Privacy Policy

Effective as of July 27, 2018

Introduction

Your privacy is important to Nexla. This Privacy Policy explains what data we collect when you use the Nexla website www.nexla.com (including all subdomains, the “Site”) and/or Nexla Data Operations Platform Services (“Services”) and in connection with our sales and marketing activities, why we collect the data, how it is used and your rights and choices. Companies that use our Services are our Clients (“Clients”).

While providing our Services, we may process information related to our Client’s customers on behalf of our Clients. Our use of information collected through the Services under the direction of our Clients is limited to the purpose of providing the Services and is governed by our contract with the applicable Client and the Client’s own privacy policies. We are not responsible for the privacy policies or privacy practices of Clients or other third parties.

By using the Site or the Services, and providing us with your Personal Data, you consent to the processing of your Personal Data in the manner set out in this Policy. If you do not agree to the practices in this Privacy Policy, please do not access or otherwise use the Site or our Services.

Nexla complies with the EU-U.S. and Swiss-U.S. Privacy Shield frameworks (“Frameworks”) as set forth by the U.S. Department of Commerce regarding the processing of personal data transferred from the European Union (“EU”) and Switzerland to the U.S. (for these purposes, reference to the EU also includes the European Economic Area countries of Iceland, Liechtenstein and Norway). Nexla has certified that it adheres to the Privacy Shield Principles (described below). If there is any conflict between the policies in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield Frameworks and to view our certification page, visit the U.S. Department of Commerce’s Privacy Shield List at https://www.privacyshield.gov/list.

1. Information We Collect

When you interact with the Site or the Services, we may collect information that alone or in combination with other information could be used to identify you (“Personal Data”), as described below:
Personal Data That You Provide To Us. We collect information that you enter on our Site or send to us electronically, for example when you complete a web form to give your Personal Data to us directly (such as on our “Contact Us” page), when you request information, including a product demo, register for a webinar or other event, or subscribe to our blog. While the type of data we collect depends on the nature of the inquiry, this typically includes your name, email address, phone number and company information. We require certain personal information to provide you with information on our products and services

We may also collect data from you when you attend one of our events, during phone calls with sales representatives, or when you contact customer support.
Service Data. In providing the Services, we process on behalf of our Clients information that our Clients’ customers give when they interact online with our Clients. That data may be transferred to us for processing by our Clients (“Service Data”). Our Clients control the information that they require to enable them to use the Services to manage their and their customer’s data. When a customer’s Service Data is transferred to us for processing, we will only collect the information our Clients have instructed us to collect to enable them to use the Services.
Automatically Collected Data. When you visit the Site, we and our service providers acting on our behalf will automatically collect information about you through cookies (small text files placed on your device). Please see the “Use of Cookies” section below to learn more about how we use cookies. When you visit our Site, our servers record information (“log data”), including information that your browser automatically sends whenever you visit the Site. This log data includes your Internet Protocol (“IP”) address (from which we understand the country you are connecting from at the time you visit the Site), browser type and settings, the date and time of your request.

2. How We Use Personal Data And Other Information

To provide the Services to you and respond to your requests. When you ask for information about the Services (for example, when you request a demo or ask us to send you offers or price information), or register to a webinar or an event, we will use your contact information to respond to your request. For EU data subjects, such use is necessary to respond to or implement your request.

We use account-related data provided by Clients in connection with the purchase, sign-up, use or support of the Client account (such as usernames, email address and billing information) to provide you with access to the Services and/or the Site, contact you regarding your use of the Services and/or the Site or to notify you of important changes to the Services and/or the Site. For EU data subjects, such use is necessary for the performance of the contract between you and us.

We process Service Data on behalf of our Clients for the purpose of providing the Services to Clients in accordance with the applicable Client’s contract. Nexla’s purpose in collecting this information is simply to enable our Clients to manage and their data.

For marketing purposes. We will use your email or mail address to send you information (as applicable) by email and post about new products and services, upcoming events or other promotions. You may opt-out of receiving such emails by following the instructions contained in each promotional email we send you. Our sales representatives may also use your phone number to contact you directly by phone, in connection with such new products and services, upcoming events or other promotions.

Where required by applicable law (for example, if you are an EU data subject), we will only send you marketing information by email or mail, or contact you by phone, if you consent to us doing so at the time you provide us with your Personal Data. When you provide us with your consent to be contacted for marketing purposes, you have the right to withdraw your consent at any time by following the instructions to “opt-out” of receiving marketing communication in each marketing email we send you. In addition, if at any time you do not wish to receive future marketing communications or wish to have your name deleted from our mailing or calling lists, please contact us at privacy@nexla.com. Please note that if you opt out from marketing communications, we may still contact you regarding issues related to our Services and to respond to your requests.

To analyze, administer, support, and improve use of the Site and the Services. We use data relating to your use of and interaction with the Site and the Services, including information that we obtain through cookies and similar technologies, to analyze, administer, support and improve your access to and use of the Site and the Services. We may also compile, anonymize and/or aggregate your Personal Data and other data and use such anonymized and/or aggregated data for our business purposes, including sharing it with affiliates and business partners. This aggregate information does not identify you. For EU data subjects, this use of your Personal Data is necessary for our legitimate interests in understanding how the Site and our Services are being used by you and to improve your experience on it. Please see the “Use of Cookies” section below for information on how we use cookies on the Site.

If you are an EU data subject, please see the “EU Data Subjects” section below for information on your rights in relation to the Personal Data we hold about you.

3. Sharing Information

We share information with certain third parties, as follows:
● Third Party Service Providers. Third parties who provide services to us have access to your Personal Data: website analytics companies, hosting and cloud computing service providers, providers of CRM, marketing and sales software solutions. Pursuant to our instructions, these parties may access, process or store Personal Data in the course of performing their duties to us and solely in order to perform the services we have hired them to provide.
● Administrative and Legal Reasons. We may disclose Personal Data when required to do so by law, such as to comply with a subpoena, bankruptcy proceedings, or similar legal process, or in response to lawful requests by public authorities, including to meet national security or law enforcement requirements, or when we believe in good faith that disclosure is reasonably necessary to protect the property or rights of Nexla, third parties, or the public at large.
● Business Transfers. We may disclose and transfer your information and data: (a) if we assign our rights regarding any of the information to a third party or (b) in connection with a corporate merger, consolidation, restructuring, sale of certain of our ownership interests, assets, or both, or other corporate change, including without limitation, during the course of any due diligence process.

4. California Do Not Track Disclosures

Nexla does not currently respond to “Do Not Track” signals sent by your browser or mobile application and operate as described in this Privacy Policy whether or not a “Do Not Track” signal is received. If we change our practices in the future and begin to respond to “Do Not Track” signals, we will update this Privacy Policy accordingly.

5. EU Data Subjects

Scope: This section applies solely to EU data subjects (for these purposes, reference to the EU also includes the European Economic Area countries of Iceland, Liechtenstein and Norway).

Data Controller: Nexla, Inc. is the data controller for the processing of your Personal Data, but we act as a data processor on behalf of Clients for Personal Data that is Service Data we process through the Services. Please see the “Contact Us” section below to find out how to contact us.

Your Rights: Subject to applicable law, you have the following rights in relation to your Personal Data:

● Right of access: If you ask us, we will confirm whether we are processing your Personal Data and, if so, provide you with a copy of that Personal Data along with certain other details. If you require additional copies, we may need to charge a reasonable fee.
● Right to rectification: If your Personal Data is inaccurate or incomplete, you are entitled to ask that we correct or complete it. If we shared your Personal Data with others, we will tell them about the correction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so you can contact them directly.
● Right to erasure: You may ask us to delete or remove your Personal Data, such as where you withdraw your consent. If we shared your data with others, we will tell them about the erasure where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Data with so you can contact them directly.
● Right to restrict processing: You may ask us to restrict or ‘block’ the processing of your Personal Data in certain circumstances, such as where you contest the accuracy of the data or object to us processing it. We will tell you before we lift any restriction on processing. If we shared your Personal Data with others, we will tell them about the restriction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so you can contact them directly.
● Right to data portability: Effective 25 May 2018, you have the right to obtain your Personal Data from us that you consented to give us or that was provided to us as necessary in connection with our contract with you. We will give you your Personal Data in a structured, commonly used and machine-readable format. You may reuse it elsewhere.
● Right to object: You may ask us at any time to stop processing your Personal Data, and we will do so:
o If we are relying on a legitimate interest to process your Personal Data — unless we demonstrate compelling legitimate grounds for the processing or
o If we are processing your Personal Data for direct marketing.
● Rights in relation to automated decision-making and profiling: You have the right to be free from decisions based solely on automated processing of your Personal Data, including profiling, that affect you, unless such profiling in necessary for entering into, or the performance of, a contract between you and us or you provide your explicit consent.
● Right to withdraw consent: If we rely on your consent to process your Personal Data, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing of your data before we received notice that you wished to unsubscribe.
● Right to lodge a complaint with the data protection authority: If you have a concern about our privacy practices, including the way we handled your Personal Data, you can report it to the data protection authority that is authorized to hear those concerns.

You may exercise your rights by contacting us as indicated under “Contact Us” section below.

Legitimate Interest. “Legitimate interests” means the interests of Nexla in conducting and managing our organization. For example, we have a legitimate interest in processing your Personal Data to analyze how the Site and our products and services are being used by you, and to ensure network and information security, as described in this Privacy Policy. When we process your Personal Data for our legitimate interests, we make sure to consider and balance any potential impact on you and your rights under data protection laws. Our legitimate interests do not automatically override your interests. We will not use your Personal Data for activities where our interests are overridden by the impact on you, unless we have your consent or those activities are otherwise required or permitted to by law. You have the right to object to processing that is based on our legitimate interests. For more information on your rights, please see “Your Rights” section above.

Data Transfers. We rely on the EU-U.S. and Swiss-U.S. Privacy Shield certification to transfer Personal Data and other information that we receive from the EU and Switzerland to Nexla in the U.S. (for more information, please read the “Privacy Shield” section below).

Data Retention: We will keep your Personal Data only for as long as is reasonably necessary for the purposes outlined in this Privacy Policy, or for the duration required by law, whichever is the longer.

Changes: We will notify you of changes to the data processing activities described in this Privacy Policy by email or by posting a prominent notice on the Site.

6. Privacy Shield

We rely on our Privacy Shield certification to transfer Personal Data and other information that we receive from the EU and Switzerland to Nexla in the U.S. and we process this data in accordance with the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability (“Privacy Shield Principles”), as described below.

Notice And Choice: This Privacy Policy provides notice of the Personal Data collected and transferred under the Privacy Shield and the choice that you have with respect to such Personal Data. It also provides information about other Privacy Shield Principles that are set forth below. When we process Service Data under the direction of our Clients, the Client will be responsible for providing appropriate notice and choice to its customers or other users, as the Client controls the Service Data it has submitted for processing. We honor all Clients’ requests from their customers or other users to limit use or disclosure of Personal Data about them.

Accountability for Onward Transfers: Nexla is responsible for the processing of Personal Data it receives from the EU and Switzerland, under the Privacy Shield Framework, and subsequently transfers to third-party service providers (as described in the “Sharing Information” section above) if such parties process Personal Data in a manner inconsistent with the Privacy Shield Principles and Nexla is responsible if they do so and for the harm caused.

Security: We maintain security measures to protect Personal Data as described in the “Data Security” section of this Privacy Policy.

Data Integrity and Purpose Limitation: We will take reasonable steps to ensure that Personal Data is reliable for its intended use, and that it is accurate, complete and current for as long as we retain it. We will keep your Personal Data only for as long as is reasonably necessary for the purposes described in this Privacy Policy, or for the duration required by law or our contract with our Clients, whichever is the longer. 

Access: You have certain rights to access, correct, amend, or delete Personal Data. When we process Personal Data on behalf of our Clients, the Client will be responsible to respond to requests for exercising your rights. We honor all Clients’ requests from their customers or other users to access, correct, amend, or delete Personal Data.

Recourse, Enforcement, Liability: In compliance with the Privacy Shield Principles, Nexla commits to resolve complaints about our collection, processing, or use of your Personal Data. EU and Swiss individuals with inquiries or complaints regarding this Private Shield Policy should first contact Nexla as follows:

  • Email: privacy@nexla.com
  • Postal Mail: 15 N Ellsworth Ave, Suite 200, San Mateo, CA 94401
  • Phone: 650-678-5467

Nexla has further committed to refer unresolved Privacy Shield complaints to our U.S.-based third party dispute resolution provider (free of charge) that you may contact at the International Centre for Dispute Resolution at https://www.icdr.org

If your complaint is not resolved through these channels, under certain conditions a binding arbitration option may be available before a Privacy Shield Panel. For additional information, please visit: https://www.privacyshield.gov/article?id=ANNEX-I-introduction.

With respect to Personal Data received or transferred pursuant to the Privacy Shield Framework, Nexla is subject to the investigatory and regulatory enforcement powers of the U.S. Federal Trade Commission.

7. Data Security

We take reasonable and appropriate administrative and technical steps to protect the Personal Data provided via the Site from loss, misuse and unauthorized access, disclosure, alteration, or destruction. These include contractual restrictions and physical, electronic and administrative safeguards such as firewalls, data encryption, SSL and other up-to-date technologies. However, the Internet cannot be guaranteed to be fully secure and we cannot ensure or warrant the security of any information you provide to us. Please keep this in mind when providing us with your Personal Data.

8. Use of Cookies

Cookies are pieces of data sent to your browser when you visit a website and stored on your computer’s hard drive. Cookies may store user preferences and other information.

We use analytics cookies to recognize and count the number of visitors and to see how visitors move around the Site when they are using it. This helps us to improve the way our Site works, for example by making sure visitors are finding what they need easily. The information collected through these cookies include anonymous traffic statistics, like number of page views, number of visitors, and time spent on each page.

We may, and we may allow third party service providers to, use cookies (as noted above) or other tracking technologies to collect information about your browsing activities over time and across different websites following your use of the Site. For example, we use Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses cookies to help us analyze how users use the Site and enhance your experience when you use the Site. For more information on how Google uses this data, go to www.google.com/policies/privacy/partners/. When you first visit the Site or the Services platform, you will be asked to consent to the use of cookies on the Site in accordance with this Privacy Policy, and if you accept we will store cookies on your computer.

On most web browsers, you will find a “help” section on the toolbar. Please refer to this section for information on how to receive a notification when you are receiving a new cookie and how to turn cookies off. Please see the links below for guidance on how to modify your web browser’s settings on the most popular browsers:

  • Internet Explorer
  • Mozilla Firefox
  • Google Chrome
  • Apple Safari

Please note that if you reject cookies or turn cookies off, you may be unable to access certain parts of the Site and you may not be able to benefit from the full functionality of the Site.

9. Publicly Posted Information

This Privacy Policy shall not apply to any information you post to the public areas of the Site. This includes, but is not limited to comments to the Nexla blog or public forums. Comments posted to public areas may be viewed, accessed, and used by third parties subject to those parties’ privacy practices and policies.

10. Children

Neither the Site nor the Services are directed to or intended to be used by children who are under the age of 13 and Nexla does not knowingly collect Personal Data from children under 13. If you have reason to believe that a child under the age of 13 has provided Personal Data to Nexla through the Site, please contact us at privacy@Nexla.com and we will endeavor to delete that information from our databases.

11. Links To Other Websites

The Site may contain links to other websites not operated or controlled by us (“Third Party Sites”), including social media websites and services. The information that you share with Third Party Sites will be governed by the specific privacy policies and terms of service of the Third Party Sites and not by this Privacy Policy. By providing these links we do not imply that we endorse or have reviewed these sites. Please contact those sites directly for information on their privacy practices and policies.

12. Changes to this Privacy Policy

We may change this Privacy Policy from time to time, and we will post the revised policy and provide notice on the Site.

13. Contact Us

Our main office is located at 15 N Ellsworth Ave, Suite 200, San Mateo, California, 94401.

If you have any questions about this Privacy Policy, or if you would like to access Personal Data we hold about you or exercise your other rights under the applicable law, please contact our Privacy Officer at privacy@Nexla.com or send postal mail to:

Nexla, Inc.
Attention: Privacy Officer
15 N Ellsworth Ave, Suite 200
San Mateo, CA
94401