• Information and Communications Technology
  • Software


UK Extension to the EU-U.S. Data Privacy Framework Framework: Active

Original Certification Date: 11/21/2023
Next Certification Due Date: 7/13/2024
Data Collected: HR, NON-HR

EU-U.S. Data Privacy Framework Framework: Active

Original Certification Date: 7/31/2018
Next Certification Due Date: 7/13/2024
Data Collected: HR, NON-HR

Swiss-U.S. Data Privacy Framework Framework: Active

Original Certification Date: 7/31/2018
Next Certification Due Date: 7/13/2024
Data Collected: NON-HR

Purpose of Data Collection

COLLECTING PERSONAL DATA We collect information relating to an identified or identifiable natural person (Personal Data) in a variety of ways including: Through web pages on the Site (e.g. when you request a white paper or complete a form for inquiries); Through responses to an online, email or electronic promotion or survey; or Over the telephone. Such personal data may include: Your name, job level, email address, postal address or telephone number; Your title, company name and address; Details of the resources you access on the Site and any data you download; Details of other engagements with Mimecast, such as trade show interactions. USING PERSONAL DATA As it is in our legitimate interests to be responsive to you and to ensure the proper functioning of our products and organization, we will use your personal data in the following ways: To assist in responding to your inquiries, including answering your questions on pricing and technical information relating to Mimecast's services; To learn more about your requirements (through surveys and the like) in support of development of our service; To carry out research on our users' demographics; To request your opinion and feedback on areas of the Site or in connection with our services; At your request to register you for a trial of our Services; and At your request to provide you with a quote for our Services. TECHNICAL INFORMATION COLLECTED AUTOMATICALLY When you visit the Site, our systems automatically collect the following information about your visit. We use automatically collected information to assist us in: providing, improving, and administering the Site; providing customer care and support services; providing security and safety to our Site visitors; monitoring activity usage of the Site; and measuring the effectiveness of the content we serve. COOKIES We (or our vendors) may collect your information using cookies, pixel tags, web beacons, embedded web links, and similar technologies. We use cookies and these similar technologies to: Store your preferences and Settings, Detection of abuse or fraud on the Site; Social Media - Our Site includes certain social media features (such as a “share” or “like” button). Those features are provided by the applicable social media platform (such as Twitter or Facebook). Internet-Based Advertising - We also use automatically collected information to target advertising for our service on third party sites; Showing advertising – We use cookies to record how many visitors have clicked on an advertisement and to record which advertisements you have seen so you don’t see the same one. Analytics – We use cookies to gather usage and performance data for the Site. You can choose to reject certain collection technologies (such as cookies) but then you might not be able to take advantage of many of our features. INFORMATION SHARING AND DISCLOSURE We do not sell or rent your personal data to third parties. We do not share personal data, except as expressly provided in our Privacy Statement. We may share your information with the following recipients: Prospective Partners, Reseller Partners, IT Services Providers located in the United States, United Kingdom, South Africa, and Australia and our Affiliates. We will disclose your personal data if required to do so to comply with any applicable law or regulation or in response to a legal demand, subpoena, warrant or other similar request, and to any regulatory or law enforcement agency if we believe that such action is necessary to protect the rights, property or personal safety of Mimecast, its customers, the public or any third party. TRANSFER OF PERSONAL DATA The information that we collect from you may be transferred to, processed and stored in the United States, United Kingdom, South Africa, and Australia. Your personal data is also processed by staff operating outside the EEA who work for us or for one of our suppliers. Contact for more information

Privacy Policy

HR and Non-HR Data


Mimecast Privacy Shield Statement This Privacy Shield Statement (“Statement”) describes how Mimecast and our subsidiaries and affiliates (“Mimecast,” “we,” or “us”) collect, use, and disclose certain Personal Data that we receive in the United States (“US”) from the European Economic Area (“EEA”). This Statement applies to Mimecast North America, Inc. This Statement supplements our Privacy Statement located here, and unless specifically defined in this Statement, the terms in this Statement have the same meaning as our Privacy Statement.

Effective Date: 9/11/2019

Mimecast Privacy Statement describes how Mimecast collects, uses and stores personal data about an identified or identifiable natural person through its website, offline communications, as well as at programs and events, and through our general business practices and operations.

Effective Date: 5/25/2018

Verification Method


Dispute Resolution

Questions or Complaints?

If you have a question or complaint regarding the covered data, please contact Mimecast North America, Inc. at:

Shana York
Privacy and Compliance Counsel
Mimecast North America, Inc.
191 Spring St
Lexington, Massachusetts 02421-8045

Privacy Shield organizations must respond within 45 days of receiving a complaint.

If you have not received a timely or satisfactory response from Mimecast North America, Inc. to your question or complaint, please contact the independent recourse mechanism listed below

Appropriate statutory body with jurisdiction to investigate any claims against Mimecast North America, Inc. regarding possible unfair or deceptive practices and violations of laws or regulations covering privacy Federal Trade Commission