Effective Date: January 1, 2023
- Personal data we handle for our customers (“Service Data”). We collect this data through our Movable Ink platform, our Moments, Stories, Movable Ink Da Vinci and Builder services, additional Movable Ink products, and related training, support, consulting and professional services. We refer to all of these offerings as the “Services.” Under applicable law, Movable Ink is considered a “processor” of this data, and our customer (or our customer’s customer) is the “controller” of the data.
- Personal data we handle for our own business (“Business Data”), other than for our own human resources activities. This includes certain data collected on our own website, such as newsletter signup forms, as well as data collected through other marketing-related efforts. Under applicable law, Movable Ink is a “controller” of this data.
1. Privacy Practices Specific to Service Data
Types of Service Data
We receive limited information from or on behalf of our customers when they use the Services. This information may include:
- Unique User ID (which may be an email address, though this is not required);
- IP address;
- User-agent from the HTTP header of a request for an image in an email or other communication;
- Details about the user’s interaction with an email, mobile message or other communication that contains our technology;
- Cookie identifiers;
- Website or app behavior, including URLs associated with a consumer’s navigation of our client’s website or app;
- Images and other content;
- Data described in the Cookies and Automated Data Collection section below; and
- Any other data that our clients choose to transmit to us (or have us collect on their behalf) to provide the Services. Depending on the service, this may include:
- Transaction history (e.g., goods or services purchased from the client, date, price, sales channel);
- Customer-level segmentation information (e.g., category affinity scores, gender)
Use of Service Data
Subject to our contractual obligations, and depending on the particular Services, we use the information described above as follows:
- To provide the Services, including to:
- provide data and feedback to our clients in connection with the provision of our Services;
- facilitate and improve the Services, which may include analyzing usage trends, tracking the types of questions we receive and providing support to our clients and visitors to our websites;
- To enforce the legal terms that govern the Services;
- To comply with law and protect rights, safety and property; and
- For other purposes requested or permitted by our customers or users.
Disclosures of Service Data
Subject to our contractual obligations, and depending on the particular Services, we disclose the information described above as follows:
- To provide the Services;
- To enforce the legal terms that govern the Services and our business;
- To comply with law, and where we deem disclosure appropriate to protect rights, safety and property (for example, for national security or law enforcement);
- As part of a business sale, merger, consolidation, change in control, transfer of substantial assets or reorganization; or
- For other purposes requested or permitted by our customers or users.
For those purposes, we may disclose information to our affiliates and other entities that help us with or who are involved with any of the above.
Personal Data Rights and Choices
To exercise any rights you may have under privacy or data protection laws relating to Service Data, you should contact the Movable Ink customer on whose behalf we process the Service Data. If instead you contact us and identify the relevant customer, we may refer the request to the relevant customer and cooperate with their handling of the request, subject to any special contractual arrangement with that customer.
2. Privacy Practices Specific to Business Data
Types of Business Data
- Identifiers, e.g., name, email address, phone number, and IP address;
- Professional or employment-related information, e.g., your title and the name of your employer;
- Commercial information, e.g., your purchasing history;
- Financial information, e.g., payment information;
- Communications, e.g., responses to polls or surveys, questions, comments, or requests you send us;
- Audio or video information, such recordings of meetings;
- Inferences we generate from the Personal Data described above.
Use of Business Data
Movable Ink uses Business Data as follows:
- To manage our customer relationships and deliver our services;
- To send you information about our products and services, including marketing communications;
- To respond to your questions, concerns, or customer service inquiries;
- To analyze market conditions and use of our services;
- To customize the content and advertising you see on our website, across the Internet, and elsewhere;
- To create anonymized, de-identified, or aggregated data, which we may use and disclose without any limitation;
- To enforce the legal terms that govern our business and online properties;
- To comply with law and protect rights, safety and property (for example, making disclosures that we believe are required or otherwise appropriate for national security or law enforcement);
- As part of an actual or potential business sale, merger, consolidation, change in control, transfer of substantial assets or reorganization; and
- For other purposes requested or permitted by our customers or users.
Retention of Business Data
|Category of personal data regarding California residents||Examples of how long we normally plan to keep this information|
|Identifiers||If we collect an individual’s email when they sign up for marketing emails, we plan to retain it until they unsubscribe from those emails, and then indefinitely after that to comply with their unsubscribe request.|
|Professional or employment-related information||If we collect this information about an individual in the context of a request for marketing materials, we typically retain it as described in the row above.|
|Commercial information||We may retain information on a person’s interest in our products for up to three years after their or their organization’s last contact with us|
|Financial information||We retain payment information associated with a transaction for seven years after the transaction|
|Communications||Because communications could contain any type of record and pertain to any type of matter, retention periods vary.|
|Audio or video information||If a customer leaves us a voicemail, we typically dispose of it shortly after receiving it and responding to it.|
|Internet or other electronic network activity information||We retain logs associated with account logins from California IP addresses on our own platform for several years for account authentication, fraud detection, and other security purposes.|
|Inferences from the information described above.||We typically retain inferences for the same period of time for which we retain the underlying data|
Disclosures of Business Data
For those purposes, we may disclose information to our affiliates and other entities that help us with or are otherwise involved with any of the above. For example, we may disclose Business Data:
- To our corporate affiliates: We may disclose Personal Data to any subsidiaries, parent companies, or other affiliated entities.
- To service providers and other vendors: We may disclose Personal Data to service providers that help us with our business, such as companies involved with website hosting, payment processing, information technology, security, advertising, analytics, and marketing.
- To customers and other counterparties.
- For legal issues: We may disclose Personal Data to legal authorities and others where such disclosure is permitted or necessary to comply with or address applicable laws, regulations, or legal process. For example, we may disclose Personal Data to law enforcement or a government authority when we determine this is appropriate in response to a search warrant or other inquiry or order, or to investigate breach of an agreement, legal violations, or potential fraud. We may also disclose Personal Data where we think that our rights or the rights of our users or others are at risk.
- In connection with business transfers: We may disclose Personal Data to any successor to all or part of our business and as part of, or as reasonably necessary to, proceed with a prospective or completed transfer of business assets (e.g., due to a merger, acquisition, or bankruptcy proceeding).
- Other cases: We may disclose Personal Data in other situations, and we will obtain your consent for such disclosures where legally required.
Sources of Business Data
We obtain Business Data directly from the relevant individuals, and also from third-party sources, such as their employers, marketing or lead generation companies, data brokers, and social networking platforms (e.g., LinkedIn).
Legal Basis for Processing Business Data
The laws in some jurisdictions require companies to tell you about the legal ground they rely on to use or disclose your personal data. To the extent those laws apply, our legal grounds for processing Business Data are as follows:
- Legitimate interests: In many cases, we handle personal data on the ground that it furthers our legitimate interests in commercial activities such as the following in ways that are not overridden by the interests or fundamental rights and freedoms of the affected individuals:
- Customer service
- Protecting our customers, personnel and property
- Analyzing and improving our business
- Managing legal issues
- We may also process personal data for the same legitimate interests of our customers and business partners.
- Consent: Where required by law, and in some other cases, we handle personal data on the basis of consent.
- To honor our contractual commitments to you: Some of our processing of personal data is to meet our contractual obligations to our customers, or to take steps at customers’ request in anticipation of entering into a contract with them.
- Legal compliance: We need to use and disclose personal data in certain ways to comply with our legal obligations.
We process Service Data pursuant to our contracts with our customers and applicable law.
Personal Data Rights and Choices (including Direct Marketing Opt-Out)
You may be able to review and update certain user information in our Business Data by logging in to the relevant portions of the Movable Ink website. You can unsubscribe from Movable Ink’s own marketing emails by clicking the "unsubscribe" link they contain. Controls related to third-party cookies and other automated data collection are described in the Cookies and Automated Data Collection section below.
Residents of the European Economic Area, United Kingdom, Switzerland and certain other and many other jurisdictions have certain legal rights (including, in certain cases, under the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks) to obtain confirmation of whether we hold personal data about them as part of our Business Data, to access any such personal data we hold about them, and to obtain its correction, update, amendment, or deletion in appropriate circumstances. In limited cases, they have the right to receive information we hold about them in portable form and to have it transmitted to a third party.
They also have rights to object to our handling of their personal data, to restrict its processing, and to withdraw any consent they have provided. For example, such individuals have a right to opt out of our processing of Business Data for direct marketing purposes.
Many of the rights described here are subject to significant limitations and exceptions under the Privacy Shield Frameworks and applicable law. For example, objections to the processing of personal data, and withdrawals of consent, typically will not have retroactive effect.
For Service Data (which we process on behalf of our customer), you should contact the customer directly. If instead you contact us and identify the relevant customer, we may refer the request to the relevant customer and cooperate with their handling of the request, subject to any special contractual arrangement with that customer.
Additional detail for California residents
|Category of personal information||Category(ies) of entities to which the personal information was disclosed|
|Identifiers, e.g., name, email address, phone number, and IP address||Affiliates, vendors and service providers (e.g., provide us with data management services, manage our digital platforms, or manage our communications and perform market research for us), marketing partners, customers and other counterparties, and entities involved in legal matters.|
|Professional or employment-related information||Same as first row.|
|Commercial information||Same as first row.|
|Financial information||Affiliates and vendors.|
|Communications||Same as first row.|
|Audio or video information||Affiliates, vendors and service providers.|
|Internet or other electronic network activity information||Same as first row.|
|Inferences derived from other personal data||Same as first row.|
CCPA privacy rights
If you are a California resident, California law may permit you to request that we:
- Provide access to and/or a copy of certain information we have about you.
- Delete certain information we have about you.
- Correct certain information we have about you.
Certain information is exempt from such requests under applicable law. For example, if we need certain information to continue providing Services to you that you request, we may reject a request to delete such information while providing the Services to you.
You also may have the right to receive information about the financial incentives that we offer to you (if any).
To request to exercise those CCPA rights and receive the fastest response, please visit https://movableink-privacy.my.onetrust.com/webform/51057d8f-0c35-45ff-b882-c22eabb84a08/d808ef18-fc01-4419-8f33-ddbb4dc3ca6d. Alternatively, you can make your CCPA request via voicemail at the following number: 1-800-270-6033.
To exercise your CCPA right to opt out of what the CCPA calls “sales” or “sharing” of personal data, call that number or visit our Do Not Sell/Share pages. Your browser may also offer a way to activate the Global Privacy Control signal (“GPC”). Our websites each treat qualifying browsers for which the user has activated the GPC signal as having opted out of what CCPA calls a “sale” or “sharing” of any California personal information that is collected on that site from that browser using cookies and similar technology. You can override that treatment for a GPC-enabled browser by using the cookie controls available from the website’s footer to opt into particular categories of cookies from that browser. In that case, “sales” and “sharing” via cookies and similar technology in those categories may resume on that browser./
We may take reasonable steps to verify your identity before responding to your request, which may include, depending on the sensitivity of the information involved, the nature of our relationship with you, and the type of request you are making, verifying your name, email address, and other information regarding your use of our Services.
You can designate an authorized agent to make a CCPA request on your behalf. To do so, we must receive a legally sufficient power of attorney signed by you or other written authorization acceptable to us for the agent to act on your behalf. You may still need to verify your identity and confirm the agent’s authority directly with us if we are not convinced of the validity of the agent’s request. For security and legal reasons, Movable Ink will not accept requests that require us to access third-party websites or services.
Because opt-out requests for “sales” and “sharing” made through cookies and similar technologies must be performed from each browser that is used to access our services, it is easiest for the consumer to perform such opt-outs themselves. However, if you wish for an agent to perform browser-based requests on your behalf, you may arrange for the agent to your consumer’s browser to make such requests, but you may not share your login credentials or logged-in access to our websites with an agent or any other third party. We are not responsible for the security risks of giving an agent browser access or any other arrangements that you may have with an agent.
You have a right not to receive “discriminatory treatment” (within the meaning of the CCPA) for the exercise of CCPA privacy rights.
3. Additional Information About Our Privacy Practices (applicable to both Service Data and Business Data)
To provide security for Service Data, we maintain physical, organizational and technical safeguards, which are subject to periodic changes. We use different safeguards to help secure Business Data.
Cookies and Automated Data Collection
We and third parties may use automated means to read or write information on users’ devices, such as in various types of cookies.
These technologies help us (a) keep track of whether you are signed in or have previously signed in so that we can display all the features that are available to you; (b) remember your settings on the pages you visit, so that we can display your preferred content the next time you visit; (c) display personalize content; (d) perform analytics, and measure traffic and usage trends, and better understand the demographics of our users; (e) diagnose and fix technology problems; and (f) otherwise plan for and enhance our business.
Also, in some cases (not when providing our Services), we arrange for the collection of information by advertising services administered by third parties. The ad services may track users’ online activities over time by collecting information through automated means such as cookies, and they may use this information to show users ads that are tailored to their individual interests or characteristics and/or based on prior visits to certain sites or apps, or other information we or they know, infer or have collected from the users. For example, we and these providers may use different types of cookies, other automated technology, and data (a) to recognize users and their devices; (b) to inform, optimize, and serve ads; and (c) to report on our ad impressions, other uses of ad services, and interactions with these ad impressions and ad services (including how they are related to visits to specific sites or apps).
Please visit your mobile device manufacturer's website (or the website for its operating system) for instructions on any additional privacy controls in your mobile operating system, such as privacy settings for device identifiers and geolocation.
International Data Transfers
As a business subject to the investigatory and enforcement authority of the United States Federal Trade Commission, Movable Ink has certified that its U.S. operations adhere to the Privacy Shield with respect to the personal data that Movable Ink receives in reliance on the Privacy Shield. This includes the relevant personal data that we receive in the U.S. from the U.K. Our Privacy Shield certification is available at https://www.privacyshield.gov/list. To learn more about the Privacy Shield program, please visit https://www.privacyshield.gov.
We acknowledge that the Court of Justice of the European Union ruled in 2020 that a certification under the EU-U.S. Privacy Shield Framework no longer can serve as the basis by which entities subject to the GDPR transfer Personal Data to the United States, and the Federal Data Protection and Information Commissioner later reached a similar view regarding data subject to Swiss law. As affected customers who relied only on our Privacy Shield certification have transitioned to Standard Contractual Clauses and other safeguards, we continue to honor our legal obligation to comply with the Privacy Shield.
When Movable Ink receives personal data under the Privacy Shield and then transfers it to a third-party service provider acting as an agent on Movable Ink’s behalf, Movable Ink may have certain responsibility under the Privacy Shield if both (a) the agent processes the information in a manner inconsistent with the Privacy Shield and (b) Movable Ink is responsible for the event giving rise to the damage.
If after following all of the steps above, your complaint still is not resolved, under limited circumstances, an additional binding arbitration option may be available before a Privacy Shield panel, as described at https://www.privacyshield.gov.
Please note that Movable Ink’s customers may transfer personal data to Movable Ink on the basis of other legal mechanisms approved by the European Commission and other relevant authorities for cross-border data transfers, such as Standard Contractual Clauses. To exercise any legal right to see copies of the data transfer mechanism documents that Movable Ink uses to transfer data to third parties, please contact us.
Notification of Changes
Attention: Legal Department
5 Bryant Park, 9th Floor
New York, NY, 10018
Attention: Legal Department
48 Warwich Street, 2nd Floor
London, W1B 5AW, United Kingdom
To submit a Data Subject Rights Request in relation to our Business Data, please email firstname.lastname@example.org. For requests relating to Service Data (personal data that we process on behalf of a customer), please contact that customer directly.
Get a Demo
Activate your data into personalized content in any customer engagement. Get a demo to see why the world’s most innovative brands rely on Movable Ink to drive customer engagement and accelerate their marketing performance.Get a Demo