Skip to content

Privacy Policy


OVERVIEW

Management Controls’ privacy policy is designed to provide transparency around the ways in which we collect, utilize, and disclose personal data as part of our web-based services and generally on our websites, and what control our customers may have.

PRIVACY STATEMENT

Management Controls (MCi, we, or us) takes your privacy very seriously. This policy is designed to provide transparency around the ways in which we collect, utilize and disclose personal data (information that allows us to determine your identity) as part of our web-based services and generally on our websites (together the Services), and what control you may have.

Please read this policy carefully to understand the processing, collecting, sharing, protection, and your rights associated with your personal data.  Please note that this policy is not a contract and does not create any contractual rights or obligations.  The use of our products and services is subject to the terms of the applicable customer agreement.

COLLECTION:

PERSONAL DATA YOU PROVIDE

  • When you register with our Service (including signing up for our newsletters, downloading materials through our websites, or registering for or attending MCi-sponsored events), you will provide certain personal data, such as your full name, username, physical address, phone number, and/or email address.

  • When you submit a support ticket request or communicate with us by email, phone, text, or online chats, we may ask you to provide additional information, such as details on the device used to access the Services or the location where the issue occurred.

  • When you use certain features of our Service or mobile application, you may provide certain additional information, such as uploading a photo in a field note.  We encourage you to ensure that any additional information uploaded to the Service does not contain personal data that you do not wish to share with MCi or third parties.  While we do not intend to collect personal information beyond the most basic user identification data elements mentioned herein, the data being collected by our products and services could contain personal data that is more sensitive in nature as uploaded by users of the Services.

PERSONAL DATA WE COLLECT

  • When you, your employer, or your employer’s customer registers with our Services, they may provide certain personal data about you in order to facilitate their and your use of our Services, including your full name, username, internal unique identifier, physical address, phone number, email address, drivers’ license number, employment information, and schedule information.

  • When you use our Services, we may collect certain usage data, including user/product interactions, page loads and views, number of active and licensed users, web browser information, and workflows.

  • When you use our Track Anywhere Virtual Gate mobile application, we may ask you to provide or collect identification data, current location when you perform certain events, unique identifiers for the device used to access the Track Anywhere Virtual Gate mobile application, and additional information you may upload, including information captured as images and photos.  For additional information, please see our Track Anywhere Virtual Gate Privacy Notice and Consent

  • MCi may collect any information about your visits and interactions with our site and Service through the use of “cookies.” For additional information on our use of cookies, please see our Cookie Policy.

  • MCi may collect personal information when you interact with us offline, including at conferences, trade shows, trainings, or similar events.  Such information typically consists of your full name, address, phone number, and/or email address and professional and employment information.  In addition, we may collect video and audio of you for security and internal business purposes when you visit our sites.

  • MCi may also collect some personal data from publicly accessible resources such as LinkedIn, HubSpot, ZoomInfo, and other marketing/lead generation websites, public databases, commercial data sources, joint marketing partners, and other partners, social media platforms, and conference/event hosts.

TYPES OF PERSONAL DATA

We, or others acting on our behalf, may collect personal data including: name or alias, email address, physical address (including country), employer, title/position, phone number, username or user ID, IP address, device identifier (such as a MAC address), images and related metadata, content of your communications and files that you input, upload, or create.

Below is a brief, non-exhaustive summary of the kinds of personal data we may collect from various data subjects:

 
 

USE OF PERSONAL DATA (LEGITIMATE INTERESTS)

MCi may use your personal data for the following legitimate business interests:

  • Registration / Manage Your Account. To facilitate your use of MCi’s websites and Services, billing, handling correspondence with you, and registering your credentials within the Service.

  • Services. To provide, maintain, personalize, and develop our Services, databases, networks, infrastructure, devices, and assets.

  • Support / Requests. To provide support and troubleshooting assistance, and to respond to your requests and comments (for example, to respond to your requests for marketing material or white papers).

  • Security. To detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, prosecute those responsible for that activity, and otherwise protect MCi’s assets.

  • Quality. To maintain the quality and safety of the Services, and to enhance, improve, and update those Services.

  • Cookies. To operate, enhance, and personalize your experience on our website. For information on our use of cookies, please see our Cookie Policy.

  • Auditing. To audit activity in our Services, including legal, regulatory, and industry compliance, or provide reference information to third-party organizations when necessary.

  • Research and Development. To undertake internal research and technological development.

  • Recruiting. To recruit you for a position at MCi.

  • Customer Advisory Boards. To invite you to participate in surveys, studies, and assessments of our Services, to invite you to participate on advisory boards, or to request feedback on our Services.

  • Advertising / Marketing Communication. We and our affiliated businesses, partners, and agents may use e-mail to communicate with our customers, respond to visitor e-mails, or inform you about events or new products. You may also receive marketing emails from us. You may always unsubscribe from those emails within the body of the email, or by emailing privacy@mccorp.com.

  • Aggregate Non-Identifiable Information. MCi uses aggregate, non-identifiable information to improve our Service and for other internal and external purposes.

  • Legal Obligations. To comply with our legal obligations, including fulfilling any obligations outlined in our agreements with our customers and vendors.

DISCLOSURE AND SHARING

Customers. MCi may share your personal data with your employer or your employer’s customer, pursuant to such entity’s contract with MCi. Such sharing is necessary for MCi to provide our Services.

  • Service Providers. MCi may share your personal data with certain service providers, as follows

    • Hosting providers;

    • Support ticket providers;

    • Other contractors providing services on our behalf, each with appropriate data protection contracts in place.

  • Partners. MCi may disclose contact information to our partners and event host/sponsors pursuant to written agreements with such partners. They may use this information to send you marketing communications, subject to the terms of their privacy policies.

  • Affiliates. MCi may share your personal data with other members of a group of companies to which MCi belongs.

  • Legal Requirements. MCi may be required by law to disclose your personal data, including to meet national security or law enforcement requirements, or to protect our operations, rights, and safety. We will try to take steps to limit any such disclosure to the extent commercially feasible.

  • Change of Ownership. If MCi is acquired or otherwise sells our business, we will transfer all of your personal data to the successor entity. MCi will try to notify you of any change in ownership or sale by either posting it on our website or by emailing you (at the email address in our records).

  • Other Users. We may disclose information to other users of our Service in an aggregated format, provided it does not include personal data. This may include “best practices” tips, trainings, white papers, or other aggregated information useful to the community.

  • No Sales of Information. MCi does not sell your personal data to any third parties.

  • Liability. In certain circumstances, MCi shall remain liable if the entity that MCi shares your information with processes such personal information in a manner inconsistent with this Policy, unless MCi proves that it is not responsible for the event giving rise to the damage.

INDUSTRY-STANDARD SECURITY

We have implemented appropriate safeguards to prevent personal data from being lost, misused, accessed, altered, or disclosed by unauthorized parties.  Employees and third parties are provided only with personal data on a need-to-know basis and only the minimum amount they require to complete their specific job.  All employees are also subject to confidentiality agreements and undergo annual training on the proper handling of personal data.  Further, procedures have been developed and tested to handle a potential data breach.  These procedures are designed to ensure that affected individuals and regulators are notified of the breach and damages can be minimized.

While we use industry-standard security measures to protect the personal data under our control, there is no guarantee that it cannot be compromised.  If you have reason to believe that your personal data may no longer be secure, please notify us immediately at privacy@mccorp.com.

CROSS-BORDER TRANSFERS OF PERSONAL DATA

Please note that your personal data is stored on our servers (currently located in the United States), which may be outside of your country of residence.  We have implemented security measures and controls to ensure that your data remains appropriately protected in these jurisdictions. 

If we further transfer this personal data, it will be transferred to a sub-processor that: (i) is located in a third country or territory recognized by the EU to have an adequate level of protection; (ii) we have entered into Standard Contractual Clauses with; or (iii) has other legally recognized appropriate safeguards in place, such as Binding Corporate Rules.  We put in place appropriate terms to protect your personal data in our agreements with our service providers.

EU-US DATA PRIVACY FRAMEWORK

MCi complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, as set forth by the U.S. Department of Commerce. MCi has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles , the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF , MCi commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF , MCi commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU and UK individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, should first contact MCi at: privacy@mccorp.com

RETENTION

We will only retain personal data for the duration necessary to fulfill the purposes for which it was collected.  Personal data may be retained for longer periods if it is required to do so to comply with regulatory or reporting requirements or financial obligations.  We may also retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you, or your employer or customer who may have registered for an MCi product or service. At the end of our retention period, we will either securely delete or anonymize the personal data

You may otherwise request that your personal data be deleted sooner in accordance with this Privacy Policy.  In some cases, where there is a remaining relevant or legal reason why we are required to keep this personal data, we may opt to restrict the amount of processing being conducted rather than erase it.

YOUR RIGHTS (GENERALLY)

In certain locations, you may have rights under data protection law, such as to request access to or deletion of your personal data or restrict MCi from processing it for certain purposes.  If you or a designated third-party agent would like to exercise these rights, please submit the request to privacy@mccorp.com, and we will respond as soon as reasonably practicable consistent with applicable law.  We will verify your identity, and the identity of any third-party agent acting on your behalf, before we comply with the request, and ask for your cooperation with our identity verification process.   

ADDITIONAL INFORMATION FOR DATA SUBJECTS IN THE EUROPEAN UNION (EU) AND THE UK

If you are a ‘data subject’ in the EU, the following applies to any personal data (as defined under the General Data Protection Regulation, GDPR) that we collect as a data controller:

  • The right to confirm whether or not your personal data is being processed, and to be provided with relevant details of what those processing operations are and what personal data of yours is being processed.

  • The right to complete or correct any incomplete or inaccurate personal data.

  • The right to request your personal data be deleted. Please note that this is not an absolute right; if you were to request that we erase your personal data, we would erase as much of that data as we could but may have to retain some information if necessary.

  • The right to object to the way we use, or have used, your personal data.

  • The right to complain about our use of your personal data.

Where MCi acts as a data processor for your personal data on behalf of a third-party data controller (typically your employer or customer), MCi may refer you to such third-party to exercise your rights as a data subject. 

Exercising your rights.  If you or a designated third-party agent would like to exercise these rights, please submit the request to privacy@mccorp.com or contact us by mail or phone using the contact information provided at the bottom of this Privacy Policy.  MCi will respond to all legitimate requests within one month and will contact you should we require additional information in order to honor your request.  We will verify your identity, and the identity of any third-party agent acting on your behalf, before we comply with the request, and ask for your cooperation with our identity verification process.  If your request or concern is not satisfactorily resolved by us, you can approach your local data protection authority.  You can find your local data protection authority in the EU here and in the UK here.

Legal basis for processing your personal data.  MCi uses personal data to fulfill any contractual obligations that exist between us and yourself, your employer, or your customer.  We require relevant personal data or we will not be able to deliver the Services.  In such cases, the lawful basis for us processing the personal data is that it is necessary for the performance of a contract.

We are required by law to process personal data for purposes relating to our legal obligations, including: to provide for our financial commitments, or to relevant financial authorities; to comply with regulatory requirements and any self-regulatory schemes; to carry out business operations and due diligence; to cooperate with relevant authorities for reporting criminal activity or to detect and prevent fraud; to investigate any claims, including claims of unfair dismissal, claims of any kind of harassment or of discrimination, or any other claim where MCi may have to defend itself.

We may also process personal data as a data processor for our own legitimate interests, granted that those interests do not override any of our user’s own interests, rights, and freedoms.  This legitimate interest includes processing for marketing, research, and business development purposes.

Personal data may be used without knowledge or consent in situations where legally required or permitted, or when personal data has been anonymized or pseudonymized so it is no longer associated with the user.  This means we have removed personally identifying information so the data we’re left with cannot be tied back to you as an individual.

We may also process personal data to inform you of new or improved services provided by MCi.  You may withdraw your consent for us to process your personal data for these purposes at any time.  After a withdrawal of consent is received, we may contact you to verify the request.  Withdrawing your consent for us to process your personal data will not affect the lawfulness of any processing which occurred prior to such withdrawal.

YOUR RIGHTS AS A “CONSUMER” UNDER THE CALIFORNIA CONSUMER PRIVACY ACT

If you are a California resident and a Consumer (as defined under the California Consumer Privacy Act, CCPA), California law provides you with specific rights regarding your personal information, subject to certain exceptions.  For purposes of California law, personal information means information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a consumer or household. 

MCi does not “sell” (as defined by the CCPA) your personal information without your consent.  MCi also does not rent, sell, or share personal information (as defined by California Civil Code §1798.83) with other people or unaffiliated companies for their direct marketing purposes.

California Consumers have the below rights, subject to certain exceptions:

  • To request MCi to disclose to you the categories and specific pieces of personal information MCi has collected about you, the categories of sources from which the personal information is collected, the business or commercial purpose for collecting your personal information, and the categories of third parties with whom MCi shares your personal information.

  • To request MCi to delete any personal information about you that MCi has collected from you, under certain circumstances.

  • You can ask us if the information was disclosed to third parties, the categories of personal information was disclosed to third parties, and the categories of third parties to whom such information was disclosed.

  • You have the right to not be discriminated against because of exercising any of your rights under the CCPA.

If you or a designated third-party agent would like to exercise these rights, please submit the request to privacy@mccorp.com, and we will respond as soon as reasonably practicable consistent with applicable law.  We will verify your identity, and the identity of any third-party agent acting on your behalf, before we comply with the request, and ask for your cooperation with our identity verification process.  Please note that we are only required to respond to two such requests per individual each year.

Over the past 12 months, we may have collected the following categories of personal information from California residents through our Services:

  • Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, IP address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers, as described above;

  • Other elements of personal information under California Civil Code Section 1798.80, such as described above.

  • Commercial information about products or services purchased, obtained, or considered, as described above.

  • Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an internet website, application or advertisement when you interact with MCi’s website as described above and in our Cookie Policy.

  • Geolocation data through our Track Anywhere Virtual Gate, as further described in our Track Anywhere Virtual Gate Privacy Notice and Consent.

  • Audio, electronic, visual, or similar information when you visit an MCi office location or upload a photo or image into the Service.

  • Professional or employment-related information as supplied by you, your employer, or your employer’s customer.

  • Any additional information uploaded to the Services by you, our customers, or other users of our Services, including information captured in images and photos.

  • Inferences that are drawn from any of the information identified above.

This information is collected and used for the purposes disclosed herein.  In the 12 months immediately preceding the date of this notice, we have not sold personal information of California residents, including that of minors.  We may have disclosed any of the above categories of personal information pursuant to an individual’s consent or under a written contract with a service provider for a business purpose.

Our websites honor “Do Not Track” signals.

RECOURSE AND ENFORCEMENT

The Federal Trade Commission has jurisdiction over MCi’s compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF. In compliance with the DPF Principles, MCi commits to resolve DPF Principles-related complaints about our collection or use of your Personal Data. Data Subjects with inquiries or complaints regarding our handling of Personal Data received in reliance on the DPF should first contact MCi by e-mailing privacy@mccorp.com.

If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may be able to invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf for further information. 

MCi agrees to periodically review and verify its compliance with the DPF Principles, and to remedy any issues arising out of failure to comply with the DPF Principles. MCi acknowledges that its failure to provide an annual self-certification to the U.S. Department of Commerce will remove it from the Department’s list of DPF participants.

OTHER TERMS

Application of this Policy.  By registering or using our Services, you agree to comply with the terms of this Privacy Policy and agree that we may process your personal data or personal information as set forth herein.

No Minors.  MCi does not intentionally gather personal data about visitors under the age of 16 or those not at the age of majority in any applicable jurisdiction.  We request that these individuals, and others on their behalf, not provide us with their personal data.

Links to Third Party Sites.  Our Services may contain links to other sites and services, which are owned and controlled by others.  We are not responsible for the content or privacy practices of these other sites.  These third-party websites have their own policies regarding privacy, and you should review these policies.

Revisions to this Policy.  MCi may change this Privacy Policy at any time without notice and at MCi’s sole discretion.  We will notify you of any material changes to this policy by posting the updated policy on this page.  Such modifications shall be effective when posted.  Please revisit this Privacy Policy regularly to stay informed.

Other Services.  Please be aware that this Privacy Policy and the choices you make on this website and within our services will not necessarily apply to the personal information you may have provided to us in the context of other, separately operated, Management Controls products or services.

CONTACT DETAILS

If you have any inquiries or concerns regarding MCi’s Privacy Policy or our compliance with this Privacy Policy (including if you believe that MCi has operated in a manner inconsistent with this Privacy Policy), please contact privacy@mccorp.com.

  • Office Address: 15600 John F. Kennedy Blvd., Suite 850, Houston, Texas 77032

  • Phone number: +1.281.590.5881

  • Data Protection Officer: MCi’s Data Protection Officer is Daniel Iturbe and can be reached at the above physical office address or via email at privacy@mccorp.com.

  • EU Representative: Ametros Ltd., Unit 3D, North Point House, North Point Business Park, New Mallow Road, Cork, Ireland; email: gdpr@ametrosgroup.com; website: www.ametrosgroup.com.

  • UK Representative: Ametros Group Ltd, Lakeside Offices, Thorn Business Park, Rotherwas Industrial Estate, Hereford, Herefordshire, England HRT2 6JT; email: gdpr@ametrosgroup.com; website: www.ametrosgroup.com.


Management Controls Blog

Latest industry news and insights