Privacy Policy

Updated On: October 23, 2023

This Privacy Policy describes the privacy practices of MaxMind, Inc. (sometimes referred to in this Privacy Policy as "MaxMind", "we", or "us"), in connection with the MaxMind.com website (the "Website") and the geoip-js.com website, any online features and services provided by MaxMind that post a link to this Privacy Policy, and any communications with us (such as phone calls, emails, and webform submissions) (collectively, the "Services").

Please read this Privacy Policy carefully. By visiting and using the Services, you agree that your use of the Services is governed by this Privacy Policy. In addition to our Privacy Policy, your use of the Services is governed by our Terms of Use, which govern in the event of any conflict with this Privacy Policy.

1. SCOPE OF PRIVACY POLICY

This Privacy Policy applies to information we collect where we control the purposes and means of processing. It does not apply to information collected by third parties not on our behalf or information collected in the context of your employment with us. It also does not apply to information we collect on behalf of our customers where our customers control the purposes and means of processing. For details on how our customers process your information, we recommend you review their privacy policies and terms.

You may have additional rights based on your jurisdiction. Please visit the relevant section below for details:

To contact us, please see our contact details set out in Section 11.

For personal data transferred from the European Union, China, the UK, and Switzerland to third countries that do not ensure an adequate level of data protection, we will provide appropriate safeguards, such as through the use of Standard Contractual Clauses and related supplementary measures.

2. INFORMATION MAXMIND COLLECTS

This Section describes the information we collect and how we collect information about you. By information, we mean information relating to an identified or identifiable individual.

Information You Provide When Using the Services

You may provide information directly to us, such as when you register an account, make a purchase of one of our products or services, respond to a customer survey, submit a data correction request, communicate with our customer service team, or apply for a job.

The categories of information we collect from you may include:

  • Contact identifiers, including your first and last name, email address, postal address, billing address, and phone number.
  • Device identifiers, including IP addresses or IP ranges you submit as part of a correction request.
  • Account credentials, including your username and password.
  • Payment information, including your payment instrument number (such as credit or debit card number), expiration date, and security code as necessary to process your payments. This information is processed by our payment processors.
  • Commercial or transactional information, including records of products or services you have purchased, obtained, or considered.
  • Content, including content within any messages you send to us.
  • Professional, employment, or education-related information, including your employment and work history, transcripts, writing samples, references, and other information necessary to consider you for a job at MaxMind.

Please do not provide any information that we do not request.

Information from Your Browser or Device when You Use the Services

When you use the Services, we and third parties we work with automatically collect information from your browser or device.

The categories of information we automatically collect include:

  • Device identifiers, including IP address.
  • Device information, including browser language, time, session age, user agent, etc.
  • Internet activity, including information about your browsing history and interactions, such as the features you use, pages you visit, content you view, purchases you make or consider, date and time of your visit, duration of your visit and referring and exiting pages and URLs.
  • Non-precise location data, such as location derived from an IP address or data that indicates a city or postal code level. For clarity, MaxMind does not request access to or otherwise receive GPS signals from any devices when you access the Services.

The methods by which we collect such information include:

  • Cookies. A cookie is a file stored on your browser that may be used to identify a device by storing certain personal preferences and user data. MaxMind uses cookies for a variety of purposes, including to help make our website work, identify authorized users of the MaxMind Account Portal, track affiliate referrals, complete online purchases through MaxMind's shopping carts, prevent fraud and assist with security, count visitors, and perform measurement and analytics.
  • Web Beacons. Web beacons are small graphic images or other web programming code (also known as "1x1 GIFs" or "clear GIFs"), which may be included in our web pages and email messages. Web beacons may be invisible to you, but any electronic image or other web programming code inserted into a web page or email can act as a web beacon. Web beacons are often associated with cookies and used for similar purposes. Web beacons may also be used to count how many emails that were sent were actually opened or to count how many particular articles or links were actually viewed.
  • Embedded Scripts. Embedded scripts are programming code designed to collect information about a device's interactions with a website, such as the links clicked on. The code is temporarily downloaded onto your device from a server, is active only while you are connected to the website containing the embedded script, and is deactivated or deleted thereafter. Embedded scripts are used for similar purposes as cookies and web beacons.
  • Server Logs. Your web browser automatically sends information to every website you visit, including ours. For example, our server logs may receive and record your device information and internet activity. Our server logs may also receive a user agent string, which is a series of characters automatically sent with your internet requests that provide information necessary for smooth internet communications, such as the operating system and browser you used.

When you interact with our Services, MaxMind may assign your computer or mobile device a unique identification number ("Unique ID"). MaxMind may set a cookie on your device containing, amongst other things, the device's Unique ID. MaxMind uses information generated from the Unique ID for purposes of improving our Services, primarily our ability to detect fraud.

Information Provided through queries to the minFraud Service, GeoIP2 Web Service and GeoLite Web Service by MaxMind's customers

MaxMind is primarily a business-to-business service. When our customers use the minFraud Service, GeoIP2 Web Service and GeoLite Web Service, they send queries to MaxMind that can include information about others who may not have a direct relationship with MaxMind.

minFraud Service-

The minFraud Service helps businesses prevent online fraud by providing risk scoring and risk data related to online transactions. MaxMind’s customers then use this information provided by MaxMind to determine whether to proceed with a transaction.

MaxMind’s customers decide what data to submit to our minFraud Service. The categories of information our customers send to us through the minFraud Service include:

  • Contact identifiers, including first and last name, email address, postal address, billing address, and phone number.
  • Device identifiers including IP address.
  • Device information, including browser language, time, session age, user agent, etc.
  • Payment information, including partial credit card numbers such as the issuer ID number (IIN) and the last digits of a credit card (but not a full credit card number).
  • Commercial or transactional information, including records of products or services you have purchased, obtained, or considered, whether there is a reported chargeback, etc.
  • Custom inputs determined by our customers.
GeoIP2 Web Service and GeoLite Web Service-

MaxMind’s customers submit IP addresses through queries to the GeoIP2 Web Service and GeoLite Web Service and MaxMind returns certain information it has associated with that IP address such as postal code, city, state or country, ISP provider, domain name, connection type (e.g. Cable/DSL/Cellular), whether an IP address is associated with an anonymizer (such as a VPN, Tor Exit, Hosting provider, etc.), and similar data.

We will treat the information in accordance with the practices described in this Privacy Policy to the extent we act as a controller. We will also comply with any additional restrictions applicable to the customer providing the data.

Information from Other Sources

MaxMind also receives information, including the categories of information listed above, from other sources. The categories of other sources from which we receive information include:

  • Our business partners and resellers.
  • Publicly available sources such as open government databases or other data in the public domain.
  • From social media. For example, if you contact us through Twitter or LinkedIn.

We will treat the information in accordance with the practices described in this Privacy Policy, plus any additional restrictions imposed by the source of the data.

Information We Infer

We infer new information from other information we collect, including generating information for the purposes of providing, enhancing, or improving our IP address intelligence and, fraud detection, and other services and products. For example, we generate fraud analysis data for our customers to help detect fraud.

3. HOW MAXMIND USES INFORMATION

We collect and use information for our legitimate interests and for business and commercial purposes in accordance with the practices described in this Privacy Policy. Our purposes for collecting and using information include:

Providing Our Services

MaxMind uses information for the purposes of providing its IP address intelligence, fraud detection, and other services and products.

How MaxMind Uses Information Provided by MaxMind’s customers through queries to the minFraud Service

MaxMind uses data from customer queries submitted to the minFraud Service for the following purposes:

  • To provide services to the customer who sent us the data.We use the data submitted by our customers for the purpose of providing risk scores and to provide additional information or feedback to the customer who sent us the data.
  • To improve our minFraud Service to provide the minFraud Service to other customers. In some instances, we process and aggregate data submitted to the minFraud service and use it to improve the minFraud Service in order to provide other customers with licensed data, more accurate information, robust risk score information and the ability to flag potentially fraudulent activity. For example, if we receive reports of chargebacks from one MaxMind customer that could impact the risk score returned to a different MaxMind customer. Not all data submitted to minFraud is used for this purpose, and for some minFraud customers we do not use any data submitted in queries for this purpose. MaxMind does not use custom inputs provided by our customers to provide services to unrelated customers.
  • To improve our IP address intelligence services. In some instances, MaxMind uses some of the personal data provided through our minFraud Service for the purpose of improving the accuracy of our IP address intelligence services. MaxMind’s IP address intelligence services include our GeoIP Databases, GeoIP2 Web Services, GeoLite Databases and GeoLite Web Services. The IP address intelligence services associate IP addresses with certain information such as a postal code, city, state or country, ISP provider, domain name, connection type (e.g. Cable/DSL/Cellular), whether an IP address is associated with an anonymizer (such as a VPN, Tor Exit, Hosting provider, etc.), and similar data. Our IP address intelligence services are licensed to customers for a variety of purposes, including fraud prevention, geofencing, sanctions compliance, enforcing licensing restrictions, serving advertisements, customizing website content, etc. Not all data submitted to minFraud is used for this purpose, and for some minFraud customers we do not use any data submitted in queries for this purpose.

How MaxMind Uses Information Provided by MaxMind’s customers through queries to the GeoIP2 Web Service and GeoLite Web Service

MaxMind uses the IP addresses submitted to the GeoIP2 Web Service and GeoLite Web Service for the purpose of improving some of our Services, including without limitation the minFraud Service, the GeoIP2 Web Service, GeoLite Web Service and GeoIP Databases.

How MaxMind Uses Information Provided by MaxMind Customers through JavaScript.

MaxMind offers a GeoIP2 JavaScript Client API available to its customers via geoip-js.com and js.maxmind.com. Where a MaxMind customer uses the GeoIP2 JavaScript Client API, MaxMind collects device identifiers, device information (e.g., HTTP headers), provided via geoip-js.com or js.maxmind.com on behalf of the customer, and logs such information only for the purposes of monitoring, alerting, and internal reporting for the specific customer for up to 30 days. MaxMind does not disclose information collected through geoip-js.com or js.maxmind.com among customers.

Some of the Services offered by MaxMind may require a MaxMind customer to place a snippet of JavaScript on the customer's own website (either by the customer itself or by MaxMind), and that JavaScript collects information used by MaxMind to create the Unique ID. If the customer uses the MaxMind minFraud service, it may receive back the Unique ID MaxMind associated with the IP address being used in the request made to the minFraud service.

Communications with You

MaxMind maintains one or more contact lists (with email addresses and other contact identifiers) to allow MaxMind to communicate with individuals who do business with MaxMind or who have expressed an interest in the Services. We may contact you to confirm your purchases or respond to requests that you make, notify you of changes to your account or the Services, for security purposes, for marketing purposes, or to otherwise inform you of information related to our business or your account with us.

Website Administration and Customization

MaxMind uses information for a variety of website administration and customization purposes. For example, we use information to process your registration requests, send you email updates and other communications, customize features, and deliver content to you.

Usage of IP Addresses

The MaxMind services, including the minFraud service, use IP addresses to help organizations detect and prevent fraudulent activity. Among other things, MaxMind obtains IP addresses and order information (including billing address) through its minFraud service. MaxMind uses the billing location from this data along with other data to create databases that pair IP addresses with the locations in which they are likely being used, down to a postal code level of resolution.

Analytics and Improvement

MaxMind uses information to understand trends, usage, and activities, and to improve its products and services.

Correction Requests

If you receive IP geolocation data from us that you believe is incorrect, you can submit a data correction request to us through our website at https://www.maxmind.com/en/geoip-data-correction-request, by email at correction@maxmind.com, or through a secure URL that is set up by your company and that shares IP geolocation data. We use the information you submit to review and respond to your correction request, and update our databases as appropriate. Any data updated within our databases may be used and disclosed in accordance with the practices described in this Privacy Policy.

Database Demos

If you use any of our database demos available at https://www.maxmind.com/geoip-demo, https://www.maxmind.com/locate-my-ip-address, and other parts of our website, we may use the information you submit to provide you with results and update our databases as appropriate. Any data updated within our databases may be used and disclosed in accordance with the practices described in this Privacy Policy.

Security

We use information to prevent, detect, investigate, and address fraud, breach of policies or terms, or threats or harm.

Recruitment

We use information to make decisions about recruiting and in anticipation of a contract of employment.

Consent

We also use information with your consent, including to allow you to participate in our surveys, and to fulfill any other purpose disclosed to you and with your consent or at your direction.

Some of our lawful bases for processing your information stem from our customers on whose behalf we provide services.

MaxMind uses information that does not identify you for any purpose except as prohibited by applicable law. For information on your rights and choices regarding how we use your information, please see Section 6 below.

4. HOW MAXMIND DISCLOSES INFORMATION

We disclose information we collect in accordance with the practices described in this Privacy Policy. The categories of sources to whom we disclose information include:

Service Providers

We provide your information to our service providers, and contractors for the purpose of delivering services to you as well as for purposes related to Services administration and operation, including conducting analytics and helping us with sales tax compliance. When disclosing information for the purpose of providing you with the services you request, we will disclose your information only as necessary for the service provider working on MaxMind's behalf to complete its work for us. For example, if you use a credit or debit card to complete a transaction on the Services, we will disclose your credit or debit card number with a payment processing and/or a fulfillment company in order to complete your transaction.

Databases

One aspect of MaxMind's products and services is the provision of databases to our customers and other third parties, including our business partners and resellers. These databases include information such as IP addresses and corresponding data pertaining to such IP addresses, such as non-precise location data, fraud analysis data, and related information. Such databases are compiled using numerous data sources, including information we receive from our customers when individuals make purchases or conduct other transactions with our customers. In addition, we respond to API queries from our customers, and such responses may include information about the level of risk we associate with information about your device or email address, or your Unique ID

Customers

We may disclose your information to our customers in connection with us processing your information on their behalf. For example, we may disclose your information to our customers to provide them with our products and services, respond to questions and comments, fulfill your requests, and otherwise comply with applicable law.

Vendors and Other Parties

We may disclose your information to vendors and other parties for purposes of providing you with marketing, measuring and improving our Service, and enabling other enhancements. Vendors may act as our service providers, or in certain contexts, independently decide how to process your information.

MaxMind integrates with the service Have I Been Pwned to verify whether your account password has previously appeared in a third party data breach, which may allow MaxMind to evaluate the strength of the password, provide a warning, and/or block the password outright. We are not responsible for the effectiveness or accuracy of their information. For more information on Have I Been Pwned, please visit the website at https://haveibeenpwned.com.

Security and Compliance with the Law

We reserve the right to disclose your information to appropriate third parties if we are required to do so by law or we believe that such action is necessary in order (a) to comply with a legal process such as a search warrant, subpoena, or court order; (b) to protect the company's rights and property; (c) to investigate reports of users sending material using a false email address or users sending harassing, threatening, or abusive messages; (d) to protect against misuse or unauthorized use of the Services; or (e) to respond to emergencies, such as when we believe someone's physical safety is at risk. MaxMind may be required to disclose information in a life-threatening emergency or in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.

Transfer of Business

Over time, MaxMind may buy or sell various assets. In the event that we sell some or all of our assets, or our company is acquired by another company, or during the negotiation of such sale or acquisition, our databases and any information we collect may be among the transferred or negotiated assets.

Consent

We may disclose your information for any other purpose disclosed to you and with your consent or at your direction.

Without limiting the foregoing, in our sole discretion, MaxMind discloses information that does not identify you to third parties, including our customers, for any purpose except as prohibited by applicable law. For information on your rights and choices regarding how we disclose your information, please see Section 6 below.

5. ANALYTICS AND ONLINE TRACKING

MaxMind works with certain third parties (including analytics companies) to provide us with information regarding traffic on and use of the Services. Some of these parties collect information when you visit the Services or other online websites and services. These third parties set and access their own tracking technologies (including cookies, embedded scripts, and web beacons) and may otherwise collect or have access to your IP address or other device identifiers and device information. These tracking technologies, including the Google Analytics User ID feature, may be used to assist in providing analytics and for other purposes. We also use Google services to provide you with in-site search functionality. Google's data practices are set out in its privacy policy available at https://policies.google.com/privacy.

6. YOUR RIGHTS AND CHOICES

We provide a variety of ways for you to control the information we process about you. Please see below for details.

Jurisdictional Rights

Where applicable, you may have additional rights based on your jurisdiction. See your jurisdiction-specific terms for details.

Account Settings

If you are a registered member of the Services, you can make changes to your account information (including email settings) by logging into the Website and modifying your preferences.

Opt-Out of Email Marketing Communications

Certain email communications we send to you, such as newsletters and promotional announcements, contain a clearly worded "Opt-Out" or "Unsubscribe" link allowing you to withdraw your permission for future mailings. You may also opt-out of email marketing communications by contacting us at privacy@maxmind.com with your request. Please note that we reserve the right to send you certain communications relating to your account or use of the Services (for example, administrative and service announcements) and these transactional account messages may be unaffected even if you opt-out from marketing communications.

Opt-Out from Database Disclosures

As discussed above in Section 4, MaxMind may disclose information we have about you in our databases provided to our customers and third parties as part of their use of the GeoIP Services. These services are used by our customers and third parties for security, fraud detection, customizing content for website visitors (including displaying the appropriate language, currency, streaming options, or to block visitors from sanctioned countries or regions), and other similar purposes. Some databases may be used for marketing and advertising purposes for example to serve advertisements in a geographic area. MaxMind's services are not intended to be used for the purpose of locating or identifying a specific individual or household. If you wish for your IP address not to be disclosed in services that may be used for marketing and advertising purposes, you may submit an opt-out by clicking on the Do Not Sell or Share My Personal Information and submitting your request. Please note that your ability to opt-out may be limited under certain circumstances, including where the opt-out adversely affects the rights and freedoms of other natural persons.

Blocking or Deleting Cookies

You can manually delete cookies, which are normally located in your temporary Internet folder or cookie folder. You can also reset the preferences in your web browser to notify you when you have received a cookie or, alternatively, to refuse to accept cookies. Deleting or blocking cookies will prohibit your ability to make online purchases on the Services and to use and access portions of the Services that require logging in with a username and password, and may affect other functionality. When you manage cookies, pixels associated with such cookies may also be impacted. Please note that if you use multiple browsers, you will need to instruct each browser separately. If you delete or reset your cookies, you will need to reconfigure your settings. Your ability to limit cookies is subject to your browser settings and limitations.

Analytics and Do Not Track

Some third parties we work with offer their own opt-out tools related to information collected through cookies. You may exercise choice regarding the use of cookies from Google Analytics by going to https://tools.google.com/dlpage/gaoptout and downloading the Google Analytics Opt-out Browser Add-on.

Your browser or extension may allow you to automatically transmit Do Not Track and other preference signals, and unless required by law, we do not respond to such signals. To the extent you have specific rights in your jurisdiction with respect to certain preference signals, please see your jurisdiction-specific terms for details.

Customer-Related Requests

We acknowledge that you may have rights under applicable law in connection with the information we process on behalf of our customers. If information about you has been processed by us on behalf of a customer and you wish to exercise any rights you have with such information, please inquire with our customer directly. If you wish to make your request directly to us, please provide the name of our customer on whose behalf we processed your information. We will refer your request to that customer, and will support them to the extent required by applicable law in responding to your request.

7. INTERNATIONAL TRANSFER

We are based in the U.S. and the information we collect is governed by U.S. law. If you are accessing the Services from outside of the U.S., please be aware that information collected through the Services may be transferred to, processed, stored, and used in the U.S. and other jurisdictions. Data protection laws in the U.S. and other jurisdictions may be different from those of your country of residence. Your use of the Services or provision of any information therefore constitutes your consent to the transfer to and from, processing, usage, and storage of your information in the U.S. and other jurisdictions as set forth in this Privacy Policy. For personal data transferred from the European Union, China, the UK, and Switzerland to third countries that do not ensure an adequate level of data protection, we will provide appropriate safeguards, such as through the use of Standard Contractual Clauses and related supplementary measures.

8. SECURITY AND RETENTION

MaxMind implements reasonable administrative, physical, and technical security measures to help protect your data from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction. However, no physical or electronic security system is impenetrable. MaxMind cannot guarantee the security of the Services' servers or databases, nor can we guarantee that information you supply will not be intercepted while being transmitted to us over the Internet.

We retain each category of information for the length of time that is reasonably necessary for the purpose for which it was collected, and as necessary to comply with our legal obligations, resolve disputes, prevent fraud, and enforce our agreements.

9. POLICY REGARDING CHILDREN

The Services are not intended for use by children. MaxMind does not knowingly collect information from children under the age of sixteen. If you are a parent or guardian, and believe we have collected information about your child in violation of this policy, please contact us at the address set forth in Section 11 below.

10. CHANGES TO THIS PRIVACY POLICY

We will occasionally update this Privacy Policy in response to changing business circumstances and legal developments. If there are material changes to this Privacy Policy or in how we use your information, we will prominently post such changes prior to implementing the change. We encourage you to periodically review this Privacy Policy to be informed of how we are collecting and using your information.

11. CONTACT US

If you have any questions about or trouble accessing this Privacy Policy, please contact us:

By email: privacy@maxmind.com

By mail:

Privacy Agent
Legal Department
MaxMind, Inc.
51 Pleasant Street #1020
Malden, MA 02148
U.S.A.

For residents of the EU and UK, Brazil-specific requests, and China-specific requests our Data Protection Officer may be reached at:

By email: dpo@maxmind.com

By mail:

Data Protection Officer
MaxMind, Inc.
51 Pleasant Street #1020
Malden, MA 02148
U.S.A.

General Data Protection Regulation (GDPR) - European Representative

Pursuant to Article 27 of the General Data Protection Regulation (GDPR), MaxMind has appointed European Data Protection Office (EDPO) as its GDPR Representative in the EU. You can contact EDPO regarding matters pertaining to the GDPR:

UK General Data Protection Regulation (GDPR) - UK Representative

Pursuant to Article 27 of the UK GDPR, MaxMind has appointed EDPO UK Ltd as its UK GDPR representative in the UK. You can contact EDPO UK regarding matters pertaining to the UK GDPR:

12. CALIFORNIA

The California Privacy Rights Act ("CPRA") provides additional rights to California residents. This section addresses those rights and applies only to California residents. Terms have the meaning ascribed to them under CPRA unless otherwise stated.

Notice at Collection

At or before the time of collection of your personal information, you have a right to receive notice of our data practices. Our data practices are as follows:

  • For the categories of personal information we have collected in the past 12 months, see the Information MaxMind Collects section above.
  • For the categories of sources from which personal information is collected, see the Information MaxMind Collects section above.
  • For the specific business and commercial purposes for collecting and using personal information, see the How MaxMind Uses Information section above.
  • For the categories of third parties to whom information is disclosed, see the How MaxMind Discloses Information section above.
  • For the criteria used to determine the period of time information will be retained, see the Security and Retention section above.

Some of our disclosures of personal information may be considered a "sale" or "share" as those terms are defined under CPRA. A "sale" is broadly defined under the CPRA to include a disclosure for something of value, and a "share" is broadly defined under CPRA to include a disclosure for cross-context behavioral advertising. MaxMind collects, sells, and shares the following categories of personal information for commercial purposes: contact identifiers, commercial or transactions information, device identifiers, device information, internet activity, non-precise geolocation data, and inferences drawn from any of the above. The categories of third parties to whom we may sell or share your personal information include, where applicable, vendors, business partners and customers. We do not knowingly "sell" as defined by the CPRA the personal information of minors under 16 years old who are California residents. For details about your rights regarding sales and shares, please see the "Right to Opt-Out of Sales and Sharing" section below.

Right to Know, Correct, and Delete

You have the right to request the following from us:

  • The categories of personal information we have collected about you;
  • The categories of sources from which the personal information was collected;
  • The categories of personal information about you we disclosed for a business purpose or sold or shared;
  • The categories of third parties to whom the personal information was disclosed for a business purpose or sold or shared;
  • The business or commercial purpose for collecting or selling or sharing the personal information; and
  • The specific pieces of personal information we have collected about you.

In addition, subject to exceptions, you have the right to correct or delete the personal information we have collected from you.

To exercise any of these rights, please submit a request through our online forms available at Right to Know: /en/ccpa/right-to-know, Correction Request: https://www.maxmind.com/en/geoip-data-correction-request, and Right to Delete: https://www.maxmind.com/en/data-deletion-and-verification, or call our toll free number at 1-844-802-0220. If you have an account with us, we may require you to use the account to submit the request. In the request, please specify which right you are seeking to exercise and the scope of the request. We will confirm receipt of your request within 10 days and respond to your request within 45 days. We may require specific information from you to help us verify your identity and process your request. If we are unable to verify your identity, we may deny your request.

If personal information about you has been processed by us as a service provider on behalf of a customer and you wish to exercise any rights you have with such personal information, please inquire with our customer directly. If you wish to make your request directly to us, please provide the name of our customer on whose behalf we processed your personal information. We will refer your request to that customer, and will support them to the extent required by applicable law in responding to your request.

Right to Opt-Out of Sales and Sharing

To the extent MaxMind sells or shares your personal information as those terms are defined under the CPRA, you have the right to opt-out of the sale or sharing of your personal information, which you can exercise (i) by clicking Do Not Sell or Share My Personal Information or (ii) by turning on a recognized opt-out preference signal, such as Global Privacy Control ("GPC") in your browser or extension. If MaxMind detects a GPC signal in your browser or extension MaxMind will treat that as a request to opt-out of the sale or sharing of any personal information collected from your browser, but MaxMind will not opt your IP address out of our services unless you submit the webform located at Do Not Sell or Share My Personal Information.

To the extent "sale" under the CPRA is interpreted to include the disclosure of MaxMind's databases as set out in the "How MaxMind Discloses Information" section MaxMind will comply with applicable law as to such activity. Please note that where we use and disclose personal information for purposes related to security, fraud detection, and other similar purposes, some of your rights may be limited to the extent that they adversely affect the rights and freedoms of other natural persons.

Authorized Agent

You can designate an authorized agent to submit requests on your behalf. Requests must be submitted through the designated methods listed above. Except for opt-out requests, we will require written proof of the agent's permission to do so and verify your identity directly.

Right to Non-Discrimination

You have the right not to receive discriminatory treatment by us for the exercise of any of your rights.

Shine the Light

California's "Shine the Light" law permits customers who are California residents to request certain details about how a business shares their personal information as defined by "Shine the Light" with third parties (and in some cases affiliates) for those third parties' or affiliates' own direct marketing purposes. California customers may request information about our compliance with this law by contacting us by email at california-privacy@maxmind.com or by mail at the address set forth in Section 11 above. Any such inquiry must include "California Privacy Rights Request" in the first line of the description and include your name, street address, city, state, and ZIP code. Please note that we are only required to respond to one request per customer each year, and we are not required to respond to requests made by means other than through this email or mail address.

13. NEVADA

Nevada law requires certain businesses to establish a designated request address where Nevada consumers may submit requests directing the business not to sell certain kinds of personal information that the business has collected or will collect about the consumer. A sale under Nevada law is the exchange of personal information for monetary consideration by the business to a third party for the third party to license or sell the personal information to other third parties. If you are a Nevada consumer from whom MaxMind has collected personal information and you wish to submit a request relating to our compliance with Nevada law, please contact us at nevada-privacy@maxmind.com. You may also submit a request to opt-out by clicking Do Not Sell My Personal Information.

14. COLORADO, CONNECTICUT, UTAH AND VIRGINIA

These additional rights and disclosures apply only to residents of Colorado, Connecticut, Utah and Virginia. Terms have the meaning ascribed to them in the Colorado Privacy Act ("CPA"), the Connecticut Data Privacy Act ("CTDPA"), the Utah Consumer Privacy Act ("UCPA") and the Virginia Consumer Data Protection Act ("VCDPA"), as applicable.

Data Subject Rights

You have the following rights under applicable law in your region:

  • To confirm whether or not we are processing your personal data
  • To access your personal data
  • To correct inaccuracies in your personal data
  • To delete your personal data
  • To obtain a copy of your personal data that you previously provided to us in a portable and readily usable format

To exercise any of the above rights, please submit a request through our online forms available at Right to Know: https://www.maxmind.com/ccpa/right-to-know, Correction Request: https://www.maxmind.com/en/geoip-data-correction-request, and Right to Delete: https://www.maxmind.com/en/data-deletion-and-verification, or call our toll free number at 1-844-802-0220. We will respond to your request within 45 days. If you have an account with us, we may require you to use the account to submit the request. We may require specific information from you to help us confirm your identity and process your request.

Some of the services we license to our customers could be used by our customers or others in furtherance of decisions that produce legal or similarly significant effects concerning you. For example, personal data processed through the minFraud service or personal data we license through GeoIP could be used by our customers in this way. To opt out of our processing of personal data in furtherance of decisions that produce legal or similarly significant effects concerning you, please follow the instructions for submitting an opt-out request under the "Right to Opt-Out of Processing for Targeted Advertising or Sales" section below. MaxMind will comply with applicable law as to such activity. Please note that where we use and disclose personal data for purposes related to security, fraud detection, and other similar purposes, some of your rights may be limited to the extent that they adversely affect the rights and freedoms of other natural persons.

If personal data about you has been processed by us as a processor on behalf of a customer and you wish to exercise any rights you have with such personal data, please inquire with our customer directly. If you wish to make your request directly to us, please provide the name of our customer on whose behalf we processed your personal data. We will refer your request to that customer, and will support them to the extent required by applicable law in responding to your request. For requests relating to our customers' processing of personal data in furtherance of decisions that produce legal or similarly significant effects concerning you, please inquire with our customers directly.

Right to Opt-Out of Processing for Targeted Advertising or Sales

You also have the right to opt out of the processing of personal data for purposes of targeted advertising, or the sale of personal data. You can exercise these rights (i) by visiting by clicking Do Not Sell My Personal Information or (ii) by turning on a recognized opt-out preference signal, such as GPC in your browser or extension. If MaxMind detects a GPC signal in your browser or extension MaxMind will treat that as a request to opt-out of any personal data collected from your browser, but MaxMind will not opt your IP address out of our services unless you submit the webform located at Do Not Sell My Personal Information.

To the extent "sale" under these laws is interpreted to include the disclosure of MaxMind's databases as set out in the "How MaxMind Discloses Information" section MaxMind will comply with applicable law as to such activity. Please note that where we use and disclose personal data for purposes related to security, fraud detection, and other similar purposes, some of your rights may be limited to the extent that they adversely affect the rights and freedoms of other natural persons.

Authorized Agent

You can designate an authorized agent to submit requests on your behalf. Requests must be submitted through the designated methods listed above. Except for opt-out requests, we will require written proof of the agent's permission to do so and may verify your identity directly.

Appeal

If we refuse to take action on a request, you may appeal our decision within a reasonable period time by contacting us at privacy@maxmind.com and specifying you wish to appeal. Within 60 days of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, you may submit a complaint as follows:

15. EUROPE AND THE UNITED KINGDOM

Roles

EU and UK data protection laws make a distinction between organizations that process personal data for their own purposes (known as "controllers") and organizations that process personal data on behalf of other organizations (known as "processors").

MaxMind, located at the address set forth in Section 11 above, generally operates as a processor on behalf of its customers that use the MaxMind's services. The MaxMind customer, the controller, determines the purposes and means of the processing of personal data. Specifically, MaxMind's customer decides what personal data to share with MaxMind in order for MaxMind to provide the customer with robust risk score information, certain licensed data, the ability to flag potentially fraudulent activity, and other services as purchased by the customer. Please visit the applicable customer's privacy policy for information about their privacy practices.

MaxMind also operates as a controller with respect to certain of its services and/or databases. For example, MaxMind operates as a controller in connection with personal data collected from visitors through its website, including through data correction requests. Also, when MaxMind combines personal data from different customers, like many kinds of analytics services, it may do this both as a processor at its customers' instruction and as a controller itself for the purpose of providing services to all of its customers. For example, MaxMind may process and aggregate or otherwise de-identify some of the personal data that a customer shares with MaxMind in order to make that personal data part of another database for one or more other services provided to MaxMind customers.

Data Subject Rights

If you are a data subject in the European Union or UK, you have the right to access, rectify, or erase any personal data we have collected about you through the Services. You also have the right to data portability and the right to restrict or object to our processing of personal data we have collected about you through the Services. In addition, you have the right to ask us not to process your personal data (or provide it to third parties to process) for marketing purposes or purposes materially different than for which it was originally collected or subsequently authorized by you. You may withdraw your consent at any time for any data processing we do based on consent you have provided to us.

To exercise any of these rights, contact us using the information at Section 11 above and specify which right you intend to exercise. We will respond to your request within 30 days. We may require additional information from you to allow us to confirm your identity. Please note that we store information as necessary to fulfill the purposes for which it was collected, and may continue to retain and use the information even after a data subject request for purposes of our legitimate interests, including as necessary to comply with our legal obligations, resolve disputes, prevent fraud, and enforce our agreements.

If your information has been processed by us on behalf of one of our customers and you wish to exercise any rights you have with such information, please inquire with our customer directly. If you wish to make your request directly to MaxMind, please provide the name of the MaxMind customer on whose behalf MaxMind processes your information. We will refer your request to that customer, and will support them to the extent required by applicable law in responding to your request.

If you have any issues with our compliance, you have the right to lodge a complaint with a European supervisory authority.

Lawful Basis

MaxMind processes personal data consistent with the lawful basis available under law.

In some instances, MaxMind’s lawful basis for processing personal data is consent. For example, individuals in the EU and UK can provide opt-in consent to our marketing emails. In other instances, MaxMind’s lawful basis for processing personal data is to comply with a legal obligation, such as if we were to receive a subpoena or court order requiring the disclosure of personal data.

In most instances, MaxMind’s lawful basis for processing personal data is for our or our customers’ legitimate interests. MaxMind’s legitimate interests include the following:

  • To detect and prevent fraud.
  • To provide, enhance and improve the accuracy and scope of our IP address intelligence and fraud detection products and services.
  • To create and manage accounts, confirm purchases, communicate, market and provide information related to our business relationships.
  • To establish, exercise and defend legal rights.
  • Website administration and customization.

International Transfer

For personal data transferred from the European Union, the UK, and Switzerland to third countries that do not ensure an adequate level of data protection, we will provide appropriate safeguards, such as through the use of Standard Contractual Clauses.

In addition, MaxMind complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.  MaxMind has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF.  MaxMind has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.  If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/

MaxMind is subject to the investigatory and enforcement jurisdiction of the United States Federal Trade Commission where MaxMind has transferred personal data in reliance on the DPF. We hereby affirm our commitment to comply with the DPF Principles for all personal data transferred from the European Union, the United Kingdom and Switzerland in reliance on the DPF. This means that MaxMind shall be liable to you for any third party agent to which we transfer your personal data in reliance on the DPF and that processes such personal data in a manner that violates the DPF Principles, unless we can demonstrate that we are not responsible for the resulting damages. MaxMind takes reasonable steps to ensure that personal data is relevant to its intended use and is accurate, complete, and current and retained only as long as needed for an intended or compatible purpose.

In compliance with the EU-U.S DPF, the UK Extension to the EU-U.S DPF, and the Swiss-U.S DPF Principles, MaxMind commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to the EU-U.S DPF, the UK extension to the EU-U.S DPF, and the Swiss-U.S Data Privacy Framework Principles. European Union, United Kingdom, and Swiss individuals with inquiries or complaints should first contact our Data Protection Officer set forth in Section 11 of this Privacy Policy.

MaxMind has further committed to refer unresolved privacy complaints under the Data Privacy Framework program to an independent dispute resolution mechanism, Data Privacy Framework Services, operated by BBB National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers for more information and to file a complaint. This service is provided free of charge to you.

If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/G-Arbitration-Procedures-dpf?tabset-35584=2

16. BRAZIL

Roles

Brazilian data protection laws make a distinction between organizations that process personal data for their own purposes (known as "controllers") and organizations that process personal data on behalf of other organizations (known as "processors").

MaxMind, located at the address set forth in Section 11 above, generally operates as a processor on behalf of its customers that use the MaxMind's services. The MaxMind customer, the controller, determines the purposes and means of the processing of personal data. Specifically, MaxMind's customer decides what personal data to share with MaxMind in order for MaxMind to provide the customer with robust risk score information, certain licensed data, the ability to flag potentially fraudulent activity, and other services as purchased by the customer. Please visit the applicable customer's privacy policy for information about their privacy practices.

MaxMind also operates as a controller with respect to certain of its services and/or databases. For example, MaxMind operates as a controller in connection with personal data collected from visitors through its website, including through data correction requests. Also, when MaxMind combines personal data from different customers, like many kinds of analytics services, it may do this both as a processor at its customers' instruction and as a controller itself for the purpose of providing services to all of its customers. For example, MaxMind may process and aggregate or otherwise de-identify some of the personal data that a customer shares with MaxMind in order to make that personal data part of another database for one or more other services provided to MaxMind customers.

Data Subject Rights

If you are a data subject in Brazil, you have the right to access, rectify, or erase any personal data we have collected about you through the Services. You also have the right to data portability and the right to restrict or object to our processing of personal data we have collected about you through the Services. In addition, you have the right to ask us not to process your personal data (or provide it to third parties to process) when the processing is based on a lawful basis provided under the law. This kind of request is different from raising a concern that your consent is noncompliant with the provisions of the LGPD, including raising a concern that your data is being used for purposes materially different than for which it was originally collected. You may withdraw your consent at any time for any data processing we do based on consent you have provided to us.

To exercise any of these rights, contact us using the information at Section 11 above and specify which right you intend to exercise. To exercise your right for confirmation of the existence of processing, access to data, portability of data, deletion of personal data, revocation of consent, or information on public and private entities with which the controller has shared the data, please submit a request through our online form available at /en/lgpd. We will respond to your request within 30 days and within 15 days if you would like MaxMind to confirm if your data is processed by us or to exercise the right of access to your personal data. We may require additional information from you to allow us to confirm your identity. Please note that we store information as necessary to fulfill the purposes for which it was collected, and may continue to retain and use the information even after a data subject request for purposes of our legitimate interests, including as necessary to comply with our legal obligations, resolve disputes, prevent fraud, and enforce our agreements.

If your information has been processed by us on behalf of one of our customers and you wish to exercise any rights you have with such information, please inquire with our customer directly. If you wish to make your request directly to MaxMind, please provide the name of the MaxMind customer on whose behalf MaxMind processes your information. We will refer your request to that customer, and will support them to the extent required by applicable law in responding to your request.

If you have any issues with our compliance, you have the right to lodge a complaint with the Brazilian supervisory authority or other authority indicated within applicable Law.

17. CHINA

Roles

Chinese data protection laws make a distinction between organizations that process personal data for their own purposes (known as "controllers") and organizations that process personal data on behalf of other organizations (known as "processors").

MaxMind, located at the address set forth in Section 11 above, generally operates as a processor on behalf of its customers that use the MaxMind's services. The MaxMind customer, the controller, determines the purposes and means of the processing of personal data. Specifically, MaxMind's customer decides what personal data to share with MaxMind in order for MaxMind to provide the customer with robust risk score information, certain licensed data, the ability to flag potentially fraudulent activity, and other services as purchased by the customer. Please visit the applicable customer's privacy policy for information about their privacy practices.

MaxMind also operates as a controller with respect to certain of its services and/or databases. For example, MaxMind operates as a controller in connection with personal data collected from visitors through its website, including through data correction requests. Also, when MaxMind combines personal data from different customers, like many kinds of analytics services, it may do this both as a processor at its customers' instruction and as a controller itself for the purpose of providing services to all of its customers. For example, MaxMind may process and aggregate or otherwise de-identify some of the personal data that a customer shares with MaxMind in order to make that personal data part of another database for one or more other services provided to MaxMind customers.

Data Subject Rights

If you are a data subject in China, you have the right to access, rectify, or erase any personal data we have collected about you through the Services. You also have the right to data portability and the right to restrict or object to our processing of personal data we have collected about you through the Services. In addition, you have the right to ask us not to process your personal data (or provide it to third parties to process) when the processing based on one lawful basis provided under the law different from consent is carried out not in compliance with the Law noncompliance with the provisions of the Personal Information Protection Law ("PIPL") and other applicable laws, including for purposes materially different than for which it was originally collected. You may withdraw your consent at any time for any data processing we do based on consent you have provided to us.

To exercise any of these rights, contact us using the information at Section 11 above and specify which right you intend to exercise. To exercise your right for confirmation of the existence of processing, access to data, portability of data, deletion of personal data, revocation of consent, or information on public and private entities with which the controller has shared the data, please submit a request through our online form available at /en/pipl. We will respond to your request within 30 days if you would like MaxMind to confirm if your data is processed by us, or within 15 days if you would like to exercise the right of access to your personal data. We may require additional information from you to allow us to confirm your identity. Please note that we store information as necessary to fulfill the purposes for which it was collected, and may continue to retain and use the information even after a data subject request for purposes of our legitimate interests, including as necessary to comply with our legal obligations, resolve disputes, prevent fraud, and enforce our agreements, or if it is technically infeasible to delete such information.

If your information has been processed by us on behalf of one of our customers and you wish to exercise any rights you have with such information, please inquire with our customer directly. If you wish to make your request directly to MaxMind, please provide the name of the MaxMind customer on whose behalf MaxMind processes your information. We will refer your request to that customer, and will support them to the extent required by applicable law in responding to your request.

If you have any issues with our compliance, you have the right to lodge a complaint with the Chinese supervisory authority or other authority indicated within applicable Law.

International Transfer

For personal data transferred from China to third countries that do not ensure an adequate level of data protection, we will provide appropriate safeguards, such as through the use of Standard Contractual Clauses.

In addition, MaxMind will comply with rules under applicable law regarding the collection, use, and retention of personal data from China.

Any inquiries or complaints relating to MaxMind's compliance with applicable laws, including any requests for access or correction of personal data, may be addressed to our Data Protection Officer set forth in Section 11 of this Privacy Policy. MaxMind will investigate and attempt to resolve any inquiries brought to its attention.