.png)
Introduction and Scope
MCL Systems Limited and its affiliate, Maruti Computers Private Limited (collectively “MCL Systems”, “we”, “us”, “our”) takes the protection of personally identifiable information (“Personal Data”) very seriously. This Privacy Notice (the “Notice”) addresses data subjects whose Personal Data we may receive from our customers in our web-based software application Cadebill, as well as in the course of providing technical support and IT maintenance services in connection with Cadebill (collectively, the “Services”). This Notice does not apply to Personal Data we collect by other means, such as Personal Data that we receive directly through our website(s) or the Personal Data of our employees.
Controllership
Within the scope of this Notice, MCL Systems acts as an agent, also known as a data processor, for the Personal Data we process for our customers when providing our Services. This means that our customers determine the type of Personal Data they provide for us to process on their behalf. We typically have no direct relationship with the individuals whose Personal Data we receive from our customers.
Basis of Processing
Within the scope of this Notice, we process Personal Data based on the instructions of our customers.
How We Receive Personal Data
We may receive your Personal Data from our customers or, in certain limited cases, directly from you, in the course of providing the Services. We do not collect your Personal Data unless instructed to do so by our customers.
Categories of Personal Data
We may process the following types of Personal Data:
- biographical information, such as first and last name;
- contact information, such as email address, fixed and mobile numbers, VOIP addresses, IP addresses, and postal addresses;
- billing, credit, and financial information as set out in invoices, payment methods and preferences, and billing history, where applicable.
Purposes of Processing
We may process your Personal Data for the purposes of:
- enabling the use of the Services;
- responding to your requests or questions;
- providing technical support related to your use of the Cadebill system; and
- attending to IT maintenance of the Services.
We may share your personal information with other companies within our group, service providers who help manage our business and deliver services, vendors and other parties for business and commercial purposes and government organizations, agencies, law enforcement and regulators for the purpose of complying with applicable laws.
Data Retention
We retain Personal Data for as long as instructed by the respective customer (who typically acts as a data controller). We delete the Personal Data submitted to us by our customers within six months of the end of our service agreement with the customer, unless applicable laws require otherwise.
Sharing Personal Data with Third Parties
Based on our customers’ instructions and/or with their knowledge, we may share limited and as needed Personal Data with our service providers, who process Personal Data on our behalf, and who agree to use the Personal Data only to assist us in providing our Services or as required by law. The service providers may provide:
- IT infrastructure service providers;
- Telecommunication Tax Service Providers who assess federal, state and local taxation obligations arising from the services our clients provide to their customers; and
- Cloud hosting service providers.
MCL Systems is responsible for the processing of personal data we receive and subsequently transfer to a third party acting as an agent on our behalf. We will remain liable if such agent processes personal data in a manner inconsistent with legal requirements, unless we can prove that we were not responsible for the event giving rise to the damage.
Cross-border Transfers of Personal Data
We are a global company headquartered in the United States, and our affiliates, our service providers and other third parties with whom we may share Personal Data operate globally. Personal Data that you provide while in the EU, an EAA member state, or Switzerland will be transferred to the United States. Data protection laws permit such transfer of Personal Data to third parties in countries which are recognized as providing an adequate level of protection for Personal Data, or who provide appropriate safeguards to protect your Personal Data. These safeguards may include the model data protection clauses approved by the European Commission. To access these model clauses, please contact our Privacy Team. We may also transfer your Personal Data to recipients in third countries when necessary for the performance of a contract between you and MCL Systems, if MCL Systems obtains your explicit consent to such transfer, or if it is in our legitimate interest to transfer the Personal Data. The laws in the United States may not be as protective of your privacy as those in your location.
Other Disclosures of Your Personal Data
We may disclose your Personal Data to the extent required by law, or if we have a good-faith belief that we need to disclose it in order to comply with official investigations or legal proceedings (whether initiated by governmental/law enforcement officials, or private parties). We may also disclose your Personal Data if we sell or transfer all or some of our company’s business interests, assets, or both, or in connection with a corporate restructuring. Finally, we may disclose your Personal Data to our subsidiaries or affiliates, but only if necessary for business purposes, as described in the section above. If we have to disclose your Personal Data to governmental/law enforcement officials, we may not be able to ensure that those officials will maintain the privacy and security of your Personal Data.
Data Integrity & Security
We have implemented and will maintain technical, administrative, and physical measures that are reasonably designed to help protect Personal Data from unauthorized processing. This includes reasonable and appropriate measures to prevent unauthorized access, disclosure, alteration, or destruction of Personal Data.
Access, Review & Choice
If we process your Personal Data, you may have the right to request access to (or to update, correct, or delete) such Personal Data.
If we have received your Personal Data in reliance on the Data Privacy Framework, you may also have the right to opt out of having your Personal Data shared with third parties and to revoke your consent to our sharing your Personal Data with third parties. You may also have the right to opt out if your Personal Data is used for any purpose that is materially different from the purpose(s) for which it was originally collected or which you subsequently authorized.
To submit these requests or raise any other questions or complaints, you may contact us by using the information in the “Contact Us” section below. Where we act as a data processor, we will not be able to action your request unless our customer who is the data controller instructs us to do so. If we are reasonably able to identify which of our customers is the data controller for your Personal Data, we will promptly forward your request to our customer. In some cases, we may ask that you direct your request to the data controller that provided your Personal Data to us.
EU-U.S. Data Privacy Framework and Swiss-U.S. Data Privacy Framework
For Personal Data processed in the scope of this Policy, MCL Systems Limited complies with the Principles of the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. MCL Systems Limited adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of Personal Data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. MCL Systems Limited adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of Personal Data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program please visit https://www.dataprivacyframework.gov/.
We comply with the Data Privacy Framework for all onward transfers of personal data from the EU, UK and Switzerland, including the onward transfer liability provisions.
Dispute Resolution
Where a privacy complaint or dispute cannot be resolved through MCL’s internal processes, MCL Systems Limited has agreed to participate in the VeraSafe Data Privacy Framework Procedure . Subject to the terms of the VeraSafe Data Privacy Framework Dispute Resolution Procedure, VeraSafe will provide appropriate recourse free of charge to you. To file a complaint with VeraSafe and participate in the VeraSafe Data Privacy Framework Dispute Resolution Procedure, please submit the required information here: https://www.verasafe.com/privacy-services/dispute-resolution/submit-dispute/ .
Binding Arbitration
If your dispute or complaint cannot be resolved by us, nor through the dispute resolution program established by VeraSafe, you may have the right to require that we enter into binding arbitration with you pursuant to the Data Privacy Framework’s Recourse, Enforcement and Liability Principle and Annex I of the Data Privacy Framework.
U.S. Regulatory Oversight
MCL Systems is subject to the investigatory and enforcement powers of the United States Federal Trade Commission.
European Union Supervisory Authority Oversight
If you are an individual within the EU or UK, you may also have the right to lodge a complaint with a data protection regulator in one or more of the European Union member states or the UK.
Changes to this Notice
If we make any material change to this Notice, we will post the revised Notice to this web page. We will also update the “Effective” date.
Contact Us
If you have any questions about this Notice or our processing of your Personal Data, please write to our Privacy Compliance Officer by email at privacy@mclsystems.com or by postal mail at:
MCL Systems Limited
Attn: Customer Care - Privacy Policy Issues
10550 Linden Lake Plaza Suite 301
Manassas, VA 20109
USA
Please allow up to four weeks for us to reply.