CleanMyMac Business Privacy Notice CleanMyMac Business Version 1.0
Effective Date: 07 January, 2025
At MacPaw, we care about your privacy and are committed to protecting it. This Privacy Notice (“Notice” or “Privacy Notice”) will help you understand who we are, how we operate, what Personal Data we collect, how we use it, on what legal grounds we rely when processing your Personal Data, how we keep your Personal Data secure, as well as your privacy rights and our commitments to comply with them, according to applicable Data Protection Laws (as defined below in the section “Definitions”).
I. APPLICABILITY OF THIS PRIVACY NOTICE
This Privacy Notice applies to the CleanMyMac Business website, client dashboard, and desktop application (collectively referred to as the “Product” or “Products”) and the “Site.” It governs processing of Personal data in all interactions with us, the Product, and/or related services associated with CleanMyMac Business. The core functionality of the Product is described in our Terms of Service (Terms). If you do not agree with this Privacy Notice, please refrain from accessing or using the Products and/or the Site.
The data controller of Your Personal Data is
MacPaw Way Ltd. (hereinafter “We/we”, “Us/us”, “Our/our” or “MacPaw”)
registration number 428214
Registered address: 25 Serifou, Allure Center 11, Office No. 11-12, 2nd Floor, 3046 Zakaki, Limassol, Cyprus
MacPaw has contracts with all Data Processors (Third Parties) that it uses in compliance with applicable data protection legislation and ensures that all Data Processors are compliant with the applicable data protection legislation. To learn more, go to the section “Third Party Information and Personal Data Disclosure” of this Privacy Notice.
This Privacy Notice does not apply to:
- Third-party services. Where third-party services are used, and the third party is not a Data Processor, no Personal Data (as defined below) is shared with them; and
- Personal Data that we process about you when you interact as a user with other products/services or our branded social media pages under the brand name “MacPaw” (including products and services offered by CleanMyMac). In such cases, the relevant privacy notice of each product/service you interact with will apply accordingly.
- Anonymized data.
Our Product(s) and/or the Site are not intended for individuals who are considered minors under the applicable legislation in their country of residence. We do not knowingly collect or process Personal Data from individuals who have not reached the age of majority as stipulated by relevant laws. If you are a minor according to the applicable legislation, please do not use Our Product(s) and/or the Site and do not provide us with any Personal Data. Should we become aware that we have inadvertently collected Personal Data from a minor without the necessary parental consent, we will take steps to delete such information promptly. If you are a parent or legal guardian and believe that your child, who is considered a minor under the relevant laws, has provided us with Personal Data, please contact us at [email protected] to exercise your rights, including the right to access, correct, or request the deletion of the data.
We do not collect and/or process any special categories of Personal Data about You (this includes details about Your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about Your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offenses.
Information collected by third parties is governed by their privacy practices and data transfer contractual commitments. To find out more, please refer to the section “Third-Party Information and Personal Data Disclosure” below.
II. DEFINITIONS
Capitalised terms used in this Privacy Notice and not otherwise defined shall have the meanings provided below:
Data Processor means a natural or legal person, public authority, agency or other body which processes Personal Data on behalf of MacPaw.
Data Protection Laws means any applicable data protection or privacy laws or regulations as may be amended or superseded from time to time, including but not limited to: i) the EU General Data Protection Regulation (“GDPR”) as implemented by countries within the EEA; ii) the UK General Data Protection Regulation and Data Protection Act 2018, as amended by Brexit legislation (“UK GDPR”); iii) the California Consumer Privacy Act (“CCPA”) and California’s Shine the Light law; and iv) any other applicable Data Protection Legislation and/or other laws or regulations that are similar, equivalent to, successors to, or that are intended to implement the laws or regulations applicable to you in relation to the transmission and processing of your Personal Data under this Privacy Notice.
Device means a portable computer, equipped with macOS that belongs to You and used by Member and Administrator.
Personal Data (or Personal Information) means any information relating to an identified or identifiable natural person.
Special Categories of Data means Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data and data concerning health or a person’s sex life or sexual orientation. By default, the Special Categories of Data are not processed in any way by the Product or Site.
Administrator means the principal user of the Product and responsible person for managing Accounts in Your organisation. You authorize the Administrator to manage Accounts in your Organisation. We process Administrator’s Personal Data on your behalf.
Processing/Processed refers to any operation or set of operations performed on Personal Data, as defined under applicable Data Protection Laws.
Standard Contractual Clauses means i) where the EU GDPR applies, the contractual clauses annexed to the European Commission's Implementing Decision 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of Personal Data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council incorporating Module 1 (Controller to Controller transfers) (EU SCCs); and ii) where the UK GDPR applies, the template Addendum B.1.0 issued by the UK's Information Commissioner's Office and approved by Parliament in accordance with s119A of the Data Protection Act 2018 (UK Approved Addendum) and the accompanying Mandatory Clauses of the UK Approved Addendum, as updated from time to time and/or replaced by any further version published by the Information Commissioner's Office (UK Mandatory Clauses)
Member(s) means person (e.g. employee or contractor of Your organisation) who was designated as such by You through the Organisation Account and registered to use Product on its Device by means of installing it and registering the Account. We process Members' Personal Data on Your behalf.
You (or “Owner”) means owner of an Organisation Account. You own all the rights for Your Organisation Account.
The terminology used in this Privacy Notice is defined specifically for this document and may differ from the terminology used in other documents (e.g. Terms of Service) or the Services.
III. JOINT CONTROLLERSHIP STATEMENT
Given the meaning of the core functionality of our Product (s) and/or the Site and related Services, as well as terms and conditions set forth in Terms, the entity managing the joint processing of Personal Data of Members and Administrator of Organisation(s), is Business Customer (You).
The Owner (You) will act in the capacity of main joint Data Controller of Personal Data of Members and Administrator, in particular to ensure compliance with Members and Administrator’ rights granted as to the data subjects, and MacPaw (We) will act as secondary joint Data Controller of Personal Data of Members and Administrator, unless otherwise required by the applicable laws and regulations or governed by separate Data Processing Terms between Parties. The Joint Controllership Statement is the integral part of this Privacy Notice and can be found here.
IV. INFORMATION WE COLLECT AND PURPOSES
We collect Information that, alone or in combination with other data, could be used to identify You, Member and Administrator. Some of the Information We collect is stored by using anonymisation instruments that cannot be linked back to You (Non-Personal Data). In the table below we provide what Personal Data we collect and process, as well as the purposes of processing.
The detailed information on the legal basis for collection We rely on when offering You Product (s) and/or the Site and related Services, storage and processing of each type of Personal Data is provided in “Legal basis we rely on” section of Privacy Notice.
Data Subject | Personal Data and Device Information (PII) | Purposes of processing |
|---|---|---|
You (Owner) | Contact data, Account data, Location and Log data, Product (s) and Site Usage Data, List of applications on Device, Device Information, and Unique Customer Identifier, Marketing Data; Cookie data gathered from Site and other Site Usage Data |
|
Members | Contact data, Account data, Location and Log data, Product (s) and Site Usage Data, List of applications on Device, Device Information, Information about security settings, and Unique Customer Identifier |
|
Administrator | Contact data, Account data, Location and Log data, Product (s) and Site Usage Data, List of applications on Device, Device Information, Information about security settings, and Unique Customer Identifier |
|
In addition to the information provided in this section, we offer detailed explanations and definitions of Personal Data, other personally identifiable information, and technical data that identify, relate to, describe, reference, or could reasonably be linked, directly or indirectly, to a specific Owner, Member, Administrator, or Device. We also explain why this data is necessary.
- Contact data namely, Your email and name, as well as Your organisation’s name and address. This information is needed to complete the sign-up form, conclude Terms with You, provide You with Our Product, updates and communicate with You. We also keep Your Members and Administrator’s contact data such as email and name.
- Account data includes email, name and data required in sign-up form that is sent to you directly, Your Unique Account ID and payment status. By filling in the sign-up form with all required data, We will create an Account for You with Your Unique Account ID, and You will be successfully joined to the Product. When You join the Product, You can invite Your Members to use our Product. Only You and the Administrator can manage access of Members to the Service. We don’t directly communicate with Your Members. Your Account data also includes video call recordings during Your acquisition and onboarding (per Your permission only).
- Location information. This is the geographic area where You, Member, or Administrator use Devices (as indicated by an Internet Protocol [IP] address or similar identifier) when interacting with Our Site and/or Product (s). This information might be necessary to determine Your general geographic location, applicable legislation and provide You with customised, localised and personalised content. We will not track Your concrete geographic location.
- Log data. As with most websites and technology services delivered over the Internet, Our servers automatically collect data when You access or use Our Site and/or Product (s) and record it in log files. This log data may include browser type and settings, the date and time of use, information about browser configuration, language preferences, and cookie data. This information is needed to ensure security of Our systems, prevent, detect and investigate potentially prohibited or illegal activities, including fraud, and to enforce Terms.
- Product (s) and Site Usage Data. This is information about the Site and/or Product (s) You use and how You use them, in-app usage events and actions, used by Us to understand your behaviour, analyze and optimize it. We may also obtain data from Our third-party partners and service providers to analyze how users use Our Site and/or Product (s). For example, We will know how many users access a specific page on the Site and which links they clicked on. We use this aggregated information to better understand and optimize the Site and/or Product (s). Please note that when we process Product (s) and Site Usage Data for behavioral advertisement, to measure the effectiveness of advertising campaigns, we rely on your consent. When we process Product (s) and Site Usage Data for fraud prevention, correcting errors and bug fixing, as well as technical improvements, we rely on Our legitimate interests. To find more, please refer to the section “Legal Basis we rely on” below.
- List of applications on Device means applications on Yours, Administrator and Members’ Devices that You and Administrator can monitor and take any actions. Note that the list of applications on Members’ Devices to be checked and monitored shall be created on Your side. We will not have access to the List of applications on Your and Members’ Devices.
- Information about security settings on Devices, such as system integrity protection status, FileVault status, Screen Lock Password Immediate status, Password Last Set Time, security policies and security system settings such as System Integrity Protection (SIP).
- Device Information (or Device data) means data from the Device, such as the type of hardware and software in use (for example, operating system and browser type), Device UUID, Device model, Device serial number, unique malware ID on the Device, macOS Device version, and Device system settings. This data is needed to provide you with the core Product’s functionality according to the Terms, services for malware detection, detection, and monitoring of the list of applications on the Device, as well as to ensure compatibility, provide maintenance, and update our services. Technical Device Information is not Personal Data (except for the list of data provided above, identified as Personal Data according to this Privacy Notice) and cannot be directly attributed to you, Administrator of Organisation and Members.
- MacPaw Account ID (or Unique Customer Identifier) is Your unique identifier, which helps you to access Products and Services through your personal Account from different Devices and manage Your subscriptions. We use it to identify your purchased subscriptions and grant access to our Services. MacPaw Account ID helps us to manage your access and subscription (s), identify fraudulent activity and fix the errors (if any). Please, take a note that MacPaw Account ID is a necessary identifier to provide you with our Services. We may use Your MacPaw Account ID to analyze the use of the Site and Product. We do not share Your MacPaw Account ID to any external third parties beyond MacPaw.
- Marketing data refers to information collected through cookies and similar technologies, as well as data shared by third-party social media and advertising platforms (e.g., Google, LinkedIn, Facebook) when you interact with us. For example, this may occur when we contact you on LinkedIn to invite you to test our Product and complete onboarding. With your consent, these third-party platforms may share your Personal Data to personalize your experience and deliver content relevant to your interests, including targeted offers. For more details, please review our Cookie Notice. You can also find additional information about third-party social media and advertising practices in Section VII of this Notice.
Technical Information collected by "Malware automation” functionality
Our “Malware automation” function performs malware scans to protect You by identifying malware, detecting suspicious behaviour of applications, and improving the state of the Devices. For this purpose, we may collect technical data (files that generally do not contain Personal Data, like binary files, executable files, system files, etc.) identified by the product as potentially infected, together with information about the nature of identified threats. These files will be evaluated only for the presence of a threat or malware. We apply appropriate safeguards to retain and anonymize these files from any other data that may be classified as Personal Data, so it hinders any personal identifiers. We collect only information that is required to provide malware protection and threat analysis. These files are being stored for a limited time, depending on their usefulness for security needs. The legal basis for processing is the performance of Terms with You.
V. COOKIE FILES AND SIMILAR TECHNOLOGIES
We use cookies and similar technologies to provide, analyze, understand, and enhance the use of our Services; enforce our Terms of Service; prevent fraud; improve Site performance; monitor visitor traffic and actions on our Site; deliver and tailor our marketing activities; and understand your interactions with us. Our Site and Services may also include cookies and similar tracking technologies from third parties (e.g., Google, LinkedIn, Facebook), which may collect information about you via our Site and Services and across other websites and online services.
We preserve your privacy when we collect your Product(s) and Site Usage Data for our internal analytical purposes. We have developed our own analytics data module that removes any Personal Data and Personally Identifiable Information when you do not provide your consent (including Google clientid, Google gclid) and replaces it with random identifiers that cannot be directly linked to you, so that we gather only aggregated information. For more details about how we use this technology, as well as processing your Personal Data when you consent to it, please see our Cookie Notice. To find more about how we conduct customer surveys, and other marketing and analytics campaigns when we rely on your consent, go to the section “Customer Surveys and Conducting Analytics Campaigns” below.
To find more about how we use cookies and similar technologies, visit our Cookie Notice.
VI. LEGAL BASIS WE RELY ON
In addition to Section III, we provide information on the legal basis we rely on in table format. Our legal basis for collecting and using Personal Data depends on the scope of the Personal Data concerned and the purposes for which we collect it. In most cases, the lawful basis will be that the processing (i) is necessary for our legitimate interests in carrying out our business with you, including direct marketing, provided those interests are not outweighed by your rights and interests; (ii) is necessary to perform an Terms with you; (iii) is necessary to perform our legal obligations according to the applicable laws and regulations (for example, tax and accounting, data protection, and consumer protection); or (iv) is for enforcing or protecting our legal rights or to establish, bring, or defend legal claims according to applicable laws and regulations.
Where processing is based on your consent, we will identify the processing purposes and provide you with an immediate consent form containing relevant information.
Purpose of Processing | Personal Data and Device Information (PII) | Legal basis |
Owner To offer You Product (s) and/or the Site and related Services according to Terms and to communicate with You for the purposes of execution of Terms and this Privacy Notice; To conclude Terms with You, provide You with Our Services (sign-up form completion, onboarding, support, dedicated offers, etc.) | Contact data, Account data, Location and Log data, Product (s) and Site Usage Data, Marketing data; cookie data gathered from Site and other Site Usage Data; Mac Health; Information about security settings |
|
To detect malware on Devices; to create an Account, provide updates, troubleshootings and communicate with You | Contact data, Account data, Location and Log data, Product (s) and Site Usage Data, List of applications on Device, Device Information, Information about security settings, and Unique Customer Identifier |
|
For our internal analytics for the purposes of improving Our Product (s) and/or the Site and related Services, and to generate statistical reports containing aggregated information | Contact data, Account data, Location and Log data, Product (s) and Site Usage Data, List of applications on Device, Device Information, and Unique Customer Identifier |
|
To receive feedback about our Product and Services; | Contact data, Account data |
|
To personalize experience and to deliver content relevant to Your interests, including targeted offers through third-party sites and via email; to track and measure the effectiveness of Our marketing campaigns | Contact data, Product (s) and Site Usage Data, Marketing data; cookie data gathered from Site and other Site Usage Data |
|
To send you important notifications and marketing letters; | Contact data, Marketing data |
|
To analyze Mac Health and providing You with reports; | Contact data, Account data, Location and Log data, List of applications on Device, Device Information, Information about security settings, and Unique Customer Identifier |
|
To ensure functionality, interoperability and security of our Product (s) and/or the Site and related Services; to conduct vendor due diligence; and prevent fraud, theft and misconduct | Contact data, Account data, Location and Log data, Product (s) and Site Usage Data, Device Information, cookie data gathered from Site and other Site Usage Data |
|
Comply with our legal obligations, including reporting requirements, and defend ourselves in legal proceedings, and protect our company and our property, employees, and others through legal proceedings | Contact data, Account data, Location and Log data |
|
Members To provide Our Product (s) and/or the Site and related Services on behalf of Owner (to create Account, to manage Devices of Members and settings; support and troubleshooting); For enabling Members to connect to the Administrator’s panel in dashboard | Contact data, Account data, Location and Log data, Product (s) and Site Usage Data, List of applications on Device, Device Information, Information about security settings, and Unique Customer Identifier |
|
To detect malware on Devices | Contact data, Account data, Location and Log data, Product (s) and Site Usage Data, List of applications on Device, Device Information, Information about security settings, and Unique Customer Identifier |
|
For our internal analytics and to generate statistical reports containing aggregated information for the purposes of improving Products and Services; | Contact data, Account data, Location and Log data, Product (s) and Site Usage Data, List of applications on Device, Device Information, and Unique Customer Identifier |
|
Administrator To provide Our Product (s) and/or the Site and related Services on behalf of Owner (to manage Devices of Members and settings; to manage Administrator’s panel in dashboard, support and troubleshooting); | Contact data, Account data, Location and Log data, Unique Customer Identifier; IP Address; Device UUID; Device model; Device serial number; Unique malware ID on Device; Unique Account ID; Device system settings; list of applications on Device; information about security settings on Devices; location information and log data. |
|
To detect malware on Devices | Email, full name, organization’s name; IP Address; Unique Customer Identifier; IP Address; Device UUID; Device model; Device serial number; Unique malware ID on Device; Unique Account ID; Device system settings; list of applications on Device; information about security settings on Devices; location information and log data. |
|
For our internal analytics and to generate statistical reports containing aggregated information for the purposes of improving Products and Services; to receive feedback about our Product and Services | Contact data, Account data, Location and Log data, Product (s) and Site Usage Data, List of applications on Device, Device Information, and Unique Customer Identifier |
|
Ensuring compliance with Members and Administrator’s rights as the data subjects according to data protection laws and regulations are governed by Joint Controllership Statement.
Ensuring compliance with Yours of rights as the data subjects according to Data Protection Laws and can be found in section “Your Rights as the Data Subject” of this Privacy Notice.
If You are a resident of California, please see California Addendum—For Residents of California to this Privacy Notice for additional details on how We handle Your Personal Data and what rights You have as a Data Subject.
If You are a resident of The United Kingdom of Great Britain and Northern Ireland, follow UK General Data Protection Regulation and Data Protection Act 2018, as amended by Brexit legislation (“UK GDPR”) Addendum to this Privacy Notice.
VII. THIRD PARTY INFORMATION AND PERSONAL DATA DISCLOSURE
We receive information from third-party business partners, such as Marketing data and Product(s) and Site Usage Data. In addition, we collect information from public databases or other data you may have made publicly available, such as information posted on professional networks and social media platforms.
MacPaw may receive data about Site visitors, marketing campaigns, and other matters related to our business from affiliates and subsidiaries, our partners, or others that we use to make our Services and content useful and relevant to your interests and expectations. This data may be combined with other information we collect and might include aggregate-level data, such as which IP addresses correspond to zip codes or countries, or it might be more specific—for example, how well an online marketing or email campaign performed.
Some third-party applications and services that work with Us may ask for permission to access Your Personal Data. Those applications will provide You with notice and request Your consent. Please consider Your selection of such applications and services, and Your permissions, carefully. Data collected by third parties through these apps and plugins is subject to each parties’ own policies. We encourage You to read those policies and understand how other companies use Your Personal Data.
In most cases, your Personal Data is processed within the territory of the European Economic Area (EEA). When we transmit your Personal Data beyond EU/EEA regions, we rely on Standard Contractual Clauses as approved by the European Commission (EU-US DPF) and confidentiality obligations, ensuring your Personal Data is handled with care and responsibility. To find more, please follow EU-U.S. DPF, UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF Certification that can be found here.
We are committed to maintaining the highest security standards to protect Your Personal Data both in transit and at rest. To learn more about Our security commitments, go to section “Security and Confidentiality” below.
In the table below we provide You with information about whom we share Your Personal Data, the purposes, as well as transfer mechanisms we rely on when disclosing Your Personal Data to ensure its secure transmission.
Third Party | Purposes and Legal basis | Transfer mechanism and Contractual commitments |
PADDLE.COM MARKET LIMITED Judd House 18-29 Mora Street, GB/London EC1V8BT; or Bright Market, LLC d/b/a FastSpring: Address: 801 Garden Street Suite 201, US/SANTS BARBARA 93101 Please note that We do not retain any payment information provided by You. All such information is provided directly to the Third Party | proceeding of payments, handle returns and providing You with support services according to Terms of Service; to perform Terms of Service with you; Product (s) fulfillment, fraud, prevention; for Our legitimate interests | Data Processing Addendum following this link |
MacPaw Corporate Transactions | MacPaw intra-group sharings between departments of software development, analytics, security IT services, and customer support for Our legitimate interests; For Macpaw merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding; for Our legitimate interests and comply with legal obligations set forth by applicable Data Protection Laws | Standard Contractual Clauses as approved by the European Commission (EU-US DPF) and MacPaw Corporate Confidentiality obligations |
Zendesk 989 Market Street, San Francisco, California 94103 United States | Our customer service solution provider to provide You with information upon your requests; to perform Terms of Service with You and comply with legal obligations set forth by applicable Data Protection Laws | Privacy and data protection commitments can be found here; Binding Corporate Rules can be found here |
Google LLC (USA) | Analytics, communication service and marketing data handling provider to provide You Our Product (s) and/or the Site and to optimize Your user experience, as well as improve content; per Your consent or Our legitimate interests, when applicable. | Standard Contractual Clauses as approved by the European Commission (EU-US DPF). |
CookieYes CookieYes Limited (3 Warren Yard Warren Park, Wolverton Mill, Milton Keynes, MK12 5NW, United Kingdom, company number 13074037, VAT number GB381305513) | Cookie Consent Management Tool to manage collection of cookies and other tracking technologies, to document Your consent and provide You with a clear and transparent cookie banner; to perform Terms of Service with You and comply with legal obligations set forth by applicable Data Protection Laws | Data Processing Terms following this link |
Functional Software, Inc. d/b/a Sentry Sentry, 45 Fremont Street, 8th Floor, San Francisco, CA 94105. | Our SaaS partner in development, maintenance and errors fixing; for Our legitimate interests. | Standard Contractual Clauses as approved by the European Commission (EU-US DPF). EU-U.S. DPF, UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF Certification can be found here. EU-U.S. DPF, UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF Certification can be found here. |
eSputnik RETENTION YES SP. Z.O.O, Warsaw city, Poland Twilio Ireland Limited 70 Sir John Rogerson’s Quay, Dublin 2, D02 R296, Ireland | Our email service partners to send You marketing emails; per Your consent | Data processing Agreement following this link; Data Protection Addendum following this data |
Facebook Ireland Ltd. | Social media provider that we use for the purposes of online marketing, in particular the marketing of advertising space based on Your potential interests and the measurement of their effectiveness of Our marketing and advertising campaign; per Your consent. | When transferring Personal Data outside EU and EEA, Facebook relies on EU-U.S. Data Privacy Framework, and data transfer supplement Meta European Data Transfer Addendum.The Facebook EU-U.S. DPF, UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF Certification can be found here. |
Pipedrive | CRM system used by Our sales team to manage marketing communications and send You marketing emails. | Data Protection commitments can be found here |
For more information about the listed Third Parties whom we engage for marketing and analytics, follow section “Conducting Customer Surveys and Analytics Campaigns” below.
For more information about Third Parties whom we engage for marketing and analytics via Site, follow Our Cookie Notice.
Interaction with MacPaw
We also receive Personal Data when submitted to our Site or if you participate in a focus group, contest, activity, or event, request support, interact with our social media accounts, or otherwise communicate with MacPaw. We interact with You upon your consent.
All MacPaw account holders will continue to receive transactional messages related to our Product(s), even if you unsubscribe from promotional emails. Transactional messages mean important communication with you that, for example, may concern software setup, payment confirmation, or any updates to our Products and Licenses. The legal basis for sending you transactional messages is the performance of the Terms with You.
VIII. CONDUCTING CUSTOMER SURVEYS AND ANALYTICS CAMPAIGNS
When you use Our Services and Products, we can also use Your Contact data to send you customer and satisfaction surveys. We will use the results of the surveys to improve our Products and Services and deliver You the customized content. By doing so, we rely on your consent.
Google Services. We use Google Analytics and Google Ads, web analysis services provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics and Google Ads also use cookies, i.e., text files that are stored on your computer and enable your use of the website to be analyzed. The information generated by the cookie about your use of this Site is usually transmitted to a Google server in the USA and stored there. On our behalf, Google will use your Personal Data to evaluate your use of the Site, compile reports on Site activity, and provide us, as the website operator, with other services related to website activity and internet usage. Please note, Google Services do not store or process your IP address. To find out more, please visit the Data privacy and security page of Google Analytics service.
Consent and objection: The Google Analytics cookies are stored, and your usage behavior is only tracked if you have previously consented to this tracking. You can revoke this consent at any time with future effect. Users can find details about the cookies used within our online offering, including information about the type and functionality of the cookies, the storage period, and the respective provider, in the Cookie Consent Management Tool we use. You can also prevent the storage of cookies by setting your browser software accordingly. In addition, you can prevent Google from collecting the data generated by the cookies and relating to your use of the website and from processing this data by Google by downloading the browser plug-in available under the Google Add Extensions. The processing of your Personal Data using Google Analytics takes place in conjunction with the consent you have given. Your Personal Data generated by Google Analytics will be deleted after 24 months at the latest or as defined in Cookie Consent Management Tool.
Online marketing/Facebook pixel: We process Personal Data for the purposes of online marketing via the Facebook social network, which includes, in particular, the marketing of advertising space based on Your potential interests and the measurement of its effectiveness. For this purpose, user profiles are created and stored in a file, with the help of which the user information relevant to the display of advertising content is recorded. This information includes, for example, the content viewed, websites visited, online networks used, and technical information such as the browser used, the computer system used, and information about times of use. Note, Facebook does not store or process your IP address.
The information stored in the profiles is usually kept in cookies or using similar technical means for a period of 2 years, unless another term is defined in the banner of our Cookie Consent Management Tool. These cookies can also be read on other websites that use the same online marketing process and analyzed for the purpose of displaying advertising content, as well as supplemented with further data and stored on the server of the online marketing process provider. In exceptional cases, clear data can also be assigned to the profiles. This is the case if the users are members of the Facebook social network and Facebook connects the users' profiles with the aforementioned information. However, the user can make additional agreements with Facebook, for example, by giving consent during registration. We generally only receive access to aggregated information about the success of our advertisements.
With the help of the Facebook pixel, we can determine the Site visitors as a target group for the display of advertisements (so-called “Facebook Ads”). Accordingly, we use the Facebook pixel to display the Facebook ads we place only to those users on Facebook and, if necessary, within the services of partners cooperating with Facebook who have also shown an interest in our online offering or who have certain characteristics (e.g., interest in certain content or products) that we transmit to Facebook (so-called "Custom Audiences"). At the same time, we want to ensure that our Facebook ads correspond to the potential interests of the users and do not appear annoying. Finally, the Facebook pixel allows us to track the effectiveness of Facebook ads for statistical purposes. This enables us to see whether users were redirected to our Site after clicking on a Facebook ad.
Furthermore, when using the Facebook pixel, we use the additional function “extended comparison”. Here, Your email address or Facebook IDs of the users are sent to Facebook to form target groups (“Custom Audiences” or “Look Alike Audiences”) transmitted (encrypted). Further information on “extended comparison” can be found in Custom Audience Privacy Information.
We also use the “Custom Audiences from File” procedure. In this case, your email address as the newsletter recipient is uploaded to Facebook. The upload process is encrypted and used solely to determine recipients of our Facebook ads. We want to ensure that the ads are only shown to users who are interested in our information and services.
Your rights as a data subject are not restricted by the agreements with Facebook.
IX. DURATION OF PERSONAL DATA STORAGE
We have developed and implemented an internal Data Retention and Destruction Policy that governs processing activities and scenarios we have carefully developed for each specific activity, specific terms for keeping your Personal Data, the legal basis we rely on, and justifications, as well as data destruction methods when retention periods expire.
We store your Personal Data:
- For the fulfillment of our contractual obligations and providing services under the Terms of Service we keep your Personal Data during the validity term of the Terms of Service. To find out more, please refer to the Terms of Service
- For the purpose of sending you newsletters, we keep your Personal Data for as long as we retain your consent. You may revoke your consent at any time by clicking “unsubscribe” in the email footer.
- For the fulfillment of tax and accounting obligations in accordance with our legal obligations, we will retain your Personal Data usually for 7 years (depending on the applicable law).
- Cookies data and other log files will be stored until the relevant cookies expire. You can always check the duration of cookie storage in our Consent Management Tool.
- When we process your Personal Data for the purposes of exercising your rights as the data subject and respond to your access requests, we will retain your Personal Data for 5 years.
- When we process your Personal Data for the purpose of establishing, exercising, or defending against legal claims, we will keep it for as long as it is necessary to defend our specific rights and interests, and, in the case of a dispute, until the final execution of the binding decision of the competent supervisory authority.
Upon expiration of data storage, we will securely destroy your Personal Data in accordance with our Data Retention and Destruction Policy and applicable laws and regulations.
If we seek to retain your Personal Data on file on the basis that a further opportunity may arise in the future, we will inform you with notice, seeking your explicit consent to retain your Personal Data for a fixed period on that basis.
If you believe that we are keeping your Personal Data illegally, please send the respective notice request to [email protected]. We will review your request at our earliest convenience and delete your Personal Data unless we are required by law to keep it for a longer period, or unless we can demonstrate legitimate grounds for processing that override your interests, rights, and freedoms. If deletion is impossible, we will securely store your Personal Data and isolate it from any further processing until deletion is permitted.
X. SECURITY AND CONFIDENTIALITY
We are committed to protecting the privacy and security of Your Personal Data. We have recently achieved ISO 27001 certification for Our Product, demonstrating our dedication to maintaining a high standard of information security management. This internationally recognized standard sets requirements for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS).
Here’s how we ensure the security and confidentiality of Your Personal Data:
- Information Security Policies: We have established a comprehensive set of information security policies that guide our data protection practices, which are regularly reviewed and updated to remain effective;
- Access Control: Access to Personal Data is strictly controlled. We employ user authentication, role-based access controls, and encryption to prevent unauthorized access to your Personal Data;
- Data Encryption: Your Personal Data is encrypted both in transit and at rest using industry-standard encryption methods to prevent unauthorized access or disclosure;
- Risk Management: We conduct regular risk assessments to identify potential security threats and vulnerabilities. This proactive approach helps us to implement effective measures to mitigate identified risks.
- Security Awareness and Training: Our employees receive regular training on information security and data protection best practices to ensure they understand the importance of maintaining data privacy.
- Incident Management: We have established a comprehensive incident response plan to quickly and effectively address any security incidents or breaches. This includes processes for detection, containment, investigation, and communication.
- Data Integrity and Accuracy: We implement measures to ensure the accuracy and completeness of Personal Data and prevent unauthorized alterations.
- Physical and Environmental Security: Our data centers and office locations are protected by physical security controls such as access restrictions, surveillance, and environmental controls to safeguard against physical threats.
- Supplier Security and Vendor Check: We assess and monitor our suppliers and vendors to ensure they meet our high standards of data protection and information security
- Regular Audits and Continuous Improvement: As part of our ISO 27001 certification, we conduct regular internal and external audits of our ISMS to identify areas for improvement and ensure ongoing compliance with security standards.
Find our ISO 27001 certification by following this link.
XI. PERSONAL DATA BREACH NOTIFICATION
We have developed a strong Incident Response Plan that, inter alia, in case of a Data Breach, will take all reasonable steps to investigate, contain, and report the Data Breach to you.
If the data breach is likely to result in a high risk to your rights and freedoms, we will communicate the Personal Data breach to you without undue delay via email and instruct you on mitigation measures. In case our communication channel with you is compromised by the incident, we will notify you using media channels, and this Site in particular.
Breaches of this Privacy Notice by staff, contractors, or officers of MacPaw will be dealt with under MacPaw’s internal grievance and disciplinary policy and may lead to a disciplinary sanction.
In some cases, MacPaw may process Personal Data pursuant to a legal obligation or to protect your vital interests or those of another person.
XII. YOUR RIGHTS AS THE DATA SUBJECT
You have the following rights in respect to Your Personal Data, including the right to access, correct, or delete Personal Data We process through Your use of the Site and/or Product(s). You can:
- Have Your Personal Data corrected or deleted. You may ask Us to correct information You think is inaccurate or completely delete all information that We hold about You by emailing: [email protected]
- Access Your Personal Data report by submitting a request at [email protected]. This report will include the Personal Data We have about You, provided to You in a structured, commonly used, and portable format.
- Object to Us processing Your Personal Data. It is Your right to lodge an objection to the processing of Your Personal Data by emailing: [email protected] if You feel the “ground relating to Your particular situation” applies. The only reasons We will be able to deny Your request is if We can show compelling legitimate grounds for the processing, which override Your interest, rights and freedoms, or the processing is for the establishment, exercise or defence of a legal claim.
- Withdraw consent on marketing emails, including when We use Your Personal Data to send You marketing emails. We only send marketing communications to You with Your prior consent, and You may withdraw Your consent at any time by clicking the “unsubscribe” link found within MacPaw emails and changing Your contact preferences. Please note You will continue to receive transactional messages related to Our Product(s), even if You unsubscribe from marketing emails.
- Withdraw consent. This right only exists where We rely on consent as a legal basis to process Personal Data about You (“Consent Withdrawal”).
- Without prejudice to any other administrative or judicial remedy, You have the right to appeal to a supervisory authority if You consider that the processing of Personal Data relating to You is in breach of the applicable laws and regulations. If You’re based in the European Economic Area (EEA) and think that We haven’t complied with data protection laws, You have a right to lodge a complaint with Your local supervisory authority. You can find the list of supervisory authorities via this link.
- Request to know more details about the categories or specific pieces of Personal Data We collect (including how We use and disclose this Personal Data), to delete their Personal Data, to opt out of any “sales” that may be occurring, and to not be discriminated against for exercising these rights.
You may have other rights as may be provided by Data Protection Laws.
You will not have to pay a fee to access Personal Data about You (or to exercise any of the other rights outlined above). However, except in relation to Consent Withdrawal, We may charge a reasonable fee if Your request is clearly unfounded, repetitive, or excessive, or, We may refuse to comply with Your request in these circumstances.
We may need to request specific information from You to help Us confirm Your identity and ensure Your right to access Personal Data about You (or to exercise any of Your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact You to ask You for further information in relation to Your request to speed up Our response.
We try to respond to all legitimate requests within one (1) month (i.e. 30 calendar days). Occasionally it may take Us longer than a month if Your request is particularly complex or You have made a number of requests. In this case, We will notify You and keep You updated.
Data Protection Officer
To communicate with Our Data Protection Officer, please use our dedicated email channel [email protected].
XIII. CALIFORNIA ADDENDUM - FOR RESIDENTS OF CALIFORNIA
This section provides details about rights of California consumers under the California Consumer Privacy Act (“CCPA”) and California’s Shine the Light law. Therefore, this section applies only to residents of California, United States.
- CCPA (CPRA)
In addition to the rights listed above, CCPA provides you with the following rights:
- Right to know what Personal Data is sold or shared and to whom. Under that title, you have the right to request that we disclose to you:
- The categories of Personal Data that we collected about you.
- The categories of Personal Data that we sold or shared about you and the categories of third parties to whom the Personal Data was sold or shared, by category or categories of Personal Data for each category of third parties to whom the Personal Data was sold or shared.
- The categories of Personal Data that we disclosed about you for a business purpose and the categories of persons to whom it was disclosed for a business purpose.
You may request such information by contacting us by e-mailing to [email protected]. Please reference California Privacy Rights in your subject line.
2) The Right to Opt Out of Sale or Sharing and limit Use of Personal Data. We may share certain information about you with our partners for purposes of targeted advertising or data analytics, which could in certain circumstances be characterized as “selling,” “sharing,” or “targeted advertising” under California laws. You have the right to opt-out of such sale/sharing of your Personal Data by contacting us via [email protected].
We will also strive to recognize and process your opt-out preference signal as soon as possible after receiving it.
3) The right not to be discriminated against. Under this title, you have a right not to be discriminated against for exercising any of your rights under the California Privacy Rights Act (CPRA).
b. Access rights under California’s Shine the Light
California also provides its residents with additional access rights. Under Shine the Light law, the residents may ask companies once a year what Personal Data they share with third parties for those third parties' direct marketing purposes. Learn more about what is considered to be Personal Data under the statute.
To obtain this information from us, please send an email message to [email protected], which includes “Request for California Shine the Light Privacy Information” on the subject line and your state of residence and email address in the body of your message. Please be aware that not all information sharing is covered by the “Shine the Light” requirements and only information on covered sharing will be included in our response.
XIV. UK GENERAL DATA PROTECTION REGULATION AND DATA PROTECTION ACT 2018, AS AMENDED BY BREXIT LEGISLATION (“UK GDPR”) ADDENDUM
This section provides details about individuals residing in the United Kingdom and details additional rights they have under the United Kingdom Data Protection Act 2018 (DPA) and the EU General Data Protection Regulation (GDPR) which is retained EU law after Brexit. Therefore, this section applies only to UK residents.
Your Rights and Choices in the UK
As a UK resident, You have several rights in relation to Your Personal Data under this Privacy Notice, including:
- Right to be informed: You have the right to be provided with clear, transparent, and easily understandable information about how we use your Personal Data and your rights. This is why we’re providing you with the information in this Addendum.
- Right of access: You have the right to obtain access to your Personal Data (if we’re processing it) and certain other information (similar to that provided in this Privacy Notice). This is so you’re aware and can check that we’re using your Personal Data in accordance with data protection law.
- Right to rectification: You are entitled to have your Personal Data corrected if it’s inaccurate or incomplete.
- Right to erasure: This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your Personal Data where there’s no compelling reason for us to keep using it. This is not a general right to erasure; there are exceptions.
- Right to restrict processing: You have the right to ‘block’ or suppress further use of your Personal Data in certain circumstances. When processing is restricted, we can still store your Personal Data, but may not use it further.
- Right to data portability: You have the right to obtain and reuse your Personal Data in a structured, commonly used, and machine-readable format in certain circumstances. In addition, where certain conditions apply, you have the right to have such information transferred directly to a third party.
- Right to object to processing: You have the right to object to us processing your Personal Data for our legitimate interests or for direct marketing purposes (including in each case any related profiling).
- Right to withdraw consent: If we have obtained your consent to process your Personal Data for certain activities (for example, for profiling your suitability for certain roles), or consent to market to you, you may withdraw your consent at any time.
- Rights related to automated decision-making and profiling: You have the right not to be subject to a decision when it’s based on automatic processing, including profiling, if it produces a legal effect or similarly significantly affects you, unless such profiling is necessary for entering into, or the performance of, a contract between you and us.
To exercise any of these rights at any time, please contact us using the details in our “Contact Us” section of this Privacy Notice.
In accordance with UK data protection laws, we will handle your request related to these rights with care and in a timely manner. If you are not satisfied with our response, you also have the right to lodge a complaint with the UK’s data protection authority, the Information Commissioner’s Office (ICO). For more information, visit
XV. DATA RETENTION AND ERASURE
We retain your Personal Data for as long as necessary to offer the Product and/or provide the Services you have requested, or for other essential purposes such as complying with our legal obligations, resolving disputes, and enforcing our policies.
Upon your request, and where it is possible, we will delete your Personal Data or anonymise it so that it no longer identifies you, unless, we are legally allowed or required to maintain certain Personal Data, including situations such as:
- If there’s an unresolved issue relating to your Account, such as an outstanding credit on your account or an unresolved claim or dispute we will retain the necessary Personal Data until the issue is resolved;
- Where we are required to retain the Personal Data for our legal, tax, audit, and accounting obligations, we will retain the necessary Personal Data for the period required by applicable law; and/or,
- Where necessary for our legitimate business interests such as fraud prevention or to maintain Your security.
XVI. CHANGES TO PRIVACY NOTICE
We may need to update this Privacy Notice to keep pace with changes in our Site, Product(s), and Services, our business, and the laws applicable to us and you. We will, however, always maintain our commitment to respect your privacy. We will notify you of any material changes that impact your rights under this Privacy Notice by email (to your most recently provided email address) or post any other revisions to this Privacy Notice, along with their effective date, in an easy-to-find area of the Site. Therefore, we recommend that you periodically check back here to stay informed of any changes. Please note that your continued use of MacPaw after any change means that you agree with and consent to be bound by the new Policy. If you disagree with any changes in this Privacy Notice and do not wish your information to be subject to it, you will need to stop using the Site and/or Product(s).
XVII. CONTACT US
You may contact Us with any questions relating to this Privacy Notice by e-mailing to our customer support: [email protected], or to communicate with Our Data Protection Officer, please use our dedicated email channel [email protected].