For the purpose of the UK Data Protection Act 1998 (the Act) and the EU’s General Data Protection Regulation (GDPR), the data controller is MondoBox, Inc. Within this document, the terms “MondoBox“, “we“, and “us” means MondoBox, Inc. (doing business as MondoBox), a Delaware corporation whose registered office is at the following address:
810 E 8th Street
Oakland, CA 94606
MondoBox has been certified by Privacy Shield. We are in compliance with CalOPPA, PIPEDA, and are GDPR compliant. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/.
This policy is effective as of May 1, 2019. To learn more about the GDPR and the privacy rights it affirms, see https://www.eugdpr.org/eugdpr.org.html.
To learn more about CalOPPA, see https://consumercal.org/about-cfc/cfc-education-foundation/california-online-privacy-protection-act-caloppa-3/.
To learn more about PIPEDA, please visit https://www.priv.gc.ca/en/privacy-topics/privacy-laws-in-canada/the-personal-information-protection-and-electronic-documents-act-pipeda/r_o_p/ .
1.1 Your Data Privacy Rights
We take our customers’ privacy rights seriously. We’ve expanded our protections on your behalf and in accord with the rights described in the EU’s General Data Protection Requirement (GDPR). GDPR grants the right of access and the right to be informed. These broadly mean people will have the right to know who is processing their data and why.
We summarize the rights that you have under data protection law below. Some of the rights are complex, and not all of the details have been included in our summaries. Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights. For more, please see the GDPR’s Chapter 3 Rights of the Data Subject here: https://gdpr-info.eu/chapter-3/.
Your principal rights under the GDPR-enhanced data protection law are:
1.1.1 MondoBox Legal Obligations
In support of the identity theft protocols, MondoBox currently maintains customer information on account for 5 years. MondoBox has a process in place to automatically erase customer personal data 5 years after the customer account has been closed. This policy is compliant with the GDPR.
1.1.2 More about your rights
You have the right to confirmation as to whether or not we process your personal data and where we do, and access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee. You can access your personal data by requesting it from MondoBox as described below.
You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed.
In some circumstances you have the right to the erasure of your personal data without undue delay. Those circumstances include:
However, there are exclusions of the right to erasure. The general exclusions include where processing is necessary for compliance with MondoBox’s legal obligation as described above; or for the establishment, exercise or defense of legal claims.
In some circumstances you have the right to restrict the processing of your personal data. Those circumstances are:
Where processing has been restricted on this basis, we may continue to store your personal data. However, we will only otherwise process it:
You have the right to object to our processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the processing is necessary for:
If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defense of legal claims.
You have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your personal data for this purpose.
You have the right to object to our processing of your personal data for scientific or historical research purposes or statistical purposes on grounds relating to your particular situation, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
You have the right to receive your personal data from us in a structured, commonly used and machine-readable format.
If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement. For the United Kingdom, you may lodge a complaint with UK-designated supervisory authority: the Information Commissioner’s Office (ICO) https://ico.org.uk.
In addition, you may seek independent dispute resolution from other appropriate bodies designated to address complaints and provide appropriate recourse free of charge to you. For individuals protected under the EU-U.S. Privacy Shield, contact the European data protection bodies listed here: https://edpb.europa.eu/about-edpb/board/members_en. We are subject to the investigatory and enforcement powers of the US Federal Trade Commission (FTC).
We comply with the EU-U.S. Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries. We certify that we adhere to the Privacy Shield Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement.
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal. Nor will it affect the legal obligations that govern MondoBox’s legitimate interest in retaining certain types of personal data.
You may exercise any of your rights in relation to your personal data the methods described in the Contact section below and here:
We may collect and process the following data about you:
Information you give us. You may give us information about you by filling in forms on our site www.mondobox.com (our site) or by corresponding with us by phone, e-mail or otherwise. This includes information you provide when you register a Customer account on our site, otherwise make use of any products or services available from our website or mobile applications, and when you report a problem, make a complaint to us, and other requests compatible with your privacy rights. The information you give us may include your name, username or nickname (if they contain personal information), your address, e-mail address and mobile phone number. Information we collect about you. With regard to each of your visits to our site we may automatically collect the following information:
Information we receive from other sources. We may receive information about you if you use any of the other websites we operate from time to time or if you avail yourself of the other services we provide. We are also working closely with third parties (including, for example, our regulators, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies) and may receive information about you from them. MondoBox has obtained affirmations from its 3rd party partners that they are GDPR compliant.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
We use SMS communication to verify your account registration, to notify you when match streaming begins, to advise you of any promotional offers that may be of interest to you, and to let you know of any upcoming special events, sponsored matches, or guest streamers. We work to ensure that you will only receive SMS communications from us that you want to receive.
We honor opt-out requests to opt out of SMS messaging. To opt out, reply with the word, ‘STOP’ to any SMS message we may send you. Alternatively, you may log into your MondoBox user account opt out of SMS messaging from the account profile menu, or you can send an email to the address shown below.
We use information held about you in the following ways:
Information you give us. With your explicit consent, we will use this information to:
Information we collect about you. We will use this information:
Information we receive from other sources. We may combine this information with information you give to us and information we collect about you. We may us this information and the combined information for the purposes set out above (depending on the types of information we receive).
We may share your personal information with any member of our group, which means our subsidiaries, or our ultimate holding company and its subsidiaries.
We may share your information with selected third parties including:
We may disclose your personal information to third parties:
All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site, any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access.