Privacy Policy
THE MITRE CORPORATION RESPECTS THE PRIVACY OF ITS WEBSITE USERS.
Effective Date: 3/29/2024
This Online Privacy Policy explains the types of personal information that The MITRE Corporation (“MITRE,” “we,” “our,” “us”) collects from visitors to our Public Website, the MITRE Careers site, the MITRE Asia Pacific Singapore site, the MITRE Partnership Network (MPN) sites, and other related sites under the mitre.org domain (collectively, the “Sites”); how MITRE uses, shares, protects, stores, and otherwise processes that personal information; and your choices with respect to our use of your personal information. By using our Sites, you acknowledge that you understand and agree to the terms outlined in this Privacy Policy. If you have any questions, you may contact us using the information provided at the end of this Privacy Policy.
This notice is provided in a layered format so you can click through to the specific areas listed below.
Personal Information We Collect
How We Use Personal Information
How We Share Personal Information
Security Of Personal Information
Information For Visitors From Outside The United States
Information For Visitors From The European Economic Area And The United Kingdom
Personal Information We Collect
Personal Information You Give Us
MITRE may obtain your personal information when you interact with our Sites, for example, when you request information about our services using the “Contact Us” link or sign up for our news and information offerings. Personal information is data that identifies you, or could reasonably be used to identify you, as an individual, such as your name, postal address, email address, and phone number.
MITRE utilizes Phenom® People (Phenom), a third-party cloud-based platform, to host the MITRE Career Site. MITRE provides you with the opportunity to register at the MITRE Career Site by creating a profile and submitting personal information, including contact information, career-related information, and resume. You may edit your profile at any time by accessing the Site. This information is accessed by MITRE’s Talent Acquisition Team. Phenom also executes algorithms that match candidates against MITRE job openings to provide recommendations to candidates and MITRE’s Talent Acquisition Team.
When you register, any personal data, including sensitive data, you provide will be stored and processed by Phenom and may be processed by MITRE for recruitment-related activities. We ask that you not provide us with any sensitive data.
MITRE also uses Workday®, a third-party application hosted by a third-party cloud service provider, for its job openings submission process via the MITRE Career Site. By applying to an open position, any personal data, including sensitive data, you provide may be stored and processed through Workday for MITRE’s use for job opening evaluation activities.
If you have any questions regarding the privacy of the information you submit to the MITRE Career Site, please send a request to privacy@mitre.org.
When you register for an MPN account, we may collect certain personal data such as name, email address, and organization name to establish a user account. As an MPN user, you will have access to tools provided by third-parties including Microsoft, Box, Atlassian, and Slack that are not owned or operated by MITRE. This Privacy Policy does not apply to those tools, which may have their own privacy policies that you should review to understand how they may collect, use, or disclose your personal information.
Information We Collect Automatically
We also may collect other information about your visits to our Sites using automated tools; for example, cookies and other passive information collection technologies enable MITRE to compile aggregate statistics concerning use of the Sites, analyze trends, enhance the security of the Site, deliver content, and otherwise administer and improve the Sites. This information may include your browser type, language preference, operating system, device identifier, device type, access time, Internet Protocol (IP) address, the URLs of websites you visited before and after visiting our Sites, the web search that landed you on our Sites, length of your visits to our Sites, and the links you click and pages you visit within our Sites. Our Sites use both session ID cookies and tracking cookies. Session ID cookies make it easier for you to navigate the Sites and expire when you close your browser. Tracking cookies help us understand how you use the Sites and enhance your user experience. For additional information, see our Cookie Notice.
Please note that we, and other parties we work with, may collect personal information about your online activities over time and across different devices and sites when you use our Sites.
Your web browser may have settings that allow you to transmit a “Do Not Track” signal when you visit various websites or use online services. Like many websites, our Sites are not designed to respond to “Do Not Track” signals received from browsers. To learn more about online tracking, the Federal Trade Commission (FTC) provides guidance on How To Protect Your Privacy Online.
We may use certain third-party web analytics services to help us understand and analyze how visitors use our Sites and to serve advertisements on our behalf across the Internet. We have implemented Google Analytics Advertising features such as dynamic remarketing, interest-based advertising, audience targeting, behavioral reporting, demographics and interests reporting, user segment analysis, device reporting, display advertising, and video ads reporting. We may use cookies and other identifiers to deliver advertisements, create a profile of you, measure your interests, personalize content, and detect your demographics, location, or device. For more information on how Google Analytics uses data collected through the Sites, visit www.google.com/policies/privacy/partners/. To opt out of Google Analytics cookies, visit: www.google.com/settings/ads and tools.google.com/dlpage/gaoptout/.
How We Use Personal Information
MITRE may use personal information we collect through our Sites to:
- communicate with you, including to respond to your questions and requests, send you notices about our services, or contact you for additional information when needed;
- market and advertise our services;
- analyze Site trends, usage, and the activities of Site visitors;
- improve our Site and notify you about important updates;
- perform internal business analyses or for other business purposes consistent with our mission;
- facilitate, manage, personalize, and improve our partnership relationships;
- identify, prevent, investigate, and take other actions with respect to suspected or actual fraud or illegal activity or other activity that violates our policies;
- ensure the security and integrity of our personal information processing;
- comply with applicable laws, rules, regulations, and legal processes as well as our company policies; and
- fulfill other purposes, with your consent (as required).
How We Share Personal Information
MITRE may share your personal information within our organization, with our affiliates and business partners, and with our vendors and service providers. We also may share your personal information to:
- better respond to your inquiries;
- perform marketing research and for sales, support, and service-related purposes;
- protect rights, property, life, health, security, and safety;
- negotiate or complete any proposed or actual merger, purchase, sale, or any other type of acquisition or other transaction, including a transfer of all or a portion of our business to another organization;
- disclose personal information with your consent or at your direction; and
- achieve any other purpose consistent with our statements in this Privacy Policy or otherwise allowed by applicable law.
MITRE may disclose your personal information to comply with applicable law, such as in response to requests from law enforcement agencies, regulators, other public authorities, courts, and third-party litigants in connection with legal proceedings or investigations.
Linked Websites
Our Site may include links to other websites that are not owned or operated by MITRE. This Privacy Policy does not apply to those websites, which may have their own privacy policies that you should review to understand how they may collect, use, or disclose your personal information. MITRE is not responsible for the content or privacy practices of any linked websites that it does not control.
Social Features
Certain features of our Sites may permit you to interact with social media networks operated by unaffiliated parties, for example, if you “like” or “follow” MITRE on those platforms (“Social Features”). If you choose to “like” or share content or post information using Social Features, that information may be publicly displayed, and the party operating the social media platform may receive information about you and your use of our Sites. Similarly, if you interact with us through Social Features, we may have access to information about you from the social media platform. Please note that if you mention MITRE, or comment about or in response to us, in your post on a social media platform, that platform may allow us to publish your post on our Sites. You should review the terms, policies, and settings of these platforms to learn more about their data practices and adjust your settings accordingly.
Security of Personal Information
MITRE maintains reasonable safeguards designed to protect personal information from loss, theft, misuse, and unauthorized access, disclosure, alteration, and destruction. MITRE employs encryption technologies and user authentication procedures that are designed to keep data secure. Nevertheless, transmission via the Internet and online digital storage are not completely secure, so we cannot guarantee the security of your personal information.
Your Choices
You may receive marketing communications from us if you have requested information from us or received services—such as a newsletter subscription—from us and, in each case, you have not opted out of receiving that marketing.
You will have the ability to change your preferences or unsubscribe any time you receive an email from us. When you opt out of receiving a specific subscription or newsletter, this will not affect any other newsletters or subscriptions that you have requested. You can also ask us to stop sending you marketing messages at any time by contacting us at privacy@mitre.org.
Information for Visitors from Outside the United States
MITRE is based in the United States. If you are visiting our Sites from outside the United States, please be aware that information we obtain about you may be transferred to and processed in the United States or other jurisdictions. By using the Sites and providing your personal information, you acknowledge that your personal information may be transferred to and processed in jurisdictions outside your own. Please be aware that the data protection laws and regulations that may apply to your personal information transferred to the United States or other countries may be different from the laws in your country of residence.
Information for Visitors from the European Economic Area and the United Kingdom
This section provides a GDPR Notice (“Notice”) for residents of the European Economic Area (“EEA”) and United Kingdom (“UK”) regarding their respective rights under the European Union’s General Data Protection Regulation and the United Kingdom’s General Data Protection Regulation (collectively, the “GDPR”). MITRE is the data controller for personal data collected through the Sites.
This Notice supplements the information in this Privacy Policy and other MITRE privacy policies and notices. If there is a conflict between any other MITRE privacy policy, statement, or notice and this Notice, this Notice will prevail.
Our Collection and Use of Personal Data
Personal data collected through the MITRE Sites may include:
- Contact Data. You may provide your contact details, such as your name, phone number, postal address, email address, and company affiliation; for example, when you contact us for further information or subscribe to receive our news and information offerings.
- Device Data. We may obtain information about devices that access our Sites, including the type of device, operating system, device settings, unique device identifiers, and error data.
- Other Data You Provide. This includes personal data you include in communications you send to us, such as inquiries about our services.
Our Processing of Your Personal Data
Your personal data is required for us to provide some of our services. In some instances, if you fail to provide your personal data, you may not be able to access or use our services. We may process the personal data you provide for any of the purposes identified in the “How We Use Personal Information” and “How We Share Personal Information” Sections of our Online Privacy Policy.
Your personal data is processed pursuant to the following legal bases:
- The processing is necessary for us to provide you with the services you request or to respond to your questions.
- We have a legal obligation to process your personal data, such as compliance with applicable tax laws or other government regulations or compliance with a court order or binding law enforcement request.
- We have a legitimate interest in processing your personal data and our reasons for using the personal data outweigh the potential prejudice to your data protection rights. In particular, we have a legitimate interest in the following instances:
- To analyze and improve the safety and security of our Sites and services, including by implementing and enhancing security measures and safeguards and protecting against fraud, spam, and other abuses;
- To maintain and improve our Sites and services; and
- To operate and promote MITRE services and provide you with information and communications about our services that are tailored to, and in accordance with, your preferences.
- You have consented to our processing of your personal data. When you consent, you may change your mind and withdraw your consent at any time by emailing us at privacy@mitre.org.
Your Rights Under the GDPR
The GDPR provides individuals with certain rights regarding their personal data. You may ask us to take the following actions:
- provide you with information about our processing of your personal data and access to your personal data;
- update or correct inaccuracies in your personal data;
- delete your personal data;
- transfer a copy of your personal data to you or a third party of your choice;
- restrict the processing of your personal data;
- object to our use of your personal data for marketing purposes; and
- object to our reliance on legitimate interests as the basis for processing your personal data.
You may submit these requests by email to privacy@mitre.org. We may require specific information from you to help us verify your identity prior to processing your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to any legal restrictions on disclosing this information.
If you would like to submit a complaint about our use of your personal data or our response to your request regarding your personal data, you may contact us at privacy@mitre.org or submit a complaint directly to the data protection authority in your jurisdiction. If you reside in the EEA, you can find information about your data protection authority here. If you reside in the UK, you may file complaints with the Information Commissioner’s Office here.
Our Retention of Your Personal Data
MITRE retains your personal data for no longer than is necessary to achieve the purposes for which the personal data was collected, or as may otherwise be permitted or required under applicable law. To determine the appropriate retention period, we will consider the scope and sensitivity of the personal data; the potential risk of harm from unauthorized access to, use, or disclosure of the data; the purposes for which we process the data; whether we can achieve our purposes through other means; our business needs; and applicable legal requirements. Unless otherwise required by applicable law, at the end of the retention period, we will anonymize or securely destroy your personal data.
Personal Data Transfers
By using the MITRE Sites, you acknowledge that your personal data may be collected, transferred to, and processed in jurisdictions outside your own. When you directly provide your personal data through our Sites, you acknowledge that your personal data is being provided by you to a company based in the United States. The laws that apply to personal data protection in the United States differ from those applicable in the EEA and the UK.
If it is necessary for us to transfer personal data out of the EEA and the UK, we do so by using suitable data transfer mechanisms, such as the standard contractual clauses approved by the European Commission, which impose data protection obligations on parties to the transfer.
Information for Specific Individuals
Residents of U.S. states with consumer privacy laws in effect and enforceable may contact us at privacy@mitre.org for further information about our privacy practices.
Privacy of Children
The MITRE Sites are not intended for children, and we do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child, we will delete it in accordance with applicable law.
Changes to Our Privacy Policy
MITRE may update or modify this Privacy Policy from time to time at our discretion. We will indicate changes to this Privacy Policy by updating the “Effective Date” at the beginning of the Privacy Policy. Please review this Privacy Policy periodically and especially before you provide any personal information to us. Your continued use of this Site after any update to this Privacy Policy will constitute your acceptance of our changes.
Questions
If you have questions about this Online Privacy Policy or MITRE’s privacy practices, you may email privacy@mitre.org.
MITRE’s Data Protection Officer for Singapore may be contacted as follows:
In the United States
Dena Kozanas – Data Protection Officer
Associate General Counsel & Chief Privacy Official
7515 Colshire Drive
McLean, VA 22102
Phone: +1 (703) 269-8515
Email: privacy@mitre.org
In Singapore
MITRE Asia Pacific Singapore
Thomas (Tass) Bruce Hudak – Privacy Coordinator
1 Changi Business Park Avenue 1
Suite #02-03/04
Singapore 486058
Phone: +65 8876 4609
Email: privacy@mitre.org