Privacy Notice
Revised and effective 29th November, 2024. Morpheus Data, LLC (“Morpheus”, “we”, “us”, “our”) takes your privacy seriously and we know you do too. This Privacy Notice (“Notice”) describes how we collect, process, and share Personal Data, your rights & choices, and other important information about how we handle your Personal Data. Additional information for users in certain US states, the EEA/UK/Switzerland, and Australia/New Zealand is available in our Regional Supplements.
1. SCOPE OF THIS NOTICE
This Notice applies to your use of our “Services” which include the following:
- Our website, www.morpheusdata.com, and any other websites or services where we link to/post this Notice (including any subdomains or mobile versions, the “Site(s)”); and
- Our subscription service, our end user software, or other resources.
Please note: We provide certain services and process information (e.g. platform operations, enterprise services) on behalf of third parties that have entered into an agreement with us to provide our Services (our “Customers”). We process data on behalf of our Customers as a “service provider” or “processor” which is outside the scope of this Notice. Contact the Customer for more information regarding their processing of your Personal Data. Similarly, we may link to third party sites, services, or applications (e.g. social media platforms). This Notice reflects only how we process Personal Data through our Services. This Notice does not apply to information processed by or on behalf of our Customers or any other third party. We neither can control nor are responsible for the privacy practices or content of websites or apps operated by any third party. Please see the third party’s privacy notice for more information.
2. CONTROLLER/HOW TO CONTACT US
The party that determines the purposes and means for processing of your Personal Data (“controller”) under this Notice is Morpheus Data, LLC, a Delaware limited liability company.
General Inquiries: | privacy@morpheusdata.com |
Opt-Out of Data Sales or Sharing; Limit uses of Sensitive Personal Data: | Visit the privacy@morpheusdata.com | , or email us at
Regional Data Rights: | Email us at privacy@morpheusdata.com |
Direct Marketing Disclosure Inquiries: | send us mail to address below or email privacy@morpheusdata.com |
Mailing Address: | Morpheus Data, LLC 5460 S Quebec St, Suite 330 Greenwood Village, Colorado 80111, United States of America |
3. CATEGORIES AND SOURCES OF PERSONAL DATA
The following describes how we process data relating to identified or identifiable individuals and households (“Personal Data”).
A. Categories of Personal Data We Process
The categories of Personal Data we process may include:
- Audio/Visual Data – Recordings and images collected from audio files and records, such as voicemails, call recordings, photographs, and the like.
- Biographical Data – Data relating to professional and employment history, qualifications, and similar biographic information.
- Contact Data – Identity Data we can use to contact you, such as email and physical addresses, phone numbers, company name or name of academic institution, social media or communications platform usernames/handles.
- Device / Network Data – Browsing history, search history, and information regarding your interaction with a website, application, or advertisement (e.g. IP Address, MAC Address, SSIDs, application ID/AdID/IDFA, session navigation history and similar browsing metadata, and other data generated through applications and browsers, including cookies and similar technologies or other device identifiers or persistent identifiers), online user ID, device characteristics (such as browser/OS version), web server logs, application logs, first party cookies, third party cookies, web beacons, clear gifs and pixel tags.
- General Location Data – Non-precise location data, e.g. location information derived from IP Address, or social media tags/posts.
- Identity Data – Information such as your name; address; email address; telephone number; gender; date of birth, age and/or age range; account login details, e.g. username and password, avatar, or other account handles/usernames.
- Inference Data – Personal Data generated reflecting your preferences, characteristics, predispositions, behavior, demographics, household characteristics, market segments, likes, favorites and other data or analytics.
- Sensitive Personal Data – Personal Data deemed “sensitive” under California or other laws, such as social security, driver’s license, state identification card, or passport number; account log-in and password, financial account, debit card, or credit card number; precise location data; racial or ethnic origin, religious or philosophical beliefs, etc. As described further below, we may collect the following categories of Sensitive Personal Data, subject to exceptions and limitations as required under local law:
- “Payment Data” – Data that includes financial account log‐in information, or financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to such financial account, Information such as bank account details, payment card information, including similar data protected as Sensitive Data under applicable law.
- See your Rights & Choices for information on how to opt-out or limit processing of Sensitive Personal Data.
- Transaction Data – Information about transactions you make with us through our Services, such as a paid subscription, and similar information.
- User Content – Unstructured/free-form data that may include any category of Personal Data, e.g. data that you give us in free text fields such as through our customer chat service.
B. Sources of Personal Data We Process
We collect Personal Data from various sources, which include:
- Data you provide us – We receive Personal Data when you provide them to us, when you purchase our products or services, complete a transaction via our Services, or when you otherwise use our Services.
- Data we collect from your devices – We automatically collect Personal Data about or generated by any device used to access our Services.
- Service Providers – We receive Personal Data from third party service providers who collect Personal Data when performing services on our behalf. Our Service providers generally include:
- IT service providers: third parties that provide us with technology or IT services, such as networking, cloud services, software applications, and the like.
- Marketing services: third parties that engage in marketing on our behalf, e.g. marketing agencies.
- Payment processors: third parties that process payments for products and services purchased through our Services.
- SSO Platforms – We receive Personal Data from providers of third party services that offer “single sign on” services if you use those parties to sign up or log in to our Services.
- Social media & advertisers – We receive Personal Data from social media companies, ad networks, and Targeted Advertising vendors when we engage in Targeted Advertising and social media marketing, or if you interact with that social media or other company on or in connection with our Services (e.g. our pages on social media sites).
- Data we create or infer – We, certain partners, social media companies, and third parties operating on our behalf, create and infer Personal Data such as Inference Data or Aggregate Data based on our observations or analysis of other Personal Data processed under this Notice, and we may correlate this data with other data we process about you.
4. DATA PROCESSING CONTEXTS / NOTICE AT COLLECTION
A. Our Corporate Website
Generally
We process Device/Network Data, Contact Data, Identity Data, General Location Data, and Inference Data when you visit the Site. You may also be able to register for an account, contact us, or enroll in Marketing Communications through our Site. We use this Personal Data as necessary to operate our Services, such as keeping you logged in, delivering pages, etc., for our Business Purposes, and our other legitimate interests, such as ensuring the security of our websites, mobile applications and other technology systems and analyzing the use of our Services, including navigation patterns, clicks, etc. to help understand and make improvements to the Services. We may process this Personal Data for our Targeted Advertising (which may involve data sales or “Sharing” under US law.)
Data Retention | Regional Notices | Legal Bases
Cookies and other tracking technologies
We process Identity Data, Device/Network Data, Contact Data, Inference Data, General Location Data, and other non-Personal Data in connection with our use of cookies and similar technologies on our Services. We may collect this data automatically, subject to your consent as described further below. For further information, visit www.allaboutcookies.org. For a complete list of the cookies we currently use, . We and authorized third parties may use cookies and similar technologies for the following purposes, subject to your consent where required, as described below:
- We automatically collect data using cookies and similar technologies for “essential” purposes necessary for our Services to operate (such as maintaining user sessions, CDNs, and the like). This processing is mandatory.
- for “functional” purposes, such as to enable certain features of our Services (for example, to operate our customer chat services, to save your user preferences and language settings);
- for “analytics” purposes or to improve our Services, such as to analyze the traffic to and on our Services (for example, we can count how many people have looked at a specific page, or see how visitors move around the website when they use it, to distinguish unique visits/visitors to our Services, and what website they visited prior to visiting our website, and use this information to understand user behaviors and improve the design and functionality of the website);
- for “retargeting,” Targeted Advertising, or other advertising and marketing purposes, including technologies that process Inference Data or other data so that we can deliver, buy, or target advertisements which are more likely to be of interest to you; and in connection with our integration with “social media” services e.g. via third-party social media cookies, or when you share information using a social media sharing button or “like” button on our Services or you link your account or engage with our content on or through a social networking website such as LinkedIn.
We may also process this Personal Data for our Business Purposes and Targeted Advertising (which may involve data sales or “Sharing” under US law). If you do not want information collected through the use of cookies, you can manage/deny cookies (and certain technologies) using your browser’s settings menu or our Cookie Preferences link. You may need to opt out of third-party services directly via the third party. For example, to opt-out of Google’s analytic and marketing services, visit Google Analytics Terms of Use, the Google Policy, or Google Analytics Opt-out. See your Rights & Choices for more information regarding opt-out rights for cookies and similar technologies. Third parties may view, edit, or set their own cookies or place web beacons on our websites. We, or third party providers, may be able to use these technologies to identify you across platforms, devices, sites, and services. These third parties may engage in Targeted Advertising using this data. Social Media companies and third parties engaged in Targeted Advertising are third party controllers and may have their own privacy policies and their processing is not subject to this Notice. To manage your cookie preferences, please view our .
Data Retention | Regional Notices | Legal Bases
Account Registration
We process Identity Data, Inference Data, Device/Network Data, and Contact Data such as the first and last name you enter, email address, city, physical address, and any other information you may provide when you register and create an account for a Morpheus Portal (described below). We collect Audio/Visual Data if you upload a profile picture to your account, and we may process User Content if you provide it. Subject to your rights and choices under applicable law, we use this Personal Data to create and maintain your account, to provide the products and services you request, and for our Business Purposes.
Data Retention | Regional Notices | Legal Bases
Single Sign-On and Linked Accounts
We process Identity Data, Inference Data, Contact Data, and Device/Network Data when you link your Google, GitHub, Apple, or other communications account to a Morpheus Portal and use single sign-on. If you allow us to access your contacts, we will transmit information about your contacts to our servers. We also process this Personal Data to confirm your identity, grant you access to the Morpheus Portal of your choice, and for our Business Purposes.
Data Retention | Regional Notices | Legal Bases
Morpheus Portals
We process Identity Data, Inference Data, Contact Data, and any User Content you post (e.g. forum posts, questions, and comments) in one of our Morpheus Portals, such as our Support Portal, Community Portal, or Partner Portal. We process this Personal Data for our Business Purposes and may also process this Personal Data for Targeted Advertising (which may involve data sales or “Sharing” under US law). Posts may be public or reposted on our Services. Content you provide may be publicly available when you post it on our Services, or in some cases, if you reference, engage, or tag our official social media accounts or communications platforms.
Data Retention | Regional Notices | Legal Bases
Contact Us; Customer Service Chat
We collect and process Identity Data, Contact Data, and User Content when you contact us, e.g. through our customer services chat or through email. If you call us via phone, we may collect Audio/Visual data from a call recording or voicemail. Our customer service chat uses artificial intelligence that may analyze your inputs to provide relevant information about our Website and services to help better address your needs. Our chat function may be operated by a third party who will collect and process this Personal Data on our behalf. We process this Personal Data to respond to your request, and communicate with you, as appropriate, and for our Business Purposes. If you consent or if permitted by law, we may use Identity Data and Contact Data you provide in a contact form to send you Marketing Communications and for our Targeted Advertising (which may involve data sales or “Sharing” under US law). See the Regional Data Rights section for information regarding this processing in your jurisdiction.
Data Retention | Regional Notices | Legal Bases
B. Purchases, Subscriptions, and Transactions
We process Transaction Data, Identity Data, Payment Data, Inference Data, and Contact Data when you complete a purchase or sale transaction. We do not permanently store your Payment Data, except at your request. We process this Personal Data as necessary to perform or initiate a transaction with you, process your order, payment, or refund, carry out fulfilment and delivery, document transactions, and for our Business Purposes. We may process Identity Data, Transaction Data, Contact Data, and Device/Network Data for Targeted Advertising (which may involve data sales or “Sharing” under US law). We do not sell or “Share” or process Payment Data for Business Purposes not permitted under applicable law. Third party businesses/controllers may receive your information. Third Party data controllers/businesses (such as payment processors) provide services related to your purchase through our Services. We may disclose Identity Data, Transaction Data, Contact Data, and Device/Network Data to those third parties to facilitate your purchase. You may also direct us to disclose this data to or interact with these third parties as part of your purchase (which does not involve a sale by Morpheus.)
Data Retention | Regional Notices | Legal Bases
C. Demos, Events, and Webinars
We process Identity Data, Contact Data, and Device/Network Data when you request a demo, or sign up to attend one of our in-person events or online webinars. We process Audio/Visual Data if you ask a question or otherwise participate in a demo or webinar discussion. We process this Personal Data to customize your experience, confirm your RSVP and attendance to the event/webinar, deliver programming, and for our Business Purposes. We may process Identity Data, Contact Data, and Device/Network Data for Targeted Advertising (which may involve data sales or “Sharing” under US law).
D. Marketing Communications
We process Device/Network Data, Contact Data, Identity Data, and Inference Data in connection with marketing emails, SMS, push notifications, telemarketing, or similar communications, and when you open or interact with those communications (“Marketing Communications”). You may receive Marketing Communications if you consent and, in some jurisdictions where permitted by law, as a result of account registration, purchase, or other inquiry or transaction that allows us to send marketing communications without consent. Marketing communications will include information such as offers, product recommendations, newsletters, feedback requests, and other information relating to our services or promotional material we believe will interest you. We process this Personal Data to contact you about relevant products or services and for our Business Purposes. We may also use Device/Network Data, Contact Data, Identity Data, and Inference Data for our Targeted Advertising (which may involve data sales or “Sharing” under US law). We do not share Contact Data collected as part of Morpheus’s SMS marketing campaigns with third parties for their own marketing or Commercial Purposes. See the Regional Data Rights section for information regarding this processing in your jurisdiction. You can withdraw your consent to receive Marketing Communications by clicking on the unsubscribe link in an email, or by contacting us. To opt-out of the collection of information relating to email opens, configure your email so that it does not load images in our emails. See your Rights & Choices for more information.
Data Retention | Regional Notices | Legal Bases
E. Posts and social media
We process Identity Data, Inference Data, Contact Data, and User Content you post (e.g. comments, forum and social media posts, etc.) on our Services. We also process Identity Data, Contact Data, and User Content if you interact with or identify us (e.g. if you post User Content that engages with or tags our official accounts.) We process this Personal Data for our Business Purposes, and Targeted Advertising (which may involve data sales or “Sharing” under US law). Posts may be public, or reposted on our Services. Content you provide may be publicly-available when you post it on our Services, or in some cases, if you reference, engage, or tag our official accounts.
Data Retention | Regional Notices | Legal Bases
F. Professional Engagement
We process Identity Data, Contact Data, Government ID Data, Biographical Data, User Content, and Payment Data in connection with your application for employment, to become an independent contractor, or other professional engagement. We process this Personal Data as necessary to evaluate, establish, and maintain the professional relationship, including, but not limited to, to conduct background checks, to provide employment benefits, and for financial administration. We may also process this Personal Data for human resources purposes, such as managing identity and credentials, administering security and loss prevention, or analyzing and consolidated reporting. We may further process Personal Data in this context for our Business Purposes. We do not sell or share Personal Data processed in this context. We process Sensitive Personal Data only for Business Purposes permitted under applicable law.
Data Retention | Regional Notices | Legal Bases
5. PROCESSING PURPOSES
A. Business Purposes
We and our Service Providers process Personal Data we hold for numerous business purposes, depending on the context of collection, your Rights & Choices, and our legitimate interests. See Legal Basis chart for information about the specific legal basis for processing in our jurisdictions. We and our Service Providers generally process Personal Data for the following “Business Purposes.”
Service Delivery
We process Personal Data as necessary to provide our Services and the products and services you purchase or request. For example, we process Personal Data to authenticate users and their rights to access the Services, as otherwise necessary to fulfill our contractual obligations to you, provide you with the information, features, and services you request, and create relevant documentation.
Internal Processing and Service Improvement
We may use any Personal Data we process through our Services as necessary in connection with our legitimate interests in improving the design of our Service, understanding how our Services are used or function, for customer service purposes, for internal research, technical or feature development, to track use of our Service, QA and debugging, audits, and similar purposes.
Security and Incident Detection
We may process Personal Data in connection with our legitimate interest in ensuring that our Services are secure, identify and prevent crime, prevent fraud, and verify or authenticate users/individuals. Similarly, we process Personal Data on our Services as necessary to detect security incidents, protect against, and respond to malicious, deceptive, fraudulent, or illegal activity. We may analyze network traffic, device patterns, and characteristics, maintain and analyze logs and process similar Personal Data in connection with our information security activities.
Compliance and Public Interest
We may also process Personal Data as necessary to comply with our legal obligations, such as where you exercise your rights under data protection law, for the establishment and defense of legal claims, where we must comply with requests from government or law enforcement officials, and as may be required to meet national security or law enforcement requirements or prevent illegal activity. We may also process data to protect the vital interests of individuals, or on certain public interest grounds, each to the extent required or permitted under applicable law. Please see the How We Share Personal Data section for more information about how we disclose Personal Data in extraordinary circumstances.
B. Targeted Advertising
In some jurisdictions and subject to your consent where required by law, Morpheus affiliates and certain third parties operating on or through our Services, may engage in advertising targeted to your interests based on Personal Data that we or those third parties obtain or infer from your activities across non-affiliated websites, applications, or services in order to predict your preferences or interests (“Targeted Advertising” or “Sharing”). This form of advertising includes various parties and service providers, including third party data controllers, engaged in the processing of Personal Data in connection with advertising. These parties may be able to identify you across sites, devices, and over time. These parties may collect Personal Data such as unique IDs, IP addresses, device information, OS/browser type, and other similar data, as well as information about the ads you see and view, to develop and assess aspects of a profile about you to deliver more relevant advertisements and offers, to determine whether and how ads you see are effective, and to enable and assess advertisements you see from us on other sites. These third parties may augment your profile with demographic and other Inference Data derived from these observations, and may also track whether you view, interact with, and how often you have seen an ad, or whether you complete a purchase for a good or service you were shown in an advertisement. You can control how these third parties use your data, and the ads you see on these platforms, using the tools described in the Rights and Choices section below. We generally use Targeted Advertising for the purpose of marketing our Services, and to send Marketing Communications, including by creating custom marketing audiences on third-party websites or social media platforms.
6. DISCLOSURE/SHARING OF PERSONAL DATA
We may share Personal Data with the following categories of third-party recipients and/or for the following reasons. Note, some parties may be third party controllers who process data subject to their own privacy notice. Affiliates – we will share your Personal Data with any of our current or future affiliated entities, subsidiaries, and parent companies in order to streamline certain business operations, and in support of our Business Purposes and Targeted Advertising. Service Providers – We may share your Personal Data with service providers who provide certain services or process data on our behalf in connection with our general business operations, product/service fulfilment and improvements, to enable certain features, and in connection with our (or our Service Providers’) Business Purposes. We use service providers in the EU and US. For example, our service providers may perform services such as:
- Web hosting and technical infrastructure (US and EU)
- Communications services, e.g. messaging, emails (US and EU)
- Authentication (US and EU)
- Help desk and support management (US and EU and India)
- Technical services related to the security and operation of the Platform (US and EU)
Advertisers and Social Media Platforms – We may share certain Personal Data with social media platforms or advertisers in support of our Business Purposes and Targeted Advertising. We may allow these third parties to operate on or through our Services. Public Disclosure – If you interact with us or our Services in a way that allows for public disclosure of data (e.g. a comment or review, or post on our social media pages) then your information may be made public. Successors – We may share Personal Data if we go through a business transition, such as a merger, acquisition, liquidation, or sale of all or a portion of our assets. For example, Personal Data may be part of the assets transferred, or may be disclosed (subject to confidentiality restrictions) during the due diligence process for a potential transaction. Lawful Recipients – In limited circumstances, we may, without notice or your consent, access and disclose your Personal Data, any communications sent or received by you, and any other information that we may have about you to the extent we believe such disclosure is legally required, to prevent or respond to a crime, to investigate violations of our Terms of Use, in the vital interests of us or any person (such as where we reasonably believe the use or disclosure is necessary to lessen or prevent a serious threat to the life, health or safety of any individual or to public health or safety) or in such other circumstances as may be required or permitted by law. These disclosures may be made to governments that do not ensure the same degree of protection of your Personal Data as your home jurisdiction. We may, in our sole discretion (but without any obligation), object to the disclosure of your Personal Data to such parties.
7. INTERNATIONAL TRANSFERS OF YOUR PERSONAL DATA
If you are located outside the US, we may transfer or process your Personal Data in the US, UK, European Economic Area (EEA), and other jurisdictions where Morpheus or our service providers operate. Where required by local law, we ensure your data remains protected in connection with any international transfers. See the “Regional Supplement” section below for more information.
8. YOUR RIGHTS & CHOICES
You may have certain rights and choices regarding the Personal Data we process. Please note, these rights may vary based on the country or state where you reside, and our obligations under applicable law. See the following sections for more information regarding your rights/choices in specific regions:
- US States/California
- EEA/UK/Switzerland
- Australia/New Zealand
Your Rights
You may have certain rights and choices regarding the Personal Data we process. See the “Regional Supplement” section below for rights available to you in your jurisdiction. To submit a request, contact our Data Privacy Team. We verify your identity in connection with most requests, as described below.
Verification of Rights Requests
If you submit a request, we typically must verify your identity to ensure that you have the right to make that request, reduce fraud, and to ensure the security of Personal Data. If an agent is submitting the request on your behalf, we reserve the right to validate the agent’s authority to act on your behalf. We may require that you match Personal Data we have on file in order to adequately verify your identity. If you have an account, we may require that you log into the account to submit the request as part of the verification process. We may not grant access to certain Personal Data to you if prohibited by law.
Your Choices
Marketing Communications
You can withdraw your consent to receive Marketing Communications by clicking on the unsubscribe link in an email (for email), by responding with “OPT-OUT”, “STOP”, or other supported unsubscribe message (for SMS), by adjusting the push message settings for our mobile apps using your device operating system (for push notifications), or by contacting us. To opt-out of the collection of information relating to email opens, configure your email so that it does not load images in our emails.
Withdrawing Your Consent/Opt-Out
You may withdraw any consent you have provided at any time. The consequence of you withdrawing consent might be that we cannot perform certain services for you, such as location-based services, personalizing or making relevant certain types of advertising, or other services conditioned on your consent or choice not to opt-out.
Cookies, Similar Technologies, and Targeted Advertising
General – If you do not want information collected through the use of cookies, you can manage/deny cookies (and certain technologies) using your browser’s settings menu or our Cookie Preferences link. You may need to opt out of third-party services directly via the third party. For example, to opt-out of Google’s analytic and marketing services with Google directly, visit Google Analytics Terms of Use, the Google Policy, or Google Analytics Opt-out. Targeted Advertising – You may opt out or withdraw your consent to Targeted Advertising by contacting us or through our . In some cases, you may be able to opt-out with third parties directly by submitting requests to third party partners. Please see these third parties’ privacy policies for more information. Global Privacy Control (GPC) – Our Services may support certain automated opt-out controls, such as the Global Privacy Control (“GPC”). GPC is a specification designed to allow Internet users to notify businesses of their privacy preferences, such as opting-out of the sale/”Sharing” of Personal Data. To activate GPC, users must enable a setting or use an extension in the user’s browser or mobile device. Please review your browser or device settings for more information regarding how to enable GPC. Please note: We may not be able to link GPC requests to your Personal Data in our systems, and as a result, some sales/ of your Personal Data may occur even if GPC is active. See the “Regional Supplements” section below for more information regarding other opt-out rights. Do-Not-Track – Our Services do not respond to your browser’s do-not-track request.
9. DATA SECURITY
We implement and maintain reasonable security measures to secure your Personal Data from unauthorized processing. While we endeavor to protect our Services and your Personal Data unauthorized access, use, modification and disclosure, we cannot guarantee that any information, during transmission or while stored on our systems, will be absolutely safe from intrusion by others. When we process information, we may pseudonymize data (i.e. store or use Personal Data using only a non-identifying number) or anonymize data (i.e. store data in a form that is not linked to or reasonably able to identify you personally) in order to protect your Personal Data during processing.
10. CHILDREN
Our Services are neither directed at nor intended for use by persons under the age of 18 and we do not knowingly collect Personal Data from children under 18. If we learn that we have inadvertently done so, we will promptly delete it. Do not access or use the Services if you are not of the age of majority in your jurisdiction unless you have the consent of your parent or guardian.
11. DATA RETENTION
We retain Personal Data for so long as it is reasonably necessary to achieve the relevant processing purposes described in this Notice, or for so long as is required by law. What is necessary may vary depending on the context and purpose of processing. We generally consider the following factors when we determine how long to retain data (without limitation):
- Retention periods established under applicable law;
- Industry best practices;
- Whether the purpose of processing is reasonably likely to justify further processing;
- Risks to individual privacy in continued processing;
- Applicable data protection impact assessments;
- IT systems design considerations/limitations; and
- The costs associated continued processing, retention, and deletion.
We will review retention periods periodically and may pseudonymize or anonymize data held for longer periods.
12. CHANGES TO OUR NOTICE
We may change this Notice from time to time. We will post changes on this page. We will notify you of any material changes, if required, via email or notices on our Services. Your continued use of our Services constitutes your acknowledgement of any revised Notice.
13. Regional Notices
A. US States/California
US State & California Privacy Rights & Choices
Under the California Consumer Privacy Act (“CCPA”) and other state privacy laws, residents of certain US states may have the following rights, subject to regional requirements, exceptions, and limitations. Confirm – Right to confirm whether we process your Personal Data Access/Know – Right to request any of following: (1) the categories of Personal Data we have collected, sold/“Shared,” or disclosed for a commercial purpose; (2) the categories of sources from which your Personal Data was collected; (3) the purposes for which we collected or sold/“Shared” your Personal Data; (4) the categories of third parties to whom we have sold/“Shared” your Personal Data, or disclosed it for a Business Purposes; and (5) the specific pieces of Personal Data we have collected about you.Portability – Right to request that we provide certain Personal Data in a common, portable formatDeletion – Right to delete certain Personal Data that we hold about you.Correction – Right to correct certain Personal Data that we hold about you. Opt-Out (Sales, Sharing, Targeted Advertising, Profiling) – Right to opt-out of the following:
- If we engage in sales of data (as defined by applicable law), you may direct us to stop selling Personal Data.
- If we engage in Targeted Advertising (aka “Sharing” of personal data or cross-context behavioral advertising,) you may opt-out of such processing.
- If we engage in certain forms of “profiling” (e.g. profiling that has legal or similarly significant effects), you may opt-out of such processing.
Opt-out or Limit Use and Disclosure of Sensitive Personal Data – Right to opt-out of the processing of certain Sensitive Data, or request that we limit certain uses of Sensitive Personal Data. This right does not apply in cases where we only use Sensitive Personal Data where necessary, or for certain Business Purposes authorized by applicable law. Non-Discrimination – California residents have the right to not to receive discriminatory treatment as a result of your exercise of rights conferred by the CCPA List of Direct Marketers – California residents may request a list of Personal Data we have disclosed about you to third parties for direct marketing purposes during the preceding calendar year.
Submission of Requests
You may submit requests as described below (please our review verification requirements section). If you have any questions or wish to appeal any refusal to take action in response to a rights request, contact us at privacy@morpheusdata.com. We will respond to any request to appeal within the time period required by law.
Opt-Out of Data Sales or Sharing; Limit uses of Sensitive Personal Data: | Visit the privacy@morpheusdata.com | , or email us at
Confirm; Access/Know; Deletion; Correction: | Visit the privacy@morpheusdata.com | , or email us at
Direct Marketing Disclosure Inquiries: | send us mail to address below or email privacy@morpheusdata.com |
Mailing Address: | Morpheus Data, LLC 5460 S Quebec St, Suite 330 Greenwood Village, Colorado 80111 United States of America |
Categories of Personal Data Disclosed for Business Purposes
For purposes of the CCPA, we have disclosed to Service Providers for “business purposes” in the preceding 12 months the following categories of Personal Data, to the following categories of recipients:
Category of Personal Data | Category of Recipients |
Audio/Visual Data; General Location Data; Identity Data; Inference Data; Transaction Data; User Content | Affiliates; Service Providers; Public Disclosure; Successors; Lawful Recipients |
Contact Data; Device/Network Data | Affiliates; Service Providers; Successors; Lawful Recipients |
Categories of Personal Data Sold, Shared, or Disclosed for Commercial Purposes
For purposes of the CCPA, we have “sold” or “Shared” in the preceding 12 months the following categories of Personal Data in the, to the following categories of recipients:
Category of Personal Data | Category of Recipients |
Transaction Data; Contact Data; Device/Network Data; Identity Data; Inference Data; General Location Data; User Content | Advertisers and Social Media Platforms |
Categories of Sensitive Personal Data Used or Disclosed
For purposes of CCPA, we may use or disclose the following categories of Sensitive Personal Data: Government ID Data, Health Data, and Payment Data. However, we do not sell or “Share” Sensitive Personal Data, or use it for purposes other than those listed in CCPA section 7027(m).
B. EEA/UK/Switzerland
Controller
The party that determines the purposes and means for processing of your Personal Data (“controller”) under this Notice is Morpheus Data, LLC, a Delaware limited liability company. See Section 2 above for more information.
Rights & Choices
Residents of the EEA, UK, and Switzerland have the following rights. Please review our verification requirements. Applicable law may provide exceptions and limitations to all rights. Access – You may have a right to access the Personal Data we process. Consent – To the extent we rely on your consent to process Personal Data, you may withdraw your consent at any time. Deletion – You may request that we delete your Personal Data. We may delete your data entirely, or we may anonymize or aggregate your information such that it no longer reasonably identifies you. Data Export – You may request that we send you a copy of your Personal Data in a common portable format of our choice. Restriction – You may request that we restrict the processing of Personal Data to what is necessary for a lawful basis. Objection – You may have the right under applicable law to object to any processing of Personal Data based on our legitimate interests. We may not cease or limit processing based solely on that objection, and we may continue processing where our interests in processing are appropriately balanced against individuals’ privacy interests. In addition to the general objection right, you may have the right to object to processing:
- for Profiling purposes;
- for direct marketing purposes (we will cease processing upon your objection); and
- involving automated decision-making with legal or similarly significant effects (if any).
Rectification – You may correct any Personal Data that you believe is inaccurate. Regulator Contact – You have the right to file a complaint with regulators about our processing of Personal Data. Should you wish to report a complaint or if you feel that Morpheus has not addressed your concern in a satisfactory manner, you may contact the Supervisory Authority in your jurisdiction, or the Information Commissioner’s Office as follows: Information Commissioner’s Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF Telephone: 0303 123 1113 Textphone: 01625 545860
Submission of Requests
You may submit requests via email to our privacy team at privacy@morpheusdata.com (please our review verification requirements section). If you have any questions or wish to appeal any refusal to take action in response to a rights request, contact us at privacy@morpheusdata.com. We will respond to any request to appeal within the time period required by law.
Legal Basis for Processing
Applicable Contexts, Purposes, Disclosures | Legal Basis | Description of Basis & Relevant Purposes |
Contexts
Purposes
Disclosures
|
Performance of Contract (Art. 6.1(b) GDPR) | Where we require you to provide any Personal Data in a given context, that data is strictly necessary to perform the agreement you have with us, or for us to provide to you the products and services you request. For example, we require you to provide certain Identity Data and Contact Data to open and maintain your Morpheus Portal account, or process a customer service requests. If you do not provide the Personal Data required, we may be unable to complete the transaction you request. |
Contexts
Purposes
Disclosures
|
Legitimate interests (Art. 6.1(f) GDPR) | This processing is based on our legitimate interests. For example, we rely on our legitimate interest to administer, analyze and improve our Sites and related content, to operate our business including through the use of service providers and subcontractors, to send you notifications about our Sites or products you have purchase, for archiving, recordkeeping, statistical and analytical purposes, and to use your Personal Data for administrative, fraud detection, audit, training, security, or legal purposes. See the Business Purposes of Processing section above for more detailed information regarding the specific nature of our interests and processing of Personal Data on the basis of our legitimate interests. |
Contexts
Purposes
Disclosures
|
Consent (Art. 6.1(a) GDPR) | This processing is based on your consent. You are free to withdraw any consent you may have provided, at any time, as described in the rights/choices section above, subject to our right to continue processing on alternative or additional legal bases. Withdrawal of consent does not affect the lawfulness of processing undertaken prior to withdrawal. |
Purposes
Purposes
Disclosures
|
Compliance with legal obligations (Art. 6.1(c) GDPR)Vital Interests of Data Subject (Art. 6.1(d) GDPR) | This processing is based on our need to comply with legal obligations. We may use your Personal Data to comply with legal obligations to which we are subject, including to comply with legal process. See the Business Purposes of Processing section above for more information regarding the nature of processing performed for compliance purposes. This processing is based on our need to process data in a manner that that is in the vital interests of an individual. See the Business Purposes of Processing section above for more information regarding the nature of processing performed for such purposes. |
Purposes
Disclosures
|
Performance of a task carried out in the public interest (Art. 6.1(e) GDPR) | This processing is based on our need to protect recognized public interests. We may use your Personal Data to perform a task in the public interest or that is in the vital interests of an individual. See the Business Purposes of Processing section above for more information regarding the nature of processing performed for such purposes. |
International Transfers
We process data in the United States, and other countries where our sub-processors are located. In cases where we transfer Personal Data to jurisdiction that have not been determined to provide “adequate” protections by your home jurisdiction, we will put in place appropriate safeguards to ensure that your Personal Data are properly protected and processed only in accordance with applicable law. Those safeguards may include the use of EU standard contractual clauses, reliance on the recipient’s Binding Corporate Rules program, or requiring the recipient to certify to a recognized adequacy framework. You can obtain more information about transfer measures we use for specific transfers by contacting us using the information above.
C. Australia/New Zealand
Rights and Choices
Residents of Australia and New Zealand have the right under the Privacy Act to request access or correct Personal Data we hold about you. If you wish to exercise your right under the Privacy Act to access or correct your Personal Data, you may email us at privacy@morpheusdata.com. If you make a request, we will require you to verify your identity before we provide you with any access, as described in the verification requirements section.
Purposes of Processing
In certain cases, we may not automatically process your Personal Data for certain purposes. We rely on your consent to process Personal Data as follows: Contexts
- Cookies and other tracking technologies for Targeted Advertising
- Any context where we process Sensitive Personal Data
- Marketing Communications
Purposes
- Targeted Advertising
Disclosures
- Advertisers and Social Media Platforms
Regulatory Contact
Australian residents may contact the Office of the Australian Information Commissioner (OAIC), or you may contact us with any complaints regarding our privacy practices. We will respond to complaints we receive in a timely manner and ensure our processing aligns with your rights and our legal obligations.
This link provides information on Morpheus sub-processors.
For further queries or information please email us at privacy@morpheusdata.com.