NOTE: Customer information under Regulation (EU) 679/2016, Article 13
In accordance with Regulation (EU) 679/2016 Article 13, connexcom AG (hereinafter “Connexcom”), as the Data Controller, hereby informs you that your personal data, and your or your underage children’s special categories of personal data (EU Regulation Article 9), if any, provided by you shall be processed in a pertinent and transparent manner, and in compliance with the principles of lawfulness and necessity under the current governing regulations.
You trust us with your information when you use Connexcom’s all-in-one communication applications (“conNEXT” and “conSEC”) and services (the “Services”). Therefore it is important to us that you understand what information we collect, what we do with it, and why.
Our aim is to use your information to make the Services more efficient, easy to use, to understand what further Services we could offer you, and, of course, to avoid misuse and fraud.
The communications with our Services are secured with military grade end-to-end encryption for voice over IP calls, individual messages, group messages, and attachment sharing (photos, video and documents). For each communication new encryption keys are generated and stored on your mobile device and the mobile device of your conNEXT-conSEC counterparty. And no one, not even Connexcom itself, has access to those encryption keys. For further information on the technical aspects of our security please check our website.
We strive to collect the minimum information required to achieve the purposes set out in this Policy.
2. Where Information is Collected
a) Registration and Account Information
Registering with conNEXT-conSEC and using our Services you can provide us with personal information such as, for instance your phone number and when necessary billing information. Accordingly you might not be anonymous to us and your name if provided and profile picture will be stored on our servers.
When you install conNEXT-conSEC you will be asked to allow the application to access to the contacts stored in your mobile device. Your contact information will never leave your phone. conNEXT-conSEC will use a one-way mathematical function (known as hash) to allow us to match your contacts’ phone numbers with existing users. This way we can tell you who of your friends is also using our Services without transferring any private data to our servers.
b) Usage Activity Information
Using our Services, we might collect and store some information so that you can use the installed application and provided services for example information related to your connection. We will be receiving additional information such as for instance recommendations you viewed and coupons you stored and used by using the Services.
Please note that the activity information is used to allow you to use the selected services and will not be passed to 3rd parties for any other reason.
c) Mobile Device related Information
Using our Services we may also collect information related to your mobile device such as information about the operating system of your device and your operating system language.
d) Information from/to Other Sources
3. What Information is Used and Retained for
The information we collect when you use the Services shall ensure your use of conNEXT. Your information is retained by us for as long as we need it to continuously improve our Services and provide you with new, additional ones. Accordingly, we may use your information for the following purposes:
a) Make our Service available
The information from your registration and usage of Services is used to (i) register you with conNEXT-conSEC and create your conNEXT-conSEC Account; (ii) create your profile; (iii) optionally process your payments; (iv) provide you with customer service, give you information about your conNEXT Account and respond to your requests; (v) personalize your experience by providing content on the Service optionally including advertising of Services and other third party services that we believe may be of interest to you; (vi) improve the Services and make them safer, more efficient and customized; (vii) indicate which of your contacts are already using conNEXT-conSEC, (viii) display the name of the contact as it appears in your address book when a call is received, and (ix) sync your contacts with conNEXT-conSEC. If you deactivate your conNEXT-conSEC Account all data including contacts will be permanently deleted.
b) Improve our Services
conNEXT-conSEC uses service log information and usage information to better understand network behavior and trends, detect potential outages and technical issues and to improve our Services. We may keep the log information as needed for this as wells as for legal purposes. We use aggregate information about our users and non-personal information to analyze our Services and user behavior and prepare aggregated reports.
c) Transactions – Process Payments
If you initiate a transaction through the Service, such as a purchase of Points, we may collect and store information about you, such as your name, address, email, and payment information (such as a credit card number and expiration date), as well as any other information you provide to us, in order to process your transaction, send communications about them to you. This information may be shared with third parties, and third parties may share such information with us, for the same purposes. When you submit credit card numbers, we encrypt that information using industry standard technology. We may use your Information to process your payments for our Services through a third-party service provider and on an aggregate basis to determine charges for our carriers and other service providers.
d) Prevent Fraud and Law Enforcement
e) Legal Basis for Processing
For residents of the European Economic Area (EEA) and Switzerland only, our legal basis for collecting and using the information described above will depend on the specific information concerned and the context in which we collect it. However, we will normally collect personal information from you only where we have your consent to do so, where we need the personal information to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person (for instance, to prevent, investigate, or identify possible wrongdoing in connection with the Service or to comply with legal obligations). If we ask you to provide personal information to comply with a legal requirement or to perform a contact with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information). If we collect and use your personal information in reliance on our legitimate interests (or those of any third party), this interest will typically be to operate our Services, communicate with you in relation to our Services, or for our other legitimate commercial interests, for instance, when responding to your queries, to analyze and improve our platform, engage in marketing, or for the purposes of detecting or preventing fraud. If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us at the address listed below in the “Contact” section.
f) Communicate With You
We may use your information to contact you to maintain the Services, including your conNEXT-conSEC Account, to comply with your stated communication preferences, or to provide updates about other Services.
Unless otherwise specified, information remains with us as long as it is necessary and relevant for us to achieve the purposes referred to above or to enable us to comply with our legal obligations.
Connexcom shares your information with third-parties for the purposes listed above, in the following circumstances:
a) Third-Party Providers
We may disclose your information to service providers and other third-parties we work and/or partner with for our Services or who provide their services or content via our Services such as for instance payment processing or advertising. These third-parties are required to secure the data they receive, so that your information is kept private.
b) Law Enforcement and Other Authorized Third-Parties
We may disclose your information to law enforcement, governmental agencies, or authorized third-parties, in response to a formal request relating to terror acts, criminal investigations, or alleged illegal activity or any other activity that may expose us, you, or any other conNEXT member to legal liability.
c) Change of Control, New Ownership
5. Accessing, Reviewing, and Amending Your Personal Information
6. Privacy Rights – controlling your data
Depending on the jurisdiction you reside in, you may have certain rights, in accordance with applicable laws, concerning your personal data, including the right to request to access your personal data; to have your personal data corrected or erased or restricted; and the right to object to the use of your personal data for marketing purposes.
If you are a resident of the EEA or Switzerland, you have the right to access, correct, update or request deletion of your personal information. You can object to the processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information. Similarly, if we have collected and process your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent. You also have the right to opt-out of marketing communications we send you at any time. The Service generally provides you with a reasonable means to view and change your profile information and you can opt-out of marketing communications at any time by removing the application from your mobile or other devise. However, if you have any questions or concerns about the processing of your personal information, you may contact us as outlined in the “Contact” section below. Please note that connexcom AG, a company established and resident under the laws of the Switzerland, is the “data controller” responsible for protecting your personal data related to the Service.
7. Third-Party Websites
We maintain technical, physical, and administrative security measures to protect the security of your personal information against misuse, unauthorized access, disclosure, or alteration. This includes firewalls, data encryption, physical access controls to our data centers and information access authorization controls.
Our Services are not intended for children under the age of 12. Accordingly, we do not intend to collect personal information through conNEXT and our Services from anyone under 12 years. We do not knowingly collect personal information from children under 12 resident in the EEA or Switzerland. If you become aware that such a child has provided us with personal information without parental consent, please contact us. If we become aware that such a child under 12 has provided us with personal information without parental consent, we take steps to remove such information and terminate the child’s account.
10. International Data Transfer
Connexcom is operating internationally. We provide our Services to conNEXT-conSEC users worldwide, allowing them to communicate with each other across the globe. Consequently your information may need to be processed in countries where data protection and privacy regulations do not offer the same level of protection as in your home country.
We may update this Policy from time to time to better our Services and ad new interesting ones for you. You agree that we may notify you about material changes how we treat personal information by notifying you through our Services.
We will take such steps as we deem necessary to confirm your identity before sharing any personal data with you. We will respond to proper and confirmed requests relating to personal data within 30 days, or as otherwise required by applicable law.
21st February 2019