PRIVACY POLICY
Note: Effective July 17, 2023, the Privacy Shield Program has been replaced by the Data Privacy Framework (DPF) program. Information about the new DPF program can be found at https://www.dataprivacyframework.gov/s/.
For the privacy policy applicable to human resources data, this is available on the company intranet or may be requested by contacting [email protected].
DATA PRIVACY POLICY
Effective date: August 10, 2023
Updated: October 15, 2024
The MD7 group is committed to protecting and respecting the privacy of our customers, vendors and the users of our website. This Data Privacy Policy (the “Policy”) sets forth the privacy principles that the MD7 group follows with respect to the use of information we collect and receive from our customers, vendors and users of our website, including information from residents of the European Economic Area (“EEA”) and Switzerland that may be transferred to the United States. Visitors to our website are bound by the terms and conditions of this Policy in effect at the time of their visit; those who do not want this Policy to apply to them should not make use of our services.
For the purpose of applicable European and Swiss data protection legislation, the Data Controller is:
for Personal Data Processed through our website, app or related service, the controller is MD7, LLC, 950 West Bethany Drive, Suite 700, Allen, TX 75013 (“MD7, LLC”).
for Personal Data Processed in connection with a contractual agreement that you have with one of the MD7 entities, the controller is the contracting MD7 entity, i.e.:
for US contracting parties, this is MD7, LLC; and
for EEA and non-US contracting parties, this is either MD7 International (Telecommunications) Limited (Scotch House, 6/7 Burgh Quay, Dublin 2, D02 VK44, Ireland, “MITL”) or MD7 Nederland B.V. (Wim Duisenbergplantsoen 51, 6221 SE Maastricht, The Netherlands, “MD7 NL”).
Privacy Framework Principles
MD7, LLC complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Md7, LLC has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF. Md7, LLC has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
The Federal Trade Commission (FTC) has jurisdiction over MD7, LLC’s compliance with the EU-U.S. DPF Framework, and the Swiss-U.S. DPF Framework, and MD7, LLC is subject to the investigative and enforcement powers of the FTC.
Definitions
The following definitions apply to our Policy:
“Data Processor” means any person or organization, including any third party vendor or service provider, who processes Personal Data on our behalf and under our instructions for the purposes set forth in this Policy.
“Data Subject” (or “you”) means all natural persons (our customers, vendors and users of the website) about whom we hold Personal Data.
“Electronic” means relating to technology having electrical, digital, magnetic, wireless, optical, electromagnetic, or similar capabilities.
“Personal Data” means information (whether stored electronically or in paper-based filing systems) relating to an identified natural person or that could reasonably be used (by itself or in combination with other data reasonably available) to identify a natural person. Personal Data does not include anonymous information, namely information which does not relate to an identified or identifiable natural person or to Personal Data rendered anonymous in such a manner that the Data Subject is not or no longer identifiable.
“Processing” is any activity that involves use of the Personal Data. It includes obtaining, recording or holding the Personal Data, or carrying out any operation or set of operations on the Personal Data, including organizing, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transferring Personal Data to third parties.
“Sensitive Personal Data” means Personal Data that reveals race, ethnic origin, political opinions, religion or philosophical/ideological beliefs or activities, trade union membership, genetic data, biometric data, information on criminal convictions and offences, health status, or sexual orientation, preference or activities.
Scope
This Policy applies to the Personal Data Processed in connection with your use of our website, products, services, apps or in connection with the contractual relationship you have with one of our entities. This Policy covers Personal Data we Process regarding Data Subjects. Please read the following carefully to understand our views and practices regarding your Personal Data and how we will treat it.
Processing of Personal Data
Personal Data We May Process and Purposes
A variety of Personal Data is Processed through the means described below. When you are asked to provide Personal Data, you may choose not to. But if you decline to provide Personal Data, your ability to use the website, product, service or app, or your ability to enter into a contract with one of our entities may be diminished or restricted.
Type of Personal Data
The Personal Data Processed through our website, app or related service, or in connection with a contractual agreement that you have with one of the MD7 entities includes:
Personal information, such as your name, address, telephone number, email address, mailing address and other (contact) information that you give through, for example, an input form on our website, through surveys, through the contractual arrangement you have with one of our MD7 entities, or through other means.
Personal information, such as Internet Protocol (IP) address, personal computing device location, internet browsing history and preferences that are automatically collected through the use of cookies (see Cookie Policy, below).
Lawful Bases and Purposes of Processing
Your Personal Data is Processed on the following lawful bases and for the following purposes:
For the performance of the agreement with you, e.g. to respond to your requests, such as a request for information, or a request to subscribe to a service or enter into a contract; to provide, manage, maintain, and secure the service(s) you request.
On the basis of your consent, e.g. to provide you with information about MD7's technologies, product or service releases, news, and other (marketing) communications.
For our legitimate interests, e.g. to provide existing customers marketing communications; to operate and improve the business, including to administer, protect, and improve services and systems; to develop new products and services, and for other internal business purposes; to better understand the preferences of the users of our services, compile aggregated statistics about usage of our services, and help personalize or improve your experience of the website and services; to optimize the performance of our website; and to conduct a prospective or actual sale, merger, transfer or other reorganization of all or parts of the business.
To comply with a legal obligation to which the relevant MD7 entity is subject, e.g. in connection with national security requests, requests from law enforcement officials and court proceedings.
We primarily use the Personal Information that we collect for our legitimate commercial interests, such as to improve our site, interact with clients, suppliers and other third parties, grow our business and offer our own, or our affiliates’ products or services that we think you may find of interest. This may include processing your Personal Information for the following reasons:
- To respond to your requests, including providing you with support, monitoring and improving our responses and investigating and addressing your concerns;
- To provide services to you, including customer service issues;
- To send communications to you about our current services, new services that we are developing, and opportunities that may be available to you;
- To alert you to new features or enhancements to our services;
- To communicate with you about your transactions or potential transactions with us;
- If you are an existing customer, to administer your account;
- To expand our business, including providing, supporting, personalizing and developing our site, products and services and evaluating changes to our business;
- To ensure that our site and our services function in an effective manner for you;
- To keep our site safe and secure, including to respond to law enforcement or other regulatory requests; and
- To measure or understand the effectiveness of advertising and outreach.
For information about how we use cookies on our website, please see the “Cookies” section below.
Information We Share
We do not sell or otherwise share personal information about you, except as described in this Data Privacy Policy. We may share personal information with third parties (e.g. service providers) who perform services on our behalf and with whom we have written agreements in place. These third parties are not authorized by us to use or disclose the information, except as necessary to perform services on our behalf or comply with legal requirements. We may also share the personal information we obtain with our affiliates or subsidiaries.
We also may disclose information about you (i) if we are required to do so by law, regulation or legal process (such as a court order or subpoena), (ii) in response to requests by government agencies, such as law enforcement authorities, (iii) for the purpose of or in connection with legal proceedings, or otherwise for the purpose of establishing, exercising or defending our legal rights, or (iv) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation of suspected or actual illegal activity. We also reserve the right to transfer any information we have about you in the event we sell or transfer all or a portion of our business or assets (including in the event of a reorganization, dissolution, liquidation or other corporate event).
We are headquartered in the U.S., transact business globally, and have affiliates, service providers, and relationships with counterparties all over the world. This means that we may transfer your personal information to locations outside of your local country. Where we transfer personal information subject to European Union, Swiss, or any other international privacy laws to our service providers or other organizations involved in the management of our affiliated companies in those countries, we do so on the basis of data transfer agreements or other appropriate safeguards designed to protect the privacy of your information, in line with applicable legal requirements.
We do not sell your personal information to any third parties or share your personal information with third parties for cross-context behavioral advertising or to use for their own marketing or other purposes.
Retention Term
We will retain such Personal Data for as long as it is required for purposes for which it was collected. This will be, for example, for as long as necessary to perform your request (e.g., your request to receive newsletters, until you opted-out) or for as long as necessary in view of the ongoing commercial relationship until the end thereof, plus the length of any applicable statutory limitation period.
A Special Note about Children’s Privacy
Children are not eligible to use our services and we do not knowingly Process children’s Personal Data. You must be at least 13 years old to use this website, and we ask that minors under the age of 13 do not submit any Personal Data to us. We do not knowingly collect, use or disclose Personal Data about visitors under 13 years of age.
Sensitive Personal Data
Please note that our practice is that we do not Process Sensitive Personal Data.
Cookies
MD7, LLC is committed to transparency when it comes to the technologies we use, and we have outlined below how we use cookies when you visit our website.
Cookies are small pieces of code issues to your device when you visit a website, which store and sometimes track information about your use of the site. We use cookies to elevate your user experience and the quality of our site and service. When you enter our site, our web server sends a cookie to your computer, which allows us to recognize your computer.
When you access our website outside of Switzerland or Europe, our system will automatically issue cookies when you log on to our website (unless you have set your browser to reject them). You are also able to visit our Cookie Page to learn more about the cookies used on this website.
If visiting the MD7, LLC website from Switzerland or Europe, we display a banner to explain how we use cookies on our homepage, so that you can consent to our placement of cookies on your browser. The banner appears until you click on whether you agree to the use of cookies, or refuse the use of cookies. We place a persistent cookie on your browser to log your consent, if appropriate.
You are free to refuse consent, but please be aware that restricting cookies will impact your user experience and may prevent you from using part of our website.
Cookies can be removed from your browser in two ways: automatically (when they expire), or when you manually delete them. We have included more details below to help you understand what kinds of cookies we use and how you can manage them.
MD7, LLC’s primary reason for using cookies is to make our website work more effectively. We also use cookies to track the performance of our website so that we can improve it, and enable the selection and delivery of online marketing and advertising, which is relevant to you.
Our website may use the following types of cookies:
- Strictly necessary cookies. These are cookies that are required for the operation of our site. They include, for example, cookies that enable you to log into secure areas of our site. We do not require your consent to place these cookies. Nevertheless, you may be able to block these cookies yourself on your device / browser, but restricting these cookies is likely to mean that our site will not work as you would expect and certain functionality may be inoperable.
- Non-essential cookies, which may include the following:
-
- Analytical / performance cookies. These allow us to recognize and count the number of visitors and to see how visitors move around our site when they are using it. This helps us to improve the way our site works, for example, by ensuring that users are finding what they are looking for easily. We use cookies to compile visitor statistics such as how many people have visited our site, how they reached our site, what type of technology they are using (e.g. Windows or Mac, which helps us to identify when our site is not working as it should for particular technologies), how long they spend on the site, what page(s) are viewed, etc. This helps us to continuously improve our website.
-
- Functionality cookies. These are used to recognize you when you return to our site. This enables us to personalize our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
-
- Advertising / Targeting cookies. MD7, LLC uses remarketing. Placing a remarketing tag on our website can help us reach visitors who have previously visited our website as they visit other sites on the Google Display Network™ or search on Google®. Using remarketing, these visitors will be shown messages tailored to specific sections of our site they visited. The remarketing tag uses third-party cookies from the Google Display Network. Visitors can opt-out of Google’s use of cookies by visiting Google Ads settings.
-
- Session cookies: These temporary cookies expire and are automatically erased whenever you close your browser. We use session cookies to grant our customers access to content and to enable commenting.
-
- Persistent cookies: These usually have an expiration date in the distant future and remain in your browser until they expire of you manually delete them. Persistent cookies may be used for a variety of purposes, including remembering our users’ preferences and choices when using our site or to target advertising. Whether a cookie is a “first” or “third” party refers to the website or domain placing them. In basic terms, first-party cookies are set by a website visited by the user – the website displayed in the URL window. The third-party cooking are cookies that are set by a domain, such as google.com, other than the one being visited by the user. If a user visits a website and a separate company sets a cookie through that website, this would be a third-party cookies.
We may also use third-party cookies on the site. In keeping with our policies, these session or persistent cookies are set only by trusted partners to MD7, LLC. These cookies may collect information about your online activities across websites and over time. The third parties who may set cookies through our site include LinkedIn, YouTube, Facebook, Instagram, Elfsight and Bing.
The third-party cookies we may use on our website may track site performance and usage, monitor chat sessions or a users’ location, or compile reports that help us improve the site. When you access our website, in certain jurisdictions, as required by law, you will receive a clear notice advising you that we intend to use cookies and that you must click an “I accept” box in order for cookies to be placed.
Social media plugins by the social media providers such as Twitter and LinkedIn may be implemented on this website. Your web browser establishes a direct connection to the provider’s servers only when you activate the plugins. If you do not wish for the plugin providers to receive, save, and use data gathered through this website, you should not use the respective plugins.
We may also use tracking pixels on this web. A tracking pixel is a 1x1 image created with a small piece of HTML coding, used to track behavior when a user lands on our website.
If you prefer not to receive cookies or have pixels used through our website, you can either set your browser to reject cookies, or you can visit our Cookie Preferences page here. Within our Cookie Preferences page, you can choose to accept all cookies, reject all cookies, or accept / reject particular categories of cookies. If you access our website in Europe, you can refuse to click the “I accept” box, and instead click the “I refuse” box when you are presented with a cookie notice on our homepage. Likewise, you can manage specific categories of cookies within the Cookie Preferences page.
When you access our website outside of Switzerland or Europe, our system will automatically issue cookies when you log on to our website (unless you have set your browser to reject them).
We do not use flash cookies (which are sometimes referred to as local shared objects or LSOs).
We do not use cookies to provide your data to third parties in exchange for monetary consideration, but we may receive other consideration for allowing third parties to access cookies.
You can browse our site with cookies disabled, though some interactions may not work properly.
There are several ways you can manage your cookie settings and preferences:
- Learn more about cookies: http://www.allaboutcookies.org/
- Visit our Cookie Preferences Page
- Visit our Cookie Policy page
- Opt out of third-party vendor’s use of cookies: Network Advertising Initiative opt-out page
- Manage cookies in your web browser
For the most updated information on cookies, pixels and social media plugins, please visit our Cookie Policy page, here. The Cookie Policy provides specific information as to what cookies and pixels are currently in use with our website, as well as specific instructions needed to manage cookies and pixels, or withdraw consent to their usage.
Where We Store and Process Data, including Disclosure and Transfer
Personal Data may be disclosed to and Processed within our organization. For example, Personal Data may be disclosed to MD7, LLC in the United States as, and to the extent, business needs require.
Furthermore, we may provide Personal Data to Data Processors for the purposes set forth in this Policy. For example, MD7, LLC stores Personal Data in facilities operated by a Managed Cloud Company. Personal Data will only be disclosed to a Data Processor if it agrees to comply with procedures and policies which are compliant with our Policy and procedures regarding data protection, or if the Data Processor puts in place adequate measures which are compliant with applicable law and are consistent with our obligations under the DPF.
The above disclosures may include transfers of Personal Data from the EEA or Switzerland to the United States or other countries that may not provide an equivalent level of privacy or data protection law as your country. When Personal Data is transferred from the EEA or Switzerland, we use a variety of legal mechanisms to effectuate the transfer (such as your consent, our DPF Certification or the use of Standard Contractual Clauses (of which you may request a copy via the contact details below)). All employees within our organization and Data Processors who handle Personal Data are required to comply with the principles stated in this Policy, and may access and use Personal Data only if they are authorized to do so and only for the purposes for which they are authorized.
Furthermore, we will transfer Personal Data to Data Processors who reasonably need to know such data only for the scope of the initial transaction and will not Process Personal Data for other purposes. We take reasonable and appropriate steps to ensure Data Processors process EU and/or Swiss Personal Data in accordance with our DPF obligations and to stop and remediate any unauthorized processing. If you are an EU or Swiss individual, where we transfer your personal data to a third party service provider who performs services for us or on our behalf, we are responsible for the processing of that data by them and shall remain liable if they process your personal data in a manner inconsistent with this Policy, unless we prove we are not responsible for the event giving rise to the damage.
In addition to the foregoing, we may share your Personal Data with third parties as follows:
- Business Transaction Disclosures. Your Personal Data may be shared or transferred in connection with a prospective or actual sale, merger, transfer or other reorganization of all or parts of our business.
- Legally-Required Disclosures. Your Personal Data may also be shared or transferred as required by law or in the interest of protecting or exercising MD7’s or others’ legal rights, e.g., without limitation, in connection with national security requests, requests from law enforcement officials, and court proceedings.
- Transfers overseas. The Personal Data we collect in connection with your use of the website, app or related service, or in connection with a contractual agreement that you have with one of the MD7 entities will be held on our computers and systems in the European Union and in the computers and systems of our offices in the United States and may be accessed by or given to our staff working outside the European Union.
Our Responsibility for Personal Data
How we protect Personal Data
Reasonable efforts are used to maintain the accuracy and integrity of Personal Data and to update it as appropriate to protect Personal Data from loss, misuse, and unauthorized access, disclosure, alteration, or destruction, taking into due account the risks involved in the processing and the nature of the Personal Data.
Reasonable security procedures have been implemented in an effort to ensure that any Personal Data we hold is kept in accordance with this Policy. Physical, administrative and technical procedures are also used to limit access to Personal Data as described in this Policy. In addition, security measures and technology are maintained to assist us so that Personal Data is not disclosed either orally or in writing or via the internet or by any other means, accidentally or otherwise, to any unauthorized third party.
Although industry standard efforts are used to safeguard the confidentiality of your Personal Data when you transmit it over the Internet, such as firewalls and Secure Socket Layers, perfect security does not exist on the Internet.
Website Links to Other Sites
Our website operated by MD7, LLC contains links that may direct users to other websites. MD7, LLC is not responsible for the privacy practices of or the content contained in other websites that may be accessible by links from our website, and the privacy practice on those sites may differ from that of MD7, LLC as set out in this Policy. MD7, LLC is not responsible for any product or services that you download, purchase, or otherwise receive in any manner or form, from a third party website.
Do Not Track Signals
We do not currently respond to “Do Not Track” (“DNT”) signals sent by web browsers. A uniform standard has not yet been adopted to determine how DNT signals should be interpreted and what actions should be taken by websites and third parties that receive them. However, you may use a variety of other means of controlling data collection and use, including cookie controls in your browser settings.
Anti-Spam Policy
The MD7 entities will not send email marketing communications and advertisements unless applicable law authorizes us to do so. We may do so on the basis of your consent, such as when you submit your email address and opt-in to receive marketing communications (for example to MD7, LLC through the website). You may withdraw your consent at any time by contacting the applicable Data Controller at one of the contact methods listed below under “Administration of this Policy” or to send an opt-out request via the unsubscribe link included in the email you have received.
Your Choices
Opt-In/Out. In some circumstances, such as email marketing, the applicable Data Controller offers you the ability to opt-in or opt-out of some kinds of data collection, use, or sharing. In such circumstances, the applicable Data Controller will respect your choice. In addition, where required by applicable law, the applicable Data Controller may offer you an opportunity to choose whether your Personal Data is (i) to be disclosed to a third party or (ii) to be used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by you. Further, when the applicable Data Controller Processes Sensitive EU and/or Swiss Personal Data (which in practice, we don't), we will obtain your opt-in consent where the DPF or applicable law requires, including if we need to disclose your Sensitive EU and/or Swiss Personal Data to third parties, or before we use your Sensitive EU and/or Swiss Personal Data for a different purpose than we collected it for or than you later authorized.
Right to Access, Rectification, and Erasure. The applicable Data Controller provides Data Subjects with reasonable access to the Personal Data we hold about them. To learn what Personal Data we hold about you or to correct, amend or delete that Personal Data, please submit a written request using one of the contact methods listed below under “Administration of this Policy”.
In addition, to the extent that either the EU-U.S. DPF Framework or the Swiss-U.S. DPF Framework data protection legislation applies, you may have the following additional rights:
Right to Restriction. You may ask the applicable Data Controller to restrict the Processing of your Personal Data where, for example, we no longer need your Personal Data for the purposes of the Processing, but they are required by the Data Subject for the establishment, exercise or defense of legal claims.
Right to Withdraw Consent. You have the right to withdraw your consent at any time where the applicable Data Controller Processes your Personal Data on the basis of your consent.
Right to Data Portability. You can request the applicable Data Controller to receive certain Personal Data which you have provided to us in a structured format, which can be transmitted to another service provider where technically feasible. This only applies to Personal Data the applicable Data Controller Processes by automatic means, and on the basis of your consent or the performance of a contract between you and the applicable Data Controller.
Right to Lodge a Complaint. You also have the right to lodge a complaint with a supervisory authority, in particular in your Member State of residence, if you consider that the Processing of your Personal Data infringes applicable data protection law.
For further information regarding your rights, or to exercise any of your rights, please contact our President, International at the contact details listed below under “Administration of this Policy.”
Administration of This Policy
Our President, International is responsible for ensuring compliance with the law and with this Policy. Any requests regarding your Personal Data and/or questions or concerns about the interpretation or operation of this Policy or about what may or may not be done with regard to Personal Data should be sent by email to [email protected] or by mail to President, International, MD7, 950 W. Bethany Drive, Suite 700, Allen, TX 75013. Please always indicate to which Data Controller (MD7, LLC, MITL, or MD7 NL) the request or question relates. The President, International responds to questions, concerns, or complaints within one month of receipt.
Enforcement and Oversight of Our Policy
We will conduct periodic compliance audits of our privacy practices to verify adherence to this Policy, the EU-U.S. DPF, and the Swiss-U.S. DPF. We conduct annual self-assessments of our practices with respect to Personal Data to verify that representations we make about our Personal Data privacy practices are true and have been implemented as represented. Any employee found to have violated this Policy is subject to disciplinary action, up to and including termination of employment.
DPF Enforcement and Dispute Resolution
In compliance with the EU-U.S. DPF and the Swiss-U.S. DPF, we commit to resolve DPF Principles-related complaints about our collection and use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the Swiss-U.S. DPF should first contact us by email to [email protected] or by mail to President, International, MD7, LLC, 950 West Bethany Drive, Suite 700, Allen, TX 75013. We resolve to respond to complaints within one month of receipt.
- In compliance with the EU-U.S. DPF and the Swiss-U.S. DPF, MD7 commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the Swiss-U.S. DPF to ICDR-AAA, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://go.adr.org/dpf_irm.html for more information or to file a complaint. The services of ICDR-AAA are provided at no cost to you.
You may have the option to select binding arbitration before a DPF Panel for the resolution of your complaint under certain circumstances, provided you have taken the following steps: (1) raised your complaint directly with us and provided us the opportunity to resolve the issue; and (2) made use of the independent dispute resolution mechanism identified above.
Changes in this Policy
We reserve the right to change this Policy at any time. If we modify this Policy, we will provide notification of the changes as needed, for example on our website at least thirty (30) days prior to the date the change becomes effective. It is our policy to post any changes we make to this Policy on this page with a notice that the Policy has been updated on the website home page. If we make material changes to how we treat Personal Data, we will notify you through a notice on the website home page or through other means required by applicable law. Our Policy will indicate the date it was last updated. Your continued use of our site and our services will signify your acceptance of the changes to our Policy.