Privacy Policy

Privacy Statement

Effective May 25, 2018

We recognize that users of our Web Site and those whose information may be processed in connection with our brand protection products and domain name registration services have a right to understand how we treat their information. This Privacy Statement, which may be updated from time to time, has been developed to provide that information.

It gives details of how MarkMonitor (“MarkMonitor,” “we”, “us” or “our”) processes personal data about you, as well as information about your rights and about how you can contact us if you have questions about how we handle your information.

SCOPE OF THIS PRIVACY STATEMENT

This Privacy Statement explains how we treat the personal data we collect when you use our Web Site located at www.markmonitor.com and our MarkMonitor Mobile App (together the “Web Site”) or our products and services. It also provides information about how we treat the personal data processed in connection with our products and services.

It also includes specific information on WHOIS domain name registration data.

Sometimes we may need to give you additional notices about specific interactions with us. Where we do so, we will make it clear that these additional notices apply.

WHO IS MARKMONITOR?

MarkMonitor provides solutions for the discovery, establishment and protection of intellectual property rights. It is made up of a number of different legal entities, which together form the MarkMonitor group.

MarkMonitor Inc. is an accredited registrar for the WHOIS domain name database and is the data controller of personal data submitted in connection with domain name registrations. Its representative in the European Economic Area is Clarivate Analytics UK Ltd, Friars House, 160 Blackfriars Road, London, England, SE1 8EZ.To find out which legal entity makes decisions about the way other personal data is treated, please contact data.privacy@clarivate.com

WHAT SOURCES DO WE COLLECT INFORMATION FROM?

When you visit our Web Site or use our products and services, we collect information about you. Typically, we collect or obtain your personal data because you provide it to us, or we observe or infer that information about you from the way you interact with us.

In some cases, if you choose not to provide us with requested information, you may not be able to access all of our Website’s content or our products or services.

We use WHOIS domain name registration information and publicly available information to provide our products and services.

We collect personal data from you:

• when you interact with us, e.g., when you contact us, purchase or use our services, and request content. We may retain a record of users who have contacted us in order to respond properly to questions or concerns and for purposes of future communications.
• when you use our Web Site, e.g. when you fill in online forms, we collect the information that you include in those forms.
• through cookies and similar technologies included on our Services, e.g. when you access the Website, we collect device and usage information as described in more detail here.

We also collect personal data about you from third parties such as:

• the organisation(s) or person(s) who have arranged your access to our products and services (e.g. your employer may provide us with contact information so that we can set up your login)
• WHOIS registrars in order to enable us to carry out brand protection activities. For example, if a website registered in your name contains potentially infringing material, we look up your contact details so that we can ask you to remove that material [Hyperlink to “How Do We Treat WHOIS Domain Name Registration Information?”]
• clients who instruct us in connection with our brand enforcement services
• from internet searches. Where intellectual property infringement may be taking place, we collect personal data relating to web locations (such as IP addresses, social media content, and domain names)
• other public or paid-for sources in connection with brand protection investigations.

WHAT TYPES OF PERSONAL DATA DO WE COLLECT?

How you interact with us, and the different products and services you access or use or are identified in connection with, determines what personal data we collect about you. We generally process non-sensitive personal data. However, in the course of our brand protection activities, we may identify conduct that is a criminal offense in some jurisdictions. You can learn more about this in this section.

The personal data we collect consists of the following:

• Name and contact details, e.g., name, e-mail address, postal address, telephone number
• Login Credentials, e.g., security and credentialing information required to access our services
• User inputted content, e.g. content you provide to us when you use our products and services (e.g. if you use notes areas of our products to record your findings or contact our customer service team)
• Device information, e.g., information about your computer or other device, such as IP address, location or provider
• Usage information, e.g., information about your use of our Web Site, such as date and time of visits, the pages viewed, time spent at our Web Site
• Billing information, e.g. credit card number and payment details
• Purchase history, e.g. purchases you have made, when your subscriptions expire or renew

In the course of identifying IP infringements or fraudulent activity and in pursuing related enforcement action, we also record data relating to alleged or actual criminal offenses.

HOW DO WE TREAT WHOIS DOMAIN NAME REGISTRATION INFORMATION?

WHOIS is a list of all registered domains, which is maintained by registrars in accordance with the procedures set out by the Internet Corporation for Assigned Names and Numbers (ICANN).

If you register a domain your personal data is shared with registries and selected organisations for important lawful purposes, such as brand protection, facilitating cyber security, combatting fraud and SPAM, and confirming domain name ownership and availability.

If you register a domain with MarkMonitor Inc. (as data controller) or any other ICANN-accredited registrar, you are required to provide your name and contact details (“Registrant Information”). This personal data is shared with registries and with third parties who have a reasonable need to view it (e.g. brand protection, cyber security, fraud prevention).

How WHOIS information is used

MarkMonitor relies on legitimate interests to process Registrant Information. We process Registrant Information for the following purposes:

• Registrar Administration: we administer and maintain a register of domain names managed by MarkMonitor
• Brand Protection: to prevent, detect and investigate fraud and intellectual property infringements on behalf of our clients
• Update the Public WHOIS Database: to support cyber-security and IP infringement activities (amongst other things), members of the public who search to see who owns your domain will be able to see your organisation, state/province and country.
• Update WHOIS registries: we disclose Registrant Information to a Registry and an Escrow Agent in accordance with the terms of our Registrar Accreditation Agreement with ICANN. The personal data they hold may be searched by third parties who have demonstrated to the registrars that they have a need to see it (e.g. to support cyber security and IP infringement activities). We may search Registrant Information collected by other registrars for brand protection purposes.
• Contact: we may use Registrant Information to contact you if there is a query relating to your domain name

MarkMonitor has carried out legitimate interests assessments to confirm that the public interest in processing Registrant Data as described above is not outweighed by the rights and freedoms of registrants. For further information, please contact data.privacy@clarivate.com.

Your Consent to Additional Disclosure

You may wish us to make your name and contact details public on WHOIS registries, to make it easier for others to contact you in relation to your domain name. You will need to provide your explicit consent (strictly optional) in order for us to do this. Contact data.privacy@clarivate.com for further information.

Access and Correction of WHOIS Information

You may access and correct WHOIS information in accordance with data protection laws by contacting data.privacy@clarivate.com. You should also be aware of your other rights in relation to personal data.

Other Information

We transfer your information internationally and retain it as further described in this Privacy Statement.

HOW DO WE USE PERSONAL DATA?

This section sets out the purposes for which we use personal data and the legal grounds for processing that personal data.

We use your personal data to provide you with the information or content that you have requested, and, in some cases, to contact you about our programs, products, features or for other purposes that are in our legitimate interests, as well for compliance purposes. Further information is set out below.

We are required by law in Europe to explain in this Privacy Statement the legal grounds on which we rely to process your personal data. We process personal data about you when:

• it is necessary for our or a third parties’ legitimate interests: details of those legitimate interests are set out below and, specifically for WHOIS domain name registrant information, also here.
• where you give us your consent: we collect consent in only limited circumstances, e.g. for marketing or, if you choose it, for the publication of your name and contact details on the WHOIS database as part of your domain name registration. If we do ask for your consent, we will make it clear that we are asking for consent and collect it separately.
• it is necessary to comply with a legal or regulatory obligation (e.g., to respond to a court order or a regulator)

Where we process data relating to actual or alleged criminal offenses, we do so because the processing is authorised by law providing for appropriate safeguards for the rights and freedoms of data subjects.

For further information on the legal grounds that we rely on in relation to any particular processing of your personal data, please contact data.privacy@clarivate.com.

WHAT ARE OUR LEGITIMATE INTERESTS IN USING INFORMATION?

Our legitimate interests in processing personal data are mainly customer and product administration, provision and improvement of our services, domain name registration, protection of legal rights, and marketing. More detailed information about these legitimate interests is set out below for all information and, specifically for WHOIS data, in the WHOIS section above.

• Customer and Product Administration: to create your account, provide you with the information, content, products or services that you have requested, provide user and technical support, enforce our terms of business, invoice, administer our relationship with you generally and communicate with you about your account and subscription
• Domain registration and transfers: to register or transfer domain names, on behalf of our clients, including as described here
• Brand Protection and Fraud Prevention: to prevent, detect and investigate fraud and intellectual property infringements on behalf of our clients
• Product Development: to deliver personalized functionality in our services, such as your saved searches. We also analyze product usage information to understand which content and tools are most useful for users.
• Web Site Analysis and Personalisation: We use information collected on our Web Site in aggregate to better understand your use of the Web Site and to enhance your enjoyment and experience. For example, we may use the information to improve the design and content of our Web Site and to analyse the programs and services that we offer.
• Marketing: to send you marketing communications about events, white papers, and information about our services which may interest you. Your choices in relation to marketing are explained here.
• Security and Crime Prevention: to prevent fraud or criminal activity, misuses of our Web Site as well as the security of our IT systems, architecture and networks
• Legal Rights: to exercise our rights, and to defend ourselves from claims and to comply with laws and regulations that apply to our group or third parties with whom we work

We balance our and third parties’ legitimate interests against your interests, fundamental rights and freedoms when processing personal data on the basis of legitimate interests. For more information about the balancing exercises we have carried out, please contact us data.privacy@clarivate.com.

MARKETING

We may send you marketing communications about white papers and events. We may also contact you about our programs, products, features or services that may interest you. If you do not wish to receive marketing information from us, you can email marketing@markmonitor.com with “unsubscribe” in the subject line; or follow the “unsubscribe” link provided in the e-mail that you receive.

You have the right to opt out of receiving direct marketing.

Our e-mail marketing communications include an unsubscribe link which allows you to opt out of receiving any future marketing e-mails. You may also opt out of e-mail marketing by contacting us at marketing@markmonitor.com with “unsubscribe” in the subject line.

Please note that even after you opt out of receiving e-mail marketing communications, we may still send you service communications relating to your account and subscriptions. We may still contact you regarding your use of our Web Site.

WHO DO WE SHARE PERSONAL DATA WITH?

We share personal data with our employees, third party service providers, partners and in accordance with law. Our third-party service providers are contractually required to protect personal data in a manner that is consistent with this Privacy Statement. We share your information for the purposes set out in this Statement, with the following categories of recipients: • the account administrator, in the case of corporate or shared subscriptions. • service providers who process personal data on our behalf, such as cloud computing providers and web analytics services. • registry operators and data escrow agents where you purchase, transfer, or cancel a domain name • professional advisors such as legal counsel and information security professionals where reasonably required to protect our rights, users, systems and our Web Site • government agencies, law enforcement, courts and other public authorities where we have a duty to or are permitted to disclose your personal data by law • prospective buyers, sellers, advisers or partners in relation to any sale, merger, acquisition, restructure, joint venture, assignment, transfer or similar corporate event, in which case we may disclose your personal data to and your data may be a transferred asset in a business sale We may also provide access to your personal data when legally required to do so, to cooperate with police investigations or other legal or enforcement proceedings, to protect against misuse or unauthorized use of our Web Site, to limit our legal liability and protect our rights, or to protect the rights and safety of visitors to this Web Site or the public. In those instances, the information is provided only for that limited purpose.

DATA SECURITY

We take reasonable steps to maintain the security of the personal data that we collect, including limiting the number of people who have physical access to our database servers, as well as installing electronic security systems that guard against unauthorized access. However, no data transmission over the Internet can be guaranteed to be completely secure. Accordingly, we cannot ensure or warrant the security of any information that you transmit to us, so you do so at your own risk.

INTERNATIONAL TRANSFER OF INFORMATION

MarkMonitor is a global business and your personal data may be transferred to and processed in countries with different privacy and data protection laws, including the United States. Where we transfer personal data internationally we ensure that appropriate safeguards in accordance with data protection laws are in place, which include standard contractual clauses or cross-border privacy frameworks like EU-U.S. Privacy Shield. More information about these safeguards (including copies, where relevant) can be obtained by contacting us at data.privacy@clarivate.com This Web Site is operated in the United States and information collected by this Web Site is processed in the United States. We are a global business and may disclose or transfer your personal data within MarkMonitor or to third parties in areas outside of your home country, including to countries that have not been declared adequate for the purposes of data protection by the European Commission (e.g. the United States). If we transfer your personal data internationally, we implement appropriate safeguarding measures (typically contracts) in accordance with applicable law to protect your personal data. If you would like copies of any relevant safeguarding measures, please contact us at data.privacy@clarivate.com.

HOW LONG DO WE KEEP PERSONAL DATA FOR?

We store your personal data throughout your relationship with us and retain it only for as long as necessary to fulfil the purposes for which it was collected. In some cases, we may retain your personal data to satisfy legal or regulatory obligations.

MarkMonitor retains personal data in accordance with its retention policy. The period for which we retain your information varies depending on your relationship with us and the purposes for which it was collected. Our retention policy set out how we determine the appropriate length of time to retain different types of information.

We consider the following criteria when determining our retention periods:

• the length of time necessary to fulfil the purposes we collected it for
• the date on which services you or the account administrator terminated the services or subscription
• whether our duties and obligations require us to retain information for a certain period
• any relevant period of limitation within which claims must be made
• any periods set down by law or recommended by regulators, or associations (including ICANN)
• the existence of any relevant claims or proceedings

COOKIES

Like many other Web Sites, this Web Site uses cookies, web server logs and third party services like Google Analytics to deliver you a better experience and to understand how our Web Site is used.

Cookies/ Web server logs: Similar to other commercial Web Sites, our Web Site utilizes standard technology called "cookies" and Web server logs to collect information about how our Web Site is used. Cookies are a feature of Web browser software that allows Web servers to recognize the computer used to access a Web Site. Cookies are small pieces of data that are stored by a user's Web browser on the user's hard drive. Information gathered through cookies and Web server logs may include the date and time of visits, the pages viewed, time spent at our Web Site, and the Web sites visited just before and just after our Web Site. This information is analysed on an aggregate basis.

You can, of course, disable cookies on your computer by indicating this in the preferences or options menus in your browser. However, it is possible that some parts of our Web Site will not operate correctly if you disable cookies. You should consult with your browser's provider/manufacturer if you have any questions regarding disabling cookies.

Third Party Services: We may use services hosted by third parties, such as Google Analytics, to assist in providing our services and to help us understand how our Web Site is used. These services may collect information sent by a browser as part of a web page request, including IP addresses or cookies. These third-party services collect information in the aggregate to provide information helpful to us such as Web Site trends, without identifying individual visitors to us. Please see "Cookies" in the section above for information on how you can control the use of cookies on your computer.

LINKS

This Web Site contains links to third party sites. Please be aware that MarkMonitor is not responsible for the privacy practices of any third-party sites. Therefore, we encourage our users to read the privacy statement of each and every Web Site that collects personal data.

CHILDREN

Protecting children's privacy is important to us. For that reason, we do not collect or maintain information from those we actually know are under the age of 16, nor is our Web Site nor our products and services targeted to attract anyone under 16. We request that all visitors to our Web Site who are under 16 not disclose or provide any personal data. If we discover that a child under 16 has provided us with personal data, we will delete that child's personal data from our records.

YOUR RIGHTS

You may have rights under European and other laws to have access to the information we hold about you, and to request that we correct, erase or restrict our use of your information. In some cases, you may also have the rights to object to or withdraw your consent to our use of your information, and to request a transfer of information you have provided to us. Further information on how to exercise your rights is set out below.

We will respect the rights afforded to you under applicable data protection laws. You have the following rights under European laws and may have similar rights under the laws of other countries. The following rights are not absolute and do not apply in all cases.

• Right of subject access: The right to request, in writing, a copy of your personal data and details about the processing of that information.
• Right to rectification: The right to have inaccuracies in your personal data corrected or removed
• Right to erasure ('right to be forgotten'): The right to your personal data erased
• Right to restriction of processing: The right to limit the use of your personal data to specific purposes
• Right to opt out of marketing: You may opt out of marketing communications via the unsubscribe links in our communications with you or by contacting us at marketing@markmonitor.com with “unsubscribe” in the subject line.
• Right to object: Where our processing is necessary for our or a third party’s legitimate interests or for the performance of a task carried out in the public interest, you have the right to object our processing of your personal data
• Right to data portability: The right to request that we transfer personal data you have provided to us to you or a third party in machine-readable format
• Right to withdraw consent: The right to withdraw your consent to our use of your personal data. Your withdrawal of consent, however, does not affect the lawfulness of any prior use of your personal data.

When responding to your request, we may ask you to verify your identity or provide information to help us better understand your request. We will provide you with explanation, where we are unable to comply with your request in whole or in part.

In order to exercise your rights please contact us at privacy.inquiries@markmonitor.com.

HOW TO CONTACT US

Please contact us at data.privacy@clarivate.com or at Privacy Inquiries, MarkMonitor, Friars House, 160, Blackfriars Rd, London SE1 8EZ, United Kingdom if you have any questions or complaints about this Privacy Statement or in relation to our processing of personal data.

[If you wish to contact our Data Protection Officer, please email: data.privacy@clarivate.com with “FAO MM DPO” in the subject line or write to: FAO Data Protection Officer, MarkMonitor, Friars House, 160, Blackfriars Rd, London SE1 8EZ.]

In the European Economic Area, you have the right to complain to a privacy supervisory authority. The relevant supervisory authority is the one in the country or territory where:

• you are resident,
• you work, or
• the alleged infringement took place.

The National Data Protection Authorities in the European Economic Area are listed here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.

UPDATES TO THIS STATEMENT

This Statement may be updated from time to time. Any material future changes or additions to the processing of personal data as described in this Statement affecting you will be communicated to you through an appropriate channel. Generally, we will also place a prominent notice on our Web Site or contact to inform you of the material changes in the updated Statement.