Privacy Statement

Collecting Personal Data

The Personal Data we collect includes:

• Your name, email address, postal address or telephone number;
• Your title, company name and address;
• Details of the resources you access on the Site and any data you download; and/or
• Details of other engagements with Mimecast, such as trade show interactions.

In some instances, we may combine one type of information with another, and store them together in our records. In all cases, however, we strive to limit the amount of Personal Data we collect and store.

We ask that you not send or otherwise share with us any sensitive Personal Data, which includes but is not limited to your government-issued ID numbers (e.g. Social Security number, national identification number, or driver’s license number), racial or ethnic information, political or religious opinions, or your health information.

We collect Personal Data in a variety of ways including:

• Through web pages on the Site (e.g. when you request a white paper or complete a form for general or partner inquiries);
• Through responses to an online email or electronic promotion or survey;
• Through online forums and social networks (please note that any Personal Data that you choose to submit to one of our online forums or social networks may be read, collected, or used by others who visit these community areas and may be used to send you unsolicited messages. You should carefully consider whether you wish to submit Personal Data to these forums or social networks and should tailor any content you submit appropriately and in accordance with the relevant terms of use); and/or
• Over the telephone.

Using Personal Data

As it is in our legitimate interest to be responsive to you and to ensure the proper functioning of our Services and organization, we will use your Personal Data in the following ways:

• To assist in responding to your inquiries, including answering your questions on pricing and technical information relating to our Services;
• To learn more about your requirements (through surveys and the like) in support of development of our Services;
• To carry out research on our users' demographics;
• To request your opinion and feedback on areas of the Site or in connection with our Services;
• At your request to register you for a trial of our Services; and
• At your request to provide you with a quote for our Services.

If you consent, or where we are permitted under applicable law, we will send you information we think you will find useful about our Services or, at your request, subscribe you to our newsletters and alerts concerning the Services we provide. You are able to change your subscription preferences anytime though our Preference Center by clicking here.

We may obtain information from third parties to combine with the Personal Data we have gathered as described in this Privacy Statement in order to improve our marketing activities and to ensure the Personal Data we hold are relevant and up-to-date. Also, if we provide a means for you to refer a third party to the Site, we will send the third party an email on your behalf with details about the Site. You can unsubscribe to emails by following the unsubscribe instructions in our Preference Center by clicking here, through marketing email communications sent to you, or you can raise a request via our dedicated online portal here or by post at the address provided below. We provide additional information about your Data Subject Rights and how you may exercise them below.

Sharing and Disclosing Personal Data

We do not sell or rent your Personal Data to third parties. We do not share Personal Data, except as expressly provided in this Privacy Statement. We share your Personal Data with the following recipients for the following reasons (keep in mind that all of these third parties and reasons may not be applicable to you):

• Our reseller partners to allow them to provide marketing information on our behalf as described above.
• Third party service providers that assist us with (i) website hosting and maintenance; (ii) sending communications; (iii) updating marketing lists and database management; (iv) analyzing data; and (v) the provision of the Site and the marketing of our Services. These service providers will only use your Personal Data to the extent necessary to perform their functions and are subject to contractual obligations to maintain the security and confidentiality of all information they process.
• We may analyze some of your Personal Data and Other Data and IP Information (both described below) in aggregate form which does not identify you personally. We may share this aggregate data with our affiliates, current and prospective business partners, and to other third party service providers to disclose aggregate statistics about visitors to the Site and in order to describe our Services generally, including on our Site, but these statistics will not include Personal Data. We may also share this information with these parties for other lawful purposes.
• We may share, disclose, or provide your Personal Data to third parties: (i) when attempting to collect a payment or debt; (ii) when required to combat fraud or to protect our interests; and/or (iii) to enforce our Privacy Statement, our Terms of Use, or any terms of service or end user license agreement of Mimecast;
• In addition, in the event of a corporate sale, reorganization, dissolution or the sale of any business or assets, Personal Data will be included in the transferred assets. As a result, the successor of Mimecast will continue to use your Personal Data as set forth in this Privacy Statement.
• We will disclose your Personal Data if required to do so to comply with any applicable law or regulation or in response to a legal demand, subpoena, warrant or other similar request. We will also disclose your Personal Data to any regulatory or law enforcement or governmental agency if we believe that such action is necessary to protect the rights, property or personal safety of Mimecast, its customers, the public or any third party.

Transferring your Personal Data

The Personal Data that we collect from you will be transferred to, stored and processed by our affiliates, properly vetted sub-processors and third party service providers. These parties are engaged in, among other things, the provision of our Services, as well as support services, and maintenance and operation of the Site. By submitting your Personal Data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your Personal Data is treated securely and in accordance with this Privacy Statement. Each Mimecast subsidiary and affiliate receiving your Personal Data is bound by an Intercompany Agreement that complies with the standard contractual clauses for the transfer of Personal Data to controllers established in third countries set out in the European Commission Decision 2010/87/EU. All sub-processors and third party service providers are under appropriate contractual obligations to ensure the safety and confidentiality of your Personal Data.

Security

At Mimecast, we are committed to maintaining the security of the Personal Data we collect from activity on this Site and from other marketing efforts, as well as through our Services. We have therefore implemented technical and operational measures that are intended to reduce the risk of accidental destruction or loss, or the unauthorized disclosure or access to Personal Data that are collected either through our marketing efforts or the Services. You can learn more about our technical and organizational measures by clicking here.

These technical and organizational measures are periodically reviewed and enhanced as necessary and only authorized personnel have access to Personal Data. While we use all reasonable efforts to prevent the loss or misuse of your Personal Data, we cannot guarantee the security of any Personal Data you submit via the Site or that the Personal Data that you supply will not be intercepted while being transmitted to and from us over the Internet. Therefore, you acknowledge and agree that we assume no liability regarding the theft, loss, alteration, or misuse of your Personal Data, including, without limitation, such Personal Data that has been provided to third parties or other users, or with regards to the failure of a third party to abide by the agreement between us and such third party.

Technical information collected automatically from the Site

When you visit the Site, our systems automatically collect the following information about your visit (“Other Data”):

• the type of internet browser you use;
• the language of your browser;
• the website from which you have come to the Site;
• the webpages you view on our Site; and
• the links you clicked on our Site;

We also collect your public IP address (the unique address which identifies your computer on the internet). This IP address is typically collected on a country or regional level. We collect your IP address to verify that requests are legitimate and we may automatically cross-reference your public IP address with your domain name (identified collectively as “IP Information”). "Other Data" does not include IP Information.

We use this Other Data and IP information to assist us in:

• providing, improving, and administering the Site;
• providing customer care and support services;
• providing security and safety to our Site visitors;
• monitoring activity usage of the Site; and
• measuring the effectiveness of the content we serve.

We do not use Other Data and IP Information to learn any information about you personally but it may be associated by us or our third party service providers with Personal Data that has been provided by you or otherwise available to or held by us. The collection of this Other Data and IP Information will cease once your use of the Site has ceased, depending on your use of our Services your IP Information may still be collected. However, the Other Data and IP Information collected may be retained, accessed, and used by us as long as necessary for the purposes described herein.

We (or our third party service providers) may collect your Personal Data using cookies, pixel tags, web beacons, embedded web links, and similar technologies for:

• Storing your preferences and settings - We may store Personal Data in a cookie so you will see relevant local information when you return to the Site. We also may save preferences, like language and browser so these do not have to be reset each time you return to the Site.
• Detecting abuse or fraud on the Site.
• Social Media - Our Site includes certain social media features (such as a “share” or “like” button). Those features are provided by the applicable social media platform (such as Twitter or Facebook). Where Personal Data is collected through the social media feature, the use of that Personal Data is governed by the privacy policy published by the social media platform that provides the feature.
• Internet-Based Advertising - We also use cookies, Other Data and IP Information to target advertising for our Services on third party sites.
• Showing advertising - We use cookies to record how many visitors have clicked on an advertisement and to record which advertisements you have seen so you don’t see the same one.
• Analytics - We use cookies to gather usage and performance data for the Site.

For example, we use Google Analytics, a web analytics service provided by Google, Inc., to evaluate your use of the Site, compile reports on activity, and provide other services relating to Internet usage. Google Analytics uses first-party cookies that store information, such as what time the current visit occurred, whether the visitor has been to the web page before, and what site referred the visitor to the web page.

We have also implemented Display Advertising Remarketing with Google Analytics to advertise online. This means that third-party service providers, including Google, display our ads on sites across the Internet and that we and third-party service providers, including Google, use first-party cookies (such as the Google Analytics cookie) and third-party cookies (such as the DoubleClick cookie, see: http://www.google.com/doubleclick) together to inform, optimize, and serve ads based on your past visits to the Site.

By using the Site, you consent to the processing of data about you by Google in the manner and for the purposes set out above. If you choose, you can opt out of the processing of data about you by Google for Display Advertising and/or customize the ads by using Google's Ads Settings at: http://www.google.com/settings/ads. You can opt out of the processing of Personal Data about you by Google generally by turning off cookies in the preferences settings in your browser, or by downloading and installing Google Analytics Opt-out Browser Add-on at http://tools.google.com/dlpage/gaoptout. The Google Analytics Opt-out Browser Add-on does not prevent information from being sent to the Site itself or to other web analytics services.

For more information on Google Analytics, please visit: https://www.google.com/analytics/.

You can choose to reject certain collection technologies (such as cookies) but then you might not be able to take advantage of many of our features. You can read more about cookies here.

Personal Data rights. You have the right to access and receive a copy of Personal Data that we hold about you, to rectify any Personal Data held about you that is inaccurate or, in certain circumstances, request the deletion of Personal Data held about you. You also have the right of data portability for Personal Data you have provided to us – this means that you can obtain a copy of your Personal Data in a commonly used machine-readable electronic format so that you can manage and move it, or request that we send it to a third party. You may have the right to restrict or object to the processing of your Personal Data by us, including for direct marketing. You can exercise your rights via our dedicated online portal here.

Marketing. You have the right to ask us not to process your Personal Data for marketing purposes. You can exercise your right to prevent such processing at any time by contacting us at via our dedicated online portal here, or by managing your subscription preferences through our Preference Center by clicking here.

Complaints. In compliance with the Privacy Shield Principles, Mimecast commits to resolve complaints about our collection or use of your Personal Data.  EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact our dedicated online portal here and we will respond to your request. This is without prejudice to your right to file a claim with a supervisory authority (e.g. the Information Commissioner’s Office in the UK). If you have an unresolved concern relating to your Personal Data that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) JAMS for more information or to file a complaint.