This document sets forth the security standards to be maintained and implemented by MMGY Global, Inc. and its affiliated companies (“MMGWorks” or “we”) to secure personal information. MMGWorks is very sensitive to privacy issues. We respect individuals’ right to privacy and feel it is important for them and our Clients to know how we handle the information we receive from them via the Internet. In general, you can visit www.mmgyglobal.com and the websites of our clients without revealing any personal information about yourself other than selecting a country or language. If you choose to provide MMGWorks or sites MMGWorks develops with personal information, it may be necessary in some cases for us to provide your information to MMGWorks contractors or agents in order to respond to your inquiry.
MMGY Global, Inc. is a marketing communications company that provides products and services to support our customers advertising and communications needs. In our operations, we often possess personal information that identifies individuals and other proprietary information about our customers. Preservation of, and respect for, our customers' trust is critical to our continued success. Therefore, we will always treat such information:
- Confidentially, according to applicable laws.
- Appropriately, according to the promises we make to our customers.
- Respectfully, according to our common concern for the sensitive nature of such information.
Information Security: We maintain physical, electronic and administrative security standards and procedures to safeguard our data and systems. Our employees are educated on the importance of our privacy and security policies and must comply with them. Employees are permitted to access and use only that personal and proprietary information they need to perform their job duties.
Information Processing: We strive to use only the amount of personal and proprietary information necessary for research, analytical, or derivative product development purposes that are consistent with:
- Our core business mission to provide high-quality marketing services to our customers;
- Our contractual and legal obligations to customers, data controllers and individuals from whom we receive such information; and
- Applicable law.
We have procedures to maintain the accuracy of information while in our care. We do not maintain personal information longer than necessary to comply with the above listed principles.
- When we receive personal information from customers or other data controllers as a business associate, we rely on their obligations to provide individuals with any required notice and consent for the intended purpose or we obtain additional consent/authorization as necessary. We process personal information obtained from research in accordance with the individual's informed consent, applicable U.S. law and international guidelines governing protection.
- When we collect personal information directly from individuals on behalf of a Client, we will provide such individuals with:
- Notice about the intended use and disclosure of their information;
- Choice before using or disclosing their information for any other purpose; and
- The ability to access and correct their information where required by applicable law.
Information Disclosure: We will not disclose to any third party personal or proprietary information which we obtain in the course of providing products and services to our Clients, except: (1) as required by applicable law, or (2) consistent with applicable law and our obligations to the customer, data controller and/or individual from whom we received the information, as follows:
- We may disclose personal information to a service provider to perform a specific service on our behalf, but only when consistent with this policy and subject to the service provider’s agreement that:
- It will not use the information for any other purpose;
- It will conform to MMGWorks ’s privacy and security obligations; and
- It will permit audits of its compliance with MMGWorks ’s privacy and security obligations.
Personal or proprietary information may be included in assets transferred as part of a merger or sale of the MMGWorks ’s business or assets.
Website Privacy: We do not identify visitors to MMGWorks ’s Internet website unless they choose to identify themselves, such as to obtain information about products or services.
- Our website may deposit a small file called a "cookie" on a visitor's computer hard drive to personalize their experience or track aggregate site visitation statistics. Visitors may choose to use technologies to block such "cookies," but in some cases they may not have access to the full functionality of the website.
- We may record a website visitor's Internet Protocol (IP) address for security reasons and to evaluate how our website is being used. We do not use IP addresses to identify individuals.
MMGWorks ’s website is not designed to attract children; and we do not collect or maintain information from our website from individuals that we actually know are under the age of 13 years.
Information Collected: MMGWorks only collects information from website users on a voluntary basis, information such as name, mailing address and e-mail address which allows our clients to address the needs and request of the user. Most e-commerce transactions are done on third party websites and not on MMGWorks servers. When visitors send email inquiries to MMGWorks , the return email address is used to answer the email inquiry we receive. MMGWorks does not use the return email address for any other purpose and does not share the return email address with any third party.
Who is responsible: Every member of MMGWorks ’s Interactive and IT departments are responsible for maintaining the privacy and security of any information collected by MMGWorks on behalf of our customers. Individual employees are responsible for maintaining the security and confidentiality of data in their possession, such as hardcopy reports or data downloaded to their workstations. Individuals must report to the appropriate security administrator any known breach of application or system security.
How information is stored: Data collected is generally stored in secure databases. The information can only be accessed with a username and password. The servers hosting the databases are located in a separate secure facility with 24 hour guard services and access card secured server rooms. Each server requires an administrator user name and password to access.
How information is accessed: Most areas of our websites are accessed without the need for security. In some instances we develop secure “member only” areas of websites that require a user name and password. We use Verisign secure site certificates for any pages requiring the user to enter sensitive data.
How information is transferred: If information needs to be transferred at the request of our client or vendor, either a secure FTP site is utilized and/or the files are encrypted with a password.
How information is disposed of: All data shall be disposed of when it has exceeded its required retention period, or it is no longer needed for the operation of MMGWorks or its clients. Electronic information is purged from databases and hard drives. Hard drives will be low-level formatted if appropriate.
How access is controlled: Only those users who have valid business reasons (as determined by MMGWorks in its sole discretion) for accessing computers, systems, or data are granted access. Access privileges are determined by a person's job duties. Access is granted by means of a computer account which has an associated user name and password. Access is permitted only for the specific business purposes required to process the data.
When a user no longer works for MMGWorks or assumes different job duties within MMGWorks , it is the responsibility of his or her manager or supervisor to request that his or her user name be deleted, at the latest, by the date of termination or transfer.
Access to computer accounts may be suspended at any time if security violations or misuse are suspected. A user account will be suspended when if an incorrect password is entered five consecutive times.
How individuals are trained in security practices: Application system developers and installers shall provide user training on security issues when new systems are installed. Copies of production data should not be used for purposes that may compromise the confidentiality of individuals or organizations.
Consequences for failure to comply: Any MMGWorks employee failing to comply with any portion of this privacy and security policy will be disciplined by MMGWorks in its sole discretion, up to and including termination of employment. Any vendor or contractor of MMGWorks failing to comply will be in breach of contract and will be subject to the exercise of MMGWorks ’s legal rights and remedies, including termination of contract.
Security review: MMGWorks ’s IT personal shall conduct bi-annual security reviews of all MMGWorks servers. Appropriate changes to access and security systems are taken immediately.Updates: MMGWorks may amend this Policy from time to time. These changes will be posted online and shall take effect as soon as they are posted.