Notice of Certification under the EU-U.S. Privacy Shield Framework
CaféX Communications Inc. and its affiliates (the "Company," “We” or “Us”) offer a hosted service that enables our business customers (“Customers”) who subscribe to our communication technology and/or other engagement technology services (“Online Services”) to better communicate and interact with, and deliver content to, visitors to their websites and other prospective customers (“Users” or “You”) in real-time via co-browse, voice, video and other communication and delivery methods.
EU-U.S. Privacy Shield
Sharing Data with Third Parties
We use a limited number of third-party partners and service providers to assist us in making our websites and the Online Services available. These partners and service providers may access, process or store personal data in the course of providing their services (such as credit card processing services). We only share personal information with partners and service providers that show an equally strong commitment to privacy and security. We also maintain contracts restricting the use and disclosure of personal data. If one of these partners or service providers processes personal data in a manner inconsistent with the Privacy Shield Principles, we will be liable unless we can prove that we are not responsible for the event giving rise to the damage.
Note, however, that we may need to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements
Information We Collect
When subscribing to the Online Service, We request information in a sign-up form to facilitate the Online Service such as name, postal address, e-mail address or telephone number. This is information we need, for example, to process a payment or enabling software components.
When using the Online Service, chat transcripts, emails, and other written communication between Customers and User are stored. Additionally, Users may be asked to complete a survey, a copy of which is stored, in order to allow us (including our third party service providers) and our Customers to obtain valuable feedback. Co-browsing information, such as screenshots, is not stored. We may also log technical metadata about the Online Service such as IP addresses of or software used by Users and Customers’ Agents.
Please see our for a further description of information we collect and how it is used.
How long do we retain your Information?
We review our retention periods for personal information on a regular basis. We are legally required to hold some types of information to fulfil our statutory obligations (for example, to comply with obligations relating to invoicing and taxes). We will hold your personal information on our systems for as long as is necessary for the relevant activity, or as long as is specified in any relevant contract between you and us.
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it, or, if this is not reasonably possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information on hardened servers that are hosted on highly secure data centers, and isolate it from any further processing until deletion is possible.
We will not contact you for marketing purposes by email or phone except (i) as necessary to enter into a contract or fulfil our obligations under a contract, (ii) with your permission, or (iii) for legitimate purposes permitted by applicable law. We will provide an unsubscribe option on all marketing emails you receive from us. You may also contact us at firstname.lastname@example.org to unsubscribe or if you have any other questions or concerns regarding your receipt of marketing materials from us.
You may contact us at email@example.com with any request to access, correct or delete any personal information that you have provided to us. We make good faith efforts to honor reasonable requests to access, correct or delete your personal information. If you request that we delete your personal information, your Service account information will also be removed. We may not accommodate a request to remove personal information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.
We have implemented measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration and disclosure. All information you provide to us is stored on our secure, hardened servers that are hosted on highly secure data centers. Access to this data is protected by multiple layers of controls, including firewalls, authentication mechanisms and monitoring.
The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of the Service or our websites, you are responsible for keeping this password confidential. We urge you to be careful about giving out information in public areas of our website like message boards. The information you share in public areas may be viewed by any user of our website.
Unfortunately, the transmission of information via the Internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to the Service. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Service.
Consent to transfer, process and store Personal Information.
As CaféX is a global organization, we may transfer your personal information to CaféX in the United States, to our subsidiary in the United Kingdom, or to third parties and business partners as described above that are located in various countries around the world. By using the Service or providing any personal information to us, where applicable law permits, you consent to the transfer, processing, and storage of such information outside of your country of residence where data protection standards may be different.
CaféX is responsible for the processing of personal data it receives under the Privacy Shield Framework and subsequently transfers to a third party acting as an agent on its behalf. We comply with the Privacy Shield Principles for all onward transfers of personal data from the EU, including the onward transfer liability provisions. In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
In compliance with the US-EU Privacy Shield Principles, we commit to resolve complaints about privacy and our collection or use of the personal information of EU individuals. If you believe we retain your personal data within the scope of our Privacy Shield certification, you may direct any queries or complaints regarding our Privacy Shield certification or compliance to the address above. We will respond to any inquiries or complaints within 45 days at no cost to you.
If you feel we failed to provide an adequate response, you may contact JAMS (https://www.jamsadr.com), which provides an independent third-party dispute resolution mechanism. Under certain conditions more fully described on the Privacy Shield website (https://www.privacyshield.gov), you may be entitled to invoke binding arbitration through the Privacy Shield Panel when other dispute resolution procedures have been exhausted.
We are subject to the investigatory and enforcement powers of the US Federal Trade Commission with respect to personal data received or transferred pursuant to the EU-US Privacy Shield Framework.
Rights to Access, Limit Use and Limit Disclosure
EU individuals have rights to access personal data about them, and to limit use and disclosure of their personal data. Because our personnel have limited ability to access personal data our Customers submit to the Online Services, if a User wishes to request access to or to limit use and/or disclosure of his/her/its personal data, please contact Us at firstname.lastname@example.org with the name of Our Customer through which the User used the Online Services. We will refer the request to that Customer, and will support them as needed in responding to the request.
Inquiries, Enforcement and Resolution
In compliance with the US-EU Shield Principles, we commit to resolve complaints about the privacy and our collection or use of the personal information of EU individuals. If You believe We retain Your personal data within the scope of our Privacy Shield certification, You may direct any queries or complaints regarding our Privacy Shield certification or compliance to the address above We will respond to any inquiries or complaints within 45 days at no cost to You.
If You feel we failed to provide an adequate response, you may contact (https://www.jamsadr.com), which provides an independent third-party dispute resolution mechanism. Under certain conditions more fully described on the Privacy Shield website, you may be entitled to invoke binding arbitration through the Privacy Shield Panel when other dispute resolution procedures have been exhausted.
We are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission with respect to personal data received or transferred pursuant to the EU-U.S. Privacy Shield Framework.
Last Modified 2018-10-18 Rob Hill (Information Security Officer)
To download a copy of this policy click here