Privacy Policy
Privacy Policy
Summary of Privacy Policy Updates
This section provides a summary of significant changes, enhancements, and clarifications introduced in this version of the Privacy Policy compared to previous versions, including the Privacy Policy dated May 25, 2018 and the 2018 Website Privacy Policy. The purpose is to promote transparency and help users easily identify material updates affecting their rights or the company’s data protection practices.
Updates from Previous Versions as of May 25, 2018
- Policy supersedes the prior Website Privacy Policy dated May 25, 2018. Users should refer exclusively to the present Privacy Policy for all privacy-related information and disclosures.
- Alignment with Global Data Protection Standards: The Privacy Policy has been comprehensively revised to reflect applicable requirements of the General Data Protection Regulation (GDPR); California Consumer Privacy Act, as amended by the California Privacy Rights Act(CCPA); PIPEDA; and other international data protection requirements.
- Expanded Definitions and Roles: Detailed definitions have been introduced for personal data, data subject, controller, processor, subprocessor, and other key terms. The Policy now also explains the roles and responsibilities of the company, customers, partners, resellers, service providers, and authorized users in relation to personal data.
- Enhanced Data Subject Rights: Clarified and expanded the rights of individuals regarding access, rectification, erasure, restriction, portability, objection, and withdrawal of consent, as detailed in Section 6 Data Subject Rights and Section 7 Data Subject Consent.
- Comprehensive Data Processing Details: A new structure provides a detailed overview of the nature, scope, and duration of data processing, including legal bases, purposes, categories of data processed, and types of data subjects, as outlined in Sections 4, 5, and 6.
- International Data Transfers: Introduced clear explanations and safeguards regarding cross-border data transfers, including mechanisms such as Standard Contractual Clauses, as detailed in Section 8 International Data Transfers.
- Incident and Breach Notification: Established robust procedures for personal data breach notification to authorities, customers, and data subjects.
- Third-Party Processors and Integrations: Provided clear information about third-party data processors, service providers, and integrations, as described in Section 2.5 Categories of Data Processors Engaged by the Company, Section 6.7 Third-Party Processing and Subprocessing, and Section 12 Third-Party Links and Integrations.
- Technical, Administrative, and Physical Security Measures: Outlined enhanced security practices and controls aligned with ISO/IEC 27001 and ISO/IEC 27701, as detailed in Section 13 Data Protection.
- Regulatory and Standards Compliance:
Added explicit references to GDPR, CCPA, PIPEDA, and other relevant regulations and standards, as set out in Section 14 Compliance with Regulations and Standards. - User Security and Shared Responsibility: Provided updated guidance for users to enhance their own security practices and described the concept of shared responsibility for safeguarding personal data, as covered in Section 15 User Security Considerations.
- Policy Change Notification and Transparency: Improved procedures for notifying users about changes to the Privacy Policy and summarized key changes for ease of reference, as explained in Section 16 Privacy Policy Changes.
Note
This summary does not replace or override any section of the Privacy Policy. Users are encouraged to review the entire Policy to understand their rights, obligations, and the company’s privacy practices.
1 General Terms
1.1 Overview of the Policy
Network Optix, Inc. (further - the company, or referred to as "we", "us", or "our") is committed to respecting and protecting the privacy of all individuals ("user" or "you") who use our services, including but not limited to software, applications, platforms, and related offerings (collectively, the "Services").
This Privacy Policy ("Policy") applies to:
- Individuals who use or access the Services and whose personal data may be collected, processed, or stored by the company; and
- Legal entities (including customers, partners, resellers, and service providers) who may act as data controllers, processors, or subprocessors with respect to personal data processed by or through the Services.
The Policy is designed to:
- Inform you about the types of personal data that may be collected or processed by the company in connection with your use of the Services;
- Explain the purposes, lawful bases (where applicable), and conditions under which personal data is processed and disclosed;
- Outline the rights of individuals (data subjects) in relation to their personal data and the responsibilities of organizations acting as controllers, processors, or subprocessors;
- Describe the company’s data protection and privacy practices, including mechanisms for compliance and communication.
This Policy applies globally, unless a separate privacy notice, contract, or data processing agreement expressly supersedes or supplements it for a specific relationship or transaction.
The most current version of this Policy will apply each time you use or interact with the Services, as indicated by the effective date at the top of this document. By accessing or using the Services, you, and any entity you represent, acknowledge and agree to the practices described herein, to the extent permitted by applicable law.
By accessing or using the Services, you, and any entity or organization you represent, agree to comply with and be bound by the requirements of this Privacy Policy, including all obligations applicable to controllers, processors, and subprocessors under applicable data protection law.
1.2 Jurisdiction and Cross-Border Data Transfers
The Services provided by the company are hosted in the United States of America and are subject to applicable United States federal and state laws.
If you access or use the Services from outside the United States, you acknowledge and agree to the following:
- Transfer of Personal Data: Your personal data may be transferred to, processed, and stored in the United States and other jurisdictions where the company, its affiliates, or its service providers operate.
- Consent to Transfer: By using the Services and providing personal data, you expressly consent to such transfer, processing, and storage in accordance with this Privacy Policy and applicable law, regardless of your country of residence.
- Compliance with Local Law: You are responsible for ensuring that your use of the Services is lawful in your jurisdiction. If your use of the Services or any related activity would be unlawful in your location, you must not use the Services.
For users located in the European Economic Area (EEA), the United Kingdom, Switzerland, or other jurisdictions with data protection laws that differ from those of the United States:
- GDPR and International Data Transfers: The company is committed to processing your personal data in accordance with the General Data Protection Regulation (GDPR), the UK Data Protection Act, and other applicable data protection laws. When personal data is transferred from the EEA, United Kingdom, Switzerland, or other jurisdictions to the United States or other countries that may not offer the same level of data protection, the company implements appropriate safeguards, including the use of Standard Contractual Clauses (SCCs) approved by the European Commission or other lawful transfer mechanisms as required by applicable law.
- Questions and Data Protection Officer Contact: For any questions or concerns regarding cross-border data transfers or data protection practices, you may contact the company’s Data Protection Officer (DPO) using the contact details provided in the section 14 Contacts.
This Policy is intended to ensure that personal data is processed lawfully, fairly, and transparently, regardless of the country from which you access the Services.
1.3 Language
This Privacy Policy has been originally prepared in the English language. In the event of any discrepancy, inconsistency, or conflict between the English version of this Privacy Policy and any translation thereof, the English version shall prevail.
The company may provide translations of this Privacy Policy for convenience and informational purposes. However, the English-language version will be the authoritative and legally binding version in all cases.
If you require assistance in understanding any part of this Policy, or need information in another language or accessible format, please contact us using the methods provided in the section 14 Contacts below.
1.4 User-Friendly Language and Accessibility
The company is committed to making this Privacy Policy clear, understandable, and accessible to all users, including individuals with disabilities and those who may require additional assistance.
If you have any questions about the contents of this Privacy Policy, or if you need this Policy or related privacy information provided in an alternative language, accessible format, or by another means, please contact us using the details provided in the section 14 Contacts.
The company will make reasonable efforts to accommodate your needs and ensure that its privacy practices remain transparent and accessible to all individuals and entities engaging with the Services.
1.5 Definitions
For the purposes of this Privacy Policy, the following terms shall have the meanings set forth below. Where appropriate, these definitions are derived from the General Data Protection Regulation (GDPR) Article 4, ISO/IEC 27000 series, the California Consumer Privacy Act (CCPA), and other authoritative sources.
- Personal Data: Any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person (GDPR Article 4(1)).
- Non-Personally-Identifying Information: Information that cannot be used on its own to identify a specific individual. This includes aggregated, anonymized, or de-identified data that does not reveal the identity of an individual.
- Sensitive Personal Information: Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for uniquely identifying a natural person, data concerning health, or data concerning a natural person's sex life or sexual orientation (GDPR Article 9; CCPA).
- Processing: Any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction (GDPR Article 4(2); ISO/IEC 27000:2018).
- Controller: A natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data (GDPR Article 4(7); ISO/IEC 27000).
- Processor: A natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller (GDPR Article 4(8); ISO/IEC 27000).
- Data Subject: An identified or identifiable natural person whose personal data is processed by a controller or processor (GDPR Article 4(1)).
- Consent: Any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her (GDPR Article 4(11)).
- Data Breach: A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed (GDPR Article 4(12)).
- Sale: Selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating a consumer’s personal information by the business to another business or a third party for monetary or other valuable consideration (CCPA).
- Business: A legal entity that operates for profit and collects consumers’ personal data, meets certain thresholds, and conducts business in California (CCPA).
- Data Protection Officer (DPO): A designated individual responsible for overseeing the company’s data protection strategy and compliance with applicable data protection laws (GDPR Article 37).
- Third Party: A natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data (GDPR Article 4(10)).
- Service Provider: A for-profit entity that processes personal information on behalf of a business and to which the business discloses a consumer's personal information for a business purpose pursuant to a written contract (CCPA).
- Children’s Data: Information collected from children under the age of 13, subject to special protection under the Children’s Online Privacy Protection Act (COPPA) and similar laws.
- Legal Entity / Organization: A corporation, partnership, association, or other entity, distinct from a natural person, that may act as a controller, processor, or subprocessor with respect to personal data in the context of the Services.
2 Parties and Roles
2.1 Data Subjects
Data Subjects are individuals whose personal data is processed by the company in the context of providing the Services. This includes users of our software, applications, platforms, and related offerings, as well as individuals whose information is processed on behalf of organizational customers, partners, or resellers.
Children: The company does not knowingly collect or process personal data from children under the age of 13 (or any higher age as required by applicable law), unless permitted or required by law. If the company becomes aware that it has collected personal data from a child under such age without appropriate consent, it will take reasonable steps to delete such data promptly.
For US visitors, in our efforts to comply with COPPA we do not knowingly collect information from children under 13 years old.
For users located in the European Economic Area, the minimum age for providing consent to data processing is determined by local law and may be between 13 and 16 years. Where required by law, the company will obtain parental or guardian consent before processing personal data of children under the relevant age threshold.
Parents or legal guardians who believe their child has provided personal data to the company are encouraged to contact us (see section 14 Contacts) to request removal of that information.
2.2 Roles of the Company
The company may act in one or more of the following roles, depending on the nature of the Services provided and the contractual relationship with the customer, partner, or reseller:
- Data Controller: The company acts as a Data Controller when it determines the purposes and means of processing personal data for its own legitimate business purposes, such as account management, service administration, regulatory compliance, security monitoring, and direct communications.
- Data Processor: The company acts as a Data Processor when processing personal data on behalf of a partner, reseller, or customer who is the Data Controller. This includes scenarios such as white-label SaaS solutions, managed services, or when processing is performed strictly on the instructions of the Data Controller. When the company acts as a Data Processor, the data subject’s rights may be governed by the privacy policy of the partner, reseller, or customer who is the Data Controller, rather than this Privacy Policy.
- Subprocessor: The company acts as a Subprocessor when processing personal data on behalf of a processor (such as a partner or reseller) who, in turn, is acting on behalf of an original Data Controller (e.g., the end customer). When the company acts as a Subprocessor, the data subject’s rights may be governed by the privacy policy of the original Data Controller, rather than this Privacy Policy
Support and Service Scenarios
When providing third-level (tier 3) support or other technical assistance to resellers, partners, or their customers, the company may access or process personal data strictly as a Data Processor or Subprocessor, in accordance with documented instructions from the Data Controller or Processor, and only as necessary to deliver the requested support services.
When acting as a Data Processor or Subprocessor, the company does not make decisions regarding the purposes and means of processing personal data, and data subject requests will be referred to the relevant Data Controller.
Role Determination
The specific role of the company for any data processing activity will be determined by the contractual arrangement and the nature of the processing involved. The company’s obligations and responsibilities will be fulfilled in accordance with applicable data protection laws and the terms of relevant agreements.
2.3 Data Controller Responsibilities
When acting as a Data Controller, the company is responsible for:
- Ensuring that personal data is processed lawfully, fairly, and transparently;
- Determining and communicating the specific purposes of processing;
- Collecting only the minimum necessary personal data and maintaining its accuracy;
- Retaining personal data only as long as necessary for its specified purpose or as required by law;
- Implementing appropriate technical and organizational measures to protect personal data;
- Facilitating the exercise of data subject rights as set forth in Section 6 of this Policy.
2.4 Data Processors and Subprocessors
When acting as a Data Processor or Subprocessor, the company:
- Processes personal data only on documented instructions from the Data Controller or Processor;
- Ensures that persons authorized to process personal data are bound by appropriate confidentiality obligations;
- Implements appropriate technical and organizational measures to safeguard personal data;
- Engages sub-processors only with the prior authorization of the Data Controller or Processor and ensures that such sub-processors are subject to data protection obligations equivalent to those in this Policy or the policy of the Data Controller, as applicable;
- Assists the Data Controller in fulfilling its legal obligations regarding security, data breach notification, and data subject rights;
- Notifies the Data Controller or Processor without undue delay upon becoming aware of a personal data breach.
All Data Processors and Subprocessors engaged by the company are contractually required to process personal data strictly in accordance with this Privacy Policy, the Privacy Policy of the Data Controller (as applicable for Subprocessors), applicable data protection laws (including the GDPR), and the documented instructions provided by the company or relevant Data Controller. Each third-party processor must implement and maintain technical and organizational measures equivalent to those required by GDPR, ensure confidentiality, facilitate data subject rights, and enable the company’s or Data Controller’s audit and inspection rights as specified herein.
All processors and subprocessors must maintain records of all categories of processing activities carried out on behalf of the company or Data Controller, as required under Article 30(2) GDPR, and provide such records to the company or relevant authority upon request.
2.5 Categories of Data Processors Engaged by the Company
The company may engage third-party service providers to assist in processing personal data, including but not limited to:
- Cloud Storage Providers
- Email Service Providers
- Payment Processors
- Analytics Providers
- Customer Support Platforms
- IT and Infrastructure Service Providers
A current list of specific data processors and subprocessors engaged by the company is available upon request (see section 14 Contacts).
2.6 Data Protection Officer (DPO)
The company has appointed a Data Protection Officer (DPO) responsible for overseeing the company’s data protection strategy and compliance with applicable data protection laws and regulations. For privacy-related inquiries or to exercise your rights, please contact our DPO as described in the section 14 Contacts.
2.7 Other Parties’ Roles and Responsibilities
In connection with the provision and use of the Services, the following parties may assume one or more of the roles described below, with corresponding responsibilities under applicable data protection laws and relevant contractual agreements.
2.7.1 Customer / End Customer
Role: Usually acts as a Data Controller, determining the purposes and means of processing personal data related to its authorized users, employees, or customers.
Responsibilities:
- Lawfulness: Ensure that all processing of personal data is lawful and that any necessary consents or notices have been provided to data subjects.
- Instructions: Provide clear and documented instructions to the company (and, if relevant, to partners or resellers) regarding processing of personal data.
- Data Subject Rights: Facilitate the exercise of data subject rights, including access, rectification, erasure, restriction, portability, and objection, either directly or in cooperation with the company and any other processors involved.
- Security: Implement appropriate technical and organizational measures to safeguard personal data in its possession or control.
- Breach Notification: Notify the company promptly of any suspected or actual personal data breach relating to the use of the Services, and cooperate in managing any such incident.
2.7.2 Partner / Reseller
Role: May act as a Data Controller (when determining purposes and means of processing), a Data Processor (processing on behalf of a customer or end customer), or both, depending on the service model.
Responsibilities:
- Compliance: Fulfill all legal obligations applicable to its designated role (controller or processor) under data protection law and this Policy.
- Instructions and Flow-Down: Ensure that any processing by the company as a subprocessor is governed by documented instructions and that all applicable requirements (e.g., security, subprocessing, data subject rights) are passed down in contracts.
- User Support: If providing first- or second-level support, limit access to personal data to what is necessary and ensure all personnel are appropriately trained and bound by confidentiality.
- Notification: Promptly notify the company of any incident, data breach, or request from a supervisory authority involving personal data processed in connection with the Services.
- Assistance: Cooperate with the company and any customers to facilitate responses to data subject requests, security incidents, audits, or regulatory investigations.
- GDPR Flow-Down: Ensure that all downstream service providers, subprocessors, or other parties engaged in connection with the Services are contractually required to comply with the obligations of this Privacy Policy, the GDPR, and any other applicable data protection laws, and are subject to equivalent technical and organizational safeguards, audit rights, and cooperation obligations.
- Notification and Cooperation: Promptly notify the company of any data subject request, data breach, or regulatory inquiry relating to personal data processed under this Policy, and cooperate in any investigation or remediation.
2.7.3 Service Provider / Subprocessor
Role: A third party engaged by the company, partner, reseller, or customer to process personal data exclusively on documented instructions from the contracting entity.
Responsibilities:
- Processing Limitations: Process personal data solely as instructed, and not for any other purpose.
- Confidentiality: Ensure that only authorized personnel with a legitimate need have access to personal data, and that all such personnel are subject to appropriate confidentiality obligations.
- Security: Implement suitable technical and organizational measures to protect personal data from unauthorized or unlawful processing, accidental loss, destruction, or damage.
- Breach Notification: Notify the contracting entity (e.g., the company) without undue delay of any personal data breach.
- Subprocessing Restrictions: Not engage additional subprocessors without prior authorization and contractual flow-down of equivalent obligations.
- GDPR Compliance Commitment: Adhere to the obligations set out in this Privacy Policy and in the GDPR, including but not limited to, implementing appropriate technical and organizational measures, processing personal data only on documented instructions, supporting the exercise of data subject rights, and permitting audits by the company or relevant Data Controllers as required.
- Contractual Flow-Down: Not engage any further subprocessors without the prior written authorization of the company and subject to the imposition of the same data protection obligations as set forth in this Policy and applicable law.
2.7.4 Authorized User
Role: An individual (such as an employee or contractor) authorized by a customer, partner, or reseller to use the Services.
Responsibilities:
- Lawful Use: Use the Services only as permitted by their organization and in compliance with applicable laws and internal policies.
- Accuracy: Provide accurate and up-to-date personal data where required.
- Security: Safeguard their authentication credentials and promptly report any actual or suspected security incident, unauthorized access, or misuse of their account.
- Data Subject Rights: Exercise data protection rights through their organization (controller), except as otherwise provided by law.
Role Determination:
The specific roles and responsibilities of each party will be governed by the contractual arrangement and the relevant data protection laws.
3 Legal Basis for Processing
The company processes personal data only when permitted by applicable data-protection laws. For GDPR purposes, the lawful bases may include, but are not limited to, the following:
3.1 Consent
Processing is based on the data subject’s freely given, specific, informed, and unambiguous consent, where required by law.
Example – When you subscribe to marketing communications or newsletters, your consent is obtained and can be withdrawn at any time.
3.2 Performance of a Contract
Processing is necessary for the performance of a contract to which the data subject is party, or to take steps at the data subject’s request prior to entering into a contract.
Example – Creating and managing user accounts, providing access to the Services, or fulfilling support requests.
3.3 Legal Obligation
Processing is necessary for compliance with a legal obligation to which the company is subject.
Example – Retaining records for tax, accounting, or regulatory compliance, or responding to lawful requests from public authorities.
3.4 Legitimate Interests
Processing is necessary for the purposes of legitimate interests pursued by the company or a third party, except where such interests are overridden by the fundamental rights and freedoms of the data subject.
Example – Securing and improving the Services, preventing fraud, business analytics, or communicating with users regarding updates to the Services.
3.5 Protection of Vital Interests
Processing is necessary to protect the vital interests of the data subject or another natural person.
Example – Responding to emergency situations that may impact the health or safety of individuals.
3.6 Public Interest or Official Authority
Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the company, where applicable.
Note – Where processing is based on consent, you have the right to withdraw your consent at any time without affecting the lawfulness of processing before its withdrawal. For more information on your rights, see Section 6 (Data Subject Rights).
4 Categories of Personal Information
The company collects and processes various categories of personal data in connection with the provision and operation of the Services. The specific categories and scope of data collected may vary depending on the relationship with the company (e.g., end user, customer, partner, reseller, or authorized user) and the use of particular Service features.
4.1 Types of Personal Data
Personal data processed may include, but is not limited to:
- Identifiers — Name, username, account ID, contact details (email, phone, physical address), and other unique identifiers.
- Company / Organizational Information — Employer name, company contact information, position or job title, department, business unit.
- Billing and Financial Data — Payment-method details (e.g., masked credit-card data), billing address, transaction history, tax ID (where required by law).
- Account and Preference Data — Account credentials, authentication data, preferences (such as language or notification settings), communication preferences.
- System and Usage Data — IP address, device identifiers, system and browser information, access logs, user-activity data, settings, technical diagnostics, cookie identifiers, mobile-device analytics.
- Support and Communication Data — Content of support requests, inquiries, chat messages, feedback, and correspondence with the company.
- Marketing and Event Participation Data — Registration and attendance information for webinars, events, surveys, or promotions.
- Other Voluntarily Provided Data — Any additional information provided by you or on your behalf in connection with your use of the Services.
- Recruitment Data — CV / résumé details, qualifications, references, background checks, interview notes.
- Employment Data — Contract terms, payroll data, performance reviews, attendance, benefits, tax IDs, emergency contacts.
Special Categories of Data — The company does not intentionally collect or process special categories of personal data (Article 9 GDPR) unless explicitly required or permitted by law and with appropriate safeguards.
Sensitive Personal Information — The company does not sell sensitive personal information data under (CCPA §1798.140(ae)]).
Geo-Location Data — The company does not access or track precise geo-location unless you have expressly consented to such collection.
4.2 Purposes of Processing of Personal Data
Personal data is processed for the following purposes, as applicable:
- Service Provision and Account Management: Creating and managing accounts, providing access to the Services, and fulfilling contractual obligations.
- Customer Support and Communications: Responding to inquiries, providing technical support, managing incidents, and maintaining service quality.
- Billing, Payments, and Transactions: Processing payments, issuing invoices, and managing financial transactions.
- Business Operations and Administration: Conducting business analytics, audits, security monitoring, fraud prevention, and quality assurance.
- Marketing and Promotional Activities: Providing information about products, services, events, and promotions, in accordance with consent or legitimate interests (with opt-out options as required by law). Aggregated or non-personally identifying information may be used for targeted advertising, and that users may opt out of such targeting where required by law.
- Compliance and Legal Requirements: Fulfilling legal, regulatory, or contractual obligations, including record-keeping, responding to lawful requests, and compliance with applicable data protection laws.
- Product and Service Improvement: Analyzing usage and feedback to develop, enhance, and secure the Services.
- Event Management: Managing registrations, attendance, and participation in company events or programs.
- Recruitment and Hiring: Assessing and managing job applications, interviews, and onboarding processes.
- Employment Administration: Managing employment contracts, payroll, performance, compliance, and related HR processes.
- Legal Compliance: Fulfilling obligations under labor laws, tax laws, and other employment-related regulations.
- Other Purposes with Notice or Consent: Any other purpose specifically disclosed at the time of data collection or with the individual’s consent.
5 Categories of Data Subjects
The company processes personal data relating to various categories of data subjects, depending on the nature of the Services and the relationships established with customers, partners, resellers, and users. The primary categories of data subjects include, but are not limited to, the following:
5.1 End Users and Account Holders
Individuals who use or are registered to use the Services directly (e.g., via web portals, mobile applications, or other platforms provided by the company), including those who manage or access accounts on behalf of themselves or their organizations.
5.2 Customer Personnel
Employees, representatives, or agents of customers (including business clients, enterprise accounts, and institutional partners) who interact with the company or use the Services in the context of a business or contractual relationship.
5.3 Partner and Reseller Personnel
Individuals employed by, contracted by, or otherwise acting on behalf of partners, resellers, or distributors who market, resell, implement, or support the Services, whether under their own brand or on behalf of the company.
5.4 Authorized Users
Individuals authorized by a customer, partner, or reseller to access and use the Services, including administrators, operators, or end-users as defined by contractual agreements.
5.5 Interested Parties and Event Participants
Individuals who engage with the company at events, webinars, training sessions, marketing activities, or other outreach efforts (e.g., visitors to company-sponsored booths, respondents to surveys, or registrants for newsletters).
5.6 Support Requestors
Individuals who contact the company (or its partners, resellers, or service providers) for customer support, technical assistance, or issue resolution, including those who interact via helpdesks, support portals, or communication channels.
5.7 Website and Application Visitors
Individuals who access or browse the company’s websites, web portals, applications, or related online resources, regardless of whether they are registered users.
5.8 Candidates and Job Applicants
Individuals who submit applications, CVs, or other information in connection with seeking employment or engagement with the company (including through recruitment agencies or online platforms).
5.9 Employees, Current and Former (including EoR)
Includes direct employees, former employees, and individuals engaged via an Employer of Record (EoR). For EoR workers, the EoR acts as the primary employer (controller) for HR, payroll, and statutory obligations. The company may act as a processor or joint controller for processing personal data required for day-to-day workplace management, access control, IT systems, and compliance monitoring. Data subject rights for EoR employees may be exercised via the EoR (primary employer) or directly with the company as relevant to the processing context.
5.10 Other Data Subjects
Any other individuals whose personal data is processed by the company in connection with the provision or operation of the Services, including but not limited to third-party contacts provided for business or legal purposes.
6 Data Subject Rights
Individuals whose personal data is processed by the company are entitled to exercise specific rights under applicable data protection laws, including the GDPR, CCPA, and similar regulations.
6.1 Right to Be Informed
You have the right to be informed about the collection and use of your personal data, including the purposes, legal basis, recipients, and your rights, as provided in this Privacy Policy.
6.2 Right of Access
You have the right to obtain confirmation from the company as to whether your personal data is being processed, and, where applicable, to request access to your personal data and information about how it is processed.
6.3 Right to Rectification
You have the right to request correction of inaccurate or incomplete personal data concerning you. You may update certain information directly via your account or by contacting the company as outlined in 17 Contacts.
6.4 Right to Erasure ("Right to Be Forgotten")
You have the right to request the deletion of your personal data where permitted by law, including, but not limited to, cases where the data is no longer necessary for the purposes for which it was collected, or you have withdrawn your consent (where applicable).
6.5 Right to Restrict Processing
You have the right to request the restriction of processing of your personal data where the accuracy of the data is contested, the processing is unlawful, or you have objected to processing as described in 8.7 Right to Object.
6.6 Right to Data Portability
You have the right to receive the personal data concerning you in a structured, commonly used, and machine-readable format, and to transmit that data to another controller, where technically feasible.
6.7 Right to Object
You have the right to object, on grounds relating to your particular situation, to the processing of your personal data, including processing based on legitimate interests or for direct marketing purposes.
6.8 Right to Withdraw Consent
Where processing is based on your consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing carried out prior to withdrawal. See 9 Data Subject Consent for more information.
6.9 Rights Related to Automated Decision-Making and Profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, unless such processing is authorized by law, necessary for contract performance, or based on your explicit consent.
Automated Decision Making
The company does not use automated decision-making or profiling that produces legal or similarly significant effects, unless specifically disclosed to the data subject with safeguards as required by law.
6.10 Right to Lodge a Complaint
You have the right to lodge a complaint with a competent data protection authority if you believe your rights have been violated. For details, see 17 Contacts.
6.11 How to Exercise Your Rights
To exercise any of your rights under this section, please contact the company using the contact information provided in 14 Contacts. The company may require you to verify your identity before processing your request. Requests will be addressed in accordance with applicable law.
Please Note
Where the company is acting as a Data Processor or Subprocessor on behalf of a Data Controller (such as a customer, partner, or reseller), requests to exercise data subject rights (including access, rectification, erasure, objection, etc.) must be submitted to the relevant Data Controller. The company will promptly notify and, where required, assist the Data Controller in responding to your request, in accordance with applicable data protection laws and contractual obligations.
If you are unsure who the Data Controller is for your personal data, please contact us (see section 14 Contacts), and we will make reasonable efforts to direct your inquiry to the appropriate Controller.
Please Note
The exercise of certain rights, such as the right to erasure or objection, may be subject to limitations where retention or processing of data is required by employment, contractual, or legal obligations, including obligations that may persist after the end of employment.
Note for EoR Employees:
If you are employed via an Employer of Record, you may exercise your data protection rights (access, rectification, erasure, etc.) either through your EoR (the legal employer and data controller) or directly with the company, where the company acts as a data processor or joint controller for certain processing activities. Some requests may require coordination between the EoR and the company to ensure compliance with applicable data protection law.
7 Data Subject Consent
The company ensures that personal data is processed on the basis of freely given, specific, informed, and unambiguous consent where required by applicable law, and in accordance with the principles of transparency and fairness described in 7 Data Processing Principles.
7.1 Explicit Consent for Processing
Where processing of personal data is based on consent, the company will obtain your explicit consent prior to collecting or processing your personal data for those specific purposes. You may be asked to provide consent, for example, when subscribing to marketing communications, participating in surveys, or enabling optional features within the Services.
7.2 Withdrawal of Consent
You have the right to withdraw your consent at any time. Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal. For instructions on withdrawing your consent or managing your preferences, please contact the company as specified in 17 Contacts, or use any opt-out mechanisms provided within the relevant communication or Service.
7.3 Consequences of Withdrawing Consent
Withdrawing your consent may affect the availability or quality of certain Services or features that rely on such consent. The company will inform you if this is the case at the time of your request.
7.4 Consent for Marketing Communications
The company will only use your personal data for direct marketing purposes where you have provided consent or where permitted by law. You may withdraw your consent or opt out of marketing communications at any time by following the unsubscribe instructions in the communication, adjusting your account settings, or contacting the company as set forth in 17 Contacts.
Additional Information
For more information about your rights regarding consent, see 8 Data Subject Rights.
8 International Data Transfers
Personal data processed by the company may be transferred to and stored in countries outside your jurisdiction, including countries that may not provide the same level of data protection as your home country. This is necessary for the operation of the Services, for business administration, or to facilitate the involvement of partners, service providers, or subprocessors as described in 2.5 Categories of Data Processors Engaged by the Company and 6.7 Third-Party Processing and Subprocessing.
8.1 Transfers Outside the European Economic Area (EEA), United Kingdom, or Switzerland
For transfers of personal data originating from the European Economic Area (EEA), the United Kingdom, or Switzerland to countries not recognized as providing an adequate level of data protection, the company implements appropriate safeguards as required by applicable data protection laws. Such safeguards may include, but are not limited to:
The use of Standard Contractual Clauses (SCCs) approved by the European Commission or other competent authority;
Reliance on adequacy decisions;
Implementation of Binding Corporate Rules (BCRs), where applicable;
Other lawful transfer mechanisms as recognized by relevant authorities.
For transfers based on SCCs, the company regularly reviews supplementary measures and conducts transfer impact assessments to ensure ongoing adequacy and compliance with EEA, UK, and Swiss requirements.
8.2 Transparency and Access to Safeguards
Upon request, the company will provide further information regarding the international transfer mechanisms used and, where possible, make available a copy of the relevant safeguards, subject to the protection of business secrets and other confidential information.
8.3 User Consent and Rights
By using the Services, you acknowledge and, where required, expressly consent to the transfer, processing, and storage of your personal data as described in this Privacy Policy and in accordance with 1.2 Jurisdiction and Cross-Border Data Transfers. Your rights and protections under this Policy and applicable law remain in effect regardless of the location of processing.
Questions and Contact
If you have questions regarding international data transfers or require further information about the safeguards in place, please contact the company as described in 14 Contacts.
9 Third-Party Links and Integrations
The Services may include links to, or integrations with, third-party websites, applications, platforms, or services that are not owned or controlled by the company. These third-party resources are provided for your convenience and information only.
9.1 No Control or Endorsement
The company does not control and is not responsible for the privacy practices, data protection measures, content, or security of third-party websites, applications, or services. The inclusion of such links or integrations does not constitute or imply endorsement or affiliation by the company.
9.2 Independent Privacy Practices
When you access, interact with, or provide personal data to any third-party website, application, or service, your information is governed by the privacy policy and practices of that third party, not by this Privacy Policy. The company encourages you to review the privacy policies of any third-party resources before submitting or sharing personal data.
9.3 Third-Party Processors and Service Providers
For information about authorized third-party processors and service providers engaged by the company in connection with the Services, please refer to 2.5 Categories of Data Processors Engaged by the Company and 6.7 Third-Party Processing and Subprocessing.
9.4 Limitation of Liability
To the maximum extent permitted by law, the company disclaims any responsibility or liability for any loss, damage, or other consequence arising from your use of third-party links, integrations, or services.
9.5 Cookies and Online Tracking Technologies
The Services use cookies, web beacons, analytics, and similar technologies to enhance your experience, remember preferences, monitor usage, and deliver targeted advertising. You can manage cookie settings in your browser. For more, see Section 5.7.
“Do-Not-Track” Signals
Some browsers offer a "Do Not Track" (DNT) feature. The Services currently do not respond to DNT signals, as there is no uniform standard for interpreting them.
9.6 Social Media Features
The Services may allow you to log in or interact via third-party social networks. When you connect your account, we may collect information you make available on such networks, consistent with your settings. Social plugins (such as “Like” buttons) may transmit data to the network when activated. Review your social network’s privacy controls for more information.
10 Data Protection
The company is committed to ensuring the security, integrity, and confidentiality of personal data processed in connection with the Services. Appropriate technical, organizational, and physical measures are implemented and maintained to protect personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage, in accordance with applicable law.
10.1 Technical Measures
The company employs a range of technical security measures to safeguard personal data, including but not limited to:
- Encryption of data at rest and in transit;
- Access controls and identity management, including multi-factor authentication where applicable;
- Firewalls and intrusion detection/prevention systems;
- Data anonymization or pseudonymization, where appropriate;
- Secure API and network architectures;
- Regular vulnerability assessments, penetration testing, and security patch management.
10.2 Administrative Measures
Organizational measures to ensure data security include:
- Formal information security and privacy policies, subject to regular review and updates;
- Ongoing security awareness and privacy training for employees and contractors;
- Clearly defined roles and responsibilities regarding data protection and incident response;
- Data protection impact assessments (DPIAs) conducted as required for high-risk processing activities;
- Vendor and third-party risk management processes, including due diligence and contractually mandated data protection obligations;
- Incident response and data breach notification procedures.
10.3 Physical Measures
Physical security controls are implemented to protect facilities and infrastructure, including:
- Hosting Services and data in secure, access-controlled data centers (e.g., AWS or equivalent);
- Environmental protections (e.g., fire suppression, power redundancy, climate control);
- Physical hardware protections and secure disposal of media containing personal data.
10.4 Ongoing Evaluation
The effectiveness of technical, administrative, and physical measures is subject to ongoing monitoring, testing, and continuous improvement to address emerging threats, vulnerabilities, and business needs.
11 Compliance with Regulations and Standards
The company is committed to maintaining compliance with applicable data protection and privacy laws, regulations, and recognized industry standards. The company’s practices are regularly reviewed and updated to align with evolving legal requirements and best practices.
11.1 European Union General Data Protection Regulation (GDPR)
The company processes personal data in accordance with the requirements of the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679). This includes the implementation of appropriate safeguards for data transfers (see 8 International Data Transfers), the facilitation of data subject rights (see 8 Data Subject Rights), and adherence to the data protection principles described in 7 Data Processing Principles.
11.2 United Kingdom Data Protection Act 2018 and UK GDPR
Where applicable, the company processes personal data in compliance with the UK Data Protection Act 2018 and the UK GDPR, including provisions for data subject rights and international data transfers.
11.3 California Privacy Rights
In accordance with the California "Shine the Light" law (Cal. Civ. Code § 1798.83), California residents who have an established business relationship with the company may request information regarding the disclosure of their personal information to third parties for direct marketing purposes, as described in 17 Contacts.
California residents may request information once a year regarding personal information disclosed to third parties for direct marketing purposes, in accordance with California Civil Code § 1798.83 (“Shine the Light”).
11.4 California Consumer Privacy Act (CCPA) Notice
In addition to the information provided throughout this Privacy Policy, and specifically in Sections 4 Categories of Personal Information, 5 Categories of Data Subjects, 6 Data Processing Details, and 8 Data Subject Rights, the following information is provided to meet the requirements of the CCPA:
11.4.1 Supplemental Disclosures
Categories of Personal Information Collected: For the categories of personal information the company collects, sources, and the business or commercial purposes of collection, please refer to Sections 4 and 6. The categories disclosed in those sections may include information that falls under the following categories as defined under the CCPA:
- Identifiers
- Personal information described in subdivision (e) of Section 1798.80 of the California Civil Code
- Characteristics of protected classifications under California or federal law
- Commercial information, including products or services purchased, obtained or considered, or other purchasing or consuming histories or tendencies
- Internet or other electronic network activity information
- Geolocation data (except no precise geolocation data is collected unless you specifically consent)
- Audio, electronic, visual, thermal, olfactory or similar information
- Professional or employment-related information
- Inferences drawn from other personal information
- Sensitive personal information
Categories of Personal Information Disclosed or Shared: For details regarding categories of personal information disclosed for business purposes, and categories of third parties with whom data is shared, please refer to Sections 2.5, 6.7, and 12.3.
Sale or Sharing of Personal Information: The company does not sell or share personal information as defined under CCPA, including for cross-context behavioral advertising. If this practice changes, users will be notified and provided with appropriate opt-out options as required by law.
Sensitive Personal Information: The company does not use or disclose sensitive personal information for any purpose other than those permitted under the CCPA (such as providing services, ensuring security and integrity, or compliance with legal obligations).
Financial Incentives: The company does not offer financial incentives, price or service differences, or loyalty programs in exchange for the collection, sale, or retention of your personal information.
11.4.2 Additional California Consumer Rights
In addition to the rights already described in Section 6 (Data Subject Rights), California residents have the right to:
- Request correction of inaccurate personal information maintained about you (Right to Correct).
- Request limitation on the use and disclosure of sensitive personal information to only what is necessary for providing services or as permitted by law.
11.4.3 Methods for Exercising Rights
California residents may exercise their rights as outlined in Section 6.11 (How to Exercise Your Rights), or by contact details provided in Section 14. As permitted under the CCPA, we may take steps to verify the authenticity of requests before we act on them.
Requests by authorized agents may require written authorization.
11.4.4 Non-Discrimination
The company will not discriminate against you for exercising any of your rights under the CCPA. For further details, see Section 6 (Data Subject Rights).
11.4.5 Updates and Effective Date
This section may be updated periodically to reflect changes in legal requirements or company practices. The effective date of this notice is shown at the top of this Policy.
11.5 Canada Personal Information Protection and Electronic Documents Act (PIPEDA)
The company aligns its privacy and data protection practices with the requirements of PIPEDA for personal information processed in connection with Canadian data subjects.
11.6 OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data
The company’s data protection practices are consistent with the OECD Guidelines, which provide principles for the collection, use, disclosure, and cross-border transfer of personal data.
11.7 ISO/IEC 27001:2022 Information Security Management
The company has adopted controls and practices consistent with ISO/IEC 27001:2022 for the management of information security, as further detailed in 13 Data Protection.
11.8 ISO/IEC 27701:2019 Privacy Information Management
The company’s privacy program is aligned with ISO/IEC 27701:2019, which provides a framework for implementing, maintaining, and continually improving a Privacy Information Management System (PIMS) as an extension of information security management.
11.9 Other Applicable Laws and Standards
The company endeavors to comply with other relevant international, national, and local data protection and privacy laws as required by its business operations, contractual obligations, and geographic footprint.
For additional information about the company’s compliance efforts or specific regulatory obligations, please contact us as described in 17 Contacts.
12 User Security Considerations
The company is committed to supporting users in safeguarding their own personal data and maintaining secure use of the Services. While the company implements robust technical, organizational, and physical security measures as described in 13 Data Protection, user actions also play a critical role in protecting information.
12.1 User Responsibilities
Users are responsible for:
- Maintaining the confidentiality and security of their account credentials, including passwords and authentication tokens.
- Promptly updating their passwords if they suspect unauthorized access or compromise.
- Notifying the company immediately in the event of actual or suspected loss of account control, unauthorized access, or any security incident related to their use of the Services.
- Using the Services only in accordance with applicable laws, internal policies, and any instructions provided by their organization (where relevant).
12.2 Security Best Practices
To further protect personal data and reduce the risk of unauthorized access, users are encouraged to:
- Use strong, unique passwords for all accounts associated with the Services and change them regularly.
- Enable multi-factor authentication (MFA) wherever available.
- Keep software, operating systems, and applications up to date with the latest security patches.
- Be vigilant against phishing attacks and do not click links or download attachments from unknown or suspicious sources.
- Secure home or organizational networks with strong passwords and appropriate encryption settings.
- Install and update reputable antivirus and anti-malware software on all devices used to access the Services.
- Regularly back up important data to a secure location.
- Review account activity and monitor for any unauthorized transactions or access.
12.3 Shared Responsibility
Security is a shared responsibility. The company provides support and guidance to help users maintain safe practices and is available to address security concerns. For more information or to report a security incident, please contact the company as described in 17 Contacts.
13 Privacy Policy Changes
The company may update or amend this Privacy Policy from time to time to reflect changes in legal requirements, industry standards, business practices, or the features of the Services. All changes are effective upon posting the revised version of this Privacy Policy, unless a later effective date is specified.
13.1 Notification of Changes
Significant changes to this Privacy Policy will be communicated by one or more of the following methods:
- Posting a prominent notice on the company’s website or within the Services;
- Sending an email notification to users whose contact information is available;
- Providing a summary of material changes at the beginning of the revised Privacy Policy.
13.2 User Responsibility
Users are encouraged to review this Privacy Policy periodically to stay informed about how their personal data is processed and protected. The effective date at the top of the Policy indicates the latest revision.
Continued use of the Services after any changes constitutes acceptance of the revised Privacy Policy. If you do not agree to the changes, you must discontinue use of the Services and contact the company to request deactivation of your account.
Questions and Contact
For questions or concerns regarding changes to this Privacy Policy, please contact the company as described in 14 Contacts.
14 Contacts
If your personal data has been provided to the company by a customer, partner, or reseller (for example, your employer or a service provider using our platform), and the company is acting as a Data Processor or Subprocessor, your primary point of contact for privacy requests and exercising data subject rights should be the Data Controller (the organization that collected your data). The company will cooperate with and support the Data Controller in responding to such requests, as required by law and contract.
If your inquiry relates to the processing of your personal data under the GDPR and you wish to contact or lodge a complaint with a data protection supervisory authority, you may do so with the supervisory authority in your habitual residence, place of work, or where the alleged infringement occurred.
If you have any questions, concerns, or requests regarding this Privacy Policy, the company’s data protection practices, or your personal data, you may contact the company using any of the following methods:
14.1 Mailing Address
Network Optix, Inc.111 N. First Street, Suite 200
Burbank, CA 91502
United States
14.2 Phone
+1 (818) 748-2473
14.3 Email
14.4 Online Form
To request deletion of your personal information, submit inquiries, or exercise your rights, please use the online request form available at:
14.5 Data Protection Officer (DPO)
For privacy-specific matters, you may also contact the company’s Data Protection Officer (DPO) at:
dpo@networkoptix.com
The DPO is responsible for overseeing the company’s data protection strategy, regulatory compliance, and the handling of all privacy-related inquiries.
For any further information or assistance, please contact the company through any of the channels listed above. The company will make reasonable efforts to respond to all legitimate requests in a timely manner and in accordance with applicable data protection laws.