Minnesota Privacy Consultants:  Our Privacy Promises

Privacy is our business, and we aim to practice what we prescribe.  The table below summarizes the core commitments in our privacy policy:

I.     Notice.  When we collect personal information, we’ll make our privacy policy readily available.
II. Limited Use  and Retention.  We will collect and retain only the personal information that we need for defined business purposes or legal requirements.	III. Choice.  We will respect your preferences for how we contact you regarding our services and activities.	IV. External Transfer.  We will confirm our service providers offer equivalent or reasonable privacy protections.	V. Access.  We will enable you to access and update your personal information that we hold by contacting us.
VI.    Security.  We will secure your information with reasonable technical, procedural, and administrative procedures.
VII.   Accountability.  Each year, we’ll review and update our privacy practices and publicly display any changes to our privacy policy.

See below for more details about our privacy policy.

SCOPE OF THIS POLICY

This Policy applies to the processing of personal information on minnesotaprivacy.com and by Minnesota Privacy Consultants, a Minnesota corporation that assists organizations with information-risk management.

1.     NOTICE: WHAT INFORMATION DO WE COLLECT, HOW, AND WHY?

The table below summarizes the personal information we collect and use:

 

What information do we collect?	How do we collect it?	Why do we collect this data?
Your basic contact information at work: name, e-mail, address, phone number, company name, and position	From you, via our Site or your communications with us; from mutual acquaintances who refer you to us; and from third-party or public sources such as the Internet	We use this information to contact you to inform you about our business, products, and services; to conduct surveys; to perform interviews for articles; and to inform you of career or business opportunities
Your payment information, such as your work or personal credit-card information	From you, via our Site or your communications with us	To process your payments for our products and services
Your computer information	From your browser and cookies when you visit our Site or open our e-mails	To process your payments on our Site, to measure and improve our Site and our web presence, and track e-mail open rates

 

The following paragraphs describe in more detail our collection and use of personal information:

Children's Information.  We recognize a special obligation to protect personal information obtained from young children.  Our Website is designed and intended for adults and is not of likely interest to children.  The forms on our Site are capable, however, of collecting online information from children under the age of 13 who furnish it without prior parental consent.  Upon discovery that any such information has been supplied by children under the age of 13, we will disregard and delete that information.  We urge parents to instruct their children to never give out their real names, addresses, or phone numbers without their permission when online. 

Information Sent To Us By Your Browser.  Like most commercial Websites, we collect information that is sent to us automatically by your web browser when you access our Website.  This information typically includes the IP address of your Internet service provider, the type of your operating system, and the type of your browser.  The information we receive depends on the settings on your Web browser.  Please check your browser if you want to learn what information your browser sends or how to change your settings.  We use this information to create statistics that help us improve our Website and make it more compatible with the technology used by our visitors.  The information provided by your browser does not identify you personally.  However, we may review our server logs for security purposes, such as detecting intrusions into our network.  If we suspect criminal activity, we might share our server logs – which contain visitors’ IP addresses – with the appropriate investigative authorities who could use that information to trace and identify individuals.  In addition, if you access our Website through an e-mail we have sent you, we may link the information provided by your browser to information in our records that identifies you personally.

Information Collected Using “Cookies”.  Like many commercial websites, we use "cookies."  A cookie is a small text file that is placed on your hard disk by a web server.  Cookies cannot be used to install computer programs or deliver viruses to your computer.  We may use two types of cookies – “session cookies” and “persistent cookies.”  We may use “session cookies” to assign a randomly-generated unique identification number to your computer.  A session cookie expires after you close your browser.  We use session cookies to collect information about the ways visitors use our Website – which pages they visit, which links they use, and how long they stay on each page.  We analyze this information, known as “click-through data,” to better understand our visitors’ interests and needs, and to improve the content and functionality of our Website.  We may also use “persistent cookies.”  These cookies do not expire when you close your browser, but stay on your computer until they expire or you delete them.  Each time you visit our Website, our Web server will recognize your cookie.  By assigning your computer a persistent, unique identifier, we’re able to create a database of your previous choices and preferences.  In situations where these choices or preferences need to be collected again, they can be provided by us automatically, saving you time and effort.  Assigning your computer a persistent, unique identifier also helps us keep a more accurate account of how many people visit our Website, how often they return, how their use of our Website may vary over time, and the effectiveness of our promotional efforts.  If you access our Website through an e-mail we have sent you or you’ve created a “user identity” during one of your visits, we may link the information provided by our cookies to information in our records that identifies you personally.

Information Collected Using “Web Beacons”.  The pages on our Website may contain electronic images known as “Web beacons” – sometimes called “single-pixel gifs” or “clear gifs” – that allow us to count the number of visitors who have visited those pages.  We may use Web beacons to learn more about the ways visitors use our Website, so that we can continually improve it.  We may also include Web beacons in promotional e-mail messages in order to determine whether messages have been opened and acted upon.  Some of these Web beacons may be used to place a persistent cookie on your computer so that we can determine the effectiveness of our marketing efforts or e-mail communications.  We may link information obtained using Web beacons to other information that identifies you personally.  Some of the Web beacons on our Website may have been placed by third-party service providers to help determine the effectiveness of our advertising campaigns or e-mail communications.  These Web beacons may be used by these service providers to place a persistent cookie on your computer.  Doing this allows the service provider to recognize your computer each time you visit certain pages and compile information in relation to those page views.  Our service providers may link information obtained using Web beacons to other information that identifies you personally.  We confirm that our service providers, however, will keep your personal information confidential and use it only to perform services on our behalf.

Log Files.  We may also collect log files that record Website activity, including how many "hits" a particular Web page is getting.  These entries are generated anonymously, and enable us to assess overall site activity, track interest in advertised sales, and troubleshoot technical concerns.  We also use the log file entries for our internal marketing and demographic studies, so that we can constantly improve the services we provide you.  Log files are used internally only, and are not associated with any particular user, computer, or browser.

Spyware.  Our Website does not use spyware.  The term “spyware” refers to a software program that, when installed on your computer, changes settings, displays advertising, or tracks your Internet behavior and reports information back to a central database.  Spyware is usually installed on your computer without your knowledge and can be very difficult to remove.

Surveys.  We may provide you the opportunity to participate in surveys we sponsor.  If you participate, we may request personally identifiable information from you. Participation in these surveys or contests is completely voluntary, and you decide what information you provide on the survey.  The requested information may include your name, company, and e-mail address.  We typically use survey information to identify trends in information-risk management and to create statistics for published studies and articles.  We use a third-party service provider to deliver and host these surveys, but that company does not access or use survey takers’ personally identifiable information for any other purpose besides administering the survey.  We will not share the personally identifiable information you provide through a contest or survey with other third parties unless we give you prior notice and choice.

Orders.  If you purchase a product or service from us, we request certain personally identifiable information from you on our order form.  You must provide contact information, such as name, e-mail, and shipping address, and payment information, such as credit-card number and expiration date, in order for us to process your order. 

Communications.  We periodically contact information-risk professionals to let them know about our products and services, accomplishments, speaking engagements, articles and studies, as well as other developments in the area of information-risk management we think may be of interest to them.  These communications may take the form of personal e-mails, e-mails to groups of people, electronic or posted newsletters and brochures, and phone calls. 

 

2.     HOW DO WE LIMIT THE USE AND RETENTION OF YOUR INFORMATION?

We’ll help you limit the information you give to us by clearly indicating with which data fields are required on our forms.  We keep your personal information for as long as we need it for the purposes for which it was collected, or to which you have consented, or as permitted by applicable law.  Generally, this means that we’ll always keep a current list of contacts, but dispense of payment information when we believe the relevant transactions have been completed.  We may indefinitely hold aggregated information about our customers – for example, a list of the top search terms on our site – in a way that does not individually identify our customers, and we may share or sell that information to other companies.  This Policy does not apply to aggregated, non-personally identifiable information.

 

3.     CHOICE:  HOW DO WE RESPECT YOUR PRIVACY CHOICES?

If you no longer wish to receive our e-mail communications, follow the unsubscribe instructions on the bottom of the most recent broadcast e-mail you received from us.  These e-mails are sent through our account with Constant Contact, which maintains our opt-out list and automatically prevents us from sending e-mails to those addresses in the future.  If you can’t locate a broadcast e-mail from us but would still like to opt out, contact us.    

If you no longer wish to be contacted by postal mail or telephone, contact us, and we will add you to our Do Not Contact list.  If you opt out of our communications, you may still receive a communication that was already in progress before you opted out.  By providing your information to us, you are agreeing to this Policy.   

 

4.     EXTERNAL TRANSFER:  HOW DO WE SHARE YOUR INFORMATION?

Depending on how you’ve interacted with us in the past, and for what purpose, we may share your information in the ways described below:

Third-Party Service Providers.  We may use other companies to provide services to our business and clients and fulfill your requests.  For example, we use third parties for e-mail delivery, postal mailings, payment processing, and Website hosting, and may use subcontractors for consulting engagements and administrative tasks.  If you purchase a product through our Site using PayPal, you’ll be redirected to PayPal’s site to complete your order.  PayPal is not permitted to use your personal information except as needed to fulfill the requested service on our behalf.  We confirm that our service providers are properly protecting the privacy and security of your information.

Affiliates.  Minnesota Privacy Consultants is affiliated with the Twin Cities Privacy Network; MPC regularly sponsors TCPN activities and we share the same technical infrastructure.  We also share contact information for businesses in the Upper Midwest, but do not share member contact information with any other organization for marketing purposes.  If you interact with Minnesota Privacy Consultants, work in Minnesota’s five-state region, and don’t want your contact information shared with Twin Cities Privacy Network, you may opt out of this sharing by contacting us.  If Twin Cities Privacy Network or Minnesota Privacy Consultants are sold, your information may be acquired by the successor company. 

Other Limited Circumstances.  There are other limited circumstances in which we may share your personal information with third parties.  For example, we may disclose your personal information when we, in good faith, believe disclosure is appropriate to comply with the law or a regulatory requirement or to comply with a subpoena or court order; to prevent or investigate a possible crime, such as fraud or identity theft; to enforce a contract; to protect the rights, property or safety of Minnesota Privacy Consultants or a third party; or to protect your vital interests.  In addition, your personal information may be transferred to another company that has acquired the stock or all or part of the assets of Minnesota Privacy Consultants; for example, as the result of a sale, merger, reorganization, dissolution, or liquidation.  If such a transfer occurs, the acquiring company’s use of your personal information will still be subject to this Policy and the privacy preferences you have expressed to us.

We will not otherwise share your personal information with Affiliates, service providers, or other third parties for unknown or unrelated purposes.

Links to Other Sites.  Our Website contains links to Websites operated by third parties, including Websites operated by our Affiliates and unrelated third parties advertising on our site.  In some cases, these sites are branded to appear as if you are still on our Website by using techniques such as framed pages and masked URLs.  This Policy does not apply to any of these other Websites.  When you access other websites through a link on our Website, please take a few minutes to review their terms of use and privacy statements.

 

5.     HOW DO WE PROVIDE YOU ACCESS TO YOUR DATA?

If you would like to review or update the information we may have about you, contact us.  We will respond promptly within the time limits established by applicable law, but at least within 30 days of your request.  For your protection, we may ask you for additional information to verify your identity.  In most cases, we will provide the access you request and correct or delete any inaccurate information you discover.  In some cases, however, we may limit or deny your request if the law permits or requires us to do so.   

 

6.     SECURITY:  WHAT PRECAUTIONS DO WE TAKE?

We maintain appropriate physical, technological, and organizational safeguards to protect your personal information against loss, misuse, unauthorized access or disclosure, alteration, and destruction.  For example, transmissions of payment information through our Site or our service-providers’ sites will be protected with SSL encryption.  Only those who have a “need-to-know” are authorized to access member accounts, and only after they’ve been trained on our security procedures.  If you have any questions about our data security, contact us.

Although we use reasonable measures to help protect your personal information and comply with applicable data security laws, it’s important that you understand that no Website or database is completely secure, or “hacker proof.”   

 

7.     HOW ARE WE ACCOUNTABLE TO THIS POLICY?

We communicate our privacy promises to our employees and train employees handling member information on their roles and responsibilities in protecting your privacy.  We regularly assess the privacy and security practices of our Website and information systems to identify ways we can improve our data practices. 

We reserve the right, at our discretion, to change, modify, add, or remove portions of this Policy at any time.  If we make changes to this Policy, we'll replace this Policy with the new Policy and change the “effective” date at the top of this Policy.  We will also provide a notice at the top of this Policy for at least 30 days after the new effective date and highlight the changes in the Policy so that you can locate them easily.  Your continued use of our Website following a minor change to this Policy will indicate your acceptance of the revised Policy. 

 

If you have a Website privacy-related concern, please contact us.