Privacy Policy

Effective Date: 2016/11/28

This Privacy Policy discloses the privacy practices of MaxMind, Inc. (sometimes referred to in this Privacy Policy as "MaxMind", "we", or "us"), in connection with the MaxMind.com website (the "Website") and any features and online services provided by MaxMind that post or include a link to this Privacy Policy (collectively, the "Services"). We have provided this statement of our Privacy Policy to answer your questions about the types of information that we gather and the ways in which we use and share this information.

Please read this Privacy Policy carefully. By visiting and using the Services, you agree that your use of the Services is governed by this Privacy Policy. In addition to our Privacy Policy, your use of the Services is governed by our Terms of Use, which govern in the event of any conflict with this Privacy Policy.

1. SCOPE OF PRIVACY POLICY

This Privacy Policy applies to the MaxMind.com website and any features and online services provided by MaxMind that post or include a link to this Privacy Policy. It does not apply to MaxMind's services that MaxMind's customers may use on their own websites, to other companies' or organizations' sites to which we link, or to companies that MaxMind does not own or control, even if such companies are contractors or business partners of MaxMind.

This Privacy Policy also does not cover how MaxMind customers may treat your information as the use of your information by such parties is governed by the privacy policies of such parties and is not subject to MaxMind's control.

2. INTERNATIONAL TRANSFER, PRIVACY SHIELD, SWISS SAFE HARBOR

MaxMind complies with the EU-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries. MaxMind has certified that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. If there is any conflict between the policies in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/.

MaxMind complies with the US-Swiss Safe Harbor Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from Switzerland. MaxMind has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. If there is any conflict between the policies in this Privacy Policy and the Safe Harbor Privacy Principles, the Safe Harbor Privacy Principles shall govern. To learn more about the US-Swiss Safe Harbor and to view our certification page, please visit http://www.export.gov/safeharbor/.

MaxMind treats personal information – which for purposes of this Section 2 means Personally Identifiable Information (as defined in Section 3 below) that are within the scope of the European Union Data Protection Directive, received by MaxMind in the United States from the European Union, and recorded in any form - as summarized below:

Notice

This Privacy Policy provides notice to you of the types of personal information MaxMind collects from the European Union, European Economic Area, and Switzerland (Section 3), the purposes for which MaxMind collects and uses such personal information (Section 4), types of third parties to which MaxMind discloses such personal information (Section 5), and the purposes for which MaxMind discloses such personal information to third parties (Section 5). MaxMind does not collect or use any sensitive personal data, which is data: (a) that reveals an individual's race, ethnic origin, political opinions, religious, ideological, or philosophical beliefs, trade union membership, views, or activities, (b) concerning health or sexual information, information about social security benefits, or information on criminal or administrative proceedings and sanctions other than in the context of pending proceedings, or (c) that is received from a third party where such third party identifies and treats the information as sensitive personal data pursuant to applicable law.

Choice

MaxMind permits European Union, European Economic Area, and Switzerland data subjects to exercise choice in how their personal information is used by MaxMind or disclosed to third parties other than agents of MaxMind. Details on your right to opt-out of MaxMind's use or disclosure of personal information are set forth in Section 6 of this Privacy Policy.

Accountability for Onward Transfer

When MaxMind transfers personal information of European Union, European Economic Area, and Switzerland data subjects to a third party acting as an agent for MaxMind, it does so for limited and specified purposes and subject to the same level of protection as under the Privacy Shield Principles. MaxMind shall be liable to you for any third party agent to which it transfers your personal information and that processes such personal information in a manner that violates the Privacy Shield Principles, unless it can demonstrate that it is not responsible for the resulting damages.

Security

MaxMind takes reasonable and appropriate measures to protect your personal information from loss, misuse and unauthorized access, disclosure, alteration, and destruction. However, MaxMind does not guarantee that any personal information will be protected in all circumstances, including those beyond its reasonable control.

Data Integrity and Purpose Limitation

MaxMind processes personal information transferred from the European Union, European Economic Area, and Switzerland consistent with the purposes of processing as described in this Privacy Policy or at the time the information is collected and for otherwise compatible purposes such as customer relations, legal obligations, accounting and auditing, security and fraud prevention, or preserving and defending the legal rights of MaxMind or its customers. MaxMind takes reasonable steps to ensure that personal information is relevant to its intended use and is accurate, complete, and current and retained only as long as needed for an intended or compatible purpose.

Access, Amendment, and Deletion

Upon request and in compliance with the Privacy Shield Principles, MaxMind acknowledges the individual’s right to access their personal data and provides European Union, European Economic Area, and Switzerland data subjects reasonable access to their personal information that is held by MaxMind. In the event that such data is deemed by the responsible individual to be inaccurate or incomplete, MaxMind will permit individuals to correct, amend, or delete such data by following the instructions set forth in Section 11 below. However, as noted in one example with respect to MaxMind's treatment of IP addresses in Sections 4 and 6 below, MaxMind may limit access, amendment, or deletion of data as permitted by the Privacy Shield, for example, in the event that the cost or burden or doing so would be prohibitive or could not be done without violating the rights of other individuals. In the event that a request for access, amendment, or deletion is denied, the requesting individual will be notified of the reason for denial and given an opportunity to discuss the matter with MaxMind and/or appeal the decision through the dispute resolution procedures referenced below.

Enforcement

MaxMind is subject to the investigatory and enforcement jurisdiction of the United States Federal Trade Commission in complying with its commitments under the Privacy Shield Principles.

Dispute Resolution

Any inquiries or complaints relating to MaxMind's compliance with Privacy Shield, including any requests for access or correction of personal information, may be addressed to the person identified in Section 11 of this Privacy Policy. MaxMind will investigate and attempt to resolve any inquiries brought to its attention.

MaxMind has further committed to refer unresolved privacy complaints under the EU-US Privacy Shield Principles to BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint. Alternatively you can write directly to the Council of Better Business Bureaus at the address below:

Council of Better Business Bureaus, Inc.
BBB EU Privacy Shield
3033 Wilson Boulevard, Suite 600
Arlington, VA 22201
U.S.A.

Finally and under limited circumstances, in the event your complaint is not resolved through these channels a binding arbitration option may be available for a Privacy Shield Panel.

MaxMind has further committed to refer unresolved privacy complaints under the US-Swiss Safe Harbor to an independent dispute resolution mechanism operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/us/safe-harbor-complaints for more information and to file a complaint.

Limitations

Adherence by MaxMind to these Privacy Shield Principles may be limited to the extent required to respond to a legal or ethical obligation. For example, MaxMind may be required to disclose personal information in a life-threatening emergency or in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.

3. INFORMATION MAXMIND COLLECTS

Information You Provide

We collect information that you voluntarily provide to us while using the Services, such as when you register for or make a purchase of the Services, respond to customer surveys, or communicate with our customer service team. The types of information we may collect include "Personally Identifiable Information," which is information about an identified or identifiable individual, such as your first and last name, telephone number, email address, postal address, and billing information.

The methods by which we may collect Usage Information include:

Cookies, Web Beacons, and Embedded Scripts

The Services use "cookies" and similar technologies, including HTML5 local storage. A cookie is a file stored on your device that may be used to identify an individual as a unique user by storing certain personal preferences and user data. MaxMind uses cookies and other technologies to identify your device, identify authorized users of the MaxMind Account Portal, track affiliate referrals, complete online purchases through MaxMind's shopping carts, and similar Services monitoring activities.

MaxMind may also use web beacons, small graphic images or other web programming code (also known as "1x1 GIFs" or "clear GIFs"), which may be included in our web pages and e-mail messages. Web beacons may be invisible to you, but any electronic image or other web programming code inserted into a web page or e-mail can act as a web beacon. Web beacons or similar technologies may be used for a number of purposes, including, without limitation, to count visitors to the Services, to monitor how users navigate the Services, to count how many e-mails that were sent were actually opened or to count how many particular articles or links were actually viewed.

MaxMind may also use embedded scripts in connection with the provision of its Services. "Embedded scripts" are programming code designed to collect information about your interactions with a website, such as the links you click on, and may assist our customers in providing us with information used to provide the Services. The code is temporarily downloaded onto your device from our web server, our customer's web server, or a third party service provider, is active only while you are connected to the website containing the embedded script, and is deactivated or deleted thereafter.

Log File Information

Your web browser automatically sends information to every website you visit, including ours. For example, our server logs may receive and record information such as the pages you access on the Services, referring URLs, your browser type, your operating system, the date and time of your visit, and the duration of your visit to each page.

User Agent Strings

Log file information may also include a user agent string, a series of characters automatically sent with your Internet requests that provide information necessary for smooth Internet communications, such as the operating system and browser you used. Similar to an IP address, a user agent string, by itself, does not identify you personally. However, when combined with other information, a user agent string might be used to identify the computer originating a message.

Location Data

MaxMind may also request access to or otherwise receive information about your device location when you access the Services. Your location data may be based on your IP address, GPS (global positioning systems) software, geo-filtering, and other location-aware technologies. We use location data in connection with providing the Services and to help improve the Services.

Unique Identification Number

MaxMind may assign your computer or mobile device a unique identification number ("Unique ID") based on log file information when you access the Services. MaxMind may set a cookie on your device containing, amongst other things, the device's Unique ID. MaxMind uses information generated from the Unique ID for purposes of improving our Services, primarily our ability to detect fraud. MaxMind does not share the Unique ID or any associated data with unaffiliated third parties in the traditional sense of sharing. However, some of the services offered by MaxMind, including some that are available through the Services, may require the placement of a snippet of JavaScript on the customer's own website (either by the customer itself or by MaxMind), and that JavaScript collects the information used by MaxMind to create the Unique ID. If the customer uses the MaxMind minFraud service, it may receive back the Unique ID MaxMind associated with the IP address being used in the request made to the minFraud service.

Information MaxMind Receives from Third Parties

MaxMind may receive information about you from third parties. For example, our customers may provide us with certain e-commerce transaction information, which may include IP address, cardholder name, billing and shipping address, email, and phone number. We may combine the information we receive from third parties with information we collect through the Services. If we do so, MaxMind will treat the combined information as Personally Identifiable Information under this Privacy Policy.

4. HOW MAXMIND USES INFORMATION

Providing Our Services

As stated above, MaxMind may use Personally Identifiable Information such as your first and last name, telephone number, email address, postal address, billing information, or other contact information we obtain from you, our customers, or our business partners, for the purposes of providing, enhancing, or improving our IP geolocation, fraud detection, demographic targeting, databases, and other services and products.

Communications with You

MaxMind maintains one or more contact lists (with email addresses and other information) to allow MaxMind to communicate with individuals who do business with MaxMind or who have expressed an interest in the Services. We may contact you to confirm your purchases or respond to requests that you make, notify you of changes to your account or the Services, for marketing purposes, or to otherwise inform you of information related to our business or your account with us. Depending on where you live, you may have certain rights to opt out of the use of your information for marketing purposes, which rights are explained with directions as to how to opt out of such marketing in Sections 6 and 11.

Website Administration and Customization

MaxMind may use the information we collect about you for a variety of website administration and customization purposes. For example, we use your information to process your registration request, provide you with services and communications that you have requested, send you email updates and other communications, customize features and advertising that appear on the Services, deliver the Services content to you, measure Services traffic, measure user interests and traffic patterns, and improve the Services.

Usage of Non-Identifying and De-Identified Information

Non-identifying or de-identified information includes information collected from or about you that does not personally identify you. MaxMind treats IP addresses, log file information, user agent strings, computer IDs, and related information as non-identifying information, except if applicable law or the Privacy Shield principles require us to do otherwise. MaxMind may use non-identifying or de-identified information for any purpose. To the extent that MaxMind combines non-identifying or de-identified information with your Personally Identifiable Information, MaxMind will treat the combined information as Personally Identifiable Information under this Privacy Policy.

Usage of IP Addresses

The MaxMind services, including the minFraud service, use IP addresses to help organizations detect and prevent fraudulent activity. Although MaxMind considers IP addresses to be non-identifying information, consistent with the laws of the United States, MaxMind recognizes that a number of regulators and courts in the European Union consider the IP addresses of data subjects of the European Union to be Personally Identifiable Information. MaxMind will comply with laws applicable to it in the provision of the Services.

Among other things, MaxMind obtains IP addresses and order information (including customer name and billing address) through its minFraud service. MaxMind uses the billing location from this data along with other data to create databases that pair IP addresses with the locations in which they are likely being used, down to a postal code level of resolution.

5. HOW MAXMIND SHARES INFORMATION

Sharing with Our Service Providers

We may provide your information to our third party service providers, contractors, business partners, and advertisers, for the purpose of delivering services to you as well as for purposes related to Services administration and operation, including conducting analytics. When sharing information for the purpose of providing you with the services you request, we will share your Personally Identifiable Information only as necessary for the third party working on MaxMind's behalf to complete its work for us. For example, if you use a credit or debit card to complete a transaction on the Services, we may share your personal information and credit card number with a credit card processing and/or a fulfillment company in order to complete your transaction.

Sharing of Databases

One aspect of MaxMind's products and services is the provision of databases to our customers and other third parties. These databases include information such as IP addresses and corresponding data pertaining to such IP addresses, such as geolocation data, fraud analysis data, and related information. Such databases are compiled using numerous data sources, including information we receive from our customers when individuals make purchases or conduct other transactions with our customers. In addition, we respond to API queries from our customers, and such responses may include information about the level of risk we associate with information about your device or email address, or your Unique ID. By following the directions set forth in Section 6 below, you may opt out of us disclosing the information we have about you in our databases. European Economic Area, and Switzerland data subjects have additional opt out rights, as explained in Section 6 of this Privacy Policy.

Security and Compliance with the Law

We reserve the right to disclose your Personally Identifiable Information to appropriate third parties if we are required to do so by law or we believe that such action is necessary in order (a) to comply with a legal process such as a search warrant, subpoena, or court order; (b) to protect the company's rights and property; (c) to investigate reports of users sending material using a false email address or users sending harassing, threatening, or abusive messages; (d) to protect against misuse or unauthorized use of the Website or Services; or (e) to respond to emergencies, such as when we believe someone's physical safety is at risk.

Non-Identifying and De-Identified Information

MaxMind may share your non-identifying or de-identified information with third parties, including our customers. MaxMind typically shares such non-identifying information for industry analysis, aggregated demographic profiling, and advertising. For example, MaxMind might provide such non-identifying information to an industry analyst who wants to use the information to determine the popularity of various web browsers and operating systems in different geographic areas.

Transfer of Business

Over time, MaxMind may buy or sell various assets. In the event that we sell some or all of our assets, or our company is acquired by another company, our databases and any Personally Identifiable Information we collect may be among the transferred assets.

6. YOUR CONTROL OVER YOUR PERSONAL INFORMATION

Opt-Out of Email Communications

If you are a registered member of the Services, you can make changes to your account information by logging into the Website and modifying your preferences. If you do not wish to receive email notifications from us, you may opt-out by contacting us at info@maxmind.com with your request. In addition, certain email communications we send to you, such as newsletters and promotional announcements, contain a clearly worded "Opt-Out" or "Unsubscribe" link allowing you to withdraw your permission for future mailings. Please note that we reserve the right to send you certain communications relating to your account or use of the Services (for example, administrative and service announcements) and these transactional account messages may be unaffected even if you opt-out from marketing communications.

Opt-Out of Database Sharing

As discussed above in Section 5 of this Privacy Policy, MaxMind may share information we have about you in our databases with our customers and third parties (including but not limited to IP geolocation data we make available through the Services). If you want to opt-out of MaxMind sharing your database information with our customers and third parties, please send your request to legal@maxmind.com or to the address set forth in Section 11, below. This opt-out has several important qualifications:

(a) You will only be able to opt-out to the extent that we can identify information we have about you. It is possible that even after you opt-out our databases will contain some residual information about you.

(b) MaxMind will cease sharing your information in any databases created after your opt-out date. Our customers may continue to have access to legacy database information.

(c) Even if you do opt-out of having us share the information we have about you in our databases, MaxMind must continue to gather, retain, use and share such information for fraud detection purposes. This is because your IP address may be associated with information that we have received from numerous customers.

(d) If you opt-out based on your IP address, MaxMind will process the opt-out only if the IP address is associated with a single individual or household. Many IP addresses are shared by several if not hundreds of devices, and MaxMind cannot process an opt-out for sharing for such IP addresses. Further, since some IP address assignments are subject to change or are dynamic, MaxMind will only process an opt-out for sharing of information related to such an IP address until such time that MaxMind reasonably believes the IP address has been assigned to another device (however, in no event will MaxMind remove such an opt out in a time period of less than one year).

Blocking or Deleting Cookies

You can manually delete cookies, which are normally located in your temporary Internet folder or cookie folder. You can also reset the preferences in your web browser to notify you when you have received a cookie or, alternatively, to refuse to accept cookies. Deleting or blocking cookies will prohibit your ability to make online purchases on the Services and to use and access portions of the Services that require logging in with a username and password, and may affect other functionality.

Additional Information for Residents of Certain States

Consumers in certain jurisdictions of the United States may have a right to access personal information held or shared about themselves. Your right of access can be exercised in accordance with applicable law. Please submit any requests for access to your personal data in writing to our privacy agent indicated at the bottom of this webpage.

Your California Privacy Rights

When California customers provide Personally Identifiable Information to a business, they have the right to request certain disclosures if that business shares Personally Identifiable Information with third parties (and in some cases affiliates) for the third parties' or affiliates' direct marketing purposes. Once per calendar year the customer may request that the business provide a list of companies with which it shares Personally Identifiable Information for those companies' direct marketing purposes, and a list of the categories of Personally Identifiable Information that the business shares. Instead of responding to such requests, however, a company may choose to comply with this law by establishing and publishing on its website a policy of not disclosing a customer's Personally Identifiable Information to such third parties and affiliates unless the customer affirmatively agrees to such disclosures.

MaxMind does not share Personally Identifiable Information as defined under California law with third parties or affiliates for those third parties' or affiliates' direct marketing purposes.

California customers may request information about our compliance with this law by contacting us by e-mail at legal@maxmind.com or by mail at the address set forth in Section 11 below. Any such inquiry must include "California Privacy Rights Request" in the first line of the description and include your name, street address, city, state, and ZIP code. Please note that we are only required to respond to one request per customer each year, and we are not required to respond to requests made by means other than through this email address.

European Privacy Rights

In addition to the opt-out rights set forth above, MaxMind permits European Union, European Economic Area, and Switzerland data subjects the option of choosing to opt-out of: (a) the disclosure of their personal information to third parties, and (b) the use of their personal information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. Individuals residing in the European Union, European Economic Area, and Switzerland and wishing to make an opt-out request should contact MaxMind directly using the information at Section 11, below.

7. THIRD PARTY ANALYTICS; ONLINE TRACKING

MaxMind works with certain third parties (including analytics companies) to provide us with information regarding traffic on and use of the Services. Some of these parties may collect Personally Identifiable Information when you visit the Services or other online websites and services. These third parties may set and access their own tracking technologies (including cookies, embedded scripts, and web beacons) and may otherwise collect or have access to your IP address or other unique identifier, log information, and related information about you. These tracking technologies, including the Google Analytics User ID feature, may be used to assist in providing analytics, marketing, and for other purposes. MaxMind does not control the information collection, use, or sharing practices of third party analytics providers. Some third parties may collect Personally Identifiable Information about your online activities over time and across different websites when you use the Services.

You may exercise choices regarding the use of cookies from Google Analytics by going to https://tools.google.com/dlpage/gaoptout or downloading the Google Analytics Opt-out Browser Add-on.

You may choose whether to receive interest-based advertising by submitting opt-outs. Some of the advertisers and service providers that perform advertising-related services for us and our partners may participate in the Digital Advertising Alliance ("DAA") Self-Regulatory Program for Online Behavioral Advertising. To learn more about how you can exercise certain choices regarding interest-based advertising, visit http://www.aboutads.info/choices, and http://www.aboutads.info/appchoices for information on the DAA's opt-out program for mobile apps. Some of these companies may also be members of the Network Advertising Initiative ("NAI"). To learn more about the NAI and your opt-out options for their members, see http://www.networkadvertising.org/choices/. Please be aware that, even if you are able to opt out of certain kinds of interest-based advertising, you may continue to receive other types of ads. Opting out only means that those selected members should no longer deliver certain interest-based advertising to you, but does not mean you will no longer receive any targeted content and/or ads (e.g., from other ad networks). MaxMind is not responsible for effectiveness of, or compliance with, any third-parties' opt-out options or programs or the accuracy of their statements regarding their programs.

Your browser settings may allow you to automatically transmit a "Do Not Track" signal to websites and online services you visit; however, there is no consensus among industry participants as to what "Do Not Track" means in this context. Like many websites and online services, the Website currently does not alter its practices when it receives a "Do Not Track" signal from a visitor's browser. To find out more about "Do Not Track," you may wish to visit http://www.allaboutdnt.com.

8. SECURITY

MaxMind implements reasonable security measures to secure data. However, no physical or electronic security system is impenetrable. MaxMind cannot guarantee the security of the Service's servers or databases, nor can we guarantee that information you supply will not be intercepted while being transmitted to us over the Internet.

9. POLICY REGARDING CHILDREN

The Services are not intended for use by children under the age of thirteen years old. MaxMind does not knowingly collect information from children under the age of thirteen. If you are a parent or guardian, and believe we have collected information about your child in violation of this policy, please contact us at the address set forth in Section 11 below.

10. CHANGES TO THIS PRIVACY POLICY

We will occasionally update this Privacy Policy in response to changing business circumstances and legal developments. If there are material changes to this Privacy Policy or in how we use your Personally Identifiable Information, we will prominently post such changes prior to implementing the change. We encourage you to periodically review this Privacy Policy to be informed of how we are collecting and using your information.

11. CONTACT FOR ADDITIONAL INFORMATION, OPTING OUT, DATA ACCESS AND CORRECTION, AND DISPUTES

If you have any questions or complaints about this Privacy Policy or our compliance with Privacy Shield, or you wish to exercise your opt-out rights hereunder or access or correct data applicable to you, or you want more information about our participation in the EU-US Privacy Shield or the Swiss-US Safe Harbor, you may email us at legal@maxmind.com or contact us by postal mail at the following address:

Jason Ketola (Privacy Agent)
Legal Department
MaxMind, Inc.
14 Spring Street, Suite 3
Waltham, MA 02451
U.S.A.