UPDATED: November 4, 2021
(previous version updated September 2020)
Following are the privacy policies covering our marketing website and customer platform:
Corporate Marketing Website (Website)
TMT DIGITAL, INC. d/b/a The Media Trust (“TMT”) respects the privacy of all visitors to its public website, www.mediatrust.com (“Website”). This Privacy Statement (“Statement”) explains how TMT collects, uses, stores and protects the information that we collect from our Website, as well as your rights and choices regarding the information that we collect.
TMT is a U.S.-based company with domestic and international business clients. As a result, information that we collect on our Website, including personal information, may be transferred to our U.S. offices to permit us to comply with our legal and contractual obligations, to provide information and services to prospective and current clients, and to perform related business activities. In addition, we may work with third-party service providers in the U.S. and in other countries to support our business activities. Thus, personal information may be transferred to, stored on servers in, and accessed from the United States and countries other than the country in which the information was initially collected. In all such instances, we use, transfer, and disclose personal information solely for the purposes described in this Statement.
If you have any questions or concerns about this Statement or about TMT’s privacy and data security practices, please contact us at email@example.com.
Information Collection Not Covered by this Statement
This Statement also does not apply to personal information that we collect and use for employment-related purposes, whether through this website or through a website operated on our behalf by a third-party service provider.
What TMT Means by “Personal Information”
For purposes of this Statement, “Personal Information” means any information from or about a person that either identifies that person directly or that makes that person identifiable when it is combined with other information from or about that person from any source. Personal Information stops being personal information when it has been aggregated, deidentified, or otherwise anonymized sufficiently that the individual is no longer identified or identifiable using reasonable efforts, resources, and technology.
Information that We Collect From and About You
Categories of Personal Information that We Collect on the Website
- Email addresses
- Telephone numbers
- Business contact information, including names, email addresses, business addresses, telephone numbers, company name or business affiliation, and title.
- User IDs and passwords
- Personal information that you choose to share with us voluntarily when you ask a question, request follow-up, or otherwise interact with us
- Identifiers of devices used to access the Website
- Locations of devices used to access the Website
Information that You Provide to Us Voluntarily:
If you choose to communicate with us through an online form, send us an email, or otherwise contact us, we will collect whatever information, including personal information, that you choose to provide us with.
Information that We Collect Automatically When You Visit Our Website
Our Website automatically creates logs regarding user sessions that contain information about the features that you use, the actions that you take, and the information that you access. When your session ends, TMT only retains the information in a statistical and aggregated format (non-personal information) that we use for research purposes, assessing the effectiveness of our Website, and improving user experience.
Cookies are small pieces of information transferred to your computer’s hard drive through your web browser to enable our systems to recognize your preferences and settings. Cookies collect information such as the type of search engine used, the sections of the website visited, and other website usage information. Most browsers automatically accept cookies, and you may manually disable them. For more information on disabling cookies, go to the “help” menu on your browser. The Website may still be viewed if you choose to disable cookies, but your use and enjoyment of the website may be adversely affected.
We use session cookies for website use and function, and those cookies expire at the end of the session. We use persistent cookies, but only to identify existing TMT clients when they visit our Client Website. TMT may retain information from the session and persistent cookies in a statistical and aggregated format (non-personal information) for research purposes, assessing the effectiveness of our Website, and improving user experience.
We use Google Analytics to collect and assess information about user activities on our website to improve our Website and user experience. That information includes device/operating system, geography, page visited, length of page view, referring page, exit page and more. [We limit the information we collect and use from Google Analytics by customizing our implementation to not track traditional personal-identifying information. We collect and retain information from Google Analytics in a statistical and aggregated format (non-personal information) for research purposes, assessing the effectiveness of our Website, and improving user experience. For more information about Google Analytics and your options with regard to the data it collects, see Google Analytics.
We previously used (July 2019-June 2020) TechTarget Inbound Converter to collect and assess information about user activities on our website to improve our Website and user experience We limit the information we collect and use from TechTarget Inbound Converter to non personal-identifying information. We collect and retain information from TechTarget in an account-based format (non-personal information) for research purposes, assessing the effectiveness of our Website, improving user experience, and establishing account relationships. For more information about TechTarget and your options with regard to the data it collects, see TechTarget Priority Engine Inbound Converter.
Information that We Collect From Other Sources
TMT does not collect personal information from or about you from third parties, or combine information from other sources with the information described in this Statement.
Why We Collect Information From and About You
TMT does not collect, use, share, or disclose your personal information for anything other than the following lawful purposes:
To establish and maintain contractual relationships with our clients
- To establish relationships with new clients To fulfill our obligations to current clients
- To contact clients regarding account-related issues and business communications, including technical notices, updates, security alerts, and administrative messages
- To enable individuals to access and use our Services
To comply with our legal obligations:
- To demonstrate compliance with applicable privacy and data security law
- To comply with incident monitoring, reporting, assessment, and notification requirements
- To comply with other applicable criminal and civil law and regulatory requirements under federal, state, and international law
To provide services and information that you request to receive:
- To provide customer service and support
- To communicate with you, including responding to your comments, questions, and requests
- To process and complete transactions, and send you related information, including purchase confirmations and invoices
- To provide direct marketing, email, and other distributed information distribution
To fulfill our other legitimate interests to the extent that they are not overridden by individual interests, fundamental rights, or freedoms:
- To administer, operate, maintain, and secure our website and Services
- To monitor and analyze trends, usage, and activities in connection with our Services
- To investigate and prevent fraudulent transactions, unauthorized access to our Services, and other illegal activities
- To verify compliance with our internal policies and procedures For accounting, recordkeeping, backup, and administrative purposes
- To customize and improve the content of our communications, websites, and social media accounts
- To provide information and education
- To provide, operate, maintain, improve, personalize, and promote our business
- To develop new products, services, features, and functionality
- To market our products and services (first-party marketing only; we do not provide personal information to third parties for use in marketing any non-TMT goods or services)
To the greatest extent possible, we will use aggregated, deidentified, or otherwise anonymized data to accomplish these purposes, but if we do not, or if we combine it with Personal Information we will continue to treat personal information in accordance with this Privacy Statement.
TMT Information Sharing and Disclosure
Except to the extent necessary to fulfill our business obligations, to accomplish one of the lawful purposes described in this Privacy Statement, or pursuant to your express instructions, we do not sell, transfer, or otherwise disclose personal information that we collect from or about you.
With your express consent: In the course of delivering contracted services, we will share your personal information with companies, organizations, or individuals outside of TMT when we have your prior express consent to do so.
When You Choose to Directly Share Your Information About Our Website or Your Usage of It: When you use our Website, certain features allow you to make some of your usage and content accessible to the public, directly or through social media platforms. We urge you to consider the sensitivity of any information prior to sharing it publicly or with other users.
When Necessary to Comply with Laws and Law Enforcement Requests or Otherwise to Protect TMT, Its Clients, and Individuals We may disclose your information (including your personal information) to a third party if:
- We believe that disclosure is reasonably necessary to comply with any applicable law, regulation, legal process, or governmental request;
- To enforce our agreements, policies and terms of service;
- To protect the security or integrity of TMT’s products and services; To respond to an incident involving personal data for which TMT has direct or indirect responsibility
- To protect the property, rights, and safety of TMT, our clients, or the public To prevent harm or illegal activities
- To respond to an emergency which we believe in the good faith requires us to disclose information to assist in preventing the death or serious bodily injury of any person; or
- To investigate and defend ourselves against any third-party claims or allegations.
As the Result of a Business Transition:
We may share or transfer your information (including your personal information) in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company. We will take reasonable steps to assure that any other entity involved continues to comply with the terms of this Privacy Statement. We will notify you of such a change in ownership or transfer of assets by posting a notice on our website.
Sharing Aggregate, Anonymized, Deidentified, or Otherwise Non-Personal Data:
We may share personal information that has been aggregated, deidentified, or otherwise anonymized and thus does not directly or indirectly identify you and that cannot, with reasonable efforts, resources, and technologies, be used to reidentify you. Such aggregated, anonymized, deidentified, or otherwise not re-identifiable information is not personal information within the scope of this Privacy Statement or applicable privacy laws.
Your Control Over Information that We Collect from and About You
- You may decline to share certain personal information with us, in which case we may not be able to provide you with some of the features and functionality of our Website or fulfill your requests.
- You may decline to accept cookies, but that decision may affect the functionality and performance of our Website.
- You may update or correct your personal information at any time by accessing the account settings page on the Website.
- You may opt out of receiving TMT promotional communications by using the unsubscribe link within each email. Note that, as long as you maintain an account with us, you will continue to receive administrative messages from us regarding the Services.
- You may request information about, and access to, the personal data that we collect from you.
- You may ask questions or make complaints about our privacy and data security practices with regard to your personal data.
- You may request that we delete information that we have collected about you.
- You may ask us for a copy of the information that we collected from you. To exercise any of these options or for additional information about our privacy and data security practices, contact us at firstname.lastname@example.org.
TMT uses reasonable organizational, technical, and administrative measures to provide a level of security appropriate to the risk associated with the personal information that we collect. We protect personal information under our control against — and require our service providers to also protect against – accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to, personal data that is transmitted, stored, or otherwise processed. Only authorized employees have access to the data you provide, and that access is limited to least privilege, need to know access. All TMT employees who have access to the data you provide have agreed to maintain the confidentiality of that information. Unfortunately, no data transmission over the Internet or data storage system can be guaranteed to be 100% secure. If you have concerns about the security of your information with TMT, please contact us immediately at email@example.com.
TMT retains information only as long as necessary to accomplish the business purpose for which it was collected and to comply with its legal and contractual obligations, plus 1 year, and then securely disposes of that information or convert it into non-personal information by aggregating it, de-identifying it, or otherwise anonymizing it so that it does not directly or indirectly identify you and cannot, with reasonable efforts, resources, and technologies, be used to reidentify you..
Our Website, and the services we provide to our clients, are not directed to or intended for individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that a child under the age of 16 has provided us with personal information, we will take steps to delete such information. If you become aware that a child under the age of 16 has provided us with personal information, please contact us at firstname.lastname@example.org.
California Privacy Rights
California Civil Code Section 1798.83 permits Website users who are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please contact us at email@example.com.
This policy applies to information that TMT Digital, Inc dba The Media Trust (“TMT”) processes on behalf of our business customer (“customer(s),” “consumers,” or “your Organization”) and their end-users (“You”) via our client-specific services platform at www.themediatrust.com, (“Client Website”). Our use of this information is restricted by our agreements with our customers. This policy is meant to articulate how we enable and safeguard privacy.
At its core, TMT does not collect or process any personal identifying information (“PII”) and when such information is visible to TMT systems, we make every effort to obfuscate and sanitize this information to eliminate any PII from being collected or stored. The exception would be for named users of your Organization who have system accounts for the purpose of interacting with our Services on behalf of your Organization.
This policy applies to the personal information made available by our customers and partners and through the use of TMT Client Website. All TMT employees, partners, customers, and vendors, who have access to and are responsible for processing personal information in Services, are subject to this policy.
Our Products and Services are intended for use by organizations, and administered to you by your Organization, and are subject to your Organization’s policies, if any.
This policy applies to the limited personal information we may collect and use for our own purposes as a data controller in connection with user authentication into TMT Services and user experience (UX) research, and it covers personal information we process on behalf of your Organization as a data processor through the use of TMT Services received by your Organization from TMT’s Operations Team. It’s primarily your Organization, as the data controller, that controls what personal information about you that we collect and how we use it.
If you have privacy related questions or concerns about how your Organization’s privacy practices or the choices your Organization has made to share your information with us or any other third party, you should refer to your Organization’s privacy policies, and reach out to the individual(s) who manage the TMT vendor relationship at your Organization.
TMT would not be responsible for the privacy or security requirements of our Customers outside of the services we provide; which may differ from those set forth in this policy.
If you have any questions about this policy, please reach out to the TMT team using the “Contact Us” section of this policy.
2. What we collect, why, and how we use it
At TMT we take the security of personal information very seriously. We have established industry best practice security measures designed to ensure personal information is safeguarded and accessed by those only with a need to know. We collect personal information directly from our customers in connection with the use of TMT Services. The Services collect information from our customer’s digital properties, and that information is used to facilitate the delivery of our Services to our customers, including monitoring the assets, providing support, and for TMT’s own analytics and product improvement purposes (“Usage Data”) as mentioned in Table 1.1 below.
Information collected or shared via third party sources:
Our third party providers (also known as ‘subprocessors’) only receive personal information about our customers for the limited purposes of providing us with their services. When we engage a third party who will need access to process personal information as part of their services provided to TMT, we ascertain that the third party is capable and obligated to provide at least the same level of data privacy and security protections we hold ourselves to. Examples of those third parties include, but are not limited to:
- Email delivery;
- Customer collaboration and communications solutions;
- Software development and analytics solutions;
- Application log aggregation systems; and
- Cloud infrastructure services.
Our third parties are contractually required to notify us if they can no longer meet the expected level of protections required to safeguard personal info. We still monitor compliance of our subprocessors, pursuant to our third-party security assessment procedures, depending on the nature of the services being provided.
Our subprocessor list can be requested via Contact Us.
Information collected via cookies:
Personal information may be collected via cookies and tracking technologies embedded within Services. Cookies are small pieces of information that a website sends to your computer’s hard drive while you are viewing the website. We use tracking cookies, such as Google Analytics and Hotjar, to record the Services’ user activity and report on what pages and features users utilize.
Do not track browser settings:
Some Internet browsers like Firefox, Internet Explorer, and Safari include the ability to transmit “Do Not Track” or “DNT” signals. Since uniform standards for “DNT” signals have not been adopted, we do not currently process or respond to “DNT” signals. To learn more about “DNT”, please visit “All About Do Not Track“.
4. Legal grounds for processing personal information
When the law allows us to, TMT will only use personal information that is tied specifically to our customer (i.e., the entity with whom we have a business/contractual relationship with, and with whom an employee at that entity has an employment contract). This means that in most cases we are collecting and processing personal information on behalf of your organization.
TMT’s legal grounds for collecting and using personal information will depend on the individual from whom the personal information is collected, the actual personal information concerned, and the specific context in which we collect it.
Note that we may process personal information for more than one legal basis depending on the specific purpose for which we are using data.
Usually, we collect personal information in the following circumstances:
Where the collection of personal information is needed for the performance of a contract we are about to enter into or have entered into with you.
- Where the processing of the personal information is in our legitimate interests and the interests and fundamental rights of the individual do not override those interests.
- Where we need to comply with a legal or regulatory obligation.
- Where the collection of personal information is required for the vital interests of the individual or another person.
In limited cases where we may rely on consent (i.e., receiving consent from you or any customer representative who registers for a TMT Services account), you have the right not to provide consent or to withdraw consent at any time. Withdrawing consent will not affect the lawfulness of any processing we conducted prior to withdrawal, nor will it affect the processing of personal information conducted in reliance on lawful processing grounds other than consent.
5. We go to great lengths to keep personal information safe
We use industry best practices that are the most appropriate administrative, organizational, technical and physical measures designed to protect the personal information that our customers provide to us. For example, TMT employs at various points in our infrastructure logical and physical access controls, encryption, firewalls, intrusion detection and network monitoring, and secure development practices.
Only authorized personnel have access to the personal information you provide, and each TMT employee with access to personal information is obligated to maintain its integrity and confidentiality.
If you have reason to believe that your interaction with us is no longer secure, you should immediately contact us.
6. Your data privacy rights and choices
TMT respects you and your privacy and data protection rights. Depending on where you live, the kinds of personal information we’ve collected about you, and the nature of how we process it, you’ll be able to exercise certain rights over your personal information based on regulations and laws that apply.
Residents of the European Economic Area (EEA), the United Kingdom, and Switzerland:
TMT responds to only verifiable privacy requests received from individuals who wish to exercise their privacy and data protection rights in accordance with the European Union General Data Protection Regulation (EU GDPR).
In relation to the personal information we are responsible for as a data controller in our Services (as referenced in Table 1.1.), if you would like to have your personal information corrected, updated, restricted, or deleted, please submit a privacy request via the contact us link on our web site www.mediatrust.com.
We prefer to answer your questions, requests, and concerns about how we handle personal information directly. We will make good faith efforts to honor reasonable requests submitted to us. You do have the right to lodge a complaint with EU Data Protection Authorities (DPAs) about TMT’s collection and use of your personal information. For the contact information of the Data Protection Authorities for each European Union Member State, please click here.
California residents rights under the California Consumer Privacy Act (‘CCPA’):
TMT operates as a Business to Business (‘B2B’) cyber security operations company, and the CCPA provides consumers (California residents) with specific rights regarding the processing of their personal info. TMT only responds to verifiable requests received from individuals who wish to exercise their privacy and data protection rights in accordance with applicable data protection laws. When contacting us, please provide us with detailed information about the personal information requesting we correct, update, amend, or remove, and the timeframe and manner in which we came to collect your personal info.
We will not sell, trade, or rent personal information of a California resident. Specific to the personal information we are responsible for as a data processor in our Services, if you would no longer like to be contacted by one of our customers or would like to have your personal information corrected, updated, amended, or removed, please contact our TMT customer (“the data controller”) directly. Requests submitted via our contact us link, which pertain to personal information we hold as a data processor, will be deferred to your Organization.
TMT will not discriminate against you or our customers (e.g., through denying Services, or providing a different level or quality) for exercising any of the privacy and data protection rights afforded to you.
Subject to exceptions, we can receive requests for disclosure or deletion of personal information that we handle as a Data Controller. Requests may be submitted via the contact us link on our web site.
If TMT obtained your personal information via a third party acting on your behalf, you should contact the company/entity or person you provided your information to.
7. How long we keep personal info
We keep your personal information only for as long as it is warranted to provide our Services, fulfill our commitments to your Organization, and/or adhere to legal or regulatory requirements. Certain personal information may be kept and archived beyond our relationship or the end of our Services, as required for legitimate interests such as recordkeeping, backing up Services data, statistical insights/metrics for product enhancement purposes, for example. Notwithstanding outside legal, regulatory, or contractual restrictions, TMT will retain the following Services and Services data based on the schedule outlined below:
- We retain malware incident data for the contract life of each customer, except for data that is required to provide context for investigations and incidents, in which case that will be retained for up to the life of the Agreement
- Malware incident data includes all investigative findings, derived data, comments, timeline, etc.
- Derived Media Filter data (blocks or notifications) – 24 months from the time of collection, or 30 days after termination of Agreement, whichever comes first
- Insights/statistical data – TMT can retain this data indefinitely
TMT adopts a data minimization approach when it comes to personal information that we retain beyond one (1) year. When personal information is deemed expired, no longer needed, and does not have to be retained, we follow industry best practices with the secure deletion, destruction, and anonymization of personal data, depending on what method is systematically and procedurally possible, most secure, and what our related retention commitments are. As retention periods lapse, we use automated processes through periodic audits to identify and securely delete personal info. If automated deletion is not possible, secure manual deletion may be performed.
8. International data transfers
Personal information may be transferred, stored, and processed by us or our third party vendors in countries whose data protection laws and regulations may be different to those of your country.
TMT only permits cross border (‘international’) transfers of personal information made between countries or regions when supported by an appropriate legal agreement or an alternative provision that ensures sufficient safeguards and obligations to personal information rights are commensurate. The sufficiency of these agreements and provisions depend on the countries or regions the personal information is transferred from and to. Examples of agreements and provisions that may be suitable for transfers (depending on the nature of the international exchange) include, but are not limited to, the following:
- The nation or region where personal information is transferred from recognizes the nation or region where personal information is transferred to as having adequate protections in place.
- Standard data protection clauses are established.
- An approved code of conduct is in place that is paired with binding and enforceable commitments set upon the organization in the third country.
- An approved certification mechanism (e.g., a safe harbor such as the Privacy Shield in the U.S.) is in place that is paired with binding and enforceable commitments set upon the organization in the third country.
9. Children’s privacy
We do not knowingly collect information relating to children. If we learn that we have collected personal information from an individual deemed to be under the age of 16, we will take appropriate measures to investigate and address the issue promptly. The use of our Services are specifically for delivering cyber security operations solutions to businesses and not children.
Changes to this Privacy Statement
Questions, Complaints, and Additional Information
If you have questions, complaints, or concerns about this Privacy Statement, your personal information, or our use and disclosure practices, or you wish to exercise your options as described in this Privacy Statement, please contact us at firstname.lastname@example.org.
TMT Digital, Inc.
Attn: Security and Privacy Team
PO Box 8056
McLean, VA 22106