Effective May 25, 2018 (Previous Policy in force until May 24, 2018)
#About Your Privacy at MODX
We recommend Users within the European Union read the important information in the section entitled, Information for Users from the European Union
Table of Contents
- About Your Privacy at MODX
- MODX’s Service and Client User Data
- Information We Collect From You
- How We Use Your Personal Information
- Sharing Your Information
- Sensitive Personal Information
- Changes to Your Personal Information
- Notification of Breach
- International Transfer
- Other Sites and Services
- Social Media Widgets
- User Generated Content
- Information for Users from the European Union
- Cross-Border Data Transfer
#MODX’s Service and Client User Data
Customers of our Service (“Clients”) use it to host, manage, and develop websites, applications, and similar online projects for themselves or for their customers.
Client User Data may include, without limitation, information about the identity of Client users, such as name, postal address, e-mail address, IP address and phone number.
#Information We Collect From You
We collect personal information about you in the following ways:
#Information You Provide to Us
Personal information that you may provide through the Service or otherwise communicate with us includes: * Identity information, such as your first name, last name, username or similar identifier, title, and date of birth; * Contact information, such as your postal address, email address and telephone number; * Profile information, such as your username and password, interests, preferences, feedback and survey responses; * Support, feedback and correspondence, such as report a problem with Service, receive customer support or otherwise correspond with us, information you provide in your responses to surveys, when you participate in market research activities,; * Financial information, such as your credit card or other payment card details; * Transaction information, such details about purchases you make through the Service and billing details; * Usage information, such as information about how you use the Service and interact with us; * Marketing information, such your preferences for receiving marketing communications and details about how you engage with them; * Information we get from others. We may obtain additional information about you from third-party sources to enrich your experience on the MODX.com website and provide you with more relevant information related to our service offerings.
#Information Automatically Collected
Our servers may automatically record certain information about how you use our Site (we refer to this information as “Log Data”), including both Clients and casual visitors. Log Data may include information such as a user’s Internet Protocol (IP) address, device and browser type, operating system, the pages or features of our Site to which a user browsed and the time spent on those pages or features, the frequency with which the Site is used by a user, search terms, the links on our Site that a user clicked on or used, and other statistics. We use this information to administer the Service and we analyze (and may engage third-partiesto analyze) this information to improve and enhance the Service by expanding its features and functionality and tailoring it to our users’ needs and preferences.
#How We Use Your Personal Information
#To Provide the Service
If you have a MODX or MODX Cloud account, we use your personal information: * to operate, maintain, administer and improve the Service; * to manage and communicate with you regarding your Service account, if you have one, including by sending you Service announcements, technical notices, updates, security alerts, and support and administrative messages; * to process payments you make through the Service; * to better understand your needs and interests, and personalize your experience with the Service; and * to respond to your Service-related requests, questions and feedback.
#To Communicate with You
If you request information from us, register for the Service or participate in our surveys, promotions or events, we may send you MODX-related marketing communications if permitted by law but will provide you with the ability to opt out.
#To Comply with Laws
We use your personal information as necessary or appropriate to comply with applicable laws, lawful requests and legal process, such as to respond to subpoenas or requests from government authorities.
#With Your Consent
We may use or share your personal information with your consent, such as when you consent to let us post your testimonials or endorsements on our Site, you instruct us to take a specific action with respect to your personal information or you opt into third-party marketing communications. You may revoke consent or unsubscribe at any time.
#To Create Anonymous Data for Analytics
We may create anonymous data from your personal information and other individuals whose personal information we collect. We make personal information into anonymous data by excluding information that makes the data personally identifiable to you, and use that anonymous data for our lawful business purposes.
#For Compliance, Fraud Prevention and Safety
We use your personal information as we believe necessary or appropriate to: * enforce the terms and conditions that govern the Service; * protect our rights, privacy, safety or property, and/or that of you or others; and * protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.
#Sharing Your Information
- Professional advisors. We may disclose your personal information to professional advisors, such as lawyers, bankers, auditors and insurers, where necessary in the course of the professional services that they render to us.
- Compliance with Laws and Law Enforcement; Protection and Safety. MODX may disclose information about you to government or law enforcement officials or private parties as required by law, and disclose and use such information as we believe necessary or appropriate to:
- comply with applicable laws and lawful requests and legal process, such as to respond to subpoenas or requests from government authorities;
- enforce the terms and conditions that govern the Service;
- protect our rights, privacy, safety or property, and/or that of you or others; and
- protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.
#Sensitive Personal Information
We ask that you not send to us or disclose any sensitive personal information (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or union membership) on or through the Service or otherwise.
#Changes to Your Personal Information
It is important that the personal information we hold about you is accurate. Please let us know if your personal information changes during your relationship with us by updating your Site profilewhen logged into the Site, or emailing change requests to firstname.lastname@example.org.
#Access, Update, Correct, or Delete Your Information
All MODX account holders may review, update, correct or delete the personal information in their registration profile by logging into their account. MODX account holders may also contact us at email@example.com to accomplish the foregoing or if you have additional requests or questions.
#Access to Data Controlled by Our Clients
MODX has no direct relationship with the individuals whose personal information is contained within the Client User Data processed by our Service. An individual who seeks access, or who seeks to correct, amend, or delete personal information provided by our Clients should direct their request the Client. You may also contact us at firstname.lastname@example.org if you have additional questions or concerns.
You may opt-out of marketing-related emails by logging in and changing your account settings or by clicking on a link at the bottom of each such email. You may continue to receive Service-related and other non-marketing emails.
We may contact you by telephone, with your consent where applicable, for marketing purposes (including by automatic dialer and/or prerecorded message). If you do not want to receive marketing calls, please contact customer support through the support links on the appropriate Site or email@example.com. You do not need to agree to receive automated marketing phone calls or from us to use the Services.
#Text, SMS, Push Notification
We may contact you by text message, with your consent where applicable, for marketing purposes (including by automatic system or precomposed message). If you do not want to receive marketing messages, please contact customer support through the support links on the appropriate Site or firstname.lastname@example.org. You do not need to agree to receive automated marketing texts from us to use the Services.
If you gave us consent to post a testimonial to our site, but wish to update or delete it, please email us at email@example.com to request its change or removal.
#Tracking and Targeted Advertising
In some of our communications, we use tracking means, such as a “click-through URL” linked to content on the Site. We track this data to help us measure the effectiveness of our customer communications.
#Choosing not to share your personal information
Where we need to collect your personal information by law, or to be able to provide the Service to you and you do not provide that information when requested (or you later ask to delete it), we may not be able to provide you with the Service and may need to close your account. We will tell you what information you must provide to receive the Service by designating it as required in the Service or through other appropriate means.
MODX Cloud is concerned with the security of the data we have collected and uses commercially reasonable measures to prevent unauthorized access to that information. These measures include: * Internal policies * Handling procedures * Employee training * Restricted physical access * Technical elements relating to data access controls.
In addition, MODX uses standard security protocols and mechanisms to facilitate the exchange and the transmission of sensitive data, such as credit card details. Encrypted point-to-point connections are used to communicate between systems to protect customer financial information, as well as encrypting vital information that customers input through the Site.
Although reasonable efforts are made to secure network communications and the Site, MODX cannot guarantee that the information submitted to, maintained on, or transmitted from our systems will be completely secure.
#Notification of Breach
In the event that personal information has been acquired—or is reasonably believed to have been acquired—by an unauthorized person, MODX will notify the affected individual of the breach by email or if MODX is unable to contact the individual by email,we will attempt to reach you by alternate means such as telephone, text or regular mail. Notice will be given promptly, consistent with the legitimate needs of law enforcement and any measures necessary for MODX or law enforcement to determine the scope of the breach and to ensure or restore the integrity of the data system. MODX may delay notification if MODX or a law enforcement agency determines that the notification will impede a criminal investigation, and in such case, notification will not be provided unless and until MODX or the law enforcement agency determines that notification will not compromise the investigation.
MODX is headquartered in the United States and has affiliates and service providers in other countries. Your personal information may be transferred to the United States or other locations outside of your state, province, country, or other governmental jurisdiction where privacy laws may not be as protective as those in your jurisdiction. European Union users should read the important information provided below about transfer of personal information outside of the European Economic Area.
#Other Sites and Services
The Service may contain links to other websites and services. These links are not an endorsement, authorization, or representation that we are affiliated with that third-party. We do not exercise control over third-party websites or services, and are not responsible for their actions. Other websites and services follow different rules regarding the use or disclosure of the personal information you submit to them. We encourage you to read the privacy policies of the other websites you visit and services you use.
#Social Media Widgets
#User Generated Content
We may make available on our Site, or link to, features that allow you to share information online (e.g., on message boards, in chat areas, in file uploads, through events, etc.). Please be aware that whenever you voluntarily disclose personal information online, that information becomes public and can be collected and used by others. We have no control over, and take no responsibility for, the use, storage or dissemination of such publicly-disclosed personal information. By posting personal information online in public forums, you may receive unsolicited messages from other parties.
MODX does not knowingly acquire or receive personal information from children under 16. If we later learn that any user of our Service is under the age of 16, we will take appropriate steps to remove that user’s information from our account database and will restrict that individual from future access to the Service.
#Information for Users from the European Union
#Controller and Data Protection Officer
MODX Systems, LLC, is the controllerof your personal information for purposes of European data protection legislation. Our Data Protection Officer can be reached at firstname.lastname@example.org. See the Questions section below for additional contact details.
#Legal Basis for Processing
We only use your personal information as permitted by law. We are required to inform you of the legal basisof our processing of your personal information, which are described in the table below. If you have questions about the legal basis of how we process your personal information, contact us at email@example.com.
|Processing Purpose||Legal Basis|
|To provide the Service||Processing is necessary to perform the contract governing our provision of the Service or to take steps that you request prior to signing up for the Service|
To communicate with you
To create anonymous data for analytics
For compliance, fraud prevention and safety
|These processing activities constitute our legitimate interests. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal information for our legitimate interests. We do not use your personal information for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).|
|To comply with laws||Processing is necessary to comply with our legal obligations|
|With your consent||Processing is based on your consent. Where we rely on your consent you have the right to withdraw it anytime in the manner indicated in the Service or by contacting us at firstname.lastname@example.org.|
#Use for New Purposes
We will only retain your personal information for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Information) for seven (7) years after they cease being customers for tax purposes.
In some circumstances we may anonymize your personal information (so that it can no longer be associated with you) in which case we may use this information indefinitely without further notice to you.
Where the European Union’s General Data Protection Regulation 2016/679 (“GDPR”) applies, in certain circumstances and subject to data processing agreements, you have rights in relation to the personal information we hold about you. We set out below an outline of those rights and how to exercise those rights. Please note that we will require you to verify your identity before responding to any requests to exercise your rights by providing details only known to the account holder. To exercise any of your rights, please contact email@example.com. Please note that for each of the rights below (Access, Portability, Correction, etc.), we may have valid legal reasons to refuse your request, in such instances we will let you know if that is the case.
You have the right to know whether we process personal information about you, and if we do, to access data we hold about you and certain information about how we use it and who we share it with.
You have the right to receive a subset of the personal information you provide us if we process it on the legal bases of our contract with you or with your consent in a structured, commonly used and machine-readable electronic format and a right to request that we transfer such personal information to another party. If you wish for us to transfer the personal information to another party, please ensure you detail that party and note that we can only do so where it is technically feasible. We are not responsible for the security of the personal information or its processing once received by the third-party.
You have the right to require us to correct any personal information held about you that is inaccurate and have incomplete data completed. Where you request correction, please explain in detail why you believe the personal information we hold about you to be inaccurate or incomplete so that we can assess whether a correction is required. Please note that while we assess whether the personal information we hold about you is inaccurate or incomplete, you may exercise your right to restrict our processing of the applicable data as described below.
You may request that we erase the personal information we hold about you in the following circumstances:
- Where you believe it is no longer necessary for us to hold the personal information;
- We are processing it on the basis of your consent and you wish to withdraw your consent;
- We are processing your data on the basis of our legitimate interest and you object to such processing;
- You no longer wish us to use your data to send you marketing; or
- You believe we are unlawfully processing your data.
Please provide as much detail as possible on your reasons for the request to assist us in determining whether you have a valid basis for erasure.
#Restriction of Processing to Storage Only
You have a right to require us to stop processing the personal information we hold about you other than for storage purposes in the following circumstances:
- You believe the personal information is not accurate for the period it takes for us to verify whether the data is accurate;
- We wish to erase the personal information as the processing we are doing is unlawful but you want us to simply restrict the use of that data;
- We no longer need the personal information for the purposes of the processing but you require us to retain the data for the establishment, exercise, or defense of legal claims; or
- You have objected to us processing personal information we hold about you on the basis of our legitimate interest and you wish us to stop processing the personal information while we determine whether there is an overriding interest in us retaining such personal information.
You have the right to object to our processing of data about you and we will consider your request. Please provide us with detail as to your reasoning so that we can assess whether there is a compelling overriding interest in us continuing to process such data or we need to process it in relation to legal claims.
You also have the right, at any time, to object to our processing of data about you in order to send you marketing, including where we build profiles for such purposes and we will stop processing the data for that purpose.
#Withdrawal of Consent
Where you have provided your consent to us processing your personal data, you can withdraw your consent at any time by contacting firstname.lastname@example.org.
#Cross-Border Data Transfer
Whenever we transfer your personal information out of the EEA to countries not deemed by the European Commission to provide an adequate level of personal information protection, the transfer will be based on one of the following safeguards recognized by the European Commission as providing adequate protection for personal information, where required by EU data protection legislation:
- Contracts approved by the European Commission which impose data protection obligations on the parties to the transfer. For further details, see European Commission Model contracts for the transfer of personal information to third-countries.
- For transfers to third-parties in the United States, ensuring they participate in the E.U.-U.S. Privacy Shield Framework.
Please email email@example.com if you want further information on the specific mechanism used by us when transferring your personal information out of the EEA.
MODX Systems, LLC
25 Highland Park Village Suite 100-413C
Dallas, TX 75205-2789C
Attention: Data Protection Officer
Last edited on May 7, 2019.