Mesh Privacy Statement
Mesh Digital Services, Inc. Privacy Statement
Effective Date: October 4, 2021
YOUR PRIVACY IS IMPORTANT TO US
This Privacy Statement explains how Mesh collects, processes, and shares personal data about you when you visit our website or use our Services. If you have questions about these practices, please contact us using the contact details provided below.
Mesh adheres to the principle that any personal data we collect belongs to the person who provides it. Because the data does not belong to Mesh, we never sell your data and always provide you the choice to stop providing us with data, to no longer allow us to share data, or to ask that we no longer retain your data and attest your verified status with websites where you used Mesh to access exclusive benefits, products and/or discounts. If you would like to make any of these choices, you may do so through our applications’ controls or by contacting firstname.lastname@example.org.
WHEN DOES THIS PRIVACY STATEMENT APPLY?
NOTICE TO END-USERS OF MESH SERVICES
When you use the Mesh Services, Mesh is providing a service to you as a “data subject” and is therefore considered to be what is known as a “data controller.” Mesh processes the data you provide so that it can provide you with the Services you have requested. For example, you may provide Mesh with information in order to qualify for a Verified License badge at a service marketplace, to become eligible to buy professional-use only products at an e-commerce website or to access exclusive discounts when shopping online. Mesh does not collect or process your personal data unless you grant us permission to do so after having an opportunity to review this Privacy Statement and by thereafter continuing to use the Services. If you have questions about how Mesh processes any of your personal data, please contact us at email@example.com.
You must be at least 18 years old to use our Services and we do not knowingly collect, use, process, or disclose personally identifiable data from any visitor to our website that is under the age of 18. None of our Services or products are directed to users under the age of 18 unless their parent or guardian consents. Should we discover any user under the age of 18, we will immediately revoke their access to the Services and terminate their account.
You may, upon request to us, be informed of the existence, use, and disclosure of your personal information and be given access to that information. You may also challenge the accuracy and completeness of the information we have collected and amend it as appropriate unless we provide you with reasonable reasons why we cannot provide this information to you (for instance, if we have confirmed the data with a separate public source or an authoritative government agency).
WHAT PERSONAL DATA DOES MESH COLLECT?
Mesh neither collects nor processes your data unless you have provided consent for us to do so. You will always have a choice to withdraw your consent, and, once received, we will promptly stop collecting, processing, or using your data for any purpose. Of course, should you elect not to have Mesh collect or process your data, your ability to use the Services that Mesh enables you to access may be affected.
Mesh provides Services to a variety of different individuals and entities and how we collect, use, and share data may vary accordingly. For instance, we provide Services to companies that request that we verify information about Certified Professionals to determine their eligibility for certain benefits, products, and prices that are exclusively offered to verified professionals. For purposes of this Privacy Statement, these individuals/entities will be referred to as “Requesters.”
We also provide Services to Individuals or entities that hold various licenses or registrations related to the services they provide to the public. These individuals and entities are also able to use our Services to convey that information to End UsersRequesters and others. For purposes of this Privacy Statement, those individuals/entities will be referred to as “Certified Professionals.”
We collect information about you from different sources and in various ways when you use our Services. This includes information: i) you provide directly; ii) that is collected automatically, iii) obtained through publicly available sources or other third-party data sources; and iv) inferred or generated from other data. Our collection of data also depends on your choices (described in more detail below). Certain information (for instance registration and account information) is collected once when you first access the Services. Other information related to the Services (for instance completing specific activities or other distinct actions) is collected on an ongoing basis through your continued use of the Services.
INFORMATION YOU PROVIDE DIRECTLY.
Whether you are a Requester End User or a Certified Professional, we collect personal data you voluntarily provide to us, including, for example:
- Your registration/contact information (e.g., name, email address) when signing up for or using the Mesh Platform or our Services.
- Information you choose to input into the features of the Mesh Platform (e.g., licensing information, your legal entity name if applicable, business address, etc.).
- Contact information you provide to us in a web form when visiting one of the Websites.
- Information you provide to us when you log in to use the Services as a Requester.
You will always have control over what data you choose to provide directly to Mesh in connection with the Services (either through not providing requested inputs or through the use of available controls in the application or Services). Please be aware, however, that certain Services functionality may be impacted by this choice. For instance, if you are a Certified Professional trying to earn a “Verified License” badge on a service marketplace or trying to buy a professional use only product for verified individuals, we may not be able to verify your eligibility status unless you provide us with the required information about your professional license.
INFORMATION COLLECTED AUTOMATICALLY.
Whether you are a Requester, End User or a Certified Professional, when you use our Services, some information is collected automatically, for example:
- Device information (model, operating system version, mobile network information, operating system and system settings, browser type, browser language, Internet Protocol (IP) address, country and time zone in which your device is located, and the Platform pages you viewed and how long you viewed them, and similar identifiers). Mesh may associate some device information with your Mesh account.
- Mobile Application Information (application data and metadata stored on your device when permitted by your operating system settings)
- Data related to your use of the Services including which services you have requested, which Certified Professionals you have asked to be verified.
Also, as further described in the Cookie Notice, our Websites and online services store and retrieve data using cookies set on your device.
INFORMATION OBTAINED FROM OTHER THIRD-PARTY SOURCES.
If you are a Certified Professional, to provide the Services to you and Requesters End Users, Mesh may access data held and/or processed by public-facing third parties including those having (or potentially having) information about you, any licenses or registrations you hold or have held and other information relevant to the Services we provide to you and Requesters End Users. Mesh may also obtain information from other services to which you subscribe such as services through which consumers or others may discover the services you offer. By signing up for and using the Services, you consent to our obtaining such information. We protect information obtained from third parties according to the practices described in this Privacy Statement, plus any additional restrictions imposed by the source of the information. You should also confirm what third-party privacy practices apply to your publicly available information.
Whether you are a Requester n End User or a Certified Professional, we may link together different types of information we obtain from different sources, including linking it to data that identifies you. For instance, we may link data you provide to other publicly available credentials or information. In such a case, Mesh treats the linked information as personal data and protects it as such.
DO NOT TRACK
Some web browsers (including Safari, Chrome, Internet Explorer, and Firefox) incorporate a “Do Not Track” (“DNT”) or similar feature that signals to websites that a user does not want to have their online activity and behavior tracked. If a website that responds to a DNT signal receives the DNT signal, the browser can block that website from collecting certain information about the user. Not all browsers offer a DNT option and DNT signals are not yet uniform. For this reason, many website operators, including Mesh, do not respond to DNT signals. Instead, you can use the range of other tools to control data collection and use, including the cookie controls and advertising controls described in our Cookie Notice.
HOW DOES MESH USE PERSONAL DATA?
Mesh uses personal data collected for the purposes described in this Privacy Statement or as otherwise disclosed to you. We use personal data to:
- Provide a streamlined authentication and verification service to both Certified Professionals, Requesters, and the entities integrated with Mesh. Certified Professionals with Mesh credentials will only need to provide the same information once to attest their verified status across any entities in the Mesh network.
- Provide and deliver the Services to both Requesters End Users and Certified Professionals (including securing, troubleshooting, improving, and personalizing those Services). We use data you provide, data automatically collected, and, where applicable, from third parties to do this. This may include name, email address, and other information and data you voluntarily provide to us or that we receive from others.
- If you are a Certified Professional, we may use data to work with you and others (such as government agencies) to resolve issues with either existing data or information that may affect the use of the Services. We use data you provide and data from third parties for this purpose.
- Communicate with you regarding the Services or, for Certified Professionals, about changes to licensing or eligibility status that may affect how we verify applicable licenses or status. We use data you provide and data from third parties for this purpose.
- Communicate with others (including End UsersRequesters) about Certified Professionals’ licensing or other status we have been asked to verify. We use data voluntarily provided and that from third parties for this purpose.
- Resolve issues with the Services and to enhance your experience and enjoyment using our products and Services. We use data you provide, data automatically collected, and, where applicable, data from third parties for this purpose. This may include data relating to your use of our Services so we can recommend a relevant experience.
- Operate our business (including by improving our internal operations, securing our systems, conducting analytics, and detecting fraudulent or illegal activity). This typically involves data automatically collected as described above.
- Provide customer support and respond to your questions. We most typically use your name, login credentials, etc.
- Communicate with you about our products and services and those of our selected third-party partners so you can choose to sign up for those services. We may use your name and email address for this purpose; and
- Only as we are required to do so, to comply with valid requests from government or law enforcement.
For both Requesters End Users and Certified Professionals, Mesh may aggregate information collected through the Services and remove identifiers so that the information neither identifies nor can be used to identify an individual who uses the Services (“Aggregated Data”). Because it cannot be used to identify any specific individual, Aggregated Data is not considered “personal data.”
HOW DOES MESH SHARE INFORMATION?
Mesh will only share your data if you consent to that sharing (and you can always opt-out of future sharing). We may provide de-identified or aggregated data to third parties – but that data will not be linked to any specific individual, nor could an individual be re-identified from that data. Upon obtaining consent, Mesh may share personal data collected via the Mesh Platform as follows:
Your Activities on the Mesh Platform.
- For both Requesters End Users and Certified Professionals, we may share information about you and your activities on the Mesh Platform. For instance, if you update your information or seek additional licenses or registrations, we may update other users with respect to that update. If you accept services offered by any third party, you may be asked to agree to their terms and conditions or enter into another agreement. When you do so, you are making your agreement with the Third-Party Well-being Provider, not with Mesh.
Mesh Services. Mesh also shares personal data collected via the Services as follows:
- If you are a Certified Professional, we may share relevant personal data about you with Requesters End Users who wish to verify your licensing, business or other statuses. With respect to publicly available information, any privacy statements or other agreements with those providers would apply.
- Mesh may share personal data with third-party service providers that perform services on behalf of Mesh (i.e., for web hosting, translation or data storage). Any third party with which we share personal data must agree to safeguard it in substantially the same manner as described herein and in accordance with all applicable laws.
- Mesh may share personal data with relevant third parties if Mesh is involved in a merger, sale, acquisition, divestiture, restructuring, reorganization, dissolution, bankruptcy or other change of ownership or control (in whole or in part), but your data will remain protected as described herein.
- Mesh will share personal data when you consent to such sharing.
We may disclose your personal information:
- If we believe that disclosing this information is necessary to: (i) detect, prevent or address fraud and other illegal activity, or (ii) identify, contact or bring legal action against someone who may be causing injury to or interference with (either intentionally or unintentionally) our rights or property, other users, or anyone else;
- In connection with any legal or other investigation, including an investigation related to a suspected breach of our Terms of Service;
- When we genuinely believe that such disclosure is required or permitted by law, including when responding to subpoenas, warrants, production orders, or similar orders; or
- If we genuinely believe that disclosure is needed to protect your safety or the safety of others, including when there is an emergency involving potential harm, loss of security or serious injury to anyone or even threats of such emergencies.
HOW DOES MESH PROTECT PERSONAL DATA?
Mesh takes reasonable and appropriate precautions to protect information that we collect and process, but no system or electronic data transmission is completely secure, and we cannot guarantee that a security breach will not occur. We expect that you will use appropriate security measures to protect your personal data when using our Services.
You are responsible for maintaining the security of your account credentials for the Services. Please use a strong password, never share your password with anyone, and do not use the same password with other sites or accounts. Mesh will treat access to the Services through your account credentials as if authorized by you. If we become aware of an unauthorized access or disclosure that affects the security of your personal data, we will provide you with notice as required by applicable law.
TIME PERIOD FOR WHICH MESH RETAINS PERSONAL DATA
We retain personal data only as long as is necessary to fulfill the legitimate business need for which the personal data is collected (such as to provide you with the Services). We may retain the data for a longer period to comply with legal obligations (e.g., regulatory, contractual, tax, accounting), to resolve disputes, to enforce agreements and other, similar purposes.
The criteria we use to determine how long to retain your personal data include:
- The length of time we have an ongoing relationship with you and provide services to you (for example, for as long as you have an account with us or keep using the Platform);
- Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period before we can delete them);
- Whether retention is advisable considering our legal position (such as for statutes of limitations, litigation or regulatory investigations).
When Mesh no longer has a legitimate business need to process your personal data, we follow our information governance procedures and either delete your personal data or render it impossible to use to identify you. If we cannot delete or de-identify your personal data, then we will archive and protect it from any further use until deletion or de-identification is possible.
We may create anonymous information from your personal information by excluding information (such as your name) that makes the data personally identifiable to you. We reserve the right to use and disclose anonymous information for any purpose and to any third party at our sole discretion.
YOUR CHOICES ABOUT PERSONAL DATA
If you would like to make a request to access, review, update, or delete personal data about you (if these rights are available to you by applicable law), please contact us at firstname.lastname@example.org. However, to the extent permitted by law, we reserve the right to decline requests where permitted by law or where we are unable to authenticate you as the person to whom the data relates. Please note that we often need to retain certain data for reasons such as recordkeeping and/or to complete any transaction that you began prior to requesting a change or deletion. Our databases and other records may have residual data which will not be removed.
You are responsible for entering valid information when creating your account, and for retaining access to any email account used to register. If you cannot access your email account, we may not be able to update or correct your personal information if you ask us to.
See the Cookies Notice for choices about cookies and other analytics and advertising controls.
CALIFORNIA PRIVACY RIGHTS
If you are a California resident and the processing of personal information about you is subject to the California Consumer Privacy Act (the “CCPA”), you have certain rights with respect to that information. You also have the right to not be discriminated against for exercising rights set out in the CCPA.
Right to Know:
You have a right to request the following information:
- The categories and specific pieces of personal information collected about you.
- The categories of sources from which personal information is collected.
- The purposes for collecting, using, or selling personal information.
- The categories of third parties with which personal information is shared.
- The categories of personal information we have disclosed about you for a business purpose. Note that the CCPA defines “business purpose” broadly; and because we use service providers for a number of business purposes that require access to our systems that hold personal information (such as supplying cloud data storage, maintaining the security of our systems, and providing customer support), in the past 12 months we have disclosed for a business purpose data from each of the categories of personal information that we maintain.
- The categories of personal information we have “sold” about you (if any), for each category of third party to which the personal information was sold. See the “Right to Opt-Out” below for more information.
Please note that we have provided much of this information in this privacy statement.
Right to Request Deletion:
The CCPA also provides Californian residents the right to request that we delete personal information under certain circumstances, subject to a number of exceptions. These exceptions to deletion include when information is: (1) needed to complete the transaction for which it was collected or to provide goods or services requested by the consumer; (2) used in the context of the business relationship with the consumer; (3) required to perform a contract; (4) used to detect security incidents and protect against malicious, fraudulent or illegal activity; (5) needed to engage in scientific, historical, or statistical research in the public interest; (6) used solely for internal uses that are reasonably aligned with the expectations of the consumer; or (7) required to comply with a legal obligation or applicable laws.
Right to Opt-Out:
Mesh does not sell your data for advertising or other purposes. However, while we don't sell your data as the term “sale” is typically understood, please note that the CCPA defines data "sales" very broadly – and in a way that may include the data we share with our partners to enable them to provide services to you. Thus, we also provide you the right to opt-out from the “sale,” as defined under the CCPA, of personal information. If you are a California resident who would like to exercise this right, please visit the “Do Not Sell My Personal Information” page at [need page].
California residents may make a request related to the right to know, a request to delete, or a request for further information about our compliance with the CCPA by e-mailing email@example.com.
LOCATION OF PERSONAL DATA
The personal data we collect may be stored and processed in your country or region, or in any other country where we or our affiliates, subsidiaries, or service providers maintain facilities. Currently, we primarily use data centers in the United States. We choose our storage location(s) to help us operate efficiently and improve performance. The location of the data does not change how we process your personal data or our compliance with this Privacy Statement and applicable law.
CHANGES TO THE PRIVACY STATEMENT
The Effective Date is set forth at the top of this Privacy Statement. If we change this Privacy Statement, we will post the updated Privacy Statement and its Effective Date on this page. If we make material changes that reduce your privacy rights, we will notify you in advance by sending you an email and/or by posting a notice in the Services at least 30 days prior to the change in either this Privacy Statement or how we handle your data to allow you to make an informed choice on whether you would like to continue.
HOW TO CONTACT MESH
If you have any questions, comments, or concerns for Mesh or our Data Protection Officer, please contact us through our Team at firstname.lastname@example.org or write to us at:
Mesh Digital Services, Inc.
Attention: Data Protection Officer
2093 Philadelphia Pike, #6040
Claymont, DE 19703
If you have a complaint concerning our privacy practices we will investigate your complaint and, if it is justified, we will take appropriate measures. If you are not satisfied with our response to your complaint or concerns, we will also suggest to you additional avenues of recourse.