PRIVACY STATEMENT

Last Updated: 1/22/2020

This statement discloses the information practices for Mainline RTP, LLC (“MRTP”) website (“Website”), from what type of information about our Website’s users is gathered and tracked, to how the information is used, shared or otherwise processed offline.

Collection of Personal Information

You may choose to give us personal information directly in a variety of situations. For example, you may want to give us your name and contact information to communicate with you, to order a product, or to process an order. You may share a description of your education and work experience in connection with a job opening at MRTP for which you wish to be considered. If you tell us that you do not want us to use your information to make further contact with you beyond fulfilling your request, we will respect your wishes.

We may also collect information relating to your use of our Website. For example, when you visit our Website, we may log certain information that your browser sends us, such as your IP address, browser type and language, access time, and referring Website addresses, and we may collect information about the pages you view within our Website and other actions you take while visiting us. We may also use related technologies to determine whether you have opened an email or clicked on a link contained in an email. For more information on these collection practices, please see the “Use of Cookies” section below.

When We Share Your Personal Information

If you request something from MRTP, for example, a product or service, a callback, or specific marketing materials, we will use the information you provide to fulfill your request. To help us do this, we may share information with others to facilitate fulfillment of your request, including suppliers, subcontractors, and consultants, that have agreed to safeguard such information in a like manner to the way MRTP safeguards such information and that have agreed to confidentiality terms with MRTP. We may also contact you as part of our customer satisfaction surveys or for market research purposes.

Recruitment

In connection with a job application or inquiry, whether advertised on the MRTP Website or otherwise, you may provide us with information about yourself, such as a resume. We may use this information throughout MRTP in order to address your inquiry or consider you for employment purposes. Unless you tell us not to do so, we may keep the information for future consideration.

Use of Cookies

This Website works with cookies that collect anonymous traffic data on this Website. These cookies may tell us whether you have visited our Website before or are a new visitor and what material on our Website you have viewed. The cookies we use may collect information that is considered personally-identifiable information under applicable data privacy regulations, such as IP addresses (including information derived from your IP address such as geolocation information), and information regarding your interaction with the Website; however, cookies do not provide us with any way to contact you and we do not transfer this information to third parties for monetary or other valuable consideration. MRTP uses such information solely to support your relationship with MRTP or your requests for our products and services. We do store cookies on your computer to track your user identity when accessing certain features and functionality on the Website and to track how you may have reached our site. To opt out of the use of cookies, many commonly available browsers permit you to reject cookies from this Website and you may use this Website with that feature of those browsers enabled; however, you understand and agree that some of the features and content on our Website may be unavailable to you if your browser is configured to reject cookies.

Data Security

MRTP takes reasonable and appropriate measures to maintain the confidentiality of personal information and to protect personal information from misuse and unauthorized access. This includes maintaining a system of appropriate administrative, physical, and technical safeguards to secure such information.

Privacy Questions

If you have a question about this Privacy Statement or MRTP’s handling of your information, you can send an email to brian.showman@mainline.com.

 

Privacy Policy Addendum 1:
GDPR Code of Conduct & Privacy Policy for Mainline RTP, LLC

This Privacy Policy Addendum (“Addendum”) applies to the extent MRTP has access to any personal data of European Union (“EU”) data subjects protected under the General Data Protection Regulation (“GDPR”). In those instances, this Addendum prevails over any conflicting terms in the MRTP Privacy Statement.

MRTP is subject to data privacy laws, including data breach notification laws, that protect personally identifiable information (“PII”).  PII includes sensitive information such as social security numbers; banking information; credit card information; personal identification numbers; passwords; pass codes; official state or government-issued driver’s license or identification card numbers; government passport numbers; biometric data; employer, student, or military identification numbers; and other financial transaction information.  MRTP maintains reasonable security procedures and practices to protect paper and electronic documents that include PII from unauthorized access, use, modification, disclosure, or destruction.

In some scenarios, MRTP may also be subject to international data privacy laws, including the GDPR.  The GDPR was designed to harmonize data privacy laws across the EU in an effort to further protect EU residents’ personal data.  Personal data includes a person’s name, home address, email address, usernames and passwords, identification card number or employee ID, location data, IP address, or any communication identifying an individual. GDPR places restrictions on how personal data can be collected, accessed, used, distributed and stored, and applies to all MRTP activities involving receiving or processing the personal data of EU residents, regardless of MRTP’s geographical location.  MRTP is also responsible for ensuring its third party vendors that receive or process such personal data comply with GDPR.

MRTP processes personal data of EU data subjects in accordance with our GDPR Privacy Policy, attached hereto as Exhibit A, which addresses the following specific applications of GDPR to MRTP’s processing activities:

  • fair and transparent processing;
  • the legitimate interests pursued by controllers in specific contexts;
  • the collection of personal data, if applicable;
  • the pseudonymization of personal data, if applicable;
  • the information provided to the public and to data subjects;
  • the exercise of the rights of data subjects;
  • the information provided to, and the protection of, children;
  • the measures and procedures referred to in Articles 28 and 29 and the measures to ensure security of processing referred to in Article 32;
  • the notification of personal data breaches to the data controllers and the communication of such personal data breaches to data subjects;
  • the transfer of personal data to the United States; and
  • out-of-court proceedings and other dispute resolution procedures for resolving disputes between controllers and data subjects with regard to processing, without prejudice to the rights of data subjects pursuant to Articles 77 and 79.

Violations of data privacy laws carry severe consequences and may expose MRTP to substantial damages.  All employees should be familiar with the general principles of data privacy and must abide by all data privacy laws.

 

Exhibit A: GDPR Privacy Policy

Last Updated: January 21, 2020

 OUR COMMITMENT TO PRIVACY

Mainline RTP, LLC (“MRTP”) is committed to your privacy.  We want you to be familiar with how we collect, use and disclose information. This Privacy Policy describes our practices in connection with information that we process while performing services for our customers who are controllers of your personal data.

 WHAT INFORMATION WE PROCESS

Personal Information” is information that identifies you as a natural person or relates to an identifiable natural person.  To the extent our customers maintain this type of data about you, we may process the following Personal Information:

  • Personal contact information such as name, address, telephone number and email address;
  • Business contact information such as business address, telephone number and email address;
  • Other ‘personal data’ as defined under the General Data Protection Regulation (“GDPR”) that our clients maintain about you, solely to the extent MRTP is engaged to process such personal information

Other Information” is any information that does not reveal your specific identity or does not directly relate to an identifiable individual.  We may collect and process the following Other Information:

  • Browser and device information;
  • Demographic information and other information provided by you that does not reveal your specific identity;
  • Information that has been aggregated in a manner such that it no longer reveals your specific identity.

If we are required to treat Other Information as Personal Information under applicable law, then we will collect, use and disclose it for the purposes for which we collect, use and disclose Personal Information as detailed in this Policy.

HOW WE COLLECT AND PROCESS PERSONAL AND OTHER INFORMATION

MRTP does not collect Personal Information of EU data subjects from our customers. All client data remains on our client’s infrastructure and is subject to our client’s security policies and procedures. However, in order to perform professional services for our customers, we may be asked to process your personal information maintained by our customers. “Processing” under GDPR is defined as the following:

  • any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

MRTP may be asked to perform one or more of the above-referenced actions on our client’s information technology infrastructure which contains your Personal Information.  When that is the case, MRTP performs such services in accordance with our client’s specific written instructions, the protections set forth in our corporate policies and procedures, and this Privacy Policy.

HOW WE USE PERSONAL INFORMATION

MRTP uses Personal Information exclusively in accordance with our client’s instructions and solely for the legitimate business purpose of performing the services for which we have been engaged. MRTP has procedures in place to ensure such services are documented in a written contract between MRTP and our clients.  MRTP may also use Personal Information to respond to requests for audits or to otherwise meet our legal and regulatory compliance obligations.

HOW WE DISCLOSE PERSONAL INFORMATION

We may disclose Personal Information to contracted sub-processors solely to the extent necessary for MRTP to fulfill its contractual obligations to our clients.  When that is the case, MRTP obtains the client’s prior written consent and ensures such sub-processors are bound by the same contractual clauses as MRTP with respect to protection of Personal Information. Where our sub-processor fails to fulfill its data protection obligations, MRTP remains fully liable to our clients (the controllers) for the performance of that sub-processor’s obligations.

Additionally, MRTP may be required to disclose Personal Information in response to lawful requests by public authorities to comply with national security or law enforcement requirements.

HOW LONG WE RETAIN PERSONAL INFORMATION

MRTP does not retain any Personal Information processed on behalf of our clients.  All client data remains on our client’s infrastructure and is subject to our client’s security policies and procedures.

WHAT SECURITY MEASURES WE USE

We have implemented internal policies and technical measures to protect Personal Information from loss, accidental destruction, misuse or disclosure in the course of performance of services for our clients. Such internal policies and technical measures include, to the extent applicable to services performed:

  • The use of pseudonymization and encryption of personal data where appropriate;
  • Procedures and controls to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
  • Procedures and controls to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
  • Procedures for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing; and
  • Procedures to ensure that data is not accessed, except by individuals in the proper performance of their duties.

 

PRIVACY RIGHTS FOR RESIDENTS OF THE EUROPEAN ECONOMIC AREA AND SWITZERLAND

If you are resident in the European Economic Area or Switzerland, under European or Swiss law you have the following rights in respect of your Personal Information that we hold:

  • Right of access. You have the right to obtain confirmation of whether, and where, we are processing your Personal Information; information about the categories of Personal Information we are processing, the purposes for which we process your Personal Information and information as to how we determine applicable retention periods; information about the categories of recipients with whom we may share your Personal Information; and a copy of the Personal Information we hold about you, if applicable.
  • Right of portability. You have the right, in certain circumstances, to receive a copy of the Personal Information you have provided to us in a structured, commonly used, machine-readable format that supports re-use, or to request the transfer of your personal data to another person.
  • Right to rectification. You have the right to obtain rectification of any inaccurate or incomplete Personal Information we hold about you without undue delay.
  • Right to erasure. You have the right, in some circumstances, to require us to erase your Personal Information without undue delay if the continued processing of that Personal Information is not justified.
  • Right to restriction. You have the right, in some circumstances, to require us to limit the purposes for which we process your Personal Information if the continued processing of the Personal Information in this way is not justified, such as where the accuracy of the Personal Information is contested by you.
  • Right to object. You have a right to object to any processing based on our legitimate interests where there are grounds relating to your particular situation. There may be compelling reasons for continuing to process your Personal Information, and we will assess and inform you if that is the case. You can object to marketing activities for any reason.
  • If you are resident in France, you also have the right to set guidelines for the retention and communication of your Personal Information after your death.

If you wish to exercise one of these rights, please contact MRTP’s Chief Information Security Officer, Brian Showman, at brian.showman@mainline.com.

EU residents also have the right to lodge a complaint to your local data protection authority. Further information about how to contact your local data protection authority is available at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm. Swiss residents have the right to lodge a complaint with the Swiss Federal Data Protection and Information Commissioner at: https://www.edoeb.admin.ch/?lang=en.

Residents in other jurisdictions may also have similar rights to the above. Please contact MRTP’s Chief Information Security Officer, Brian Showman, at brian.showman@mainline.com if you would like to exercise one of these rights, and we will comply with any request to the extent required under applicable law

 THIRD PARTY SERVICES

This Privacy Policy does not address, and we are not responsible for, the privacy, information or other practices of any third parties. The inclusion of any links on MRTP websites, work product or marketing materials do not imply endorsement of the linked site or service by us or by our affiliates.

In addition, we are not responsible for the information collection, use, disclosure or security policies or practices of other organizations, such as our clients, Facebook, Apple, Google, Microsoft, RIM or any other app developer, app provider, social media platform provider, operating system provider, wireless service provider or device manufacturer.

 USE OF OUR SERVICES BY MINORS

The services performed by MRTP for our clients are not directed to individuals under the age of eighteen (18), and we do not knowingly collect or process Personal Information from individuals under 18.

 CROSS-BORDER TRANSFER

MRTP processes your Personal Information in the United States unless otherwise instructed by our clients.  As such, when our clients use our Services, you understand that your information may be transferred from your country of residence to the United States, which may have data protection rules that are different from those of your country.  In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in the United States may be entitled to access your Personal Information.

Some of the non-EEA countries are recognized by the European Commission and Switzerland as providing an adequate level of data protection according to EEA or Swiss standards. For transfers from the EEA or Switzerland to countries not considered adequate by the European Commission or Switzerland, we will put in place adequate measures, such as standard contractual clauses adopted by the European Commission or contracts approved by the Swiss Commissioner, to protect your Personal Information.

In addition to the protections provided under other sections of this Privacy Policy, we have verified and will verify annually through self-assessment that the attestations and assertions made about our privacy practices are true and that those privacy practices have been implemented as represented and in accordance with this Privacy Policy.  The verification includes the following:

      • That the Privacy Policy is accurate, comprehensive, prominently displayed, completely implemented and accessible;
      • That the Privacy Policy conforms to the principles set forth in the GDPR;
      • That individuals are informed of any in-house arrangements for handling complaints and of the independent mechanisms through which they may pursue complaints;
      • That we have in place procedures for training employees in the implementation of this Privacy Policy and disciplining them for failure to follow it;
      • That we have in place internal procedures for periodically conducting objective reviews of compliance with the above.

We will cooperate with the Data Protection Authorities (“DPAs”) and/or the Swiss Commissioner and comply with the advice of the DPA’s and/or Swiss Commissioner.  In the event that the DPAs and/or the Swiss Commissioner determines that we did not comply with this Privacy Policy, we will take appropriate steps to address any adverse effects and to promote future compliance, comply with any advice given by the DPAs and/or the Swiss Commissioner where the DPAs and/or the Swiss Commissioner has determined that we need to take specific remedial or compensatory measures for the benefit of individuals affected by any non-compliance with this Privacy Policy, and provide the DPAs and/or the Swiss Commissioner with written confirmation that such action has been taken.

 UPDATES TO THIS PRIVACY POLICY

The “LAST UPDATED” legend at the top of this Privacy Policy indicates when this Privacy Policy was last revised.  Any changes will become effective when we post the revised Privacy Policy on MRTP’s website.  Our client’s use of our services following these changes constitutes acceptance of the revised Privacy Policy.

 HOW TO CONTACT US

If you have any questions about this Privacy Policy, please contact MRTP’s Chief Information Security Officer, Brian Showman, at brian.showman@mainline.com or at:

Mainline RTP, LLC
Attn: Chief Information Security Officer
1700 Summit Lake Drive
Tallahassee, Florida 32317

Because email communications are not always secure, please do not include credit card or other sensitive information in your emails to us.

Privacy Policy Addendum 2:
California Supplemental Privacy Statement

If you are a California resident, you have rights under the California Consumer Privacy Act of 2018 (“CCPA”). The MRTP Privacy Statement addresses the required disclosures about your Personal Information as defined herein. This Privacy Policy Addendum 2 is an overview of the information required by the CCPA and provides instructions on how to exercise the rights granted by the CCPA. Defined terms used herein shall be interpreted in accordance with the definitions contained in the CCPA.

DISCLOSURES ABOUT YOUR PERSONAL INFORMATION

  1. Collection, Business Purposes and Disclosure of Personal Information. MRTP uses Personal Information submitted to us through the Website or collected by cookies to support your relationship with MRTP or your requests for our products and services. To further this purpose, MRTP may collect and disclose, for a business purpose, information from the following categories:
    1. Information necessary to provide you with access to and use of our Website, products and services
    2. Information necessary to respond to your request for information, order or support
    3. Business contact information of clients, prospects, partners and suppliers
    4. Information about visitors to our sites and locations
    5. Information collected for marketing and business intelligence
  2. This includes Personal Information defined by the CCPA as:
    1. Identifiers such as IP address and geolocation information
    2. Personal information under the Customer Records provision of the California Civil Code such as your name, postal address, email address or payment information you provide to purchase a product or service offered by MRTP
    3. Commercial information related to your purchase of a product or service offered by MRTP
    4. Internet activity information relating to your interactions with the Website
    5. Professional information such as your employer name and job title
    6. Inferences about your consumer preferences

SOURCES AND SHARING OF PERSONAL INFORMATION

The MRTP Privacy Statement describes the types of sources from which we collect Personal Information and how we share your information with third parties. As explained, we may collect Personal Information directly from you submitted through the Website and/or from your employer in the event you are using the Website to apply for an open position with MRTP. We may share information about you with our suppliers, subcontractors, and consultants that have agreed to safeguard such information in a like manner to the way MRTP safeguards such information and that have agreed to confidentiality terms with MRTP. The purpose of such disclosures is limited to helping MRTP provide you, or the company you work for, products or services or to fulfill your requests. We may also contact you as part of our customer satisfaction surveys or for market research purposes. 

SALE OF PERSONAL INFORMATION

MRTP does not currently sell, rent, lease, disclose, disseminate, make available, transfer or otherwise communicate a Consumer’s Personal Information to a business or another third party for monetary or other valuable consideration. Should this type of activity ever become applicable in the future, MRTP will update this Privacy Policy to notify you of this change. As a user of the Website, you are responsible for regularly reviewing this Privacy Policy for updates and your use of the Website constitutes acceptance of these terms. You can make choices to allow or prevent such uses by contacting MRTP in accordance with the “HOW TO CONTACT US” section below.

YOUR RIGHTS WITH RESPECT TO YOUR PERSONAL INFORMATION

In addition to the rights granted under the MRTP Privacy Statement, as a California resident, you have the right to:

  1. Request specific pieces of Personal Information or information about the categories of Personal Information that MRTP holds about you.
  2. Request Deletion of your Personal Information.
  3. Opt out of the sale of Personal Information, if applicable.

To exercise any of the aforementioned rights, please contact MRTP in accordance with the “HOW TO CONTACT US” section below.

With respect to cookies, many commonly available browsers permit you to reject cookies from this Website and you may use this Website with that feature of those browsers enabled.You can generally express your privacy preferences regarding the use of most cookies and similar technologies through your web browser. Look under the heading “Tools” (or similar heading) in your particular browser for information about controlling cookies. In most instances, you can set your browser to notify you before you receive a cookie, giving you the option to decide whether to accept it or not. You can also generally set your browser to turn off cookies.

NON-DISCRIMINATION
If you choose to exercise any of these rights, we will not deny goods or services to you or provide different quality of services.

HOW TO CONTACT US
If you have any questions about this Privacy Policy, please contact MRTP’s Chief Information Security Officer, Brian Showman, at brian.showman@mainline.com or at:

Mainline RTP, LLC
Attn: Chief Information Security Officer
1700 Summit Lake Drive
Tallahassee, Florida 32317
850-219-5000

Because email communications are not always secure, please do not include credit card or other sensitive information in your emails to us.