Privacy Policy | The Optimization Firm

This website is administered by The Optimization Firm, LLC (TOF). We have designed this Privacy Policy to help you understand how we use your personal data in accordance with U.S. information security and privacy laws and the EU General Data Protection Regulation. Please read this Privacy Policy prior to using our website.

Who will use your personal data?

TOF is the controller and processor of your personal information collected from the TOF website. We continually strive to collect the minimum necessary information in order to meet your needs and our business purposes in a secure manner. We will not process your data for purposes other than those for which we collect it.

In order for us to provide services to you, we use your data in the United States and may provide your personal data to MailChimp, an email marketing service who is one of our data processors. By default, we do not make personal data accessible to an indefinite number of individuals without your intervention. We transfer data only to MailChimp and take all reasonable steps necessary to ensure that your personal data is treated securely and in accordance with this policy.

TOF will only use your personal data as described above, and will not sell, distribute, or provide your personal data to third parties outside of its own organization without your written and prior consent, unless obligated to do so by law, codes of conduct, or court order.

What information do we collect?

When you visit this website, TOF may collect personal data about you, either information you provide voluntarily or information collected automatically. TOF takes reasonable steps to ensure that the data we collect is accurate, complete, reliable for its intended use, and up-to-date. TOF will only use your personal data in accordance with our Policy Policy.

Information you provide voluntarily

We collect the following information that you provide to us:

User information on our website, which may include your name, username and password, contact information, demographic information, and preferences that you may provide in the context of specific products. TOF accounts require a username and password. Members must keep their username and password secure, and never disclose it to a third party. Because the information in a user’s TOF account is sensitive, account passwords are hashed, which means we cannot see a user’s password. We cannot resend forgotten passwords either. We will only provide users with instructions on how to reset them.
Payment data when you purchase a product or service through our payment processor. We use this information, such as your credit card number, only to process your payment. Our payment processor relies on state-of-the-art data security protocols.
Social media posts when you engage in social networking and social media actives through our social media channels, such as Twitter and LinkedIn. We collect information posted by you, moderate those channels, and have administrative technical access to all information.

Information collected automatically

None of the below data is collected in a manner that identifies you individually. We use this information in aggregated formats to measure the use and effectiveness of our product and services and improve their quality:

Service or IP address
Operating system
Browser type
Location information
How you arrived on our website
Web pages you viewed
Links you clicked on our website
Keywords you searched for
Links you clicked in emails we send

We may also obtain information about you from other sources, such as publicly available information or information you provide to us at seminars or to our partners who refer you.

Where do we store your personal data and how do we safeguard it?

When we collect your personal data, we store it on our website, where all our data is encrypted. Our website is scanned on a regular basis for security holes and known vulnerabilities in order to protect your data from unauthorized access, disclosure, use, and modification.

In addition, we may transfer and store your name and email address in MailChimp. For example, your name and email may be transferred to and processed by MailChimp, who collects and stores personal data (within our company account in order to allow us to create and use distribution lists and send marketing campaigns), and transfers personal data to certain MailChimp sub-processors (who, as described in MailChimp’s Data Processing Agreement, perform critical services, such as helping MailChimp prevent abuse and providing customer support).

We may transfer and store your name, email address, and professional affiliation in our company computers, which use secure servers and encrypted data transmission. We may also store personal information in the form of emails, documents, and spreadsheets, all of which are safeguarded by encrypted hard drives. Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential.

When a user places an order, all transactions are processed through a gateway provider and are not stored or processed on our servers. All sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology.

When do we collect data?

When you visit this website, TOF may collect personal data about you, either voluntarily (where you are asked to provide the data) or automatically. We also collect information from you when you make a purchase, register on our website, subscribe to our newsletter, submit comments or questions (either by email or through the TOF website), apply for a job opening, or use other services through the TOF website.

Why do we process your data?

TOF collects and processes information about customers and visitors to its website in order to properly verify their identity and provide them with future information about sales and product updates. The information you provide will be used to contact you when necessary (provided you have not opted out to receive our services).

A legitimate interest is when we have a business or commercial reason to use your information, so long as it is not overridden by your own rights and interests. We process personal information about you as a data controller where such processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. By default, only personal data which is necessary for each legitimate purpose of the processing will be processed.

Our legitimate business interests include:

Enhancing, improving, maintaining, and providing our products and services
Ensuring the security of the services and our website
Conducting marketing activities

Specifically, we use your personal data to:

Respond to questions or inquiries that you submitted by email or through the TOF website
Process orders and send information pertaining to orders
Administer and sustain services (e.g., to remind you to renew your license or download the latest software version)
Email you additional information related to TOF products and services that you may find helpful, including conferences, studies, and publications
Market to our mailing list or continue to send emails to our clients after placing their first order

In compliance with the GDPR, we only use your personal information for proper reasons, such as to:

Comply with our legal and regulatory obligations;
Perform our contract with you or take steps at your request before entering into a contract
Carry out our legitimate interests or those of a third party
Process your data where you have given consent

How long do we retain your data?

TOF will not collect or retain your personal data longer than is necessary for ongoing legitimate business, unless this data is necessary for complying with a statutory retention obligation. Data is kept for as long as users keep their account on our system. Users have access to their account on our website that shows them all data we have for them. They can always remove their account or unsubscribe from our Mailchimp subscriptions.

Our retention periods will vary depending on the type of data involved, but, generally, we will refer to these criteria in order to determine the retention period:

Whether we have a legal or contractual need to retain the data
Whether the data is necessary to provide our services
Whether our users have the ability to access and delete the data within their accounts
Whether our users would reasonably expect us to retain the data until they remove it or until their accounts are closed or terminated

When we have no ongoing legitimate business need to process your personal data, we will either delete or anonymize it or, if this is not possible (for example, because your personal data has been stored in backup archives), then we will securely store your personal data and isolate it from any further processing until deletion is possible.

Verifying and managing your consent

The lawful basis for processing data is for the data subject to give written consent to the processing of personal data for one or more specific purposes. In order to provide you with the services referred to in this Privacy Policy, you must consent to the use of your personal data (as described in this policy) in countries outside of the EU, and, where necessary, to the exchange of such data with other service providers engaged by TOF.

We will collect a written record of when and how you agreed to let TOF process your personal data. When users create an account on our website, they receive an email that asks them to confirm the use of their personal data by TOF. A copy of that email, which is also stored in our web host, provides a written record of your consent. You have the right to withdraw consent at any time.

Your rights

You have the right to obtain confirmation from TOF as to whether or not we hold personal information concerning you in our databases. Please note that we may request additional information prior to the initiation of a request and that TOF reserves the right to charge a fee with respect to certain requests. Upon TOF’s completion of the review of your request, you will be notified if your request has been granted, denied (for legal reasons), or if exemptions apply.

In most situations, you have the right to the following:

Access a personal copy of your personal information that we hold about you
Correct any mistakes in your personal information
Erase your personal information (and require us to do so)
Restrict processing of your personal information (and require us to do so)
Port your data to another party and receive your personal data in a legible, common machine-readable format (we are not responsible for the security of the personal data once received by the third party).
Object to the use of your personal information for our legitimate purposes
Not to be subject to automated decision-making (including profiling) that produces legal effects concerning you or similarly significantly affects you

If you are an individual protected by the GDPR and you wish to request information about or exercise your rights, please email info@minlp.com with the subject line titled, “GDPR Request.” In your email, please specifically describe the GDPR right you are requesting assistance with.

How to manage or remove your data

You can change or delete your personal information by logging in to your account. You can entirely remove your account at any point in time. If at any time you would like to unsubscribe from receiving future emails, you can follow the instructions at the bottom of each email and we will promptly remove you from all correspondence.

You may also contact us directly at any time about accessing, correcting, updating, or deleting your personal information by emailing us at info@minlp.com. We will consider your request in accordance with applicable laws.

In addition, if you are a resident of the EU, you can object to the processing of your personal information, ask us to restrict processing of your personal information, or request portability of your personal information. Again, you can exercise these rights by emailing us at info@minlp.com.

Other privacy and security topics

California Online Privacy Protection Act: CalOPPA allows our customers who are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make this request, please email info@minlp.com.

CAN-SPAM Act: The CAN-SPAM Act is a law that sets rules for all commercial email. In accordance with CAN-SPAM, we will use no false or misleading subjects lines/email addresses. We will also identify a message as an advertisement, include the physical address of our company headquarters, monitor third-party email marketing services for compliance, and allow and honor opt-out/unsubscribe requests immediately.

Children: TOF does not knowingly collect information from children under the age of 16 years old. In accordance with the Children's Online Privacy Protection Act (COPPA), TOF does not knowingly solicit data from, or about children, under 16 without the permission of parents/guardians. If we become aware that a child under 16 has provided us with personal information, we will delete such information from our files.

Cookies: We do not use cookies for tracking purposes. You may choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You can do this through your browser settings. If you turn cookies off, some third-party features that enhance your site experience may not function properly.

Data breaches: Should a data breach occur, we will notify you via email within 72 hours, and we will notify the users via in-site notification within 72 hours. We will document the facts relating to the data breach, its effects, and remedial action taken without undue further delay.

Do Not Track signals: We honor Do Not Track (DNT) signals and do not track, plant cookies, or use advertising when a DNT browser mechanism is in place.

Legal processes: We may share your information with third parties to comply with a legal process or if we believe, with good reason, that disclosure is required by law. This disclosure can include transferring your information to the U.S. and other countries outside the European Union.

Third-party links: We neither include nor offer third-party products. However, you may log in to your account using sign-in services such as Twitter, LinkedIn, and Google+. These services will authenticate your identity and provide you with the option to share certain personal information with us, such as your name and email address, to pre-populate our sign up form. In addition, TOF’s website contains links to other websites administered by other organizations. TOF is not responsible for the privacy policies and practices of other sites, even if you access them using links from our website.

Third-party behavioral tracking: We allow third-party behavioral tracking on our website.

Transfer of information internationally: As a global organization, TOF may need to transfer certain information to authorized systems, companies, or individuals in countries other than your own. By using our services, the website, or otherwise providing us with your personal data, you agree to the transfer of your personal data subject to this policy.

Vendors: We partner with third party companies to perform services on our behalf, such as payment processing and email marketing. Such companies (such as MailChimp) will have access to your data; however, they are prohibited from using your personal information for purposes other than those requested by us.

Changes to this Privacy Policy

We reserve the right to amend this policy at any time, for any reason, and will do so by posting a new version online. Your continued use of our website and/or continued provision of personal data to us will be subject to the terms of the then-current policy.

How to contact us

If you have any questions regarding this Privacy Policy or our data processing activities, please email us at info@minlp.com.

Last edited: June 20, 2018