Privacy Policy

Introduction

Vested Networks, LLC and its subsidiaries and other affiliates (“Vested Networks”) recognizes and supports the privacy rights of all persons, and we respect these rights when we collect and process personal information (“PI”). We have developed and adopted this Privacy Policy to describe our privacy values and guide our processing of personal information. By purchasing, subscribing to, or utilizing the Products and/or Services, or registering to attend, attending and/or participating in any Vested Networks sponsored events or other events in which Vested Networks participates, you agree to be bound to the terms and conditions of this Privacy Policy.

The obligations and responsibilities set out in this Privacy Policy are applicable to Vested Networks and its personnel and will be made available on Vested Networks’ website (www.Vested Networks.com/privacy-policy). The obligations and responsibilities set out in the Privacy Policy are in addition to any other applicable policies or agreements entered into with Vested Networks and any applicable laws and/or regulations.

General Statement

Vested Networks is dedicated to the use of Voice over Internet Protocol (VoIP) and related technologies to improve the telecommunications industry and the lives of individuals throughout the world.

Vested Networks’ goal is to deliver best-in-class communications services to all its Customers, at a reasonable price and to make available all the benefits that VoIP offers as broadly as possible. In order to achieve this goal, a Privacy Policy is necessary.

Scope

At Vested Networks, privacy matters. Vested Networks respects the privacy of its Customers and other individuals with whom Vested Networks has business interactions.

It is also applicable to all personal information that is collected, maintained, or processed by Vested Networks. The concepts enumerated in this policy will guide Vested Networks’ selection and expectations of its Customers, partners, agents and/or contractors to whom Vested Networks transfers and relies on for processing of personal information.

Vested Networks provides the technology platform for hosted or “cloud” unified communications as a service offerings (UCaaS). These Products merely act as a conduit for data transmitted by third parties and Subscribers. Vested Networks processes personal information that is controlled by or originated from other companies, such as our Customers or other business partners. Vested Networks also processes personal information in the course of providing support for Vested Networks communications products. Vested Networks shall protect the personal information, comply with all laws that regulate the processing of such personal information, and process the information only as authorized by the data controller or the data subject. Accordingly, Vested Networks relies on guidance and direction of the Customer (as the data controller), who determines the purposes of processing such personal information. In some cases, Vested Networks may collect and process personal information for our own business purposes and shall comply with the applicable privacy laws concerning Vested Networks processing.

While Vested Networks does process data in its role of providing a technology platform, it does not own, control, or direct the use of any of the personal information stored or processed by any Customer or Subscriber. Vested Networks only processes such personal information in order to provide and invoice for purchased and/or subscribed Products and Services.

Data Processor

Vested Networks shall protect the personal information, comply with all laws that regulate the processing of such personal information, and process the information only as authorized by the data controller or the data subject. Accordingly, and in its role as a data processor, Vested Networks relies on guidance and direction of the Customer (as the data controller), who determines the purposes of processing such personal information. In some cases, Vested Networks may collect and process personal information for our own business purposes and shall comply with the applicable privacy laws concerning Vested Networks processing.

What Information We Collect or Process

Vested Networks processes and in certain situations collects personal information as needed to deliver its Products and Services and manage its business. When collecting personal information, Vested Networks does so in a reasonable and lawful manner.

The types of information and the purposes for which Vested Networks collects or processes personal information may include:

Indirect End User Phone Contact Information (Personal Identifiable Information or “PII”)

Vested Networks acts as a data processor with regard to indirect end user personal identifiable information and our Customers act as the data controller of such data. In the course of Vested Networks’ processing and protection of such data, all use will be in conformity with the data controller’s instructions.

Specifically, only when enabled via system permission on NOVA mobile, SNAPmobile Android and SNAPmobile iOS (“mobile apps”), Vested Networks shows personal contacts within the respective application. When the user sends an SMS message to one of his/her phone contacts, or when the user initiates a call to one of his/her phone contacts, the phone number is sent securely through Vested Networks’ secure, cloud-based systems. Vested Networks does not store this number with any other PII, and it cannot be directly or indirectly attributed to any person or persons; Vested Networks stores only the phone number and pertinent metadata so as to be compliant with all applicable state and federal laws, and Vested Networks does not share this data with any advertisers or third parties under any circumstances. A user can revoke phone contact access on his/her mobile device at any time, and his/her app experience is not hindered or interrupted.

Mobile apps also use Gravatar, only when enabled via Settings and UIConfigs, which is a service that provides avatar images linked to the MD5 hash of the user’s email address. This means that, only when Gravatar use is enabled, we hash each contact’s email address and send it to Gravatar to try and retrieve an avatar image. MD5 hashes cannot be directly or indirectly attributed to any person or persons, and we only send the MD5 hash to Gravatar, never the email address in plain text. As with phone contacts, a user can revoke Gravatar access at any time in Settings or via UIConfig, and his/her app experience is not hindered or interrupted.

Customers

Vested Networks uses such personal information only for relevant, appropriate, and customary purposes. Vested Networks will not share or disclose personal information for purposes other than as described herein. Capitalized terms used in this Privacy Policy shall have the meaning as given in signed Customers’ Agreements. The following are examples of some of the personal information Vested Networks may process.

Business Contact Information

Vested Networks may collect and use personal information about individual contacts of Customers and others who access Vested Networks public websites, knowledge bases, forums, ticket systems, or provide personal information through other means. Such information may include but is not limited to account information, first/last name, company name, title, and responsibilities, work email address, work mailing address, telephone numbers, login information, device identifiers, as well as additional information provided by such individuals in the course of receiving Products and Services from Vested Networks and/or requesting information about Vested Networks. We will use such information for the purposes of providing Products and Services, support, conducting data analytics and product assessments and related activities, and providing information regarding Vested Networks Products and Services.

Customer Proprietary Network Information (CPNI)

Customer Proprietary Network Information (CPNI) may include information regarding quantity, destination, technical configuration, location, amount of use and related billing information of telecommunications, interconnected and/or non-interconnected Voice over Internet Protocol (VoIP) services. This may include but is not limited to the phone numbers that you call or send messages to (or the phone numbers that you receive these calls and messages from) through our Products and Services. The date, time and duration of the calls may also be collected. This data is used for billing and service level assurance.

Vested Networks provides Products and Services that are primarily for the benefit of Customers and Subscribers in that Vested Networks transmits, routes, switches, or caches information. These Products and Services merely act as a conduit for data transmitted by third parties and Subscribers. Vested Networks does not determine the purposes and means of processing this personal information. Except for Subscriber data provided by the Customer (the Subscribers service provider) for which Vested Networks is merely providing a conduit for transmission, the subscribed services are of such a nature that, in most instances, Vested Networks requires and collects only essential CPNI and billing information; and opting out or declining to provide the requested data may hinder the provision or delivery of subscribed services. However, for CPNI data that is collected by Vested Networks that is not subject to the control of others, Vested Networks shall obtain consent from the user for the processing of this data.

Vested Networks collects end-user CPNI in the course of providing Product support. This data may pertain to Customers of Vested Networks or Subscribers (eg: end users of Vested Networks’ direct Customers). This data may include IP address, telephone number, email address, call detail records, call recordings and other information sufficient to identify an individual end user.

Indirect End User’s CPNI

Vested Networks acts as a data processor with regard to indirect end user personal information and our Customers act as the data controller of such data. In the course of Vested Networks’ processing and protection of such data, all use will be in conformity with the data controller’s instructions.

Direct End User’s CPNI

Vested Networks typically collects and processes direct end user (eg: Customers, vendors, and partners) personal information for the purposes of providing Products and Services, support, conducting data analytics and managing product performance.

Messaging, Voicemail, Video and Media Files

Vested Networks provides Products and Services that facilitate the recording and storage of audio and video by way of features such as, but not limited to voicemail, call and conference recording. Users may elect to store or record personal information within these resources at their discretion.

Anonymized, Non-Identifying Voice and Traffic Data

Vested Networks may use anonymized, non-identifying data collected from use of our Products and Services. This anonymized, non-identifying data may be used to enhance such items, but is not limited to, voice activation, improve traffic analysis algorithms and techniques, and recognition algorithms. This processing is executed under applicable terms and supports Vested Networks’ legitimate interests in tuning, maintaining, and enhancing these Products and Services.

How We Collect Information

When you use one of our Products or Services, Vested Networks collects, and stores certain information that you provide directly. We also collect information about your use of the Products and Services.

General Information about Cookies

A cookie (also known as an HTTP cookie, web cookie, or browser cookie) is a small piece of data sent from a website and stored in a user’s web browser while the user is browsing that website. Every time the user loads the website, the browser sends the cookie back to the server to notify the website of the user’s previous activity. Cookies were designed to be a reliable mechanism for websites to remember useful information (such as items in a shopping cart) or to record the user’s browsing activity (including clicking particular or specific buttons, logging in or recording which pages were visited by the user as far back as months or years ago).

Cookies and Similar Collection Methods

Vested Networks also collects technical information about your usage of the Products and Services, and we use various technologies to collect information about cookies, IP addresses, device type and device identifiers, application state and the date and time of activity with our Products and Services, and other similar information. Vested Networks may associate this information with your user identification and/or account number for our internal use.

Other Passive Site Tracking

Websites may also utilize Internet Protocol (IP) addresses and log files to identify network and server concerns and problems. Vested Networks also utilizes web beacons and other passive tracking mechanisms to perform standard website traffic analysis in a similar manner to how we utilize cookies.

Credit Card Information

Vested Networks only collects credit card information in order to bill for purchased or subscribed to Products and Services. Vested Networks utilizes third-party credit card payment processing agents (where these agents are required to implement reasonable and appropriate measures to protect and secure this information from loss or misuse) solely for the purpose of processing payments for those Products and Services purchased or subscribed to. These payment processors use of your personal information is governed by their privacy policies, as well as adhering to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like American Express, Visa, Mastercard, and Discover.

How does Vested Networks Utilize Cookies

Other Third-Party Cookies

On some pages of our websites, other organizations may also set their own anonymous cookies. They do this to track the success of their products and/or services, or to customize the experience for you. Because of how cookies function, our websites cannot access these Third-Party cookies, nor can the other organization access the data in cookies Vested Networks uses on our websites. For example, when you share an article or post using a social media sharing button (Facebook, LinkedIn, or other social media outlets) on Vested Networks.com, the social network that has created the button will record that you have done this.

Vendors, Suppliers, and Subcontractors

Vested Networks may collect personal information about individuals who are employed by our suppliers and vendors. This business contact and payment information are strictly used to administer existing and future business arrangements.

Others

Additional personal information may be collected, processed, and disclosed for the purposes for which it was collected and for legal compliance purposes, including regulatory reporting, investigation of allegations of wrongdoing, and the management and defense of legal claims and actions, and compliance with subpoenas, court orders, and other legal obligations. For example, we may collect information about individuals that visit our office or other facilities. When we do collect data, such collection shall be relevant, proportionate, and limited to the purposes for which they are processed.

Choice

Individuals will be offered a clear, conspicuous, and readily available mechanism to choose (opt-out) whether their personal information is (1) to be disclosed to a third party (other than a third party acting as an agent to perform tasks on behalf of and under the instruction of Vested Networks or (2) to be used for a purpose that is materially different than or incompatible with the purpose for which it was originally utilized or subsequently authorized by the individual.

Additionally, individuals will be offered a similar choice mechanism to give affirmative or explicit (opt in) choice whether their sensitive personal information is to be disclosed to a third party or used for a purpose other than the purposes for which it was originally collected or subsequently authorized by the individual by opt-in choice. However, explicit (opt in) choice is not required when the disclosure of the sensitive personal information is (1) in the vital interests of the individual or another person; (2) necessary for the establishment of legal claims or defenses; (3) required to provide medical care or diagnosis; (4) necessary to carry out the organization’s obligations in the field of employment law, or (5) related to personal information that is manifestly made public by the individual.

How We Use the Information We Collect

We use your information primarily and as necessary to provide you with the various Vested Networks Products and Services, including but not limited to one or more of the following ways: to create your accounts and allow use of our Products, to provide technical support and respond to Customer inquiries, to prevent fraud or potentially illegal activities, enforce our other agreements with you, to notify Customers of application updates, and to inform Customers about new products or promotional offers.

Sensitive Information

Vested Networks recognizes that for some sensitive information, affirmative express consent from individuals is required and must be obtained if such information is to be (i) disclosed to a third party or (ii) processed for a purpose other than those for which it was originally collected or subsequently authorized by the individuals through the exercise of opt-in choice. In addition, Vested Networks shall treat as sensitive any personal information received from a third party where the third party identifies and treats it as sensitive.

Service Portals

If you have created a user profile on any Vested Networks service portal (e.g.: Knowledge Base, Partner Portal, etc.), you may access and revise the personal information in your user profile when you log into your account. In general, these portals will only require minimal personal information that is necessary to provide and administer the service.

Marketing Materials

If you provide us with your email address or other business contact information to enable us to provide communications and information to you, we may use the information for providing such communications including the delivery of press releases and other Vested Networks marketing materials. You may request to no longer receive Vested Networks marketing communications by following the “unsubscribe” instructions in emails from Vested Networks or by sending a request to the contact identified below.

In the rare and unlikely event that Vested Networks wishes to use an individual’s personal information for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by the individuals; Vested Networks will seek consent in advance as required by applicable law.

Security of Your Information

We implement security measures we believe are reasonable to protect your information. It is important that you protect and maintain the security of your account and you need to immediately notify us of any unauthorized use of your account. Remember, no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot and do not guarantee its absolute security.

Protecting Personal Information

To help protect the confidentiality of personal information, Vested Networks employs security safeguards appropriate to the sensitivity of the information and in accordance with this Privacy Policy. These safeguards include reasonable administrative, technical, and physical measures to safeguard the confidentiality and security of personal information against anticipated threats and unauthorized access to personal information. No transfer of your personal information will take place to an organization unless there are adequate controls in place including the security of your data and other personal information. Additionally, we convey safeguard obligations to our agents who receive personal information from or on behalf of Vested Networks in the course of their relationship with our organization as described above in the section titled External Disclosure.

Sharing Your Information

We may disclose or report information that individually identifies Customers, Subscribers, or devices in certain circumstances, such as:

(i) if we have a good faith belief that we are required to disclose the information in response to a valid legal process (for example, a court order, search warrant or subpoena, or to defend or respond to legal actions, and as otherwise authorized by law, or in response to lawful requests by public authorities, including to meet national security or law enforcement requirements); (ii) to satisfy applicable laws, (iii) if we believe that the Products and Services are being used in an unauthorized, unlawful or abusive manner, such as to commit a crime, including to report such criminal activity or to exchange information with other companies and organizations for the purposes of fraud protection and credit risk reduction, (iv) if we have a good faith belief that there is an emergency that poses a threat to the health or safety of a person or the general public, (v) in order to protect the rights or property of Vested Networks, including enforcement of our Intellectual Property Rights and terms of the Agreement(s), and (vi) for all other purposes with your consent. We may also provide your information to third party companies to perform services on our behalf, including but not limited to payment processing, data analysis, message delivery, hosting services, customer service, and marketing.

If Vested Networks enters into a merger, acquisition or sale of all or a portion of its assets or business, Customer and Subscriber information, including personal information, will also be transferred as part of or in connection with the transaction as per applicable law.

Information Disclosure

Internal Disclosure

In general, personal information may be shared within Vested Networks, where legally permitted for reasonable and appropriate corporate purposes. However, even within Vested Networks, we restrict access to personal information to those employees, agents, or contractors who need access to carry out their assigned functions.

External Disclosure

Vested Networks uses vendors and partners for a variety of business purposes, such as to help us develop, deploy, and invoice for the various Products and Services we provide. We share information with those vendors and partners when it is necessary for them to perform work on our behalf. Vested Networks requires that these vendors and partners protect the customer information we provide to them and limit their use of such information to their respective processing activity. Vested Networks will only transfer or provide direct access to personal information covered by this policy to third parties that have made a commitment to respect the privacy rights of the data subject; limit processing of personal information to comply with data controller instructions; and provided Vested Networks contractual assurances that they will provide at least the same level of privacy protection as is required by applicable privacy laws.

Transfer of Data

Your information, including personal information, may be transferred to, and maintained on, computers, servers or other data storage located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction. If you reside outside the United States and choose to provide information to Vested Networks, please note that we transfer the data, including personal information, to the United States and process it there. As part of being communications software Audio Data, Messaging Data, Contacts, Location Data, and Image Data may be uploaded to Vested Networks servers and may be transmitted to third party servers.

Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

Data Integrity

Vested Networks employs reasonable means to keep personal information accurate, complete, and current, as needed for the purposes for which it was collected.

Retention of Data

Personal information collected by Vested Networks will be retained for as long as necessary and legally permitted for the purposes for which it was collected, to provide you with Products and Services, enforce our legal agreements and policies and to conduct our legitimate business interests or where otherwise required by law.

How to Access and Update Your Information

We generally provide individuals with an opportunity to examine their own personal information, confirm the accuracy and completeness of their personal information, and have their personal information updated, if appropriate.

The ability of an individual to access his or her personal information is not unlimited, however. An individual’s ability to access personal information may be limited, for example, where (i) the burden or expense of providing access would be unreasonable or disproportionate to the risks to the individual’s privacy, (ii) the information should not be disclosed due to legal or security reasons or to protect confidential commercial information; or (iii) providing access would compromise the privacy of another person.

If you have created a user profile on a portal, you may also access and revise the personal information in your user profile when you log into your account.

Third-Party Websites, Plugins or Widgets

Vested Networks websites, Products and/or Services may include social network or other third-party plugins and widgets not operated by us. Accessing these links to other sites is done at your own option and is not part of any Vested Networks’ offerings. Vested Networks has no control over and assumes no responsibility for the content, privacy policies or practices of any third-party sites or services. We strongly advise you to review each privacy policy provided at the respective site.

Health Insurance Portability and Accountability Act

The Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) is United States legislation that provides data privacy and security provisions for safeguarding medical information. Vested Network’s Services are, by default, not automatically enabled for HIPPA compliance thus the Customer’s use of same are also non-HIPPA compliant.

Customer agrees that it will not use the Products and Services to create, receive, transmit, maintain, store, use, disclose, or otherwise cause the Products and Services to handle Protected Health Information (“PHI”) as defined under HIPAA. Customer retains complete and full responsibility to ensure that the Products and Services are only applied to use-case scenarios where the Products and Services do provide the necessary level of security and privacy protections.

Customer also acknowledges and agrees that it is the Customer’s responsibility to request their Vested Networks Services be configured to be HIPPA complaint. The Customer must request HIPPA compliance on the initial proposal, or in writing any time after services are installed. HIPPA compliance only begins after Vested Network’s completes the required system settings and confirms this status with the Customer, which includes certain end-user configurations at the Customer’s location(s) along with Customer’s responsibility to train their employees to have suitable HIPPA knowledge to remain compliant.

CUSTOMER’S AGREEMENT TO THIS PROVISION IS A MATERIAL CONDITION OF MAKING THE PRODUCTS AND SERVICES AVAILABLE TO CUSTOMER. In addition to any indemnity requirements in these Terms, Customer shall indemnify, defend and hold harmless Company, Company Affiliates and all of the directors, officers, managers, partners, employees, agents, representatives, heirs, successors and assigns of Company and each of Company’s Affiliates against all actions, claims, losses, penalties, fines, assessments, administrative costs, credit protection costs, damages and expenses (including reasonable attorneys’ fees) arising out of Customer’s violation of the provisions of this section, caused in whole or in part by any act or omission of Customer, or of anyone employed by or acting as a subcontractor, representative or agent of Customer. Any limitation on liability set forth in the terms of the Master Services Agreement or any other agreement between Company or its Affiliates and Customer shall not apply to Customer’s liability under this provision.

California Privacy Rights

The California Data Protection Act (Cal. Civ. Code §§ 1798.83), also known as S.B. 27 “Shine the Light Law”, applies to a business that owns or retains California residents’ personal information and, requires such business to disclose to its California customers, upon request, the identity of any third parties to whom the business has disclosed personal information within the previous calendar year, along with the type of personal information disclosed, for the third-parties’ direct marketing purposes.

A business subject to California Business and Professions Code Section 22581 and the Privacy Rights for California Minors in the Digital World Act (Cal. Bus. & Prof. Code §§ 22580-22582) must allow California residents under age 18 who are registered users of online sites, services or applications to request and obtain removal or other forms of anonymization of content or information they have publicly posted. Your request should include a detailed description of the specific content or information to be so removed.

Our Products and Services do not address anyone under the age of 18 (“Children”). We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us. If we become aware that we have collected personal information from children without verification of parental consent, we take steps to remove that information from our servers.

Changes to Our Privacy Policy

Vested Networks reserves the right to change this Privacy Policy at our discretion subject to business or legal requirements. You are advised to review and check this Privacy Policy from time to time and particularly before you provide personal information to Vested Networks. Changes to this Privacy Policy are effective when they are posted on this page. By continuing to use our Products and/or Services you are agreeing to be bound by any changes or revisions made to this privacy policy.

Contacting Us

If you have any questions, comments, or concerns regarding our Privacy Policy or practices, please send an email to Info@Vested Networks.com.