Nexl Pty Ltd (ABN 35 629 542 043) (‘NEXL’)
Last Modified: Nov 22, 2020
We at NEXL are committed to protecting your privacy. This Product Privacy Policy applies to your use of the NEXL Subscription Service as a customer of NEXL. This Product Privacy Policy describes how we collect, receive, use, store, share, transfer, and process your Personal Data. It also describes your choices regarding use, as well as your rights of access and correction of your Personal Data.
This Product Privacy Policy also describes how we process Customer Data on behalf of our customers in connection with the NEXL Subscription Services. This Product Privacy Policy does not apply to any information or data collected by NEXL as a controller for other purposes, such as information collected on our websites or through other channels for marketing purposes.
NEXL processes Customer Data under the direction of our Customers, and has no direct control or ownership of the Personal Data we process on behalf of our customers. Customers are responsible for complying with any regulations or laws that require providing notice, disclosure, and/or obtaining consent prior to transferring the Personal Data to NEXL for processing purposes. Terms not otherwise defined herein shall have the meaning as set forth in the NEXL SaaS Agreement. In the event of a conflict between this Product Privacy Policy and the SaaS Agreement, the terms of the SaaS Agreement will control.
We periodically update this Product Privacy Policy. We will post any changes on this page and, if the changes are material, we will provide an update through the notification app in your NEXL account.
Use of the Subscription Service
The NEXL Subscription Service
Our online Subscription Service allows users (typically small to medium size professional services firms) to manage contacts, client and general business relationships. The Subscription Service can also be used to help organize sales data about a company’s sales pipeline (e.g., prospects, clients, opportunities, etc.). The information added to the Subscription Service, either by site visitors providing their contact information or when a Subscription Service user adds the information, is stored and managed on our service providers’ servers. NEXL provides the Subscription Service to our customers for their own marketing, sales and CRM needs.
Use By Our Customers
Our customers use the Subscription Service to manage their business relationships. When customers use the Subscription Service, they may collect Personal Data such as first and last name, email address, physical address, or phone number. NEXL does not control the content of these webpages or the types of Personal Data that our customers may choose to collect or manage using the Subscription Service. That Personal Data is controlled by them and is used, disclosed and protected by them according to their privacy policies. NEXL processes our customers’ information as they direct and in accordance with our agreements with our customers, and we store it on our service providers’ servers.
Our agreements with our customers prohibit us from using that information, except as necessary to provide and improve the Subscription Service, as permitted by this SaaS Agreement, and as required by law.
We have no direct relationship with individuals who provide Personal Information to our customers. Our customers control and are responsible for correcting, deleting or updating information they have collected from using the Subscription Service. We may work with our customers to help them provide notice to their visitors about their data collection, processing and usage.
How we Share Information we Collect
With Service Providers
We employ other third-party service providers to provide services on our behalf to visitors to our websites, our customers, and Users of the Subscription Service and may need to share your information with them to provide information, products or services to you. Examples may include removing repetitive information from prospect lists, analysing data or performing statistical analysis, providing marketing assistance, processing credit card payments, supplementing the information you provide us in order to provide you with better service, and providing customer service or support. These service providers are prohibited from using your Personal Data except for these purposes, and they are required to maintain the confidentiality of your information. In all cases where we share your information with such agents, we explicitly require the agent to acknowledge and adhere to our privacy and customer data handling policies.
Due to Corporate Events
If we (or our assets) are acquired by another company, whether by merger, acquisition, bankruptcy or otherwise, that company would receive all information gathered by NEXL on the websites and the Subscription Service. In this event, you will be notified via email and/or a prominent notice on our website, of any change in ownership, uses of your Personal Data, and choices you may have regarding your Personal Data.
In accordance with Compelled Disclosure
We reserve the right to use or disclose your Personal Data if required by law or if we reasonably believe that use or disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or comply with a law, court order, or legal process.
NEXL Product Specific Privacy Disclosures
All Product Tiers
Third Parties
We may provide links within our sites and services to the sites or services of third parties. We are not responsible for the collection, use, monitoring, storage or sharing of any Personal Data by such third parties, and we encourage you to review those third parties’ privacy notices and ask them questions about their privacy practices as they relate to you.
Google / Office 365 Integrations
If you choose to integrate your Office 365, Gmail or any other G Suite application with the Subscription Service you may use the following integrations and allow NEXL access to your Google or Microsoft user data:
Gmail / Office 365 Integration
By using the ‘Gmail / Office 365 Integration’ with the Subscription Service you will grant the Subscription Service access to information associated with your account, including contacts, email headers, calendar, distribution lists from your email. The Subscription Service will store email headers, distribution lists, aliases and time sent.
Additional Limits on Use of Your Google / Microsoft user Data:
Notwithstanding anything else in this Product Privacy Policy, if you provide NEXL with access to your Gmail / Office 365 data using the Gmail / Office 365 Integration, our use of that data will be subject to these additional restrictions:
- We will only use access to read Gmail / Office 365 metadata, headers, and settings to provide track your interactions with contacts.
- We will not transfer this Gmail / Office 365 data to others unless doing so is necessary to provide and improve these features, comply with applicable law, or as part of a merger, acquisition, or sale of assets.
- NEXL will not use this Gmail / Office 365 data for serving advertisements.
Google / Office 365 Calendar Integration
The Subscription Service will have access to both your Google / Office 365 Calendar and any other calendar you access via Google / Microsoft in order to allow you to associate events with contacts in the CRM. The Subscription Service will have the ability to read your calendar events.
Chrome Extensions
Prospecting Extension: you can install the NEXL Prospecting Chrome extension to get easy access to NEXL via your Chrome Browser. The extension can read and change all your data on the websites you visit and display notifications. It can import contact information form LinkedIn profiles, Twitter and other websites.
NEXL Outlook Add-In
If you use the Outlook integration with the NEXL Product, the Subscription Service will have access to information associated with your account, including contacts, emails and calendar. The Subscription Service will store, email headers, aliases and time sent. Opportunities you create using the Outlook Add-In might be visible to other users within your organisation such as your business development team and other administrators of the Subscription Service.
Data Practices and Service Data
We automatically collect metrics and information about how Users interact with and use the Subscription Service. We use this information to develop and improve the Subscription Services and the Consulting Services, and to inform our sales and marketing strategies. We may share or publish this service data with third parties in an aggregated and anonymized manner, but we will not include any Customer Data or identify Users.
If you access the Subscription Services via our mobile applications, we may also collect your device model and version, device identifier, and OS version. We may send you push notifications from time to time in order to update you about events or promotions. If you no longer wish to receive such communications, you may turn them off at the device level.
We use Customer Data in an anonymized manner for machine learning that supports certain product features and functionality within the Subscription Service.
When you use the Subscription Service, we automatically collect log files. These log files contain information about a Users’ IT system, a User’s IP address, browser type, domain names, internet service provider (ISP), the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system, clickstream data, access times, and referring website addresses. We use this information to ensure the optimal operation of the Subscription Service and for security purposes. We may link log files to Personal Data such as name, email address, address, and phone number for these purposes.
You can log in to our site using a Single Sign-on (SSO) service like your Google or Office 365 account. This service will authenticate your identity and provide you the option to share certain Personal Data with us such as your name.
Enrichment Data
When you add company and contact records to the NEXL CRM, we populate certain fields with company and contact level Enrichment Data. These properties may include information such as company name, company location, company industry, company address, contact job title and location. This data is obtained from public and third party sources. We do not use Customer Data to populate Enrichment Data.
Integrations with the NEXL Platform
You may choose to connect any number of applications or integrations, including our certified partner applications, with your NEXL account. If you give an integration provider access to your NEXL account then your use of these integrations is subject to the service terms and privacy terms made available by that integrator. We are not responsible for third party integrators and in no case are such integration providers our sub-processors.
Data Subject Requests
If you are a customer, prospect, or otherwise interact with one of our Customers and would no longer like to be contacted by one of our customers that use our Subscription Service, please contact the customer that you interact with directly. If you want to access, correct, amend, or delete data controlled by a NEXL customer, you should direct your query to the NEXL Customer (the data controller). We will work with customers to respond to data subject requests as outlined in our DPA.
You may request the deletion of your NEXL account or Subscription Service by sending a request to support@nexl.io. You should also review our DPA to understand our obligations as a processor of your data and how we comply with relevant data protection laws.
If you are seeking to exercise your data subject access rights for the data NEXL processes as a controller, please contact us via support@nexl.io
Data Retention
Customer Data collected during your use of the Subscription Service is retained in accordance with the provisions of the DPA or SaaS Agreement and is retained for as long as you have a paid Subscription and/or remain an active customer in your portal. Your data is deleted upon your written request or after an established period following the termination of all customer agreements. In general, Customer Data is deleted after your paid Subscription ends and your portal becomes inactive.
General Data Protection Regulation (GDPR) for the European Union (EU)
Nexl will comply with the principles of data protection set out in the GDPR for the purpose of fairness, transparency and lawful data collection and use.
We process your personal information as a Processor and/or to the extent that we are a Controller as defined in the GDPR.
We must establish a lawful basis for processing your personal information. The legal basis for which we collect your personal information depends on the data that we collect and how we use it.
We will only collect your personal information with your express consent for a specific purpose and any data collected will be to the extent necessary and not excessive for its purpose. We will keep your data safe and secure.
We will also process your personal information if it is necessary for our legitimate interests, or to fulfil a contractual or legal obligation.
We process your personal information if it is necessary to protect your life or in a medical situation, it is necessary to carry out a public function, a task of public interest or if the function has a clear basis in law.
We do not collect or process any personal information from you that is considered “Sensitive Personal Information” under the GDPR, such as personal information relating to your sexual orientation or ethnic origin unless we have obtained your explicit consent, or if it is being collected subject to and in accordance with the GDPR.
You must not provide us with your personal information if you are under the age of 16 without the consent of your parent or someone who has parental authority for you. We do not knowingly collect or process the personal information of children.
Your rights under GDPR
If you are an individual residing in the EU, you have certain rights as to how your personal information is obtained and used. Nexl complies with your rights under the GDPR as to how your personal information is used and controlled if you are an individual residing in the EU
Except as otherwise provided in the GDPR, you have the following rights:
- to be informed how your personal information is being used;
- access your personal information (we will provide you with a free copy of it);
- to correct your personal information if it is inaccurate or incomplete;
- to delete your personal information (also known as “the right to be forgotten”);
- to restrict processing of your personal information;
- to retain and reuse your personal information for your own purposes;
- to object to your personal information being used; and
- to object against automated decision making and profiling.
Please contact us at any time to exercise your rights under the GDPR at the contact details in this Privacy Policy.
We may ask you to verify your identity before acting on any of your requests.
International Transfers to Third Parties
Some of the third parties described in this privacy policy, which provide services to us under contract, are based in other countries that may not have equivalent privacy and data protection laws to the country in which you reside. When we share information of customers in the European Economic Area or Switzerland, we make use a variety of legal mechanisms to safeguard the transfer, including the European Commission-approved standard contractual data protection clauses or other appropriate legal mechanisms. For transfers to or from the United Kingdom, we make use of the standard contractual clauses. Please contact us if you need more information about the legal mechanisms we rely on to transfer Personal Information outside the EEA, Switzerland and the United Kingdom.
Contact
Philipp Thurner, CEO
phil@nexl.io