August 11th, 2023
GDPR AND CCPA NOTICE
The purpose of this Privacy Notice is to provide consumers with a comprehensive description of our online and offline practices regarding the collection, use, disclosure, and sale of Personal Information and of the rights of consumers regarding their own Personal Information.
- The California Consumer Privacy Act of 2018 (“CCPA”) as amended and its regulations and other California privacy laws. Any terms defined in the CCPA have the same meaning when used in this Privacy Notice.
- The General Data Protection Regulation (“GDPR”) as specified at https://ec.europa.eu/commission/priorities/justice-and-fundamental-rights/data-protection/2018-reform-eu-data-protection-rules_en where applicable. Any terms defined in the GDPR have the same meaning when used in this Privacy Notice.
What Personal Information do we sell?
We have not sold any Personal Information of any consumers in the preceding 12 months.
What Personal Information do we collect and process?
We collect the following categories of Personal Information:
Categories of Personal Information
(Cal. Civ. Code – 1798.140(o))
Examples of Personal Information that may be collected
A. Identifiers. Name, personal email address, phone number, company information, employment, search history, order history, home address, billing address, credit/debit card information, IP address, email interaction history, social media account information.
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code – 1798.80(e)). A name, address, telephone number, education, employment, photograph, social media account information, credit card number, debit card number, or any other financial information.
C. Commercial information. Records of products or services purchased, obtained, or considered, or other purchasing histories.
D. Internet or other similar network activity. Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.
E. PII categories identified by GDPR are processed as part of our Hosted Unified Communications As A Service (UCaaS) offering. These include but are not limited to phone number, caller ID, call log, and contents within voicemails, call recordings, SMS/MMS, Chat, video collaboration session.
If your Personal Information is not provided by you, what is the source from which your Personal Information originates?
For all categories of Personal Information, we obtain personal information from the following categories of sources:
Directly and indirectly from your activity on our websites (e.g. www.Crexendo.com). For example, from participation in our forums, from orders or other submissions through our website portal, or website usage details.
Publicly available information on the internet, social media, and/or any other platform.
How do we use your Personal Information that we collect?
We may use or disclose the personal information we collect for the following business purposes:
To perform the service for which the information is provided. For example, if you provide us with personal information for us to complete an order, we will use that information to complete that order.
To provide you with information, products, or services that you buy from us.
To provide you with email alerts, event registrations, and other notices concerning our products or services, or news that may be of interest to you.
To enforce our rights arising from any contracts entered into between you and us, including for billing and collections.
To improve our website and present its contents to you.
For testing, research, analysis, and product development.
To protect the rights, property, or safety of us, our customers, or others.
To provide information to regulators or comply with governmental regulations.
As may otherwise be disclosed to you when collecting your personal information or as otherwise set forth in the CCPA or GDPR.
We will not collect additional categories of personal information or use the personal information we collected from you for materially different, unrelated, or incompatible purposes without first providing you notice.
Do we share your Personal Information?
We may disclose your personal information to another party for a business purpose and such transfer is strictly required for the purposes mentioned above. We have disclosed personal information to the following categories of parties in the last 12 months:
Third-party service providers. When legally permitted to do so, we may share personal information with courts, law enforcement authorities, regulators, or attorneys if necessary to comply with the law or for the establishment, exercise, or defense of legal claims.
Your Rights and Choices
Request to Know — access to Specific Information and Data Portability Rights You have the right to request that we disclose certain information to you about our collection and use of your personal information over the 12 months prior to receiving your request. Once we receive and confirm your verifiable consumer request, we will disclose to you:
The categories of personal information we collected about you.
The categories of sources for the personal information we collected about you.
The categories of third parties with whom we shared personal information we collected about you.
Our business or commercial purpose for collecting that personal information.
Our business or commercial purpose for sharing that personal information with third parties.
The specific pieces of personal information we collected about you (also called a data portability request).
We will deny your request to know if (i) we cannot verify your identity; (ii) the disclosure creates a substantial, articulable, and unreasonable risk to the security of your personal information, your account with us, or the security of our business’ systems or networks. In no event will we disclose your Social Security number, driver’s license number or other government-issued identification numbers, an account password, or security questions and answers.
Choices About How We Use and Disclose Your Information
We strive to provide you with choices regarding the personal information you provide to us. We have created mechanisms to provide you with the following control over your information:
Disclosure of Your Information for Third-Party Advertising. If you do not want us to share your personal information with unaffiliated or non-agent third parties for promotional purposes, you can opt-out when you submit your information from any form on our website or by sending us an email with your request to email@example.com .
Promotional Offers from the Company. If you do not wish to have your information used by the Company to promote our own or third party products or services, you can opt-out when you submit your information from any form on our website or by sending us an email with your request to firstname.lastname@example.org . If we have sent you a promotional email, you may send us a return email asking to be omitted from future email distributions.
Targeted Advertising. If you do not want us to use information that we collect or that you provide to us to deliver advertisements according to our advertisers’ target-audience preferences, you can opt-out when you submit your information from any form on our website or by sending us an email with your request to email@example.com. We do not control third parties’ collection or use of your information to serve interest-based advertising. However, these third parties may provide you with ways to choose not to have your information collected or used in this way. You can opt-out of receiving targeted ads from members of the Network Advertising Initiative (“NAI”) on the NAI’s website.
Deletion Request Rights
You have the right to request that we delete some or all of the personal information we have pertaining to you. Once we receive and confirm your verifiable consumer request, we will separately reconfirm your request. After you confirm, we will then delete (and direct our service providers to delete, if applicable) your personal information from our records, unless an exception applies. We may deny your deletion request if we are unable to verify your identity or if we are not required to delete your Personal Information under the CCPA or GDPR.
Exercising Access, Data Portability, and Deletion Rights
To exercise the access, data portability, or deletion rights described above, please submit a verifiable consumer request to us by either:
Calling us at 602-714-8500 or by email at firstname.lastname@example.org
Only you or an authorized agent may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.
We are only required to respond to a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must provide sufficient information to allow us to verify you (or an authorized agent) is the person about whom we collected personal information.
We will not provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We use personal information provided in a verifiable consumer request solely to verify the requestor’s identity or authority to make the request.
Response Timing and Format
We will acknowledge receipt of your request to know or your deletion request within 10 days. We will respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period. If you have an account with us, we will deliver our response to the email address for that account. If you do not have an account with us, we will deliver our response by US mail or electronically at the email address in your request, at your option. All disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
We will not discriminate against you for exercising any of your CCPA or GDPR rights. Unless permitted by the CCPA or GDPR, we will not:
Deny your goods or services.
Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
Provide you a different level or quality of goods or services.
Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
Changes to Our Privacy Notice
We reserve the right to amend this privacy notice at our discretion and at any time. When we make changes to this privacy notice, we will notify you by email or through a notice on our website homepage.
If you have any questions or comments about this notice, our Privacy Statement, the ways in which we collect and use your personal information, your choices and rights regarding such use, or wish to exercise your rights under California law or under EU/UK GDPR, please do not hesitate to contact us at:
Website: Contact www.crexendo.com/contact