Effective as of July 27, 2018
While providing our Services, we may process information related to our Client’s customers on behalf of our Clients. Our use of information collected through the Services under the direction of our Clients is limited to the purpose of providing the Services and is governed by our contract with the applicable Client and the Client’s own privacy policies. We are not responsible for the privacy policies or privacy practices of Clients or other third parties.
1. Information We Collect
When you interact with the Site or the Services, we may collect information that alone or in combination with other information could be used to identify you (“Personal Data”), as described below:
Personal Data That You Provide To Us. We collect information that you enter on our Site or send to us electronically, for example when you complete a web form to give your Personal Data to us directly (such as on our “Contact Us” page), when you request information, including a product demo, register for a webinar or other event, or subscribe to our blog. While the type of data we collect depends on the nature of the inquiry, this typically includes your name, email address, phone number and company information. We require certain personal information to provide you with information on our products and services
We may also collect data from you when you attend one of our events, during phone calls with sales representatives, or when you contact customer support.
Service Data. In providing the Services, we process on behalf of our Clients information that our Clients’ customers give when they interact online with our Clients. That data may be transferred to us for processing by our Clients (“Service Data”). Our Clients control the information that they require to enable them to use the Services to manage their and their customer’s data. When a customer’s Service Data is transferred to us for processing, we will only collect the information our Clients have instructed us to collect to enable them to use the Services.
2. How We Use Personal Data And Other Information
To provide the Services to you and respond to your requests. When you ask for information about the Services (for example, when you request a demo or ask us to send you offers or price information), or register to a webinar or an event, we will use your contact information to respond to your request. For EU data subjects, such use is necessary to respond to or implement your request.
We use account-related data provided by Clients in connection with the purchase, sign-up, use or support of the Client account (such as usernames, email address and billing information) to provide you with access to the Services and/or the Site, contact you regarding your use of the Services and/or the Site or to notify you of important changes to the Services and/or the Site. For EU data subjects, such use is necessary for the performance of the contract between you and us.
We process Service Data on behalf of our Clients for the purpose of providing the Services to Clients in accordance with the applicable Client’s contract. Nexla’s purpose in collecting this information is simply to enable our Clients to manage and their data.
For marketing purposes. We will use your email or mail address to send you information (as applicable) by email and post about new products and services, upcoming events or other promotions. You may opt-out of receiving such emails by following the instructions contained in each promotional email we send you. Our sales representatives may also use your phone number to contact you directly by phone, in connection with such new products and services, upcoming events or other promotions.
Where required by applicable law (for example, if you are an EU data subject), we will only send you marketing information by email or mail, or contact you by phone, if you consent to us doing so at the time you provide us with your Personal Data. When you provide us with your consent to be contacted for marketing purposes, you have the right to withdraw your consent at any time by following the instructions to “opt-out” of receiving marketing communication in each marketing email we send you. In addition, if at any time you do not wish to receive future marketing communications or wish to have your name deleted from our mailing or calling lists, please contact us at email@example.com. Please note that if you opt out from marketing communications, we may still contact you regarding issues related to our Services and to respond to your requests.
If you are an EU data subject, please see the “EU Data Subjects” section below for information on your rights in relation to the Personal Data we hold about you.
3. Sharing Information
We share information with certain third parties, as follows:
● Third Party Service Providers. Third parties who provide services to us have access to your Personal Data: website analytics companies, hosting and cloud computing service providers, providers of CRM, marketing and sales software solutions. Pursuant to our instructions, these parties may access, process or store Personal Data in the course of performing their duties to us and solely in order to perform the services we have hired them to provide.
● Administrative and Legal Reasons. We may disclose Personal Data when required to do so by law, such as to comply with a subpoena, bankruptcy proceedings, or similar legal process, or in response to lawful requests by public authorities, including to meet national security or law enforcement requirements, or when we believe in good faith that disclosure is reasonably necessary to protect the property or rights of Nexla, third parties, or the public at large.
● Business Transfers. We may disclose and transfer your information and data: (a) if we assign our rights regarding any of the information to a third party or (b) in connection with a corporate merger, consolidation, restructuring, sale of certain of our ownership interests, assets, or both, or other corporate change, including without limitation, during the course of any due diligence process.
4. California Do Not Track Disclosures
5. EU Data Subjects
Scope: This section applies solely to EU data subjects (for these purposes, reference to the EU also includes the European Economic Area countries of Iceland, Liechtenstein and Norway).
Data Controller: Nexla, Inc. is the data controller for the processing of your Personal Data, but we act as a data processor on behalf of Clients for Personal Data that is Service Data we process through the Services. Please see the “Contact Us” section below to find out how to contact us.
Your Rights: Subject to applicable law, you have the following rights in relation to your Personal Data:
- Right of access: If you ask us, we will confirm whether we are processing your Personal Data and, if so, provide you with a copy of that Personal Data along with certain other details. If you require additional copies, we may need to charge a reasonable fee.
● Right to rectification: If your Personal Data is inaccurate or incomplete, you are entitled to ask that we correct or complete it. If we shared your Personal Data with others, we will tell them about the correction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so you can contact them directly.
● Right to erasure: You may ask us to delete or remove your Personal Data, such as where you withdraw your consent. If we shared your data with others, we will tell them about the erasure where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Data with so you can contact them directly.
● Right to restrict processing: You may ask us to restrict or ‘block’ the processing of your Personal Data in certain circumstances, such as where you contest the accuracy of the data or object to us processing it. We will tell you before we lift any restriction on processing. If we shared your Personal Data with others, we will tell them about the restriction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so you can contact them directly.
● Right to data portability: Effective 25 May 2018, you have the right to obtain your Personal Data from us that you consented to give us or that was provided to us as necessary in connection with our contract with you. We will give you your Personal Data in a structured, commonly used and machine-readable format. You may reuse it elsewhere.
● Right to object: You may ask us at any time to stop processing your Personal Data, and we will do so:
o If we are relying on a legitimate interest to process your Personal Data — unless we demonstrate compelling legitimate grounds for the processing or
o If we are processing your Personal Data for direct marketing.
● Rights in relation to automated decision-making and profiling: You have the right to be free from decisions based solely on automated processing of your Personal Data, including profiling, that affect you, unless such profiling in necessary for entering into, or the performance of, a contract between you and us or you provide your explicit consent.
● Right to withdraw consent: If we rely on your consent to process your Personal Data, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing of your data before we received notice that you wished to unsubscribe.
● Right to lodge a complaint with the data protection authority: If you have a concern about our privacy practices, including the way we handled your Personal Data, you can report it to the data protection authority that is authorized to hear those concerns.
You may exercise your rights by contacting us as indicated under “Contact Us” section below.
Data Transfers. We rely on the EU-U.S. and Swiss-U.S. Privacy Shield certification to transfer Personal Data and other information that we receive from the EU and Switzerland to Nexla in the U.S. (for more information, please read the “Privacy Shield” section below).
6. Privacy Shield
We rely on our Privacy Shield certification to transfer Personal Data and other information that we receive from the EU and Switzerland to Nexla in the U.S. and we process this data in accordance with the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability (“Privacy Shield Principles”), as described below.
Accountability for Onward Transfers: Nexla is responsible for the processing of Personal Data it receives from the EU and Switzerland, under the Privacy Shield Framework, and subsequently transfers to third-party service providers (as described in the “Sharing Information” section above) if such parties process Personal Data in a manner inconsistent with the Privacy Shield Principles and Nexla is responsible if they do so and for the harm caused.
Access: You have certain rights to access, correct, amend, or delete Personal Data. When we process Personal Data on behalf of our Clients, the Client will be responsible to respond to requests for exercising your rights. We honor all Clients’ requests from their customers or other users to access, correct, amend, or delete Personal Data.
Recourse, Enforcement, Liability: In compliance with the Privacy Shield Principles, Nexla commits to resolve complaints about our processing of your Personal Data. Individuals with inquiries or complaints regarding this Private Shield Policy should first contact Nexla as follows:
- Email: firstname.lastname@example.org
- Postal Mail: 475 El Camino Real, Suite 305, Millbrae, CA 94030
- Phone: 650-239-9141
Nexla has further committed to refer unresolved Privacy Shield complaints to our U.S.-based third party dispute resolution provider (free of charge) that you may contact at the International Centre for Dispute Resolution at https://www.icdr.org/
If your complaint is not resolved through these channels, under certain conditions a binding arbitration option may be available before a Privacy Shield Panel. For additional information, please visit: https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
With respect to Personal Data received or transferred pursuant to the Privacy Shield Framework, Nexla is subject to the investigatory and regulatory enforcement powers of the U.S. Federal Trade Commission.
7. Data Security
We take reasonable and appropriate administrative and technical steps to protect the Personal Data provided via the Site from loss, misuse and unauthorized access, disclosure, alteration, or destruction. These include contractual restrictions and physical, electronic and administrative safeguards such as firewalls, data encryption, SSL and other up-to-date technologies. However, the Internet cannot be guaranteed to be fully secure and we cannot ensure or warrant the security of any information you provide to us. Please keep this in mind when providing us with your Personal Data.
Cookies are pieces of data sent to your browser when you visit a website and stored on your computer’s hard drive. Cookies may store user preferences and other information.
We use analytics cookies to recognize and count the number of visitors and to see how visitors move around the Site when they are using it. This helps us to improve the way our Site works, for example by making sure visitors are finding what they need easily. The information collected through these cookies include anonymous traffic statistics, like number of page views, number of visitors, and time spent on each page.
On most web browsers, you will find a “help” section on the toolbar. Please refer to this section for information on how to receive a notification when you are receiving a new cookie and how to turn cookies off. Please see the links below for guidance on how to modify your web browser’s settings on the most popular browsers:
- Internet Explorer
● Mozilla Firefox
● Google Chrome
● Apple Safari
Please note that if you reject cookies or turn cookies off, you may be unable to access certain parts of the Site and you may not be able to benefit from the full functionality of the Site.
9. Publicly Posted Information
Neither the Site nor the Services are directed to or intended to be used by children who are under the age of 13 and Nexla does not knowingly collect Personal Data from children under 13. If you have reason to believe that a child under the age of 13 has provided Personal Data to Nexla through the Site, please contact us at privacy@Nexla.com and we will endeavor to delete that information from our databases.
11. Links To Other Websites
13. Contact Us
Our main office is located at 475 El Camino Real, Suite 305, Millbrae, California, 94030.
Attention: Privacy Officer
475 El Camino Real, Suite 305