Mainline Information Systems

Privacy Statement

This statement discloses the information practices for Mainline Information Systems, Inc.’s (“Mainline”) website (“Website”), from what type of information about our Website’s users is gathered and tracked, to how the information is used, shared or otherwise processed offline.

 

Collection of Personal Information

You may choose to give us personal information directly in a variety of situations. For example, you may want to give us your name and contact information to communicate with you, to order a product, or to process an order. You may share a description of your education and work experience in connection with a job opening at Mainline for which you wish to be considered. If you tell us that you do not want us to use your information to make further contact with you beyond fulfilling your request, we will respect your wishes.

We may also collect information relating to your use of our Website. For example, when you visit our Website, we may log certain information that your browser sends us, such as your IP address, browser type and language, access time, and referring Website addresses, and we may collect information about the pages you view within our Website and other actions you take while visiting us. We may also use related technologies to determine whether you have opened an email or clicked on a link contained in an email.

 

When We Share Your Personal Information

If you request something from Mainline, for example, a product or service, a callback, or specific marketing materials, we will use the information you provide to fulfill your request. To help us do this, we may share information with others, including suppliers, subcontractors, and consultants, that have agreed to safeguard such information in a like manner to the way Mainline safeguards such information and that have agreed to confidentiality terms with Mainline. We may also contact you as part of our customer satisfaction surveys or for market research purposes.

 

Recruitment

In connection with a job application or inquiry, whether advertised on the Mainline Website or otherwise, you may provide us with information about yourself, such as a resume. We may use this information throughout Mainline in order to address your inquiry or consider you for employment purposes. Unless you tell us not to do so, we may keep the information for future consideration.

 

Use of Cookies

This Website works with cookies that collect anonymous traffic data on this Website. These cookies may tell us whether you have visited our Website before or are a new visitor and what material on our Website you have viewed. The cookies we use do not collect any personally-identifiable information about you or provide us with any way to contact you, and the cookies do not extract any information from your computer. We do store cookies on your computer to track your user identity when accessing certain features and functionality on the Website and to track how you may have reached our site. Many commonly available browsers permit you to reject cookies from this Website and you may use this Website with that feature of those browsers enabled, however, you understand and agree that some of the features and content on our Website may be unavailable to you if your browser is configured to reject cookies.

 

Data Security

Mainline takes reasonable and appropriate measures to maintain the confidentiality of personal information and to protect personal information from misuse and unauthorized access. This includes maintaining a system of appropriate administrative, physical, and technical safeguards to secure such information.

 

Privacy Questions

If you have a question about this Privacy Statement or Mainline’s handling of your information, you can send an email to Customer.Care@mainline.com.

Privacy Policy Addendum:
GDPR Code of Conduct & Privacy Policy for Mainline Information Systems, Inc.

This Privacy Policy Addendum (“Addendum”) applies to the extent Mainline has access to any personal data of European Union (“EU”) data subjects protected under the General Data Protection Regulation (“GDPR”).  In those instances, this Addendum prevails over any conflicting terms in the Mainline Privacy Statement.

Mainline is subject to data privacy laws, including data breach notification laws, that protect personally identifiable information (“PII”).  PII includes sensitive information such as social security numbers; banking information; credit card information; personal identification numbers; passwords; pass codes; official state or government-issued driver’s license or identification card numbers; government passport numbers; biometric data; employer, student, or military identification numbers; and other financial transaction information.  Mainline maintains reasonable security procedures and practices to protect paper and electronic documents that include PII from unauthorized access, use, modification, disclosure, or destruction.

In some scenarios, Mainline may also be subject to international data privacy laws, including the GDPR.  The GDPR was designed to harmonize data privacy laws across the EU in an effort to further protect EU residents’ personal data.  Personal data includes a person’s name, home address, email address, usernames and passwords, identification card number or employee ID, location data, IP address, or any communication identifying an individual.  GDPR places restrictions on how personal data can be collected, accessed, used, distributed and stored, and applies to all Mainline activities involving receiving or processing the personal data of EU residents, regardless of Mainline’s geographical location.  Mainline is also responsible for ensuring its third party vendors that receive or process such personal data comply with GDPR.

Mainline processes personal data of EU data subjects in accordance with our GDPR Privacy Policy, attached hereto as Exhibit A, which addresses the following specific applications of GDPR to Mainline’s processing activities:

  • fair and transparent processing;
  • the legitimate interests pursued by controllers in specific contexts;
  • the collection of personal data, if applicable;
  • the pseudonymization of personal data, if applicable;
  • the information provided to the public and to data subjects;
  • the exercise of the rights of data subjects;
  • the information provided to, and the protection of, children;
  • the measures and procedures referred to in Articles 28 and 29 and the measures to ensure security of processing referred to in Article 32;
  • the notification of personal data breaches to the data controllers and the communication of such personal data breaches to data subjects;
  • the transfer of personal data to the United States; and
  • out-of-court proceedings and other dispute resolution procedures for resolving disputes between controllers and data subjects with regard to processing, without prejudice to the rights of data subjects pursuant to Articles 77 and 79.

Violations of data privacy laws carry severe consequences and may expose Mainline to substantial damages.  All employees should be familiar with the general principles of data privacy and must abide by all data privacy laws.

Exhibit A: GDPR Privacy Policy

Last Updated: January 29, 2019

OUR COMMITMENT TO PRIVACY

Mainline Information Systems, Inc. and its affiliates (“Mainline”) are committed to your privacy.  We want you to be familiar with how we collect, use and disclose information. This Privacy Policy describes our practices in connection with information that we process while performing services for our customers who are controllers of your personal data.

 

WHAT INFORMATION WE PROCESS

Personal Information” is information that identifies you as a natural person or relates to an identifiable natural person.  To the extent our customers maintain this type of data about you, we may process the following Personal Information:

  • Personal contact information such as name, address, telephone number and email address;
  • Business contact information such as business address, telephone number and email address;
  • Other ‘personal data’ as defined under the General Data Protection Regulation (“GDPR”) that our clients maintain about you, solely to the extent Mainline is engaged to process such personal information

Other Information” is any information that does not reveal your specific identity or does not directly relate to an identifiable individual.  We may collect and process the following Other Information:

  • Browser and device information;
  • Demographic information and other information provided by you that does not reveal your specific identity;
  • Information that has been aggregated in a manner such that it no longer reveals your specific identity.

If we are required to treat Other Information as Personal Information under applicable law, then we will collect, use and disclose it for the purposes for which we collect, use and disclose Personal Information as detailed in this Policy.

 

HOW WE COLLECT AND PROCESS PERSONAL AND OTHER INFORMATION

Mainline does not collect Personal Information of EU data subjects from our customers. All client data remains on our client’s infrastructure and is subject to our client’s security policies and procedures. However, in order to perform professional services for our customers, we may be asked to process your personal information maintained by our customers. “Processing” under GDPR is defined as the following:

  • any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Mainline may be asked to perform one or more of the above-referenced actions on our client’s information technology infrastructure which contains your Personal Information.  When that is the case, Mainline performs such services in accordance with our client’s specific written instructions, the protections set forth in our corporate policies and procedures, and this Privacy Policy.

 

HOW WE USE PERSONAL INFORMATION

Mainline uses Personal Information exclusively in accordance with our client’s instructions and solely for the legitimate business purpose of performing the services for which we have been engaged. Mainline has procedures in place to ensure such services are documented in a written contract between Mainline and our clients.  Mainline may also use Personal Information to respond to requests for audits or to otherwise meet our legal and regulatory compliance obligations.

 

HOW WE DISCLOSE PERSONAL INFORMATION

We may disclose Personal Information to contracted sub-processors solely to the extent necessary for Mainline to fulfill its contractual obligations to our clients.  When that is the case, Mainline obtains the client’s prior written consent and ensures such sub-processors are bound by the same contractual clauses as Mainline with respect to protection of Personal Information. Where our sub-processor fails to fulfill its data protection obligations, Mainline remains fully liable to our clients (the controllers) for the performance of that sub-processor’s obligations.

Additionally, Mainline may be required to disclose Personal Information in response to lawful requests by public authorities to comply with national security or law enforcement requirements.

 

HOW LONG WE RETAIN PERSONAL INFORMATION

Mainline does not retain any Personal Information processed on behalf of our clients.  All client data remains on our client’s infrastructure and is subject to our client’s security policies and procedures.

 

WHAT SECURITY MEASURES WE USE

We have implemented internal policies and technical measures to protect Personal Information from loss, accidental destruction, misuse or disclosure in the course of performance of services for our clients. Such internal policies and technical measures include, to the extent applicable to services performed:

  • The use of pseudonymization and encryption of personal data where appropriate;
  • Procedures and controls to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
  • Procedures and controls to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
  • Procedures for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing; and
  • Procedures to ensure that data is not accessed, except by individuals in the proper performance of their duties.

 

PRIVACY RIGHTS FOR RESIDENTS OF THE EUROPEAN ECONOMIC AREA AND SWITZERLAND

If you are resident in the European Economic Area or Switzerland, under European or Swiss law you have the following rights in respect of your Personal Information that we hold:

  • Right of access. You have the right to obtain confirmation of whether, and where, we are processing your Personal Information; information about the categories of Personal Information we are processing, the purposes for which we process your Personal Information and information as to how we determine applicable retention periods; information about the categories of recipients with whom we may share your Personal Information; and a copy of the Personal Information we hold about you, if applicable.
  • Right of portability. You have the right, in certain circumstances, to receive a copy of the Personal Information you have provided to us in a structured, commonly used, machine-readable format that supports re-use, or to request the transfer of your personal data to another person.
  • Right to rectification. You have the right to obtain rectification of any inaccurate or incomplete Personal Information we hold about you without undue delay.
  • Right to erasure. You have the right, in some circumstances, to require us to erase your Personal Information without undue delay if the continued processing of that Personal Information is not justified.
  • Right to restriction. You have the right, in some circumstances, to require us to limit the purposes for which we process your Personal Information if the continued processing of the Personal Information in this way is not justified, such as where the accuracy of the Personal Information is contested by you.
  • Right to object. You have a right to object to any processing based on our legitimate interests where there are grounds relating to your particular situation. There may be compelling reasons for continuing to process your Personal Information, and we will assess and inform you if that is the case. You can object to marketing activities for any reason.
  • If you are resident in France, you also have the right to set guidelines for the retention and communication of your Personal Information after your death.

If you wish to exercise one of these rights, please contact Mainline’s Chief Information Security Officer, Brian Showman, at brian.showman@mainline.com.

EU residents also have the right to lodge a complaint to your local data protection authority. Further information about how to contact your local data protection authority is available at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm. Swiss residents have the right to lodge a complaint with the Swiss Federal Data Protection and Information Commissioner at: https://www.edoeb.admin.ch/?lang=en.

Residents in other jurisdictions may also have similar rights to the above. Please contact Mainline’s Chief Information Security Officer, Brian Showman, at brian.showman@mainline.com if you would like to exercise one of these rights, and we will comply with any request to the extent required under applicable law.

 

THIRD PARTY SERVICES

This Privacy Policy does not address, and we are not responsible for, the privacy, information or other practices of any third parties. The inclusion of any links on Mainline websites, work product or marketing materials do not imply endorsement of the linked site or service by us or by our affiliates.

In addition, we are not responsible for the information collection, use, disclosure or security policies or practices of other organizations, such as our clients, Facebook, Apple, Google, Microsoft, RIM or any other app developer, app provider, social media platform provider, operating system provider, wireless service provider or device manufacturer.

 

USE OF OUR SERVICES BY MINORS

The services performed by Mainline for our clients are not directed to individuals under the age of eighteen (18), and we do not knowingly collect or process Personal Information from individuals under 18.

 

CROSS-BORDER TRANSFER

Mainline processes your Personal Information in the United States unless otherwise instructed by our clients.  As such, when our clients use our Services, you understand that your information may be transferred from your country of residence to the United States, which may have data protection rules that are different from those of your country.  In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in the United States may be entitled to access your Personal Information.

Some of the non-EEA countries are recognized by the European Commission and Switzerland as providing an adequate level of data protection according to EEA or Swiss standards. For transfers from the EEA or Switzerland to countries not considered adequate by the European Commission or Switzerland, we have put in place adequate measures, such as standard contractual clauses adopted by the European Commission or contracts approved by the Swiss Commissioner, to protect your Personal Information.

In addition to the protections provided under other sections of this Privacy Policy, we have verified and will verify annually through self-assessment that the attestations and assertions made about our privacy practices are true and that those privacy practices have been implemented as represented and in accordance with this Privacy Policy.  The verification includes the following:

  • That the Privacy Policy is accurate, comprehensive, prominently displayed, completely implemented and accessible;
  • That the Privacy Policy conforms to the principles set forth in the GDPR;
  • That individuals are informed of any in-house arrangements for handling complaints and of the independent mechanisms through which they may pursue complaints;
  • That we have in place procedures for training employees in the implementation of this Privacy Policy and disciplining them for failure to follow it;
  • That we have in place internal procedures for periodically conducting objective reviews of compliance with the above.

We will cooperate with the Data Protection Authorities (“DPAs”) and/or the Swiss Commissioner and comply with the advice of the DPA’s and/or Swiss Commissioner.  In the event that the DPAs and/or the Swiss Commissioner determines that we did not comply with this Privacy Policy, we will take appropriate steps to address any adverse effects and to promote future compliance, comply with any advice given by the DPAs and/or the Swiss Commissioner where the DPAs and/or the Swiss Commissioner has determined that we need to take specific remedial or compensatory measures for the benefit of individuals affected by any non-compliance with this Privacy Policy, and provide the DPAs and/or the Swiss Commissioner with written confirmation that such action has been taken.

 

UPDATES TO THIS PRIVACY POLICY

The “LAST UPDATED” legend at the top of this Privacy Policy indicates when this Privacy Policy was last revised.  Any changes will become effective when we post the revised Privacy Policy on Mainline’s website.  Our client’s use of our services following these changes constitutes acceptance of the revised Privacy Policy.

 

HOW TO CONTACT US

If you have any questions about this Privacy Policy, please contact Mainline’s Chief Information Security Officer, Brian Showman, at brian.showman@mainline.com or at:

Mainline Information Systems, Inc.
Attn: Chief Information Security Officer
1700 Summit Lake Drive
Tallahassee, Florida 32317

 

Because email communications are not always secure, please do not include credit card or other sensitive information in your emails to us.