Effective Date: January 4th, 2021
This Policy addresses data subjects whose Personal Data we may receive from our customers (“Customers”) in our IX Cloud web-based software application and our Recite and Recite SPE software applications (collectively, the “Services”).
If you are not a Numonix Customer but engage in communications powered by our Services (an “End User”), we may collect and store Personal Data about you on behalf of our Customers. However, in these cases, we do not decide why and how that Personal Data will be processed. Our Customers use our Services to store and process an End User’s Personal Data. In that case, we act only as a storage and service provider. We do not decide what Personal Data is being stored, and in general, we will only access such Personal Data at our Customer’s request in connection with customer and technical support matters. We will only do this to provide the Services that our Customer has directed us to provide, or if we are required by law to do so.
This Policy also addresses Personal Data we receive directly from data subjects through their use of our websites and our web-based software applications.
Our Role with Respect to Your Personal Data
Processor. Within the scope of this Policy, Numonix acts as a data processor for the End User’s Personal Data we process in respect of the Services.
Controller. Within the scope of this Policy, Numonix acts as a data controller for the Personal Data we collect from Customers through their use of our web-based software applications and from visitors that visit our websites.
Basis of Processing
We rely on an authorized legal basis (such as, the performance of a contract or legitimate interest) to collect and process your Personal Data, unless consent is required by law. The legitimate interests pursued by us include the provision of the Services and to monitor and enhance the performance of our Services.
Categories of Personal Data and How We Collect Personal Data
Technical and Customer Support. If our Customers require customer or technical support, we may obtain access to any Personal Data you, as an End User, may have shared with the Customer through our Services. Numonix only accesses such Personal Data at our customer’s written request and any Personal Data is immediately deleted once the issue has been resolved.
Interest in Services. If you have an interest in obtaining information about our Services; request support; contact us; register to use our websites; sign up for an event, webinar or contest; or download content, we may require that you provide to us your contact information (name, title, company name, address, phone number, email address or username and password).
Purchases. If you make purchases via our website or register for an event or webinar, we may require that you provide to us your financial and billing information, such as billing name and address, credit card number or bank account information.
Websites. If you interact with our websites or emails, we may automatically collect information about your device and your usage of our websites or emails (such as Internet Protocol (IP) addresses or other identifiers, which may qualify as Personal Data.
Events. If you attend an event and we scan your badge, which will provide to us your information (name, title, company name, address, country, phone number and email address).
Community. If you register for an online community that we provide, we may ask you to provide a username, photo or other biographical information, such as your occupation, location, social media profiles, company name, areas of expertise and interests.
Log Files. If you use and interact with our Services, we may automatically collect information about your device and your usage of our Services through log files and other technologies, some of which may qualify as Personal Data.
Surveys. If you voluntarily submit certain information to our Services, such as filling out a survey about your experience, we may collect the information you have provided.
Office Visits. If you visit our offices, you may be required to register as a visitor and to provide your name, email address, phone number, company name and time and date of arrival.
Other Sources. We also may collect information about you from other sources including third parties from whom we purchase Personal Data and from publicly available information.
We may combine this information with Personal Data provided by you.
This helps us update, expand, and analyze our records, identify new customers, and create more tailored advertising to provide services that may be of interest to you.
The Personal Data we collect from other sources includes identifiers, professional information and commercial information.
We collect such Personal Data from these sources:
Third party providers of business contact information, including mailing addresses, job titles, email addresses, phone numbers, intent data, IP addresses, for purposes of targeted advertising, delivering relevant email content, event promotion and profiling, determining eligibility and verifying contact information.
How We Gather Data. We use common information-gathering tools, such as tools for collecting usage data, cookies, web beacons, pixels, and similar technologies to automatically collect information that may contain Personal Data as you navigate our websites, our Services, or interact with emails we have sent to you.
Automatically When You Visit Our Sites.
This information may include identifiers, commercial information, and internet activity information such as IP address (or proxy server information), device and application information, identification numbers and features, location, browser type, plug-ins, integrations, Internet service provider and/or mobile carrier, the pages and files viewed, searches, referring website, app or ad, operating system, system configuration information,
advertising and language preferences, date and time stamps associated with your usage, and frequency of visits to the websites.
This information is used to analyze overall trends, help us provide and improve our websites, offer a tailored experience for website users, and secure and maintain our websites.
Automatically as Part of Our Cloud Services.
This information may include identifiers, commercial information, and internet activity information such as IP address (or proxy server), mobile device number, device and application identification numbers, location, browser type, Internet service provider or mobile carrier, the pages and files viewed, website and webpage interactions including searches and other actions you take, operating system and system configuration
information and date and time stamps associated with your usage.
This information is used to maintain the security of the Services, to provide necessary functionality, to improve performance of the Services, to assess and improve customer and user experience of the Services, to review compliance with applicable usage terms, to identify future opportunities for development of the Services, to assess capacity requirements, and to identify customer opportunities.
Some of the data collected through our Customers’ use of the Services, whether alone or in conjunction with other data, could be Personal Data. Please note that this data is primarily used to identify the uniqueness of each user logging on (as opposed to specific individuals), apart from where it is strictly required to identify an individual for security purposes or as required as part of our provision of the Services to our Customers.
Cookies, Web Beacons and Other Tracking Technologies.
When you visit our websites, we, or an authorized third party, may place a cookie on your device that collects information, including Personal Data, about your online activities over time and across different sites. Cookies allow us to track use, infer browsing preferences, and improve and customize your browsing experience.
We use both session-based and persistent cookies on our websites.
Session-based cookies exist only during a single session and disappear from your device when you close your browser or turn off the device.
Persistent cookies remain on your device after you close your browser or turn your device off.
We also use web beacons and pixels on our websites and in emails. For example, we may place a pixel in marketing emails that notify us when you click on a link in the email. We use these technologies to operate and improve our websites and marketing emails.
Basic Website Functionality.
Examples: session cookies needed to transmit the website, authentication cookies, and security cookies.
If you have chosen to identify yourself to us, we may place on your browser a cookie that allows us to uniquely identify you when you are logged into the websites and to process your online transactions and requests.
There is no option to opt out.
Examples: cookies used to analyze site traffic, cookies used for market research, and cookies used to display advertising that is not directed to a particular individual.
o Functional cookies may also be used to improve how our websites function and to help us provide you with more relevant communications, including marketing communications. These cookies collect information about how our websites are used, including which pages are viewed most often.
We may use our own technology or third-party technology to track and analyze usage information to provide enhanced interactions and more relevant communications, and to track the performance of our advertisements.
For example, we use Google Analytics (Google Analytics), a web analytics service provided by Google, Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. You can learn about Google’s privacy practices by going to www.google.com/policies/privacy/partners/.
We may also use HTML5 local storage or Flash cookies for the above-mentioned purposes. These technologies differ from browser cookies in the amount and type of data they store, and how they store it. To learn how to manage privacy and storage settings for Flash cookies, click here.
You can choose to opt out of functional cookies. To change your cookie settings and preferences, including those for functional cookies, click the Cookie Preferences link on the page. To learn how to control functional cookies, click here.
Advertising cookies track activity across websites in order to understand a viewer’s interests, and to direct marketing to them.
You can choose to opt out of targeting and advertising cookies. To change your cookie settings and preferences, including those for targeting and advertising cookies, click the Cookie Preferences link on the page.
Notices on behavioral advertising and opt-out for website visitors
We or one of our authorized partners may place or read cookies on your device when you visit our websites for the purpose of serving you targeted advertising (also referred to as “online behavioral advertising” or “interest-based advertising”). To learn more about targeted advertising and advertising networks please visit the opt-out pages of the Network Advertising Initiative, here, and the Digital Advertising Alliance, here.
To manage the use of targeting and advertising cookies on this website, click the Cookie Preferences link in the footer of the page or consult your individual browser settings for cookies. To learn how to manage privacy and storage settings for Flash cookies, click here. Various browsers may also offer their own management tools for removing HTML5 local storage.
Do not track.
While some internet browsers offer a “do not track” or “DNT” option that lets you tell websites that you do not want to have your online activities tracked, these features are not yet uniform. Therefore, we do not currently commit to responding to browsers’ DNT signals with respect to our websites.
For What Purposes We Use Your Personal Data
Websites and Services. We process your Personal Data to perform our contract with you for the use of our websites and Services and to fulfill our contractual obligations with our Customers. If we have not entered into a contract with you, we base the processing of your Personal Data on our legitimate interest to operate and administer our websites and to provide you with content you access and request (e.g., to download content from our websites).
Contact and user support. If you request support, or if you contact us by other means including via a phone call or webform, we process your Personal Data to perform our contract and to the extent it is necessary for our legitimate interest in fulfilling your requests and communicating with you.
Payments. If you have provided financial information to us, we process your Personal Data to verify that information and to collect payments to the extent that doing so is necessary to complete a transaction and perform our contract with you.
Security. We process your Personal Data by tracking use of our websites and Services, creating aggregated non-Personal Data, verifying accounts and activity, investigating suspicious activity, and enforcing our terms and policies to the extent it is necessary for our legitimate interest in promoting the safety and security of the Services, systems and applications and in protecting our rights and the rights of others.
Development. We process your Personal Data to analyze trends and to track your usage of and interactions with our websites and Services to the extent it is necessary for our legitimate interest in developing and improving our websites and Services and providing our users with more relevant content and service offerings.
Compliance. We process your Personal Data to review compliance with the contracts and policies to the extent that it is in our legitimate interest.
Customer opportunities. We process your Personal Data to assess new potential customer opportunities to the extent that it is in our legitimate interest.
Personalized advertisements. We process your Personal Data to conduct marketing research, advertise to you, provide personalized information about us on and off our websites based upon your activities and interests to the extent it is necessary for our legitimate interest.
Marketing communications. We will process your Personal Data or device and usage data to send you marketing information, product recommendations and other non-transactional communications about us and partners, including information about our products, promotions or events as necessary for our legitimate interest.
Managing contests or promotions. If you register for a contest or promotion, we process your Personal Data to perform our contract.
Managing event registrations and attendance. We process your Personal Data to plan and host events or webinars for which you have registered or that you attend, including sending related communications to you, to perform our contract.
Registering office visitors. We process your Personal Data for security reasons, to register visitors to our offices and to manage non-disclosure agreements that visitors may be required to sign, to the extent such processing is necessary for our legitimate interest; and
Legal obligations. We process your Personal Data when cooperating with public and government authorities, courts or regulators in accordance with our legal obligations under applicable laws to the extent this requires the processing or disclosure of Personal Data to protect our rights or is necessary for our legitimate interest.
Disclosure and Sharing
We may share or disclose Personal Data to the third parties listed below. These third parties may be located outside of the United States; however, we will either obtain your explicit consent to transfer your Personal Data to such third parties, or we will require that those third parties maintain at least the same level of privacy and security that we maintain for such Personal Data. We remain liable for the protection of your
Personal Data that we transfer to third parties, except to the extent that we are not responsible for the event giving rise to any unauthorized or improper processing.
Service Providers. With our contracted service providers, who provide services such as IT and system administration and hosting, credit card processing, research and analytics, marketing, and Customer support.
Our Resellers. With Resellers, Distributors and Managed Service Providers to the extent such sharing of data is necessary to fulfill a request you have submitted via our websites or for Customer support, marketing, technical operations and account management purposes.
Your Affiliates. If you use our Services as a user, we may share your Personal Data with our affiliated Customer responsible for your access to the Services to the extent this is necessary for verifying accounts and activity, investigating suspicious activity, or enforcing our terms and policies.
Our Affiliates. With affiliates within our corporate group, to the extent such sharing of data is necessary to fulfill a request you have submitted via our websites or for Customer support, marketing, technical operations and account management purposes.
Event Sponsors. If you attend an event or webinar organized by us, or download or access content, we may share your Personal Data with sponsors of the event. If required by applicable law, you may consent to such sharing via the registration form or by allowing your attendee badge to be scanned at a sponsor booth. In these circumstances, your information will be subject to the sponsors’ privacy statements.
Contest and Promotion Sponsors. With sponsors of contests or promotions for which you register;
Third party networks and websites. With third-party social media networks, advertising networks and websites, so that we can market and advertise on third party platforms and websites (example’s: LinkedIn, HubSpot, Freshdesk, VTige).
Professional Advisers. In individual instances, we may share your Personal Data with professional advisers acting as service providers, processors, or joint controllers – including lawyers, bankers, auditors, and insurers based in countries in which we operate, and to the extent we are legally obliged to share or have a legitimate interest in sharing your Personal Data.
Change in Ownership. To a successor, if we are involved in a merger, reorganization, or other corporate change, or sell a business unit, or a significant portion of our business. In accordance with applicable laws, we will use reasonable efforts to notify you of any transfer of Personal Data to an unaffiliated third party.
Anonymous and Aggregated. We may also share anonymous and aggregated usage data in the normal course of operating our business; for example, we may share information publicly to show trends about the general use of our Services.
Legal Requirements. We may disclose your Personal Data to the extent required by law or if we have a good-faith belief that such disclosure is necessary in order to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, or private parties, including but not limited to: in response to subpoenas, search warrants, or court orders. If we must disclose your Personal Data in order to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, we may not be able to ensure that such recipients of your Personal Data will maintain the privacy or security of your Personal Data.
How Long Do We Keep Your Personal Data
We will retain your Personal Data for as long as necessary for the relevant purpose for which it was provided or collected, in accordance with our then-current data retention policy, unless you otherwise request that it be deleted sooner in accordance with this policy and applicable laws.
Your Rights as a Data Subject in the EU
Data Subject Rights. If you are a “Data Subject” in the EU, and we collect or you provide us with any Personal Data as that term is defined under the General Data Protection Regulation (“GDPR”), the following applies:
You can ask us what Personal Data we hold, about you, and you can ask us to access it, have a copy of it, correct it if it is inaccurate, restrict the processing of it, object to the processing of it, erase it or withdraw your consent to us processing it, under certain circumstances.
To exercise your rights regarding your Personal Data by email, mail, or phone, please use the contact information provided at the bottom of this policy. We will respond to all legitimate requests within 30 days, where possible and will contact you should we require additional information in order to honor your request. You may also complain to the supervisory authority of the country in which you are located or to our EU representative.
Transfer. As you register on our Service, your Personal Data is being stored outside of the EU on our servers in the United States. If we further transfer this Personal Data, it will be transferred to a sub- processor that: (i) is located in a third country or territory recognized by the EU Commission to have an adequate level of protection; or (ii) we have entered into Standard Contractual Clauses with; or (iii) has other legally recognized appropriate safeguards in place, such as Binding Corporate Rules. By submitting your Personal Data, you agree to this transfer, storing or processing of your Personal Data outside of the EEA and the UK.
Marketing. Please note that, if you change your mind about being sent marketing emails you can “opt out” at any time by clicking the “unsubscribe” link at the bottom of any marketing email. Once you “opt out”, you will no longer receive any marketing emails from us. We will continue to communicate with you regarding your service billing and support via email.
EU Representative. We have appointed VeraSafe as our representative in the EU for data protection matters. While you may also contact us, VeraSafe can be contacted on matters related to the processing of Personal Data. To contact VeraSafe, please use this contact form: https://www.verasafe.com/privacy- services/contact-article-27-representative/ or via telephone at: +420 228 881 031.
Alternatively, VeraSafe can be contacted at:
VeraSafe Ireland Ltd. Unit 3D North Point House North Point Business Park New Mallow Road
Your Rights as a Data Subject in the U.S.
If you are a data subject in the U.S. about whom we store Personal Data, you may have the right to request access to, and the opportunity to update, correct, or delete, such Personal Data. To submit such requests, please contact us using the contact information listed below.
Your Rights If You Are a “Consumer” Under the Laws of the State of California
Consumer. If you are a “Consumer” and any Personal Data that we collect falls under the definition of “personal information” as that term is defined under the California Consumer Privacy Act (CCPA), the following applies:
You can ask us what Personal Data we hold about you, the source of the information, the use of your Personal Data, and you can ask us to access it, to have a copy of it, and to erase it, under certain circumstances (a “Personal Information Request”) that was collected about you during the 12 months before your Personal Information Request.
You can ask us if the Personal Data was disclosed to third parties, the categories of Personal Data disclosed to third parties and the categories of third parties to whom such Personal Data was disclosed.
To exercise your rights regarding your Personal Data by email, mail, or phone, please use the contact information provided at the bottom of this policy. When you make a Personal Information Request, we will need to collect information from you so that we can verify your identity, and we will respond to all legitimate requests within 45 days.
We will retain your Personal Data in accordance with our then current data retention policy, unless you otherwise request that it be deleted sooner, in accordance with this Policy.
You have the right not to be discriminated against because of exercising any of your rights under the CCPA.
No Sale. We do not sell your Personal Data to any third parties.
We respect the consumers request to not use third-party non-functional cookies with the option to ‘to refuse the consent’.
EU-U.S. and Swiss-U.S. Privacy Shield Frameworks
With respect to Personal Data processed in the scope of this Notice, Numonix complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework (the “Privacy Shield”) as adopted and set forth by the U.S. Department of Commerce regarding the processing of Personal Data. Numonix commits to adhere to and has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. To learn more about the Privacy Shield, and to view Numonix’s certification, please visit https://www.privacyshield.gov and https://www.privacyshield.gov/list, respectively.
VeraSafe Privacy Program
Numonix is a member of the VeraSafe Privacy Program, meaning that with respect to Personal Data processed in the scope of this Notice, VeraSafe has assessed Numonix’s data governance and data security for compliance with the VeraSafe Privacy Program Certification Criteria. The certification criteria require that participants maintain a high standard for data privacy and implement specific best practices pertaining to notice, onward transfer, choice, access, data security, data quality, recourse, and enforcement.
Where a privacy complaint or dispute cannot be resolved through our internal processes, we have agreed to participate in the VeraSafe Privacy Shield Dispute Resolution Procedure. Subject to the terms of the VeraSafe Privacy Shield Dispute Resolution Procedure, VeraSafe will provide appropriate recourse free of charge to you. To file a complaint with VeraSafe and participate in the VeraSafe Privacy Shield Dispute Resolution Procedure, please submit the required information here: https://www.verasafe.com/privacy- services/dispute-resolution/submit-dispute/.
If your dispute or complaint cannot be resolved by us, nor through the dispute resolution program established by VeraSafe, you may have the right to require that we enter into binding arbitration with you under the Privacy Shield’s “Recourse, Enforcement and Liability Principle” and Annex I of the Privacy Shield.
U.S. Regulatory Oversight
Numonix is subject to the investigatory and enforcement powers of the United States Federal Trade Commission.
European Union Supervisory Authority Oversight
If you are a data subject whose Personal Data we process, you may also have the right to lodge a complaint with a data protection regulator in one or more of the European Union member states.
Attn: Darren Poswell, Security Officer 2650 N. Military Trail
Suite 150 Boca Raton Florida, 33431
Please allow up to four weeks for us to reply.
Industry Standard Security. Numonix has implemented and will maintain technical, administrative, and physical measures that are reasonably designed to help protect PII from unauthorized processing such as unauthorized access, disclosure, alteration, or destruction.
No Children Under Age 13. We do not intentionally gather Personal Data about visitors who are under the age of 13.
Links to Third-Party Sites. Our Service may contain links to other sites and services, which are owned and controlled by others. These third-party websites have their own policies regarding privacy, and you should review those policies.
Revisions to this Policy. We may change this policy at any time and changes will be posted on this page and where appropriate notified to you. Please check back frequently to see any updates or changes to our policy.