Contract Management Platform Privacy Notice
Last updated: 22.03.2022
When you use the Mirakl Contract Management Platform (hereinafter the “Platform”) operated by Mirakl (hereinafter “Mirakl” or “us”), you might need to disclose your personal data and you are trusting us with your information. These personal data are protected by law, and thus, Mirakl, as data controller, has implemented appropriate security measures to protect your personal data.
Please read this privacy notice carefully as it explains how we collect and use your personal data. This privacy policy supplements any documents or notices that may refer to this privacy notice.
1. What information does Mirakl collect?
The following data provided by you through the Platform or when you communicate with us are processed by us:
Type of data | Examples of data |
|---|---|
Identification data | First name, last name, title, position. |
Contact details | Email address, postal address, phone number. |
Professional data | Company / Employer information. |
Browsing data | Unique identifiers such as IP address or mobile device ID, device type and settings, operating system. |
Cookies | Online tracers and cookies. Refer to our Platform provider cookie notice for further details. |
Data related to your exchanges with us | Information requests / complaints, exchanges with our services. |
2. Why does Mirakl collect your information?
To establish a valid contract, the personal information you provide is required.
Therefore, we process your personal data for the following purposes:
Purposes | Examples of use of your personal data | Legal bases |
|---|---|---|
Managing the contract signature | to proceed with valid signature of a contract | Take steps prior to entering into a contract |
Archiving signed contracts | to keep track of signed agreements | Performance of a contract |
Managing your information request / contact request | to contact you to answer your questions | Your consent |
Pre-litigation or litigation management | to take action against any identified breach to manage any dispute or litigation | Our legitimate interest to defend our rights and interests |
Compliance with legal and regulatory obligations | to comply with legal and regulatory obligations to process your requests to exercise your rights | Legal and regulatory obligations to which we are subject |
3. Who can access your personal data?
Except as specified herein or permitted or required by applicable law, we do not generally share personal data about you with any third party without your permission and we do not allow third parties to collect personal data from users of our Platform. This does not include trusted third parties who assist us in operating our Platform, conducting our business or serving you, as long as those parties agree to keep this information secure and confidential. Those third-party providers shall only be granted access to the information they need to perform their designated functions and will be subject to confidentiality and data protection obligations regarding such information and will not be authorized to use your personal data for their own business purposes. We shall in no event be released from our obligations towards our website visitors and users to the extent it uses such third-party providers.
More specifically, part of your personal data may be transmitted to the following recipients when you access, browse, navigate and use our Platform:
Recipients | Purposes |
|---|---|
Mirakl and its duly authorized employees | Participation in the contract signature process, reception of signed contract copy. |
Companies of our group and their duly authorized employees | Participation in the contract signature process, reception of signed contract copy. |
Mirakl legal department | Management of full contract lifecycle. |
Your company authorized employees | Participation in the contract signature process, reception of signed contract copy. |
Our subcontractors (platform provider, hosting provider, IT service providers, etc.) | Exclusively for technical or logistical purposes. |
Administrative or judiciary authorities | Exclusively in the case of an express and justified request or in case of an alleged violation of legal or regulatory provisions. |
Lawyers and other interested parties | Exclusively in the case of the management of possible disputes and other legal matters where appropriate. |
Other third parties | Following or during a restructuring, reconstitution, acquisition, debt financing, merger, sale of assets of Mirakl or a similar transaction, as well as in case of insolvency, bankruptcy or receivership where personal data are transferred to one or more third parties as assets of Mirakl. |
4. Will your personal data be transferred outside of the European Economic Area?
As far as possible, your personal data is processed within the European Economic Area (EEA). However, some of the companies of our group, as well as our service providers being located outside of the EEA, your personal data may therefore be processed in those countries. You can refer to our Platform provider list of sub-processors for further details.
5. How does Mirakl protect your personal data?
We and our partners have implemented technical and organizational measures to protect your personal data, in particular, against potential data breaches likely to cause, either by accident or unlawfully, the destruction, loss, modification, unauthorized access or divulgation of your personal data. These measures will guarantee a level of security adapted to the data and will take into account the state of the art and the cost of implementation in relation to the risks and nature of the data to be protected.
We guarantee that our personnel and any other person processing your personal data will respect the internal rules and procedures related to the processing of personal data, including the technical and organizational security measures implemented to protect your personal data. In this context, we review and update our practices regularly to enhance your privacy and ensure that its internal policies are followed.
If you have found a vulnerability or would like to report a security incident, you may send an email to security@mirakl.com.
6. For how long does Mirakl retain your data?
The principle is that your personal data will only be retained for the period necessary for the accomplishment of the purposes for which said data was collected, or as necessary to fulfill legal or regulatory obligations.
In the absence of applicable exceptions Mirakl will keep your personal data during:
five (5) years for evidence purposes relating to legal claims;
ten (10) years from the end of the relevant fiscal year for personal data retained for accounting purposes as well as for commercial documents.
7. What are your rights regarding your personal data?
Under certain circumstances, you might have the following rights under data protection laws over your personal data:
you can request the access to your personal data to obtain clear, transparent and understandable information on how we process your personal data and, on your rights (as provided in this policy), as well as a copy of your personal data;
you can request the rectification of your personal data to obtain the modification of your personal data if they are obsolete, inaccurate, or incomplete;
under specific conditions, you can object to the processing of your personal data when the processing is based on our legitimate interest ;
under specific conditions, you can request the restriction of the processing during a limited period of time, in particular in order to carry out some verifications ;
you can withdraw your consent when it has been obtained, without this withdrawal affecting the lawfulness of the processing operations previously carried out ;
under certain conditions, you can ask to receive your personal data in a structured, commonly used and machine-readable format and also can request their transmission to another controller where technically feasible. This right is not exercised in all circumstances, it applies only if it fulfills all the following conditions ;
when certain legal grounds apply, you can request the deletion of your personal data (or right to be forgotten).
Under certain circumstances, Mirakl may ask you for specific information to confirm your identity and ensure the exercise of your rights. This is another appropriate security measure to ensure that personal data is not disclosed to an individual who does not have the right to receive it.
If you have any questions or wish to exercise your rights, you may directly contact us by sending an email to privacy@mirakl.com.
If needed, you may also lodge a complaint with your national data protection authority. This right may be exercised at any time and free of charge, at the exclusion of potential postal fees or expenses related to legal representation or assistance should you choose to engage third party assistance for the procedure.
8. Changes to this notice & contact
This privacy notice may be amended from time to time, in particular to reflect the changes in the services provided by the Platform or the applicable regulations. Therefore, we recommend you review this privacy notice each time you use the Platform.
Should you have any questions, you may directly contact Mirakl by sending an email to privacy@mirakl.com.