability arising out of, or related to, the destruction of such Personal Data. We will retain your Personal Data for as long as your account is active or as needed to provide the Platform. You may request that we cancel your account or request that we no longer use your Personal Data to provide the Platform. However, we may retain and use your information to comply with our legal obligations, resolve disputes, and enforce our agreements. Where your Personal Data is processed in the context of our activities in the European Union, you have the following statutory rights with regards to your Personal Data under the General Data Protection Regulation (“GDPR”):

• you can request access to your Personal Data, including the provision of a copy of the Personal Data subject to processing (right of access according to Art. 15 GDPR);
• you can ask us to update or correct any inadequate, incomplete or inaccurate data (right to rectification according to Art. 16 GDPR);
• you can request erasure of your Personal Data (right to erasure according to Art. 17 GDPR);
• you can restrict the processing of Personal Data (e.g. we may only store but not use your information while we assess your request for erasure – right to restriction according to Art. 18 GDPR);
• where processing is based on our legitimate interests including profiling, you have the right to object to the processing (right to object according to Art. 21 (1) GDPR);
• where we process your Personal Data for direct marketing purposes, you have the right to object to the processing at any time (right to object according to Art. 21 (2) GDPR);
• where processing is based on your consent, you have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal (right to withdrawal according to Art. 7 (3) GDPR);
• where processing is based on consent or on a contract, you have the right to data portability, meaning that you can ask us to provide your Personal Data in a structured, commonly used and machine-readable format for your use or transfer to another controller (right to data portability according to Art. 20 GDPR);
• you can lodge a complaint with a supervisory authority (right to lodge a complaint according to Art. 15 no. 1 (f) GDPR).

If you wish to exercise any of the rights described above or you have any questions or concerns about how we treat your Personal Data, please contact us via these methods:

• Submit a request online
• Send an email to [datacontroller@myoutreach.co.uk]
• Mail a letter to Data Controller, 44 St Peter’s St, Canterbury, CT1 2BG
• Call +44203 868 4870 and ask to speak to the Data Privacy Officer

10. Data Security Precautions & Retention

MyOutreach takes precautions to protect all Personal Data and any other information under its control from misuse, loss or alteration. MyOutreach’s security measures include industry-standard technology and equipment to help protect your information, and MyOutreach maintains security measures to allow only the appropriate personnel and contractors access to your information. Unfortunately, no system can ensure complete security, and MyOutreach disclaims any liability resulting from use of the Platform or from third-party hacking events or intrusions. Specific retention periods are determined by reference to the type of third-party concerned, as set out below:

• Usage Information is retained for up to 13 months from the date of collection, after which it will be de-identified and aggregated for research and analytics;
• Personal Information from registrations is retained for up to 5 years from the last registration date; and
• Cookies expire 18 months after their last update.

11. Other Web Sites

The Platform may contain links to or integrations with other sites that MyOutreach does not own or operate. This includes links from Clients and partners that may use the MyOutreach logo in a co-branding agreement, or websites and web services that we work with in order to provide the Platform. MyOutreach does not control, nor is MyOutreach responsible for, these sites or services or their content, products, services, privacy policies or practices. If you submit Personal Data on a web site using the Platform, you are choosing to disclose information to both My Outreach and the third party with whose brand the website is associated. This Privacy Policy only governs MyOutreach’s use of your Personal Data. A third party’s use of your Personal Data is governed by the third party’s privacy policy and practices, and not by this Privacy Policy.

12. Business Sale

As we develop our business, we might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganization, dissolution or similar event, or a sale of our significant assets, we reserve the right to include any Personal Data and other information we have collected as described in this Privacy Policy among the assets transferred as part of any transaction

13. Children

MyOutreach does not knowingly collect Personal Data or Usage Information from children under the age of 13 through its website or from any of our affiliates and partners. If you are under 13, please do not give us any Personal Data, and do not provide Personal Data to any website or web service without consulting your parent or guardian. If you have reason to believe that a child under the age of 13 has provided Personal Data to MyOutreach, please contact us via these methods:

• Submit a request online
• Send an email to [datacontroller@myoutreach.co.uk]
• Mail a letter to Data Controller, 44 St Peter’s St, Canterbury, CT1 2BG
• Call +44203 868 4870 and ask to speak to the Data Privacy Officer

…and we will seek to delete such Personal Data from our database.

14. Consent to Processing and Transfer of Information

The Platform and the servers and facilities that maintain the data we hold are operated in the United States and other countries outside of the European Union. As an international business, our use of information necessarily involves the transmission of Personal Data on an international basis. If you are located in the European Union, Canada or elsewhere outside of the United States, please be aware that information we collect may be accessed, transferred to and processed in the United States. By using the Platform, or providing us with any information, you consent to the collection, processing, maintenance and transfer of such information in and to the United States and other applicable territories in which the privacy laws may not be as comprehensive as or equivalent to those in the country where you reside and/or are a citizen. If you have any inquiries or complaints about MyOutreach’s handling of your personal data, or about our privacy practices generally, please contact us via these methods:

• Submit a request online
• Send an email to [datacontroller@myoutreach.co.uk]
• Mail a letter to Data Controller, 44 St Peter’s St, Canterbury, CT1 2BG
• Call +44203 868 4870 and ask to speak to the Data Privacy Officer

We will respond to your inquiry promptly. If we are unable to satisfactorily resolve any complaint, or if we fail to acknowledge your complaint in a timely fashion, you can submit your complaint online at [https://feedback-form.truste.com/watchdog/request], which provides an independent third-party dispute resolution service based in the United States.

15. Social Media Widgets

Our website includes social media features, such as the “Facebook Like” button, and widgets, such as the “Share This” button or interactive mini-programs that run on our website (collectively, the “Features” and each a “Feature”). These Features may collect information such as your Internet protocol address, the page you are visiting on our website, and may set a cookie to enable the Feature and related data collection to function properly. Features are either hosted by a third party or hosted directly on our website. Your interactions with these Features are governed by the privacy statement of the company providing it.

16. Blogs

Our website offers publicly accessible blogs. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. To request removal of your personal information from our blog or community forum, contact via these methods:

• Submit a request online
• Send an email to [datacontroller@myoutreach.co.uk]
• Mail a letter to Data Controller, 44 St Peter’s St, Canterbury, CT1 2BG
• Call +44203 868 4870 and ask to speak to the Data Privacy Officer

In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why.

17. Additional Information for California residents

This section of the Privacy Policy provides additional information solely for California residents, as required under the California Consumer Privacy Act of 2018 (“CCPA”), and applies to personal information, whether collected online or offline.  As used in this Section 17 of the Privacy Policy, “personal information” means any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household. Personal Information Not Covered by this California Section This section does not address or apply to:

• our handling of publicly available information made lawfully available by state or federal governments;
• personal information that is subject to an exemption under Section 1798.145(c) – (f) of the CCPA;
• personal information we collect about California job applicants, independent contractors, or current or former full-time, part-time and temporary employees and staff, officers, directors or owners of MyOutreach, and use solely in that context;
• personal information about individuals acting for or on behalf of another company, to the extent the information relates to our transactions with such company, products or services that we receive from or provide to such company, or associated communications or transactions.

Categories of Personal Information that we Collect and Disclose Our collection, use and disclosure of personal information about a California resident will vary depending upon the circumstances and nature of our interactions or relationship with such resident.  The table below sets out generally the categories of personal information (as defined by the CCPA) about California residents that we collect and disclose to others for a business purpose.  

Your CCPA Rights and Choices The CCPA provides California residents with specific rights regarding their personal information. This section describes your rights under the CCPA and explains how to exercise those rights.  Subject to certain exceptions, California residents have the right to make the following requests: Right to Opt-out of Sale:  You have the right to direct us not to sell your personal information (“opt-out’). We do not sell personal information if we have actual knowledge that the consumer is less than 16 years of age, unless we receive affirmative authorization (“opt-in’) from either the consumer between 13 and 16 years of age, or the parent or guardian of a consumer less than 13 years of age. Right to Delete: You have the right to request that we delete and direct any service providers that have received that personal information to delete, the personal information that we have collected and retained, unless an exemption applies.  Once we receive and confirm your verifiable request, we will delete (and, if applicable, direct our service providers to delete) your personal information from our records, unless an exemption applies. Right to Access: You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months.  Once we receive and confirm your verifiable request, we will disclose to you:

• the categories of personal information we collected about you;
• the categories of sources of personal information we collected about you;
• our business or commercial purposes for collecting or selling that personal information;
• the categories of third parties with whom we have disclosed or shared that personal information;
• the specific pieces of personal information we collected from you;
• the categories of third parties to whom your personal information has been sold; and
• the categories of personal information that we have sold (if any).

Submitting Requests: You can submit a deletion, access or opt out of sale request by either:

• Submit a request online
• Send an email to [datacontroller@myoutreach.co.uk]
• Mail a letter to Data Controller, 44 St Peter’s St, Canterbury, CT1 2BG
• Call +44203 868 4870 and ask to speak to the Data Privacy Officer

We will respond to verifiable requests received from California residents as required by law.  You can also designate an authorized agent to make a request under the CCPA on your behalf, but the agent must provide proof that the agent is authorized to make a request on your behalf. We may ask you for additional information necessary to verify or process your request.  Where applicable, we may ask for proof that an authorized agent is entitled to act on your behalf.  We may also carry out checks, including with third party identity verification services, to verify your identity before taking any action with your personal information.  We will endeavor to respond your verifiable requests within 45 days of receipt.  If we require more time (up to 45 additional days), we will inform you of the reason and extension period in writing.   Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request receipt.  Generally, California residents can exercise rights free of charge. Non-Discrimination: You have the right not to receive discriminatory treatment for the exercise of the privacy rights conferred by the CCPA.  We will not discriminate against you for exercising any of your CCPA rights or impose unreasonable requirements on financial incentives offered to California consumers related to your personal information. We may offer different prices, rates, or quality of goods or services if the difference is reasonably related to the value of your personal information.

18. Changes to our Privacy Policy

Please note, we may modify information presented via the Platform and/or this Privacy Policy from time to time. Any changes will be effective immediately upon the posting of the revised Privacy Policy. If we make any material changes we will provide notice on this website prior to the change becoming effective. You are encouraged to periodically revisit the My Outreach Privacy Policy to see if it has been updated. We will always state the latest modification date of the Privacy Policy at the top of this page for your reference.

19. MyOutreach Services

MyOutreach acts as a data processor in the provision of its services to its Clients (“Services”) where it collects information under the direction of any one of its Clients, which may include Personal Information and Usage Information such as cookie identifiers.  We will retain Personal Data for as long as necessary to provide these Services and we may share such information with the relevant Client as set out in the Privacy Policy. If you are a customer of a Client and would no longer like to be contacted by the Client that uses our Platform, please contact the Client that you interact with directly. Similarly, should you wish to access Personal Data or to correct, amend, or delete inaccurate data owned by a Client, you should direct your query to the Client.

20. Contact Us

We regularly review our compliance with this Privacy Policy. Questions, comments, and requests regarding this Privacy Policy are welcomed and should be sent via these methods:

• Submit a request online
• Send an email to [datacontroller@myoutreach.co.uk]
• Mail a letter to Data Controller, 44 St Peter’s St, Canterbury, CT1 2BG
• Call +44203 868 4870 and ask to speak to the Data Privacy Officer

Exhibit A – Data Privacy Addendum to Partner Agreement

• Amendment and Variation

1. The provisions in this addendum apply in addition to the terms in the Existing Agreement. To the extent of any conflict between any provision of the Existing Agreement and the provisions of this addendum, the provisions of this addendum shall prevail. Except as varied by this addendum all of the provisions of the Existing Agreement shall remain in full force and effect.
2. To the extent required in the Existing Agreement, each Party acknowledges and agrees that this addendum represents a valid written and agreed variation and amendment to the Existing Agreement.

• Additional Definitions

1. In addition to the terms defined in the Existing Agreement, which shall bear the same meanings when used in this Addendum, the following terms shall bear the following meanings:
   1. “CASL” means the Canadian Anti-Spam Law, S.C. 2010, c. 23, more fully titled ‘An Act to promote the efficiency and adaptability of the Canadian economy by regulating certain activities that discourage reliance on electronic means of carrying out commercial activities, and to amend the Canadian Radio-television and Telecommunications Commission Act, the Competition Act, the Personal Information Protection and Electronic Documents Act and the Telecommunications Act and all regulations issued thereunder’;
   2. “CCPA” means the California Consumer Privacy Act of 2018 (Cal. Civ. Code sections 1798.100 to 1798.199). as amended;

• “GDPR” means Regulation 2016/679 EU, more commonly referred to as the General Data Protection Regulation; and

1. “Privacy Laws” means all applicable laws, rules, and regulations relating to privacy and data protection, including, without limitation, the GDPR, CCPA, the CAN-SPAM Act of 2003, and the CASL, in each case as such may be amended from time to time, any rules that apply as a result of registrations or opt-in requirements and any generally accepted industry guidelines in the United States, such as the TRUSTe Privacy Program, and the DMA-accepted privacy statements.

• Compliance

1. In addition to any compliance obligations already set out in the Existing Agreement, MyOutreach and Partner shall each comply with their respective obligations under the Privacy Laws.

• Data Sharing and Usage

1. Partner shall:
   1. ensure that all personal data, including electronic address information even if it is not about an identifiable individual (collectively, “Personal Data“), of all Leads are collected and processed in compliance with the relevant Privacy Laws, and that (without prejudice to the generality of the foregoing) in particular all necessary consents for that Lead’s Personal Data to be shared with third parties, including the specific clients identified to Partner as having requested such Leads (collectively, the “Third Parties”), and used by the Third Parties for the marketing purposes identified by MyOutreach for such Third Parties, have been secured and recorded in compliance with the relevant Privacy Laws, and that the Leads have been provided with all required information about such Third Parties including how their Personal Data is to be processed and used by, and shared with, the Third Parties, and how the Leads can exercise their rights in respect of their Personal Data;
   2. provide evidence that such consents have been secured from, and that any other information required by the Privacy Laws has been provided to, the Leads to MyOutreach and/or any of MyOutreach’s clients with whom a Lead’s Personal Data is shared, and notify MyOutreach immediately if any such Leads notify Partner that they wish to withdraw such consent;

• provide such reasonable assistance as may be required from time to time by either MyOutreach or any of its clients in connection with the exercise by any Lead of their rights under the Privacy Laws, including (without limitation) rights of access, rectification and erasure;

1. ensure that no discrimination (including, without limitation, price discrimination) occurs against any individual as a result of a decision by that individual to provide or withhold any Personal Data and/or personal information;
2. ensure that, whilst such Personal Data or personal information is within its control, any Personal Data or personal information is used only for such purpose or purposes as have been made known to the relevant individual (whether at the point of the information was collected from the individual or afterwards), and that the contracted business purposes of any processing shall be purely as necessary to provide services in connection with the Existing Agreement; and
3. at the election of MyOutreach or any of its clients, enter into a data transfer agreement substantially in the form of the model clauses for transfers of personal data between controllers as approved by the EU Commission from time to time to govern personal data provided by the Partner.

• Security

1. Each party shall ensure that any Personal Data collected or otherwise transferred in relation to the Program is held securely and subject to appropriate technical, organizational and other applicable security measures.