Media Network Services AS Privacy Notice AS

Introduction

At Media Network Services AS (“MNS” or “We” or the “Company”), we sincerely care about privacy, security, and transparency; these core elements play a substantial role in our company’s mission. Toward that, this privacy notice (“Notice”) explains several matters including the following:

Relationship with MNS

MNS may have two possible relationships with you. First, if your subscription was purchased directly from MNS, then we are acting as a Controller under European Union definition, and we have responsibilities associated with a Controller’s obligations such as ensuring you have the right to access to your information, the right to correct your information, and many other privileges granted under various regulations.

Second, if your subscription was purchased through a service provider or reseller, they may be acting as the Controller and MNS is acting as the Processor. As such, your service provider or reseller must work with you to access your information, make corrections when you request it, and so on. In that scenario, MNS as the Processor will work with the Controller (your service provider or reseller) to ensure your rights are upheld in a timely manner.

Future Changes to Our Privacy Notice

As our business grows and our Services evolve, this Notice may change, or other privacy notices may be written and posted specific to new offerings or to keep pace with data privacy laws. When changes are substantial, we will first ensure to make you aware of any forthcoming changes by attempting to contact you directly via email, or via our user interfaces, or via indirectly through your service provider or reseller. Should we contact you in the future about privacy notice changes, you can respond in writing to privacy@mns.vc; we want to hear from our customers and answer any questions.

Why We Collect Information

When visiting any of our websites, we use a third-party analytics service called Google Analytics to collect, analyze and tally metrics regarding visitors and behaviour. Analytics collected help us to determine many things, including the quantity of visitors over time, the geographic location from which visitors arrive, timeframes of high and low usage, the sites most frequented, the pages most frequented, and other helpful data. The Company processes data in ways to ensure individual identity is not stored, only anonymous metrics. Furthermore, it is forbidden for Google to determine, or attempt to determine, the identity of individuals visiting our websites.

Information we collect is stated clearly and transparently in this Notice, including an explanation about why we are collecting the information, how we store it, where we store it, with whom it might be shared, the purpose for which it is collected, and how to contact us.

For instance, when a consumer purchases a direct subscription to rec.vc, we must collect various details employing a “know-your-customer” (“KYC”) approach. In this context, we may collect data elements such as name, email address, geographic location, and payment information via third parties such as Shopify and Stripe to complete the transaction. Geographic information is collected for localization (date format, regional settings) as well as regulatory compliance with regulatory authorities.

The personal information you provide to MNS or its service provider is voluntary. If you do not want MNS to store your personal data, the Company and its service providers and resellers will not be able to provide any Services to you, and the service will not be initiated or it will be terminated if personal data is revoked.

Types of Personal Information Collected

The types of personal information we collect depends on the service subscription; different types of information may be collected from a website compared to the types of data collected from our Services. In most cases, the information collected contains:

  • Your name;
  • Your email address which may also be used to subscribe to the Services;
  • Your mailing address, which also helps to identify the region associated with you, the user;
  • Your payment information, which could include your credit card number, expiration date, security code, billing address, and/or banking details;
  • Your MNS service preferences;
  • Your MNS subscription usage history;
  • Your MNS account login credentials;
  • Your demographic details based on user mailing address, but also based on location of access which may change with travel;
  • Your contact details, such as a note or record of a call you make to our support centers, or an email you send to us for service or comment;
  • Your account information, such as the dates of payments made or owed, the subscription service you receive and any other information related to your account;
  • Your photographic images captured by using the Services, and stored for user retrieval;
  • Your video images captured by using the Services, and stored for user retrieval; and
  • Your audio captured by using the Services, and is stored for user retrieval.

There may also be instances when we collect other information related to Service usage (“Usage Data”). Much of this data is employed in aggregate, and anonymized, permitting MNS to compared which features are employed more frequently, and which features less frequently. In some cases, Usage Data may be gathered by the employment automatic data gathering technology such as Google Analytics (previously mentioned) or cookies; see the section regarding cookies to better understand how and why we employ cookies.

At MNS, we may also gather information about the type of computer systems you use, including associated devices such as microphones and video cameras as these are relevant to the Services offered by MNS. The information may also include your IP address, operating system, browser type, language preferences, and other relevant details to help MNS ensure your service is working correctly.

How We Collect Information

There are a few ways we may collect information about you. The information we hold may have come from you directly, we may have collected it automatically, or it may have come from other sources, such as a service provider with whom you purchased our Services.

Information Received from You Directly: When we receive information from you directly, it usually involves your contact details, payment information, information related to the service you request, responses to surveys, requests for help, etc. In those cases, you decide how much information to provide. Certain types of information are baseline in order to enable the service (such as payment details and name). Sources related to information we may have receive directly from you include:

  • This website, as well as affiliate websites owned and operated by MNS, including but not limited to mns.vc, qos.vc, rec.vc, selfie.vc, and ivr.vc (collectively, “Websites” or “Services”);
  • Information in emails, text messages, instant messages from Skype or Spark or other systems, and other electronic messages;
  • Survey information, LinkedIn posts and other blogs;
  • Registration information for a product trial or a subscription service;
  • Subscription information to a newsletter, alerts or other services from us;
  • Information when you take part in a competition, prize, drawing or survey; and
  • Mobile and desktop applications that may be downloaded from MNS websites, Android stores, or Apple stores, which provide interaction between you and MNS websites;

Information Received Indirectly: When you surf our Websites or employ our Services, we receive information and store that information automatically, such as Usage Data. We also receive and store information about your browser or your mobile device. Other types of information may include your IP address, preferred language, operating system, browser type, geographic location using IP geolocation services, Bluetooth information, computer platform, purchase history, URL clickstream, timestamp of activity, history of products viewed, pages visited, products reviewed, etc. We may also choose to log the length of time you spend reviewing a page or the number of times you return to a page, because that information is helpful to us in terms of which products in which you are interested. These activities are normally tracked by cookies or web beacons; more information is available about cookies below.

Information from Other Sources: There may be times when we receive information about you from other sources, such as through a service provider through whom you subscribe to a service. For example, you may purchase a subscription to rec.vc through another company, and that company has provided to MNS your details for service activation. We may also receive information about you through credit agencies or rating agencies, if applicable and if appropriate.

The Purpose for Which MNS Uses Personal Information

There are many reasons why MNS uses your personal data. Some of these include service activation, service support, service billing, service termination, service metrics, and marketing research.

Service Activation: To activate your service, MNS uses your email address as your login identifier that, when validated by your password, provides access to the Services purchased. These two elements are stored and used to access any of the Services offered by MNS.

Service Support: Contact details are stored for MNS to support service requests that may be initiated by you, the customer, through the process of opening a ticket or submitting an inquiry about any Services.

Service Billing: Billing information is necessary to initiate Services, unless the service is a trial of any MNS Services. Billing information may not be necessary if Services are initiated by a service provider.

Service Termination: Your personal information may be used to initiate and complete a service termination request, initiated by you or a service provider.

Service Metrics: Your information may be associated with service metrics, including Services used as well as the frequency, volume and behaviour of Services employed. This enables MNS to focus its development resources on the features and services you find most worthwhile.

Marketing Research: Regarding the Websites you visit, it is helpful to MNS to understand how you arrived to the site, whether from a Google search, a LinkedIn post, an advertisement, or direct access. Measuring which of our marketing activities is the most productive is helpful to MNS regarding future advertising campaigns, and we measure this information in the aggregate to make best use of those efforts.

Sharing Personal Information

At MNS, we respect your privacy and we do not use your personal information in any other way beyond what has been written in this Notice. For instance, we do not sell your information to anyone, including but not limited to third parties for their own marketing use, unless we specifically ask you and receive your consent as required by law.

Consistent with this Notice, we may share your information in these ways:

  • With our internal help desk, to facilitate support you may have requested, so that they may respond to your request;
  • With our billing department and our billing partners, Shopify and Stripe, to facilitate invoicing or to charge your credit card;
  • With authorized service providers or resellers, if your service was initiated through that service provider or reseller, and if we received a service initiation request from that service provider or reseller, so that they may provide ongoing support of the service you have purchased; and
  • In connect with any potential, future acquisition or merger, under nondisclosure, during negotiations of an asset sale or similar transaction which involves due diligence on behalf of a financer or purchaser, provided that such party agrees to use such personal information in a manner equally consistency as this Notice.

We will not share the following information with any third party, and no third party has access to the following information other than your service provider and reseller; this prohibition against MNS sharing the following information means we will not share:

  • Photographic images captured and stored by the Services;
  • Video images captured and stored by the Services;
  • Audio captured and stored by the Services; and
  • Transcripts or summaries from any recorded meetings or conferences or otherwise that may be generated from the audio streams captured by the Services.

Cookies and Similar Technologies

MNS employs cookies which are small text files stored on your computer, smartphone, tablet or other devices to handshake with our Websites and Services. Cookies enable MNS to streamline many functions, including:

  • Facilitating data collection;
  • Storing user preferences;
  • Enabling streamlined sign-in;
  • Providing localization;
  • Combating fraud;
  • Analyzing how our Services are performing; and
  • Providing Internet based advertising.

MNS may also employ web beacons to facilitate the delivery of cookies, gather Usage Data, and collect performance metrics. It is also possible that our Services may employ cookies and web beacons from third-party service providers and resellers.

You have several tools that provide control of the user of cookies and web beacons, including those built into browsers that permit the blocking and deletion of these technologies. You also have the right to opt out of data collection through web beacons and similar technologies. Contact privacy@mns.vc for more information about this topic.

Security Measures at MNS

At MNS, we have security teams actively working to keep your information protected, reviewing our security posture and improving our shield from unauthorized access, accidental loss, disclosure or destruction. Toward this, we employ physical, technical, administrative, and organisational safeguards to protect the personal information we collect and process. Administrative and organisational policies and procedures are documented in the MNS Information Security Management System (ISMS) where appropriate controls are designed to maintain an adequate level of data confidentiality, integrity and availability. We also test the MNS continuity of operations plan supporting our Services, including the core infrastructure and networking components distributed throughout our global data centers.

Third-party auditing is performed by an independent security and compliance firm, ensuring administrative, physical, technical and organisational measures meet compliance requirements. Attestations of compliance are made available independently, along with risk management and technical vulnerability management evidence of practice.

Guiding Principles: At MNS, we maintain the following guiding principles for security and compliance:

  • MNS strives—with security by design—to protect the confidentiality, integrity, and availability of its information assets and those of its clients.
  • MNS complies with all applicable privacy and data protection laws.
  • MNS balances the need for business efficiency with the requirement to protect sensitive, proprietary, or other confidential information from undue risk.
  • MNS extends the least level of privilege to its associates to perform work functions, and restricts access to sensitive, proprietary and confidential information.
  • MNS provides security and compliance training to its employees, recognizing the best line of defense starts with informed and educated personnel.

Risk and Compliance Management

MNS supports an ongoing risk management lifecycle to:

  • identify information security risks;
  • develop procedures, safeguards, and controls;
  • enforce policy; and
  • conduct internal audits to verify safeguards and controls are in place and working properly; and
  • undergo third-party audits across administrative, technical, physical and organisational fronts.

Risk Assessment and Analysis: MNS maintains risk assessment measures to identify information security risks across its IT environment, including application software, databases, operating systems, servers, and other equipment, such as network components and network services. MNS coordinates risk assessment activities that may take several forms and involve third party auditors, including analyses, audits, reviews, vulnerability scans, and penetration testing.

Remediation and Mitigation Plans: MNS maintains and oversees remediation and mitigation plans to address risk assessment findings according to risk levels.

Technical Vulnerability Management: MNS practices ongoing technical vulnerability management, subscribing to vulnerability databases to ensure MNS is aware of vulnerabilities in hardware and software that might arise. MNS also scans its environment for vulnerabilities and employs using an independent firm to test the security posture of MNS service from an external vector and an internal vector. Issues found are noted through an incident management process, ensuring weakness are addressed that keep the MNS security posture strong.  

Commitment to GDPR by MNS

MNS is committed to the highest standards of information security, privacy and transparency. Toward this, MNS complies with the GDPR as both a data controller and a data processor. Additional highlights related to GDPR compliance are as follows:

  • As applicable, Data Processing Agreements are available for customers, service providers and resellers to execute as required to be implemented under EU Regulation 2016/679.
  • As applicable, Standard Contract Clauses are available for customers, service providers and resellers to execute to permit the lawful transfer of EU personal data, ensuring data transfer agreements are in place. For instance, if an American service provider initiates a service request to MNS for an EU individual, and if MNS reports Usage Data back to the service provider from time to time, the reporting activity would be considered a jurisdictional transfer of data from MNS (an EU entity) back to the service provider (an American entity) and a Model Contract Clause or the EU-US Privacy Shield would be necessary data transfer instruments to implement to ensure compliance in such a scenario.
  • MNS third-party vendor contracts meet the requirements of GDPR to lawfully transfer EU personal data to those third parties and permit those third parties to continue to receive and process that data. An example would be ZenDesk, employed for incident management, to ensure end-to-end GDPR compliance should personal data elements be stored in a ZenDesk ticket.
  • MNS policies and procedures ensure data controller and data processor responsibilities are documented and practiced between MNS, its service providers and resellers and its direct enterprise customers.
  • MNS privacy notices ensure transparency regarding consent, right of access, the type of information collected, where it is stored, to where it may be transferred, lawful basis for processing personal data, how to correct personal data, and other elements required by GDPR.
  • MNS maintains a Data Protection Officer who can be contacted at privacy@mns.vc.
  • MNS maintains an EU representative with the Norwegian Data Protection Authority.
  • MNS updates its privacy impact assessment when appropriate per the directive of the Article 29 Working Party.
  • MNS keeps its breach notification procedures updated to ensure readiness to detect, report and investigate any potential data breach.

MNS may be acting as the Controller or the Processor in relation to your data. Either way, MNS commits to ensure all rights for individuals are upheld, including:

  • The right to be informed;
  • The right of access;
  • The right to rectification;
  • The right to erasure;
  • The right to restrict processing;
  • The right to data portability;
  • The right to object; and
  • The right not to be subject to automated decision-making including profiling.

For any questions regarding the MNS commit to GDPR or any processes we follow, please contact privacy@mns.vc.

Data Retention

Consistent with GDPR’s minimalization principle and its limitation principle, we retain data only as long as required to meet business purposes, such as contractual obligations, billing and reporting, taxation purposes, and other relevant reporting and reconciliation purposes. We do not hold data longer than the law permits, ensuring the data retention period is lawfully justified. As a general rule, MNS holds data for the contract term plus twelve months. Once the data retention period is effectuated, data is anonymized for historical trending, capacity management, and other permissible business purposes for which anonymized data is helpful. Further, conferencing recordings are purged, including any backup copies of such recordings.

Data Transfers

If you are located in the European Economic Area (EEA) or Switzerland, MNS provides adequate levels of protection for your data according to regulatory requirements of EU Regulation 2016/679. When applicable, if data (such as Usage Data) needs to be shared with another entity such as your service provider or reseller that may be located outside of the EEA, we provide adequate levels of protection through a series of Standard Contractual Clauses authorized under the European Commission.

National and Regional Laws

MNS hosts its Services from data centers worldwide, and as such, is required to comply with many national laws and regulations wherever data processing occurs. In that regard, this Notice and the MNS practices comply with the obligations set forth in the following general regulations:

  • Australia: Privacy Act 1988 regulating the collection, use and disclosure of personal data, including the amendments of this act which went into effect in March 2014 under the introduction of the Australian Privacy Principles. Australian nationals have a right to lodge a complaint to Office of the Australian Information Commissioner; that office may be contacted at enquiries@oaic.gov.au.
  • Brazil: Article 5, the Federal Constitution of Brazil. MNS ensures compliance with several applicable Sections, including Sections X and XII of the Federal Constitution to protect the inviolability of privacy and private life, as well as guaranteeing the secrecy of correspondence and of telegraphic, data and telephone communications as may be relevant to MNS Services.
  • Canada: the Personal Information Protection and Electronic Documents Act (PIPEDA). Canadians may lodge formal, federal privacy complaints through the Office of the Privacy Commissioner of Canada (OPC) through this link here.
    • Alberta, Canada: Personal Information Protection Act (ABPIPA).
    • British Columbia, Canada: Personal Information Protect Act (BCPIPA).
    • Quebec, Canada: An Act Respecting the Protection of Personal Information in the Private Section (QBPIPA).
  • Germany: the Federal Data Protection Act (BDSG-neu).
  • Hong Kong: the Personal Data Ordinance (Cap. 486 of the Laws of Hong Kong).
  • Japan: the Act of the Protection of Personal Information (Law No. 57 of 2003), or APPI.
  • Norway: the Personal Data Act (PDA) and the Personal Data Regulation (PDR).
  • Singapore: the Personal Data Protection Act (PDPA).
  • South Africa: the Protection of Personal Information Act 2013. South African nationals have the right to lodge a complaint to the Information Regulator to initiate an investigation via Section 99 of the POPI code. The link to this process may be found here.
  • United Kingdom: Data Protection Act 1998 (DPA).
  • European Union Regulation 1996/679 (GDPR).

This Notice also complies with the following sectoral regulations which may be relevant to the Services consumed by some subscribers:

  • The Health Insurance Portability and Accountability Act (HIPAA)(42 U.S.C 1301 et seq)  and the HITECH Act, regarding the regulation of healthcare related information, applicable to data processors in this consideration. If your Service must be HIPAA or HITECH compliant, you must purchase a HIPAA and HITECH compliant subscription to ensure the correct data protection instruments are in place. In this care, it will also be necessary to implement a Business Associate Agreement (BAA); MNS will implement a BAA between itself and the appropriate party, its service providers and resellers.
  • The Buckley Amendment (FERPA) in relation to directory services and personal data should students consume any of the Services. If you Service needs to be FERPA compliant, you must request FERPA compliant services.

Privacy Laws of states in the United States of America have been vetted, and MNS policies and practices take into consideration the requirements of all states, with California leading the way in the privacy arena, having enacted multiple privacy laws, some of which have far-reaching effects at a national level. Some laws have enacted requirements to avoid a security breach such as Massachusetts Regulation (201 CMR 17.00), which prescribes in considerable detail an extensive list of technical, physical and administrative security protocols aimed at protecting personal information that affected companies must implement into their security architecture, and describe in a comprehensive written information security programme. For customers in these states such as California and Massachusetts, MNS meets the requirements imposed.

Children’s Privacy

The MNS website, online content and Services are not directed at children under the age of 13. MNS does not knowingly solicit, collect, use or otherwise disclose the personal information of any nature whatsoever of a person under the age of 13, nor does MNS knowingly allow persons under the age of 13 to utilize any of its Services. In the event that we learn we have collected personal information from a child under the age of 13 without requisite parental consent, we will delete that information as quickly as reasonably possible. If you believe that we have collected information about your child in error, or have questions or concerns about our practices relating to children, please notify us using the Contact Us details and we will promptly respond.

Contact Us Regarding Choice and Your Privacy Rights

If there are questions or comments about this Privacy Notice, please contact us by email at privacy@mns.vc or by call us at +47 2109 5960. You may also write to us at:

Media Network Services AS
Attn: Privacy Office
Karenslyst Allé 8a
0278 Oslo, Norway

At any time, you are permitted under law to receive a copy of the information we hold about you.

If you believe that MNS possesses inaccurate information about you, please contact us and explain the nature of your concern. MNS will research the matter; maintaining accurate data is important to our organisation.

If you want to discontinue receiving marketing messages from us, please click “Unsubscribe” from the latest marketing email sent, or write to privacy@mns.vc and we will ensure your name and email address are removed from any marketing list. You will be opted out of any future communication.

©2018 Media Network Services (MNS). All rights reserved. Privacy Notice.