Disclosure Regarding Collection and Use of Personal Data

This privacy notice describes how your personal data is collected, used, and shared by Mursion. It also describes the choices you can make about the way we use and share your personal data Please take the time to read and understand this privacy notice so that you can understand how we use your personal data. As we update and expand the Sites, this privacy notice might change, so please review it from time to time.


Notice at Collection

We may collect or process various categories of personal information.  The section directly below titled “The Personal Data We Collect” contains information on the categories of personal data collected. The section titled “Third-Party Collection” contains information about third parties that control the collection of personal data on our behalf. To exercise your rights, please see the section titled “Data Subject Rights.”


The Personal Data We Collect

This privacy notice applies to all personal data that we collect and maintain about our users, including any contact data  or identifying data that we may obtain in connection with the Sites. Personal data is data that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual. We may collect, create, or process various categories of personal data about you when you use or otherwise interact with our Sites. We may collect personal data through a variety of methods, such as through account registration, use of certain product features, requesting service and support for our products and providing such support, participating in an online survey, billing and collecting payments, receiving technical support communication, through improvement of our product features, your request to be added to our mailing lists, documents that you submit to us, transactions in which you may engage with us or through visits that you may make to the Sites.

 

The following categories of personal data we collect are followed by information about their source(s), purpose(s), and disclosure(s), and retention:

 

  • Identifiers, which may include name, postal address, email address, Internet Protocol address, and account name. These are sourced directly from you (e.g., when you create an account with us or request a demo with us) or indirectly from you (e.g., from observing your actions on the Sites). They are used to fulfill or meet the reason you provided the data, to contact you in relation to the Sites, to provide personalized communications such as feedback surveys, to respond to an inquiry, or to screen for potential risk or fraud. We process identifiers for business and commercial purposes related to security, auditing, repairs of the Sites, research, advertising, and marketing. We disclose this data for business purposes to internet service providers and administrative service providers. We retain identifiers for as long as needed to meet the purpose of processing and in accordance with this privacy notice.
  • Commercial data, which may include records of services purchased, obtained, considered, or other purchasing or consuming histories or tendencies. Commercial data is sourced directly from you or indirectly from you. It is used to fulfill or meet the reason you provided the data, to contact you in relation to the Sites, to provide personalized communications such as feedback surveys, to respond to an inquiry, or to screen for potential risk or fraud. We process commercial data for business and commercial purposes related to security, auditing, repairs of the Sites, research, advertising, and marketing. We disclose this data for business purposes to internet service providers and administrative service providers. We retain commercial data for as long as needed to meet the purpose of processing and in accordance with this privacy notice.
  • Sensitive personal data, which may include account log-in in combination with password or credentials allowing access to an account. We may collect account data from you when you use the Sites to use one of our products, programs, or services. Sensitive personal data is sourced directly from you. It is used to fulfill or meet the reason you provided the data, to contact you in relation to the Sites, to provide personalized communications such as feedback surveys, to respond to an inquiry, or to screen for potential risk or fraud. We process sensitive personal data for business and commercial purposes related to security, auditing, repairs of the Sites, research, advertising, and marketing. We do not typically disclose sensitive personal data. In some instances, this data may be used or disclosed to a service provider for additional, specified purposes. However, you have the right to limit the use or disclosure of your sensitive personal data through the “Data Subject Rights” section below. We retain sensitive personal data for as long as needed to meet the purpose of processing and in accordance with this privacy notice.
  • Internet, technical, or other similar network activity, which may include device name, device properties, search history, and operating system data. Additionally, we may use technology to monitor how you interact with the Sites. This may include without limitation which links you click on, data that you type into our online forms, and data about your device or browser. Further, we utilize session replay spyware to monitor and record mouse clicks and movements, keystrokes, pages, simulations, and content viewed by you. Please discontinue use of the Sites if you do not consent to our collection of such data. We source this data directly or indirectly from you (e.g., from observing your actions on the Sites). It is used to fulfill or meet the reason you provided the data, to contact you in relation to the Sites, to provide personalized communications such as feedback surveys, to respond to an inquiry, or to screen for potential risk or fraud. We process internet, technical, or other similar network activity data for business and commercial purposes related to security, auditing, and repairs of the Sites. We disclose internet, technical, or other similar network activity data for business purposes to internet service providers and administrative service providers. We retain internet, technical, or other similar network activity data for as long as needed to meet the purpose of processing and in accordance with this privacy notice.
  • Inferences drawn from other personal data, which may include a profile reflecting a person’s preferences, interests, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. We source this data directly or indirectly from you, (e.g., from observing your actions on the Sites or from observing data you post in a public space on the Sites or on a third-party social media site). It is used to contact you in relation to the Sites, to provide personalized communications such as feedback surveys, to respond to an inquiry, or to screen for potential risk or fraud. We process this data for business and commercial purposes related to security, auditing, and repairs of the Sites. We disclose this data for business purposes to internet service providers and administrative service providers. We retain this data for as long as needed to meet the purpose of processing and in accordance with this privacy notice.
  • Biometric data, which may include video and sound recordings if you participate in our simulation services and give us your consent to do so. We will tell you how we use and store such recordings at the time we request your consent. We source this data directly from you, (e.g., from observing your actions on the Sites). It is used to fulfill or meet the reason you provided the data, to contact you in relation to the Sites, to provide personalized communications such as feedback surveys, or to respond to an inquiry. We do not disclose biometric data to third parties but may provide the biometric data to the individual to use as feedback for the individual’s session. We retain biometric data for as long as needed to meet the purpose of processing and in accordance with this privacy notice and period agreed upon by the individual whose biometric data is processed.
  • Audio, visual, or similar data, which may include data to assist us in providing authentic, immersive artificial intelligence learning experiences. We source this data directly or indirectly from you, (e.g., from observing your actions on the Sites or from observing data you post in a public space on the Sites or on a third-party social media site). It is used to fulfill or meet the reason you provided the data, to contact you in relation to the Sites, to provide personalized communications such as feedback surveys, to respond to an inquiry, or to screen for potential risk or fraud. We process audio, visual, or similar data for business and commercial purposes related to security, marketing, and advertising. We disclose audio, visual, or similar data for business purposes to internet service providers and administrative service providers. We retain audio, visual, or similar data for as long as needed to meet the purpose of processing and in accordance with this privacy notice.
  • Professional or employment-related data, which may include data to assist us in hiring and in providing authentic, immersive artificial intelligence learning experiences to your company. We source this data directly from you. It is used to fulfill or meet the reason you provided the data, to contact you in relation to the Sites, to provide personalized communications such as feedback surveys, to respond to an inquiry, or to screen for potential risk or fraud. We process professional or employment-related data for business and commercial purposes related to security, auditing, repairs of the Sites, research, advertising, and marketing. We disclose professional or employment-related data to internet service providers and administrative service providers. We retain professional or employment-related data for as long as needed to meet the purpose of processing and in accordance with this privacy notice.

 

You have choices about the data we collect. When you are asked to provide personal data, you may decline. However, if you choose not to provide data that is necessary to provide a product or service, you may not be able to use some of our products, programs, or services.


How We Use Your Personal Data

In addition to the forms of use listed above, we use your personal data to provide you with products, programs, or services that you have requested, to respond to questions or communications, and to get in touch with you when necessary. For example, we may use your personal data to communicate with you or to send you data that you have requested. We may send you an email offering products, programs, or services which we think you may be interested in or to ask you to participate in a survey.

Upon request, we will provide you with information about whether we hold any of your personal data. Users who wish to exercise data subject rights may do so either by submitting a request here or by contacting Mursion at security.requests@mursion.com. See our “Data Subject Rights” section below.


How We Share Your Personal Data

We may share or disclose your personal data in the following instances and to the following parties:

  • To fulfill a service to you;
  • With your consent;
  • As may be required by law or as we think necessary to protect our company or others from fraud or injury (e.g. in response to a court order or subpoena, in response to a law enforcement agency request or when we believe that someone is causing (or about to cause) injury to or interference with the rights or property of another);
  • With other persons, service providers or companies with whom we contract to carry out internal site operations or our business activities (for example, sending out a product or a promotional item that you have requested on the Sites); and/or
  • notifying you when we make material changes to one of our subscriber agreements or this privacy notice. We will seek to obtain your consent at the place where the information is collected either by an “opt-in” or “opt-out” method, or by other means (such as sending to you an email)

Use and Disclosure of Aggregate Data

We sometimes use aggregate data to analyze how the Sites are used, as well as to offer you products, programs, or services.


Receipt of Communications; Withdrawal of Consent

If you decide not to receive marketing or promotional emails from us that may relate, for example, to new services or offerings, you may withdraw your consent to receive these communications by emailing us at security.requests@mursion.com to (i) remove your data from our lists; or (ii) change or edit your preferences. You may also use the consent withdrawal mechanism that is contained in a marketing or promotional email.

If you would like to withdraw your consent to receive marketing or promotional postal mail from us, please email us at security.requests@mursion.com or let us know in writing via letter addressed to: Attn: Data Protection Officer, Mursion, Inc., 2443 Fillmore St., Suite 515, San Francisco, CA 94115. For all postal mail requests, please include your name, street address, city, state, and zip code. We cannot accept postal mail requests via telephone or facsimile, nor will we be responsible for notices that are not labeled or sent properly or lack complete information. Please note that we may require processing time, in accordance with applicable law, to fully remove your postal mail data from our mailings.


Other Websites

The Sites may contain links to other websites, including links that are placed there by us, such as third-party products or services or text hyperlinks. Please be aware that we are not responsible for the privacy practices of any other website. We encourage all users of the Sites to be aware of when they leave the Sites, and to read the privacy policies of each and every website that collects personal data. This privacy notice applies solely to data collected by the Sites.


Cookies

We use cookies and other data collection technology to recognize you and/or your device(s) when you use the Sites and collect personal data about you.

What are cookies?

Cookies are small text files that are sent to or accessed from your web browser or your computer’s hard drive. A cookie typically contains the name of the domain (internet location) from which the cookie originated, the “lifetime” of the cookie (i.e., when it expires) and a randomly generated unique number or similar identifier. A cookie also may contain data about your computer or device, such as settings, browsing history and activities conducted while using the Sites.

Mursion also uses “pixels” (sometimes called web beacons). Pixels are transparent images that can collect data about email opens and website usage across websites and over time.

Cookies that Mursion sets on the Sites are called first-party cookies. Cookies set on the Sites by any other party are called third-party cookies. Third-party cookies enable third-party features or functionality on or through the Sites, such as analytics and marketing automation. The parties that set third-party cookies can recognize your device both when you use it to access the Sites and also when you use it to visit certain other websites.

To learn more about cookies generally, visit www.allaboutcookies.org. If you prefer to prevent third-parties from setting and accessing cookies on your computer, you may set your browser to block cookies. Please note, blocking cookies may affect the functioning of the Sites.  Additionally, you may remove yourself from the targeted advertising of companies within the Network Advertising Initiative by opting out here, or of companies participating in the Digital Advertising Alliance program by opting out here.

Some web browsers (including Safari, Internet Explorer, Firefox and Chrome) incorporate a “Do Not Track” (DNT) or similar feature that signals to websites that a user does not want to have his or her online activity and behavior tracked. If a website that responds to a particular DNT signal receives the DNT signal, the browser blocks that website from collecting certain data from the browser cache. Not all browsers offer a DNT option and DNT signals are not yet uniform. For this reason, many website operators, including Mursion, do not yet respond to DNT signals.

Why does Mursion use cookies and other tracking technology?

Some cookies are required for the Sites to operate. Other cookies enable us to track the interests of users for targeted advertising and to enhance the experience of the Sites.

Data collection technology enables Mursion to monitor the traffic patterns from one webpage to another, to deliver or communicate with cookies, to understand whether users visit the Sites after seeing our online advertisement displayed on a third-party website, to improve performance of the Sites and to measure the success of our email marketing campaigns.

Your Cookie Choices

You have the right to decide whether to accept or reject cookies through Mursion’s cookie consent. You can set your browser to refuse all cookies or to indicate when a cookie is set. (Most browsers accept cookies automatically but allow you to disable them but note that some features of the Sites may not work properly without cookies.)

Google Analytics

We also want to make sure you are aware that, where permitted by applicable law, mursion.com uses Google Analytics for targeted advertising (which Google sometimes refers to as ‘remarketing’). Google uses cookies that Google recognizes when consumers visit various websites. The data collected through Google’s cookies helps Mursion analyze how cookies are used and, for the Sites and in some jurisdictions, to personalize marketing communications and digital advertising.

For more information about how Google collects, uses and shares your data, please visit Google’s Privacy Policy and for more information about how Google uses cookies in advertising, please visit Google’s Advertising page.
To prevent Google Analytics from using your data, you can install Google’s opt-out browser add-on. To opt out of ads on Google that are targeted to your interests, use your Google Ads settings.

If you are located in the EEA, Switzerland or UK, please note in particular that, if you allow Google’s cookies in Mursion’s cookie consent, the data generated by those cookies about use of the Sites is transmitted to and stored by Google on servers in the United States.  On behalf of Mursion, Google will use these data to compile reports that help Mursion operate and provide the Sites.


Clickstream Data

As you use the Internet, a trail of electronic data is left at each web site you visit. This data, which is sometimes referred to as “Clickstream Data,” can be collected and stored by a web site’s server. Clickstream Data can tell us the type of computer and browsing software you use and the address of the web site from which you linked to the Sites. We may use Clickstream Data as a form of non-personal data to determine how much time visitors spend on each page of the Sites, how visitors navigate throughout the Sites, how to Improve the Sites, and how we may tailor our web pages to better meet the needs of visitors.


Our Commitment to Security

We have in place the appropriate physical, electronic, and managerial procedures to safeguard and help prevent unauthorized access, maintain data security and correctly use the data we collect. While we implement these and other security measures on our Sites, please note that no data transmissions over the Internet can be guaranteed to be 100% secure. You play a role in protecting your data as well. Consequently, we cannot ensure or warrant the security of any data you transmit to us, and you understand that any data that you transfer to us is done at your own risk.

If we become aware of a breach that affects the security of your personal data, we will provide you with notice as required by applicable law. When permitted by applicable law, Mursion will provide this notice to you through the email address associated with your account or other permitted method associated with your account.

UNAUTHORIZED ACCESS TO PERSONAL DATA AND THE SITES – INCLUDING SCRAPING – IS PROHIBITED AND MAY LEAD TO CRIMINAL PROSECUTION.


Public Posting Areas

Please note that any data you include in a message you post to any public posting area is available to anyone with internet access. If you don’t want people to know your email address, for example, don’t include it in any message you post publicly. PLEASE BE EXTREMELY CAREFUL WHEN DISCLOSING ANY DATA IN PUBLIC POSTING AREAS. WE ARE NOT RESPONSIBLE FOR THE USE BY OTHERS OF THE DATA THAT YOU DISCLOSE IN PUBLIC POSTING AREAS.


Record Retention Policy

We will retain your data for as long as needed to fulfill the purpose for which it is collected and to comply with our legal obligations, resolve disputes, and enforce our agreements.


Reorganization

In the unlikely event of a direct or indirect reorganization process including, but not limited to, mergers, acquisitions, divestitures, bankruptcies, and sales of all or a part of our assets, we may disclose your personal data following completion of such transaction and/or during the assessment process pending transfer. If transferred in such a case, the purchaser will abide by the terms and conditions of this privacy notice.


Financial Incentives

We may offer various financial incentives from time to time. The terms of the financial incentive will be provided at the time you sign up for the financial incentive. You may withdraw from any of the financial incentives. In calculating these offers, we consider the expenses related to the offer and the value of your data.


International Users

If you are visiting the Sites from a location outside of the United States, your connection will be through and to servers located in the United States and all data you provide will be processed and securely maintained in our web servers and internal systems located within the United States. IN ADDITION, IF YOU ARE LOCATED OUTSIDE THE UNITED STATES, YOU SHOULD NOTE THAT YOUR DATA WILL BE TRANSFERRED TO THE UNITED STATES, IN ACCORDANCE WITH LOCAL LAW. We may also transfer your personal data across borders, from your country or jurisdiction to other countries or jurisdictions in accordance with legal requirements.

If your personal data are transferred across borders by Mursion or on Mursion’s behalf, Mursion uses appropriate safeguards to protect personal data. We primarily use European Union Commission Standard Contractual Clauses for data transfers from the European Union, the EEA, and Switzerland to countries outside the EEA. We primarily use the International Data Transfer Agreement for data transfers from the UK to countries outside the UK. For transfers between other jurisdictions, we may rely on other legal mechanisms for international transfer, as appropriate under the relevant law. Users of the Sites located in countries outside of the United States of America who submit personal data do thereby consent to the general use of such data as provided in this privacy notice and to the transfer of that data to and/or storage of the data in the United States of America.


Data Subject Rights

You have certain rights with respect to your personal data as set forth below, based on your residence. For personal data for which Mursion is the data controller, it is also our policy to honor these principles with respect to personal data of individuals residing outside of those jurisdictions.

  • Access: You can request more information about the personal data we hold about you. You can also request a copy of your personal data and the recipients (or categories of recipients) to whom personal data has been or will be disclosed.
  • Rectification or Correction: If you believe that any of your personal data is incorrect or incomplete, you can request that we change or correct the data. You can also correct some of this data directly by logging into your portal account.
  • Nondiscrimination: You have the right to receive equal service and pricing from us, even after exercising your rights.
  • Opt-out of Sale or Sharing: You have the right to opt out of the sale or sharing of your personal data. We do not sell or share personal data, and we do not sell or share the personal data of users under 16. Notably, the cookies and web technologies present on our Sites that qualify as selling or sharing are default to “off;” therefore, you must direct the sale or share by turning such elements on if you choose.
  • Limit the Use of My Sensitive Personal Information. You have the right to limit the use of your sensitive personal data. To exercise your right, please click the following link: Limit the Use of My Sensitive Personal Information.
  • Objection: You can contact us to object to the collection or use of your personal data.
  • Deletion or Erasure: You can request that we erase some or all of your personal data from our systems.
  • Restriction of Processing: You can ask us to restrict further processing of your personal data.
  • Portability: You have the right to ask for a copy of your personal data in a machine-readable format. You can request we transmit the data to another entity where technically feasible.
  • Withdrawal of Consent: If we are processing your personal data based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any time.
  • Right to File Complaint with Data Protection Regulators: You have the right to lodge a complaint about Mursion’s practices with respect to your personal data with the supervisory authority. A list of the supervisory authority of EU Member States is available at https://ec.europa.eu/info/law/law-topic/data-protection/reform/what-are-data-protection-authorities-dpas_en.

If you would like to exercise any of these rights, please contact our Data Protection Officer at security. requests@mursion.com or use the form available at https://www.mursion.com/personal-data-request/.

In your request, please make clear what personal data you would like to have changed, whether you would like to have your personal data suppressed from our database or other limitations you would like to put on our use of your personal data.  For your protection, we may need to verify your identity and geographic residency before fulfilling your request. We will comply with your request as soon as reasonably practicable and within the time periods required by applicable law.

Please note that we often need to retain certain personal data for recordkeeping purposes and/or to complete any transaction that you began prior to requesting a change or deletion. When you provide personal data through the Sites, we maintain your personal data for our records only for as long as necessary to fulfill the purpose for which it is collected and in accordance with legal obligations. We may not delete certain personal data for legal reasons.

To protect your privacy and security, we will take reasonable steps to help verify your identity before granting access or making corrections. In some circumstances, certain California residents may designate an authorized agent to submit requests to exercise certain privacy rights on their behalf. Note that we may deny a request from an authorized agent that does not submit sufficient proof that they have been authorized to act on behalf of another individual.

The legal bases for our processing of your personal data depend on the context in which the personal data is collected and processed. Generally, we only collect personal data when we need the personal data to perform a contract with you, when we have consent to do so (which consent you can withdraw at any time using the contact information above or when the processing is in our legitimate business interests and not overridden by the privacy or other fundamental rights and freedoms of users (such as when we process personal data to prevent fraudulent use of the Sites).

In some cases, we also may have a legal obligation to collect personal data from users. If we ask you to provide personal data to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether providing your personal data is mandatory and the possible consequences if you do not provide your personal data.

Similarly, if we collect and use personal data in reliance on our legitimate interests (or those of any third-party), this interest is typically to provide the Sites and communicate with you about the Sites and for our legitimate commercial interests, such as responding to queries, improving the Sites, advising users about new features or maintenance or undertaking marketing activities. We may have other legitimate interests and if appropriate we will make clear our legitimate interests at the relevant time.

If you have questions about or need further information concerning the legal basis on which we collect and use your personal data, please contact us using the contact details provided below.


Parents

We will not knowingly accept personal data from minors and we do not market our products or services to minors. If you believe that a minor has provided personal data to Mursion, please contact us through the contact methods provided below.


Changes to this Privacy Notice

Because our business needs may change over time, we reserve the right, at our discretion, to modify this privacy notice. We will not reduce the privacy rights granted to users under this privacy notice unless required by law or to protect the legal rights of other users or Mursion. If we modify this privacy notice in a material manner, we will provide advance notice of such changes so that you have an opportunity to review the revised privacy notice before it is effective.  If your consent is required by applicable privacy laws, we will obtain your consent to changes before the revised privacy notice applies to you.


How to Contact Us

If you have any questions or concerns about this privacy notice, you may email Data Protection Officer at security.requests@mursion.com or write to the following address:

Mursion Inc.
Attn: Data Protection Officer

2443 Fillmore Street, Suite 515
San Francisco, CA 94115
Phone: (415) 746-9631 | ext 022