UPDATED: July 28, 2023
To detail GDPR Legitimate Interest requirements. (previous version updated November 2021)
Following are the privacy policies covering our marketing website and customer platform:
- Corporate Marketing Website (Website)
- Legal grounds for processing personal information (Consumer)
Corporate Marketing Website (Website)
TMT DIGITAL, INC. d/b/a The Media Trust (“TMT”) respects the privacy of all visitors to its public website, www.mediatrust.com (“Website”). This Privacy Statement (“Statement”) explains how TMT collects, uses, stores and protects the information that we collect from our Website, as well as your rights and choices regarding the information that we collect.
TMT is a U.S.-based company with domestic and international business clients. As a result, information that we collect on our Website, including personal information, may be transferred to our U.S. offices to permit us to comply with our legal and contractual obligations, to provide information and services to prospective and current clients, and to perform related business activities. In addition, we may work with third-party service providers in the U.S. and in other countries to support our business activities. Thus, personal information may be transferred to, stored on servers in, and accessed from the United States and countries other than the country in which the information was initially collected. In all such instances, we use, transfer, and disclose personal information solely for the purposes described in this Statement.
If you have any questions or concerns about this Statement or about TMT’s privacy and data security practices, please contact us at email@example.com.
Information Collection Not Covered by this Statement
This Statement also does not apply to personal information that we collect and use for employment-related purposes, whether through this website or through a website operated on our behalf by a third-party service provider.
What TMT Means by “Personal Information”
For purposes of this Statement, “Personal Information” means any information from or about a person that either identifies that person directly or that makes that person identifiable when it is combined with other information from or about that person from any source. Personal Information stops being personal information when it has been aggregated, deidentified, or otherwise anonymized sufficiently that the individual is no longer identified or identifiable using reasonable efforts, resources, and technology.
Information that We Collect From and About You
Categories of Personal Information that We Collect on the Website
- Email addresses
- Telephone numbers
- Business contact information, including names, email addresses, business addresses, telephone numbers, company name or business affiliation, and title.
- User IDs and passwords
- Personal information that you choose to share with us voluntarily when you ask a question, request follow-up, or otherwise interact with us
- Identifiers of devices used to access the Website
- Locations of devices used to access the Website
Information that You Provide to Us Voluntarily:
If you choose to communicate with us through an online form, send us an email, or otherwise contact us, we will collect whatever information, including personal information, that you choose to provide us with.
Information that We Collect Automatically When You Visit Our Website
Our Website automatically creates logs regarding user sessions that contain information about the features that you use, the actions that you take, and the information that you access. When your session ends, TMT only retains the information in a statistical and aggregated format (non-personal information) that we use for research purposes, assessing the effectiveness of our Website, and improving user experience.
Cookies are small pieces of information transferred to your computer’s hard drive through your web browser to enable our systems to recognize your preferences and settings. Cookies collect information such as the type of search engine used, the sections of the website visited, and other website usage information. Most browsers automatically accept cookies, and you may manually disable them. For more information on disabling cookies, go to the “help” menu on your browser. The Website may still be viewed if you choose to disable cookies, but your use and enjoyment of the website may be adversely affected.
We use session cookies for website use and function, and those cookies expire at the end of the session. We use persistent cookies, but only to identify existing TMT clients when they visit our Client Website. TMT may retain information from the session and persistent cookies in a statistical and aggregated format (non-personal information) for research purposes, assessing the effectiveness of our Website, and improving user experience.
We use Google Analytics to collect and assess information about user activities on our website to improve our Website and user experience. That information includes device/operating system, geography, page visited, length of page view, referring page, exit page and more. [We limit the information we collect and use from Google Analytics by customizing our implementation to not track traditional personal-identifying information. We collect and retain information from Google Analytics in a statistical and aggregated format (non-personal information) for research purposes, assessing the effectiveness of our Website, and improving user experience. For more information about Google Analytics and your options with regard to the data it collects, see Google Analytics.
We previously used (July 2019-June 2020) TechTarget Inbound Converter to collect and assess information about user activities on our website to improve our Website and user experience We limit the information we collect and use from TechTarget Inbound Converter to non personal-identifying information. We collect and retain information from TechTarget in an account-based format (non-personal information) for research purposes, assessing the effectiveness of our Website, improving user experience, and establishing account relationships. For more information about TechTarget and your options with regard to the data it collects, see TechTarget Priority Engine Inbound Converter.
Information that We Collect From Other Sources
TMT does not collect personal information from or about you from third parties, or combine information from other sources with the information described in this Statement.
Why We Collect Information From and About You
TMT does not collect, use, share, or disclose your personal information for anything other than the following lawful purposes:
To establish and maintain contractual relationships with our clients
- To establish relationships with new clients To fulfill our obligations to current clients
- To contact clients regarding account-related issues and business communications, including technical notices, updates, security alerts, and administrative messages
- To enable individuals to access and use our Services
To comply with our legal obligations:
- To demonstrate compliance with applicable privacy and data security law
- To comply with incident monitoring, reporting, assessment, and notification requirements
- To comply with other applicable criminal and civil law and regulatory requirements under federal, state, and international law
To provide services and information that you request to receive:
- To provide customer service and support
- To communicate with you, including responding to your comments, questions, and requests
- To process and complete transactions, and send you related information, including purchase confirmations and invoices
- To provide direct marketing, email, and other distributed information distribution
To fulfill our other legitimate interests to the extent that they are not overridden by individual interests, fundamental rights, or freedoms:
- To administer, operate, maintain, and secure our website and Services
- To monitor and analyze trends, usage, and activities in connection with our Services
- To investigate and prevent fraudulent transactions, unauthorized access to our Services, and other illegal activities
- To verify compliance with our internal policies and procedures For accounting, recordkeeping, backup, and administrative purposes
- To customize and improve the content of our communications, websites, and social media accounts
- To provide information and education
- To provide, operate, maintain, improve, personalize, and promote our business
- To develop new products, services, features, and functionality
- To market our products and services (first-party marketing only; we do not provide personal information to third parties for use in marketing any non-TMT goods or services)
To the greatest extent possible, we will use aggregated, deidentified, or otherwise anonymized data to accomplish these purposes, but if we do not, or if we combine it with Personal Information we will continue to treat personal information in accordance with this Privacy Statement.
TMT Information Sharing and Disclosure
Except to the extent necessary to fulfill our business obligations, to accomplish one of the lawful purposes described in this Privacy Statement, or pursuant to your express instructions, we do not sell, transfer, or otherwise disclose personal information that we collect from or about you.
With your express consent: In the course of delivering contracted services, we will share your personal information with companies, organizations, or individuals outside of TMT when we have your prior express consent to do so.
When You Choose to Directly Share Your Information About Our Website or Your Usage of It: When you use our Website, certain features allow you to make some of your usage and content accessible to the public, directly or through social media platforms. We urge you to consider the sensitivity of any information prior to sharing it publicly or with other users.
When Necessary to Comply with Laws and Law Enforcement Requests or Otherwise to Protect TMT, Its Clients, and Individuals We may disclose your information (including your personal information) to a third party if:
- We believe that disclosure is reasonably necessary to comply with any applicable law, regulation, legal process, or governmental request;
- To enforce our agreements, policies and terms of service;
- To protect the security or integrity of TMT’s products and services; To respond to an incident involving personal data for which TMT has direct or indirect responsibility
- To protect the property, rights, and safety of TMT, our clients, or the public To prevent harm or illegal activities
- To respond to an emergency which we believe in the good faith requires us to disclose information to assist in preventing the death or serious bodily injury of any person; or
- To investigate and defend ourselves against any third-party claims or allegations.
As the Result of a Business Transition:
We may share or transfer your information (including your personal information) in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company. We will take reasonable steps to assure that any other entity involved continues to comply with the terms of this Privacy Statement. We will notify you of such a change in ownership or transfer of assets by posting a notice on our website.
Sharing Aggregate, Anonymized, Deidentified, or Otherwise Non-Personal Data:
We may share personal information that has been aggregated, deidentified, or otherwise anonymized and thus does not directly or indirectly identify you and that cannot, with reasonable efforts, resources, and technologies, be used to reidentify you. Such aggregated, anonymized, deidentified, or otherwise not re-identifiable information is not personal information within the scope of this Privacy Statement or applicable privacy laws.
Your Control Over Information that We Collect from and About You
- You may decline to share certain personal information with us, in which case we may not be able to provide you with some of the features and functionality of our Website or fulfill your requests.
- You may decline to accept cookies, but that decision may affect the functionality and performance of our Website.
- You may update or correct your personal information at any time by accessing the account settings page on the Website.
- You may opt out of receiving TMT promotional communications by using the unsubscribe link within each email. Note that, as long as you maintain an account with us, you will continue to receive administrative messages from us regarding the Services.
- You may request information about, and access to, the personal data that we collect from you.
- You may ask questions or make complaints about our privacy and data security practices with regard to your personal data.
- You may request that we delete information that we have collected about you.
- You may ask us for a copy of the information that we collected from you. To exercise any of these options or for additional information about our privacy and data security practices, contact us at firstname.lastname@example.org.
TMT uses reasonable organizational, technical, and administrative measures to provide a level of security appropriate to the risk associated with the personal information that we collect. We protect personal information under our control against — and require our service providers to also protect against – accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to, personal data that is transmitted, stored, or otherwise processed. Only authorized employees have access to the data you provide, and that access is limited to least privilege, need to know access. All TMT employees who have access to the data you provide have agreed to maintain the confidentiality of that information. Unfortunately, no data transmission over the Internet or data storage system can be guaranteed to be 100% secure. If you have concerns about the security of your information with TMT, please contact us immediately at email@example.com.
TMT retains information only as long as necessary to accomplish the business purpose for which it was collected and to comply with its legal and contractual obligations, plus 1 year, and then securely disposes of that information or convert it into non-personal information by aggregating it, de-identifying it, or otherwise anonymizing it so that it does not directly or indirectly identify you and cannot, with reasonable efforts, resources, and technologies, be used to reidentify you..
Our Website, and the services we provide to our clients, are not directed to or intended for individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that a child under the age of 16 has provided us with personal information, we will take steps to delete such information. If you become aware that a child under the age of 16 has provided us with personal information, please contact us at firstname.lastname@example.org.
California Privacy Rights
California Civil Code Section 1798.83 permits Website users who are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please contact us at email@example.com.
This policy applies to the processing by TMT Digital, Inc dba The Media Trust (“TMT”)of personal information in connection with the provision of our digital advertising and website security services (“TMT Services”) to our business customers (“Clients”) relating to end-users (“you”) which we may collect via our client-specific services platform at www.themediatrust.com, (“Client Website”) and/or our Client’s own digital properties and/or content. Our use of this information is restricted by our agreements with our Clients. This policy is meant to articulate how we enable and safeguard privacy in connection with such processing.
This policy applies to the personal information collected from you or inferred about you through your use of TMT Client Website and your interactions with our Client’s own digital properties and/or content.
Our Client Website is intended for use by Clients, and is operated by us on behalf of our Clients. Where you are accessing the Client Website in your capacity as a worker of one of our Clients, your use of the Client Website maybe subject to that Client’s policies, if any.
This policy applies to the limited personal information we may collect and use for our own purposes as a data controller in connection with user authentication into Client Website and user experience (UX) research, and it covers personal information we process on behalf of our Clients as a data processor through their use TMT Services received by your Organization from TMT’s Operations Team. It’s primarily our Clients, as the data controller, that control what personal information about you that we collect and how we use it.
If you have privacy related questions or concerns about a Client’s privacy practices or the choices that Client has made to share your information with us or any other third party, you should refer to that Client’s privacy policies, and reach out to the individual(s) who manage the TMT vendor relationship at that Client.
TMT would not be responsible for the privacy or security requirements of our Clients outside of the services we provide; which may differ from those set forth in this policy.
If you have any questions about this policy, please reach out to the TMT team using the “Contact Us” section of this policy.
2. What we collect, why, and how we use it
At TMT we take the security of personal information very seriously. In line with industry best practice, we collect personal information directly from you in connection with your use of the Client Website. We also collect personal information from you if you visit or interact with our Client’s digital properties and/or content, and that information is used to facilitate the delivery of the TMT Services to our Clients, including monitoring the assets, providing support, and for TMT’s own analytics and product improvement purposes (“Usage Data”) as mentioned in Table 1.1 below.
Information collected or shared with our subprocessors:
Our third party providers (also known as ‘subprocessors’) only receive personal information about you for the limited purposes of providing us with their services. Examples of those third parties include, but are not limited to:
- Email delivery;
- Customer collaboration and communications solutions;
- Software development and analytics solutions;
- Application log aggregation systems; and
- Cloud infrastructure services.
Our subprocessor list can be requested via Contact Us.
Information collected via cookies:
Personal information may be collected via cookies and tracking technologies embedded within TMT Services. Cookies are small pieces of information that a website sends to your computer’s hard drive while you are viewing the website. We use tracking cookies, such as Google Analytics and Hotjar, to record the Services’ user activity and report on what pages and features users utilize.
If you’d like additional information regarding cookies, or if you decide at any time that you no longer wish to accept cookies, other than those necessarily required for the function and operation of Services and the delivery of our Services, please contact us at firstname.lastname@example.org or submitting a form via our website Contact Us.
Do not track browser settings:
Some Internet browsers like Firefox, Internet Explorer, and Safari include the ability to transmit “Do Not Track” or “DNT” signals. Since uniform standards for “DNT” signals have not been adopted, we do not currently process or respond to “DNT” signals. To learn more about “DNT”, please visit “All About Do Not Track“.
Our subprocessor list can be requested via Contact Us.
4. Legal grounds for processing personal information
Where we collect your personal data, in our capacity as our Client’s processor, it is our Client’s responsibility to ensure we have a lawful basis to do so. However typically our Client’s will rely on the fact it is in their legitimate interest to use our services for the following purposes:
- Detecting and preventing malicious, fraudulent, invalid, or illegal activity.
- Identifying malicious patterns and affected advertising and/or website content.
- Safeguarding the consumer experience from unwanted content.
Where we collect your data in our capacity as a controller (i.e., for user authentication and UX research), we rely on our legitimate interest of ensuring the safety of the Client Website and to provide the best possible experience to Clients and users.
5. We go to great lengths to keep personal information safe
We use industry best practices that are the most appropriate administrative, organizational, technical and physical measures designed to protect the personal information that our customers provide to us. For example, TMT employs at various points in our infrastructure logical and physical access controls, encryption, firewalls, intrusion detection and network monitoring, and secure development practices.
Only authorized personnel have access to the personal information you provide, and each TMT employee with access to personal information is obligated to maintain its integrity and confidentiality.
If you have reason to believe that your interaction with us is no longer secure, you should immediately Contact us.
6. Your data privacy rights and choices
TMT respects you and your privacy and data protection rights. Depending on where you live, the kinds of personal information we’ve collected about you, and the nature of how we process it, you’ll be able to exercise certain rights over your personal information based on regulations and laws that apply.
Residents of the European Economic Area (EEA), the United Kingdom, and Switzerland:
Under applicable data protection and privacy laws in the EEA and UK, you have the right: (i) to obtain copies of your personal data; (ii) to have your personal data corrected or deleted; (iii) to limit the way in which your personal data is used; (iv) to object to our use of your personal data; (v) to transfer your personal data; (vi) not to be subject to decisions based on automated processing (including profiling); and (vii) to complain to a supervisory authority.
If you would like to exercise any of your rights, please submit a privacy request via the contact us link on our web site www.mediatrust.com. Or you may contact us via telephone at +1 703.893.0325 or via email to email@example.com
Please note TMT responds to only verifiable privacy requests received from individuals who wish to exercise their privacy and data protection rights in accordance with the European Union General Data Protection Regulation (EU GDPR).
We prefer to answer your questions, requests, and concerns about how we handle personal information directly. We will make good faith efforts to honor reasonable requests submitted to us. You do have the right to lodge a complaint with EU Data Protection Authorities (DPAs) about TMT’s collection and use of your personal information. For the contact information of the Data Protection Authorities for each European Union Member State, please click here.
EU IAB TCF Certification
TMT participates and complies with the rules of an advertising industry framework called the IAB Europe Transparency & Consent Framework (“IAB TCF”), which consists of a set of technical specifications and policies to which members must adhere. IAB TCF is designed to ensure that end users are provided with a choice as to the purposes for which their personal data is processed and the companies that are permitted to process their data.
TMT’s IAB TCF identification number is 1044
California residents rights under the California Consumer Privacy Act (‘CCPA’):
TMT operates as a Business to Business (‘B2B’) cyber security operations company, and the CCPA provides consumers (California residents) with specific rights regarding the processing of their personal info. TMT only responds to verifiable requests received from individuals who wish to exercise their privacy and data protection rights in accordance with applicable data protection laws. When contacting us, please provide us with detailed information about the personal information requesting we correct, update, amend, or remove, and the timeframe and manner in which we came to collect your personal info.
We will not sell, trade, or rent personal information of a California resident. Specific to the personal information we are responsible for as a data processor in our Services, if you would no longer like to be contacted by one of our customers or would like to have your personal information corrected, updated, amended, or removed, please contact our TMT customer (“the data controller”) directly. Requests submitted via our contact us link, which pertain to personal information we hold as a data processor, will be deferred to your Organization.
TMT will not discriminate against you or our customers (e.g., through denying Services, or providing a different level or quality) for exercising any of the privacy and data protection rights afforded to you.
Subject to exceptions, we can receive requests for disclosure or deletion of personal information that we handle as a Data Controller. Requests may be submitted via the contact us link on our web site.
If TMT obtained your personal information via a third party acting on your behalf, you should contact the company/entity or person you provided your information to.
7. How long we keep personal info
We keep your personal information only for as long as it is warranted to provide our Services, fulfill our commitments to your Organization, and/or adhere to legal or regulatory requirements. Certain personal information may be kept and archived beyond our relationship or the end of our Services, as required for legitimate interests such as recordkeeping, backing up Services data, statistical insights/metrics for product enhancement purposes, for example. Notwithstanding outside legal, regulatory, or contractual restrictions, TMT will retain the following Services and Services data based on the schedule outlined below:
- We retain malware incident data for the contract life of each customer, except for data that is required to provide context for investigations and incidents, in which case that will be retained for up to the life of the Agreement
- Malware incident data includes all investigative findings, derived data, comments, timeline, etc.
- Derived Media Filter data (blocks or notifications) – 24 months from the time of collection, or 30 days after termination of Agreement, whichever comes first
- Insights/statistical data – TMT can retain this data indefinitely
TMT adopts a data minimization approach when it comes to personal information that we retain beyond one (1) year. When personal information is deemed expired, no longer needed, and does not have to be retained, we follow industry best practices with the secure deletion, destruction, and anonymization of personal data, depending on what method is systematically and procedurally possible, most secure, and what our related retention commitments are. As retention periods lapse, we use automated processes through periodic audits to identify and securely delete personal info. If automated deletion is not possible, secure manual deletion may be performed.
8. International data transfers
Personal information may be transferred, stored, and processed by us or our third party vendors in countries whose data protection laws and regulations may be different to those of your country.
TMT only permits cross border (‘international’) transfers of personal information made between countries or regions when supported by an appropriate legal agreement or an alternative provision that ensures sufficient safeguards and obligations to personal information rights are commensurate. The sufficiency of these agreements and provisions depend on the countries or regions the personal information is transferred from and to. Examples of agreements and provisions that may be suitable for transfers (depending on the nature of the international exchange) include, but are not limited to, the following:
- The nation or region where personal information is transferred from recognizes the nation or region where personal information is transferred to as having adequate protections in place.
- Standard data protection clauses are established.
- An approved code of conduct is in place that is paired with binding and enforceable commitments set upon the organization in the third country.
- An approved certification mechanism (e.g., a safe harbor such as the Privacy Shield in the U.S.) is in place that
9. Children’s privacy
We do not knowingly collect information relating to children. If we learn that we have collected personal information from an individual deemed to be under the age of 16, we will take appropriate measures to investigate and address the issue promptly. The use of our Services are specifically for delivering cyber security operations solutions to businesses and not children.
Changes to this Privacy Statement
Questions, Complaints, and Additional Information
If you have questions, complaints, or concerns about this Privacy Statement, your personal information, or our use and disclosure practices, or you wish to exercise your options as described in this Privacy Statement, please contact us at firstname.lastname@example.org.
TMT Digital, Inc.
Attn: Security and Privacy Team
PO Box 8056
McLean, VA 22106