Privacy Policy
Magic labs, Inc. ("Magic," "we" and "us") takes
your privacy seriously. Please read this Privacy Policy (the "Privacy
Policy") to learn how we treat your personal data when you access
and use our website located at [https://magic.link](https://magic.link) (the
"Website"), and our products, services and applications (the
"**Services") that are made available to you through our Website
and other platforms. By using or accessing our Services in any manner,
you acknowledge that you accept the practices and policies outlined
below, and you agree with us collecting, using and sharing your
information as described in this Privacy Policy. If you do not agree to
any of its terms, you may not access or use the Website and/or the
Services.
Remember that your use of Magic's Services is at all times subject to
our Terms of Service. In
addition, if you are a developer, your access to and use
of our API and/or SDK is governed by the Developer API & SDK License
Agreement. Any terms we use in this Privacy Policy
without defining them have the definitions given to them in the User
Terms of Service.
I. What this Privacy Policy Covers
This Privacy Policy covers how we treat Personal Data that we gather
when you access or use our Services. "Personal Data" means any
information that identifies or makes identifiable a particular
individual. It also includes information referred to as "personally
identifiable information" or "personal information" under applicable
data privacy laws, rules or regulations. We will refer to the personal
information we obtain about you as "Your Data." We explain the
steps we take to keep Your Data secure, your choices regarding our use
of this information, and how you how can contact us if you have any
questions about our privacy practices.
Our Services may contain links to third-party websites ("External
Sites"). We have no control over the privacy practices or the
content of any such External Sites. As such, we are not responsible for
their content, use or privacy practices. We strongly suggest that you
review the applicable privacy policies and terms of service when
visiting any External Sites.
Please be advised that your use of our payment processing partner
Stripe, Inc. ("Stripe") is subject to the terms and conditions,
as well as the privacy policy, of Stripe. By using the Stripe services,
you accept its terms of service and its privacy policy, which can be
found here: <https://stripe.com/privacy>.
II. Personal Data We Collect and Share
The following chart details the categories of Personal Data that we may
collect and have collected over the past 12 months.
| Category of Personal Data | Examples of Personal Data Collected | Categories of Third Parties With Whom We Share this Personal Data: |
|---|---|---|
| Profile or Contact Data | · Email address · Phone number · IP address · Device ID · Social login information (e.g. your Facebook or Google login) Please note: This includes all information that our customers have configured their Social Login with. This means that our customers can request their end-users to share email, phone numbers, account names, etc., and if their end-users agree on sharing the information that our customers requested, that information will also be collected on Magic’s side. | · Service Providers · Analytics Partners |
| Device/IP Data | · IP address · Device identifiers · Type of device, operating system, or web browser used to access the Services | · Service Providers · Analytics Partners |
| Geolocation Data | · IP-address-based location information | · Service Providers · Analytics Partners |
III. Sources of Personal Data
a) Information you provide to us
We collect information you provide to us when you use the Services or
otherwise communicate with us, for example:
- When you provide such information directly to us.
- When you create an account or use our interactive tools and
Services.
- When you voluntarily provide information in free-form text boxes
through the Services or through responses to surveys or
questionnaires.
- When you send us an email or otherwise contact us.
b) Information we collect automatically
Like most online services, we automatically receive standard technical
information when you connect with the Services. We collect this
information as follows:
- Through Cookies (as further explained in the Section V. 3 below).
- If you use the software we make available to you, we may receive and
collect information transmitted from your computing device for the
purpose of providing you the relevant Services, such as information
regarding when you are logged on, information about the device from
which you are logged in, and the network used to connect to the
Services (such as IP address).
c) Information obtained from third-party analytics services
We use third-party analytics services (such as Google Analytics) to
evaluate your use of the Services, compile reports on activity, collect
demographic data, analyze performance metrics, and collect and evaluate
other information relating to the Services and mobile and internet
usage. These third parties use cookies and other technologies to help
analyze and provide us the data. By accessing and using the Services,
you consent to the processing of data about you by these analytics
providers in the manner and for the purposes set out in this Privacy
Policy. The information used by such analytics services is generally at
the aggregate level. To the extent any such information is at the
individual level or is used for secondary marketing purposes, Canadian
users may opt-out of such collection or use by sending an e-mail to
privacy@magic.link.
For more information on Google Analytics, including how to opt out from
certain data collection, please visit https://www.google.com/analytics.
Please be advised that if you
opt out of any service, you may not be able to use the full
functionality of the Services.
d) Information obtained through inferences
Inferences are assumptions or extrapolations that have been drawn from
any of the information identified above to create a profile about a
consumer reflecting the consumer's preferences, characteristics,
psychological trends, predispositions, behavior, attitudes,
intelligence, abilities and aptitudes.
IV. Why we Collect, Use and Share Your Data
1. Business Purposes
We want to be able to provide you with the Services, and customize and
improve them as we build our business. This includes:
- Creating and managing your account or other user profiles.
- Providing you with the products, services or information you
request.
- Meeting or fulfilling the reason you provided the information to us.
- Providing support and assistance for the Services.
- Improving the Services, including testing, research, internal
analytics and product development.
- Personalizing the Services, website content and communications based
on your preferences.
- Evaluating and providing fraud and automated bot protection.
- Improving site security and facilitating debugging.
2. Corresponding with You
We want to be able to correspond with you, which includes:
- Responding to correspondence that we receive from you,
- Providing you with support, responding to your inquiries, and
soliciting feedback;
- Contacting you when necessary or requested, and
- Sending you information about Magic or the Services.
3. Cooperation with Service Providers and Affiliates
We may engage other companies and individuals to perform certain
business-related functions on our behalf. These other companies will
have access to the Your Data only as necessary to perform their
functions and to the extent permitted by law. We may also share Your
Data with any of our parent companies, subsidiaries, or other companies
under common control with us.
The above-mentioned parties help us provide the Services or perform
business functions on our behalf. They include:
- Hosting, technology and communication providers.
- Security and fraud prevention consultants and vendors.
- Support and customer service vendors.
- Payment processors, like our payment processing partner Stripe,
Inc.
- Analytics Partners. These parties provide analytics on web traffic
or usage of the Services. They include:
- Companies that track how users found or were referred to the
Services.
- Companies that track how users interact with the Services.
- Companies that help identify user experience issues or service
impacts.
4. Marketing
We want to send you emails and other communications according to your
preferences or that display content that we think will interest you.
This means:
- As permitted by applicable law, we may use Your Data for marketing
purposes, such as informing you about our products and services and
those of our third-party marketing partners that could be useful,
relevant, valuable, or otherwise of interest to you.
- We may also share Your Data with third parties that are not service
providers or vendors, so that those third parties can send you
information about their products and/or service.
Where required under applicable law, we will obtain your prior opt-in
consent to send you electronic marketing communications. If you do not
wish to have your Information shared directly with third parties as
described above (other than our service providers and vendors), please
submit your request to our email at privacy@magic.link.
5. Meeting Legal Requirements and Enforcing Legal Terms
To the extent permitted by law, we may also disclose Your Data for the
following purposes:
- Fulfilling our legal obligations under applicable law, regulation,
court order or other legal process, such as preventing, detecting
and investigating security incidents and potentially illegal or
prohibited activities.
- Protecting the rights, property or safety of you, Magic or another
party.
- Enforcing any agreements with you.
- Responding to claims that any posting or other content violates
third-party rights.
- Resolving disputes.
6. Aggregated Information
In an ongoing effort to better understand users of our Services, we
might analyze Your Data in aggregate, de-identified or anonymized form
in order to operate, maintain, manage, and improve the Services. This
information can no longer identify you personally. We may share this
data with our affiliates, agents, and business partners, and may share
and sell it to other unaffiliated third parties. We may also disclose
aggregated user statistics in order to describe our Services to current
and prospective business partners and to other third parties for other
lawful purposes.
7. Business Transfers
As we develop our businesses, we might sell or buy businesses or assets.
In the event of a corporate sale, merger, reorganization, sale of
assets, dissolution, or similar event, Your Data may be part of the
transferred assets.
8. Otherwise With Your Consent
We may also disclose Your Data to fulfill any purpose for which you
provide it or for any other purpose disclosed by us when you provide the
information.
We will not collect additional categories of Personal Data or use the
Personal Data we collected for materially different, unrelated or
incompatible purposes without providing you notice and, where required
under applicable law, obtaining your consent.
V. Accessing and Modifying Information and Communication Preferences
1. Your Account
If you have registered for the Services, you may access, review, delete
and make changes to the information you submitted by following the
instructions on our Website. You may also access, remove, review, and/or
make changes to the same by contacting us at privacy@magic.link
- Marketing Communications
You may manage your receipt of marketing and non-transactional
communications by clicking on the "Unsubscribe" link located on the
bottom of any Magic marketing e-mail. We will use commercially
reasonable efforts to process such requests in a timely manner.
3. Cookies
The Services use cookies and similar technologies such as image loading,
browser local storage, cookies, and JavaScript (collectively, "Cookies")
to enable our servers to recognize your web browser, tell us how and
when you visit and use our Services, analyze trends, learn about our
user base and operate and improve our Services. Cookies are small pieces
of data-- usually text files -- placed on your computer, tablet, phone
or similar device when you use that device to access our Services. We
use the following types of Cookies:
- Essential or Strictly Necessary Cookies. These Cookies are
required for providing you with features or services that you have
requested. For example, certain Cookies enable you to log into
secure areas of our Services. Disabling these Cookies would make
certain features and services unavailable.
- Functional Cookies. Functional Cookies are used to record your
choices and settings regarding our Services, maintain your
preferences over time and recognize you when you return to our
Services. These Cookies help us to personalize our content for you,
greet you by name and remember your preferences (for example, your
choice of language or region).
- Performance/Analytical Cookies. Performance/Analytical Cookies
allow us to understand how visitors use our Services. They do this
by collecting information about the number of visitors to the
Services, what pages visitors view on our Services and how long
visitors are viewing pages on the Services. Performance/Analytical
Cookies also help us measure the performance of our advertising
campaigns in order to help us improve our campaigns and the
Services' content for those who engage with our advertising.
You can decide whether or not to accept Cookies through your internet
browser's settings. Most browsers have an option for turning off the
Cookie feature, which will prevent your browser from accepting new
Cookies, as well as (depending on the sophistication of your browser
software) allow you to decide on acceptance of each new Cookie in a
variety of ways. You can also delete all Cookies that are already on
your device. If you do this, however, you may have to manually adjust
some preferences every time you visit our website and some of the
Services and functionalities may not work.
To explore what Cookie settings are available to you, look in the
"preferences" or "options" section of your browser's menu. To find out
more information about Cookies, including information about how to
manage and delete Cookies,
visit <http://www.allaboutcookies.org/> or <https://ico.org.uk/for-the-public/online/cookies/> if
you are located in the United Kingdom,
or <https://europa.eu/european-union/abouteuropa/cookies_en> if you are
located in the European Union.
4. Do Not Track
As discussed above, third parties such as advertising networks and
analytics providers may collect information about your online activities
over time and across different websites when you access or use the
Services. Currently, various browsers offer a "Do Not Track" option, but
there is no standard for commercial websites. At this time, we do not
monitor, recognize, or honor any opt-out or do not track mechanisms,
including general web browser "Do Not Track" settings and/or signals.
VI. Data Security and Retention
We seek to protect Your Data from unauthorized access, use and
disclosure using appropriate physical, technical, organizational and
administrative security measures based on the type of Personal Data and
how we are processing that data. You should also help protect Your Data
by appropriately selecting and protecting your password and/or other
sign-on mechanism; limiting access to your computer or device and
browser; and signing off after you have finished accessing your account.
Although we work to protect the security of your account and other data
that we hold in our records, please be aware that no method of
transmitting data over the internet or storing data is completely
secure.
We retain Personal Data about you for as long as you have an open
account with us or as otherwise necessary to provide you with our
Services. In some cases we retain Personal Data for longer, if doing so
is necessary to comply with our legal obligations, resolve disputes or
collect fees owed, or is otherwise permitted or required by applicable
law, rule or regulation. We may further retain information in an
anonymous or aggregated form where that information would not identify
you personally. For additional information about our data retention
policy please contact us at privacy@magic.link.
VII. Personal Data of Children
As noted in the Terms of Use, we do not knowingly collect or solicit
Personal Data about children under 16 years of age; if you are a child
under the age of 16, please do not attempt to register for or otherwise
use the Services or send us any Personal Data. If we learn that we have
collected Personal Data from a child under 16 years of age, we will
promptly take steps to delete such information and terminate the child's
account. If you believe that a child under 16 years of age may have
provided Personal Data to us, contact us at privacy@magic.link.
VIII. Notice to California Residents
If you are a resident of California, you have additional rights under
the California Consumer Privacy Act (the "CCPA"). For more
information about your rights under the CCPA, please visit our CCPA
Privacy Notice to California Residents in Addendum I below.
Pursuant to Section 1798.83 of the California Civil Code, residents of
California have the right to obtain certain information about the types
of personal information that companies with whom they have an
established business relationship (and that are not otherwise exempt)
have shared with third parties for direct marketing purposes during the
preceding calendar year, including the names and addresses of those
third parties, and examples of the types of services or products
marketed by those third parties. In order to submit such a request,
please contact us at privacy@magic.link. Please note, however, that we
do not disclose Personal Data to third parties for such third parties'
direct marketing purposes.
IX. Notice to Nevada Residents
If you are a resident of Nevada, you have the right to opt-out of the
sale of certain Personal Data to third parties. You can exercise this
right by contacting us at privacy@magic.link with the subject line
"Nevada Do Not Sell Request" and providing us with your name and the
email address associated with your account. Please note, however, that
we do not sell Personal Data.
X. Important Notice to Non-U.S. Residents
The Website and Services are operated in the United States. If you are
located outside of the United States, please be aware that any
information you provide to us maybe transferred to, processed,
maintained, and used on computers, servers, and systems located outside
of your state, province, country, or other governmental jurisdiction
where the privacy laws may not be as protective as those in your
jurisdiction.
If you are a resident of the European Union ("EU"), United
Kingdom, Lichtenstein, Norway, or Iceland, you may have additional
rights under the EU General Data Protection Regulation (the
"GDPR") with respect to your Personal Data. For more information
about your rights under the GDPR, please visit our GDPR Privacy Notice
to European Residents in Addendum II below.
XI. Changes to this Privacy Policy
We are constantly trying to improve our Services, so we may need to
change this Privacy Policy from time to time. We will indicate at the
top of the Privacy Policy when it was last updated, and alert you to
this by placing a notice on our website. Please note that if you have
opted not to receive legal notice emails from us (or you have not
provided us with your email address), those legal notices will still
govern your use of the Services, and you are still responsible for
reading and understanding them. If you use the Services after any
changes to the Privacy Policy have been posted, that means you agree to
all of the changes. The use of information we collect is subject to the
Privacy Policy in effect at the time such information is collected.
XII. Contact Information
If you have any questions or comments about this Privacy Policy, the
ways in which we collect and use your Personal Data or your choices and
rights regarding such collection and use, please do not hesitate to
contact us at:
- Email: privacy@magic.link
- Phone: +1 (707) 653-5739
- Online Form: <https://magic-fortmatic.typeform.com/privacy>
- Mail: 3739 Balboa St \#1088, San Francisco, CA 94121-2605
**\
**
Addendum I - CCPA Privacy Notice to California Residents
Last Update: July 12, 2022
If you are a California resident, you have the rights set forth in this
section. Please see the "Exercising Your Rights" section below for
instructions regarding how to exercise these rights. Please note that we
may process Personal Data of our customers' end users or employees in
connection with our provision of certain services to our customers. If
we are processing your Personal Data as a service provider, you should
contact the entity that collected your Personal Data in the first
instance to address your rights with respect to such data.
If there are any conflicts between this CCPA Privacy Notice to
California Residents (the "CCPA Notice") and any other provision
of this Privacy Policy and you are a California resident, the provision
that is more protective of Personal Data shall control to the extent of
such conflict. If you have any questions about this CCPA Notice or
whether any of the following rights apply to you, please contact us
at privacy@magic.link.
- Information We Collect
- Categories of Personal Information: Within the twelve (12)
months preceding the latest update of the Privacy Notice, we have or
might have collected or otherwise obtained the categories of
Personal Data from or about consumers, their households or devices,
that we list in Section II of the Privacy Policy.
- Categories of Sources: We collect the categories of Personal
Data listed in Section II of the Privacy Notice from the categories
of sources listed in Section III of our Privacy Policy.
- Use of Personal Data: We use the Personal Data we collect for
the purposes laid out in Section III of our Privacy Policy.
- Categories of Third Party Recipients: We have share or might
share your Personal Data with the categories of third parties listed
in Section II of our Privacy Policy.
1. Your Rights and Choices
The CCPA provides consumers with specific rights regarding their
Personal Data. This section describes these rights and explains how to
exercise them.
a. Right to Know About Personal Data
You have the right to request that we disclose certain information to
you about our collection, disclosure, sale and use of your Personal
Data. Once we receive and verify your request, we will disclose to you
the following (to the extent applicable to your request):
- The specific pieces of Personal Data we collected about you in the
preceding twelve (12) months;
- The categories of Personal Data that we have collected about you in
the preceding 12 months;
- Categories of Personal Data that we disclosed or sold for a Business
Purpose in the preceding 12 months;
- The categories of sources from which we have collected this Personal
Data,
- The commercial or business reason(s) for having collected, used,
disclosed, or sold that Personal Inform Data; and
- The categories of third parties to whom we have disclosed or sold
your Personal Data in the preceding 12 months.
You may exercise this right up to two times in any 12-month period.
a. Right to Request Deletion
You may also have the right to request deletion of your Personal Data.
We will honor such request, but might not be able to fulfill your
request if we (or our service providers) are required to retain your
Personal Data. Examples of such exceptions are:
- Completing a transaction or performing a contract we have with you;
- Detecting and addressing data security incidents, and repairing or
upkeep of our IT systems;
- Protecting against fraud or other illegal activity;
- Complying with applicable law or a legal obligation, or to exercise
rights under the law (e.g. the right to free speech); or
- Using your Personal Data internally to improve our Services.
a. Exercising Your Privacy Rights
To exercise the rights described above, please submit a verifiable
consumer request to us by either: using the following methods:
- Call us at: +1 (707) 653-5739
- Email us at: privacy@magic.link
- Submit a form at this
address: https://magic-fortmatic.typeform.com/privacy
i. What we need to know to fulfill your request
The verifiable consumer request must: (i) provide sufficient information
that allows us to reasonably verify you are the person about whom we
collected Personal Data or an authorized representative; and (ii)
describe your request with sufficient detail that allows us to properly
understand, evaluate, and respond to it. We cannot respond to your
request or provide you with Personal Data if we cannot verify your
identity or authority to make the request and confirm the Personal Data
related to you. Making a verifiable consumer request does not require
you to create an account with us.
Typically, accounts associated with an email address will require
verification of the email address, as well as a description of the
requested user rights or regulations invoked. Magic also values those
who are not covered by specific regulations, and offers to extend a good
will effort towards requests originating from other jurisdictions.
ii. How you will hear back from us
We will confirm receipt of a verifiable consumer request within then
(10) business days of its receipt. We will endeavor to respond to a
verifiable consumer request within forty-five (45) calendar days of its
receipt. If we require more time, we will notify you of the extension
and provide an explanation of the reason for the extension in writing,
and we will provide you with a response no later than ninety (90)
calendar days of receipt of the request. If you have an account with us,
we will deliver our written response to that account. If you do not have
an account with us, we will deliver our written response by mail or
electronically, at your option. The response we provide will also
explain the reasons we cannot comply with a request, if applicable. For
data portability requests, we will select a format to provide your
Personal Data that is readily useable and should allow you to transmit
the information from one entity to another entity without hindrance.
We may charge a reasonable fee to process or respond to your verifiable
consumer requests if they are excessive, repetitive, or manifestly
unfounded. If we determine that the request warrants a fee, we will
inform you of the reasons for this decision and provide you with a cost
estimate before completing your request.
a. Right to Opt-Out of the Sale of Personal Data
We will not sell your Personal Data, and have not done so over the last
12 months.
b. Right to Non-Discrimination
We will not discriminate against you for exercising any of your CCPA
rights. We will not (i) deny you products or services, (ii) charge you
different prices or rates for products or services, including through
granting discounts or other benefits, or imposing penalties (except for
financial incentives permitted by the CCPA, see below), (iii) provide
you a different level or quality of products or services, and (iv)
suggest that you may receive a different price or rate for products or
services or a different level or quality of products or services.
c. Right to Designate an Authorized Agent
If you submit a request to know or delete your Personal Data through the
use of an authorized agent, we may require that you (i) provide the
authorized agent written permission to act on your behalf, and (ii)
verify their identity directly with us. We may deny a request from an
authorized agent that does not submit proof of authorization.
- Other California Privacy Rights
Pursuant to Section 1798.83 of the California Civil Code, residents of
California have the right to obtain certain information about the types
of personal information that companies with whom they have an
established business relationship (and that are not otherwise exempt)
have shared with third parties for direct marketing purposes during the
preceding calendar year, including the names and addresses of those
third parties, and examples of the types of services or products
marketed by those third parties. In order to submit such a request,
please contact us at privacy@magic.link. Please note, however, that we
do not disclose Personal Data to third parties for such third parties'
direct marketing purposes.
- Changes to Our CCPA Notice
This CCPA Notice is effective as of the date of the Last Update stated
at the top of this CCPA Notice. We may change this CCPA Notice from time
to time with or without notice to you. By visiting or accessing the
Website or the Services, purchasing products or services from us, or
otherwise engaging or interacting with us after we make any such changes
to this CCPA Notice, you are deemed to have accepted such changes.
Please be aware that, to the extent permitted by applicable law, and
without prejudice to the foregoing, our use of your Personal Data is
governed by the CCPA Notice in current effect. Please refer back to this
CCPA Notice on a regular basis.
- **Contact Information**
If you have any questions or comments about this CCPA Notice, the ways
in which we collect and use your information, your choices and rights
regarding such use, or wish to exercise your rights under California
law, please do not hesitate to contact us at:
- Email: privacy@magic.link
- Phone: +1 (707) 653-5739
- Online Form: <https://magic-fortmatic.typeform.com/privacy>
- Mail: 3739 Balboa St \#1088, San Francisco, CA 94121-2605
**\
Addendum II -- GDPR Privacy Notice to European Residents**
**Effective as of: July 12, 2022**
If you are a resident of the European Union ("EU"), United
Kingdom, Lichtenstein, Norway, or Iceland, you may have additional
rights under the EU General Data Protection Regulation (the
"GDPR") with respect to your Personal Data, as outlined in this
GDPR Addendum (the "GDPR Addendum").
For this GDPR Addendum, we use the terms "Personal Data" and
"processing" as they are defined in the GDPR, but "Personal Data"
generally means information that can be used to identify a person, and
"processing" generally refers to actions that can be performed on data
such as its collection, use, storage or disclosure.
Magic will usually be the controller of your Personal Data processed in
connection with the Services. Note that we may also process Personal
Data of our customers' end users or employees in connection with our
provision of certain services to customers, in which case we may be the
processor of Personal Data. If we are the processor of your Personal
Data (i.e., not the controller), please contact the controller party in
the first instance to address your rights with respect to such data.
Where applicable, this GDPR Addendum is intended to supplement, and not
replace, our Privacy Policy. If there are any conflicts between the GDPR
Addendum and the other parts of the Privacy Policy, and you are a
resident of the EU, United Kingdom, Lichtenstein, Norway, or Iceland,
the provision that is more protective of Personal Data shall control to
the extent of such conflict. If you have any questions about this
section or whether any of the following rights apply to you, please
contact us at privacy@magic.link
- **Types of Personal Data we Collect**
We currently collect and otherwise process the kinds of Personal Data
listed above in Section I ("Personal Data We Collect and Share") of the
Privacy Policy.
- **How we Get the Personal Data and why we Have it**
We receive the Personal Data in the ways and for the purposes listed
above in Section III ("Sources of Personal Data") and Section IV (Why we
Collect, Use and Share Your Data") of the Privacy Policy. We will only
process your Personal Data if we have a lawful basis for doing so. Under
the GDPR, the lawful bases we rely on for processing this information
are:
a) **Your Consent**
In some cases, we process Personal Data based on the consent you
expressly grant to us at the time we collect such data. When we process
Personal Data based on your consent, it will be expressly indicated to
you at the point and time of collection. You can remove your consent at
any time. You can do this by contacting us via email at
privacy@magic.linkwith the subject line "GDPR Request."
b) **We Have a Contractual Obligation**
We process certain categories of Personal Data as a matter of
"contractual necessity", meaning that we need to process the data to
perform under our Terms of Use with you, which enables us to provide you
with the Services. When we process data due to contractual necessity,
failure to provide such Personal Data will result in your inability to
use some or all portions of the Services that require such data. These
categories of Personal Data are:
- Profile or Contact Data
- Device/IP Data
- Geolocation Data
c) **We Have a Legitimate Interest**
We process the following categories of Personal Data when we believe it
furthers the legitimate interest of us or third parties:
- Profile or Contact Data
- Device/IP Data
- Geolocation Data
Our legitimate interests are:
- Information Security: We process contact information, and the
information collected through cookies and when you use the Services
in order to maintain an audit log of activities performed. We use
this information pursuant to our legitimate interests in tracking
usage, combating DDOS or other attacks, and removing or defending
against malicious individuals or programs.
- Operation and Improvement of our Services: We process server
log information and information collected through cookies pursuant
to our legitimate interest in operating and improving our Services.
- Audience Measurement and Retargeting: Pursuant to a user's
consent, we use analytics cookies, and collect identifiers through
such cookies, for purposes of audience measurement, analytics,
audience reaction to the Services, and creating relevant user
experiences.
- General Business Development and Management: We process
Personal Data pursuant to our legitimate interest in creating and
managing our business relationships with European Individuals,
including without limitation:
- To respond to inquiries from European Individuals;
- To provide European Individuals with information about our
products and services; and
- To assist European Individuals with any issues while using the
Services.
- Direct Marketing: Generally, we send email marketing to
European Individuals pursuant to their consent. When you use the
Website, email marketing may be sent to you pursuant to our
legitimate interest in sending marketing communications to you in
the context of such engagement.
- Protection of Rights: We may also disclose Personal Data to
respond to claims of violation of third party rights or to enforce
and protect our rights.
d) **We Have a Legal Obligation**
We may be required to disclose Personal Data in response to lawful
requests by public authorities, including for the purpose of meeting
national security or law enforcement requirements. We may also disclose
Personal Data to other third parties when compelled to do so by
government authorities or required by law or regulation including, but
not limited to, in response to court orders and subpoenas.
- **How we Share Your Personal Data**
Section I ("Personal Data We Collect and Share") and Section IV ("Why we
Collect, Use and Share Your Data") of the Privacy Policy explain how we
share your Personal Data with third parties.
- **How we Store and Protect Your Personal Data**
We use commercially reasonable administrative, technical, and physical
safeguards to protect your Personal Data from loss, misuse, and
unauthorized access, disclosure, alteration, or destruction, for which
we take into account the nature of the Personal Data, its processing,
and the threats posed to it. Unfortunately, no data transmission or
storage system can be guaranteed to be secure at all times. If you have
reason to believe that your interaction with us is no longer secure,
please immediately notify us via email at privacy@magic.link.
We retain your Personal Data for as long as needed to fulfill the
purposes for which we obtained it, as further described in this Privacy
Policy. We will only keep your Personal Data for as long as allowed or
required by law.
- **Your Data Protection Rights**
You have certain rights with respect to your Personal Data, including
those set forth below. For more information about these rights, or to
submit a request, please email us at privacy@magic.link. You are not
required to pay any charge for exercising your rights. If you make a
request, we have one month to respond to you. Please note that in some
circumstances, we may not be able to fully comply with your request,
such as if it is frivolous or extremely impractical, if it jeopardizes
the rights of others, or if it is not required by law, but in those
circumstances, we will still respond to notify you of such a decision.
In some cases, we may also need you to provide us with additional
information, which may include Personal Data, if necessary to verify
your identity and the nature of your request.
- **Right of access**: You can request more information about the
Personal Data we hold about you and request a copy of such Personal
Data. Users of Magic's dashboard can also access certain of your
Personal Data by logging on to your account.
- **Right to rectification**: If you believe that any Personal Data we
are holding about you is incorrect or incomplete, you can request
that we correct or supplement such data. Users of Magic's dashboard
can also correct some of this information (for example, email
address) directly by logging on to your account.
- **Right to erasure**: You can request that we erase some or all of
your Personal Data from our systems.
- **Right to restriction of processing**: You have the right to ask us
to restrict the processing of your Personal Data.
- **Right to object to processing**: You have the the right to object
to the processing of your Personal Data in certain circumstances.
- **Right to data portability**: You can ask for a copy of your
Personal Data in a machine-readable format. You can also request
that we transmit the data to another controller where technically
feasible.
- **Right to withdraw consent**: If we are processing your Personal
Data based on your consent (as indicated at the time of collection
of such data), you have the right to withdraw your consent at any
time. Please note, however, that if you exercise this right, you may
have to then provide express consent on a case-by-case basis for the
use or disclosure of certain of your Personal Data, if such use or
disclosure is necessary to enable you to utilize some or all of our
Services.
- **Objecting to Legitimate Interest/Direct Marketing**: You may
object to Personal Data processed pursuant to our legitimate
interest. In such case, we will no longer process your Personal Data
unless we can demonstrate appropriate, overriding legitimate grounds
for the processing or if needed for the establishment, exercise, or
defense of legal claims. You may also object at any time to
processing of your Personal Data for direct marketing purposes by
clicking "Unsubscribe" within an automated marketing email or by
submitting your request to privacy@magic.link with the subject
line "GDPR Request." In such case, your Personal Data will no longer
be used for that purpose.
- **How to Complain**
If you have any concerns about our use of your Personal Data, you can
make a complaint to us at privacy@magic.link with the subject line
"GDPR Request."
You also have the right to lodge a complaint about the processing of
your personal data with a supervisory authority of the European state
where you work or live or where any alleged infringement of data
protection laws occurred. A list of most of the supervisory authorities
can be found here:
<http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm>.
- **Corporate Restructuring**
In the event of a merger, reorganization, dissolution, or similar
corporate event, or the sale of all or substantially all of our assets,
the information that we have collected, including Personal Data, may be
transferred to the surviving or acquiring entity. All such transfers
shall be subject to our commitments with respect to the privacy and
confidentiality of such Personal Data as set forth in this GDPR
Addendum.
- **Transfers of Personal Data**
The Services are hosted and operated in the United States
("U.S.") through Magic and its service providers, and if you do
not reside in the U.S., laws in the U.S. may differ from the laws where
you reside. By using the Services, you acknowledge that any Personal
Data about you, regardless of whether provided by you or obtained from a
third party, is being provided to Magic in the U.S. and will be hosted
on U.S. servers, and you authorize Magic to transfer, store and process
your information to and in the U.S., and possibly other countries. You
hereby consent to the transfer of your data to the U.S. pursuant to a
data processing agreement incorporating the modernized standard
contractual clauses for the transfer of Personal Data to third countries
promulgated by the European Commission on 4 June 2021, a copy of which
can be obtained at
<https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en>.
- **Updates to this GDPR Addendum**
If, in the future, we intend to process your Personal Data for a purpose
other than that which it was collected, we will provide you with
information on that purpose and any other relevant information at a
reasonable time prior to such processing. After such time, the relevant
information relating to such processing activity will be revised or
added appropriately within this GDPR Addendum, and the "Effective Date"
at the top of this page will be updated accordingly.
- **Our Contact Information**
Please reach out to privacy@magic.link for any questions, complaints,
or requests regarding this GDPR Addendum, and include in the subject
line "GDPR Request."
If you are located in the European Union, you may use the following
information to contact our European Union-Based Member Representative:
- Dr. Axel Freiherr von dem Bussche, LL.M. (L.S.E.)
- Rechtsanwalt Fachanwalt für Informationstechnologierecht
- Assistant: +49 40 36803-229
- Direct: +49 40 36803-129
- Mobile: +49 16090169493
- E-Mail: <A.Bussche@taylorwessing.com>
- Taylor Wessing Partnerschaftsgesellschaft mbB
- Address: Hanseatic Trade Center, Am Sandtorkai 41, 20457 Hamburg
- Tel: +49 40 36803-0
- Fax: +49 40 36803-280
- Site: [www.taylorwessing.com](https://www.taylorwessing.com/)
