MIDDLE RABBIT Privacy Policy
(A) This Policy
This Policy is issued by MIDDLE RABBIT (referred to as "we," "us," or "our") and is intended for individuals who are outside our organization, including visitors to our premises, applicants for employment, and customers or vendors. Defined terms used in this Policy are explained in Section (X) below.
We may amend or update this Policy from time to time to reflect changes in our practices or applicable law. We encourage you to read this Policy carefully and check back periodically for any changes we might make.
If you have any questions or concerns about this Policy or our data practices, please contact us as described in Section (V) below.
(B) Collection of Personal Data
We collect or obtain Personal Data about you from the following sources:
Data provided to us: We may collect Personal Data when you register an account with us using your email.
In-person data: We may collect Personal Data during meetings, at trade shows, during visits from sales or marketing representatives, or at events we attend.
Collaborations: We may obtain Personal Data when you collaborate with us in research or in an advisory or consultancy capacity.
Relationship data: We may collect or obtain Personal Data in the ordinary course of our relationship with you, such as when we provide a service to you or your employer.
Publicly available data: We may collect or obtain Personal Data that you make manifestly public, including via social media or when you make a public post about us.
App data: We may collect or obtain Personal Data when you download or use any of our Apps.
Site data: We may collect or obtain Personal Data when you visit any of our Sites or use any features or resources available on or through a Site.
Registration details: We may collect or obtain Personal Data when you use or register to use any of our Sites, Apps, products, or services.
Content and advertising information: If you interact with any third-party content or advertising on a Site or in an App, we may receive Personal Data from the relevant third-party provider of that content or advertising.
Third-party information: We may collect or obtain Personal Data from third parties who provide it to us, such as credit reference agencies or law enforcement authorities.
(C) Creation of Personal Data
We may also create Personal Data about you, such as records of your interactions with us or details of your past interactions with us. We may also combine Personal Data from any of our Sites, Apps, products, or services, even if the data are collected from different devices.
If you have any questions or concerns about our data practices or this Policy, please contact us using the details provided in Section (V) below.
(D)
Personal details:
Demographic information:
Contact details
Consent records:
Purchase details
Payment details: invoice records, payment records, billing address, payment method, bank account number or credit card number, cardholder or account holder name, card or account security details, card 'valid from' date, card expiry date, BACS details, SWIFT details, IBAN details, payment amount, payment date, and records of cheques.
Data relating to our Sites, Apps, and products: device type, device number, model, operating system, hardware and software version, browser type, browser settings, signal intensity, IP address, internet service provider, referring/exit pages, language settings, dates and times of connecting to a Site, device usage statistics, App settings, dates and times of connecting to an
Server logs:
Content and advertising data
Views and
Health data
Cookie data
(E) Sensitive Personal Data (continued)
If we do process Sensitive Personal Data about you, we will do so in accordance with applicable law and this Privacy Policy. We will take appropriate measures to ensure that your Sensitive Personal Data is processed securely and only for the purposes for which it was collected.
We may need to share your Sensitive Personal Data with third parties, such as our service providers or other partners,
If you have any concerns about the processing of your Sensitive Personal Data, please contact us using the details provided at the end of this Privacy Policy.
(F) Personal Data Retention Periods
We retain Personal Data for as long as necessary to fulfil the purposes for which it was collected or obtained, including for the purposes of satisfying any legal, accounting or reporting requirements. The criteria we use to determine the appropriate retention period for different categories of Personal Data includes the following:
The amount, nature, and sensitivity of the Personal Data;
The potential risk of harm from unauthorised use or disclosure of the Personal Data;
The purposes for which we process the Personal Data and whether we can achieve those purposes through other means;
The applicable legal requirements.
In some circumstances, we may anonymise or de-identify your Personal Data so that it can no longer be associated with you, in which case we may use such information without further notice to you.
(G) Disclosure of Personal Data to Third Parties
We may disclose your personal data to other entities within the MIDDLE RABBIT group for legitimate business purposes and for operating our sites, apps, products, or services in accordance with applicable laws. Additionally, we may disclose personal data to:
You and your authorized representatives, where appropriate
Legal and regulatory authorities for the purposes of reporting any actual or suspected breach of applicable law or regulation
Accountants, auditors, consultants, lawyers, and other outside professional advisors to MIDDLE RABBIT, subject to binding contractual obligations of confidentiality
Third-party processors (such as email service providers, marketing service providers, venue operators, payment services providers, shipping companies, postal carriers, etc.) located anywhere in the world, subject to the requirements noted below in this Section (G)
Any relevant party, regulatory body, governmental authority, law enforcement agency or court, to the extent necessary for the establishment, exercise or defense of legal claims
Any relevant party, regulatory body, governmental authority, law enforcement agency or court, for the purposes of prevention, investigation, detection or prosecution of criminal offenses or the execution of criminal penalties
Any relevant third-party acquirer(s) or successor(s) in title, in the event that we sell or transfer all or any relevant portion of our business or assets (including in the event of a reorganization, dissolution, or liquidation)
Any relevant third-party provider, where our sites and apps use third-party advertising, plugins, or content. If you choose to interact with any such advertising, plugins or content, your personal data may be shared with the relevant third-party provider. We recommend that you review that third party’s privacy policy before interacting with its advertising, plugins, or content.
If we engage a third-party processor to process your personal data, the processor will be subject to binding contractual obligations to:
Only process the personal data in accordance with our prior written instructions
Use measures to protect the confidentiality and security of the personal data, together with any additional requirements under applicable law.
(H) Profiling
We use Personal Data for automated decision-making and profiling to offer customized discounts based on your purchasing activity and interests. This may result in discounts that are unique to you and not available to others, and vice versa.
(I) International transfer of Personal Data
As our business operates internationally, we transfer Personal Data within the MIDDLE RABBIT group and to third parties as detailed in Section (G) above, for the purposes outlined in this Policy. This means that Personal Data may be transferred to countries with different data protection laws and requirements, such as China, the EU, the UK, and the US.
If an exemption or derogation applies, we may rely on it, for example, if a transfer is necessary to establish, exercise or defend a legal claim. When we transfer Personal Data outside the UK or the EEA (as applicable) to recipients not in Adequate Jurisdictions and no exemption or derogation applies, we use Standard Contractual Clauses. If you wish to obtain a copy of our Standard Contractual Clauses, please use the contact details provided in Section (Q) below.
Please note that we are not responsible for the transfer of your Personal Data if you send it directly to a MIDDLE RABBIT entity established outside of the UK or the EEA (as applicable). However, we will process your Personal Data in accordance with this Policy, from the point at which we receive it.
(J) Data Security
We have implemented appropriate technical and organizational security measures to protect your Personal Data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure, unauthorized access, and other forms of unlawful or unauthorized processing, in accordance with applicable law.
However, as the internet is an open system, the transmission of information via the internet is not completely secure. While we will implement reasonable measures to protect your Personal Data, we cannot guarantee the security of data transmitted to us over the internet. Any transmission is done at your own risk, and you are responsible for ensuring that your Personal Data is sent securely.
(K) Data Accuracy
We take every reasonable step to ensure that the Personal Data we process are accurate and, where necessary, kept up to date. If we identify any Personal Data that are inaccurate or incomplete, we will rectify or erase them without delay.
From time to time, we may ask you to confirm the accuracy of your Personal Data.
(L) Data Minimization
We take every reasonable step to ensure that the Personal Data we process are limited to what is reasonably necessary for the purposes set out in this Policy.
(M) Data retention
We take reasonable steps to ensure that your Personal Data are only Processed for the minimum period necessary for the purposes set out in this Policy. We will determine the duration for which we will retain your Personal Data based on the following criteria:
(1) We will retain Personal Data for as long as:
(a) we maintain an ongoing relationship with you (e.g., where you are a user of our services, or you are lawfully included in our mailing list and have not unsubscribed); or
(b) your Personal Data are necessary in connection with the lawful purposes set out in this Policy, for which we have a valid legal basis (e.g., where your Personal Data are included in a contract between us and your employer, and we have a legitimate interest in Processing those Personal Data for the purposes of operating our business and fulfilling our obligations under that contract; or where we have a legal obligation to retain your Personal Data).
Plus, the duration of:
(2) any applicable limitation period under applicable law (i.e., any period during which any person could bring a legal claim against
If any relevant legal claims are brought, we will continue to Process Personal Data for such additional periods as are necessary in connection with that claim.
During the periods noted in paragraphs (2) and (3) above, we will restrict our Processing of your Personal Data to storage of, and maintaining the security of, those data, except to the extent that those data need to be reviewed in connection with any legal claim or any obligation under applicable law.
Once the periods in paragraphs (1), (2) and (3) above, each to the extent applicable, have concluded, we will either:
permanently delete or destroy the relevant Personal Data; or
anonymize the relevant Personal Data.
(N) Your Data Protection Rights
Subject to applicable law, you have certain rights regarding the processing of your personal data, including:
The right not to provide your personal data to us, although we may be unable to provide the full benefits of our sites, apps, products, or services without it.
The right to request access to, or copies of, your personal data, as well as information on its nature, processing, and disclosure.
The right to request rectification of any inaccuracies in your personal data.
The right to request erasure or restriction of processing of your personal data on legitimate grounds.
The right to have certain personal data transferred to another controller in a structured, commonly used, and machine-readable format.
The right to withdraw your consent for processing of your personal data, although such withdrawal does not affect prior lawful processing.
The right to lodge a complaint with
(O)
Your use of our sites and services is subject to our Terms of Service. We recommend reviewing our Terms of Service regularly for any updates or changes.
(P) Direct marketing
We process your personal data to contact you via email, direct mail, or other communication formats to provide you with information about our Sites, Apps, products, or services that may be of interest to you. We also process personal data for the purpose of displaying content tailored to your use of our Sites, Apps, products, or services. If we provide you with our Sites, Apps, products, or services, we may send or display information to you regarding our offerings, upcoming promotions, and other information that may be of interest to you, including by using the contact details that you have provided to us, or any other appropriate means, subject always to obtaining your prior opt-in consent to the extent required under applicable law.
You may unsubscribe from our promotional email list at any time by clicking on the unsubscribe link included in every promotional electronic communication we send, or by unsubscribing online at vip@middlerabbit.com. Please note that it may take up to [2 weeks] to process your unsubscribe request, during which time you may continue to receive communications from us. After you unsubscribe, we will not send you any further promotional emails, but in some circumstances, we may continue to contact you to the extent necessary for the purposes of any Sites, Apps, products, or services you have requested.
(Q) Details of Controllers
For the purposes of this Policy, the relevant Controllers are:
Controller Entity Contact Details
If you have any general enquiries or wish to exercise your rights under this Policy, please contact us at vip@middlerabbit.com
(R) Representatives
Each of the controllers listed in Section (Q) above, which are established outside the EEA, has appointed Support Team as its representative for the purposes of Article 27 of the GDPR, where applicable.
Similarly, each of the controllers listed in Section (Q) above, which are established outside the UK, has appointed Support Team as its representative for the purposes of Article 27 of the UK GDPR, where applicable.
(S) Analytics and Personalized Advertising
When you visit our Sites, we may place Cookies on your device or read Cookies that are already on your device, subject to obtaining your consent in accordance with applicable laws. We use Cookies and similar technologies to record information about your device, browser, and in some cases, your preferences and browsing habits. We Process Personal Data through Cookies and similar technologies in compliance with applicable laws.
Third-party Cookies may also be stored on your device when you use our Sites. We have no control over these Cookies or how third parties use them. These Cookies enable third parties to provide us with services such as analytics on the effectiveness of our marketing activities and user behavior.
Most commercial browsers provide tools to disable or remove Cookies, and in some instances, future Cookies may be blocked by selecting certain settings. Since browsers have different functionalities and options, you may need to set them separately. For our web services, you can prevent information collection by not using the relevant web service. You may also exercise specific privacy choices, such as enabling or disabling certain location-based services, by adjusting the permissions in your mobile device or internet browser. To opt-out of Google Analytics Cookies, you may visit https://tools.google.com/dlpage/gaoptout or download the Google Analytics Opt-out Browser Add-on.
You may opt-out of targeted advertising by using the Digital Advertising Alliance ("DAA") AdChoices Program at optout.aboutads.info. For more information about the DAA AdChoices Program, please visit www.youradchoices.com. Additionally, the Network Advertising Initiative ("NAI") has developed a tool that allows consumers to opt-out of certain personalized advertising delivered by NAI members' advertising networks. To learn more about opting out of such targeted advertising or to use the NAI tool, please see https://optout.networkadvertising.org/.
(T) Do Not Track
Most web browsers allow you to send a signal to third-party websites indicating that you do not wish to be tracked. However, we do not currently respond to “do not track” signals. Therefore, third parties may collect information about your online activities over time and across different websites, including our online services, even if you have enabled “do not track” signals.
(U) California Consumer Privacy Act Disclosures
As required by the California Consumer Privacy Act (“CCPA”), we provide information about our data collection, use, and disclosure practices related to the Personal Information of California residents (“Consumers”). Consumers have the right to access, delete, and request that we do not sell their Personal Information. We also describe how Consumers can exercise these rights and provide information on some of the exceptions that may apply. Section (V) below provides additional details on the rights of California residents under the CCPA.
MIDDLE RABBIT Entities Collection and Use of Personal Information
At MIDDLE RABBIT, we collect and use the following general categories of Personal Information about Consumers:
Personal identifiers, such as name, postal address, email address, unique personal identifier, online identifier, Internet Protocol Address, bank account name, social security number, driver’s license number, passport number, or other similar identifiers;
Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies;
Biometric information, including fEQ preferences;
Internet or other electronic network activity information, including browsing history, search history, and information regarding a consumer’s interaction with an Internet website, application, or advertisement;
Geolocation data;
Professional or employment-related information; and
Inferences for use in creating a consumer profile.
We may use the categories of Personal Information described above for the following business or commercial purposes:
To advance a commercial or economic interest (such as by inducing another person to buy, rent, lease, join, subscribe to, provide, or exchange products, goods, property, information or services, or enabling or effecting, directly or indirectly, a commercial transaction)
To defend against or bring legal actions, claims, and other liabilities;
To comply with applicable law and law enforcement requirements;
To audit customer activity (such as counting ad impressions);
To detect security incidents;
To protect against malicious, deceptive, fraudulent, or illegal activity;
To prosecute those responsible for malicious, deceptive, or illegal activity;
To debug to address impairments to operational functionality;
To maintain or service customer accounts;
To provide customer service;
To process or fulfill orders and transactions;
To verify customer information;
To process payments;
To provide advertising or marketing services;
For internal research for technological developments;
To ensure the quality and safety of services or devices; and
To improve the quality and safety of services or devices.
We collect or obtain Personal Information about you on our websites and applications from the following sources:
Data provided to us by consumers and app users: We obtain Personal Information when it is provided to us (e.g., when you create an account, contact us via email or telephone, or by any other means, or when you submit a job application).
Please note that this is subject to change as we continue to update and improve our privacy policies and practices.
Disclosure of Personal Information
We do not sell any Personal Information to third parties, and we do not sell the Personal Information of minors under 16 years of age. In the preceding 12 months, we have disclosed the following categories of Personal Information to the following categories of recipients:
Categories of Recipients Categories of Personal Information
Advertising networks, data analytics providers - Personal Identifiers
Internet Service Providers - Personal Identifiers
Categories of personal information enumerated in Cal. Civ. Code § 1798.80(e)
Vendors who may need access to your Personal Information to help us provide our services - Personal Identifiers
Categories of personal information enumerated in Cal. Civ. Code § 1798.80(e)
Internet or other electronic network activity information
Commercial Information
Payment processors - Personal Identifiers
Categories of personal information enumerated in Cal. Civ. Code § 1798.80(e)
Internet or other electronic network activity information
Commercial Information
The purposes for which we disclose Personal Information are described in more detail in Section (G) above.
Please note that there may be circumstances in which we are required by law to disclose Personal Information, such as in response to a lawful subpoena or court order. In addition, we may disclose Personal Information to protect our rights and property, or to prevent fraud or other illegal activities.
· Consumer Rights under the California Consumer Privacy Act
·
· If you are a consumer, the CCPA grants you the following rights regarding your personal information. To verify your requests to exercise your rights, we may request personal information such as your name, email address, phone number, or postal address. We will respond to your request within 45 days of receiving your verifiable consumer request. Please follow the instructions below to exercise your rights under the CCPA.
·
· Right to Know About Personal Information. Consumers have the right to submit a verifiable consumer request for us to disclose the following in a readily useable format, covering the 12 months preceding the request:
·
· The categories of personal information we collected about you.
· The purposes for which the categories of personal information collected about you will be used.
· The categories of sources for the personal information we collected about
· The categories of
· Our
· The specific pieces
· The categories
· To submit a verifiable consumer request to know, please contact us at: vip@middlerabbit.com.
·
· Right to Request Deletion of Personal Information. Consumers have the right to request that we delete their personal information we have collected or maintained, subject to
·
· To vip@middlerabbit.com.
·
· Right to Opt-Out of Sale of Personal Information. Consumers have the right to opt-out of the sale of their personal information by us to third parties.
·
· To exercise your right to opt-out, please follow the instructions in our “Do Not Sell My Personal Information” page or contact us at: vip@middlerabbit.com.
·
· Non-Discrimination. We will not discriminate against you for exercising any of your CCPA rights. This means that we will not deny you goods or services, charge you different prices or rates for goods or services, provide you with a different level or quality of goods or services, or suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
Right to Request Deletion of Personal Information: Consumers have the right to request that we delete any Personal Information that we have collected from them. However, we are not required to comply with a request to delete where it is necessary for us to retain the Personal Information in order to:
Complete the transaction for which we collected the Personal Information, provide a good or service that you requested,
Detect security
Debug products to identify and repair errors that impair existing intended
Exercise free
Comply with
Eng
Enable
Comply
Make
Verifiable consumervip@middlerabbit.com.
Right to Non-D
Deny
Charge
Provide you
Suggest that you may receive a different rate for goods or services or a difference level or quality of goods or services.
Notice of Financial Incentive: We do not offer financial incentives
Authorized Agent: Under the CCPA, you may appoint an authorized agent to submit requests to exercise your rights on your behalf. Should you choose to do so, for your protection and ours, we will require your authorized agent to provide us with a signed permission demonstrating that they are authorized to submit a request on your behalf. If your authorized agent fails to submit proof that they have been authorized to act on your behalf, we will deny their request.
(V) California's "Shine the Light" Law
Under California's "Shine the Light" law, California residents are entitled to request a notice that describes what categories of personal customer information MIDDLE RABBIT shares with third parties or corporate affiliates for those third parties or corporate affiliates' direct marketing purposes. The notice will identify the categories of information shared and will include a list of the third parties and affiliates with which it was shared, along with their names and addresses. If you are a California resident and would like a copy of this Policy, please submit a written request to vip@middlerabbit.com.
(W) Contact Us
If you have any questions or concerns regarding our Privacy Policy, please do not hesitate to contact us at vip@middlerabbit.com. We are committed to addressing any issues or inquiries promptly and thoroughly.
(X) Definitions
· “Adequate Jurisdiction” means a jurisdiction that has been formally designated by the European Commission as providing an adequate level of protection for Personal Data.
· “California Resident” means (1) every individual who is in the State of California for other than a temporary or transitory purpose, and (2) every individual who is domiciled in the State of California who is outside the state for a temporary or transitory purpose.
· “Cookie” means a small file that is placed on your device when you visit a website (including our Sites). In this Policy, a reference to a “Cookie” includes analogous technologies such as web beacons and clear GIFs.
· “Controller” means the entity that decides how and why Personal Data are Processed. In many jurisdictions, the Controller has primary responsibility for complying with applicable data protection laws.
· “Data Protection Authority” means an independent public authority that is legally tasked with overseeing compliance with applicable data protection laws.
· “EEA” means the European Economic Area.
· “GDPR” means the General Data Protection Regulation (EU) 2016/679.
· “Personal Data” means information that is about any individual, or from which any individual is directly or indirectly identifiable, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual.
· “Personal Information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Personal information includes, but is not limited to, the following if it identifies, relates to, describes, is reasonably capable of being associated with, or could be reasonably linked, directly or indirectly, with a particular consumer or household:
o Personal identifiers,
o Categories of personal information described in Cal. Civ. Code § 1798.80(e);
o Characteristics of protected classifications under California or federal law;
o Commercial information;
o Biometric information;
o Internet or other electronic network activity information;
o Geolocation data;
o Audio, electronic, visual, thermal, olfactory, or similar information;
o Professional or employment related information;
o Education information; and
o Inferences for use in creating a consumer profile.
· “Process”, “Processing” or “Processed” means anything that is done with any Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
· “Processor” means any person or entity that Processes Personal Data on behalf of the Controller (other than employees of the Controller).
· “Profiling” means any form of automated Processing of Personal Data consisting of the use of Personal Data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
· “Relevant Personal Data” means Personal Data in respect of which we are the Controller.
· “Sell” means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to another business or a third party for monetary or other valuable consideration. A business does not sell personal information when:
o A consumer uses or directs the business to intentionally disclose personal information or uses the business to intentionally interact with a third party, provided the third party does not also sell the personal information, unless that disclosure would be consistent with the provisions of this title. An intentional interaction occurs when the consumer intends to interact with the third party, via one or more deliberate interactions. Hovering over, muting, pausing, or closing a given piece of content does not constitute a consumer’s intent to interact with a third party;
o The business uses or shares an identifier for a consumer who has opted out of the sale of the consumer’s personal information for the purposes of alerting third parties that the consumer has opted out of the sale of the consumer’s personal information;
o The business uses or shares with a service provider personal information of a consumer that is necessary to perform a business purposes if both of the following conditions are met:
o The business has provided notice that information being used or shared in its terms and conditions consistent with Section 1798.135 of the CCPA; and
o The service provider does not further collect, sell, or use the personal information of the consumer except as necessary to perform the business purpose; or
The business transfers to a third party the personal information of a consumer as an asset that is part of a merger, acquisition, bankruptcy, or other transaction in which the third party assumes control of all or part of the business provided that information is used or shared consistently with Sections 1798.110 and 1798.115 of the CCPA.
· “Sensitive Personal Data” means Personal Data about race or ethnicity, political opinions, religious or philosophical beliefs, trade union membership, biometric data, physical or mental health, sexual life, any actual or alleged criminal offences or penalties, national identification number, or any other information that are deemed to be sensitive under applicable law.
· “Standard Contractual Clauses” means template transfer clauses adopted by the European Commission or adopted by a Data Protection Authority and approved by the European Commission.
· “Site” means any website operated, or maintained, by us or on our behalf.