Thank you for choosing to be part of our community at Middesk Inc. (“Company”, “we”, “us”, or “our”). We are committed to protecting your personal information and your right to privacy. If you have any questions or concerns about our policy, or our practices with regards to your personal information, please contact us at [email protected].
We collect your PII when you or your employer provide it to us when utilizing the Services, when participating in activities on the Sites, or otherwise contacting us. We also collect your PII when we engage with our service providers, third-party partners, and when we provide Services to our customers (which may include your employer).
The categories of PII we have collected in the past 12 months, and collect today, include the following:
We use the information we collect or receive to:
We only share and disclose your information with the following third parties. We have categorized each party so that you may be easily understand the purpose of our data collection and processing practices.
When we have no ongoing legitimate business need to process PII, we will either delete or anonymize it, or, if this is not possible (for example, because the PII has been stored in backup archives), then we will securely store the PII and isolate it from any further processing until deletion is possible.
Middesk strives to ensure that our systems are secure and that they meet industry standards. We seek to protect PII that is provided to Middesk by third parties and by you by implementing physical and electronic safeguards. Middesk endeavors to engage third-party service providers that have security and confidentiality policies, if such third-party service providers have access to our PII. Despite our efforts to protect the security of your information, no security system is always effective and we cannot guarantee that our systems will be completely secure.
Persons under the age of 18 are not allowed to use the Sites and we do not knowingly collect PII from persons under 18 years of age. By using the Sites, you represent that you are at least 18. If we learn that we have collected PII about a person under the age of 18 years of age, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you become aware of any information we have collected from a person under age 18, please contact us at [email protected]We do not and will not knowingly sell PII of consumers under the age of 16.
Residents of the European Economic Area (“EEA”) and Switzerland (“EEA Residents”) are entitled to make requests regarding the processing and storage of their PII. Specifically, if you are an EEA Resident, you may submit a request to us to take the following actions in relation to your PII that we hold:
You may do this at any time by emailing [email protected]. Note that we may refuse to grant your requests in whole or in part as permitted by applicable law. You have the right to complain to a data protection authority about our collection and use of your PII. For more information, please contact your local data protection authority. To find contact details, click here.
Our legal basis for collecting and using the PII described above will depend on the PII concerned and the specific context in which we collect it. However, we will normally collect PII from you only (i) where we need the PII to perform a contract with you or your employer; (ii) where the processing is in our legitimate interests and not overridden by your rights; or (iii) where we have your consent to do so or have entered into an agreement with your employer to provide the Services. We have a legitimate interest in operating our Services and communicating with you and your employer as necessary to provide these Services, for example when responding to your or your employer’s queries, improving our Platform, undertaking marketing, or for the purposes of detecting or preventing illegal activities.
In some cases, we may also have a legal obligation to collect PII from you or may otherwise need the PII to protect your vital interests or those of another person. If we ask you to provide PII to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your PII is mandatory or not (as well as of the possible consequences if you do not provide your PII).
Your PII will be stored and processed in the United States. If you or your employer use the Services from outside the United States, you acknowledge we will transfer your PII to, and store your PII in, the United States, which may have different data protection rules than in your or your employer’s country, and PII may become accessible as permitted by law in the United States, including to law enforcement and/or national security authorities in the United States.
If our service provider, third-party partner, or customer has provided your PII to us, please note that we transfer the information, including your PII, to the United States and process it there. For transfers of PII out of the EEA, pursuant to Article 46 of the General Data Protection Regulation, we use standard data protection clauses to provide appropriate safeguards.
This section provides additional details about the PII we collect about California residents as well as the rights of California consumers under the California Consumer Privacy Act (“CCPA”).
NOTICE TO CALIFORNIA RESIDENTS – YOUR CALIFORNIA PRIVACY RIGHTS (AS PROVIDED BY CALIFORNIA CIVIL CODE SECTION 1798.83)
A CALIFORNIA RESIDENT WHO HAS PROVIDED PII TO A BUSINESS WITH WHOM HE/SHE HAS ESTABLISHED A BUSINESS RELATIONSHIP FOR PERSONAL, FAMILY, OR HOUSEHOLD PURPOSES (A “CALIFORNIA CUSTOMER”) MAY REQUEST INFORMATION ABOUT WHETHER THE BUSINESS HAS DISCLOSED PII TO ANY THIRD PARTIES FOR THE THIRD PARTIES’ DIRECT MARKETING PURPOSES. IN GENERAL, IF THE BUSINESS HAS MADE SUCH A DISCLOSURE OF PII, UPON RECEIPT OF A REQUEST BY A CALIFORNIA CUSTOMER, THE BUSINESS IS REQUIRED TO PROVIDE A LIST OF ALL THIRD PARTIES TO WHOM PII WAS DISCLOSED IN THE PRECEDING CALENDAR YEAR, AS WELL AS A LIST OF THE CATEGORIES OF PII THAT WERE DISCLOSED. CALIFORNIA CUSTOMERS MAY REQUEST FURTHER INFORMATION ABOUT OUR COMPLIANCE WITH THIS LAW BY E-MAILING [email protected] PLEASE NOTE THAT WE ARE REQUIRED TO RESPOND TO ONE REQUEST PER CALIFORNIA CUSTOMER EACH YEAR AND WE ARE NOT REQUIRED TO RESPOND TO REQUESTS MADE BY MEANS OTHER THAN THROUGH THIS E-MAIL ADDRESS.
Your CCPA Rights and Choices.
As a California consumer and subject to certain limitations under the CCPA, you have choices regarding our use and disclosure of your PII:
To submit a request to exercise any of the rights described above, you may contact Middesk at [email protected]. We may need to verify your identity before responding to your request, such as verifying that the email address from which you send the request matches your email address that we have on file. Authentication based on a government-issued and valid identification document may be required.
Sources of PII
In regard to the CCPA, the sources of PII are:
Categories of CCPA PII disclosed for a business purpose
If any authorized agent submits a consumer request on your behalf, in order to confirm that person or entity’s authority to act on your behalf and verify the authorized agent’s identity, we require the below items:
To verify the identity of the California resident for whom the request is being made, provide the consumer’s name (first and last) and address.
If you have questions or comments about this policy, you may email us at [email protected]