WEBSITE PRIVACY NOTICE

Thank you for visiting our website. At MD7, LLC, we take data protection very seriously. Hence, we have developed this website privacy notice ("Notice") in particular to clearly inform you about (i) how we collect, use, disclose and otherwise process personal data and (ii) your rights under the General Data Protection Regulation ("GDPR").

Please note that this Notice does not cover any processing activities we are carrying out on behalf of a client of us (i.e. as a so called processor) such as your use of contact forms available on the website. Our client’s privacy notice can be found here.

This Notice solely covers our processing of personal data under GDPR in the context of the provision and maintenance of this website. By making this Notice available to you, we comply with our information obligations under GDPR and it shall not confer upon you any rights or obligations that are not conferred upon you by law and/or regulations.

1. Who are we and how can you contact us?

   The controller of your personal data with respect to the processing activities outlined below is [ MD7 International (Telecommunications) Limited, Burgh Quay, The Scotch House, Dublin 2, Ireland] ("MD7", "we", "us", "our").

   In any case, you may always contact privacy@md7.com with respect to questions about this Notice, processing of your personal data by MD7 in general and to exercise your rights towards MD7 as outlined below under no. 9.

2. What are the data protection officer's contact details?

   Our data protection officer can be contacted at mchristenson@md7.com.

3. How do we collect your data and what kind of data do we collect?

   When you use, navigate through and/or search on our website, we collect website activity data such as the following in our log files:

   • IP address
   • Name of your internet service provider
   • Information on operating system and browser you use
   • Browser language
   • Date, time and duration of your visit to the website
   • Name(s) of the visited pages; and
   • Internet address of the website from which you accessed our website.

4. How is your data used (purposes and legal bases)?

   We process your personal data for the purposes and rely on the legal bases set forth in the table below. Where relevant, the legitimate interest we pursue is included in said table as well.

   Generally, the relevant legal bases will be:

   • Compliance with legal obligations to which we are subject (Art. 6 (1) (c) GDPR); and
   • Legitimate interests (Art. 6 (1) (f) GDPR).

   Purpose of processing	Legal basis	Legitimate interest (where relevant)
   To provide our website	Legitimate interests	We have a legitimate interest in making our website available via the Internet.
   To determine disruptions and to ensure the security of our website and our systems, including the detection and tracing of (the attempt of) unauthorized access to our web servers	(i) Compliance with legal obligations regarding data security or (ii) - where no such obligations exists - legitimate interests	We have a legitimate interest in resolving disruptions and ensuring the security of the website and our systems.
   To safeguard our rights	Legitimate interests	We have a legitimate interest in the establishment, exercise and defense of legal claims
   To comply with legal obligations to which we are subject	Compliance with legal obligations	N/A
   For any of the above listed purposes it might be necessary to transfer data to other entities of the MD7 Group	Legitimate interests	We, as part of the MD7 Group, have a legitimate interest in transferring personal data within the group for internal administrative purposes.

5. What kind of cookies do you use?

   We only use cookies which are strictly necessary for the provision of the website.

6. Who has access to your personal data (recipients)?

   Within MD7, only authorized MD7 employees with appropriate responsibilities have access to your personal data. In addition we may share your personal data with the following categories of recipients:

   • We may share your personal data with service providers that process personal data on our behalf and subject to our instructions as so-called processors, for the purpose of providing their professional services to us:

     • RackSpace and Microsoft in Europe and the United States

   • We may share your personal data with the following third parties:

     • Other entities of the MD7 Group
     • State authorities
     • Consultants (lawyers and auditors)
     • Courts for the purpose of safeguarding our rights

7. Do we transfer your data internationally (third country transfers)?

   Some recipients of personal data may be located outside the European Economic Area ("EEA") and in countries that do not offer a level of protection equivalent to the one granted in the EEA.

   Where personal data of website users is transferred to locations outside the EEA, we will, as required by law, ensure that your privacy rights are adequately protected either because the respective country to which personal data are transferred has been recognized as proving an adequate level of protection by the competent body (Art. 45 GDPR) or the transfer is subject to appropriate safeguards (e.g. provided by entering into standard data protection clauses of the European Union with the recipient) (Art. 46 GDPR) unless GDPR provides for an exception or you have given explicit consent (Art. 49 GDPR). In addition to this, we intend to, where necessary, agree on additional measures with recipients to ensure an adequate level of data protection.

   A copy of appropriate safeguard (e.g. standard contractual clauses) can be requested at [privacy@md7.com. We may redact such copy to the extent necessary to protect business secrets or other confidential information.

8. How long do we store your data?

   Your personal data will generally only be stored until the personal data are no longer necessary in relation to the purposes for which they were collected (or otherwise processed). For log files including website activity data (as described in no. 3 above) processed for the purpose of determining disruptions and ensuring security of our website and our systems will be stored for a period of 7 to 10 days and deleted thereafter.

   As an exception, personal data may be stored longer where their processing is necessary for compliance with a legal obligation – including compliance with statutory retention periods – to which we are subject or for the establishment, exercise or defence of legal claims.

9. What rights do you have with respect to your personal data?

   You have the following rights under GDPR provided that the legal requirements therein are met:

   • Right of access. You may request information about the processing of your personal data and a copy of the personal data undergoing processing insofar as such copy does not adversely affect the rights and freedoms of others.
   • Right to rectification.
   You may request information about the processing of your personal data and a copy of the personal data undergoing processing insofar as such copy does not adversely affect the rights and freedoms of others.
   • Right to erasure.You may request information about the processing of your personal data and a copy of the personal data undergoing processing insofar as such copy does not adversely affect the rights and freedoms of others.
   • Right to restriction of processing.You may request restriction of processing (i) for the period in which we verify the accuracy of your personal data if you contested the accuracy of the personal data, (ii) where the processing is unlawful and you request restriction of processing instead of deletion of the data, (iii) where we no longer need the personal data, but you require the data for the establishment, exercise or defence of legal claims or (iv) if you objected to processing until it has been verified whether our legitimate grounds override your interests, rights and freedoms.
   • Right to data portability.You may request to receive certain personal data which you have provided to us in a structured, commonly used machine-readable format and transmit those data to another service provider where technically feasible. This only applies to personal data processed by automated means and on the basis of your consent or the performance of a contract with you.
   • Right to withdraw consent.You may withdraw your consent at any time for the future where processing is based on your consent, without affecting the lawfulness of processing based on consent before its withdrawal.
   • Right to object.
     

     You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on our or a third party’s legitimate interests.

     We then will no longer process your personal data for the purpose to which you have objected unless we are able to demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.

     Where we process your personal data for direct marketing purposes, you have the right to object at any time to processing of your personal data for such direct marketing. We then will no longer process your personal data for direct marketing purposes.

   • Right to lodge a complaint. You may lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence or place of an alleged infringement if you consider that the processing of your personal data infringes applicable data protection law. Should you have any complaints, however, kindly ask you to contact us first.

   For further information regarding your rights, or to exercise any of your rights, please contact us at privacy@md7.com.

10. Is there any automated decision-making?

    In the context of this website no automated decision-making takes place.

11. Changes to this Notice

    We reserve the right to amend or modify this Notice at any time to ensure compliance with applicable laws. Please check regularly whether this Notice has been updated.

    This Notice has been updated last in May 2022.