Effective date: December 2nd, 2019
The practices described in this Statement may also apply to information you provide to us in writing or by telephone, such as when you contact our customer service staff. Personal information may include items such as your name, company name, email, address, and telephone number. Unless you provide it to us voluntarily, we do not collect personal information about you in connection with your use of these Sites.
- To help us recognize you as a unique visitor (just a number) when you return to our Sites
- To allow us to tailor content or advertisements to match your preferred interests
- To avoid requiring registration for access to Site content
- To develop leads for our sales organization and our business partners and provide direct marketing communications to you if you have consented to receive such communications
- To compile anonymous, aggregated statistics that allow us to understand how users interact with our site
- To help us improve the structure of our Sites
Certain information may be collected automatically as part of your use of these Sites, as well as from your transactions with us and our affiliates or non-affiliated third parties. This non-personal information is used to improve the overall Site operations, functionality and appearance. Non-personal information may include your web browser type, domain name, referring site, date/time and IP address, upon which you visited the Site.
Usage of Data
Personal information is used by the Company for the purpose for which it was submitted. For example, if you submit your email address and other information required to subscribe to our newsletter, we will use that personal information to send you our newsletter. We use your IP address to help diagnose problems with our server, and to administer the Site.
Retention of Data
Biscom will retain your data only for as long as is necessary for the purposes of the reason for collection. We will retain and use your data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.
Biscom Inc will also retain usage data for internal analysis purposes. Data will be disposed and destroyed of in accordance with industry best practices when no longer needed. Such practices may include shredding and permanent deletion from primary and backup media.
Legal Basis for Processing Personal Data Under General Data Protection Regulation (GDPR)
Biscom may process your personal data because:
- We need to perform a contract with you
- You have given us permission to do so
- The processing is in our legitimate interests and it’s not overridden by your rights
- To comply with the law
Transfer of Data
Your information, including personal data, may be transferred to and maintained on computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.
If you are located outside the United States and choose to provide information to us, please note that we transfer the data, including personal data, to the United States and process it there.
Your Data Protection Rights Under General Data Protection Regulation (GDPR)
If you are a resident of the European Economic Area (EEA), you have certain data protection rights. Biscom aims to take reasonable steps to allow you to correct, amend, delete, or limit the use of your personal data.
If you wish to be informed what personal data we hold about you and if you want it to be removed from our systems, please contact us.
In certain circumstances, you have the following data protection rights:
- The right to access, update or to delete the information we have on you
- You have the right to have your information rectified if that information is inaccurate or incomplete
- You have the right to object to our processing of your personal data
- You have the right to request that we restrict the processing of your personal information
- You have the right to be provided with a copy of the information we have on you
- You also have the right to withdraw your consent at any time to process your personal information
Please note that we may ask you to verify your identity before responding to such requests.
You have the right to complain to a Data Protection Authority about our collection and use of your personal data. For more information, please contact your local data protection authority in the European Economic Area (EEA).
Information Pertaining to Minors
We do not wish to collect personal information from minors (children under 18 years of age, or any other age defined under applicable law). If we become aware that a minor is attempting to or has submitted personal information via these Sites, we will notify the user that we may not accept his or her personal information. We will then delete any such personal information from our records.
Third Parties and Links
Linking: This Statement applies only to Biscom Sites. These Sites may include links to other third-party web sites including access to content, products and services of such affiliated and non-affiliated entities. Whenever you choose to access third party content via this site, you may be taken to the third-parties website. We urge you to familiarize yourself with the individual privacy and other terms for each linked site prior to submitting your Information.
Breach and Breach Notification
Breach: A data breach is an incident in which sensitive, protected or confidential data has potentially been viewed, stolen or used by an individual unauthorized to do so. Data breaches may involve personal health information (PHI), personally identifiable information (PII), corporate intellectual property or sensitive customer data.
All notifications required under this policy shall be made without unreasonable delay following the discovery period. Records will be kept of all individuals or entities that were notified. Notification target should not exceed 72 hours unless delay is requested by law enforcement or for national security purposes.
Disclosure of Information to Third Parties
Demographic and aggregate Information may be shared by us with partners. We make every reasonable effort to preserve user privacy. However, we reserve the right to disclose personal information when required or permitted by law and we have a good-faith belief that such action is necessary to comply with an appropriate law enforcement investigation, current judicial proceeding, a court order, or legal process served on us.
Notification of Changes
Opt-Out from Newsletters
Our emails provide users the opportunity to opt-out of receiving communications from us and our partners when you subscribe to our newsletter. You can always opt-out from receiving emails from us.
By using these Sites, you consent to the use, storage and disclosure of your information by us in the manner described in this statement. We reserve the right to make changes to this statement from time to time and will alert you to such changes via the notification procedure described in the preceding paragraph.
If you have questions or concerns regarding this statement, your choices and rights regarding such use, or wish to exercise your rights under GDPR or the California law (CCPA), please do not hesitate to contact us at:
ATTN: Privacy Office
10 Technology Park Drive
Westford, MA 01886
California Privacy Notice Addendum
Information We Collect
Our Websites collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“personal information”). In particular, our Websites have collected the following categories of personal information from its consumers within the last twelve (12) months:
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).
C. Protected classification characteristics under California or federal law.
D. Commercial information.
E. Biometric information.
F. Internet or other similar network activity.
G. Geolocation data.
H. Sensory data.
I. Professional or employment-related information.
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).
K. Inferences drawn from other personal information.
Personal information does not include:
- Publicly available information from government records.
- Deidentified or aggregated consumer information.
- Information excluded from the CCPA’s scope, like:
- health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
- personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.
Use of Personal Information
We may use or disclose the personal information we collect for one or more of the following business purposes:
- To fulfill or meet the reason you provided the information. For example, if you share your name and contact information to request a price quote or ask a question about our products or services, we will use that personal information to respond to your inquiry. If you provide your personal information to purchase a product or service, we will use that information to process your payment and facilitate delivery. We may also save your information to facilitate new product orders or process returns.
- To provide, support, personalize, and develop our Websites, products, and services.
- To create, maintain, customize, and secure your account with us.
- To process your requests, purchases, transactions, and payments and prevent transactional fraud.
- To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.
- To personalize your Website experience and to deliver content and product and service offerings relevant to your interests, including targeted offers and ads through our Websites, third-party sites, and via email or text message (with your consent, where required by law).
- To help maintain the safety, security, and integrity of our Websites, products and services, databases and other technology assets, and business.
- For testing, research, analysis, and product development, including to develop and improve our Websites, products, and services.
- To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
- As described to you when collecting your personal information or as otherwise set forth in the CCPA.
- To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Biscom, Inc.’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by Biscom, Inc. about our Website users is among the assets transferred.
Biscom, Inc. will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
Sharing Personal Information
Biscom, Inc. may disclose your personal information to a third party for a business purpose. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.
We share your personal information with the following categories of third parties:
- Service providers.
Disclosures of Personal Information for a Business Purpose
In the preceding twelve (12) months, Company has disclosed the following categories of personal information for a business purpose:
Category A: Identifiers.
Category B: California Customer Records personal information categories.
Category D: Commercial information.
Category F: Internet or other similar network activity.
Category G: Geolocation data.
We disclose your personal information for a business purpose to the following categories of third parties:
- Service providers.
Sales of Personal Information
In the preceding twelve (12) months, Biscom has not sold personal information.
Your Rights and Choices
The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.
Access to Specific Information and Data Portability Rights
You have the right to request that Biscom, Inc. disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, and Deletion Rights), we will disclose to you:
- The categories of personal information we collected about you.
- The categories of sources for the personal information we collected about you.
- Our business or commercial purpose for collecting or selling that personal information.
- The categories of third parties with whom we share that personal information.
- The specific pieces of personal information we collected about you (also called a data portability request).
- If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
- sales, identifying the personal information categories that each category of recipient purchased; and
- disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
Deletion Request Rights
You have the right to request that Biscom, Inc. delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, and Deletion Rights), we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
- Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
Exercising Access, Data Portability, and Deletion Rights
To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by either:
- Calling us at 978-250-1800, or
- Email at [email protected]
- Sending a letter to us at Biscom, Inc., Attn: Privacy Office, 10 Technology Park Drive, Westford, MA 01886
Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.
Making a verifiable consumer request does not require you to create an account with us.
We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
For instructions on exercising sale opt-out rights, email [email protected]
Response Timing and Format
We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.
If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.
Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your personal information’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt in consent, which you may revoke at any time.
Other California Privacy Rights
California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our Websites that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to [email protected].