Compliance
Compliance
Effective Date: 11/01/2022
Introduction
Numonix, LLC (“Numonix”) takes the protection of personally identifiable information (“Personal Data”) very seriously. Please read this privacy policy (the “Policy”) to learn more about our privacy practices, and how we protect your privacy rights.
What Is Covered by This Privacy Policy
This Policy addresses data subjects whose Personal Data we may receive from our customers (“Customers”) in our IX Cloud web-based software application and our Recite and Recite SPE software applications (collectively, the “Services”).
If you are not a Numonix Customer but engage in communications powered by our Services (an “End User”), we may collect and store Personal Data about you on behalf of our Customers. However, in these cases, we do not decide why and how that Personal Data will be processed. Our Customers use our Services to store and process an End User’s Personal Data. In that case, we act only as a storage and service provider. We do not decide what Personal Data is being stored, and in general, we will only access such Personal Data at our Customer’s request in connection with customer and technical support matters. We will only do this to provide the Services that our Customer has directed us to provide, or if we are required by law to do so.
Where you, as an End User, provide your Personal Data to one of our Customers or where we collect your Personal Data on their behalf, our Customer’s privacy policy, rather than this Policy, will apply to our processing of your Personal Data. If you have a direct relationship with one of our Customers, please contact them to exercise your privacy rights.
This Policy also addresses Personal Data we receive directly from data subjects through their use of our websites and our web-based software applications.
Our Role with Respect to Your Personal Data
Processor. Within the scope of this Policy, Numonix acts as a data processor for the End User’s Personal Data we process in respect of the Services.
Controller. Within the scope of this Policy, Numonix acts as a data controller for the Personal Data we collect from Customers through their use of our web-based software applications and from visitors that visit our websites.
Basis of Processing
We rely on an authorized legal basis (such as, the performance of a contract or legitimate interest) to collect and process your Personal Data, unless consent is required by law. The legitimate interests pursued by us include the provision of the Services and to monitor and enhance the performance of our Services.
Categories of Personal Data and How We Collect Personal Data
Technical and Customer Support. If our Customers require customer or technical support, we may obtain access to any Personal Data you, as an End User, may have shared with the Customer through our Services. Numonix only accesses such Personal Data at our customer’s written request and any Personal Data is immediately deleted once the issue has been resolved.
Interest in Services. If you have an interest in obtaining information about our Services; request support; contact us; register to use our websites; sign up for an event, webinar or contest; or download content, we may require that you provide to us your contact information (name, title, company name, address, phone number, email address or username and password).
Purchases. If you make purchases via our website or register for an event or webinar, we may require that you provide to us your financial and billing information, such as billing name and address, credit card number or bank account information.
Websites. If you interact with our websites or emails, we may automatically collect information about your device and your usage of our websites or emails (such as Internet Protocol (IP) addresses or other identifiers, which may qualify as Personal Data.
Events. If you attend an event and we scan your badge, which will provide to us your information (name, title, company name, address, country, phone number and email address).
Community. If you register for an online community that we provide, we may ask you to provide a username, photo or other biographical information, such as your occupation, location, social media profiles, company name, areas of expertise and interests.
Log Files. If you use and interact with our Services, we may automatically collect information about your device and your usage of our Services through log files and other technologies, some of which may qualify as Personal Data.
Surveys. If you voluntarily submit certain information to our Services, such as filling out a survey about your experience, we may collect the information you have provided.
Office Visits. If you visit our offices, you may be required to register as a visitor and to provide your name, email address, phone number, company name and time and date of arrival.
Other Sources. We also may collect information about you from other sources including third parties from whom we purchase Personal Data and from publicly available information.
- We may combine this information with Personal Data provided by you.
- This helps us update, expand, and analyze our records, identify new customers, and create more tailored advertising to provide services that may be of interest to you.
- The Personal Data we collect from other sources includes identifiers, professional information and commercial information.
- We collect such Personal Data from these sources:
Third party providers of business contact information, including mailing addresses, job titles, email addresses, phone numbers, intent data, IP addresses, for purposes of targeted advertising, delivering relevant email content, event promotion and profiling, determining eligibility and verifying contact information.
How We Gather Data. We use common information-gathering tools, such as tools for collecting usage data, cookies, web beacons, pixels, and similar technologies to automatically collect information that may contain Personal Data as you navigate our websites, our Services, or interact with emails we have sent to you.
- Automatically When You Visit Our Sites.
- This information may include identifiers, commercial information, and internet activity information such as IP address (or proxy server information), device and application information, identification numbers and features, location, browser type, plug-ins, integrations, Internet service provider and/or mobile carrier, the pages and files viewed, searches, referring website, app or ad, operating system, system configuration information, advertising and language preferences, date and time stamps associated with your usage, and frequency of visits to the websites.
- This information is used to analyze overall trends, help us provide and improve our websites, offer a tailored experience for website users, and secure and maintain our websites.
- This information is retained for no longer than 12 months.
- Automatically as Part of Our Cloud Services.
- This information may include identifiers, commercial information, and internet activity information such as IP address (or proxy server), mobile device number, device and application identification numbers, location, browser type, Internet service provider or mobile carrier, the pages and files viewed, website and webpage interactions including searches and other actions you take, operating system and system configuration information and date and time stamps associated with your usage.
- This information is used to maintain the security of the Services, to provide necessary functionality, to improve performance of the Services, to assess and improve customer and user experience of the Services, to review compliance with applicable usage terms, to identify future opportunities for development of the Services, to assess capacity requirements, and to identify customer opportunities.
- Some of the data collected through our customers’ use of the Services, whether alone or in conjunction with other data, could be Personal Data. Please note that this data is primarily used to identify the uniqueness of each user logging on (as opposed to specific individuals), apart from where it is strictly required to identify an individual for security purposes or as required as part of our provision of the Services to our Customers.
- Cookies, Web Beacons and Other Tracking Technologies.
- We use technologies such as web beacons, pixels, tags, and JavaScript, alone or in conjunction with cookies, to gather information about the use of our websites and how people interact with our emails. Further information is set out in our Cookie Policy.
- When you visit our websites, we, or an authorized third party, may place a cookie on your device that collects information, including Personal Data, about your online activities over time and across different sites. Cookies allow us to track use, infer browsing preferences, and improve and customize your browsing experience.
- We use both session-based and persistent cookies on our websites.
- Session-based cookies exist only during a single session and disappear from your device when you close your browser or turn off the device.
- Persistent cookies remain on your device after you close your browser or turn your device off.
- You can control the use of cookies on your device but choosing to disable cookies on your device may limit your ability to use some features on our websites and Services.
- We also use web beacons and pixels on our websites and in emails. For example, we may place a pixel in marketing emails that notify us when you click on a link in the email. We use these technologies to operate and improve our websites and marketing emails.
Required Cookies
- Basic Website Functionality.
- Examples: session cookies needed to transmit the website, authentication cookies, and security cookies.
- If you have chosen to identify yourself to us, we may place on your browser a cookie that allows us to uniquely identify you when you are logged into the websites and to process your online transactions and requests.
- There is no option to opt out.
Functional Cookies
- Functional Cookies.
- Examples: cookies used to analyze site traffic, cookies used for market research, and cookies used to display advertising that is not directed to a particular individual.
- Functional cookies may also be used to improve how our websites function and to help us provide you with more relevant communications, including marketing communications. These cookies collect information about how our websites are used, including which pages are viewed most often.
- We may use our own technology or third-party technology to track and analyze usage information to provide enhanced interactions and more relevant communications, and to track the performance of our advertisements.
- For example, we use Google Analytics (Google Analytics), a web analytics service provided by Google, Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. You can learn about Google’s privacy practices by going to www.google.com/policies/privacy/partners/.
- Google Analytics uses cookies to help us analyze how our websites are used, including the number of visitors, the websites from which visitors have navigated to our websites, and the pages on our websites to which visitors navigate. This information is used by us to improve our websites. We use Google Analytics with restrictions on how Google can process our data enabled. For information on Google’s Restricted Data Processing go to https://privacy.google.com/businesses/rdp/.
- We may also use HTML5 local storage or Flash cookies for the above-mentioned purposes. These technologies differ from browser cookies in the amount and type of data they store, and how they store it. To learn how to manage privacy and storage settings for Flash cookies, click here.
- You can choose to opt out of functional cookies. To change your cookie settings and preferences, including those for functional cookies, click the Cookie Preferences link on the page. To learn how to control functional cookies, click here.
Advertising Cookies
- Advertising cookies track activity across websites in order to understand a viewer’s interests, and to direct marketing to them.
- We sometimes use cookies delivered by us or by third parties to show you ads for our products that we think may interest you on devices you use and to track the performance of our advertisements. For example, these cookies collect information such as which browser you used when visiting our websites.
- We also contract with third-party advertising networks that collect IP addresses and other information from web beacons on our websites, from emails and on third-party websites. Advertising networks follow your online activities over time and across different websites or other online services by collecting device and usage data through automated means, including through the use of cookies. These technologies may recognize you across the different devices you use. When we work with third party advertising networks, we require them to restrict their data processing to only what is necessary to provide us with the advertising services we request.
- You can choose to opt out of targeting and advertising cookies. To change your cookie settings and preferences, including those for targeting and advertising cookies, click the Cookie Preferences link on the page.
- Notices on behavioral advertising and opt-out for website visitors
- We or one of our authorized partners may place or read cookies on your device when you visit our websites for the purpose of serving you targeted advertising (also referred to as “online behavioral advertising” or “interest-based advertising”). To learn more about targeted advertising and advertising networks please visit the opt-out pages of the Network Advertising Initiative, here, and the Digital Advertising Alliance, here.
- To manage the use of targeting and advertising cookies on this website, click the Cookie Preferences link in the footer of the page or consult your individual browser settings for cookies. To learn how to manage privacy and storage settings for Flash cookies, click here. Various browsers may also offer their own management tools for removing HTML5 local storage.
- Do not track.
- While some internet browsers offer a “do not track” or “DNT” option that lets you tell websites that you do not want to have your online activities tracked, these features are not yet uniform. Therefore, we do not currently commit to responding to browsers’ DNT signals with respect to our websites.
For What Purposes We Use Your Personal Data
- Websites and Services. We process your Personal Data to perform our contract with you for the use of our websites and Services and to fulfill our contractual obligations with our Customers. If we have not entered into a contract with you, we base the processing of your Personal Data on our legitimate interest to operate and administer our websites and to provide you with content you access and request (e.g., to download content from our websites).
- Contact and user support. If you request support, or if you contact us by other means including via a phone call or webform, we process your Personal Data to perform our contract and to the extent it is necessary for our legitimate interest in fulfilling your requests and communicating with you.
- Payments. If you have provided financial information to us, we process your Personal Data to verify that information and to collect payments to the extent that doing so is necessary to complete a transaction and perform our contract with you.
- Security. We process your Personal Data by tracking use of our websites and Services, creating aggregated non-Personal Data, verifying accounts and activity, investigating suspicious activity, and enforcing our terms and policies to the extent it is necessary for our legitimate interest in promoting the safety and security of the Services, systems and applications and in protecting our rights and the rights of others.
- Development. We process your Personal Data to analyze trends and to track your usage of and interactions with our websites and Services to the extent it is necessary for our legitimate interest in developing and improving our websites and Services and providing our users with more relevant content and service offerings.
- Compliance. We process your Personal Data to review compliance with the contracts and policies to the extent that it is in our legitimate interest.
- Customer opportunities. We process your Personal Data to assess new potential customer opportunities to the extent that it is in our legitimate interest.
- Personalized advertisements. We process your Personal Data to conduct marketing research, advertise to you, provide personalized information about us on and off our websites based upon your activities and interests to the extent it is necessary for our legitimate interest.
- Marketing communications. We will process your Personal Data or device and usage data to send you marketing information, product recommendations and other non-transactional communications about us and partners, including information about our products, promotions or events as necessary for our legitimate interest.
- Managing contests or promotions. If you register for a contest or promotion, we process your Personal Data to perform our contract.
- Managing event registrations and attendance. We process your Personal Data to plan and host events or webinars for which you have registered or that you attend, including sending related communications to you, to perform our contract .
- Registering office visitors. We process your Personal Data for security reasons, to register visitors to our offices and to manage non-disclosure agreements that visitors may be required to sign, to the extent such processing is necessary for our legitimate interest; and
- Legal obligations. We process your Personal Data when cooperating with public and government authorities, courts or regulators in accordance with our legal obligations under applicable laws to the extent this requires the processing or disclosure of Personal Data to protect our rights or is necessary for our legitimate interest.
Disclosure and Sharing
We may share or disclose Personal Data to the third parties listed below. These third parties may be located outside of the United States; however, we will either obtain your explicit consent to transfer your Personal Data to such third parties, or we will require that those third parties maintain at least the same level of privacy and security that we maintain for such Personal Data. We remain liable for the protection of your Personal Data that we transfer to third parties, except to the extent that we are not responsible for the event giving rise to any unauthorized or improper processing.
Service Providers. With our contracted service providers, who provide services such as IT and system administration and hosting, credit card processing, research and analytics, marketing, and Customer support.
Our Resellers. With Resellers, Distributors and Managed Service Providers to the extent such sharing of data is necessary to fulfill a request you have submitted via our websites or for Customer support, marketing, technical operations and account management purposes.
Your Affiliates. If you use our Services as a user, we may share your Personal Data with our affiliated Customer responsible for your access to the Services to the extent this is necessary for verifying accounts and activity, investigating suspicious activity, or enforcing our terms and policies.
Our Affiliates. With affiliates within our corporate group, to the extent such sharing of data is necessary to fulfill a request you have submitted via our websites or for Customer support, marketing, technical operations and account management purposes.
Event Sponsors. If you attend an event or webinar organized by us, or download or access content, we may share your Personal Data with sponsors of the event. If required by applicable law, you may consent to such sharing via the registration form or by allowing your attendee badge to be scanned at a sponsor booth. In these circumstances, your information will be subject to the sponsors’ privacy statements.
Contest and Promotion Sponsors. With sponsors of contests or promotions for which you register;
Third party networks and websites. With third-party social media networks, advertising networks and websites, so that we can market and advertise on third party platforms and websites (example’s: LinkedIn, HubSpot, Freshdesk, VTige).
Professional Advisers. In individual instances, we may share your Personal Data with professional advisers acting as service providers, processors, or joint controllers – including lawyers, bankers, auditors, and insurers based in countries in which we operate, and to the extent we are legally obliged to share or have a legitimate interest in sharing your Personal Data.
Change in Ownership. To a successor, if we are involved in a merger, reorganization, or other corporate change, or sell a business unit, or a significant portion of our business. In accordance with applicable laws, we will use reasonable efforts to notify you of any transfer of Personal Data to an unaffiliated third party.
Anonymous and Aggregated. We may also share anonymous and aggregated usage data in the normal course of operating our business; for example, we may share information publicly to show trends about the general use of our Services.
Legal Requirements. We may disclose your Personal Data to the extent required by law or if we have a good-faith belief that such disclosure is necessary in order to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, or private parties, including but not limited to: in response to subpoenas, search warrants, or court orders. If we must disclose your Personal Data in order to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, we may not be able to ensure that such recipients of your Personal Data will maintain the privacy or security of your Personal Data.
How Long Do We Keep Your Personal Data
We will retain your Personal Data for as long as necessary for the relevant purpose for which it was provided or collected, in accordance with our -current data retention policy, unless you otherwise request that it be deleted sooner in accordance with this policy and applicable laws.
For operation requirements such as accounting , Customer Helpdesk, and CRM we maintain the Business contact data for as long as legally required and maximum of 7 years past the end of the contractual agreement.
We use google analytics and Freshdesk chat cookies and the Data is retained for a maximum of 12 months or 1 calendar year.
We maintain no PII data on our cooperate website.
Your Rights as a Data Subject in the EU
Data Subject Rights. If you are a “Data Subject” in the EU, and we collect or you provide us with any Personal Data as that term is defined under the General Data Protection Regulation (“GDPR”), the following applies:
You can ask us what Personal Data we hold, about you, and you can ask us to access it, have a copy of it, correct it if it is inaccurate, restrict the processing of it, object to the processing of it, erase it or withdraw your consent to us processing it, under certain circumstances.
To exercise your rights regarding your Personal Data by email, mail, or phone, please use the contact information provided at the bottom of this policy. We will respond to all legitimate requests within 30 days, where possible and will contact you should we require additional information in order to honor your request. You may also complain to the supervisory authority of the country in which you are located or to our EU representative.
Transfer. As you register on our Service, your Personal Data is being stored outside of the EU on our servers in the United States. If we further transfer this Personal Data, it will be transferred to a sub- processor that: (i) is located in a third country or territory recognized by the EU Commission to have an adequate level of protection; or (ii) we have entered into Standard Contractual Clauses with; or (iii) has other legally recognized appropriate safeguards in place, such as Binding Corporate Rules. By submitting your Personal Data, you agree to this transfer, storing or processing of your Personal Data outside of the EEA.
Marketing. Please note that, if you change your mind about being sent marketing emails you can “opt out” at any time by clicking the “unsubscribe” link at the bottom of any marketing email. Once you “opt out”, you will no longer receive any marketing emails from us. We will continue to communicate with you regarding your service billing and support via email.
DPO. Please note that we have a data protection officer (DPO) who can be contacted as follows: [email protected].
EU Representative. We have appointed VeraSafe Ireland Ltd (“VeraSafe Ireland”) as our representative in the EU for data protection matters. While you may also contact us, VeraSafe Ireland can be contacted on matters related to the processing of Personal Data. To contact VeraSafe Ireland, please use this contact form: https://www.verasafe.com/privacy-services/contact-article-27-representative or via telephone at: +420 228 881 031.
Alternatively, VeraSafe Ireland can be contacted at:
VeraSafe Ireland Ltd.
Unit 3D North Point House
North Point Business Park
New Mallow Road
Cork T23AT2P
Ireland
Your Rights as a Data Subject in the U.K.
Data Subject Rights. If you are a “Data Subject” in the United Kingdom (“UK”), and we collect or you provide us with any Personal Data as that term is defined under the UK GDPR, the following applies:
You can ask us what Personal Data we hold, about you, and you can ask us to access it, have a copy of it, correct it if it is inaccurate, restrict the processing of it, object to the processing of it, erase it or withdraw your consent to us processing it, under certain circumstances.
To exercise your rights regarding your Personal Data by email, mail, or phone, please use the contact information provided at the bottom of this policy. We will respond to all legitimate requests within 30 days, where possible and will contact you should we require additional information in order to honor your request. You may also complain to the Information Commissioner’s Office (“ICO”), which is the UK. supervisory authority.
Transfer. As you register on our Service, your Personal Data is being stored outside of the UK. on our servers in the United States. If we further transfer this Personal Data, it will be transferred to a sub- processor that: (i) is located in a third country or territory recognized by the ICO to have an adequate level of protection; or (ii) we have entered into Standard Contractual Clauses with; or (iii) has other legally recognized appropriate safeguards in place, such as Binding Corporate Rules. By submitting your Personal Data, you agree to this transfer, storing or processing of your Personal Data outside of the UK.
Marketing. Please note that, if you change your mind about being sent marketing emails you can “opt out” at any time by clicking the “unsubscribe” link at the bottom of any marketing email. Once you “opt out”, you will no longer receive any marketing emails from us. We will continue to communicate with you regarding your service billing and support via email.
DPO. Please note that we have a data protection officer (DPO) who can be contacted as follows: [email protected].
U.K. Representative. We have appointed VeraSafe United Kingdom Ltd. (“VeraSafe United Kingdom”) as our representative in the UK for data protection matters. While you may also contact us, VeraSafe United Kingdom can be contacted on matters related to the processing of Personal Data. To contact VeraSafe United Kingdom, please use this contact form: https://www.verasafe.com/privacy-services/contact-article-27-representative/ or via telephone: +420 228 881 031.
Alternatively, VeraSafe United Kingdom can be contacted at:
VeraSafe United Kingdom Ltd.
37 Albert Embankment
London SE1 7TL
United Kingdom
Your Rights as a Data Subject in the U.S.
If you are a data subject in the U.S. about whom we store Personal Data, you may have the right to request access to, and the opportunity to update, correct, or delete, such Personal Data. To submit such requests, please contact us using the contact information listed below.
Your Rights If You Are a “Consumer” Under the Laws of the State of California
Consumer. If you are a “Consumer” and any Personal Data that we collect falls under the definition of “personal information” as that term is defined under the California Consumer Privacy Act (CCPA), the following applies:
You can ask us what Personal Data we hold about you, the source of the information, the use of your Personal Data, and you can ask us to access it, to have a copy of it, and to erase it, under certain circumstances (a “Personal Information Request”) that was collected about you during the 12 months before your Personal Information Request.
You can ask us if the Personal Data was disclosed to third parties, the categories of Personal Data disclosed to third parties and the categories of third parties to whom such Personal Data was disclosed.
To exercise your rights regarding your Personal Data by email, mail, or phone, please use the contact information provided at the bottom of this policy. When you make a Personal Information Request, we will need to collect information from you so that we can verify your identity, and we will respond to all legitimate requests within 45 days.
We will retain your Personal Data in accordance with our then current data retention policy, unless you otherwise request that it be deleted sooner, in accordance with this Policy.
You have the right not to be discriminated against because of exercising any of your rights under the CCPA. No Sale. We do not sell your Personal Data to any third parties.
We respect the consumers request to not use third-party non-functional cookies with the option to ‘to refuse the consent’.
EU-U.S. and Swiss-U.S. Privacy Shield Frameworks
With respect to Personal Data processed in the scope of this Notice, Numonix complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework (the “Privacy Shield”) as adopted and set forth by the U.S. Department of Commerce regarding the processing of Personal Data. Numonix commits to adhere to and has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. To learn more about the Privacy Shield, and to view Numonix’s certification, please visit https://www.privacyshield.gov and https://www.privacyshield.gov/list, respectively.
VeraSafe Privacy Program
Numonix is a member of the VeraSafe Privacy Program, meaning that with respect to Personal Data processed in the scope of this Notice, VeraSafe has assessed Numonix’s data governance and data security for compliance with the VeraSafe Privacy Program Certification Criteria. The certification criteria require that participants maintain a high standard for data privacy and implement specific best practices pertaining to notice, onward transfer, choice, access, data security, data quality, recourse, and enforcement.
Dispute Resolution
Where a privacy complaint or dispute cannot be resolved through our internal processes, we have agreed to participate in the VeraSafe Privacy Shield Dispute Resolution Procedure. Subject to the terms of the VeraSafe Privacy Shield Dispute Resolution Procedure, VeraSafe will provide appropriate recourse free of charge to you. To file a complaint with VeraSafe and participate in the VeraSafe Privacy Shield Dispute Resolution Procedure, please submit the required information here: https://www.verasafe.com/privacy- services/dispute-resolution/submit-dispute/
Binding Arbitration
If your dispute or complaint cannot be resolved by us, nor through the dispute resolution program established by VeraSafe, you may have the right to require that we enter into binding arbitration with you under the Privacy Shield’s “Recourse, Enforcement and Liability Principle” and Annex I of the Privacy Shield.
U.S. Regulatory Oversight
Numonix is subject to the investigatory and enforcement powers of the United States Federal Trade Commission.
European Union Supervisory Authority Oversight
If you are a data subject whose Personal Data we process, you may also have the right to lodge a complaint with a data protection regulator in one or more of the European Union member states.
U.K. Supervisory Oversight
If you are a data subject whose Personal Data we process, you may also have the right to lodge a complaint with the ICO.
Contact Us
If you have any questions about this Notice or our processing of your Personal Data, please write to, our Security Officer, by email at [email protected] or by postal mail at:
Numonix LLC
Attn: Darren Poswell, Security Officer 2650 N. Military Trail
Suite 150 Boca Raton Florida,
33431
USA
Please allow up to four weeks for us to reply.
Other Terms
Industry Standard Security. Numonix has implemented and will maintain technical, administrative, and physical measures that are reasonably designed to help protect PII from unauthorized processing such as unauthorized access, disclosure, alteration, or destruction.
No Children Under Age 13. We do not intentionally gather Personal Data about visitors who are under the age of 13.
No Contractual Rights. This Privacy Policy is not a contract and does not create any contractual rights or obligations.
Links to Third-Party Sites. Our Service may contain links to other sites and services, which are owned and controlled by others. These third-party websites have their own policies regarding privacy, and you should review those policies.
Revisions to this Policy. We may change this policy at any time and changes will be posted on this page and where appropriate notified to you. Please check back frequently to see any updates or changes to our policy.
Acceptable Use Policy (AUP)
All users of the Numonix web-based service (Service) must comply with this Acceptable Use Policy (AUP). This AUP is part of our Subscription Services Agreement (SSA). Your use or continuation of the Service constitutes your acceptance of this AUP. It is your responsibility, and contractual obligation, to ensure that your affiliates, agents, and/or customers (End Users) comply with this AUP.
- You expressly understand that the evolving nature of the Internet and online commerce makes it necessary for us to reserve the right to make changes to this AUP at any time and without notice, but which will only apply on a prospective basis.
- This AUP may not represent all possible ways in which you or an End User engage in unacceptable behavior.
- Numonix encourages prospective customers to carefully review sections of this AUP covering Recording, Intellectual Property Violations, and Security.
- A thorough review of those sections and the entire AUP may help avoid creating issues under it that will cause Numonix to take action, up to, and including, termination of a customer’s account.
- Services we provide may be subject to other acceptable use policies.
- Numonix will provide these acceptable use policies to you on request.
Scope and Purpose
Numonix does not review, edit, censor, or take responsibility for any information customers or End Users may create or store.
Contacting us about Abuse and Requests for Information about Customers and End Users
- Individuals who contact Numonix about this AUP, the behavior of our customers, or for other purposes, are required to provide us with accurate information to enable us to contact them and respond to their requests.
- Numonix does not respond to anonymous correspondence.
E-mail addresses used to contact Numonix are set out here [email protected]
- Please note that Numonix has created special addresses for certain types of complaints.
- Complaints misdirected by a Customer or End User may not be responded to by Numonix.
- Complaints submitted to Numonix are not confidential and may be forwarded to Numonix’s Customer or law enforcement, without notice.
- Numonix does not recognize requests that complaints be kept confidential and will not honor those requests.
- Some abuse complaints may not receive a reply depending on the volume of abuse complaints about that particular issue.
- Numonix does not respond to anonymous correspondence.
- Numonix may disclose information, including information that Customers or End Users consider confidential, in order to comply with a court order, subpoena, summons, discovery request, warrant, regulation, or governmental request, which appears to be valid.
- Numonix may also disclose such information when it is necessary for us to protect our business, or others, from harm.
- Numonix assumes no obligation to inform Customers or End Users that Numonix has provided this type of information unless Numonix has affirmatively agreed to do so. In some cases, Numonix may be prohibited by law from giving such notice.
- Individuals who contact Numonix about this AUP, the behavior of our customers, or for other purposes, are required to provide us with accurate information to enable us to contact them and respond to their requests.
The Services may be used for lawful purposes only
Transmission, storage, or presentation of any information, data or material in violation of any applicable law, regulation, this AUP, or our SSA, is prohibited. You may not use the Service to directly facilitate the violation of any law or regulation, including, but not limited to:
- forging, misrepresenting, omitting or deleting message headers, return mailing information, and/or internet protocol addresses, to conceal or misidentify the origin of a message;
- creating or sending Internet viruses, worms or Trojan horses, flood or mail bombs, or engaging in denial of service attacks;
- hacking, and/or subverting, or assisting others in subverting, the security or integrity of our products or systems;
- disseminating material that may cause us to be subject to attacks on our network, or that which is, but is not limited to, racist, pornographic, hateful material, or those which create customer service or abuse issues for us. Under no circumstances may Numonix’s systems be used to gain access or deny access to a system without the permission of the system’s owners (or rightful users);
- probes, port-scans, sweeps and spoofing of systems without the express permission of the owners of those systems; Numonix reserves the right to use probes, port-scans, sweeps and spoofing on any system connected to the Numonix network in the course of performing security assessments and threat management;
- soliciting the performance of any illegal activity, even if the activity itself is not performed; and/or acting in any manner that might subject us to unfavorable regulatory action, subject us to any liability for any reason, or adversely affect our public image, reputation or goodwill, as determined by us in our sole and exclusive discretion.
Copyright
Numonix is a registered trademark with the United States.
Numonix’s designated agent for receipt of notices pursuant to the DMCA is: [email protected]
Other Intellectual Property Infringement
Customers and End Users may not engage in activity that infringes or misappropriates the intellectual property rights of others. This includes but is not limited to trademarks, service marks, trade secrets, software piracy, and patents. Complaints about such activity by Customers or End Users may be directed to the address at the end of this AUP.
U.S. Export and Import Laws
- Customers and End Users may not use Numonix’s services to engage in a violation of
U.S. export and import control laws.
o More information about U.S. export laws may be found at http://www.export.gov/exportcontrols.html
- Customers and End Users may not use Numonix’s services to engage in a violation of
Subpoenas, Warrants, Document Preservation Requests and Other Requests for Information
- Law enforcement agencies who seek information about Numonix’s customers, or their use of Numonix’s services, are required to submit a subpoena, or other similar documents, pursuant to which Numonix is required by law to produce this information (Subpoena).
- Unless specifically required by law and so clearly communicated to Numonix, the subpoena will be transmitted to Numonix’s Customer.
- Civil demands for information, such as discovery requests and similar demands (Civil Demands), must be part of a filed and pending litigation matter.
- Responses to Civil Demands are at Numonix’s discretion.
- Responses are subject to a response fee of $250 per hour.
- Numonix does not honor requests from civil litigants to limit or to pre-approve response expenses.
- Civil litigants are encouraged to contact Numonix prior to serving Civil Demands in order to minimize their expenses.
- Numonix understands its obligations to preserve certain electronically stored material.
- Parties who ask Numonix to preserve this material, must contact Numonix in writing, and describe specifically what information they would like preserved.
- Preservation of any material is at Customer’s cost, which must be paid in advance.
- Law enforcement agencies who seek information about Numonix’s customers, or their use of Numonix’s services, are required to submit a subpoena, or other similar documents, pursuant to which Numonix is required by law to produce this information (Subpoena).
Changes to the Acceptable Use Policy
This Acceptable Use Policy may be updated from time to time, and the latest version of the document will be made available in this page.
Updated April 10, 2020
IXCloud Fair Usage Policy
Policy Statement:
This offering is designed for significant usage, however at some point there can be excessive usage.
Excessive Usage means:
Audio – 8 hours per day (on average over a month using 22 days per month) of continuous audio recording (using standard audio(mono)),
Video – 5 hours per day of continuous video recording (using video (up to 1920 × 1080)), or
Stored Calls – If the number of calls stored by the service in relation to the number of named active users is excessive.
Daily API Calls – if the number of API calls is greater than 2400 API calls per day per tenant.
If customer repeatedly exceeds violates this policy Numonix may throttle down the service or customer may incur charges (upon electronic advance notice) to limit the excessive usage.
Prior Notice of Extenuating Customer Circumstances.
Numonix understands that customers will occasionally have very high volumes of traffic outside of normal usage patterns. In those cases where this traffic can be predicted Numonix requests to be informed with as much notice as possible to ensure that service delivery remains consistently high.
Changes to the Fair Usage Policy
This Fair Usage Policy may be updated from time to time, and the latest version of the document will be made available in this page.
Rev. January 12,2021
IXCloud
API Policy
Modifications to Policy
IXCloud (Numonix) reserve the right, in its sole discretion, to modify this IXCloud or Numonix Software API Policy at any time. You are responsible for reviewing and becoming familiar with any modifications. Modifications are effective when first posted. To receive notifications about changes to this policy and the API functionality, see the Deprecation and API Changes section below.
Principles
Applications that access the IXCloud or Numonix Software API should adhere to the following principles:
- Don’t impersonate.
- Don’t surprise users.
- Respect the privacy of any information retrieved.
- Don’t overload users.
- Don’t Overload API’s
Additionally, your applications must adhere to API rate limits where applicable (see the API Rate Limits section below).
Don’t Impersonate
- Your application should not mirror or replicate IXCloud , or any other organization using Numonix software or services.
- Do not impersonate or facilitate impersonation of others in a manner that can mislead, confuse, or deceive users.
- End users should understand that your application is integrated with IXCloud or Numonix Software or Services but is an independent resource.
- You should not remove or alter any proprietary notices in the provided API’s.
Don’t Surprise Users
Your application should not…
- Use the API for different purposes other than what your application states or implies.
- Confuse or mislead users about the source or purpose of your application.
- Use business names and/or logos in a manner that can mislead, confuse, or deceive users.
- Use the IXCloud or Numonix software or services API’s on behalf of any third-party.
- Facilitate or encourage the publishing of links to malicious, inappropriate, untrue, illegal, private or obscene content.
Your service should outline what actions your application will take on the user’s behalf as part of the application registration process.
Respect the Privacy of any Information Retrieved
- Any user information—including extensions, personal contact, Business contact , profile information, etc.—retrieved through the IXCloud or Numonix API’s should be considered private information and, in some cases, will be protected by government regulations, please review applicable regulations and insure your use is compliant.
- Know what information your tool will disclose to the public or to other products and services, and be clear with end users about what information will be disclosed.
- Do not facilitate or encourage the publishing of private or confidential information.
- Always ensure that proper notification is given to customers and end users, including the customers clients be it Business to Business (B2B) or Business to Consumer(B2C) interactions.
Don’t Overload Users
IX cloud provides a number of different ways to contact, notify, and inform users of information. Where these methods are exposed in the API, it’s important to monitor how often your application is pushing information to users.
In general, you should try to push information as rarely as possible, both to prevent user annoyance and also to make your pushes more effective.
API Rate Limits
Applications that access the IXCloud Or Numonix Software or Services API’s must not place undue load on Numonix servers or infrastructure. Numonix will monitor, limit and in some cases terminate excessive use . Where applicable when the rate limit or number of calls is exceeded, API requests will fail. Limiting is enforced per user access token (and tenant) so that partners who perform requests on behalf of multiple end users will not be throttled.
If an application regularly exceeds the API rate limits or uses a disproportionately large number of high-impact (e.g. non-GET) requests, the access tokens may be revoked, or other measures may be taken to ensure the stability of the system for all users.
If you are concerned about hitting the rate limit, please contact your Customer Success Manager to either adjust your rate limit or seek assistance from our or other paid for professional services optimizing your application for lower impact on the provided Software or Services and to improve overall performance.
Deprecation and API Changes
The IXCloud and Numonix Software and Services API’s are versioned to allow for future enhancements. We strive to deliver a platform that is stable, consistent, and secure so you can confidently build scalable solutions on top of our APIs. Over time we will add, change, and remove API endpoints and fields from time to time using commercially reasonable efforts to provide communication and backward compatibility where possible as indicated:
| Type of change | Notice | What you should do |
| Remove an endpoint | Endpoint will be marked DEPRECATED at least 60 days before endpoint is removed | Watch release notes |
Remove a documented field in a result set | Field will be marked DEPRECATED at least 60 days before field is removed | Watch release notes |
| Remove an undocumented field in a result set | Undocumented fields can be removed or changed without notice | Avoid using these fields or be aware that they could be experimental and could change at any time |
| Add a field to a result set | Field can be added without prior notice | Write your code to be resilient to these types of changes |
| Add to the attribute set of a field in the result set | New values can be added to a field without prior notice | Write your code to be resilient to these types of changes |
| Change the attribute set of a field in the result set | Field value will be marked DEPRECATED at least 60 days before attribute is changed | Watch release notes |
| Remove the attribute set of a field in the result set | Field value will be marked DEPRECATED at least 60 days before attribute is removed | Watch release notes |
| Change to BETA endpoints, fields, or attributes | Can be removed or changed without prior notice | Watch release notes |
| Change to Sandbox endpoints, fields, or attributes | Can be removed or changed without prior notice we will make best effort to give at least 5 days | Watch release notes |
Changes related to fixing a security vulnerability | Any change related to repairing a security vulnerability could be made without prior notice | Watch release notes or security notifications where applicable |
Numonix has no liability to Customer as a result of any change, temporary unavailability, suspension, or termination of access to the API.
Information and notices regarding the available APIs can be found in the technical documentation on the website and in IXCloud API Release and Documentations as and where applicable.
API Support
Developers using iCloud Services provide by Numonix can submit questions or issues with the API to the Support team in one of the following ways:
- Email [email protected]
Tickets about the API will be handled following the same service-level agreement that applies to any other ticket from a given organization.
Developers who are not part of an official program can get support through the developer community:
- Engage in conversation on
- Participate in our TBD site found here: TBD
Rev. May 15, 2020
SUBSCRIPTION SERVICES AGREEMENT
Download PDFIXCLOUD (NUMONIX)
DATA PROCESSING
ADDENDUM
This Data Processing Addendum (“DPA”) applies to IXCloud (Numonix)’s Processing of Personal Data provided to IXCloud (Numonix) by Customer as part of IXCloud (Numonix)’s provision of Recording Software, Services, or Software-as-a-Service (“Services”) to Customer. This DPA forms part of the IXCloud Subscription Services Agreement, Terms of Service, End User License Agreement, or other written or electronic agreement (“Agreement”) between Numonix and Customer for the purchase of Services to reflect the parties’ agreement with regard to the Processing of Personal Data.
In the course of providing products and/or services to Customer pursuant to this DPA, IXCloud (Numonix) may Process Personal Data on behalf of Customer and the parties agree to comply with the following provisions with respect to any Personal Data, each acting reasonably and in good faith.
The terms of this DPA will be effective and replace any previously applicable data processing terms as of the date of execution.
Introduction
- Customer is a Controller (as applicable partner or end tenant) of certain Personal Data and wishes to appoint IXCloud (Numonix) as a Processor to Process this Personal Data on its behalf.
- The parties are entering into this DPA to ensure that IXCloud (Numonix) conducts such data Processing in accordance with Customer’s instructions and Applicable Data Protection Law requirements, and with full respect for the fundamental data protection rights of the Data Subjects whose Personal Data will be Processed.
Definitions
In this DPA, the following terms shall have the following meanings:
“Controller“, “Processor“,” Sub-Processor“, “Data Subject“, “Personal Data” and “Processing“ (and “Process”) shall have the meanings given in Applicable Data Protection Law. “Personal Data” shall include “Personal information” as that term is defined under Applicable Data Protection Law.
“Applicable Data Protection Law” shall mean: (i) Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the Processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation); (ii) EU Directive 2002/58/EC concerning the Processing of Personal Data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications); (iii) any national legislation made under or pursuant to (i) or (ii) ; (iii) California Consumer Privacy Act,; (iv) any amendments or successor legislation to (i), (ii), (iii), or (v); and (v) any other applicable data protection law, all as updated or superseded from time to time.
“Model Clauses” shall mean the model clauses for the transfer of Personal Data to Processors established in third countries approved by the European Commission from time to time, the approved version of which in force at present is that set out in the European Commission’s Decision 2010/87/EU of 5 February 2010.
Data Processing
- Relationship of the Parties. Customer (the Controller) appoints IXCloud (Numonix) as a Processor or (Sub- Processor as applicable) to Process the Personal Data that is the subject matter of the Agreement. Each party shall comply with the obligations that apply to it under Applicable Data Protection Law.
- Purpose Limitation. IXCloud (Numonix) shall Process the Personal Data as a Processor only as necessary to perform its obligations under the Agreement, and strictly in accordance with the documented instructions of Customer
- International Transfers. Customer acknowledges and agrees that IXCloud (Numonix) may transfer and process Personal Data anywhere in the world where IXCloud (Numonix), its affiliates or its sub-processors maintain data processing operations. IXCloud (Numonix) shall not transfer the Personal Data (nor permit the Personal Data to be transferred) outside of the European Economic Area (the “EEA”) or the United Kingdom (the “UK”) unless it takes such measures as are necessary to ensure the transfer is in compliance with Applicable Data Protection Law. Such measures may include (without limitation) transferring the Personal Data to a recipient in a country that the European Commission or any applicable UK authority has decided provides adequate protection for Personal Data, to a recipient that has achieved binding corporate rules authorization in accordance with Applicable Data Protection Law, or to a recipient that has executed Model Clauses. Where required under Applicable Data Protection Law to transfer Personal Data to IXCloud (Numonix) outside of the EEA or the UK, the Customer and IXCloud (Numonix) will be deemed to have entered into Model Clauses with Customer as the “data exporter”; IXCloud (Numonix) as the “data importer”, Appendix 1 and Appendix 2 to the Model Clauses shall be deemed completed with Appendix 1 and Appendix 2 of this DPA, and with the Additional Terms in the Model Clauses set out in Appendix 3 of this DPA. The date of the Model Clauses shall be the date of the Agreement. It is not the intention of either party, nor the effect of this DPA, to contradict or restrict any of the provisions set forth in the Model Clauses. Accordingly, if and to the extent the Model Clauses conflict with any provision of this DPA, the Model Clauses shall prevail to the extent of such conflict. Where IXCloud (Numonix) is onward transferring Personal Data outside of the EEA or the UK under Model Clauses, Customer authorizes IXCloud (Numonix) to enter into the Model Clauses for the benefit of Customer.
- Confidentiality of Processing. Numonix shall ensure that any person that it authorizes to Process the Personal Data (including Numonix’s staff, agents and subcontractors) (an “Authorized Person”) shall be subject to a strict duty of confidentiality (whether a contractual duty or a statutory duty) and shall not permit any person to Process the Personal Data who is not under such a duty of confidentiality. Numonix shall ensure that all Authorized Persons Process the Personal Data only as necessary for the Permitted Purpose.
- Security. Numonix shall implement appropriate technical and organizational measures to protect the Personal Data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to the Personal Data (a “Security Incident”). Such measures shall have regard to the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons. Such measures may include, as appropriate:
- the pseudonymization and encryption of Personal Data;
- the ability to ensure the ongoing confidentiality, integrity, availability and resilience of Processing systems and services.
- the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident;
- a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the Processing.
- Sub-processing. Customer specifically authorizes the engagement of IXCloud (Numonix)’s affiliates as Sub- processing. Customer consents to IXCloud (Numonix) engaging third party Sub-processing to Process the Personal Data provided that: (i) IXCloud (Numonix) maintains an up-to-date list of its Sub-processing available upon request which it shall update with details of any change in Sub-processing at least 10 days’ prior to any such change; (ii) Numonix imposes data protection terms on any Sub-processing it appoints that protect the Personal Data to substantially similar terms to the terms of this DPA; and (iii) Numonix remains fully responsible for any breach of this DPA that is caused by an act, error or omission of its Sub-processing. Customer may object to Numonix’s appointment or replacement of a third-party Sub-processing within thirty (30) days of the update to the list of Sub-processing, provided such objection is on reasonable grounds relating to the protection of the Personal Data. In such event, Numonix will either not appoint or replace the Sub-processing or, if this is not possible, Customer may suspend or terminate this DPA.
- Cooperation and Data Subjects‘ Rights. Numonix) shall provide all reasonable and timely assistance (including by appropriate technical and organizational measures) to Customer to enable Customer to respond to: (i) any request from a Data Subject to exercise any of its rights under Applicable Data Protection Law (including its rights of access, correction, objection, erasure and data portability, as applicable); and (ii) any other correspondence, enquiry or complaint received from a Data Subject, regulator or other third party in connection with the Processing of the Personal (the “Permitted Purpose”), except where otherwise required or allowed by Applicable Data Protection Law applicable to IXCloud (Numonix). In no event shall IXCloud (Numonix) Process the Personal Data for its own purposes or those of any third party except as set forth in the Agreement. Other than as otherwise agreed upon by the parties in the Agreement or as otherwise permitted under Applicable Data Protection Law, IXCloud (Numonix) shall not (i) sell the Personal Data, or (ii) retain, use or disclose the Personal Data for any commercial purpose.
Data. In the event that any such request, correspondence, enquiry or complaint is made directly to IXCloud (Numonix), Numonix shall promptly inform Customer providing details of the same.
- Data Protection Impact Assessment. If Numonix believes or becomes aware that its Sub-Processing, Processing of the Personal Data is likely to result in a high risk to the data protection rights and freedoms of Data Subjects, it shall promptly inform Customer and provide Customer with all such reasonable and timely assistance as Customer may require in order to conduct a data protection impact assessment and, if necessary, consult with its relevant data protection authority.
- Security Incidents. Upon becoming aware of a Security Incident, Numonix shall inform Customer without undue delay and shall provide all such timely information and cooperation as Customer may require in order for Customer to fulfil its data breach reporting obligations under (and in accordance with the timescales required by) Applicable Data Protection Law. Numonix shall further take all such measures and actions as are necessary to remedy or mitigate the effects of the Security Incident and shall keep Customer apprised of all developments in connection with the Security Incident.
- Deletion or Return of Data. After termination or expiration of the Agreement, or upon Customer’s request, Numonix shall destroy or return to Customer all Personal Data (including all copies of the Personal Data) in its possession or control (including any Personal Data subcontracted to a third party for Processing). This requirement shall not apply to the extent that Numonix is required by any EU (or any EU Member State) law to retain some or all of the Personal Data, in which event Numonix shall isolate and protect the Personal Data from any further Processing except to the extent required by such law.
- Audit. Numonix shall permit upon Customer’s written request, when Customer has reasonable cause to believe Numonix is in non- compliance with its obligations under this DPA, a mutually agreed-upon third party auditor (the “Auditor”) to audit Numonix’s compliance with this DPA and shall make available to such third party auditor all information, systems and staff necessary for the Auditor to conduct such audit. Numonix acknowledges that the Auditor may enter its premises for the purposes of conducting this audit, provided that Customer gives it reasonable prior notice of its intention to audit, conducts its audit during normal business hours, and takes all reasonable measures to prevent unnecessary disruption to Numonix’s operations. Customer will not exercise its audit rights more than once in any twelve (12) calendar month period, except (i) if and when required by instruction of a competent data protection authority; or (ii) Customer reasonably believes a further audit is necessary due to a Security Incident suffered by IXCloud (Numonix).
IXCloud (Numonix) and Customer have caused this Agreement to be executed by their duly authorized representatives as of the Effective Date.
| (Customer) | Numonix, LLC., a Delaware corporation |
| Signature: | Signature: |
| Printed Name: | Printed Name: |
| Title: | Title: |
| Date: | Date: |
| Address: | Address: 2650 N. Military Trail Suite 150, Boca Raton, FL 33431, USA |
Data exporter
is (i) Customer which is subject to the data protection laws and regulations of the EU, the EEA and/or their member states, Switzerland and/or the UK and, (ii) its Affiliates (as defined in the Agreement).
Data importer
The data importer is (please specify briefly activities relevant to the transfer):
IXCloud (Numonix) is a provider of recording software and Software-as-a-Service subscription services which may process personal data upon the instruction of the data exporter in accordance with the terms of the Agreement.
Data subjects
The personal data transferred concern the following categories of data subjects (please specify):
Data exporter may submit Personal Data to data importer through Services, as applicable, the extent of which is determined and controlled by the data exporter in its sole discretion, and which may include, but is not limited to Personal Data relating to the following categories of data subjects:
- Prospects, customers, business partners and vendors of data exporter (who are natural persons)
- Employees or contact persons of data exporter’s prospects, customers, business partners and vendors
- Employees, agents, advisors, freelancers of data exporter (who are natural persons)
- Data exporter’s Users authorized by data exporter to use IXCloud (Numonix)’s products and/or services (who are natural persons)
Categories of data
The personal data transferred concern the following categories of data (please specify):
Data exporter may submit Personal Data to the data importer through Services, as applicable, the extent of which is determined and controlled by the data exporter in its sole discretion, and which may include, but is not limited to the following categories of Personal Data:
- First and last name
- Title/Position
- Contact information (company, email, phone, physical business address)
- Network data (including source and destination IP addresses and domains, approximate geolocation based on IP lookup, network traffic flows, communications metadata, machine names, and unique device identifiers)
- User and endpoint behavior (including user account activity & metadata, applications executed on endpoints, and accessed URLs)
- Application logs (including firewall logs, DHCP/DNS logs, intrusion detection logs, malware logs, cloud service logs, proxy logs, file access logs)
- Other relevant machine data which the data exporter elects to send to the data importer for processing.
Special categories of data (if appropriate)
The personal data transferred concern the following special categories of data (please specify):
The data importer does not intentionally collect or process any special categories of data. However, the data exporter may submit special categories of data to the data importer through Services, as applicable, the extent of which is determined and controlled by the data exporter in its sole discretion.
Appendix 1
Data exporter
The data exporter is (please specify briefly your activities relevant to the transfer):
Processing operations
The personal data transferred will be subject to the following basic processing activities (please specify):
Aggregation and processing by IXCloud (Numonix) products and services for use by the data exporter in its normal business activities.
Data importer will maintain administrative, physical, and technical safeguards for protection of the security, confidentiality and integrity of Personal Data uploaded to the Services, as applicable, as described in the Security, Privacy and Architecture Documentation applicable to the specific Services, as applicable, purchased by data exporter, and available upon request or otherwise made reasonably available by data importer. Data importer will not materially decrease the overall security of the Services, as applicable during a license, services, or subscription term.
Appendix 2
Description of the technical and organizational security measures implemented by the data importer in accordance with Clauses 4(d) and 5(c) (or document/legislation attached):
Appendix 3
Additional clauses
The parties agree that the audits described in Clause 5(f), Clause 11 and Clause 12(2) of the Model Clauses shall be carried out in accordance with the Section 11 of this DPA.
The parties agree that the certification of deletion of Personal Data that is described in Clause 12(1) of the Model Clauses shall be provided by the data importer to the data exporter only upon data exporter’s request.
The parties agree that data exporter’s consent for sub-processing as set forth in Section 6 of this DPA shall be deemed consent for the purposes of the Model Clauses.