Introduction
Acuity Technologies, AcuityVOIP LLC, and its subsidiaries
and other affiliates (“Acuity”) recognizes and supports the privacy rights of
all persons, and we respect these rights when we collect and process personal
information (“PI”). We have developed and adopted this Privacy Policy to
describe our privacy values and guide our processing of personal information.
By purchasing, subscribing to, or utilizing the Products and/or Services, or
registering to attend, attending and/or participating in any Acuity sponsored
events or other events in which Acuity participates, you agree to be bound to the
terms and conditions of this Privacy Policy.
The obligations and responsibilities set out in this Privacy
Policy are applicable to Acuity and its personnel and will be made available on
Acuity’s website (http://www.acuitytech.com/privacy-policy).
The obligations and responsibilities set out in the Privacy Policy are in
addition to any other applicable policies or agreements entered into with Acuity and
any applicable laws and/or regulations.
General
Statement
We are committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this website, we assure you that it will only be used in accordance with this privacy statement.
Scope
At Acuity, privacy matters. Acuity respects the
privacy of its Clients and other individuals with whom Acuity has business
interactions
This policy is global, applying to all Acuity locations. It
applies to personal information regardless of format. For example, the
policy applies to computerized records and electronic information as well as
paper-based files.
It is also applicable to all personal information that is
collected, maintained or processed by Acuity. The concepts enumerated in this
policy will guide Acuity’s selection and expectations of its Clients, partners,
agents, and/or contractors to whom Acuity transfers and relies on for processing
of personal information.
Acuity provides the technology platform for hosted or
“cloud” unified communications as a service offerings (UCaaS). These Products
merely act as a conduit for data transmitted by third parties and
Subscribers. Acuity processes personal information that is controlled by
or originated from other companies, such as our Clients or other business
partners. Acuity also processes personal information in the course of providing
support for Acuity communications products. Acuity shall protect the personal
information, comply with all laws that regulate the processing of such personal
information, and process the information only as authorized by the data controller
or the data subject. Accordingly, Acuity relies on the guidance and direction of
the Client (as the data controller), who determines the purposes of processing
such personal information. In some cases, Acuity may collect and process
personal information for our own business purposes and shall comply with the
applicable privacy laws concerning Acuity processing.
While Acuity does process data in its role of providing a
technology platform, it does not own, control or direct the use of any of the
personal information stored or processed by any Client or Subscriber. Acuity
only processes such personal information in order to provide and invoice for
purchased and/or subscribed Products and Services.
Data
Processor
Acuity provides the technology platform for hosted or
“cloud” unified communications as a service offering (UCaaS). These Products
merely act as a conduit for data transmitted by third parties and Subscribers. Acuity
processes personal information that is controlled by or originated from other
companies, such as our Clients or other business partners. Acuity also
processes personal information in the course of providing support for Acuity
communications products.
Acuity shall protect the personal information, comply with
all laws that regulate the processing of such personal information, and process
the information only as authorized by the data controller or the data subject.
Accordingly, and in its role as a data processor, Acuity relies on guidance and
direction of the Client (as the data controller), who determines the purposes
of processing such personal information. In some cases, Acuity may collect and
process personal information for our own business purposes and shall comply
with the applicable privacy laws concerning Acuity processing.
While Acuity does process data in its role of providing a
technology platform, it does not own, control or direct the use of any of the
personal information stored or processed by any Client or Subscriber. Acuity
only processes such personal information in order to provide and invoice for
purchased and/or subscribed Products and Services.
What
Information We Collect or Process
Acuity processes and in certain situations collects personal
information as needed to deliver its Products and Services and manage its
business. When collecting personal information, Acuity does so in a
reasonable and lawful manner.
The types of information and the purposes for which Acuity
collects or processes personal information may include:
Indirect End-User Phone Contact Information (Personal
Identifiable Information)
Acuity acts as a data processor with regard to indirect end-user
personal identifiable information and our Clients act as the data controller of
such data. In the course of Acuity’s processing and protection of such data,
all use will be in conformity with the data controller’s instructions.
Specifically, only when enabled via system permission on AcuityVOIP
Android and AcuityVOIP iOS, Acuity shows personal contacts within the
respective application. When the user sends an SMS message to one of his/her
phone contacts, or when the user initiates a call to one of his/her phone
contacts, the phone number is sent securely through Acuity’s API. Acuity does
not store this number with any other PII, and it cannot be directly or
indirectly attributed to any person or persons; Acuity stores only the phone
number and pertinent metadata so as to be compliant with all applicable state
and federal laws, and Acuity does not share this data with any advertisers or
third parties under any circumstances. A user can revoke phone contact access
on his/her mobile device at any time, and his/her app experience is not
hindered or interrupted.
AcuityVOIP Android and iOS also use Gravatar, only when
enabled via Settings, which is a service that provides avatar images linked to
the MD5 hash of the user’s email address. This means that, only when Gravatar
use is enabled, we hash each contact’s email address and send it to Gravatar to
try and retrieve an avatar image. MD5 hashes cannot be directly or indirectly
attributed to any person or persons, and we only send the MD5 hash to Gravatar,
never the email address in plain text. As with phone contacts, a user can
revoke Gravatar access at any time in Settings, and his/her app experience is
not hindered or interrupted.
CLIENTS
Acuity uses such personal information only for relevant,
appropriate, and customary purposes. Acuity will not share or disclose personal
information for purposes other than as described herein. Capitalized terms used
in this Privacy Policy shall have the meaning as given in Client’s Master
Services Agreement (MSA) or associated attachments. The following are examples
of some of the personal information Acuity may process.
Business Contact Information:
Acuity may collect and use personal information about
individual contacts of Clients and others who access Acuity public websites,
knowledge bases, forums, ticket systems, or provide personal information through
other means. Such information may include but is not limited to account
information, first/last name, company name, title, and responsibilities, work
email address, work mailing address, telephone numbers, login information,
device identifiers, as well as additional information provided by such
individuals in the course of receiving Products and Services from Acuity and/or
requesting information about Acuity. We will use such information for the
purposes of providing Products and Services, support, conducting data analytics
and product assessments and related activities, and providing information
regarding Acuity Products and Services.
Customer Proprietary Network Information (CPNI):
Customer Proprietary Network Information (CPNI) may include
information regarding quantity, destination, technical configuration, location,
amount of use and related billing information of telecommunications,
interconnected and/or non-interconnected Voice over Internet Protocol (VoIP)
services. This may include but is not limited to the phone numbers that
you call or send messages to (or the phone numbers that you receive these calls
and messages from) through our Products and Services. The date, time and
duration of the calls may also be collected. This data is used for billing
and service level assurance.
Acuity provides Products and Services that are primarily for
the benefit of Clients and Subscribers in that Acuity transmits, routes,
switches or caches information. These Products and Services merely act as a
conduit for data transmitted by third parties and Subscribers. Acuity does not
determine the purposes and means of processing this personal information.
Except for Subscriber data provided by the Client (the Subscribers service
provider) for which Acuity is merely providing a conduit for transmission, the
subscribed services are of such a nature that, in most instances, Acuity
requires and collects only essential CPNI and billing information; and opting
out or declining to provide the requested data may hinder the provision or
delivery of subscribed services. However, for CPNI data that is collected by Acuity
that is not subject to the control of others, Acuity shall obtain consent from
the user for the processing of this data.
Acuity collects end-user CPNI in the course of providing
Product support. This data may pertain to Clients of Acuity or Subscribers (eg:
end users of Acuity’s direct Clients). This data may include IP address,
telephone number, email address, call detail records, call recordings and other
information sufficient to identify an individual end user.
End User’s CPNI:
Acuity typically collects and processes direct end-user (eg:
Clients, vendors, and partners) personal information for the purposes of
providing Products and Services, support, conducting data analytics, and
managing product performance.
Messaging, Voicemail, Video and Media Files:
Acuity provides Products and Services that facilitate the
recording and storage of audio and video by way of features such as but not
limited to voicemail, call and conference recording. Users may elect to
store or record personal information within these resources at their
discretion.
Anonymized, Non-Identifying Voice and Traffic Data
Acuity may use anonymized, non-identifying data collected
from use of our Products and Services. This anonymized, non-identifying data
may be used to enhance such items, but is not limited to, voice activation,
improve traffic analysis algorithms and techniques, and recognition algorithms.
This processing is executed under applicable terms and supports Acuity’s legitimate interests in tuning, maintaining and enhancing these Products and
Services.
Cookies
Acuity websites may use cookies to collect certain kinds of
personal information about Subscribers or users. For more information on how Acuity
uses cookies and choices available to Subscribers and users please refer to the
following section.
How We
Collect Information
We collect information in various ways, including the
following:
When you use one of our Products or Services, Acuity
collects, and stores certain information that you provide directly. We also
collect information about your use of the Products and Services.
Cookies and Similar Collection Methods
Acuity also collects technical information about your usage
of the Products and Services, and we use various technologies to collect
information about cookies, IP addresses, device type and device identifiers,
application state and the date and time of activity with our Products and
Services, and other similar information. Acuity may associate this information
with your user identification and/or account number for our internal use.
Other Passive Site Tracking
Websites may also utilize Internet Protocol (IP) addresses
and log files to identify network and server concerns and problems. Acuity also
utilizes web beacons and other passive tracking mechanisms to perform standard
website traffic analysis in a similar manner to how we utilize cookies.
Credit Card Information
Acuity only collects credit card information in order to
bill for purchased or subscribed to Products and Services. Acuity utilizes
third-party credit card payment processing agents (where these agents are
required to implement reasonable and appropriate measures to protect and secure
this information from loss or misuse) solely for the purpose of processing
payments for those Products and Services purchased or subscribed to. These
payment processors use of your personal information is governed by their
privacy policies, as well as adhering to the standards set by PCI-DSS as
managed by the PCI Security Standards Council, which is a joint effort of
brands like American Express, Visa, Mastercard, and Discover.
HOW DOES ACUITY
UTILIZE COOKIES
General Information about Cookies
A cookie (also known as an HTTP cookie, web cookie, or
browser cookie) is a small piece of data sent from a website and stored in a
user’s web browser while the user is browsing that website. Every time the user
loads the website, the browser sends the cookie back to the server to notify
the website of the user’s previous activity. Cookies were designed to be a
reliable mechanism for websites to remember useful information (such as items
in a shopping cart) or to record the user’s browsing activity (including
clicking particular or specific buttons, logging in or recording which pages
were visited by the user as far back as months or years ago).
Utilization of Cookies
A visit to a page on www.acuitytech.com
or www.acuityviop.com (or other Acuity
website) may generate the following types of cookie(s):
Anonymous Analytics Cookies
Every time a user visits a Acuity website, software provided
by another organization (such as Google Analytics) generates an ‘anonymous analytics
cookie’. These cookies can tell us whether you have visited the site before.
Your browser will inform us if you have these cookies and, if you don’t, our
website generates new ones. This allows Acuity to track how many individual
users we have and how often they visit the site. Unless you are signed in
to acuitytech.com or acuityvoip.com (or
any other Acuity website), we cannot use these cookies to identify individuals.
We use these cookies to gather statistics: for example, the number of visits to
a page. If you are logged in to the Acuity website, we will also be provided
the details you gave to us for this, such as but not limited to your username
and email address.
Registration Cookies
When you register with an Acuity website, such as acuitytech.com or acuityvoip.com, Acuity
generates cookies that inform us whether you are signed in or not. Our servers
use these cookies to determine which account you are signed in with and whether
you are allowed access to a particular Product or Service.
Advertising (Ad) Cookies
These cookies allow Acuity to know whether you’ve seen a
specific ad or the type of ad, and for how long you have viewed it. We
also utilize cookies to help us direct targeted advertising.
Other Third-Party Cookies
On some pages of our websites, other organizations may also
set their own anonymous cookies. They do this to track the success of their
products and/or services, or to customize the experience for you. Because of
how cookies function, our websites cannot access these Third-Party cookies, nor
can the other organization access the data in cookies Acuity uses on our
websites. For example, when you share an article or post using a social
media sharing button (LinkedIn or other social media outlets) on acuitytech.com
or acuityvoip.com, the social network that has created the button will record
that you have done this.
How Do I
Turn Cookies Off
It is usually possible to stop your browser accepting
cookies, or to stop it accepting cookies from a specific website. Most
modern browsers allow you to change your cookie settings. You can usually find
these settings in the ‘options’ or ‘preferences’ menu of your browser. To
understand these settings, you can use the ‘Help’ option in your browser for
more details. It is solely your responsibility to stop cookies in your browser.
Note: If you block the use of cookies, then this will limit
the service that we are able to provide to you and may affect your visitor/user
experience.
VENDORS, SUPPLIERS AND SUBCONTRACTORS
Acuity may collect personal information about individuals
who are employed by our suppliers and vendors. This business contact and
payment information are strictly used to administer existing and future
business arrangements.
OTHERS
Additional personal information may be collected, processed,
and disclosed for the purposes for which it was collected and for legal
compliance purposes, including regulatory reporting, investigation of
allegations of wrongdoing, and the management and defense of legal claims and
actions, and compliance with subpoenas, court orders, and other legal obligations. For
example, we may collect information about individuals that visit our office or
other facilities. When we do collect data, such collection shall be relevant, proportionate,
and limited to the purposes for which they are processed.
How We
Use the Information We Collect
We use your information primarily and as necessary to
provide you with the various Acuity Products and Services, including but not
limited to one or more of the following ways: to create your accounts and allow
use of our Products, to provide technical support, and respond to Client
inquiries, to prevent fraud or potentially illegal activities, enforce our
other agreements with you, to notify Clients of application updates, and to
inform Clients about new products or promotional offers.
SENSITIVE INFORMATION
Acuity recognizes that for some sensitive information,
affirmative express consent from individuals is required and must be obtained
if such information is to be (i) disclosed to a third party or (ii) processed
for a purpose other than those for which it was originally collected or
subsequently authorized by the individuals through the exercise of opt-in
choice. In addition, Acuity shall treat as sensitive any personal
information received from a third party where the third party identifies and
treats it as sensitive.
SERVICE PORTALS
If you have created a user profile on any Acuity service
portal, you may access and revise the personal information in your user profile
when you log into your account. In general, these portals will only require
minimal personal information that is necessary to provide and administer the
service.
MARKETING MATERIALS
If you provide us with your email address or other business
contact information to enable us to provide communications and information to
you, we may use the information for providing such communications including the
delivery of press releases and other Acuity marketing materials. You may
request to no longer receive Acuity marketing communications by following the
“unsubscribe” instructions in emails from Acuity or by sending a request to the
contact identified below.
In the rare and unlikely event that Acuity wishes to use an
individual’s personal information for a purpose that is materially different
from the purpose(s) for which it was originally collected or subsequently
authorized by the individuals, Acuity will seek consent in advance as required
by applicable law.
Sharing Your Information
We may disclose or report information that individually
identifies Clients, Subscribers, or devices in certain circumstances, such as:
(i) if we have a good faith belief that we are required to
disclose the information in response to a valid legal process (for example, a
court order, search warrant or subpoena, or to defend or respond to legal
actions, and as otherwise authorized by law, or in response to lawful requests
by public authorities, including to meet national security or law enforcement
requirements); (ii) to satisfy applicable laws, (iii) if we believe that the
Products and Services are being used in an unauthorized, unlawful or abusive
manner, such as to commit a crime, including to report such criminal activity
or to exchange information with other companies and organizations for the
purposes of fraud protection and credit risk reduction, (iv) if we have a good
faith belief that there is an emergency that poses a threat to the health or
safety of a person or the general public, (v) in order to protect the rights or
property of Acuity, including enforcement of our Intellectual Property Rights
and terms of the Agreement(s), and (vi) for all other purposes with your
consent. We may also provide your information to third party companies to
perform services on our behalf, including but not limited to payment
processing, data analysis, message delivery, hosting services, customer
service, and marketing.
If Acuity enters into a merger, acquisition, or sale of all
or a portion of its assets or business, Client and Subscriber information,
including personal information, will also be transferred as part of or in
connection with the transaction as per applicable law.
INFORMATION
DISCLOSURE
Internal Disclosure
In general, personal information may be shared within Acuity,
where legally permitted for reasonable and appropriate corporate purposes.
However, even within Acuity, we restrict access to personal information to
those employees, agents, or contractors who need access to carry out their
assigned functions.
External Disclosure
Acuity uses vendors and partners for a variety of business
purposes, such as to help us develop, deploy and invoice for the various
Products and Services we provide. We share information with those vendors and
partners when it is necessary for them to perform work on our behalf. Acuity
requires that these vendors and partners protect the customer information we
provide to them and limit their use of such information to their respective
processing activity. Acuity will only transfer or provide direct access to
personal information covered by this policy to third parties that have made a
commitment to respect the privacy rights of the data subject; limit processing
of personal information to comply with data controller instructions; and
provided Acuity contractual assurances that they will provide at least the same
level of privacy protection as is required by applicable privacy laws.
Security of Your Information
We implement security measures we believe are reasonable to
protect your information. It is important that you protect and maintain the
security of your account and you need to immediately notify us of any
unauthorized use of your account. Remember, no method of transmission over the
Internet, or method of electronic storage is 100% secure. While we strive to
use commercially acceptable means to protect your personal information, we
cannot and do not guarantee its absolute security.
Protecting Personal Information
To help protect the confidentiality of personal information,
Acuity employs security safeguards appropriate to the sensitivity of the
information and in accordance with this Privacy Policy. These safeguards
include reasonable administrative, technical, and physical measures to
safeguard the confidentiality and security of personal information against
anticipated threats and unauthorized access to personal information. No
transfer of your personal information will take place to an organization or a
country unless there are adequate controls in place including the security of
your data and other personal information. Additionally, we convey safeguard
obligations to our agents who receive personal information from or on behalf of
Acuity in the course of their relationship with our organization as described
above in the section titled External Disclosure.
Transfer of Data
Your information, including personal information, may be
transferred to, and maintained on, computers, servers or other data storage
located outside of your state, province, country or other governmental
jurisdiction where the data protection laws may differ than those from your
jurisdiction. If you reside outside the United States and choose to provide
information to Acuity, please note that we transfer the data, including
personal information, to the United States and process it there.
Your consent to this Privacy Policy followed by your
submission of such information represents your agreement to that transfer.
Retention of Data
Personal information collected by Acuity will be retained
for as long as necessary and legally permitted for the purposes for which it
was collected, to provide you with Products and Services, enforce our legal
agreements and policies, and to conduct our legitimate business interests or
where otherwise required by law.
Data Integrity
Acuity employs reasonable means to keep personal information
accurate, complete, and current, as needed for the purposes for which it was
collected.
How to Access and Update Your Information
We generally provide individuals with an opportunity to
examine their own personal information, confirm the accuracy and completeness
of their personal information, and have their personal information updated, if
appropriate.
The ability of an individual to access his or her personal
information is not unlimited, however. An individual’s ability to access
personal information may be limited, for example, where (i) the burden or
expense of providing access would be unreasonable or disproportionate to the
risks to the individual’s privacy, (ii) the information should not be disclosed
due to legal or security reasons or to protect confidential commercial
information; or (iii) providing access would compromise the privacy of another
person.
If you have created a user profile on a portal, you may also
access and revise the personal information in your user profile when you log
into your account.
Individuals who wish to access or update their personal
information not accessible via a portal should direct such communications to Acuity
Legal Department at:
legal@acuitytech.com
Third-Party Websites, Plugins or Widgets
Acuity websites, Products and/or Services may include social
network or other third-party plugins and widgets not operated by us. Accessing
these links to other sites is done at your own option and is not part of any Acuity’s offerings. Acuity has no control over and assumes no responsibility for the
content, privacy policies or practices of any third-party sites or
services. We strongly advise you to review each privacy policy provided
at the respective site.
Health Insurance Portability and Accountability Act
The Health Insurance Portability and Accountability Act of
1996 (“HIPAA”) is United States legislation that provides data privacy and
security provisions for safeguarding medical information. Client acknowledges
and agrees that unless the Acuity Products and Services description expressly
states otherwise, the Products and Services do not comply with the requirements
of the Health Insurance Portability and Accountability Act, as amended, and its
implemented regulations. Unless the Products and Services description expressly
states otherwise, Client agrees that it will not use the Products and Services
to create, receive, transmit, maintain, store, use, disclose, or otherwise cause
the Products and Services to handle Protected Health Information (“PHI”) as
defined under HIPAA. Client retains complete and full responsibility to ensure
that the Products and Services are only applied to use-case scenarios where the
Products and Services do provide the necessary level of security and privacy
protections. CLIENT’S AGREEMENT TO THIS PROVISION IS A MATERIAL CONDITION OF
MAKING THE PRODUCTS AND SERVICES AVAILABLE TO CLIENT. In addition to any
indemnity requirements in these Terms, Client shall indemnify, defend and hold
harmless Company, Company Affiliates, and all of the directors, officers,
managers, partners, employees, agents, representatives, heirs, successors, and
assigns of Company and each of Company’s Affiliates against all actions, claims,
losses, penalties, fines, assessments, administrative costs, credit protection
costs, damages and expenses (including reasonable attorneys’ fees) arising out
of Client’s violation of the provisions of this section, caused in whole or in
part by any act or omission of Client, or of anyone employed by or acting as a
subcontractor, representative or agent of Client. Any limitation on
liability set forth in the terms of the Master Services Agreement or any other
agreement between Company or its Affiliates and Client shall not apply to
Client’s liability under this provision.
California Privacy Rights
The California Data Protection Act (Cal. Civ. Code §§
1798.83), also known as S.B. 27 “Shine the Light Law”, applies to a business
that owns or retains California residents’ personal information and, requires
such business to disclose to its California customers, upon request, the
identity of any third parties to whom the business has disclosed personal
information within the previous calendar year, along with the type of personal
information disclosed, for the third-parties’ direct marketing purposes.
A business subject to California Business and Professions
Code Section 22581 and the Privacy Rights for California Minors in the Digital
World Act (Cal. Bus. & Prof. Code §§ 22580-22582) must allow California
residents under age 18 who are registered users of online sites, services or
applications to request and obtain removal or other forms of anonymization of
content or information they have publicly posted. Your request should include a
detailed description of the specific content or information to be so removed.
Our Products and Services do not address anyone under the
age of 18 (“Children”). We do not knowingly collect personally identifiable
information from anyone under the age of 18. If you are a parent or guardian
and you are aware that your child has provided us with personal information,
please contact us. If we become aware that we have collected personal
information from children without verification of parental consent, we take
steps to remove that information from our servers.
If you are a California resident and would like to make such
a request, email or contact us at: legal@acuitytech.com
Changes to Our Privacy Policy
Acuity reserves the right to change this Privacy Policy at
our discretion subject to business or legal requirements. You are advised to
review and check this Privacy Policy from time to time and particularly before
you provide personal information to Acuity. Changes to this Privacy Policy are
effective when they are posted on this page. By continuing to use our Products
and/or Services you are agreeing to be bound by any changes or revisions made
to this privacy policy.
Contacting Us
If you have any questions, comments, or concerns regarding
our Privacy Policy or practices, please send an email to legal@acuitytech.com or write to Acuity
at the following address:
Acuity Technologies / AcuityVOIP
5215 W. Laurel St.
Suite 200
Tampa, FL 33607