The data we collect, how it's used, and who it's shared with

Midaxo is a global supplier of SaaS software for Corporate Development and M&A with offices in the EU and in the USA. We are committed to protecting your personal data.

‍

This Midaxo Privacy Policy (“Privacy Policy”) describes how we collect, use, disclose, transfer, and store your personal data for the activities described below, including when you visit a Midaxo website that links to this Privacy Policy (“Website”), when you attend our marketing and learning events both online and offline (“Events”), and when we interact with you in marketing, sales, or account management capacity.

‍

This Privacy Policy describes your choices and rights related to your personal data.

If you are a customer or a user of Midaxo’s Cloud-Based Enterprise Applications (“Service”), please refer to the Midaxo Service Privacy Policy in app for more details.

A reference to “Midaxo,” “we,” “us,” or the “Company” is a reference to Midaxo Ltd and its subsidiaries Midaxo, Inc. and Midaxo B.V. Midaxo is the controller for the personal data discussed in this Privacy Policy.

‍

We recommend that you read this Privacy Policy in its entirety to ensure you are fully informed.

1.1 Summary of data we collect

‍

• Contact details (name, business email, phone number, company, job title, business address)
• Website usage data (cookies, IP address, device info, browser type)
• Event registration and participation details
• Preferences and communications with us

1.2 Where we collect data

‍

From you directly:

• Website forms (contact details, professional information)
• Event registrations (contact details, event-specific information)
• Account creation (all the above plus optional photo and social media links)
• Forums and comments (any information you choose to share publicly)

From third-party sources:

We may obtain business contact information from professional networks, business contact data providers, public company websites, and press releases. This typically includes name, business email, phone number, company name, job title, and employment history.

Automatically collected:

‍When you visit our website, we automatically collect technical data through cookies and similar technologies.

‍

1.3 Children's privacy

‍

Our services are not intended for children. Midaxo's website, events, and marketing activities are directed at business professionals in corporate development and M&A roles. We do not knowingly collect personal data from individuals under the age of 16. If we become aware that we have inadvertently collected personal data from a child under 16 without proper parental consent, we will take steps to delete that information as quickly as possible.

2.1 Contact you

Midaxo uses the data we collect about you to provide Midaxo websites, services, and support. For example, if you provide data to us in a “Contact Us” form, we will use your data to respond to the request.

Midaxo uses your personal data and information about your activity on our websites to contact you for marketing purposes per your marketing preferences, including telemarketing calls, and to send marketing emails that we believe may be of interest to you, such as product announcements, newsletters, educational materials, and details on upcoming events.

We also use it to send administrative information, such as notices related to products, services, or policy changes.

‍

2.2 Plan and manage events

Midaxo uses your data for event planning and management, including registration, connecting with other event attendees, or contacting you further about relevant products and services. Any information you provide about emergency contacts or dietary preferences would be used for your safety and health.

‍

2.3 Improve our services

Midaxo uses the data we collect to understand how our websites and services are being used and to make improvements. For example, we may use the search queries to improve search capabilities or performance.

Additionally, we use questions posted or comments on the Website to enrich the content or help guide future enhancements to our products and services. We use third party services, such as Google Analytics, to view aggregated information about Website interactions. Where possible, Midaxo takes steps to minimize or mask the information sent to third parties.

‍

2.4 Enhance security

Midaxo may use your information to diagnose website technical problems, as well as to prevent, detect, mitigate, and investigate potential security issues, as well as fraudulent or illegal activities.

‍

2.5 Provide education and training

If you participate in a Midaxo-offered education or training course, your enrollment and attendance information will be recorded to track and potentially report your participation and completion.

‍

2.6 Personalize your experience

Midaxo also may use your data to personalize your experience on our Website. Midaxo or our services providers use Website tracking technologies to display products or features that are tailored to your interests and to present advertising on other sites. For more information on these technologies, see the “Cookies and tracking technologies” section below.

3.1 Consent

General: You may have the right to object to or opt out of certain uses of your information. Where you have consented to the processing of your information for a specific purpose, you may withdraw that consent at any time by contacting us as described below. You can also withdraw consent anytime by adjusting your email preferences, adjusting cookie preferences, or emailing privacy@midaxo.com. Withdrawing consent doesn't affect previous lawful processing. Even if you opt out, we may still collect and use your information for other purposes that were not based on your consent.

Email Communications: If you receive an email from us and do not want to receive future emails from us, you can use the unsubscribe or preference center link found at the bottom of the email to opt out of receiving future emails. Note that you will continue to receive transaction-related emails regarding products or services you have requested. We may also send you certain non-promotional communications regarding us and our Services, and you will not be able to opt out of those communications (e.g., communications regarding the Services or updates to this Privacy Policy).

‍

3.2 Legitimate interest

We process certain data for legitimate business interests that don't override your rights. Our interests:

• Improving our website and services based on usage patterns
• Detecting and preventing security threats and fraud
• Contacting you about products/services related to your existing relationship with us
• Managing and improving customer relationships
• Understanding how visitors interact with our website

Your rights: You can object to processing based on legitimate interest. We'll stop unless we have compelling legitimate grounds that override your interests.

‍

3.3 Performance of a contract

We process data necessary to fulfill our obligations when you:

• Register for an event (to manage attendance)
• Sign up for our Service (governed by separate Service Privacy Policy)
• Request a demo or consultation (to provide what you requested)

‍

3.4 Legal obligation

In limited cases, we must process your data to comply with legal requirements, for example:

• Responding to court orders or regulator requests
• Meeting tax and accounting obligations
• Complying with law enforcement requests (where legally required)

4.1 Affiliates and service providers

Midaxo may share data with Midaxo affiliates and third-party service providers or vendors contracted to provide services on our behalf. These third-party service providers or vendors may use data we provide to them only as instructed by Midaxo.

Advertising Partners: We may disclose your information to third-party advertising partners to market our own Services and grow our Services’ user base, such as to provide targeted marketing about our own Services via third-party services. Please see the sections below for more information and to opt out.

‍

4.2 Webinars, Events, and other activities

Midaxo may offer the following solely or jointly with third parties or partners: webinars, events, whitepaper downloads, or other services related to Midaxo offerings or services. We may share your contact information and interests in these offerings or services with these approved third parties to communicate with you about Midaxo.

When you attend an Event (either sponsored by Midaxo or one where Midaxo is a participating vendor) and have your badge scanned or you are otherwise identified, your data will be shared with Midaxo, as well as with any partner or third party participating in that Event, and potentially with the entity sponsoring your attendance at the Event. For example, if your badge is scanned as you attend a session at a Midaxo-sponsored conference, Midaxo and any co-presenters will have access to that information to understand who was in attendance and potentially follow up with you on relevant products or services. If you do not want your data shared with Midaxo or partners in this manner, do not have your badge scanned. If your badge is scanned by a partner or a third party at an event, your data will be governed by that party’s privacy statement.

‍

4.3 Additional disclosures

Midaxo may disclose your personal data if we have a good faith belief that such action is necessary to:

• Conform to legal requirements or comply with legal processes
• Protect and defend our rights or property
• Enforce the Website Terms and Conditions
• Act to protect the interests of our users or others

If Midaxo goes through a business transition, such as a merger, acquisition by another company, or sale of all or a portion of its assets, your personal data may be among the assets transferred.

Midaxo does not sell personal data that we collect or process under this Privacy policy.

5.1 International data transfers

Your personal data may be stored and processed in the United States and in any other country where Midaxo or its service providers maintain facilities. This means your data may be transferred outside the European Economic Area (EEA), United Kingdom, or Switzerland to countries that may not have equivalent data protection laws.

Note that customer data stored and processed in Midaxo's Service is governed by Midaxo's Service Privacy Policy and separate agreements with our customers.

‍

5.2 How we protect international transfers

When we transfer personal data from the EEA, UK, or Switzerland to countries without an adequacy decision, we use the following safeguards:

Standard Contractual Clauses (SCCs): We have implemented the European Commission's Standard Contractual Clauses for transfers of personal data to third countries. These are legally binding commitments between Midaxo and our service providers to protect your data according to EU standards.

Supplementary measures: Where required, we implement additional technical, organizational, and contractual measures to ensure your data receives an essentially equivalent level of protection as within the EEA.

‍

5.3 Third-party processors

When we engage third-party service providers to process personal data on our behalf, we:

• Ensure they provide appropriate safeguards through SCCs or other approved mechanisms
• Remain responsible for their processing activities
• Conduct due diligence on their security and privacy practices
• Require them to process data only according to our instructions

‍

5.4 Government access requests

In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. Where legally permitted, we will notify you of such requests.

‍

5.5 Your rights regarding international transfers

If you are located in the EEA, UK, or Switzerland, you can request:

• A copy of the safeguards we have in place for international transfers
• Information about the countries where your data is processed
• Details about our service providers located outside the EEA

To exercise these rights or if you have concerns about international data transfers, please contact us at privacy@midaxo.com.

Midaxo may retain your data longer for a legitimate business interest where business benefit is not outweighed by your personal rights and freedoms.

Data entered into a Midaxo Service is retained in accordance with any applicable agreement between Midaxo and its customer.

Please see Midaxo’s Cookie Policy for more detail on our usage of cookies and tracking technologies.

Midaxo or Midaxo’s service providers may observe your activities, interactions, preferences, transactional information, and other computer and connection information (such as an IP address) relating to your use of Midaxo Website. We may collect and store this data and combine this data with other personal data provided to Midaxo.

Midaxo uses cookies and other similar technologies, such as web beacons, HTML5 Local Storage, local shared objects, tags, and scripts on our Website and in email communications. We use these technologies to authenticate your access to various areas of our Website, understand your interests, analyze web traffic, combat fraud, provide interest-based advertising, improve our products and services as further described above in the “Use” section, and tailor content to your preferences. In emails we send, we may use these technologies to track their effectiveness.

You can configure your browser settings to manage certain tracking technology interactions. For some tracking technologies, you may need to take additional steps to manage their use and removal. Please review your browser’s privacy settings.

Online advertising may use data collected about your web browsing behavior, such as the pages you have visited or the searches you have conducted. This data may be used to display more relevant advertisements and content to you on non-Midaxo websites. The data used for targeted advertising may come from Midaxo or through third-party ad networks.

These cookies and similar technologies enable basic features of the site to function and collect statistical information about visitors to our Website to manage site usage. All of the information collected is aggregated and used anonymously. Some cookies that will enable a more personalized experience. If required by local law, these cookies will not be used until you opt-in to their functionality.

• Access the personal data we hold about you
• Have incorrect personal data updated or deleted
• Have your personal data deleted
• Restrict the processing of your personal data
• Object to the processing of your personal data carried out on the basis of our legitimate interests or for direct marketing purposes
• Receive a copy of your personal data in an electronic and machine-readable format
• Not be subject to a decision based solely on automated processing, including profiling, which produces legal effects or otherwise significantly affects you (“Automated Decision-Making”). Midaxo does not perform Automated Decision-Making as part of the processing activities covered by this Privacy Statement.
• Receive the categories of sources from whom we collected your personal data
• Opt-out of marketing communications at any time by clicking on the “Unsubscribe” or “Opt-out” link in marketing emails we send you or by contacting us
• Complain to a regulator or data protection authority about our collection and use of your personal data. For more information, please contact your local data protection authority.

Midaxo will not discriminate against you for exercising your rights.

You, or an authorized individual that we can verify, is acting on your behalf, can exercise the applicable rights by contacting us using the contact details at the bottom of this Privacy Policy.

9.1 Access controls

We restrict access to personal data through:

• Multi-factor authentication for employee access to systems containing personal data
• Role-based access controls ensuring employees only access data necessary for their job functions
• Regular access reviews to verify appropriate permissions
• Immediate access revocation when employees leave the company

‍

9.2 Employee and vendor security

Employee requirements:

• Background checks for employees with access to personal data
• Mandatory security and privacy training upon hiring and annually thereafter
• Confidentiality agreements for all employees and contractors

Vendor management:

• Security assessments of third-party vendors who process personal data on our behalf
• Data Processing Agreements requiring appropriate security measures
• Regular vendor security reviews

‍

9.3 Technical safeguards

We protect personal data through:

• Encryption of data transmitted over the internet
• Encryption of personal data at rest in our systems
• Secure device management policies including encryption and remote wipe capabilities
• Regular security updates and patching
• Network security controls to prevent unauthorized access

‍

9.4 Incident response and monitoring

We maintain preparedness for security incidents through:

• Documented incident response plan with defined roles and procedures
• Continuous monitoring for security threats
• Commitment to notify affected individuals within 72 hours of confirming a breach (as required by applicable law)
• Regular testing and updates to incident response procedures

‍

9.5 Compliance and auditing

Our security program includes:

• ISO 27001:2022 certified Information Security Management System
• Regular internal and external security audits

‍

9.6 Limitations and your responsibility

While we implement strong security measures, no internet transmission is completely secure. You are responsible for maintaining the security of your passwords and using secure networks when accessing our website.

If you have security concerns or questions, contact us at privacy@midaxo.com.

Changes to this Privacy Policy will be posted on the Website and links to the Privacy Policy will indicate that the statement has been changed or updated. If we propose to make any material changes, we will provide notice on this page prior to the change becoming effective.

Midaxo Oy
Attn: Privacy
Mikonkatu 13 D 135
00100 Helsinki
Finland

‍

Midaxo, Inc.
1500 District Avenue
1st Floor
Burlington, MA 01803
USA

‍

Midaxo will respond to your request within a reasonable timeframe or as required by law.