Effective February 7, 2020
If you have any questions or concerns about our use of your Personal Information, then please contact us using the contact details provided at the end of Section 5.
To the extent we provide you with notice of different or additional privacy policies, those policies will govern such interactions.
1. The Basics
A. About Us
Mailchimp is an online marketing platform operated by The Rocket Science Group LLC, a company headquartered in the State of Georgia in the United States ("we," "us," "our," and "Mailchimp").
Our Service enables our Members to, among other things, send and manage email campaigns across channels, serve advertisements, and create Websites and Landing Pages. We also provide other related services, such as real-time data analytics and insights to help our Members track and personalize their marketing activities. Find out more about our Service here.
B. Key Terms
“Mobile App(s)” means any one or all of the Mailchimp applications available for Members to use on their mobile devices.
"Contact" is a person a Member may contact through our Service. In other words, a Contact is anyone on a Member's Distribution List or about whom a Member has given us information. For example, if you are a Member, a subscriber to your email marketing campaigns would be considered a Contact.
"Distribution List" is a list of Contacts a Member may upload or manage on our platform and all associated information related to those Contacts (for example, email addresses).
"Member" means any person or entity that is registered with us to use the Service.
"Personal Information" means any information that identifies or can be used to identify an individual directly or indirectly. Examples of Personal Information include, but are not limited to, first and last name, date of birth, email address, gender, occupation, or other demographic information.
"Visitor" means, depending on the context, any person who visits any of our Mailchimp Sites, offices, or otherwise engages with us at our events or in connection with our marketing or recruitment activities.
"you" and "your" means, depending on the context, either a Member, a Contact, or a Visitor.
2. Privacy for Members
This section applies to the Personal Information we collect and process from a Member or potential Member through the provision of the Service. If you are not a Member, the Visitors or Contacts section of this policy may be more applicable to you and your data. In this section, "you" and "your" refer to Members and potential Members.
A. Information We Collect
The Personal Information that we collect depends on the context of your interactions with Mailchimp, your Mailchimp account settings, the products and features you use, your location, and applicable law. However, the Personal Information we collect broadly falls into the following categories:
(i) Information you provide to us: You (or your organization) may provide certain Personal Information to us when you sign up for a Mailchimp account and use the Service, consult with our customer service team, send us an email, integrate the Service with another website or service (for example, when you choose to connect your e-commerce account with Mailchimp), or communicate with us in any other way.
This information may include:
- Business contact information (such as your name, job title, organization, location, phone number, email address, and country);
- Marketing information (such as your contact preferences);
- Account log-in credentials (such as your email address or username and password when you sign up for an account with us);
- Troubleshooting and support data (which is data you provide or we otherwise collect in connection with support queries we receive from you. This may include contact or authentication data, the content of your chats and other communications with us, and the product or service you are using related to your help inquiry); and
- Payment information (including your credit card numbers and associated identifiers and billing address).
Service Usage Data may include:
Device information: We collect information about the device and applications you use to access the Service, such as your IP address, your operating system, your browser ID, and other information about your system and connection. If you are using our Mobile App, we may also collect information about the cellular network associated with your mobile device, your mobile device’s operating system or platform, the type of mobile device you use, your mobile device’s name and unique device ID, and information about the features of our Mobile App that you accessed.
Log data: Our web servers keep log files that record data each time a device accesses those servers and the nature of each access, including originating IP addresses and your activity in the Service (such as the date/time stamps associated with your usage, pages and files viewed, searches and other actions you take (for example, which features you used)), device event information (such as system activity, error reports (sometimes called ‘crash dumps’)), and hardware settings. We may also access metadata and other information associated with files that you upload into our Service.
Usage data: We collect usage data about you whenever you interact with our Service, which may include the dates and times you access the Service and your browsing activities (such as what portions of the Service you used). We also collect information regarding the performance of the Service, including metrics related to the deliverability of emails and other communications you send through the Service. If you are using our Mobile App, we may collect information about how often you use the Mobile App and other performance data. This information allows us to improve the content and operation of the Service, and facilitate research and analysis of the Service.
(iii) Information we collect from other sources: From time to time, we may obtain information about you from third-party sources, such as public databases, social media platforms, third-party data providers, and our joint marketing partners.
Examples of the information we receive from other sources include demographic information (such as age and gender), device information (such as IP addresses), location (such as city and state), and online behavioral data (such as information about your use of social media websites, page view information and search results and links). We use this information, alone or in combination with other Personal Information we collect, to enhance our ability to provide relevant marketing and content to you and to develop and provide you with more relevant products, features, and service.
B. Use of Personal Information
We may use the Personal Information we collect or receive through the Service (alone or in combination with other data we source) for the purposes and on the legal bases identified below:
- To communicate with you about your account and provide customer support to perform our contract with you for the use of the Service or where we have not entered into a contract with you, in reliance on our legitimate interests in administering and supporting our Service. For example, if you use our Mobile Apps, we may ask you if you want to receive push notifications about activity in your account. If you have opted in to these push notifications and no longer want to receive them, you may turn them off through your operating system.
- To meet legal requirements, including complying with court orders, valid discovery requests, valid subpoenas, and other appropriate legal mechanisms.
- To provide information to representatives and advisors, including attorneys and accountants, to help us comply with legal, accounting, or security requirements in reliance on our legitimate interests.
- To prosecute and defend a court, arbitration, or similar legal proceeding.
- To respond to lawful requests by public authorities, including to meet national security or law enforcement requirements.
- To provide, support and improve the Service to perform our contract with you for the use of the Service or where we have not entered into a contract with you, in reliance on our legitimate interests in administering and improving the Service and providing certain features. For example, this may include sharing your information with third parties in order to provide and support our Service or to make certain features of the Service available to you. When we share your Personal Information with third parties, we take steps to protect your information in a manner that is consistent with our obligations under applicable privacy laws. For further information about how we share your information, refer to Section 5 below.
- To provide suggestions to you and to provide tailored features within our Service that optimize and personalize your experience in reliance on our legitimate interests in administering the Service and providing certain features. This includes adding features that compare Members’ email campaigns, using data to suggest other publishers your Contacts may be interested in, or using data to recommend products or services that you may be interested in or that may be relevant to you or your Contacts. Some of these suggestions are generated through analysis of the data used in our data analytics projects, as described below.
- To perform data analytics projects in reliance on our legitimate business interests in improving and enhancing our products and services for our Members. Our data analytics projects use data from Mailchimp accounts, including Personal Information of Contacts, to provide and improve the Service. We use information like your sending habits and your Contacts’ purchase history, so we can make more informed predictions, decisions, and products for our Members. For example, we use data from Mailchimp accounts to enable product recommendation, audience segmentation, and predicted demographics features for our Members. If you or your Contact prefers not to have their data used for this purpose, you can alter the settings on your account (as described here) to opt out of data analytics projects, or your Contact can opt out of data analytics projects at any time by emailing us at email@example.com. As always, we take the privacy of Personal Information seriously, and will continue to implement appropriate safeguards to protect this Personal Information from misuse or unauthorized disclosure.
C. Third-Party Integrations
D. Cookies and Tracking Technologies
We and our third-party partners may use various technologies to collect and store Service Usage Data when you use our Service (as discussed above), and this may include using cookies and similar tracking technologies, such as pixels, web beacons, and if you use our Mobile Apps, through our SDKs deployed on your mobile device. For example, we use web beacons in the emails we send on your behalf, which enable us to track certain behavior, such as whether the email sent through the Service was delivered and opened and whether links within the email were clicked. Both web beacons and SDKs allow us to collect information such as the recipient’s IP address, browser, email client type and other similar data as further described above details. We use this information to measure the performance of your email campaigns, to provide analytics information, enhance the effectiveness of our Service, and for other purposes described above. Reports are also available to us when we send email to you, so we may collect and review that information.
E. Member Distribution Lists
A Distribution List can be created in a number of ways, including by importing Contacts, such as through a CSV or directly from your email client. We do not, under any circumstances, sell your Distribution Lists. If someone on your Distribution List complains or contacts us, we might then contact that person. You may export (download) your Distribution Lists from Mailchimp by accessing the “Audience” tab from within your account.
If we detect abusive or illegal behavior related to your Distribution List, we may share your Distribution List or portions of it with affected ISPs or anti-spam organizations to the extent permitted or required by applicable law.
If a Contact chooses to use the Forward to a Friend (FTF) link in an email campaign a Member sends, it will allow the Contact to share the Member’s email content with individuals not on the Member’s Distribution List. When a Contact forwards an email to a friend, we do not store the Contact’s email address or their friend’s email address, and no one is added to any Distribution List as a result of the FTF link. The Member who created the email campaign only sees an aggregate number of times their email campaign was forwarded by a Contact and does not have access to the email addresses used to share or receive that forwarded content.
F. Your Data Protection Rights
Depending on the country in which you reside, you may have the following data protection rights:
- To access; correct; update; port; delete; restrict; or object to our processing of your Personal Information.
- You can manage your individual account and profile settings within the dashboard provided through the Mailchimp platform, or you may contact us directly by emailing us at firstname.lastname@example.org. You can also manage information about your Contacts within the dashboard provided through the Mailchimp platform to assist you with responding to requests to access, correct, update, port or delete information that you receive from your Contacts. Note, if any of your Contacts wish to exercise any of these rights, they should contact you directly, or contact us as described in the “Privacy for Contacts” section below. You can also contact us at any time to update your own marketing preferences (see Section 5. General Information, C. Your Choices and Opt-Outs below). Mailchimp takes reasonable steps to ensure that the data we collect is reliable for its intended use, accurate, complete and up to date.
- The right to complain to a data protection authority about the collection and use of Personal Information. For more information, please contact your local data protection authority. Contact details for data protection authorities in the EEA and UK are available here and Switzerland are available here.
- Similarly, if Personal Information is collected or processed on the basis of consent, the data subject can withdraw their consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect the processing of your Personal Information conducted in reliance on lawful processing grounds other than consent. If you receive these requests from Contacts, you can segment your lists within the Mailchimp platform to ensure that you only market to Contacts who have not opted out of receiving such marketing.
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection law. We may ask you to verify your identity in order to help us respond efficiently to your request. If we receive a request from one of your Contacts, we will either direct the Contact to reach out to you, or, if appropriate, we may respond directly to their request.
3. Privacy for Contacts
A. Information We Collect
The Personal Information that we may collect or receive about you broadly falls into the following categories:
(i) Information we receive about Contacts from our Members: A Member may provide Personal Information about you to us through the Service. When a Member uploads their Distribution List or integrates the Service with another website or service (for example, when a Member chooses to connect their e-commerce account with Mailchimp), or when you sign up for a Member’s Distribution List on a Mailchimp or other signup form, the Member may provide us with certain contact information or other Personal Information about you such as your name, email address, address, or telephone number. You may have the opportunity to update some of this information by electing to update or manage your preferences via an email you receive from a Member.
- Device information: We collect information about the device and applications you use to access emails sent through our Service, such as your IP address, your operating system, your browser ID, and other information about your system and connection.
(iii) Information we collect from other sources: From time to time, we may obtain information about you from third-party sources, such as social media platforms, and third-party data providers. We use this information to provide publicly available social media information about you to Members who have enabled the "Social Profiles" feature in their Mailchimp accounts.
B. Use of Personal Information
We may use the Personal Information we collect or receive about you in reliance on our (and where applicable, our Members’) legitimate interests for the following purposes:
- To provide information to representatives and advisors, including attorneys and accountants, to help us comply with legal, accounting, or security requirements.
- To prosecute and defend a court, arbitration, or similar legal proceeding.
- To provide, support and improve the Service. For example, this may include sharing your information with third parties in order to provide and support our Service or to make certain features of the Service available to our Members. When we share Personal Information with third parties, we take steps to protect your information in a manner that is consistent with applicable privacy laws. For further information about how we share information, refer to Section 5 below.
- To perform data analytics projects. Our data analytics projects use data from Mailchimp accounts, including your Personal Information, to provide and improve the Service. We use information, like your purchase history, provided to us by Members, so we can make more informed predictions, decisions, and products for our Members. For example, we use data from Mailchimp accounts to enable product recommendation, audience segmentation, and predicted demographics features for our Members. If you prefer your data not to be used in this manner, you can opt out of data analytics projects at any time by completing this form or emailing us at email@example.com.
- To carry out other business purposes. To carry out other legitimate business purposes, as well as other lawful purposes about which we will notify you.
C. Cookies and Tracking Technologies
We and our third-party partners may use various technologies to automatically collect and store certain device and usage information (as discussed above) when you interact with a Member’s email campaign or connected store, and this may include using cookies and similar tracking technologies, such as pixels and web beacons or if a Member is using our Mobile App, we may collect this information through our SDKs deployed on our Members mobile device. For example, we use web beacons in the emails we send on behalf of our Members. When you receive and engage with a Member’s campaign, web beacons track certain behavior such as whether the email sent through the Mailchimp platform was delivered and opened and whether links within the email were clicked. Both web beacons and SDKs allow us to collect information such as your IP address, browser, email client type, and other similar data as further described above. We use this information to measure the performance of our Members’ email campaigns, and to provide analytics information and enhance the effectiveness of our Service, and for the other purposes described above.
D. Your Data Protection Rights
Depending on the country in which you reside, you may have the following data protection rights:
- To access; correct; update; port; delete; restrict or object to our processing of your Personal Information.
- For more information about how you can exercise these rights, please see our Data Subject Requests form. You also have the right to complain to a data protection authority about our collection and use of your Personal Information. For more information, please contact your local data protection authority. Contact details for data protection authorities in the EEA are available here.
As described above, for much of the Personal Information we collect and process about Contacts through the Service, we act as a processor on behalf of our Members. In such cases, if you are a Contact and want to exercise any data protection rights that may be available to you under applicable law or have questions or concerns about how your Personal Information is handled by Mailchimp as a processor on behalf of our individual Members, you should contact the relevant Member that is using the Mailchimp Service, and refer to their separate privacy policies.
If you no longer want to be contacted by one of our Members through our Service, please unsubscribe directly from that Member’s newsletter or contact the Member directly to update or delete your data. If you contact us directly, we may either forward your request to the relevant Member or provide you with the identity of the Member to enable you to contact them directly.
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. We may ask you to verify your identity in order to help us respond efficiently to your request.
4. Privacy for Visitors
This section applies to Personal Information that we collect and process when you visit the Mailchimp Sites, and in the usual course of our business, such as in connection with our recruitment, events, sales and marketing activities or when you visit our offices. In this section, "you" and "your" refer to Visitors.
A. Information We Collect
(i) Information you provide to us on the Mailchimp Sites or otherwise: Our Mailchimp Sites offer various ways to contact us, such as through form submissions, email or phone, to inquire about our company and Service. For example, we may ask you to provide certain Personal Information when you express an interest in obtaining information about us or our Service, take part in surveys, subscribe to marketing, apply for a role with Mailchimp, or otherwise contact us. We may also collect Personal Information from you in person when you attend our events or trade shows, if you visit our offices (where you will be required to register as a visitor and provide us with certain information that may also be shared with our service providers) or via a phone call with one of our sales representatives. You may choose to provide additional information when you communicate with us or otherwise interact with us, and we may keep copies of any such communications for our records.
The Personal Information we collect may include:
- Business contact information (such as your name, phone number, email address and country);
- Professional information (such as your job title, institution or company);
- Nature of your communication;
- Marketing information (such as your contact preferences); and
- Any information you choose to provide to us when completing any ‘free text’ boxes in our forms.
The information we collect automatically includes:
- Device information: such as your IP address, your browser, device information, unique device identifiers, mobile network information, request information (speed, frequency, the site from which you linked to us (“referring page”), the name of the website you choose to visit immediately after ours (called “exit page”), information about other websites you have recently visited and the web browser you used (software used to browse the internet) including its type and language)
- Usage data: such as information about how you interact with our emails, Mailchimp Sites, and other websites (such as the pages and files viewed, searches, operating system and system configuration information and date/time stamps associated with your usage).
B. Use of Personal Information
We may use the information we collect through our Mailchimp Sites and in connection with our events and marketing activities (alone or in combination with other data we collect) for a range of reasons in reliance on our legitimate interests, including:
- To provide, operate, optimize, and maintain the Mailchimp Sites.
- To send you marketing information, product recommendations and non-transactional communications (e.g., marketing newsletters, telemarketing calls, SMS, or push notifications) about us, in accordance with your marketing preferences, including information about our products, services, promotions or events as necessary for our legitimate interest in conducting direct marketing or to the extent you have provided your prior consent.
- For recruitment purposes if you have applied for a role with Mailchimp.
- To respond to your online inquiries and requests, and to provide you with information and access to resources or services that you have requested from us.
- To manage the Mailchimp Sites and system administration and security.
- To manage event registrations and attendance, including sending related communications to you.
- To register visitors to our offices for security reasons and to manage non-disclosure agreements that visitors may be required to sign.
- To improve the navigation and content of the Mailchimp Sites.
- To identify any server problems or other IT or network issues.
- To process transactions and to set up online accounts.
- To compile aggregated statistics about site usage and to better understand the preferences of our Visitors.
- To help us provide, improve and personalize our marketing activities.
- To facilitate the security and continued proper functioning of the Mailchimp Sites.
- To carry out research and development to improve our Mailchimp Sites, products and services.
- To conduct marketing research, advertise to you, provide personalized information about us on and off our Mailchimp Sites, and to provide other personalized content based on your activities and interests to the extent necessary for our legitimate interests in supporting our marketing activities or advertising our Service or instances where we seek your consent.
- To carry out other legitimate business purposes, as well as other lawful purposes, such as data analysis, fraud monitoring and prevention, identifying usage trends and expanding our business activities in reliance on our legitimate interests.
- To cooperate with public and government authorities, courts or regulators in accordance with our legal obligations under applicable laws to the extent this requires the processing or disclosure of Personal Information to protect our rights or is necessary for our legitimate interest in protecting against misuse or abuse of our Mailchimp Sites and Service, protecting personal property or safety, pursuing remedies available to us and limiting our damages, complying with judicial proceedings, court orders or legal processes, or responding to lawful requests.
C. Public Information and Third-Party Websites
- Blog. We have public blogs on the Mailchimp Sites. Any information you include in a comment on our blog may be read, collected, and used by anyone. If your Personal Information appears on our blogs and you want it removed, contact us here. If we are unable to remove your information, we will tell you why.
- Social media platforms and widgets. The Mailchimp Sites include social media features, such as the Facebook Like button. These features may collect information about your IP address and which page you are visiting on our Mailchimp Site, and they may set a cookie to make sure the feature functions properly. Social media features and widgets are either hosted by a third party or hosted directly on our Mailchimp Site. We also maintain presences on social media platforms, including Facebook, Twitter, and Instagram. Any information, communications, or materials you submit to us via a social media platform is done at your own risk without any expectation of privacy. We cannot control the actions of other users of these platforms or the actions of the platforms themselves. Your interactions with those features and platforms are governed by the privacy policies of the companies that provide them.
D. Cookies and Tracking Technologies
E. Other Data Protection Rights
Depending on the country in which you reside, you may have the following data protection rights:
- To access; correct; update; port; delete; restrict or object to our processing of your Personal Information. You can exercise these rights by emailing firstname.lastname@example.org.
- You may also have the right to complain to a data protection authority about our collection and use of your Personal Information. For more information, please contact your local data protection authority. Contact details for data protection authorities in the EEA are available here.
- Similarly, if we have collected and processed your Personal Information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect the processing of your Personal Information conducted in reliance on lawful processing grounds other than consent. You can also contact us at any time to update your marketing preferences (see Section 5. General Information, C. Your Choices and Opt-Outs below).
5. General Information
A. How We Share Information
Other examples include analyzing data, hosting data, engaging technical support for our Service, processing payments, and delivering content.
In connection with our Service, we also use a third-party service provider, Twilio, Inc. We use Twilio's API, which allows us to build features into our Mailchimp application to enable us to communicate with our Members through texting and calling, and their "Authy" product, which we use for two-factor authentication for our application. If you are a Member, Twilio may need to collect and process certain Personal Information about you as a controller to provide such services. To learn more about Twilio's privacy practices, please visit https://www.twilio.com/legal/privacy.
(iii) Any competent law enforcement body, regulatory body, government agency, court or other third party where we believe disclosure is necessary (a) as a matter of applicable law or regulation, (b) to exercise, establish, or defend our legal rights, or (c) to protect your vital interests or those of any other person.
(v) Any other person with your consent.
B. Legal Basis for Processing Personal Information (EEA and UK Persons Only)
If you are located in the EEA or UK, our legal basis for collecting and using the Personal Information described above will depend on the Personal Information concerned and the specific context in which we collect it.
If you are a Member, we may need the Personal Information to perform a contract with you. In some limited cases, we may also have a legal obligation to collect Personal Information from you. If we ask you to provide Personal Information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your Personal Information is mandatory or not, as well as of the possible consequences if you do not provide your Personal Information.
Where required by law, we will collect Personal Information only where we have your consent to do so.
If you have questions or need further information concerning the legal basis on which we collect and use your Personal Information, please contact us using the contact details provided in the "Questions and Concerns" section below.
C. Your Choices and Opt-Outs
Members and Visitors who have opted in to our marketing emails can opt out of receiving marketing emails from us at any time by clicking the "unsubscribe" link at the bottom of our marketing messages.
Also, all opt-out requests can be made by emailing us using the contact details provided in the "Questions and Concerns" section below. Please note that some communications (such as service messages, account notifications, billing information) are considered transactional and necessary for account management, and Members cannot opt out of these messages unless you cancel your Mailchimp account.
D. Our Security
We take appropriate and reasonable technical and organizational measures designed to protect Personal Information from loss, misuse, unauthorized access, disclosure, alteration, and destruction, taking into account the risks involved in the processing and the nature of the Personal Information. For further information about our security practices, please see our Security page available here. If you have any questions about the security of your Personal Information, you may contact us at email@example.com.
Mailchimp accounts require a username and password to log in. Members must keep their username and password secure, and never disclose it to a third party. Because the information in a Member’s Mailchimp account is private, account passwords are hashed, which means we cannot see a Member’s password. We cannot resend forgotten passwords either. We will only provide Members with instructions on how to reset them.
E. International Transfers
(i) We operate in the United States
Our servers and offices are located in the United States, so your information may be transferred to, stored, or processed in the United States. While the data protection, privacy, and other laws of the United States might not be as comprehensive as those in your country, we take many steps to protect your privacy, including offering our Members a Data Processing Agreement available here.
(ii) Data transfers from Switzerland, United Kingdom, or the EEA to the United States
Mailchimp participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. We are committed to subjecting all Personal Information received from EEA member countries, United Kingdom, and Switzerland, respectively, in reliance on each Privacy Shield Framework, to each Framework’s applicable Principles. To learn more about the Privacy Shield Frameworks, and to view our certification, visit the U.S. Department of Commerce’s Privacy Shield website available here.
A list of Privacy Shield participants is maintained by the Department of Commerce and is available here.
Mailchimp is responsible for the processing of Personal Information we receive under each Privacy Shield Framework and subsequently transfer to a third party acting as an agent on our behalf. We comply with the Privacy Shield Principles for all onward transfers of Personal Information from the EEA, United Kingdom, and Switzerland, including the onward transfer liability provisions.
With respect to Personal Information received or transferred pursuant to the Privacy Shield Frameworks, we are subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge to you) at https://feedback-form.truste.com/watchdog/request. Under certain conditions, more fully described on the Privacy Shield website, here, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.
(iii) Members, Contacts and Visitors located in Australia
If you are a Member, Contact or Visitor who accesses our Service in Australia, this section applies to you. We are subject to the operation of the Privacy Act 1988 ("Australian Privacy Act"). Here are the specific points you should be aware of:
- As stated in our Acceptable Use Policy available here, sensitive personal information is not permitted on Mailchimp’s platform and Members are prohibited from importing or incorporating any sensitive personal information into their Mailchimp accounts or uploading any sensitive personal information to Mailchimp’s servers.
- Please note that if you do not provide us with your Personal Information or if you withdraw your consent for us to collect, use and disclose your Personal Information, we may be unable to provide the Service to you.
- Where we say we assume an obligation about Personal Information, we will also require our contractors and subcontractors to undertake a similar obligation.
- We will not use or disclose Personal Information for the purpose of our direct marketing to you unless:
- you have consented to receive direct marketing;
- you would reasonably expect us to use your personal details for marketing; or
- we believe you may be interested in the material but it is impractical for us to obtain your consent.
You may opt out of any marketing materials we send to you through an unsubscribe mechanism. If you have requested not to receive further direct marketing messages, we may continue to provide you with messages that are not regarded as "direct marketing" under the Australian Privacy Act, including changes to our terms, system alerts, and other information related to your account as permitted under the Australian Privacy Act and the Spam Act 2003 (Cth).
- Our servers are located in the United States. In addition, we or our subcontractors may use cloud technology to store or process Personal Information, which may result in storage of data outside Australia. It is not practicable for us to specify in advance which country will have jurisdiction over this type of offshore activity. All of our subcontractors, however, are required to comply with the Australian Privacy Act in relation to the transfer or storage of Personal Information overseas.
- We may also share your Personal Information outside of Australia to our business operations in other countries. While it is not practicable for us to specify in advance each country where your Personal Information may be disclosed, typically we may disclose your Personal Information to the United States, Canada and the European Union.
- You may access the Personal Information we hold about you. If you wish to access your Personal Information, please contact us directly by emailing us at firstname.lastname@example.org. We will respond to all requests for access within a reasonable time.
If you think the information we hold about you is inaccurate, out of date, incomplete, irrelevant, or misleading, we will take reasonable steps, consistent with our obligations under the Australian Privacy Act, to correct that information upon your request. If you find that the information we have is not up to date or is inaccurate or incomplete, please contact us in writing at dpo@mailchimp, so we can update our records. We will respond to all requests for correction within a reasonable time.
- If you are unsatisfied with our response to a privacy matter, you may consult either an independent advisor or contact the Office of the Australian Information Commissioner for additional help. We will provide our full cooperation if you pursue this course of action.
F. Retention of Data
We retain Personal Information where we have an ongoing legitimate business or legal need to do so. Our retention periods will vary depending on the type of data involved, but, generally, we'll refer to these criteria in order to determine retention period:
- Whether we have a legal or contractual need to retain the data.
- Whether the data is necessary to provide our Service.
- Whether our Members have the ability to access and delete the data within their Mailchimp accounts.
- Whether our Members would reasonably expect that we would retain the data until they remove it or until their Mailchimp accounts are closed or terminated.
When we have no ongoing legitimate business need to process your Personal Information, we will either delete or anonymize it or, if this is not possible (for example, because your Personal Information has been stored in backup archives), then we will securely store your Personal Information and isolate it from any further processing until deletion is possible.
G. California Privacy
The California Consumer Privacy Act (“CCPA”) provides consumers with specific rights regarding their Personal Information. You have the right to request that businesses subject to the CCPA (which may include our Members with whom you have a relationship) disclose certain information to you about their collection and use of your Personal Information over the past 12 months. In addition, you have the right to ask such businesses to delete Personal Information collected from you, subject to certain exceptions. If the business sells Personal Information, you have a right to opt-out of that sale. Finally, a business cannot discriminate against you for exercising a CCPA right.
When offering services to its Members, Mailchimp acts as a “service provider” under the CCPA and our receipt and collection of any consumer Personal Information is completed on behalf of our Members in order for us to provide the Service. Please direct any requests for access or deletion of your Personal Information under the CCPA to the Member with whom you have a direct relationship.
Consistent with California law, if you choose to exercise your applicable CCPA rights, we won’t charge you different prices or provide you a different quality of services. If we ever offer a financial incentive or product enhancement that is contingent upon you providing your Personal Information, we will not do so unless the benefits to you are reasonably related to the value of the Personal Information that you provide to us.
H. Do not Track
I. Changes to this Policy
J. Questions & Concerns
If you have any questions or comments, or if you have a concern about the way in which we have handled any privacy matter, please use our contact form to send us a message. You may also contact us by postal mail or email at:
For EEA, Swiss and UK Residents:
For the purposes of EU data protection legislation, The Rocket Science Group LLC d/b/a Mailchimp is the controller of your Personal Information. Our Data Protection Officer can be contacted at email@example.com.
For any other Residents:
The Rocket Science Group LLC d/b/a Mailchimp
Attn. Privacy Officer
675 Ponce de Leon Ave NE, Suite 5000
Atlanta, GA 30308 USA