Privacy Policy

Effective Date: 2014/06/30

This Privacy Policy discloses the privacy practices of MaxMind, Inc. (sometimes referred to in this Privacy Policy as "MaxMind", "we", or "us"), in connection with the MaxMind.com website (the "Website") and any features and online services provided by MaxMind that post or include a link to this Privacy Policy. We have provided this statement of our Privacy Policy to answer your questions about the types of information that we gather and the ways in which we use and share this information.

Please read this Privacy Policy carefully. By visiting and using the Website, you agree that your use of the Website is governed by this Privacy Policy. In addition to our Privacy Policy, your use of the Website is governed by our Website Terms of Use,  which govern in the event of any conflict with this Privacy Policy.

1. SCOPE OF PRIVACY POLICY

This Privacy Policy applies to the MaxMind.com website and any features and online services provided by MaxMind that post or include a link to this Privacy Policy. It does not apply to MaxMind's services that MaxMind's customers may use on their own websites, to other companies' or organizations' sites to which we link, or to companies that MaxMind does not own or control, even if such companies are contractors or business partners of MaxMind.

This Privacy Policy also does not cover how MaxMind customers may treat your information as the use of your information by such parties is governed by the privacy policies of such parties and is not subject to MaxMind's control.

2. US-EU AND US-SWITZERLAND SAFE HARBORS

MaxMind is a participant in the US-EU Safe Harbor program of the United States Department of Commerce and the European Union Commission, as well as the Safe Harbor program of the United States and the Federal Data Protection and Information Commissioner (FDPIC) of Switzerland (together, the "Safe Harbors"). Information on the Safe Harbors is available at export.gov/safeharbor. As a part of MaxMind's participation in the Safe Harbors, data collected from individuals or entities within the European Economic Area (namely, the 27 states of the EU, as well as Iceland, Liechtenstein, and Norway, collectively the "EEA") or Switzerland, shall receive separate treatment under certain provisions of this Privacy Policy. The term "EU/Swiss Data" shall mean, for purposes of this Privacy Policy, any Personally Identifiable Information (as defined in Section 3, below) that originates within the EEA or Switzerland and is transferred to the United States from the EEA or Switzerland. MaxMind offers to owners of EU/Swiss Data assurances that it complies with various privacy principles embodied in the European Union Directive 95/46/EC (the "EU Data Directive") and the Swiss Federal Act on Data Protection (the "FADP"). In particular, the privacy principles to which MaxMind adheres for all EU/Swiss Data are as follows:

Notice

When MaxMind collects EU/Swiss Data from users, it will inform them about the information that is being or will be collected, the uses that MaxMind makes of such data, and the choices available to the user with respect to MaxMind's use of such data. When MaxMind receives EU/Swiss Data from a third party in the EEA, MaxMind requires that the entity transmitting such data make the foregoing notices to the corresponding users. In most cases, this Privacy Policy will accurately describe all uses of any EU/Swiss Data collected by MaxMind, however in the event that any data is collected or used in a manner not described herein, MaxMind shall provide notice of such additional use to the corresponding user. MaxMind does not collect or use any Sensitive Personal Data, which is data: (a) that reveals an individual's race, ethnic origin, political opinions, religious, ideological, or philosophical beliefs, trade union membership, views, or activities, (b) concerning health or sexual information, information about social security benefits, or information on criminal or administrative proceedings and sanctions other than in the context of pending proceedings, or (c) is received from a third party where such third party identifies and treats the information as sensitive personal data pursuant to the EU Data Directive and/or the Swiss FADP.

Choice

MaxMind permits all owners of Personally Identifiable Information to exercise choice in how that data is used by MaxMind. Details on your right to opt-out of MaxMind's use or disclosure of Personally Identifiable Information is set forth in Section 6 of this Privacy Policy.

Data Integrity

MaxMind will take reasonable steps to ensure that any EU/Swiss Data is used only as described in this Privacy Policy or as otherwise authorized by the relevant individual. MaxMind will take reasonable steps to ensure that EU/Swiss Data is relevant to its intended use and is accurate, complete, and current.

Transfer to Agents

Except as described in this Privacy Policy, MaxMind will transfer EU/Swiss Data only to those third parties who have provided assurances that such data will be treated consistently with the requirements of this Privacy Policy. In particular, except as described in this Privacy Policy, MaxMind will transfer EU/Swiss Data only to third parties who are contractually obligated to comply with the principles of the Safe Harbors, or who are otherwise legally required to comply with the EU Data Directive, the Swiss FADP, or any related safe harbor program meeting the requirements of such regulations in the third party's home jurisdiction. In the event that MaxMind has knowledge that any third party to whom it has transferred EU/Swiss Data has used or disclosed EU/Swiss Data in a manner contrary to this Privacy Policy, MaxMind will take reasonable steps to prevent or stop such use or disclosure.

Access and Correction

Upon request and in compliance with the Safe Harbors, MaxMind shall grant to individuals reasonable access to their EU/Swiss Data that is held by MaxMind. In the event that such data is deemed by the responsible individual to be inaccurate or incomplete, MaxMind will permit individuals to correct, amend, or delete such data. MaxMind may limit access or correction of data as permitted by the Safe Harbors, for example, in the event that the cost or burden of providing such access or correction would be prohibitive or could not be provided without harming the rights of other individuals. In the event that a request for access or correction is denied, the requesting individual will be notified of the reason for denial and given an opportunity to discuss the matter with MaxMind and/or appeal the decision through the dispute resolution procedures referenced below.

Security

MaxMind will take reasonable precautions to prevent the loss, misuse, or unauthorized access, disclosure, alteration, or destruction of any EU/Swiss Data. However, MaxMind does not guarantee that any of its data will be protected in all circumstances, including those beyond its reasonable control.

Enforcement

MaxMind will conduct regular audits to confirm its compliance with the principles of the Safe Harbors. Any MaxMind employee who is determined to have violated this Privacy Policy with respect to EU/Swiss Data shall be subject to disciplinary action, up to and including termination of employment.

Dispute Resolution

Any inquiries relating to this Privacy Policy, including any requests for access or correction of EU/Swiss Data, may be addressed to the person identified in Section 11 of this Privacy Policy. MaxMind will investigate and attempt to resolve any inquiries brought to its attention. For any complaints that cannot be resolved by MaxMind and the complainant, MaxMind has agreed to participate in the Better Business Bureau Safe Harbor Dispute Resolution Program. Individuals wishing to avail themselves of the foregoing dispute resolution program should follow the procedures set forth in Section 11, below.

Limitations

Adherence by MaxMind to these Safe Harbor Principles may be limited (a) to the extent required to respond to a legal or ethical obligation; (b) to the extent necessary to meet national security, public interest, or law enforcement obligations; and (c) to the extent expressly permitted by an applicable law, rule, or regulation, including but not limited to the EU Data Directive, the Swiss FADP, and/or the principles of the Safe Harbors.

3. INFORMATION MAXMIND COLLECTS

Information Collected During Your Visits to the MaxMind Website

Whenever MaxMind collects data directly from individuals, it will provide: (a) notice of such collection; or (b) a copy of or link to this Privacy Policy, including a description of how such data will be used and the rights of individuals whose information is being collected.

If you register or make a purchase while on the Website, MaxMind may ask for Personally Identifiable Information such as your name, email address, or physical address. In addition, MaxMind collects and analyzes traffic on the Website by keeping track of the IP addresses of our visitors and by collecting log file information. Your IP address is a number that is automatically assigned to the computer that you are using by your Internet service provider (ISP) or by another organization. An IP address, by itself, cannot identify you personally. However, when combined with other information, your IP address can be used to identify the computer you are using. In addition, MaxMind may use your IP address to estimate your geographic location. We discuss log file information further in a later paragraph of this Section 4.

Cookies, Web Beacons, and Embedded Scripts

The Website uses "cookies" and similar technologies, including HTML5 local storage on the Website and when providing the Services. A cookie is a file stored on your device that may be used to identify an individual as a unique user by storing certain personal preferences and user data. MaxMind uses cookies and other technologies to identify your device, identify authorized users of the MaxMind Member Center, track affiliate referrals, complete online purchases through MaxMind's shopping carts, and similar Website monitoring activities.

MaxMind may also use web beacons, small graphic images or other web programming code (also known as "1x1 GIFs" or "clear GIFs"), which may be included in our web pages and e-mail messages. Web beacons may be invisible to you, but any electronic image or other web programming code inserted into a web page or e-mail can act as a web beacon. Web beacons or similar technologies may be used for a number of purposes, including, without limitation, to count visitors to the Website, to monitor how users navigate the Website, to count how many e-mails that were sent were actually opened or to count how many particular articles or links were actually viewed.

MaxMind may also use embedded scripts on the Website and in connection with the provision of its Services. “Embedded scripts” are programming code designed to collect information about your interactions with a website, such as the links you click on, and may assist our customers in providing us with information used to provide the Services. The code is temporarily downloaded onto your device from our web server, our customer's web server, or a third party service provider, is active only while you are connected to the website containing the embedded script, and is deactivated or deleted thereafter.

Log File Information

Your web browser automatically sends information to every website you visit, including ours. For example, our server logs may receive and record information such as the pages you access on the Website, referring URLs, your browser type, your operating system, the date and time of your visit, and the duration of your visit to each page.

User Agent Strings

Log file information may also include a user agent string, a series of characters automatically sent with your Internet requests that provide information necessary for smooth Internet communications such as the operating system and browser you used. Similar to an IP address, a user agent string, by itself, does not identify you personally. However, when combined with other information, a user agent string might be used to identify the computer originating a message.

Location Data

MaxMind may also request access to or otherwise receive information about your device location when you access the Website. Your location data may be based on your IP address. We use location data in connection with providing the Services and to help improve the Services.

Unique Identification Number

MaxMind may assign your computer or mobile device a unique identification number ("Unique ID") based on log file information when you access the Website MaxMind may set a cookie on your device containing, amongst other things, the device's Unique ID. MaxMind uses information generated from the Unique ID for purposes of improving our Services, primarily our ability to detect fraud. MaxMind does not share the Unique ID or any associated data with unaffiliated third parties.

Information MaxMind Receives from Third Parties

MaxMind may receive information about you from third parties. For example, our customers may provide us with certain e-commerce transaction information, which may include IP address, cardholder name, billing and ship address, email, and phone number. We may combine the information we receive from third parties with information we collect through the Website. If we do so, MaxMind will apply this Privacy Policy to that combined information.

Collection of Additional Information; Retention

MaxMind may collect additional information from or about you in other ways, including responses to customer surveys or your communications with our customer service team. MaxMind may retain all information it collects for an indefinite period of time.

Whenever MaxMind collects data directly from individuals, it will provide: (a) notice of such collection; (b) a copy of or link to this Privacy Policy, including a description of how such data will be used and the rights of individuals whose information is being collected.

4. HOW MAXMIND USES INFORMATION

Providing Our Services

As stated above, MaxMind may use Personally Identifiable Information such as your name, address, telephone number, e-mail address, or other contact information we obtain from you, our customers, or our business partners, for the purposes of providing, enhancing, or improving our IP geolocation, fraud detection, demographic targeting, and other services and products.

Communications with You

MaxMind maintains one or more contact lists (with email addresses and other information) to allow MaxMind to communicate with individuals who do business with MaxMind or who have expressed an interest in the Services. We may contact you to confirm your purchases or respond to requests that you make, notify you of changes to your account or the Services, for marketing purposes, or to otherwise inform you of information related to our business or your account with us.

Website Administration and Customization

MaxMind may use the information we collect about you for a variety of website administration and customization purposes. For example, we use your information to process your registration request, provide you with services and communications that you have requested, send you email updates and other communications, customize features and advertising that appear on the Website, deliver the Website content to you, measure Website traffic, measure user interests and traffic patterns, and improve the Website and the services and features offered via the Website.

Usage of Non-Identifying Information

Non-identifying information includes information collected from or about you that does not personally identify you. MaxMind treats IP addresses, log file information, user agent strings, computer IDs, and related information as non-identifying information, except if applicable law or the Safe Harbor principles require us to do otherwise. MaxMind may use non-identifying information for any purpose. We may also combine your non-identifying information with third party data sources (including data obtained from offline sources and data obtained from our customers using the Services) in our effort to improve our Services. Unless you opt-out, MaxMind may share such non-identifying information with customers, affiliates, and other third parties, for any purpose.

IP Addresses, Unique ID, and EU/Swiss Data

Certain jurisdictions, including the European Union, may deem IP addresses and/or Unique IDs, to be Personally Identifiable Information. Accordingly, for persons in such jurisdictions, our use of Non-Identifying Information as described in this Privacy Policy, including in Section 6, below, should be assumed to include IP address and Unique ID data.

5. HOW MAXMIND SHARES INFORMATION

Sharing with Our Service Providers

We may provide your information to our third party service providers, contractors, business partners, and advertisers, for the purpose of delivering Services to you as well as for purposes related to Website administration and operation, including conducting analytics. When sharing information for the purpose of providing you with the Services you request, we will share your Personally Identifiable Information only as necessary for the third party working on MaxMind's behalf to complete its work for us. For example, if you use a credit or debit card to complete a transaction on the Website, we may share your personal information and credit card number with a credit card processing and/or a fulfillment company in order to complete your transaction.

Sharing with Our Customers

One aspect of MaxMind's products and services is the provision of databases to our customers. These databases include information such as IP addresses and corresponding data pertaining to such IP addresses, such as geolocation data, fraud analysis data, and related information. Such databases are compiled using numerous data sources, including information we receive from our customers when individuals make purchases or conduct other transactions with our customers. In addition, we respond to API queries from our customers, and such responses may include information about the level of risk we associate with information about your device or email address, or your Unique ID. With regard to EU/Swiss Data, IP addresses and Unique IDs may be considered to be Personally Identifiable Information in certain EU jurisdictions. As such, we are required to notify you that we share such information, in the limited forms and for the limited purposes described above. Owners of EU/Swiss Data may opt out of our disclosure of such data pursuant to Section 6 of this Privacy Policy.

Security and Compliance with the Law

We reserve the right to disclose your Personally Identifiable Information to appropriate third parties if we are required to do so by law or we believe that such action is necessary in order (a) to comply with legal process such as a search warrant, subpoena, or court order; (b) to protect the company's rights and property; (c) to investigate reports of users sending material using a false email address or users sending harassing, threatening, or abusive messages; (d) to protect against misuse or unauthorized use of the Website or Services; or (e) to respond to emergencies, such as when we believe someone's physical safety is at risk.

Aggregate Information and Non-Identifying Information

MaxMind may share your non-identifying information (which may include non-identifying log file information or information derived from identifying information) with third parties, including our customers. While MaxMind may share such non-identifying information for any purpose (unless you opt-out of such sharing), MaxMind typically shares such non-identifying information for industry analysis, aggregated demographic profiling, and the delivery of targeted advertising about other products and services. For example, MaxMind might provide such non-identifying information to an industry analyst who wants to use the information to determine the popularity of various web browsers and operating systems in different geographic areas.

Transfer of Business

Over time, MaxMind may buy or sell various assets. In the event that we sell some or all of our assets, or our company is acquired by another company, our databases and any Personally Identifiable Information we collect may be among the transferred assets.

With regard to the transfer of any EU/Swiss Data, such transfer will only occur with a third party in the event that such party has met the qualifications set forth in Section 2, above, or as otherwise permissible under the Safe Harbor principles.

6. YOUR CONTROL OVER YOUR PERSONAL INFORMATION

Opt-Out of Email Communications

If you are a registered member of the Website, you can make changes to your account information by logging into the Website and modifying your preferences here. If you do not wish to receive email notifications from us, you may opt-out by contacting us at info@maxmind.com with your request. In addition, certain email communications we send to you, such as newsletters and promotional announcements, contain a clearly worded "Opt-Out" or "Unsubscribe" link allowing you to withdraw your permission for future mailings. Please note that we reserve the right to send you certain communications relating to your account or use of the Services (for example, administrative and service announcements) and these transactional account messages may be unaffected even if you opt-out from marketing communications.

Opt-Out of Information Sharing

MaxMind shares with unaffiliated third parties Personally Identifiable Information about you only in limited circumstances (e.g., compliance with law, security concerns, etc.) noted in this Privacy Policy. As discussed above in  Section 5 of this Privacy Policy, MaxMind may share non-identifying information about you. If you want to opt-out of MaxMind sharing your non-identifying information, please send your request to legal@maxmind.com  or to the address set forth in Section 12, below. Please note that the records maintained by MaxMind are not complete for all consumers (i.e., many records do not contain name or email address information). As a result, a record containing information about you may not be identifiable by an email address search, IP address search, or other simple search criteria. Any individual whose record can be identified has the option of having MaxMind cease from sharing with unaffiliated third parties any of the individual's non-identifying information. This non-sharing has several important qualifications:

(a) MaxMind will cease sharing information in any databases created after your opt-out date. We highlight that information about you in any databases shared with our customers is non-identifying information (not Personally Identifying Information). Versions of databases created and released prior to your opt-out date may have been created using your non-identifying information, and our customers may continue to have access to such earlier versions. Note that the utility of a database diminishes over time and most customers eventually discard older versions of a database in favor of an updated version.

(b) The non-sharing of information pertains to any information MaxMind can associate with you. MaxMind sometimes receives anonymous log file information that cannot be linked to a specific email address, IP address, or individual.

(c) Even if you do opt-out of having us share your non-identifying information, MaxMind will continue to gather, retain, use and share such information for fraud detection purposes.

(d) If you opt-out based on your IP address, MaxMind will process the IP address opt-out if the IP address is associated with one individual or one household (i.e., it is not uncommon for a single IP address to be shared by hundreds of devices). Also, since IP address assignments are subject to change, MaxMind will stop sharing information related to that IP address until such time that MaxMind reasonably believes the IP address has been assigned to another device (which period shall not be less than one year).

Blocking or Deleting Cookies

You can manually delete cookies, which are normally located in your temporary Internet folder or cookie folder. You can also reset the preferences in your web browser to notify you when you have received a cookie or, alternatively, to refuse to accept cookies. Deleting or blocking cookies will prohibit your ability to make online purchases on the Website and to use and access portions of the Website that require logging in with a username and password, and may affect other functionality.

Additional Information for Residents of Certain States

Consumers in certain jurisdictions of the United States may have a right to access personal information held or shared about themselves. Your right of access can be exercised in accordance with applicable law. Please submit any requests for access to your personal data in writing to our privacy agent indicated at the bottom of this webpage.

Your California Privacy Rights

When California customers provide Personally Identifiable Information to a business, they have the right to request certain disclosures if that business shares Personally Identifiable Information with third parties (and in some cases affiliates) for the third parties' or affiliates' direct marketing purposes. Once per calendar year the customer may request that the business provide a list of companies with which it shares Personally Identifiable Information for those companies' direct marketing purposes, and a list of the categories of Personally Identifiable Information that the business shares. Instead of responding to such requests, however, a company may choose to comply with this law by establishing and publishing on its website a policy of not disclosing a customer's Personally Identifiable Information to such third parties and affiliates unless the customer affirmatively agrees to such disclosures.

MaxMind does not share Personally Identifiable Information with third parties or affiliates for those third parties' or affiliates' direct marketing purposes.

California customers may request information about our compliance with this law by contacting us by e-mail at legal@maxmind.com or by mail at the address set forth in Section 11 below. Any such inquiry must include "California Privacy Rights Request" in the first line of the description and include your name, street address, city, state, and ZIP code. Please note that we are only required to respond to one request per customer each year, and we are not required to respond to requests made by means other than through this email address.

EU/Swiss Data Rights

In addition to the opt-out rights set forth above, MaxMind permits individual owners of EU/Swiss Data the option of choosing to opt-out of: (a) the disclosure of their EU/Swiss Data to third parties, and (b) the use of their EU/Swiss Data for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. Individuals residing in the EEA and wishing to make an opt-out request should contact MaxMind directly using the information at Section 11, below.

7. THIRD PARTY ANALYTICS; ONLINE TRACKING

MaxMind works with certain third parties (including analytics companies) to provide us with information regarding traffic on and use of the Website. Some of these parties may collect Personally Identifiable Information when you visit the Website or other online websites and services. These third parties may set and access their own tracking technologies (including cookies, embedded scripts, and web beacons) and may otherwise collect or have access to your IP address or other unique identifier, log information, and related information about you. These tracking technologies may be used to assist in providing analytics and for other purposes. We may share IP addresses or other unique identifiers and log information about visitors with third party analytics providers and other vendors for similar purposes. MaxMind does not control the information collection, use, or sharing practices of third party analytics providers. Some third parties may collect Personally Identifiable Information about your online activities over time and across different websites when you use the Website.

Your browser settings may allow you to automatically transmit a "Do Not Track" signal to websites and online services you visit; however, there is no consensus among industry participants as to what "Do Not Track" means in this context. Like many websites and online services, the Website currently does not alter its practices when it receives a "Do Not Track" signal from a visitor's browser. To find out more about "Do Not Track," you may wish to visit http://www.allaboutdnt.com.

8. SECURITY

MaxMind implements reasonable security measures to secure data. However, no physical or electronic security system is impenetrable. MaxMind cannot guarantee the security of the Website's servers or databases, nor can we guarantee that information you supply will not be intercepted while being transmitted to us over the Internet.

9. POLICY REGARDING CHILDREN

The Website is not intended for use by children under the age of thirteen years old. MaxMind does not knowingly collect information from children under the age of thirteen.

10. CHANGES TO THIS PRIVACY POLICY

We will occasionally update this Privacy Policy in response to changing business circumstances and legal developments. If there are material changes to this Privacy Policy or in how we use your Personally Identifiable Information, we will prominently post such changes prior to implementing the change. We encourage you to periodically review this Privacy Policy to be informed of how we are collecting and using your information.

11. CONTACT FOR ADDITIONAL INFORMATION, OPTING OUT, DATA ACCESS AND CORRECTION, AND DISPUTES

If you have any questions or complaints about this Privacy Policy, or you wish to exercise your opt-out rights hereunder or access or correct data applicable to you, you may email us at legal@maxmind.com or contact us by postal mail at the following address:

Jason Ketola (Privacy Agent)
Legal Department
MaxMind, Inc.
14 Spring Street, 3rd Floor
Waltham, MA 02451
U.S.A.

If you are an individual residing within the EEA and you wish to lodge a dispute resolution proceeding in relation to a request that you have first made in good faith with us but found to be unsatisfactorily resolved, you may file a complaint online at https://www.auto.bbb.org/EU-Safe-Harbor-Complaint-Form  or by sending your complaint to the following address:

Council of Better Business Bureaus, Inc.
BBB EU Safe Harbor
3033 Wilson Boulevard, Suite 600
Arlington, VA 22201
U.S.A.

Additional information on filing a Safe Harbor complaint can be found at the following web site: http://www.bbb.org/us/consumer/european-dispute-resolution/complaint-info.