Effective: May 25, 2018
1. What Information Is Collected by CMX And How Is It Used?
Email Addresses: Users may optionally provide their email address to subscribe to our newsletters or to obtain additional information regarding our products and services. Users may unsubscribe at any time through the opt-out link contained within those communications.
2. Is Information Collected By Or Disclosed To Third Parties?
CMX does not sell, trade, rent, or lease Personal Data to any third parties, unless we provide users with notice before they opt-in. Information is shared with website hosting partners, such as Kajabi, Flywheel, Teachable and WordPress and other parties necessary for the provision of services and operating our website, subject to confidentiality agreements entered into between CMX and such third party service providers. In addition, CMX utilizes the following data processors:
Managed Email Services: CMX utilizes MailChimp to assist in customizing its email marketing campaigns to its customers. Users should review the hyperlink privacy policies for more information about their data collection and use practices.
Sharing Services: Users may follow CMX and/or share information on Facebook, Twitter, and LinkedIn, as well as other additional social media/sharing services/sites Users who follow/share on such third party sites are subject to the data collection and privacy practices of such third party sites. Users should click on the applicable Privacy Policies for each site to review for more detail about information collected from these sites.
Google AdSense: CMX uses Google AdSense Advertising to serve ads on the Site. Users can block or customize ads from their device/browser at Google AdSense Choices. Users can also install Google’s DoubleClick Opt-Out Add On to set your preferences to opt-out of personalized ads.
Third Party Advertising/Re-Targeting Services: When accessing the Platform, third party advertising services may place a cookie on your browser, which may be used to target relevant advertisements to you when you visit third party websites. Users may opt-out from receiving targeted advertisements by visiting the (1) Network Advertising Consumer Opt-Out page, (2) Digital Advertising Alliance Opt-Out page, and/or (3) the opt-out provisions pertaining to the applicable advertising services/retargeting provider.
Other Potential Third Party Disclosures: Personal Data may also be disclosed to third parties to serve our legitimate business interests as follows: (1) as required by law, such as to comply with a subpoena, or similar legal process, (2) if CMX is involved in a merger, acquisition, or sale of all or a portion of its assets, (3) to investigate, prevent, or take action regarding suspected or actual illegal activities or to assist government enforcement agencies; (4) enforce our agreements with you, and/or (5) investigate and defend ourselves against any third-party claims or allegations. We will use commercially reasonable efforts to notify users about law enforcement or court ordered requests for Personal Data unless otherwise prohibited by law.
3. How Does CMX Comply With The Children’s Online Privacy Protection Act and GDPR Regulations Relating to Children?
We do not market our services or knowingly collect Personal Data from children. If a parent or guardian becomes aware that his or her child (a) under the age of 16 in applicable EU Member Countries, or (b) under the age of 13 in the U.S. and applicable EU Member Countries, has provided us with Personal Data without their consent, he or she should contact CMX at [email protected]. We will delete such Personal Data from our files within a commercially reasonable time, but no later than required under the applicable law relating the child’s country of residence.
4. How Long Does CMX Retain Personal Data Collected?
We will retain account and purchase data as long as it is necessary to facilitate services to our customers. When a customer’s account is terminated, Personal Data collected through the Platform will be deleted in accordance with the requirements of applicable law. Personal Data obtained from Site visitors will be maintained as long as it is necessary to provide requested communications and information-based services or until a visitor exercises its right to opt-out of requested communications or information-based services. Anonymized and Pseudo-anonymized data will be retained as long as CMX determines such data is commercially necessary for it legitimate business interests.
5. EU General Data Protection Regulation (“GDPR”) Notices
Data Controller. The information that we collect, process and/or use through the Platform is controlled by CMX, 44 Tehama St, San Francisco, CA 94105. You may contact us at any time by emailing us at [email protected].
We will only collect and process Personal Data about you where we have lawful bases. Lawful bases include consent (where you have given consent), contract (where processing is necessary for the performance of a contract with you, and “legitimate interests.” Where we rely on your consent to process personal data, you have the right to withdraw or decline your consent at any time and where we rely on legitimate interests, you have the right to object. If you have any questions about the lawful bases upon which we collect and use your personal data, please contact us at [email protected].
Users within the EU may email CMX at [email protected] in order to exercise their GDPR rights to:
- Access, review, restrict processing of, or otherwise request erasure of your Personal Data;
- Obtain the identity of the source of any Personal Data collected;
- Request correction of any errors contained within your Personal Data;
- Request transfer your Personal Data to another service provider;
- Object to the manner in which your Personal Data is processed; or
- Lodge a complaint with a supervisory authority.
For all GDPR-based requests made pursuant to this section, CMX will (a) respond as required under applicable law, (b) provide a copy of any requested Personal Data in a structured, commonly used and machine-readable format, and (c) transmit such Personal Data to another service provider without restriction in accordance with applicable law.
6. Privacy Shield Notice For Users In The European Union
CMX complies with the EU-U.S. Privacy Shield Framework and the Swiss–U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States, respectively.
Accountability for Onward Transfer.
CMX requires that its integrated service providers that have access to personal information from EU consumers have either self-certified to the Privacy Shield Principles, are subject to the EU Privacy Directive, or enter into a written agreement with us that requires them to provide at least the same level of privacy protection as is required by the relevant Privacy Shield Principles. CMX is potentially liable if such third party service providers process your personal information in a manner that is inconsistent with the Privacy Shield Principles.
Access. You may ask to review and correct the personal information that we maintain about you by sending a request to [email protected].
Complaints. In compliance with the EU-US Privacy Shield Principles, CMX. commits to resolve complaints about our collection or use of your personal information. Individuals in the European Union with inquiries or complaints regarding our Privacy Shield policy should first contact CMX at [email protected] or by mail to: CMX, Inc. 44 Tehama St, San Francisco, CA 94105.
- No Cost Dispute Resolution. In the event complaints cannot be resolved by CMX, they will be referred to the Council of Better Business Bureaus (“CBBB”), a non-profit organization based in the United States which provides an alternative dispute resolution mechanism to resolve EU Privacy Shield complaints. CMX will cooperate with the CBBB during the dispute resolution process relating to complaints brought under Privacy Shield. These recourse mechanisms are available at no cost to you. For more information on how EU Consumers may file a complaint, see Better Business Bureau Privacy Shield Dispute Resolution Process.
- Privacy Shield Panel — Binding Arbitration. As a last resort, privacy complaints that remain unresolved after pursuing these and other channels may be subject to binding arbitration before the Privacy Shield Panel to be created jointly by the US Department of Commerce and the European Commission and/or the Swiss Government, as applicable to the dispute.
7. Your California Privacy Rights
California law permits California-resident Customers to request and obtain from CMX once a year, free of charge, certain information about their Personally Identifiable Information (“PII”) (as defined by California law) disclosed to third parties for direct marketing purposes in the preceding calendar year (if any). If applicable, this information would include a list of the categories of PII that was shared and the names and addresses of all third parties with which we shared information in the immediately preceding calendar year.
8. What Is CMX’s Security Policy?
We have implemented reasonable administrative, technical and physical security measures to protect your personal information against unauthorized access, destruction or alteration. Communications are encrypted pursuant to a Cloudflare and Flywheel generated SSL certificate. However, although we endeavor to provide reasonable security for information we process and maintain, no security system can ever be 100% secure.
In addition, CMX utilizes a PCI-DSS compliant third party payment processor to ensure the security of Subscriber’s Personal Data. Subscribers should review Stripe’s Security Policy for more information on their security practices.
9. How Does The Platform Respond To “Do Not Track” Signals?
“Do Not Track” is a feature enabled on some browsers that sends a signal to request that a website disable its tracking or cross-Platform user tracking. At present, the Platform does not respond to or alter its practices when a Do Not Track signal is received.
11. Contact Us
If you have any questions regarding your Personal Data or about our privacy practices, please contact us at: CMX, Attention: Privacy Department, 44 Tehama St. San Francisco, CA 94110 or at [email protected].