We’ll refer to our website as the “Site”.
We’ll refer to Mattermost, Inc. as Mattermost or “we” or “us” or “our”.
We’ll refer to all the products and services we provide, individually and collectively, as the “Services”.
We’ll refer to you, the person or entity accessing our Site or using our Services, as “you” or “your”.
What is a Data Controller? For general data protection regulation purposes, the “data controller” means the organization (in this case, Mattermost, Inc.) who decides the purposes for which and the way in which any personal data is processed. As a Data Controller, we are bound by the requirements of the General Data Protection Regulations (the “GDPR”).
What is Data Processing? Data processing is any operation or set of operations performed upon Personal Information (whether automated or not). Examples of data processing explicitly listed in the text of the GDPR are: collection, recording, organizing, structuring, storing, adapting, altering, retrieving, consulting, using, disclosing by transmission, disseminating or making available, aligning or combining, restricting, erasure or destruction.
What is Personal Information? Personal information is any information which is about you, from which you can be identified.
We collect information from you when you register on our site and when you purchase any of our Services. We also gather data when you participate in our Site by reading, writing (including posting comments) and evaluating the content shared here, and when you interact with the Mattermost Enterprise Edition team for questions, requests and to evaluate our content or Services.
We may collect the following types of personal information from you:
Your name and email address
You company’s name and physical address
Information you choose to provide us through our forums or our services
We may retain server logs which include the IP address of every request to our server
We may also collect and aggregate information about the use of our Site and our Services. That information could include information such as your Internet Protocol (IP) address (an IP or Internet Protocol Address is a unique numerical address assigned to a computer as it logs on to the internet), browser type, operating system, the web page that you were visiting before accessing our Site, the pages or features of our Site which you browsed and the time spent on those pages or features, search terms, the links on our Site that you clicked on and other statistics. If you access our Site using a mobile device, we collect information such as a device identifier, user settings and the operating system of your device, as well as information about your use of our Services.
To compile statistics and analysis about your and other customers’ use of our Site and our Services.
To personalize your experience — your Personal Information helps us to better respond to your individual needs.
To improve our Site and our Services — we continually strive to improve our site offerings based on the information and feedback we receive from you.
To improve customer service — your Personal Information helps us to more effectively respond to your customer service requests and support needs.
To send periodic emails — the email address you provide may be used to send you information, notifications that you request about changes to topics or in response to your username, respond to inquiries and/or other requests or questions, or to alert you of updates to protect your system from new types of online attacks and to send periodic emails containing information relevant to your account and the products you use.
If you purchase our Services, then to enable you to purchase, renew and appropriately use a commercial license and license key for Mattermost Enterprise Edition.
We may also use your Personal Information where necessary for us to comply with a legal obligation, including to share information with government and regulatory authorities when required by law or in response to legal process, obligation or request.
We cooperate with government and law enforcement officials or private parties to enforce and comply with the law. We may disclose your Personal Information to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate: (i) to respond to claims, legal process (including subpoenas); (ii) to protect our property, rights and safety and the property, rights and safety of a third party or the public in general; and (iii) to stop any activity that we consider illegal, unethical or legally actionable activity.
We implement a variety of security measures to maintain the safety of your personal information when you enter, submit or access your personal information.
Except as set out below, we do not sell, trade or otherwise transfer to outside parties your personally identifiable information. Non-personally identifiable visitor information, however, may be provided to other parties for marketing, advertising or other uses.
We may contract with third-party service providers to assist us in better understanding our site visitors. These service providers are not permitted to use the information collected on our behalf except to help us conduct and improve our business.
We may also release your Personal Information when we believe release is appropriate to comply with the law, enforce our site policies or protect our or others’ rights, property or safety.
Your Personal Information may also be transferred to another company in the event of a transfer, change of ownership, reorganization or assignment of all or part of our businesses or assets. This will occur if the parties have entered into an agreement under which the collection, use and disclosure of the information is limited to those purposes of the business transaction, including a determination whether or not to proceed with the business transaction. You will be notified via email or prominent notice on our websites for thirty (30) days of any such change in ownership or control of your personal information or as otherwise may be required or permitted by law.
In certain situations, we may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. Where our third-party suppliers are in the U.S. we have ensured that their services fall under the “Privacy Shield”.
Mattermost self-certifies that it adheres to the E.U.-U.S. Privacy Shield principles of notice, choice, onward transfer, security, data integrity, access and enforcement for personal data submitted by our customers and partners. To see more information about our responsibilities under Privacy Shield, please see https://mattermost.com/privacy-shield.
We retain your Personal Information for as long as we need to fulfill our Services. In addition:
We may keep data linked to cookies and other online identifiers up to three years.
If we are involved in litigation or a governmental or regulatory investigation, then we keep data throughout the period of litigation or investigation and for 5 years after that. If a settlement means that we have to keep data for longer, then we keep data for the period required to administer the settlement. If we provide data to law enforcement agencies, then we keep a record of this for one year beyond the end of the investigation.
Our site, products and services are all directed to people who are at least 13-years-old or older. We strive to comply with the requirements of COPPA (Children’s Online Privacy Protection Act). If this server is in the United States, and you are under the age of 13, do not use this site. We do not knowingly collect personal information from children under the age of 18 or your country’s age of minority. If you nevertheless believe that your child has provided us with their personal information, please contact us and we will delete it.
Other rights you have include the rights to:
Ask for a copy of your Personal Information
This is known as a Subject Access Request. If you would like a copy of some or all your Personal Information, please email firstname.lastname@example.org.
Ask us to correct your Personal Information
It is your right to lodge an objection to the processing of your Personal Information if you believe that the legal ground “relating to your particular situation” applies. The only reasons we will be able to deny your request is if we can show compelling legitimate grounds for the processing, which override your interest, rights and freedoms, or the processing is for the establishment, exercise or defense of a legal claim.
Ask us to erase certain categories or types of information
If you choose to remove your Personal Information, you acknowledge that we may retain archived copies of your Personal Information.
Ask us to restrict certain processing
You have the right to object to processing of Personal Information. Where we have asked for your consent to process information, you have the right to withdraw this consent at any time.
Obtain the information you provide in a structured, machine-readable format, and
Ask us to transfer your Personal Information to other organizations.