Effective as of 1 March 2021
Mediaocean Headquarters – 120 Broadway , New York, 10271, United States
Mediaocean Shanghai – OF-125, Level 4 WeWork, 627 Middle Huaihai Road, Huangpu District, Shanghai, China
Mediaocean Melbourne – 31-33 Bank Street, South Melbourne, Victoria 3205, Australia
Mediaocean Sydney – Unit 11 Level 1, 1-7 Jordan Street, Gladesville, New South Wales 2111, Australia
Information we collect about you
We may collect and process the following information about you:
- Your name, your email address and other business contact details;
- Your training profile, including details of courses you’ve attended and courses that you’re due to complete;
- Information that you provide by filling in forms on www.mediaocean.cn (our website) or on Mediaocean Support; when you contact us, or when we contact you;
- If you contact us, we keep a record of that correspondence; if you call our Support team, we retain a recording of the phone call for a limited period for training purposes;
- Records of pages and features you’ve used within our Web applications (but not of the data you’ve entered into those applications)
- Results from surveys that we may ask you to complete for research purposes, although you don’t have to respond to them; and
- Details of your visits to our websites including, but not limited to, traffic data, location data, weblogs and other communication data and the resources that you access. We may collect information about your computer, including your IP address, operating system and browser type, for system administration.
We do not collect Sensitive Information about you.
We use your Personal Information in the following ways:
- To enhance or improve your experience on our website and/or with our products & services generally;
- To contact you where necessary or appropriate, for example if you have a query;
- To provide you with information, products, or services that you request from us and notify you of any changes to these;
- To help us keep the information that we hold about you up-to-date;
- To carry out obligations arising from contracts entered into between the client company and us;
- To keep your information secure. To minimize the risk of unauthorized access to your information, we may use some of your information to authenticate you when using our website or when you contact us by telephone.
You won’t be able to use our online support services if you are not willing to provide this information.
How we store and share your information
Mediaocean uses cloud-based software solutions for customer relationship management, support and incident management, and marketing communications. These run at Tier III, SOC1, SOC2, or ISO 27001 compliant data centres located in the USA. Mediaocean shares your name and business contact details with these providers for the purpose of operating the websites, and the information is used strictly for the purposes described above. Mediaocean uses additional hosted or cloud-based software solutions in the USA to facilitate internal processes.
Personal Information collected from users in China will be transferred from time to time to the USA, and may be transferred to any other countries where Mediaocean group companies have offices (Australia, Canada, France, Germany, India, Singapore, Malaysia, UK, USA). Data transfer agreements have been put in place with other Mediaocean entities within the group to ensure protection of Personal Information in line with data protection laws.
We retain your Personal Information in accordance with Mediaocean’s Data and Document Retention Policies. These policies define retention rules based on the nature of the information and the purpose for which it is required. We destroy or dispose of all Personal Information securely when it is no longer needed.
Information in our hosted systems
The hosted services which Mediaocean provides in China run at AWS in China. Where Personal Information is collected, stored or used by our client companies using these hosted systems, please note that we act only as a Data Processor. The client company is the Data Controller and is responsible for data protection obligations pertaining to its notification, collection, accuracy, and timely disposal. The client company is also responsible for arrangements to enable you to access your own Personal Information, subject to confirmation of identification, for authorizing disclosure to Third Parties, and for breach notifications to relevant state or provincial agencies and to users, in case of a security incident. As a Data Processor, Mediaocean’s responsibilities for this data are to:
- Process the Personal Information only on documented instructions from the client company
- Ensure that all persons we authorize to process the Personal Information understand and respect the confidential nature of this information
- Make provisions for the security, availability and integrity of data on our systems, including where we have appointed Sub-processors to help us deliver our services to our clients
- In the event that there is a security incident, provide the client company with the information they need to make statutory breach notifications.
Our clients may ask us to process the following types of Personal Information about their employees:
- User credentials, including user names and passwords;
- Logs of actions you have taken within our systems in application logs, usage analysis and audit trails;
- Business contact details for our clients’ employees, and possibly their vendors’ or clients’ employees, for example to facilitate order or payment processes, or to ensure delivery of printed output to the correct person
We do not process Sensitive Information about you unless you provide this to us.
We retain Personal Information within our hosted systems in accordance with Mediaocean’s Data and Document Retention Policies. These policies define retention rules based on the nature of the information and the purpose for which it is required. We destroy or dispose of all Personal Information securely when it is no longer needed.
How we keep your information secure
All information you provide to us is either stored on our secure servers at our data centre, or else in secure cloud solutions as described above. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website or to use Mediaocean applications, you’re responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we’ll do our best to protect your Personal Information, we can’t guarantee the security of your Personal Information transmitted to our website; any transmission is at your own risk. Once we have received your information, we’ll use strict procedures and security features to try to prevent unauthorised access.
Logical access tools have been put in place to ensure that access to Personal Information is appropriately restricted. Administrative access to the information is restricted to authorized personnel. Physical and network security measures are in place to restrict access to the computing equipment. The security measures that we have in place to protect Personal Information are certified annually. We also obtain security reports from our cloud service providers to ensure that they are adhering to the required standards.
Your rights under this Policy
You have the right to opt-out of any use of your Personal Information for marketing purposes by contacting us or by unsubscribing using the link provided at the bottom of our emails. You may also demand access to, deletion or correction of the Personal Information we hold about you. In addition, you have a right, on certain grounds, to object to the processing of your Personal Information. For more information about how to do this, please see the section on Complaints below. Mediaocean reserves the right to make a small administrative charge for the handling of such requests.
Children under the Age of 13
Our websites and services are not intended for children under 13 years of age. No one under age 13 may provide any Personal Information to or on the website. We do not knowingly collect Personal Information from children under 13. If you are under 13, do not use or provide any information on this website or on or through any of its features. If we learn we have collected or received Personal Information from a child under 13 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 13, please contact us at Infosec&Compliance@mediaocean.com.
We will cooperate with relevant state or provincial agencies and law enforcement and judicial authorities in investigating any privacy complaints or suspected violations of privacy laws or Mediaocean’s privacy commitments, as well as in rectifying any noncompliant practices. Employees or contractors who violate the terms of these principles may be subject to disciplinary consequences up to and including termination of employment or termination or non-renewal of contract, in addition to any other legal measures that may be taken by Mediaocean, its clients, or the affected individuals and their representatives.
- Personal Information is any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier, regardless of the medium or format in which the information is stored.
- A Third Party is an entity or person other than you, Mediaocean or its clients.
- Sensitive Information consists of Special Categories of Personal Data as defined by the EU General Data Protection Regulation, that is, information about racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic or biometric data, health information, or sex life/orientation.