Service Privacy Statement

Version 2.0, Effective March 24, 2010

1 Scope

1.1 This Service Privacy Statement outlines how MessageLabs and its clients comply with data protection regulations in relation to the email security services offered by MessageLabs.

2 Background and definitions

2.1 Clients contract with MessageLabs to deliver email security services. MessageLabs is a data processor which processes email on behalf of its client who is the data controller.

2.2 The term data controller is defined in EU data protection legislation as the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data. The data controller retains full responsibility for the data vis-à-vis the individual(s) concerned.

2.3 The term data processor means a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller.

3 MessageLabs obligations

3.1 MessageLabs’ exact obligations vis-à-vis our clients are set out in a contract between the client and MessageLabs and may vary according to the governing law and jurisdiction of such contract. This chapter lists typical obligations that may be set out in the contract.

3.2 The typical obligations are:
  • To comply with EU data protection legislation or other applicable national legislation as a data processor.
  • To only use personal data for the purpose of providing our email security service or for purposes that are authorised or requested by our client.
  • To take appropriate technical and organisational measures against unauthorised processing of personal data and against accidental loss or destruction of, or damage to, personal data.
  • To keep personal data confidential.
4 Client obligations

4.1 We will always require our clients to comply with relevant privacy legislation as the data controller.

4.2 The typical obligations of the client as a data controller are:
  • To comply with EU data protection legislation or other applicable national legislation as a data controller.
  • To ensure that personal data is processed fairly and lawfully. This may include obtaining consent from or at least informing the data subjects about the processing taking place and its purpose. It may also include registering with the relevant EU or national data protection authorities.
  • To ensure that personal data is collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes.
  • To ensure that processing is adequate, relevant and not excessive in relation to the purposes for which they are collected and/or further processed.
  • To ensure that data is accurate and, where necessary, kept up to date.
  • To ensure that data is kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data were collected or for which they are further processed.
  • To ensure that the data subject’s right of access to data is respected. This includes providing the data subject with a copy of information held and rectifying any errors.
5 Information sharing

5.1 MessageLabs may further sub contract service related processing to data processors, agents and service providers. We will do this only for a specific purpose and under a contract which will require the third party to act only on our instructions, to adhere to relevant data protection legislation, and to keep the data secure and confidential.

6 End user personal information

6.1 If you are an end-user of our service you should contact our client for any information related to information held about you and the privacy policy which governs the relationship between you and our client.

6.2 In many cases our client will be your employer. If you cannot identify our client we recommend that you use “whois” to identify the owner of a domain. If this fails you may contact us on the address below so that we can help you make contact with the client who is the data controller for your personal information.

7 EU data protection statement

7.1 As described in this document, MessageLabs will fulfil its obligations as a data processor in accordance with EU data protection legislation whenever we are required to do so by the contract with our client.

7.2 MessageLabs will cooperate with the relevant EU data protection authorities.

8 Changes

8.1 MessageLabs reserves the right to make changes to this statement. If we do we will publish the new statement on this site.

9 Contact information

9.1 Any queries regarding this statement should be submitted to The Legal Department, MessageLabs Limited, 1240 Lansdowne Court, Gloucester Business Park, Gloucester , GL3 4AB , United Kingdom, phone +44 1452 627600.