Last Updated: May 2022
“Personal Data” means any information that can be used, alone or together with other data, to identify any living human being.
1. WHAT PERSONAL DATA WE COLLECT, WHY WE COLLECT IT, AND HOW IT IS USED
1.1. Personal Data of visitors of our website.
1.2. Data entered into a contact form on our website.
The website of Mend allows you to contact us by using a contact form. To do so, you may be required to provide your work email address, the country you are located in and the purpose of your request. Personal data transmitted to Mend in this connection will be used exclusively to process your request. The legal basis for processing this personal data is our legitimate interest to answer your request.
1.3. Data processing in connection with your subscription to our newsletter.
On the website of Mend you may subscribe to our newsletter. To do so, you must provide your email address. Additional information may be provided on a voluntary basis. This information will be used exclusively to send out the newsletter and will not be transferred to any third parties. The legal basis for data processing is your consent. You have the right to revoke your consent at any time by clicking the unsubscribe button in the newsletter, without thereby affecting the lawfulness of data processing that has occurred up until consent is revoked. If consent is revoked, then you will no longer receive the newsletter.
When you subscribe to our newsletter, your IP address and the date and time of subscription and email verification will be collected. These data will be processed exclusively for the purpose of allowing us to reconstruct any possible misuse of your email address. The legal basis for processing of the aforementioned data is a legitimate interest.
Our newsletter contains a so-called “tracking pixel”. A tracking pixel is a miniature image file that is embedded in emails in HTML format. The embedded tracking pixel allows Mend to recognize whether and, if so, when you open the newsletter and on which of the links in the newsletter you click. Data collected via tracking pixels in our newsletters are stored and processed for statistical purposes to optimize the distribution of our newsletter and to tailor the content of future newsletters even more to the interests of the recipient.
Mend offers Business-to-Business Services. Data relating to our business customers that we process for the conclusion, performance and termination of our contract with a Customer (e.g., business name and address, payment information), therefore, are not considered as Personal Data. However, we process certain Personal Data of those individuals who subscribe to a contract or register for our free Service on behalf of a Customer, in particular a work email address.
Mend collects pseudonymized email addresses of a Customer’s Contributing Developers to verify compliance with the licence terms agreed with the Customers. The email addresses are processed solely to determine the number of Contributing Developers attributable to a Customer. The legal basis for processing of this personal data is our legitimate interest.
The website of Mend allows individuals who have been designated by our Customers as users of our Services (“Users”) to create an account and to use our Services, e.g. work on our platforms. If you are a User, to do so, you must provide your first name and last name, your user name, password and work email address to create an account. When you log into your account on our Platform, our systems collect certain information about your activities, such as the time you log in and out, the Services you use and the actions you take on the Services. In the event of a support issue, such as a planned or emergency outage, we may send a notification to your work email address. Some of the actions may be visible in the Mend Dashboard to other users from your organization. The sole purpose of the processing of this Personal Data is to provide our Customers with the Services of Mend. The legal basis for processing this personal data is our legitimate interest to be able to provide our Customers with our Services.
If you subscribe to our Services on behalf of a Customer or if you are a User of our Services, we will also use your email address to inform you periodically about other interesting offers from Mend. If you do not wish to receive such information, you can easily opt-out free of charge by clicking on the unsubscribe link here or at the bottom of any message containing product information from Mend. The legal basis for processing this personal data is our legitimate interest.
2. PERIOD OF STORAGE OF COLLECTED INFORMATION
If you have any questions about our Data Retention Policy, please contact us by email at email@example.com. Additional information about our Data Retention Policy (including non-Personal Data retention) can be found at: https://www.mend.io/data-retention-and-archiving-policy/.
3. DATA LOCATION
3.1. Your Personal Data may be maintained, processed and stored by us and by our authorized affiliates and service providers (defined below) in the U.S., the State of Israel, the UK and other jurisdictions, including the European Union, as necessary for the proper delivery of our Services, or as may be required by applicable law.
3.2. Customers’ data may be stored either in our third-party data hosting facilities located in the U.S. or in the EU based on Customer’s location and preference.
3.3. We have operations in Israel, which offers an adequate level of protection for the Personal Data of EU Member State residents.
4. HOW WE PROTECT YOUR PERSONAL DATA
5. CHANGE OF OWNERSHIP AND CHANGE OF CONTROL
If, in the future, we sell or transfer some or all of our business or assets to a third party, we will (to the minimum extent required) disclose information to a potential or actual third-party purchaser of our business or assets, or in the event of bankruptcy or a comparable event, we reserve the right to transfer or assign Personal Data in connection with the foregoing events. If such an event occurs, the legal basis for processing your Personal Data in this context is either your consent, contract performance or legitimate interests.
6. HOW WE SHARE YOUR PERSONAL DATA
6.1. For certain technical data processing tasks, Mend is assisted by third-party service providers who will receive access to your personal data to provide such services. Those service providers have been carefully selected and meet high data privacy and data security standards. They are subject to strict duties of confidentiality and process data only on behalf and in accordance with the instructions of Mend.
7. DATA WE COLLECT AND RECEIVE FROM THIRD PARTIES
8. LINKS TO AND INTERACTION WITH THIRD PARTY PRODUCTS
9. ADDITIONAL INFORMATION REGARDING TRANSFERS OF PERSONAL DATA
9.1. Internal transfers: We ensure transfers with our approved affiliates are covered by a data protection agreement, which contractually obliges each approved affiliate to ensure that personal data receives an adequate and consistent level of protection wherever it is transferred to. Please find information about the group companies that we share your personal data with here https://www.mend.io/mend-group-companies/.
9.2. External transfers: (for data subjects protected under the GDPR or the UK GDPR) Where we transfer your Personal Data outside of the EU/EEA or the UK respectively to countries for which no adequacy decision of the EU Commission exists, for example to approved affiliates or third parties who help provide our products and services, we will obtain contractual commitments and or assurances from them on the basis of the EU Standard Contractual Clauses Link and or the UK Standard Contractual Clauses to protect your Personal Data.
Where we receive requests for information from law enforcement or regulators, we carefully validate these requests before any personal data is disclosed (see additional information under Section 1 above).
10. YOUR RIGHTS; HOW TO DELETE YOUR ACCOUNT
10.1. Rights. The following rights shall apply to individuals who are protected by the GDPR or the UK GDPR. Some of these rights may also apply under your applicable law.
10.2. You have a right to access personal data held about you. Your right of access may normally be exercised free of charge, however we reserve the right to charge an appropriate administrative fee where permitted by applicable law;
10.3. You have the right to request that we rectify any personal data we hold that is inaccurate or misleading;
10.4. You have the right to request the erasure/deletion of your personal data (e.g., from our records). Please note that there may be circumstances in which we are required to retain your personal data, for example for the establishment, exercise or defense of legal claims or for the provision of Services to our Customers;
10.5. You have the right to object, to or to request restriction, of the processing;
10.6. You have the right to data portability. This means that you may have the right to receive your Personal Data in a structured, commonly used and machine-readable format, and that you have the right to transmit that data to another controller;
10.7. You have the right to withdraw your consent at any time. Please note that there may be circumstances in which we are entitled to continue processing your Personal Data, in particular if the processing is required to meet our legal and regulatory obligations. Also, please note that the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal;
10.8. You have a right to lodge a complaint with your local data protection supervisory authority We ask that you please attempt to resolve any issues with us before you contact your local supervisory authority and/or relevant institution.
10.9. You can exercise your rights by contacting us at firstname.lastname@example.org. Subject to legal and other permissible considerations, we will make every reasonable effort to honor your request promptly or inform you if we require further information in order to fulfill your request. When processing your request, we may ask you for additional information to confirm your identity and for security purposes, before disclosing the Personal Data requested to you. We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive. In the event that your request would adversely affect the rights and freedoms of others (for example, would impact the duty of confidentiality we owe to others) or if we are legally entitled to deal with your request in a different way than initially requested, we will address your request to the maximum extent commercially reasonably possible, all in accordance with applicable law.
10.10. Deleting your account. If you ever decide to delete your Account, you may do so by emailing email@example.com. If you terminate your Account, any association between your Account and information we store will no longer be accessible through your Account. However, in certain portions of the Services, any public activity on your Account relating to such Services will remain stored on our servers (or on third party servers) prior to deletion and will remain accessible to the public.
11. COOKIES AND ANALYTIC TOOLS
Cookies can be blocked or restricted by changing the settings of your browser. Cookies that have already been stored may be deleted at any time. This can also be done automatically. If cookies for the Mend’s website are blocked, then you may no longer be able to fully use all functions of the website.
Cookies are only stored and used to process personal data with your consent and for the purpose of gathering information on how you use our website in order to measure the reach and effectiveness of our services.
Mend also uses a web analytics service (“Analytics Tools”). The Analytics Tools collect information such as how often users visit this site, what pages they visit when they do so, and what other sites they used prior to coming to this Website. We use the information we get from the Analytics Tools to maintain and improve the Website and our products and to improve our Customers’ and Visitors’ experience.
Additional information may be found under our Cookie Management on our website.
12. SPECIFIC PROVISIONS APPLICABLE UNDER CALIFORNIA LAW
12.1. No sale of personal information. We do not sell your personal information for the intents and purposes of the California Consumer Privacy Act (CCPA).
12.2. Access Requests. California Civil Code Section 1798.83 (and other, similar state statutes) permits our customers who are California residents (or residents of states with similar statutes) to request certain information regarding our disclosure of Personal Data to third parties for their direct marketing purposes. To make such a request, please send an email to firstname.lastname@example.org. Please note that we are only required to respond to one request per customer each year.
12.3. Deletion Of Content From California Residents. If you are a California resident under the age of 18 and a registered user, California Business and Professions Code Section 22581 permits you to remove content or Personal Data you have publicly posted. If you wish to remove such content or Personal Data and you specify which content or Personal Data you wish to be removed, we will do so in accordance with applicable law. Please be aware that after removal you will not be able to restore removed content. In addition, such removal does not ensure complete or comprehensive removal of the content or Personal Data you have posted and that there may be circumstances in which the law does not require us to enable removal of content.
12.4. Our California Do Not Track Notice. We do not currently respond or take any action with respect to web browser “do not track” signals or other mechanisms that provide consumers the ability to exercise choice regarding the collection of personal information about an individual consumer’s online activities over time and across third-party web sites or online services. We may allow third parties, such as companies that provide us with analytics tools, to collect personal information, subject to applicable law, about an individual consumer’s online activities over time and across different web sites when a consumer uses the Services.
13. USE BY CHILDREN
We do not offer our products or services for use by children. If you are under 18, you may not use the Website, or provide any information to the Website without the involvement of a parent or a guardian. We do not knowingly collect information from, and/or about children.