Compliance
Compliance
Last Updated 23 October 2024
Introduction
Numonix LLC, a Delaware limited liability company, (“Numonix”, “we”, “us”, “our”) takes the protection of personally identifiable information (“Personal Data”) very seriously. Please read this privacy policy (the “Policy”) to learn what we are doing with your Personal Data, how we protect it, and what privacy rights you may have under applicable data protection and privacy laws.
What Is Covered by This Privacy Statement
This Statement addresses data subjects whose Personal Data we may receive from our customers (“Customers”) in our IXCloud web-based software application, TRaaS service offers and our Recite and Recite SPE software applications (collectively, the “Services”).
If you are not a Numonix Customer but engage in communications powered by our Services (an “End User”), our Customers may use our Services to store and process an End User’s Personal Data. In that case, Numonix act only as a storage and service provider. We do not decide what Personal Data is being stored, or how and why it may be processed. Numonix can only access such Personal Data at our Customer’s request in connection with customer and technical support matters. We can only access Personal Data to provide the Services that our Customer has directed us to provide, or if we are required by law to do so.
When you give your Personal Data to one of our Customers or when we collect your Personal Data on their behalf, our Customer’s privacy policy, rather than this Policy, will apply to the processing of your Personal Data. If you have a direct relationship with one of our Customers, please contact them to exercise your privacy rights.
This Policy also addresses Personal Data we receive directly from data subjects through their use of our websites.
Our Role with Respect to Your Personal Data
There is Personal Data that we process for own purposes and Personal Data that we store on behalf of our Customers. This means that we do not always have the same degree of decision-making with respect to why and how each piece of Personal Data will be processed.
Processor. Numonix acts as a data processor or service provider for the Personal Data we process for our Customer when providing our Services. This means that our Customers determine the type of Personal Data they provide to us to process on their behalf. We typically have no direct relationship with the individuals whose Personal Data we receive from our Customers.
Controller. Numonix acts as a data controller or business for the Personal Data we collect from visitors that visit our websites.
Lawful Bases for Processing
We must have a valid reason to use your Personal Data. This is called the “lawful basis for processing”.
When we act as a data controller, we may process your Personal Data on the basis of:
- your consent;
- the need to perform a contract with you;
- our legitimate interests;
- the need to comply with the law; or
- any other ground, as required or permitted by law.
Where we process your Personal Data based on your consent, you may withdraw it at any time. However, this will not affect the lawfulness of our processing before you withdrew your consent. It will also not affect the validity of our processing of Personal Data performed on other lawful grounds.
Where we receive your Personal Data as part of providing our Services to you to fulfill a contract, we require such Personal Data to be able to carry out the contract. Without that necessary Personal Data, we will not be able to provide the Services to you.
Where we process your Personal Data based on our legitimate interests, the legitimate interests pursued by us include the provision of our Services, our interests in marketing our Services, and our interests in monitoring and enhancing the performance of our Services.
Within the scope of this Policy, we may also process Personal Data based on the instructions of our Customers. To learn about their lawful bases for processing your Personal Data, please read the privacy policy of the relevant Customer.
How Personal Data is Collected and for What Purpose
We will not collect additional categories of Personal Data or otherwise utilize your Personal Data without informing you.
Technical and Customer Support. If our Customers require customer or technical support, we may obtain access to any Personal Data you, as an End User, may have shared with the Customer through our Services only if our Customer grants that permission. We may also collect the statistics of call recordings (such as call telemetry: call duration, technical errors, participant locations and names) pursuant to the Services. Numonix has technical controls and procedures in place so that such Personal Data is accessed only at our Customer’s written request or where required by law. If you request support, or if you contact us by other means including via a phone call or webform, we process your Personal Data to perform our contract with our Customer and to the extent it is necessary for our legitimate interest in fulfilling your requests, communicating with you, and abiding by our legal obligations.
Interest in Services. If you contact us with an interest in obtaining information about our Services; register for our mailing list or Services; explore or download content from our websites; or interact with our marketing emails and advertisements, we may use Tracking Technologies (defined below) to collect information related to your interests and ask for your contact information (name, title, company name, address, phone number, and email address) to send you marketing information and communications about us, our partners, and our Services, promotions or events. We may also automatically collect information about your device and your usage of our websites or emails. This information may include identifiers, internet activity information such as IP address (or proxy server information), device and application information, identification numbers and features, location, browser type, plug-ins, integrations, Internet service provider and/or mobile carrier, the pages and files viewed, searches, referring website, app or ad, operating system, system configuration information, advertising and language preferences, date and time stamps associated with your usage, and frequency of visits to the websites.
If we have not entered into a contract with you, we base the processing of your Personal Data on our legitimate interest to operate and administer our websites, conduct marketing research, analyze overall trends, advertise our Services and events, identify customer opportunities, provide you with content you access and request (e.g., to download content from our websites), help us provide and improve our Services, offer a tailored experience for users, secure and maintain our Services and websites, verify accounts and activity, investigate suspicious activity, assess and improve customer and user experiences, enforce our terms and policies, identify future opportunities for development, assess capacity requirements, and protect our rights and the rights of others.
If we have entered into a contract with you, we base the processing of your Personal Data on our obligations to perform our contract with you as a Customer.
Service Accounts. If you register for an account that we provide, we may ask you to provide account information (such as username, contact information and location), your contact information (such as name, title, company name, address, country, phone number and email address) and financial and billing information (such as billing name and address, account receiving contacts or bank account information). We will process your Personal Data to provide our Services to you, including sending related communications to you, to perform our contract. If you have provided financial information to us, we process your Personal Data to verify that information and to collect payments to the extent that doing so is necessary to complete a transaction and perform our contract with you.
If you utilize our Services, we may automatically collect information about your device and your usage of our Services. This information may include identifiers, internet activity information such as IP address (or proxy server information), device and application information, identification numbers and features, location, browser type, plug-ins, integrations, Internet service provider and/or mobile carrier, the pages and files viewed, operating system, system configuration information, date and time stamps associated with your usage, and frequency of visits to the websites. If we have entered into a contract with you, we base the processing of your Personal Data on our obligations to perform our contract with you as a Customer.
We may also collect the statistics of call recordings pursuant to the Services, to provide technical support, improve our services, and abide by our legal obligations.
Surveys. If you voluntarily submit certain information to our Services, such as filling out a survey about your experience, we may collect the information you have provided to satisfy our legitimate interest in improving our Services.
Events and Promotions. If you register for an event, webinar, or promotion, we may require you to provide to us your contact information (such as name, title, company name, address, country, phone number and email address) and financial or billing information (such as billing name and address). We will process your Personal Data to plan and host events or webinars for which you have registered or that you attend, including sending related communications to you, to perform our contract. If you register for a contest or promotion, we process your Personal Data to perform our contract. If you have provided financial information to us, we process your Personal Data to verify that information and to collect payments to the extent that doing so is necessary to complete a transaction and perform our contract with you.
We may use Tracking Technologies (defined below) to collect information related to your interests and to send you marketing information and communications about us, our partners, and our Services, promotions or events. If we have not entered into a contract with you, we base the processing of your Personal Data on our legitimate interest to conduct marketing research, advertise our Services and events, assess potential customer opportunities, and to provide you with content you access and request (e.g., access to a webinar).
Office Visits. If you visit our offices, you may be required to register as a visitor and to provide your name, email address, phone number, company name and time and date of arrival. We will process your Personal Data for security reasons, to register visitors to our offices and to manage non-disclosure agreements that visitors may be required to sign, to the extent such processing is necessary for our legitimate interest or to perform our contracts with our Customers.
Other Sources. We also may collect information about you from other sources including third parties, partners and resellers for the purposes of delivering relevant email content, event promotion, determining eligibility, verifying contact information, and supporting their sales activities. We may collect Personal Data like business contact information (including name, mailing addresses, job titles, email addresses, phone numbers, intent data, and IP addresses). We may combine this information with Personal Data provided by you. We base the processing of your Personal Data on our legitimate interest to update, expand, and analyze our records, identify new customers, and to provide Services that may be of interest to you.
Compliance and Legal Obligations. We process your Personal Data to review compliance with the contracts and policies to the extent that it is in our legitimate interest. We may also process your Personal Data when cooperating with public and government authorities, courts or regulators in accordance with our legal obligations under applicable laws to the extent this requires the processing or disclosure of Personal Data to protect our rights or is necessary for our legitimate interest.
Cookies and Other Tracking Technologies. We use common information-gathering tools, such as tools for collecting usage data, cookies, web beacons, pixels, tags, and similar technologies to automatically collect information that may contain Personal Data as you navigate our websites, our Services, or interact with emails we have sent to you. We base the processing of your Personal Data on our legitimate interest to operate and improve our websites and marketing emails. All of these tracking technologies are collectively referred to as “Tracking Technologies” in this Policy.
Cookies. A cookie is a small file stored on your device that contains information about your device. We may use cookies to provide basic relevant ads, website functionality, authentication (session management), usage analytics (web analytics), to remember your settings, and to generally improve our websites and Services.
Local Storage. Local storage enables our website to store information locally on your device. Local storage may be used to improve your experience with our website, for example, by enabling features, remembering your preferences and speeding up our website functionality.
GIFs (a.k.a. “web beacons”). Our website may also employ a software technology called clear GIFs that helps us better manage content on our website by providing insight into which content is most effective. Clear GIFs are tiny graphics with a unique identifier, similar in function to cookies, which are used to track the online movements of website users.
Pixels. A tracking pixel is a 1×1 pixel graphic used for the purpose of tracking user behavior, web traffic and site conversions. A tracking pixel allows us to collect data relating to the use of our website. Tracking pixels are used to trigger advertisements on any participating websites based on the activity tracked from your browser or device and can also be used for third-party web analytics. For example, we may place a pixel in marketing emails that notify us when you click on a link in the email.
Tags. A tag is a generic name for code elements found in web pages. Most tags simply describe the content of the page, but certain types of tags contain programmatic elements or inject dynamic content like video or audio files into the page. Most of the cookies set on our website will be set via these tags, but some tags may also collect data about our visitors without the use of cookies.
How We Use Tracking Technologies on our Website
The use of cookies is industry standard so your browser may be set to accept cookies. If you would prefer not to accept cookies, you can alter the configuration of your browser to reject all cookies or some cookies. Note, if you reject certain cookies, you may not be able to access all features provided by our Services. For more information, please visit https://www.aboutcookies.org/. You may also control your online behavioral advertising preferences and opt out from having your data processed by certain marketing companies by visiting http://www.youronlinechoices.com/ and http://optout.aboutads.info/. Please note that managing these preferences will not turn off internet advertisements in general. You will receive the same amount of advertisements, but it will be less reflective of your interests, as based on your web browsing habits. The opt-out preferences that you set may be nullified if you delete your cookies.
Responding to Do Not Track (DNT) Signals. “Do Not Track” is an optional browser setting that allows you to express your preferences regarding tracking by advertisers and other third-parties. For more information, please visit https://allaboutdnt.com/. Our Services are set to respond to “Do Not Track” signals received from various web browsers.
We use session and persistent cookies. Session cookies are deleted when you close your browser. Persistent cookies may remain even after you close your browser, but always have an expiration date. Most of the cookies placed on your device through our Services are first-party cookies which are placed directly by us. Other parties, such as Google and Freshworks, may also set their own (third-party) cookies through our Services. Please refer to the policies of these third parties to learn more about the way in which they collect and process information about you.
Strictly Necessary Tracking Technologies. These Tracking Technologies are necessary for our website to function and cannot be turned off in our systems. They are usually only set in response to actions you take which amount to a request for services, such as logging in or filling out forms. You may be able to set your browser to block or alert you about some of these Tracking Technologies. However, if you block these Tracking Technologies, some parts of our website will not work.
Performance Tracking Technologies. These Tracking Technologies allow us, among other things, to count website visits and traffic sources so we can measure and improve the performance of our website. They help us to know which pages are the most – and least – popular, and see how you move around the website. If you do not allow these Tracking Technologies, we will not know when you have visited our website and will not be able to monitor our website’s performance.
Functional Tracking Technologies. Theses Tracking Technologies enable our website to provide enhanced functionality and personalization. They may be used by us or by third-party providers whose services we have added to our pages. If you do not allow these Tracking Technologies, then some or all of these services may not function properly.
Targeting Tracking Technologies. These Tracking Technologies may be used on our website by us or our advertising partners (or set directly by our advertising partners) to collect data about your online activity. They record your visits to our website, the pages you have visited, and the links you have followed. They are used by our advertising partners to build a profile of your interests and show you relevant advertisements on our website as well as other sites. If you do not allow these Tracking Technologies, you will experience less targeted advertising.
Disclosure and Sharing
We may share or disclose Personal Data to the third parties listed below. Some of these third parties may be located outside of the United States. However, when the Personal Data is protected by the GDPR, before transferring your Personal Data to these third parties, we will either ask for your explicit consent or require the third party to maintain at least the same level of privacy and security for your Personal Data that we do. We remain liable for the protection of your Personal Data that we transfer or have transferred to third parties, except to the extent that we are not responsible for the event that leads to any unauthorized or improper processing.
Service Providers. With our contracted service providers, who provide services such as IT and system administration and hosting, communication services, credit card processing, research and analytics, marketing, webforms, and customer support.
Our Resellers. With resellers to the extent such sharing of data is necessary to fulfill a request you have submitted via our websites or for customer support, marketing, technical operations and account management purposes.
Your Affiliates. If you use our Services as a user, we may share your Personal Data with our affiliated Customer responsible for your access to the Services to the extent this is necessary for verifying accounts and activity, investigating suspicious activity, or enforcing our terms and policies.
Our Affiliates. We may disclose your Personal Data to our subsidiaries or affiliates, but only if necessary for business purposes, as described in this Privacy Policy.
Event Sponsors. If you attend an event or webinar organized by us, or download or access content, we may share your Personal Data with sponsors of the event. If required by applicable law, you may consent to such sharing via the registration form or by allowing your attendee badge to be scanned at a sponsor booth. In these circumstances, your information will be subject to the sponsors’ privacy statements.
Contest and Promotion Sponsors. With sponsors of contests or promotions for which you register.
Third party networks and websites. With third-party advertising networks and websites, so that we can market and advertise on third party platforms and websites (examples: Google and Freshworks).
Professional Advisers. In individual instances, we may share your Personal Data with professional advisers acting as service providers, processors, or joint controllers – including lawyers, bankers, auditors, and insurers based in countries in which we operate, and to the extent we are legally obliged to share or have a legitimate interest in sharing your Personal Data.
Change in Ownership. We may disclose your Personal Data if we sell or transfer all or some of our company’s business interests, assets, or both, or in connection with a corporate restructuring. In accordance with applicable laws, we will use reasonable efforts to notify you of any transfer of Personal Data to an unaffiliated third party.
Anonymous and Aggregated. We reserve the right to use, transfer, sell, and share any anonymous and aggregated data for any legal purpose. Such data does not include any Personal Data. The purposes may include analyzing usage trends or seeking compatible advertisers, sponsors, and customers.
Legal Requirements. We may disclose your Personal Data to the extent required by law or if we have a good-faith belief that such disclosure is necessary in order to comply with official investigations or legal proceedings (whether initiated by governmental/law enforcement officials, or private parties). If we must disclose your Personal Data to governmental/law enforcement officials, we may not be able to ensure that such recipients will maintain the privacy or security of your Personal Data.
How Long Do We Keep Your Personal Data
We will retain your Personal Data for as long as necessary to fulfil the purpose for which it was provided or collected, in accordance with our data retention policies. For example, we will retain and use your Personal Data to the extent necessary to comply with our legal obligations (such as, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.
If your Personal Data is used for more than one purpose, we will retain it until the purpose with the longest retention period expires; but we will stop using it for the purpose with a shorter retention period once that period expires. Our retention periods are also based on our business needs and good practice and legal requirements.
In cases where we act as a data processor, we retain Personal Data for as long as instructed by the respective Customer (who typically acts as a data controller). We may delete the Personal Data submitted to us by our Customers within two (2) weeks of the end of our service agreement with the Customer, unless
applicable laws require otherwise.
What Privacy Rights Do You Have?
You have specific rights regarding your Personal Data that we collect and process. Please note that you can only exercise these rights with respect to Personal Data that we process about you when we act as a data controller or as a “business” under the CCPA. To exercise your rights with respect to information processed by us on behalf of one of our Customers, please read the privacy policy of that Customer.
In this section, we first describe those rights and then we explain how you can exercise those rights.
Right to Know What Happens to Your Personal Data (The
This is called the right to be informed. It means that you have the right to obtain from us all information regarding our data processing activities that concern you, such as how we collect and use your Personal Data, how long we will keep it, and who it will be shared with, among other things.
We are informing you of how we process your Personal Data with this Policy. We will always try to inform you about how we process your Personal Data. However, if we do not collect the Personal Data directly from you, the GDPR exempts us from the obligation to inform you (i) when providing the information is either impossible or unreasonably expensive; (ii) the gathering and/or transmission is required by law, or if (iii) the Personal Data must remain confidential due to professional secrecy or other statutory secrecy obligations.
Right to Know What Personal Data Numonix Has About You
This is called the right of access. This right allows you to ask for full details of the Personal Data we hold about you.
You have the right to obtain from us, including confirmation of whether or not we process Personal Data concerning you, and, where that is the case, a copy or access to the Personal Data and certain related information.
Once we receive and confirm that the request came from you or your authorized agent, we will disclose to you:
- The categories of your Personal Data that we process;
- The categories of sources for your Personal Data;
- Our purposes for processing your Personal Data;
- Where possible, the retention period for your Personal Data, or, if not possible, the criteria used to determine the retention period;
- The categories of third parties with whom we share your Personal Data;
- If we carry out automated decision-making, including profiling, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you;
- The specific pieces of Personal Data we process about you in an easily-sharable format;
- If we disclosed your Personal Data for a business purpose, the categories of Personal Data and categories of recipients of that Personal Data for and disclosure;
- If we rely on legitimate interests as a lawful basis to process your Personal Data, the specific legitimate interests; and
- The appropriate safeguards used to transfer Personal Data from the EEA or the UK to a third country, if applicable.
Under some circumstances, we may deny your access request. In that event, we will respond to you with the reason for the denial.
Right to Change Your Personal Data
This is called the right to rectification. It gives you the right to ask us to correct without undue delay anything that you think is wrong with the Personal Data we have on file about you, and to complete any incomplete Personal Data.
If your account settings do not allow you change the information yourself, please contact us and we will do our best to change the Personal Data for you.
Right to Delete Your Personal Data
This is called the right to erasure, right to deletion, or the right to be forgotten. This right means you can ask for your Personal Data to be deleted.
Sometimes we can delete your information, but other times it is not possible for either technical or legal reasons. If that is the case, we will consider if we can limit how we use it. We will also inform you of our reason for denying your deletion request.
Right to Ask Us to Limit How We Process Your Personal Data
This is called the right to restrict processing. It is the right to ask us to only use or store your Personal Data for certain purposes. You have this right in certain instances, such as where you believe the data is inaccurate or the processing activity is unlawful.
Right to Ask Us to Stop Using Your Personal Data
This is called the right to object. This is your right to tell us to stop using your Personal Data. You have this right where we rely on a legitimate interest of ours (or of a third party). You may also object at any time to the processing of your Personal Data for direct marketing purposes.
We will stop processing the relevant Personal Data unless: (i) we have compelling legitimate grounds for the processing that override your interests, rights, or freedoms; or (ii) we need to continue processing your Personal Data to establish, exercise, or defend a legal claim.
If we have received your Personal Data in reliance on the Data Privacy Framework, you may also have the right to opt out of having your Personal Data shared with third parties and to revoke your consent to our sharing your Personal Data with third parties. You may also have the right to opt out if your Personal Data is used for any purpose that is materially different from the purpose(s) for which it was originally collected or which you originally authorized.
Right to Port or Move Your Personal Data
This is called the right to data portability. It is the right to ask for and receive a portable copy of your Personal Data that you have given us or that you have generated by using our services, so that you can:
- Move it;
- Copy it;
- Keep it for yourself; or
- Transfer it to another organization.
We will provide your Personal Data in a structured, commonly used, and machine-readable format. When you request this information electronically, we will provide you a copy in electronic format.
Rights related to automated decision-making including profiling
This is called the right to data Rights in relation to automated decision-making including profiling GDPR includes provisions for decisions made with no human involvement, such as profiling, which uses personal data to make calculated assumptions about individuals.
There are strict rules about this kind of processing, and individuals are permitted to challenge and request a review of the processing if they believe the rules aren’t being followed.
Right to Withdraw Your Consent
Where we rely on your consent as the legal basis for processing your Personal Data, you may withdraw your consent at any time. If you withdraw your consent, our use of your Personal Data before you withdraw is still lawful.
If you have given consent for your details to be shared with a third party and wish to withdraw this consent, please also contact the relevant third party in order to change your preferences.
Please note that, if you change your mind about being sent marketing emails you can “opt out” at any time by clicking the “unsubscribe” link at the bottom of any marketing email. Once you “opt out”, you will no longer receive any marketing emails from us. We will continue to communicate with you regarding your service billing and support via email.
Right to Non-Discrimination
We will not discriminate against you for exercising any of your privacy rights. Unless the applicable data protection laws permit it, we will not:
- Deny you goods or services;
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits or imposing penalties;
- Provide you a different level or quality of goods or services; or
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
How Can You Exercise Your Privacy Rights?
To exercise any of the rights described above, please contact us.
If the GDPR applies to our processing of your Personal Data, you have the right to lodge a complaint with the supervisory authority of the country in which you are located or to our EU representative. You may also complain to the Information Commissioner’s Office (“ICO”), which is the UK or to our UK representative.
Verification of Your Identity
In order to correctly respond to your privacy rights requests, we need to confirm that YOU made the request. Consequently, we may require additional information to confirm that you are who you say you are.
We will only use the Personal Data you provide us in a request to verify your identity or authority to make the request.
Verification of Authority
If you are submitting a request on behalf of somebody else, we will need to verify your authority to act on behalf of that individual. When contacting us, please provide us with proof that the individual gave you signed permission to submit this request, a valid power of attorney on behalf of the individual, or proof of parental responsibility or legal guardianship. Alternatively, you may ask the individual to directly contact us to verify their identity and confirm with us that they gave you permission to submit this request.
Response Timing and Format of Our Responses
We will confirm the receipt of your request within ten (10) business days and, in that communication, we will also describe our identity verification process (if needed) and when you should expect a response, unless we have already granted or denied the request.
Please allow us up to a month to reply to your requests from the day we received your request. If we need more time (up to 90 days in total), we will inform you of the reason why and the extension period in writing.
If we cannot satisfy a request, we will explain why in our response. For data portability requests, we will choose a format to provide your Personal Data that is readily useable and should allow you to transmit the information from one entity to another entity without difficulty.
We will not charge a fee for processing or responding to your requests. However, we may charge a fee if we determine that your request is excessive, repetitive, or manifestly unfounded. In those cases, we will tell you why we made that determination and provide you with a cost estimate before completing your request.
EU-U.S. and Swiss-U.S. Data Privacy Frameworks
With respect to Personal Data processed in the scope of this Policy, Numonix complies with the EU-U.S. Data Privacy Framework (and its UK Extension) and Swiss-U.S. Data Privacy Framework (the “Data Privacy Framework”) as adopted and set forth by the U.S. Department of Commerce regarding the processing of Personal Data. Numonix commits to adhere to and has certified to the Department of Commerce that it adheres to the Data Privacy Framework Principles. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern
To learn more about the Data Privacy Framework, and to view Numonix’s certification, please visit https://www.dataprivacyframework.gov/s/ and https://www.dataprivacyframework.gov/s/participant-search, respectively.
Dispute Resolution
Where a privacy complaint or dispute relating to Personal Data received by Numonix in reliance on the Data Privacy Framework cannot be resolved through our internal processes, we have agreed to participate in the VeraSafe Data Privacy Framework Dispute Resolution Procedure. Subject to the terms of the VeraSafe Data Privacy Framework Dispute Resolution Procedure, VeraSafe will provide appropriate recourse free of charge to you. To file a complaint with VeraSafe and participate in the VeraSafe Data Privacy Framework Dispute Resolution Procedure, please submit the required information here: https://www.verasafe.com/privacy- services/dispute-resolution/submit-dispute/.
In compliance with the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Numonix commits to cooperate and comply with the advice of the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF.
Binding Arbitration
If your dispute or complaint cannot be resolved by us, nor through the dispute resolution program established by VeraSafe, you may have the right to require that we enter into binding arbitration with you under the “Recourse, Enforcement and Liability” Principle and Annex I of the Data Privacy Framework.
U.S. Regulatory Oversight
Numonix is subject to the investigatory and enforcement powers of the United States Federal Trade Commission.
Contact Us
If you have any questions about this Policy or our processing of your Personal Data, please submit a request by either:
Calling us at +1 (855) 686-6649 (domestic) or +1 (561) 952-2600 (international);
Contacting our Security Officer by email at dataprotection@numonix.cloud; or
Writing to us at:
Numonix LLC
Attn: Steve Jump, Chief Security Officer
2650 N. Military Trail, Suite 150
Boca Raton Florida, 33431 USA
Please allow up to 30 days for us to reply.
EU and UK Representative. We have appointed VeraSafe Ireland Ltd and VeraSafe United Kingdom Ltd. (“VeraSafe”) as our representative in the EU and UK, respectively, for data protection matters. While you may also contact us, VeraSafe can be contacted on matters related to the processing of Personal Data. To contact VeraSafe, please use this contact form: https://www.verasafe.com/privacy-services/contact-article-27-representative.
Alternatively, VeraSafe can be contacted at:
VeraSafe Ireland Ltd.
Unit 3D North Point House
North Point Business Park
New Mallow Road
Cork T23AT2P
Ireland
VeraSafe United Kingdom Ltd.
37 Albert Embankment
London SE1 7TL
United Kingdom
Other Terms
Industry Standard Security. Numonix has implemented and will maintain technical, administrative, and physical measures that are reasonably designed to help protect PII from unauthorized processing such as unauthorized access, disclosure, alteration, or destruction.
No Children Under Age 13. We do not intentionally gather Personal Data about visitors who are under the age of 13. If you believe your child’s data may have been inadvertently collected, please contact us to submit a deletion request.
No Contractual Rights. This Privacy Policy is not a contract and does not create any contractual rights or obligations.
Links to Third-Party Sites. Our Service may contain links to other sites and services, which are owned and controlled by others. These third-party websites have their own policies regarding privacy, and you should review those policies.
Revisions to this Policy. If we make any material change to this Policy, we will post the revised Policy to this web page. We will also update the “Last Updated” date.
Acceptable Use Policy (AUP)
All users of the Numonix web-based service (Service) must comply with this Acceptable Use Policy (AUP). This AUP is part of our Subscription Services Agreement (SSA). Your use or continuation of the Service constitutes your acceptance of this AUP. It is your responsibility, and contractual obligation, to ensure that your affiliates, agents, and/or customers (End Users) comply with this AUP.
- You expressly understand that the evolving nature of the Internet and online commerce makes it necessary for us to reserve the right to make changes to this AUP at any time and without notice, but which will only apply on a prospective basis.
- This AUP may not represent all possible ways in which you or an End User engage in unacceptable behavior.
- Numonix encourages prospective customers to carefully review sections of this AUP covering Recording, Intellectual Property Violations, and Security.
- A thorough review of those sections and the entire AUP may help avoid creating issues under it that will cause Numonix to take action, up to, and including, termination of a customer’s account.
- Services we provide may be subject to other acceptable use policies.
- Numonix will provide these acceptable use policies to you on request.
Scope and Purpose
Numonix does not review, edit, censor, or take responsibility for any information customers or End Users may create or store.
Contacting us about Abuse and Requests for Information about Customers and End Users
- Individuals who contact Numonix about this AUP, the behavior of our customers, or for other purposes, are required to provide us with accurate information to enable us to contact them and respond to their requests.
- Numonix does not respond to anonymous correspondence.
E-mail addresses used to contact Numonix are set out here dataprotection@numonix.cloud
- Please note that Numonix has created special addresses for certain types of complaints.
- Complaints misdirected by a Customer or End User may not be responded to by Numonix.
- Complaints submitted to Numonix are not confidential and may be forwarded to Numonix’s Customer or law enforcement, without notice.
- Numonix does not recognize requests that complaints be kept confidential and will not honor those requests.
- Some abuse complaints may not receive a reply depending on the volume of abuse complaints about that particular issue.
- Numonix does not respond to anonymous correspondence.
- Numonix may disclose information, including information that Customers or End Users consider confidential, in order to comply with a court order, subpoena, summons, discovery request, warrant, regulation, or governmental request, which appears to be valid.
- Numonix may also disclose such information when it is necessary for us to protect our business, or others, from harm.
- Numonix assumes no obligation to inform Customers or End Users that Numonix has provided this type of information unless Numonix has affirmatively agreed to do so. In some cases, Numonix may be prohibited by law from giving such notice.
- Individuals who contact Numonix about this AUP, the behavior of our customers, or for other purposes, are required to provide us with accurate information to enable us to contact them and respond to their requests.
The Services may be used for lawful purposes only
Transmission, storage, or presentation of any information, data or material in violation of any applicable law, regulation, this AUP, or our SSA, is prohibited. You may not use the Service to directly facilitate the violation of any law or regulation, including, but not limited to:
- forging, misrepresenting, omitting or deleting message headers, return mailing information, and/or internet protocol addresses, to conceal or misidentify the origin of a message;
- creating or sending Internet viruses, worms or Trojan horses, flood or mail bombs, or engaging in denial of service attacks;
- hacking, and/or subverting, or assisting others in subverting, the security or integrity of our products or systems;
- disseminating material that may cause us to be subject to attacks on our network, or that which is, but is not limited to, racist, pornographic, hateful material, or those which create customer service or abuse issues for us. Under no circumstances may Numonix’s systems be used to gain access or deny access to a system without the permission of the system’s owners (or rightful users);
- probes, port-scans, sweeps and spoofing of systems without the express permission of the owners of those systems; Numonix reserves the right to use probes, port-scans, sweeps and spoofing on any system connected to the Numonix network in the course of performing security assessments and threat management;
- soliciting the performance of any illegal activity, even if the activity itself is not performed; and/or acting in any manner that might subject us to unfavorable regulatory action, subject us to any liability for any reason, or adversely affect our public image, reputation or goodwill, as determined by us in our sole and exclusive discretion.
Copyright
Numonix is a registered trademark with the United States.
Numonix’s designated agent for receipt of notices pursuant to the DMCA is: dataprotection@numonix.cloud
Other Intellectual Property Infringement
Customers and End Users may not engage in activity that infringes or misappropriates the intellectual property rights of others. This includes but is not limited to trademarks, service marks, trade secrets, software piracy, and patents. Complaints about such activity by Customers or End Users may be directed to the address at the end of this AUP.
U.S. Export and Import Laws
- Customers and End Users may not use Numonix’s services to engage in a violation of
U.S. export and import control laws.
o More information about U.S. export laws may be found at http://www.export.gov/exportcontrols.html
- Customers and End Users may not use Numonix’s services to engage in a violation of
Subpoenas, Warrants, Document Preservation Requests and Other Requests for Information
- Law enforcement agencies who seek information about Numonix’s customers, or their use of Numonix’s services, are required to submit a subpoena, or other similar documents, pursuant to which Numonix is required by law to produce this information (Subpoena).
- Unless specifically required by law and so clearly communicated to Numonix, the subpoena will be transmitted to Numonix’s Customer.
- Civil demands for information, such as discovery requests and similar demands (Civil Demands), must be part of a filed and pending litigation matter.
- Responses to Civil Demands are at Numonix’s discretion.
- Responses are subject to a response fee of $250 per hour.
- Numonix does not honor requests from civil litigants to limit or to pre-approve response expenses.
- Civil litigants are encouraged to contact Numonix prior to serving Civil Demands in order to minimize their expenses.
- Numonix understands its obligations to preserve certain electronically stored material.
- Parties who ask Numonix to preserve this material, must contact Numonix in writing, and describe specifically what information they would like preserved.
- Preservation of any material is at Customer’s cost, which must be paid in advance.
- Law enforcement agencies who seek information about Numonix’s customers, or their use of Numonix’s services, are required to submit a subpoena, or other similar documents, pursuant to which Numonix is required by law to produce this information (Subpoena).
Changes to the Acceptable Use Policy
This Acceptable Use Policy may be updated from time to time, and the latest version of the document will be made available in this page.
Updated April 10, 2020
IXCloud Fair Usage Policy
Policy Statement:
This offering is designed for significant usage, however at some point there can be excessive usage.
Excessive Usage means:
Audio – 8 hours per day (on average over a month using 22 days per month) of continuous audio recording (using standard audio(mono)),
Video – 5 hours per day of continuous video recording (using video (up to 1920 × 1080)), or
Stored Calls – If the number of calls stored by the service in relation to the number of named active users is excessive.
Daily API Calls – if the number of API calls is greater than 2400 API calls per day per tenant.
If customer repeatedly exceeds violates this policy Numonix may throttle down the service or customer may incur charges (upon electronic advance notice) to limit the excessive usage.
Prior Notice of Extenuating Customer Circumstances.
Numonix understands that customers will occasionally have very high volumes of traffic outside of normal usage patterns. In those cases where this traffic can be predicted Numonix requests to be informed with as much notice as possible to ensure that service delivery remains consistently high.
Changes to the Fair Usage Policy
This Fair Usage Policy may be updated from time to time, and the latest version of the document will be made available in this page.
Rev. January 12,2021
IXCloud
API Policy
Modifications to Policy
IXCloud (Numonix) reserve the right, in its sole discretion, to modify this IXCloud or Numonix Software API Policy at any time. You are responsible for reviewing and becoming familiar with any modifications. Modifications are effective when first posted. To receive notifications about changes to this policy and the API functionality, see the Deprecation and API Changes section below.
Principles
Applications that access the IXCloud or Numonix Software API should adhere to the following principles:
- Don’t impersonate.
- Don’t surprise users.
- Respect the privacy of any information retrieved.
- Don’t overload users.
- Don’t Overload API’s
Additionally, your applications must adhere to API rate limits where applicable (see the API Rate Limits section below).
Don’t Impersonate
- Your application should not mirror or replicate IXCloud , or any other organization using Numonix software or services.
- Do not impersonate or facilitate impersonation of others in a manner that can mislead, confuse, or deceive users.
- End users should understand that your application is integrated with IXCloud or Numonix Software or Services but is an independent resource.
- You should not remove or alter any proprietary notices in the provided API’s.
Don’t Surprise Users
Your application should not…
- Use the API for different purposes other than what your application states or implies.
- Confuse or mislead users about the source or purpose of your application.
- Use business names and/or logos in a manner that can mislead, confuse, or deceive users.
- Use the IXCloud or Numonix software or services API’s on behalf of any third-party.
- Facilitate or encourage the publishing of links to malicious, inappropriate, untrue, illegal, private or obscene content.
Your service should outline what actions your application will take on the user’s behalf as part of the application registration process.
Respect the Privacy of any Information Retrieved
- Any user information—including extensions, personal contact, Business contact , profile information, etc.—retrieved through the IXCloud or Numonix API’s should be considered private information and, in some cases, will be protected by government regulations, please review applicable regulations and insure your use is compliant.
- Know what information your tool will disclose to the public or to other products and services, and be clear with end users about what information will be disclosed.
- Do not facilitate or encourage the publishing of private or confidential information.
- Always ensure that proper notification is given to customers and end users, including the customers clients be it Business to Business (B2B) or Business to Consumer(B2C) interactions.
Don’t Overload Users
IX cloud provides a number of different ways to contact, notify, and inform users of information. Where these methods are exposed in the API, it’s important to monitor how often your application is pushing information to users.
In general, you should try to push information as rarely as possible, both to prevent user annoyance and also to make your pushes more effective.
API Rate Limits
Applications that access the IXCloud Or Numonix Software or Services API’s must not place undue load on Numonix servers or infrastructure. Numonix will monitor, limit and in some cases terminate excessive use . Where applicable when the rate limit or number of calls is exceeded, API requests will fail. Limiting is enforced per user access token (and tenant) so that partners who perform requests on behalf of multiple end users will not be throttled.
If an application regularly exceeds the API rate limits or uses a disproportionately large number of high-impact (e.g. non-GET) requests, the access tokens may be revoked, or other measures may be taken to ensure the stability of the system for all users.
If you are concerned about hitting the rate limit, please contact your Customer Success Manager to either adjust your rate limit or seek assistance from our or other paid for professional services optimizing your application for lower impact on the provided Software or Services and to improve overall performance.
Deprecation and API Changes
The IXCloud and Numonix Software and Services API’s are versioned to allow for future enhancements. We strive to deliver a platform that is stable, consistent, and secure so you can confidently build scalable solutions on top of our APIs. Over time we will add, change, and remove API endpoints and fields from time to time using commercially reasonable efforts to provide communication and backward compatibility where possible as indicated:
| Type of change | Notice | What you should do |
| Remove an endpoint | Endpoint will be marked DEPRECATED at least 60 days before endpoint is removed | Watch release notes |
Remove a documented field in a result set | Field will be marked DEPRECATED at least 60 days before field is removed | Watch release notes |
| Remove an undocumented field in a result set | Undocumented fields can be removed or changed without notice | Avoid using these fields or be aware that they could be experimental and could change at any time |
| Add a field to a result set | Field can be added without prior notice | Write your code to be resilient to these types of changes |
| Add to the attribute set of a field in the result set | New values can be added to a field without prior notice | Write your code to be resilient to these types of changes |
| Change the attribute set of a field in the result set | Field value will be marked DEPRECATED at least 60 days before attribute is changed | Watch release notes |
| Remove the attribute set of a field in the result set | Field value will be marked DEPRECATED at least 60 days before attribute is removed | Watch release notes |
| Change to BETA endpoints, fields, or attributes | Can be removed or changed without prior notice | Watch release notes |
| Change to Sandbox endpoints, fields, or attributes | Can be removed or changed without prior notice we will make best effort to give at least 5 days | Watch release notes |
Changes related to fixing a security vulnerability | Any change related to repairing a security vulnerability could be made without prior notice | Watch release notes or security notifications where applicable |
Numonix has no liability to Customer as a result of any change, temporary unavailability, suspension, or termination of access to the API.
Information and notices regarding the available APIs can be found in the technical documentation on the website and in IXCloud API Release and Documentations as and where applicable.
API Support
Developers using iCloud Services provide by Numonix can submit questions or issues with the API to the Support team in one of the following ways:
- Email support@Numonix.cloud
Tickets about the API will be handled following the same service-level agreement that applies to any other ticket from a given organization.
Developers who are not part of an official program can get support through the developer community:
- Engage in conversation on
- Participate in our TBD site found here: TBD
Rev. May 15, 2020
SUBSCRIPTION SERVICES AGREEMENT
September, 2024
PLEASE READ THIS AGREEMENT CAREFULLY BEFORE USING THIS SERVICE.
BY USING THE SERVICE OR CLICKING AGREE (OR AN EQUIVALENT) YOU ARE AGREEING TO BE BOUND BY THIS AGREEMENT. SUPPOSE YOU ARE AGREEING TO THIS AGREEMENT ON BEHALF OF OR FOR THE BENEFIT OF YOUR EMPLOYER OR A THIRD PARTY. IN THAT CASE, YOU REPRESENT AND WARRANT THAT YOU HAVE THE NECESSARY AUTHORITY TO AGREE TO THIS AGREEMENT ON THEIR BEHALF.
This agreement is between Numonix, LLC, a Delaware corporation (Numonix), and the Customer agreeing to these terms (Customer).
SOFTWARE SERVICE.
>This agreement provides Customer access to and usage of an Internet-based software service, including, without limitation, its features, functions, and user interface, as specified on an order (Service).
USE OF SERVICES (SUBSCRIPTION).
a. Customer Owned Data. All audio and video files and other data uploaded by Customer to the Service remains the property of the customer, as between Numonix and Customer (Customer Data). The customer grants Numonix the right to use the the customer Data solely for purposes of performing under this agreement. During the term of this agreement, Customer may export its Customer Data as allowed by functionality within the Service. If the Customer plans to process data of EU residents, then the Data Processing Addendum in our privacy policy https://numonix.cloud/Compliance/ applies to this agreement.
b. Local Laws. The customer is responsible for compliance with all applicable laws when using the Service, including without limitation, call recording laws and appropriate consents to record.
c. Access and Usage. Customer may allow its contractors to access the Service in compliance with the terms of this agreement, which access must before the sole benefit of Customer. The customer is responsible for the compliance with this agreement by its contractors.
d. Customer Responsibilities. Customer: (i) must keep its passwords secure and confidential; (ii) is solely responsible for Customer Data and all activity in its account in the Service; (iii) must use commercially reasonable efforts to prevent unauthorized access to its account, and notify Numonix promptly of any such unauthorized access; (iv) backup the Customer Data and ensure that it meets Customer’s backup requirements; and (v) may use the Service only in accordance with the Service’s technical documentation, policies and applicable law. Please see https://numonix.cloud/Compliance/ for IXCloud standard policies including Privacy Policy, Cookie Policy, Acceptable Usage Policy (AUP), Fair Usage Policy, and API policy
e. Numonix Support. Numonix must provide Customer support for the Service under the terms of Numonix’s Customer Support Policy (Support), which is located at https://numonix.cloud/support/
f. 30-Day Trial Version. If Customer has registered for a trial use of the Service, Customer may access the Service for a 30-day time period (unless extended by Numonix in writing). The Service is provided AS IS with no warranty during this time period. All Customer Data will be deleted after the trial period unless Customer converts its account to a paid Service.
g. Free Version. If Customer has registered for a no-charge use of the Service, Customer may access the Service until it is cancelled by Numonix (without cause) upon notice sent via email (using its email address in the Service), or by the Customer. The Service is provided AS IS with no warranty. All Customer information will be deleted after the no-charge period ends unless Customer converts its account to a paid Service.
h. Third-Party Services. The Service interoperates with one or more third-party services (e.g. Salesforce, Skype for Business, ShoreTel, AudioCodes, Microsoft Teams etc.) and depends on the continuing availability and access to such third-party service and any data or information interfaces (Third-Party Services). If for any reason Numonix cannot access or use the applicable Third-Party Service (including without limitation, change in terms or increase in fees charged by a third-party service provider), Numonix may not be able to provide all the functions of its Service. No refund or credit will be provided for unavailability of any Third-Party Services.
i. API. Numonix provides access to its free set of application-programming interface (API) as part of the Service for no additional fee. Subject to the other terms of this agreement, Numonix grants Customer a non-exclusive, nontransferable, terminable license to interact only with the Service as allowed by the API.
·Customer may not use the API in a manner, as reasonably determined by Numonix, that exceeds reasonable request volume, constitutes excessive or abusive usage, or fails to comply with any part of the API. If any of these occur, Numonix can suspend or terminate Customer’s access to the API on a temporary or permanent basis. For usage levels see Fair Usage Policy for guidance on what Numonix considers reasonable https://numonix.cloud/Compliance/
·Numonix may change or remove existing endpoints or fields in API results upon at least 30 days’ notice to Customer, but Numonix will use commercially reasonable efforts to support the previous version of the API for at least 6 months. Numonix may add new endpoints or fields in API results without prior notice to Customer.
·The API is provided on an AS-IS basis. Numonix has no liability to Customer as a result of any change, temporary unavailability, suspension, or termination of access to the API.
j. Locally Run Software. Depending on the Service offering purchased, any software provided by Numonix as part of the Service that is designed to run locally (On-Premise Software) is licensed to Customer as follows: Numonix grants Customer a non-exclusive, non-transferable license during the term of the order, to use and copy such On-Premise Software in accordance with its technical documentation, solely in connection with the Service.
SERVICE LEVEL AGREEMENT & WARRANTY.
a. Warranty. Numonix warrants to Customer: (i) that commercially reasonable efforts will be made to maintain the online availability of the Service for a minimum of availability in any given month as provided in the SLA located at https://numonix.cloud/support/ & https://numonix.cloud/Compliance/ (ii) the functionality or features of the Service may change but will not materially decrease during any paid term; and (iii) that the Support may change but will not materially degrade during any paid term.
b. DISCLAIMER. NUMONIX DISCLAIMS ALL OTHER WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY, TITLE, AND FITNESS FOR A PARTICULAR PURPOSE. WHILE NUMONIX TAKES REASONABLE PHYSICAL, TECHNICAL, AND ADMINISTRATIVE MEASURES TO SECURE THE SERVICE, NUMONIX DOES NOT GUARANTEE THAT THE SERVICE CANNOT BE COMPROMISED. CUSTOMER UNDERSTANDS THAT THE SERVICE MAY NOT BE ERROR FREE, AND USE MAY BE INTERRUPTED.
PAYMENT.
Customer must pay all fees as specified on the order, but if not specified, then within 30 days of receipt of an invoice. Customer is responsible for the payment of all sales, use, withholding, VAT, and other similar taxes. This agreement contemplates one or more orders for the Service, which orders are governed by the terms of this agreement.
MUTUAL CONFIDENTIALITY.
a. Definition of Confidential Information. Confidential Information means all non-public information disclosed by a party (Discloser) to the other party (Recipient), whether orally, visually, or in writing, that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and the circumstances of disclosure (Confidential Information). Numonix’s Confidential Information includes, without limitation, the Service, its user interface design and layout, and pricing information, and the On-Premise Software. Customer’s Confidential Information includes, without limitation, the Customer Data.
b. Protection of Confidential Information. The Recipient must use the same degree of care that it uses to protect the confidentiality of its own confidential information (but in no event less than reasonable care), and it may not disclose or use any Confidential Information of the Discloser for any purpose outside the scope of this agreement. The Recipient must make commercially reasonable efforts to limit access to Confidential Information of Discloser to those of its employees and contractors who need such access for purposes consistent with this agreement and who have signed confidentiality agreements with Recipient no less restrictive than the confidentiality terms of this agreement.
c. Exclusions. Confidential Information excludes information that: (i) is or becomes generally known to the public without breach of any obligation owed to Discloser; (ii) was known to the Recipient prior to its disclosure by the Discloser without breach of any obligation owed to the Discloser; (iii) is received from a third party without breach of any obligation owed to Discloser; or (iv) was independently developed by the Recipient without use or access to the Confidential Information. The Recipient may disclose Confidential Information to the extent required by law or court order but will provide Discloser with advance notice to seek a protective order.
·Security Measures. In order to protect Customer’s Confidential Information, Numonix: (i) implements and maintains all reasonable security measures appropriate to the nature of the Confidential Information including, without limitation, technical, physical, administrative, and organizational controls,and will maintain the confidentiality, security, and integrity of such Confidential Information; (ii) implements and maintains industry standard systems and procedures for detecting, preventing, and responding to attacks, intrusions, or other systems failures and regularly tests, or otherwise monitors the effectiveness of the safeguards’ key controls, systems, and procedures; (iii) designates an employee or employees to coordinate implementation and maintenance of its Security Measures (as defined below); and (iv) identifies reasonably foreseeable internal and external risks to the security, confidentiality, and integrity of Customer’s Confidential Information that could result in the unauthorized disclosure, misuse, alteration, destruction, or other compromise of such information, and assesses the sufficiency of any safeguards in place to control these risks (collectively, Security Measures).
·Notice of Data Breach. If Numonix knows that Customer Confidential Information has been accessed, disclosed, or acquired without proper authorization and contrary to the terms of this agreement, Numonix will promptly alert Customer of any such data breach, and immediately take such actions as may be necessary to preserve forensic evidence and eliminate the cause of the data breach. Numonix will give highest priority to immediately correcting any data breach and will devote such resources as may be required to accomplish that goal. Numonix will provide Customer with all available information reasonably necessary to enable Customer to fully understand the nature and scope of the data breach. To the extent that Customer, in its sole reasonable discretion, deems warranted, Customer may provide notice to any or all parties affected by any data breach. In such case, Numonix will consult with Customer in a timely fashion regarding appropriate steps required to notify third parties. Numonix will provide Customer with information about what Numonix has done or plans to do to minimize any harmful effect of the unauthorized use or disclosure of, or access to, Confidential Information.
e. DataProtection Agreement
·IXCloud offers a data processing agreement (DPA) that defines Numonix and Customer’s obligations under GDPR, and includes the EU’s approved Standard Contractual Clauses for the handling of data collected in the European Economic Area and Switzerland outside of those areas. If Customer has a need for this agreement, Customer should please request it from Customer’s IXCloud account representative.
f. Compliance with Data Protection Laws
·In processing Personal Data in the Numonix Products and through the Professional Services to Customer, Numonix shall comply with applicable legal requirements for privacy, data protection, and confidentiality of communications. Such applicable legal requirements include the Standards for the Protection of Personal Information of Residents of the Commonwealth of Massachusetts (201 CMR17.00), the California Consumer Privacy Act of 2018 (the “CCPA”), and other applicable United States data protection laws at the state level, and implementing national legislation, and Regulation 2016/679 (also known as GDPR), if applicable. Numonix shall not (i) sell Personal Data as defined under the CCPA, or (ii) retain, use, or disclose Personal Data for any purpose other than for the specific purpose of providing the Numonix Services. Numonix is certified under the Privacy Shield to cover the transfer of data collected in the European Economic Area and Switzerland to the United States.
PROPERTY.
a. Reservation of Rights. The Service and the On-Premise Software are the proprietary property of Numonix and its licensors, and all right, title, and interests in and to the Service and the On-Premise Software, including all associated intellectual property rights, remain only with Numonix. Customer may not remove or modify any proprietary marking or restrictive legends in the Service or On-Premise Software. Numonix reserves all rights unless expressly granted in this agreement.
b. Restrictions. Customer may not: (i) sell, resell, rent, or lease the Service or use it in a service-provider capacity; (ii) use the Service to store or transmit infringing, unsolicited marketing emails, libelous, or otherwise objectionable, unlawful, or tortious material, or to store or transmit material in violation of third-party rights; (iii) interfere with or disrupt the integrity or performance of the Service; (iv) attempt to gain unauthorized access to the Service or its related systems or networks; (v) reverse engineer the Service or the On-Premise Software; or (vi) access the Service or use the On-Premise Software to build a competitive service or product, or copy any feature, function, or graphic for competitive purposes.
c. Statistical Information. Numonix may compile statistical information related to the performance of the Service and may make such information publicly available, provided that such information does not identify Customer Data, and there is no means to re-identify Customer Data. Numonix retains all intellectual property rights in such information.
TERM AND TERMINATION.
a. Term. This agreement continues until all orders have expired or are terminated for material breach under Section7 (b).
b. Mutual Termination for Material Breach. If either party is in material breach of this agreement, the other party may terminate this agreement at the end of a written 30-day notice/cure period if the breach has not been cured.
·Within 15 days after termination, upon request of the Customer, Numonix will make the Service available for Customer to export Customer Data as provided in Section 2(a). If Customer needs additional assistance beyond the services Numonix provides to other customers under Support, then Numonix will provide such services at its then current hourly rates.
·After such 15-day period, Numonix has no obligation to maintain the Customer Data and will destroy it.
d. Return Numonix Property Upon Termination. Upon termination of this agreement for any reason, Customer must pay Numonix for any unpaid amounts and destroy or return all property of Numonix. Upon Numonix’s request, Customer will confirm in writing its compliance with this destruction or return requirement.
e. Suspension for Violations of Law. Numonix may temporarily suspend the Service and/or remove the applicable Customer Data if it in good faith believes that, as part of using the Service, Customer has violated a law. Numonix will attempt to contact Customer in advance.
f. Suspension for Non-Payment. Numonix may temporarily suspend the Service if Customer is more than 30 days late on any payment due pursuant to an order.
LIABILITY LIMIT.
a. Exclusion of Indirect Damages. Numonix is not liable for any indirect, special, incidental, or consequential damages arising out of or related to this agreement (including, without limitation, costs of delay; and lost profits, revenue, or anticipated cost savings), even if it knows of the possibility or foreseeability of such damage or loss.
b. Total Limit on Liability. Numonix’s total liability arising out of or related to this agreement (whether in contract, tort, or otherwise) does not exceed the amount paid by Customer within the 12-month period prior to the event that gave rise to the liability.
DEFENSE OF THIRD-PARTY CLAIMS.
a. Numonix will defend or settle any third-party claim against Customer to the extent that such claim alleges that Numonix technology used to provide the Service violates a copyright, patent, trademark, or other intellectual property right, if Customer promptly notifies Numonix of the claim in writing, cooperates with Numonix in the defense, and allows Numonix to solely control the defense or settlement of the claim. Costs. Numonix will pay infringement claim defense costs it incurs in defending Customer, Numonix-negotiated settlement amounts, and court-awarded damages. Process. If such a claim appears likely, then Numonix may modify the Service, procure the necessary rights, or replace it with the functional equivalent. If Numonix determines that none of these are reasonably available, then Numonix may terminate the Service and refund any prepaid and unused fees. Exclusions. Numonix has no obligation for any claim arising from: Numonix’s compliance with Customer’s specifications; a combination of the Service with other technology or aspects where the infringement would not occur but for the combination; use of Customer Data; or technology or aspects not provided by Numonix. THIS SECTION CONTAINS CUSTOMER’S EXCLUSIVE REMEDIES AND NUMONIX’S SOLE LIABILITY FOR INTELLECTUAL PROPERTY INFRINGEMENT CLAIMS.
b. If a third party claims against Numonix that any part of the Customer Data infringes or violates that party’s patent, copyright, or other right, Customer will defend Numonix against that claim at Customer’s expense and pay all costs, damages, and attorneys’ fees that a court finally awards or that are included in a settlement approved by Customer, provided that Numonix promptly notifies Customer of the claim in writing, cooperates with Customer in the defense, and allows Customer to solely control the defense or settlement of the claim.
GOVERNING LAW AND FORUM.
This agreement is governed by the laws of the State of Florida (without regard to conflicts of law principles) for any dispute between the parties or relating in any way to the subject matter of this agreement. Any suit or legal proceeding must be exclusively brought in the federal or state courts for Palm Beach County, Florida, and Customer submits to this personal jurisdiction and venue. Nothing in this agreement prevents either party from seeking injunctive relief in a court of competent jurisdiction. The prevailing party in any litigation is entitled to recover its attorneys’ fees and costs from the other party.
If the Customer is located outside the United States, then this agreement is governed by the laws of Florida, without regard to conflict of laws principles. Any dispute between customer and Numonix arising out of or related to this agreement must be exclusively determined by binding arbitration in Palm Beach County, FL, US in English, under the then current commercial or international rules of The International Centre For Dispute Resolution. The decisions of the arbitrators may be entered in any court of competent jurisdiction. Nothing in this agreement prevents either party from seeking injunctive relief in any court of competent jurisdiction. The prevailing party in any arbitration or litigation is entitled to recover its attorneys’ fees and costs from the other party.
OTHER TERMS.
a. Entire Agreement and Changes. This agreement and the order constitute the entire agreement between the parties and supersede any prior or contemporaneous negotiations or agreements, whether oral or written, related to this subject matter. Customer is not relying on any representation concerning this subject matter, oral or written, not included in this agreement. No representation, promise, or inducement not included in this agreement is binding. No modification or waiver of any term of this agreement is effective unless both parties sign it, however this agreement may be modified through an online process provided by Numonix.
b. No Assignment. Neither party may assign or transfer this agreement to a third party, nor delegate any duty, except that the agreement and all orders may be assigned, without the consent of the other party, as part of a merger or sale of all or substantially all the businesses or assets of a party.
c. Independent Contractors. The parties are independent contractors with respect to each other.
d. Enforceability and Force Majeure. If any term of this agreement is invalid or unenforceable, the other terms remain in effect. Except for the payment of monies, neither party is liable for events beyond its reasonable control, including, without limitation, force Majeure events.
e. Money Damages Insufficient. Any breach by a party of this agreement or violation of the other party’s intellectual property rights could cause irreparable injury or harm to the other party. The other party may seek a court order to stop any breach or avoid any future breach of this agreement.
f. No Additional Terms. Numonix rejects additional or conflicting terms of a Customer’s form-purchasing document.
g. Order of Precedence. If there is an inconsistency between this agreement and an order, the order prevails.
h. Survival of Terms. Any terms, that by their nature survive termination of this agreement for a party to assert its rights and receive the protections of this agreement, will survive (including, without limitation, the confidentiality terms). The UN Convention on Contracts for the International Sale of Goods does not apply.
i. Feedback. If Customer provides feedback or suggestions about the Service, then Numonix (and those it allows to use its technology) may use such information without obligation to Customer.
k. Export Compliance. Customer must comply with all applicable export control laws of the United States, foreign jurisdictions, and other applicable laws and regulations.
l. Restricted Rights. If Customer is a United States government agency or acquired the license to the software hereunder pursuant to a government contract or with government funds, then as defined in FAR §2.101, DFAR §252.227-7014(a)(1) and DFAR §252.227-7014(a)(5) or otherwise, all software provided in connection with this agreement are “commercial items,” “commercial computer software,” or “commercial computer software documentation.” Consistent with DFAR §227.7202 and FAR §12.212, any use, modification, reproduction, release, performance, display, disclosure, or distribution by or for the United States government is governed solely by the terms of this agreement and is prohibited except to the extent permitted by the terms of this agreement.
m. Clause Required by Microsoft. Every user of the Service must personally notify other participants prior to invoking any action in the Service that will initiate recording or persisting of media.
Last Revised 10/07/21
IXCLOUD (NUMONIX)
DATA PROCESSING
ADDENDUM
This Data Processing Addendum (“DPA”) applies to IXCloud (Numonix)’s Processing of Personal Data provided to IXCloud (Numonix) by Customer as part of IXCloud (Numonix)’s provision of Recording Software, Services, or Software-as-a-Service (“Services”) to Customer. This DPA forms part of the IXCloud Subscription Services Agreement, Terms of Service, End User License Agreement, or other written or electronic agreement (“Agreement”) between Numonix and Customer for the purchase of Services to reflect the parties’ agreement with regard to the Processing of Personal Data.
In the course of providing products and/or services to Customer pursuant to this DPA, IXCloud (Numonix) may Process Personal Data on behalf of Customer and the parties agree to comply with the following provisions with respect to any Personal Data, each acting reasonably and in good faith.
The terms of this DPA will be effective and replace any previously applicable data processing terms as of the date of execution.
Introduction
- Customer is a Controller (as applicable partner or end tenant) of certain Personal Data and wishes to appoint IXCloud (Numonix) as a Processor to Process this Personal Data on its behalf.
- The parties are entering into this DPA to ensure that IXCloud (Numonix) conducts such data Processing in accordance with Customer’s instructions and Applicable Data Protection Law requirements, and with full respect for the fundamental data protection rights of the Data Subjects whose Personal Data will be Processed.
Definitions
In this DPA, the following terms shall have the following meanings:
“Controller“, “Processor“,” Sub-Processor“, “Data Subject“, “Personal Data” and “Processing“ (and “Process”) shall have the meanings given in Applicable Data Protection Law. “Personal Data” shall include “Personal information” as that term is defined under Applicable Data Protection Law.
“Applicable Data Protection Law” shall mean: (i) Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the Processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation); (ii) EU Directive 2002/58/EC concerning the Processing of Personal Data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications); (iii) any national legislation made under or pursuant to (i) or (ii) ; (iii) California Consumer Privacy Act,; (iv) any amendments or successor legislation to (i), (ii), (iii), or (v); and (v) any other applicable data protection law, all as updated or superseded from time to time.
“Model Clauses” shall mean the model clauses for the transfer of Personal Data to Processors established in third countries approved by the European Commission from time to time, the approved version of which in force at present is that set out in the European Commission’s Decision 2010/87/EU of 5 February 2010.
Data Processing
- Relationship of the Parties. Customer (the Controller) appoints IXCloud (Numonix) as a Processor or (Sub- Processor as applicable) to Process the Personal Data that is the subject matter of the Agreement. Each party shall comply with the obligations that apply to it under Applicable Data Protection Law.
- Purpose Limitation. IXCloud (Numonix) shall Process the Personal Data as a Processor only as necessary to perform its obligations under the Agreement, and strictly in accordance with the documented instructions of Customer
- International Transfers. Customer acknowledges and agrees that IXCloud (Numonix) may transfer and process Personal Data anywhere in the world where IXCloud (Numonix), its affiliates or its sub-processors maintain data processing operations. IXCloud (Numonix) shall not transfer the Personal Data (nor permit the Personal Data to be transferred) outside of the European Economic Area (the “EEA”) or the United Kingdom (the “UK”) unless it takes such measures as are necessary to ensure the transfer is in compliance with Applicable Data Protection Law. Such measures may include (without limitation) transferring the Personal Data to a recipient in a country that the European Commission or any applicable UK authority has decided provides adequate protection for Personal Data, to a recipient that has achieved binding corporate rules authorization in accordance with Applicable Data Protection Law, or to a recipient that has executed Model Clauses. Where required under Applicable Data Protection Law to transfer Personal Data to IXCloud (Numonix) outside of the EEA or the UK, the Customer and IXCloud (Numonix) will be deemed to have entered into Model Clauses with Customer as the “data exporter”; IXCloud (Numonix) as the “data importer”, Appendix 1 and Appendix 2 to the Model Clauses shall be deemed completed with Appendix 1 and Appendix 2 of this DPA, and with the Additional Terms in the Model Clauses set out in Appendix 3 of this DPA. The date of the Model Clauses shall be the date of the Agreement. It is not the intention of either party, nor the effect of this DPA, to contradict or restrict any of the provisions set forth in the Model Clauses. Accordingly, if and to the extent the Model Clauses conflict with any provision of this DPA, the Model Clauses shall prevail to the extent of such conflict. Where IXCloud (Numonix) is onward transferring Personal Data outside of the EEA or the UK under Model Clauses, Customer authorizes IXCloud (Numonix) to enter into the Model Clauses for the benefit of Customer.
- Confidentiality of Processing. Numonix shall ensure that any person that it authorizes to Process the Personal Data (including Numonix’s staff, agents and subcontractors) (an “Authorized Person”) shall be subject to a strict duty of confidentiality (whether a contractual duty or a statutory duty) and shall not permit any person to Process the Personal Data who is not under such a duty of confidentiality. Numonix shall ensure that all Authorized Persons Process the Personal Data only as necessary for the Permitted Purpose.
- Security. Numonix shall implement appropriate technical and organizational measures to protect the Personal Data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to the Personal Data (a “Security Incident”). Such measures shall have regard to the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons. Such measures may include, as appropriate:
- the pseudonymization and encryption of Personal Data;
- the ability to ensure the ongoing confidentiality, integrity, availability and resilience of Processing systems and services.
- the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident;
- a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the Processing.
- Sub-processing. Customer specifically authorizes the engagement of IXCloud (Numonix)’s affiliates as Sub- processing. Customer consents to IXCloud (Numonix) engaging third party Sub-processing to Process the Personal Data provided that: (i) IXCloud (Numonix) maintains an up-to-date list of its Sub-processing available upon request which it shall update with details of any change in Sub-processing at least 10 days’ prior to any such change; (ii) Numonix imposes data protection terms on any Sub-processing it appoints that protect the Personal Data to substantially similar terms to the terms of this DPA; and (iii) Numonix remains fully responsible for any breach of this DPA that is caused by an act, error or omission of its Sub-processing. Customer may object to Numonix’s appointment or replacement of a third-party Sub-processing within thirty (30) days of the update to the list of Sub-processing, provided such objection is on reasonable grounds relating to the protection of the Personal Data. In such event, Numonix will either not appoint or replace the Sub-processing or, if this is not possible, Customer may suspend or terminate this DPA.
- Cooperation and Data Subjects‘ Rights. Numonix) shall provide all reasonable and timely assistance (including by appropriate technical and organizational measures) to Customer to enable Customer to respond to: (i) any request from a Data Subject to exercise any of its rights under Applicable Data Protection Law (including its rights of access, correction, objection, erasure and data portability, as applicable); and (ii) any other correspondence, enquiry or complaint received from a Data Subject, regulator or other third party in connection with the Processing of the Personal (the “Permitted Purpose”), except where otherwise required or allowed by Applicable Data Protection Law applicable to IXCloud (Numonix). In no event shall IXCloud (Numonix) Process the Personal Data for its own purposes or those of any third party except as set forth in the Agreement. Other than as otherwise agreed upon by the parties in the Agreement or as otherwise permitted under Applicable Data Protection Law, IXCloud (Numonix) shall not (i) sell the Personal Data, or (ii) retain, use or disclose the Personal Data for any commercial purpose.
Data. In the event that any such request, correspondence, enquiry or complaint is made directly to IXCloud (Numonix), Numonix shall promptly inform Customer providing details of the same.
- Data Protection Impact Assessment. If Numonix believes or becomes aware that its Sub-Processing, Processing of the Personal Data is likely to result in a high risk to the data protection rights and freedoms of Data Subjects, it shall promptly inform Customer and provide Customer with all such reasonable and timely assistance as Customer may require in order to conduct a data protection impact assessment and, if necessary, consult with its relevant data protection authority.
- Security Incidents. Upon becoming aware of a Security Incident, Numonix shall inform Customer without undue delay and shall provide all such timely information and cooperation as Customer may require in order for Customer to fulfil its data breach reporting obligations under (and in accordance with the timescales required by) Applicable Data Protection Law. Numonix shall further take all such measures and actions as are necessary to remedy or mitigate the effects of the Security Incident and shall keep Customer apprised of all developments in connection with the Security Incident.
- Deletion or Return of Data. After termination or expiration of the Agreement, or upon Customer’s request, Numonix shall destroy or return to Customer all Personal Data (including all copies of the Personal Data) in its possession or control (including any Personal Data subcontracted to a third party for Processing). This requirement shall not apply to the extent that Numonix is required by any EU (or any EU Member State) law to retain some or all of the Personal Data, in which event Numonix shall isolate and protect the Personal Data from any further Processing except to the extent required by such law.
- Audit. Numonix shall permit upon Customer’s written request, when Customer has reasonable cause to believe Numonix is in non- compliance with its obligations under this DPA, a mutually agreed-upon third party auditor (the “Auditor”) to audit Numonix’s compliance with this DPA and shall make available to such third party auditor all information, systems and staff necessary for the Auditor to conduct such audit. Numonix acknowledges that the Auditor may enter its premises for the purposes of conducting this audit, provided that Customer gives it reasonable prior notice of its intention to audit, conducts its audit during normal business hours, and takes all reasonable measures to prevent unnecessary disruption to Numonix’s operations. Customer will not exercise its audit rights more than once in any twelve (12) calendar month period, except (i) if and when required by instruction of a competent data protection authority; or (ii) Customer reasonably believes a further audit is necessary due to a Security Incident suffered by IXCloud (Numonix).
IXCloud (Numonix) and Customer have caused this Agreement to be executed by their duly authorized representatives as of the Effective Date.
| (Customer) | Numonix, LLC., a Delaware corporation |
| Signature: | Signature: |
| Printed Name: | Printed Name: |
| Title: | Title: |
| Date: | Date: |
| Address: | Address: 2650 N. Military Trail Suite 150, Boca Raton, FL 33431, USA |
Data exporter
is (i) Customer which is subject to the data protection laws and regulations of the EU, the EEA and/or their member states, Switzerland and/or the UK and, (ii) its Affiliates (as defined in the Agreement).
Data importer
The data importer is (please specify briefly activities relevant to the transfer):
IXCloud (Numonix) is a provider of recording software and Software-as-a-Service subscription services which may process personal data upon the instruction of the data exporter in accordance with the terms of the Agreement.
Data subjects
The personal data transferred concern the following categories of data subjects (please specify):
Data exporter may submit Personal Data to data importer through Services, as applicable, the extent of which is determined and controlled by the data exporter in its sole discretion, and which may include, but is not limited to Personal Data relating to the following categories of data subjects:
- Prospects, customers, business partners and vendors of data exporter (who are natural persons)
- Employees or contact persons of data exporter’s prospects, customers, business partners and vendors
- Employees, agents, advisors, freelancers of data exporter (who are natural persons)
- Data exporter’s Users authorized by data exporter to use IXCloud (Numonix)’s products and/or services (who are natural persons)
Categories of data
The personal data transferred concern the following categories of data (please specify):
Data exporter may submit Personal Data to the data importer through Services, as applicable, the extent of which is determined and controlled by the data exporter in its sole discretion, and which may include, but is not limited to the following categories of Personal Data:
- First and last name
- Title/Position
- Contact information (company, email, phone, physical business address)
- Network data (including source and destination IP addresses and domains, approximate geolocation based on IP lookup, network traffic flows, communications metadata, machine names, and unique device identifiers)
- User and endpoint behavior (including user account activity & metadata, applications executed on endpoints, and accessed URLs)
- Application logs (including firewall logs, DHCP/DNS logs, intrusion detection logs, malware logs, cloud service logs, proxy logs, file access logs)
- Other relevant machine data which the data exporter elects to send to the data importer for processing.
Special categories of data (if appropriate)
The personal data transferred concern the following special categories of data (please specify):
The data importer does not intentionally collect or process any special categories of data. However, the data exporter may submit special categories of data to the data importer through Services, as applicable, the extent of which is determined and controlled by the data exporter in its sole discretion.
Appendix 1
Data exporter
The data exporter is (please specify briefly your activities relevant to the transfer):
Processing operations
The personal data transferred will be subject to the following basic processing activities (please specify):
Aggregation and processing by IXCloud (Numonix) products and services for use by the data exporter in its normal business activities.
Data importer will maintain administrative, physical, and technical safeguards for protection of the security, confidentiality and integrity of Personal Data uploaded to the Services, as applicable, as described in the Security, Privacy and Architecture Documentation applicable to the specific Services, as applicable, purchased by data exporter, and available upon request or otherwise made reasonably available by data importer. Data importer will not materially decrease the overall security of the Services, as applicable during a license, services, or subscription term.
Appendix 2
Description of the technical and organizational security measures implemented by the data importer in accordance with Clauses 4(d) and 5(c) (or document/legislation attached):
Appendix 3
Additional clauses
The parties agree that the audits described in Clause 5(f), Clause 11 and Clause 12(2) of the Model Clauses shall be carried out in accordance with the Section 11 of this DPA.
The parties agree that the certification of deletion of Personal Data that is described in Clause 12(1) of the Model Clauses shall be provided by the data importer to the data exporter only upon data exporter’s request.
The parties agree that data exporter’s consent for sub-processing as set forth in Section 6 of this DPA shall be deemed consent for the purposes of the Model Clauses.
Hopefully that has clarified things for you and as was previously mentioned if there is something that you aren’t sure whether you need or not it’s usually safer to leave cookies enabled in case it does interact with one of the features you use on our site. This cookies policy applies to both public and subscriber sections of the https://numonix.io site and any of its white labels. However, if you are still looking for more information, you can contact us through one of our preferred contact methods: By visiting this link: https://numonix.io/contact
