Last Updated: January 25, 2024
Biscom, Inc. dba Biscom (“we”, “us”, or “our”) operates Biscom.com (collectively with all Biscom.com subdomains and customer portals, our “website”) and provides modern enterprise fax, secure file transfer, workflow, and document management solutions (our “services”).
Here at Biscom, it is our objective to respect the privacy of our customers, their end users, and the individuals they interact with in the course of operating their business. In furtherance of that goal, this Privacy Notice explains how we collect, use, disclose, and otherwise process personal information in connection with our services. This Privacy Notice is not a contract and does not create any legal rights or obligations.
What is Personal Information?
When we use the term “personal information” in this Privacy Notice, we mean information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, to an individual. It does not include aggregated or deidentified information that is maintained in a form that is not reasonably capable of being associated with or linked to an individual.
Data protection laws sometimes differentiate between “controllers” and “processors” of personal information. A “controller” determines the purposes and means (or the why and the how) of processing personal information. A “processor”, which is sometimes referred to as a “service provider,” processes personal information on behalf of a controller subject to contractual restrictions.
Our customers rely on our services to help them manage and process large amounts of data, which may include personal information, spanning across geographic regions. We refer to this type of data and personal information as “Customer Data.” When we process Customer Data, we generally act as a processor. This means we process Customer Data on behalf of our customers subject to restrictions set forth in our contracts with them.
This Privacy Notice does not cover or address how we or our customers process Customer Data. In addition, we are generally not permitted to respond to individuals’ requests relating to Customer Data. As a result, we recommend referring to the privacy notice of the customer with which each individual has a relationship for information on how they engage processors, like us, to process Customer Data on their behalf.
Our Collection of Personal Information
In connection with our services, we collect personal information provided to us directly by individuals, automatically when an individual interacts with or uses our services, and from other sources and third parties.
Personal Information Individuals Provide to Us
We may collect the following personal information individuals provide in connection with our services:
- Contact Information, including full name, email address, mailing address, and phone number.
- Professional Information, including job title; job function; company name, mailing address, and characteristics; professional background; education; and nature of the relationship with us.
- Account Information, including account number, username, and account configurations.
- Service Information, including services of interest, services ordered, assigned service numbers, and details of transactions individuals carry out in connection with our services.
- Payment Information, including credit or debit card number, expiration date, security code, and billing address (which we collect and process through third-party payment processing providers).
- Testimonial Information, including name, employer, and the testimonial statement regarding our services.
- Inquiry information, such as the content of emails, texts, communications with our chatbot (provided by our vendor), or other communications and, where permitted by law, recordings of calls and other communications with us.
- Feedback Information, including information provided in response to surveys we may conduct for research purposes, or unsolicited feedback received regarding our services.
Personal information also includes Customer Proprietary Network Information (“CPNI”) which is created by virtue of your relationship with us when you subscribe to our cloud fax solution. CPNI includes any information that relates to the cloud fax services purchased, quantity, technical configuration, type, destination, location, and amount of use of our cloud fax service, such as fax calling detail, logs, and specifics regarding your cloud fax account (such as billing information). Please note that by law, CPNI does not include customer’s name, postal address, or telephone number. We will also use this same personal information for the installation, troubleshooting, maintenance of the service, and servicing of equipment.
Where an individual chooses to contact us, we may need additional information to fulfill their request or respond to their inquiry. We may provide additional privacy disclosures where the scope of the inquiry/request or the personal information we require fall outside the scope of this Privacy Notice. In that case, the additional privacy disclosures will govern how we may process the information the individual provides at that time.
Personal Information We Collect Automatically
As individuals navigate through and interact with our online services, we automatically collect certain personal information about the equipment used to access our online services and each individual’s interactions with our online services, including:
- Analytics Data, including the electronic path individuals take to our services, through our services and when exiting our services, as well as their usage and activity on our services, such as the links and objects viewed, clicked or otherwise interacted with, and their interactions with our emails and other communications.
- Log Data, including IP address, operating system, browser type, browser id, date/time of visit, and the online services that were visited.
- Location Data, including general geographic location based on IP address.
Personal Information We Collect from Other Sources and Third Parties
We also obtain personal information from other sources, which we often combine with personal information we collect either automatically or directly from individuals.
We receive the same categories of personal information as described above from the following sources and third parties:
- Affiliates: We may receive personal information from other companies owned or controlled by Biscom, and other companies owning or under common ownership with Biscom. This includes any subsidiaries (i.e., any organization we own or control) or our parent company (i.e., any organization that owns or controls us) and any subsidiaries it owns.
- Employers: We may obtain personal information from an individual’s employer. For example, we may obtain an individual’s contact information from their employer to allow us to communicate with the individual about their employer’s customer relationship with us.
- Service Providers and Business Partners: Our service providers that perform services solely on our behalf, such as email marketing providers, and other business partners, such as payment processors, collect personal information and often share some or all of this information with us in connection with the facilitation of our services.
- Social Media and Professional Networks: When an individual interacts with us through various social media and professional networks, such as when someone communicates with us through LinkedIn, we may receive some information about the individual that they permit the network to share with third parties. The data we receive is dependent upon an individual’s privacy settings with the network. Individuals should always review and, if necessary, adjust their privacy settings on third-party websites and networks before sharing information with us or the social media and professional network platform.
- Information Providers: We may from time to time obtain information from third-party information providers to correct or supplement other personal information we collect. For example, we may obtain updated contact information from third-party information providers to connect or reconnect with individuals.
- Publicly Available Information: We may also collect personal information from publicly available sources, such as government records or publicly available websites, to supplement other personal information we collect.
Our Use of Personal Information
We use personal information we collect to:
- Communicate with Others: We use personal information like contact information, professional information, and inquiry information to communicate with customers and other individuals about our services, including to inform customers about new features, solicit feedback, respond to inquiries, or keep customers up to date with what’s going on with Biscom and our services. Some of these communications may include marketing materials.
- Provide Our Services: We use personal information like account information and service information to create, maintain, improve, and otherwise operate our services. For example, we may use account information to provide a customer access to the customer portal, or service information to set up a customer’s cloud fax account.
- Facilitate Partner Integration: We use personal information like account information and service information to facilitate the integration of our services with our third-party business partners where a customer accesses our services through such an integration. For example, we may notify our business partners once a shared customer successfully establishes a connection with our services through the integrated service the customer is leveraging.
- Process Payments: We use personal information like account information, service information, and payment information to process a customer’s payments in connection with our services. As disclosed in connection with this payment process, subscription payments may automatically be incurred prior to each subscription period. Please contact [email protected] department for cancellation of services.
- Aggregate Information: We may aggregate personal information so that it can no longer be used to identify or relate to a specific individual. We use aggregated information internally to improve our services and externally as part of our services. For example, we may develop and publish reports on aggregated service usage.
- Otherwise Operate Our Business: We use personal information (including contact information, professional information, account information, analytics data, log data, and location information) to otherwise operate our business, including to:
- Identify and communicate with individuals who may be interested in our services;
- Identify, analyze, and optimize customer experience with our services;
- Remember individuals and the choices they have made in relation to our services;
- Connect individuals to requests and transactions they make on our website or through our services;
- Diagnose errors and problems with existing services;
- Develop and test new services, as well as evaluate and improve existing services;
- Conduct research and analytics on service usage and analytics trends;
- Deliver marketing communications and advertisements based on individual interests and interactions with us;
- Publicize reported customer service experiences from customers who choose to provide testimonials;
- Carry out our obligations and enforce our rights arising from law or any contracts entered into between an individual (or their employer) and us;
- Help maintain the safety, security, and integrity of our property, services, and business;
- Prevent, investigate, or provide notice of fraud or unlawful or criminal activity;
- Facilitate business transactions and reorganizations impacting the structure of our business;
- Fulfill any other purpose for which an individual expressly provides personal information or otherwise provides their consent; and
- Exercise or Comply with Legal Obligations and Rights: We use personal information to exercise or comply with legal obligations and rights.
Our Disclosure of Personal Information
We disclose personal information in the following ways:
- Biscom Affiliates: Biscom discloses personal information to other companies owned or controlled by Biscom, and other companies owning or under common ownership with Biscom. This includes any subsidiaries (i.e., any organization we own or control) or our parent company (i.e., any organization that owns or controls us) and any subsidiaries it owns.
- Employers: When an employer provides their employees with a subscription to or other access to our services, we may share personal information about these employees with their employer. For example, we may provide the employer a list of employees who have signed up to be users of our services or produce reports on general usage metrics to help the employer determine proper allocation of subscription accounts.
- Data Analytics Providers: We share information with data analytics providers who analyze statistics and trends relating to the usage of and activity relating to our services. These data analytics providers produce reports and make suggestions for our customer and business strategy based on the personal information and other information analyzed.
- Marketing Partners: We coordinate and share personal information with our marketing partners to communicate with individuals about the Platform Services and Professional Services we make available.
- Business Partners. We share personal information with third-party business partners for purposes of facilitating the integration of our services with our third-party business partners’ services where a customer accesses our services through such an integration.
- Payment Processors: We share personal information with or direct customers to provide personal information to payment processors who process payment for services on our behalf.
- Service Providers: We engage third parties to perform certain functions in connection with our services, including website hosting, communications facilitation, and technology support. Depending on the function the third party serves, the service provider may process personal information on our behalf or have access to personal information while performing functions on our behalf, subject to restrictions we impose on our service providers.
- Business Transaction or Reorganization: We may take part in or be involved with a corporate business transaction, such as a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us is among the assets transferred. We may disclose personal information to a third party during negotiation of, in connection with, or as an asset in such a corporate business transaction.
- Legal Obligations and Rights: We may disclose personal information to third parties such as legal advisors and law enforcement:
- In connection with the establishment, exercise, or defense of legal claims;
- To comply with any court order, law, or legal process, including to respond to any government or regulatory request;
- To enforce or apply our agreements;
- If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Biscom, our customers, or others;
- To detect, suppress, or prevent fraud;
- To reduce credit risk and collect debts owed to us;
- As otherwise required by applicable law;
- Otherwise with Consent or Direction: We may disclose personal information about an individual to certain other third parties or the general public with the individual’s consent or otherwise at their direction. For example, we may obtain consent to post a quote about our services or an individual’s testimonial to our public website or we may obtain your opt-in approval to disclose CPNI to third parties that do not provide communications-related services.
Protection of Personal Information
Biscom endeavors to protect the privacy of your account and other personal information using reasonable administrative, technical and physical security measures. However, Biscom cannot and does not guarantee complete security. Unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of personal information at any time. Your account is protected by a User ID and password for your privacy and security. It is your responsibility to prevent unauthorized access to your account and personal information by selecting and protecting your password and/or other sign-on mechanism appropriately and limiting access to devises and browsers by signing out after you have finished accessing your account. You understand, acknowledge and agree that you are solely responsible for any use of the service via your username and password.
Additionally, if you contact us via Website, telephone or in person, we will ask you for verification of your identity and account.
We will not send an email or text, nor should you respond to any email or text communication asking for any sensitive or confidential personal information, such as bank account or credit card account number. If you receive an email or text requesting any such information from us or someone that claims they are Biscom, please contact us at [email protected].
Personal Information Rights. Certain jurisdictions grant individuals rights in relation to the personal information collected and processed about them. Depending on your jurisdiction and applicable law, you may be able to request to exercise the following rights in relation to the personal information we maintain about you:
|The right to request confirmation regarding whether we process personal information about you and certain details about the personal information we may process.
|The right to request access to and obtain a copy of personal information we maintain about you, including a copy of the data in an easily accessible format that you can transmit to a third party.
|The right to request that we correct or update any personal information about you that is inaccurate or incomplete.
|Restriction of Processing
|The right to request that we limit the purposes for which we process your personal information, including to restrict our ability to sell your personal information, conduct cross-context behavioral advertising, or continue to process your personal information if such continued processing is not justified, such as where the accuracy of the personal information is contested by you.
|Objection to Processing
|The right to object to our processing of your personal information, such as where we are processing your personal information for marketing purposes or where you believe there is no compelling and legitimate interest for the processing.
|The right to request the deletion or erasure of personal information about you. Please note we may need to close your account with us in order to fully delete your personal information.
|The right not to receive retaliatory or discriminatory treatment for exercising any of the rights described above.
To submit a request, please contact us at [email protected] specifying your jurisdiction and the right you are seeking to exercise. We may need to verify your identity before processing your request, which may require us to obtain additional personal information from you. Withdrawal of Consent. Where we rely on your consent for processing of your personal information, you may be able to withdraw your consent to such processing, subject to certain limitations at law. Please contact us at [email protected] if you would like to withdraw your consent from certain specific processing of your personal information.
Communication Preferences. You can stop receiving promotional communications from us by following any available opt-out instructions in the promotional communications you receive (such as by clicking the “unsubscribe” link provided in promotional email communications) or by contacting us at [email protected]. We make every effort to promptly process all opt-out requests. Please note we may continue to send you non-promotional, service-related communications (e.g., account verification, transactional communications, changes/updates to features of the service, technical and security notices) even after you opt out of promotional communications.
Cookies and Related Technologies
Overview of Cookies
If an individual would prefer not to accept cookies on our website and online services, then they should not use our website. Alternatively, most browsers will allow an individual to: (i) change their browser settings to notify the individual when they receive a cookie, which lets the individual choose whether or not to accept it; (ii) disable existing cookies; or (iii) set their browser to automatically reject cookies. Please note that doing so may negatively impact the experience on our website and other online services, as some features and offerings may not work properly or at all. Depending on the individual’s device and operating system, an individual may not be able to delete or block all cookies. In addition, if the individual wants to reject cookies across all browsers and devices, they will need to do so on each browser on each device they actively use. The individual may also set their email options to prevent the automatic downloading of images that may contain technologies that would allow us to know whether they have accessed our email and performed certain functions with it.
Additional Choice Relating to Third-Party Advertising Cookies
Please note certain of our third-party providers may directly collect personal information about an individual’s online activities over time and across different websites when individuals use our website or other online services for purposes of providing online behavioral or interest-based advertising services to third parties. We support the self-regulatory principles for online behavioral advertising (“Principles”) published by the Digital Advertising Alliance (“DAA”). These Principles allow individuals to exercise choice regarding the collection of information about their online activities over time and across third-party websites for online interest-based advertising purposes.
More information about the DAA Principles can be found at DAA’s website, youradchoices.com. If an individual wants to opt out of receiving online interest-based advertisements on their internet browser from advertisers and third parties that participate in the DAA program and the related Network Advertising Initiative (“NAI”) program and perform advertising-related services for us and our advertising partners, they can follow the instructions by DAA and NAI on its website, networkadvertising.org, to place an opt-out cookie on their device indicating that they do not want to receive interest-based advertisements. Opt-out cookies only work on the internet browser and device they are downloaded onto. If an individual wants to opt out of interest-based advertisements across all browsers and devices, they will need to opt out on each browser on each device they actively use. If the individual deletes cookies on a device generally, they will need to opt out again.
To opt out of receiving online interest-based advertisements from advertisers and third parties that participate in the DAA program on mobile apps, an individual can follow the instructions provided by DAA.
Children’s Personal Information
Our website and online services are not directed to, and we do not intend to, or knowingly, collect or solicit personal information from children under the age of 16. If you are under the age of 16, please do not use our website or online services or otherwise provide us with any personal information either directly or by other means. If a child under the age of 16 has provided personal information to us, we encourage the child’s parent or guardian to contact us to request that we remove the personal information from our systems. If we learn that any personal information we have collected or received has been provided by a child under the age of 16, we will promptly delete that personal information. If you believe we might have any personal information from or about a child under the age of 16, please contact us at [email protected].
We may choose or be required by law to provide different or additional disclosures relating to the processing of personal information about residents of certain countries, regions, or states. Please refer below for disclosures that may be applicable to you.
Our services may include links to third-party websites, plug-ins and applications. Except where we post, link to, or expressly adopt or refer to this Privacy Notice, this Privacy Notice does not apply to, and we are not responsible for, any personal information practices of third-party websites and online services or the practices of other third parties. To learn about the personal information practices of third parties, please visit their respective privacy policies.
Changes to Our Privacy Notice
It is our policy to post any changes we make to our Privacy Notice on this page. If we make material changes to this Privacy Notice, we will notify individuals by prominent posting on our online services, or through other appropriate means. All changes shall be effective from the date of publication unless otherwise provided. The date the Privacy Notice was last revised is identified at the top of the page. You are responsible for periodically visiting this Privacy Notice to check for any changes.
If you have any questions or requests in connection with this Privacy Notice or our privacy practices, please contact us at: [email protected].
Additional California Privacy Disclosures
California Privacy Notice Last Updated: February 27, 2023
These Additional California Privacy Disclosures (the “CA Disclosures”) supplement the information contained in our Privacy Notice and apply solely to individual residents of the State of California (“consumers”).
These CA Disclosures provide additional information about how we collect, use, disclose and otherwise process personal information of individual residents of the State of California within the scope of the California Privacy Rights Act of 2020 (“CPRA”).
Unless otherwise expressly stated, all terms in these CA Disclosures have the same meaning as defined in our Privacy Notice or as otherwise defined in the CPRA.
Scope of Disclosures
When we use the term “personal information” in these CA Disclosures, we mean information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. It does not include information that is made publicly available from government records, that is deidentified or aggregated such that it is not reasonably capable of being associated with an individual, or that is otherwise excluded from the CPRA’s scope.
These CA Disclosures also do not apply to information relating to our employees, contractors, applicants and other personnel. In addition, we often act as a “service provider,” as defined in the CPRA, processing personal information on behalf of our customers, and these CA Disclosures do not apply to the personal information processing we perform as a service provider.
Collection and Use of Personal Information
In the last 12 months we have collected and disclosed for a business purpose the following categories of personal information:
- Identifiers, such as full name, account number, and IP address.
- California Consumer Personal Information (Cal. Civ. Code § 1798.140), such as email address, mailing address, phone number, account information, and payment information.
- Commercial Information, such as service information and payment information, including services of interest or orders made in connection with our services.
- Internet/Network Information, such as log data (including operating system and browser type) and analytics data (including usage and activity on our website and online services)
- Geolocation Data, such as general geographic location based on IP address.
- Professional/Employment Information, such as job title, job function, company name and characteristics, professional background, and nature of the relationship with us.
- Sensory Information, including recordings of calls and meetings with us, where permitted by law.
- Other Personal Information, such as testimonial information, inquiry information, feedback information, and any other personal information an individual chooses to provide us.
- Inferences, such as predictions about which services may be of interest to an individual and their employer.
We collect this information directly from individuals, their browser or device when they interact with our services, our affiliates, an individual’s employer, our service providers and business partners, social media and professional networks, information providers and other publicly available sources. For more information about the personal information that we collect and how we collect it, please refer to the Our Collection of Personal Information section of our Privacy Notice.
We collect personal information from and about individuals for a variety of purposes. For example, we use personal information to communicate with customers about our services, to provide customers with our services, to facilitate partner integrations, to process payments, and to otherwise operate our business. For more information about our use of Personal Information, please refer to the Our Use of Personal Information section of our Privacy Notice.
Disclosure and Sale of Personal Information
As further described in the Our Disclosure of Personal Information section of our Privacy Notice, we disclose personal information to third parties for business purposes and we may sell personal information to third parties, subject to the right to opt-out of those sales as described in the California Privacy Rights section below.
Disclosure for Business Purposes
In the last 12 months, we have disclosed for business purposes all categories of personal information outlined above to the following categories of recipients: Affiliates, Employers, Data Analytics Providers, Marketing Partners, Business Partners, Payment Processors, Service Providers, and certain other third parties where individuals have provided consent or direction, or where we are complying with law or protecting our rights (such as to our legal advisors).
Sale of Personal Information
As is common practice among companies that operate online, in the last 12 months, we have allowed certain third-party providers to collect information about consumers directly through our website and other online services for purposes of analyzing and optimizing our services, delivering ads, providing content and ads that are more relevant, measuring statistics and the success of ad campaigns, and detecting and reporting fraud. As a result of this practice, in the last 12 months, we have sold the following categories of personal information to these third-party providers, subject to each consumer’s settings and their right to opt-out:
- Identifiers, such as IP address.
- Commercial Information, such as service information, including services of interest or orders made in connection with our services.
- Internet/Network Information, such as log data (including operating system and browser type) and analytics data (including usage and activity on our website and online services)
- Geolocation Data, such as general geographic location based on IP address.
Since our services are not directed to, and we do not intend to, or knowingly, collect or solicit personal information from children under the age of 16, we do not sell personal information of consumers we know to be under the age of 16.
For more information about how we otherwise disclose personal information, please refer to the Our Disclosure of Personal Information section of our Privacy Notice.
Your California Privacy Rights
As a California resident, you may be able to exercise the following rights in relation to the personal information about you that we have collected (subject to certain limitations at law):
|The Right to Know
You have the right to request any or all of the following information relating to the personal information we have collected about you or disclosed in the last 12 months, upon verification of your identity:
|The Right to Request Deletion
|You have the right to request the deletion of personal information that we have collected from you, subject to certain exceptions.
|The Right to Opt Out of Personal Information Sales
|You have the right to direct us not to sell personal information we have collected about you to third parties now or in the future.
|The Right to Non-Discrimination
|You have the right not to receive discriminatory treatment for exercising any of the rights described above.
However, please note that if the exercise of the rights described above limits our ability to process personal information (such as in the case of a deletion request), we may no longer be able to provide you our products or services or engage with you in the same manner.
How to Exercise Your California Privacy Rights
To Exercise Your Right to Know or Right to Deletion
Please submit a request by:
- Emailing [email protected] with the subject line “California Rights Request”
We will need to verify your identity before processing your request. In order to verify your identity, we will generally either require the successful login to your account or the matching of sufficient information you provide us to the information we maintain about you in our systems. Although we try to limit the personal information collected in connection with a request to exercise the right to know and/or the right to deletion to that personal information identified in our Privacy Notice, certain requests may require us to obtain additional personal information from you. In certain circumstances, we may decline a request to exercise the right to know and/or right to deletion, particularly where we are unable to verify your identity.
To Exercise Your Right to Opt Out of Personal Information Sales
Please follow the instructions set forth below:
- Other Sales: Although we do not currently engage in other sales of personal information, you may exercise your right to be added to our Do Not Sell My Personal Information List by emailing [email protected] with the subject line “Do Not Sell My Personal Information” or calling (800) 914-4382.
You do not need to create an account with us to exercise your right to opt out of personal information sales. However, we may ask you to provide additional personal information so that we can properly identify you in our dataset and to track compliance with your opt out request. We will only use personal information provided in an opt out request to review and comply with the request. If you chose not to provide this information, we may only be able to process your request to the extent we are able to identify you in our data systems.
Once you make an opt-out request, you may change your mind and opt back in to future personal information sales at any time by contacting us at [email protected].
To Submit a Request as an Authorized Agent
In certain circumstances, you are permitted to use an authorized agent (as that term is defined by the CCPA) to submit requests on your behalf through the designated methods set forth above where we can verify the authorized agent’s authority to act on your behalf by:
- For requests to know or delete personal information:
- Receiving a power of attorney valid under the laws of California from you or your authorized agent; or
- Receiving sufficient evidence to show that you have:
- Provided the authorized agent signed permission to act on your behalf;
- Verified your own identity directly with us pursuant to the instructions set forth in these CA Disclosures; and
- Directly confirmed with us that you provided the authorized agent permission to submit the request on your behalf.
- For requests to opt out of personal information sales: Receiving a signed permission demonstrating your authorized agent has been authorized by you to act on your behalf.
We may deny a request in the event we are not able to verify the authorized agent’s authority to act on your behalf.
We offer consumers the opportunity to obtain demonstrations, case studies, and other resources related to our services. To obtain access to these resources, we often require consumers to provide us with personal information, including contact information and certain professional information. Consumers providing an email address to obtain these resources will be automatically signed up to receive email updates from Biscom. We have determined in good faith that the value of the personal information we receive from each individual and the relationship we establish is reasonably related to the value of the resources we provide. Consumers may opt out of receiving updates from Biscom by following any available opt-out instructions in the communications you receive, or by contacting us at [email protected]. Please note we may continue to send consumers non-marketing communications even after they opt-out.