Last Updated May 2018
vMOX is committed to comply with General Data Protection Regulation (GDPR) and to help our customers with their own compliance. vMOX is rolling out this update to facilitate its customers’ compliance assessment and GDPR readiness.
Does the GDPR apply to me?
Yes, it does if you want vMOX to process personal data of EU citizens that are your end users. For instance, processing information of EU citizens, who utilize and can be identified through the information you provide to us, will require us to comply with the GDPR.
Will I need to provide any information to vMOX?
The GDPR requires vMOX to maintain records of certain information, including the contact details of your EU representative (if your organization is not established in the EU) and Data Protection Officer, where applicable.
For the purposes of this Policy, vMOX defines the following terms:
- Customer” means an entity with which vMOX has an established relationship;
- “End User” means any individual who provides data to Customer and is included as an employee or representative with respect to Customer’s account;
- “Partner” means an individual who has facilitated the relationship between vMOX and Customer, and who may from time to time, with customer consent, access vMOX’s systems to review Customer data; and
- “Visitor” means an individual that visits www.vMOX.com.
Any information stored on vMOX’s platform is treated as confidential. All information is stored securely and is accessed by authorized personnel only. vMOX implements and maintains appropriate technical, security and organizational measures to protect Personal Data against unauthorized or unlawful processing and use, and against accidental loss, destruction, damage, theft or disclosure.
3. Collection and use
3.1 General. The following sections cover the specifics of each of the four groups from which data is collected: Visitors, Partners, End Users and Customers.
3.2 Visitors. If you are a Visitor to our website only, and not an End User or a user of our platform, then this section is relevant for you.
By visiting our website, you consent to the collection and use of your Personal Data as described herein. If you do not agree with the terms set out herein, please do not visit this website or otherwise provide us your Personal Data. If required by applicable law, we will seek your explicit consent to process Personal Data collected on this website or volunteered by you. Any consent you provide will be entirely voluntary. In the event, you do not grant us consent to process your Personal Data, the use of this website may not be possible.
vMOX gathers data about visits to the website, including number of Visitors, Geo-location data, length of time spent on the site, pages clicked on or where Visitors have come. vMOX uses the collected data to communicate with Visitors and to improve its website by analyzing how Visitors navigate its website, so it may also share such information with service vendors or contractors in order to provide a better Visitor experience.
3.3 Partners. Partners should be aware that by utilizing the vMOX platform, they could be disclosing information that could make their personal information available to vMOX. vMOX will collect Partner’s data for the purpose of enhancing its customer relationships, improving its Services and website experience, making payment to Partner when applicable, and to inform Partners of any updates regarding vMOX, via newsletters or other means of communication. Partners should be aware that they themselves are responsible for the content they disclose to vMOX. For more detailed information, Partners may contact vMOX at the address below.
3.4 End Users. End Users should be aware that by being employed by Customer, they have or could be disclosing Personal Data. The security and privacy protection implemented on vMOX’s platform covers this type of transfer or disclosure of Personal Data. Nonetheless, End Users providing any Personal Data to its employers should be aware that they are responsible for the uses of such Personal Data and have rights to withdraw their consent for us to process their Personal Data. End Users have a right to contact their employer or the Customer that is providing End User’s Personal Data. It is the Customer’s responsibility to ensure that collection and processing of data is done in accordance with applicable law. Therefore, vMOX will not process Personal Data of End Users for purposes or by means other than instructed by its Customers. If End Users wish to inquire about their Personal Data that may have been collected while vMOX provides Services to Customer, we recommend that you contact Customer that created or sent your Personal Data. For clarity, vMOX is a Processor with respect to End User Personal Data, so it does not control the Personal Data used or stored in its possession, but processes it on behalf of Customer.
3.5 Customers. In order to provide Services to Customers, vMOX needs to collect certain types of data. Most of this data may be deemed Personal Data that Customer collected from its End Users during its ordinary course of business. To be clear, data transferred to vMOX by Customers through direct or indirect means, remains the property of the Customer and will not be shared with a third party by vMOX without express consent from Customer.
3.5.1 Collection of Customer data. Upon Customer’s onboarding process and all throughout the engagement with vMOX, Customers provide data relating to Customer and its End Users, which may include names of employees, company name, email, business address, corporate provided mobile numbers, business telephone numbers, business e-mail, and other relevant data. This information is used by vMOX to identify the Customer and provide them with Services, support, surveys, mailings, sales and marketing actions, billing and to meet contractual obligations. vMOX does not sell, rent, or lease customer lists to third parties.
vMOX Customers can at any time access, create, edit, update or delete their contact details by logging in with their username and password to vMOX’s platform, provided employees of Customer have such permissions. vMOX Customers may create more user accounts with different privilege levels within their account. It is Customer’s responsibility to choose the level of access each user accessing Customer accounts should have. vMOX will not retain Customer data longer than is necessary to fulfill the purposes for which it was collected or as required by applicable laws or regulations. Notwithstanding, vMOX will expunge such data in accordance with its normal operating procedures with respect to data deletion.
3.5.2 Collection of End User data. For purposes of mobile device optimization End User Personal Data is provided by Customers, so it is the Customer’s responsibility to ensure that collection and processing of data is done in accordance with applicable law. vMOX will not process Personal Data for other purposes or by other means than instructed by its Customers.
The purpose of collecting End User Personal Data is necessary to the purpose of optimizing Customer’s telecom expenses. End User Personal Data is provided by Customer or is otherwise accessed directly by vMOX to reconcile End User’s telecom usage with Customer’s telecom invoices, since Customer is responsible for End User’s telecom expenses. vMOX uses relevant Personal Data to determine if Customer, on behalf of the End User was invoiced properly and whether Customer’s costs can somehow be reduced based on an analysis of usage charges. For these purposes, Personal Data may include, personal contact information such as name, business address, mobile number, email address, business contact details, country of where End User may access vMOX portal, and other sensitive Personal Data.
184.108.40.206 Collection of End User data in EEA. For Customers in the EEA, or for Customers providing Personal Data of End Users in the EEA, the Customer will be the “Controller”, as defined in the Directive and the GDPR. The purpose of processing will consequently be defined by vMOX’s Customer. If you or your organization are required under the European Union’s General Data Protection Regulation (GDPR) to enter into a contract, or other binding legal act under EU or Member State law, with your data processors, then you must review and accept vMOX’s Data Processing Agreement which governs the transfer of data from the EU to U.S.
3.6 Security. vMOX secures Personal Data from unauthorized access, use or disclosure. When Personal Data is transmitted to other websites, it is protected through the use of encryption, such as the Secure Sockets Layer (SSL) protocol.
3.7 Geographical location. vMOX’s data center that stores all collected information, whether Visitor, Partner, End User, Customer, is stored in secure hosting facilitates provided by Amazon Web Services located in the United States. No Personal Data is transmitted outside of the U.S, without the proper legal authorization documented by Data Processing Agreements. vMOX has a data processing agreement in place with Amazon Web Services, ensuring compliance with applicable law. All hosting is performed in accordance with the highest security regulations.
3.8 Processing in the European Economic Area (EEA). As of May 25, 2018, the GDPR (the Regulations (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data) is the prevailing EU law, and vMOX’s processing will take place in accordance with the GDPR.
3.9.1 What are Cookies? For modern websites to work according to visitors’ expectations, they need to collect certain basic information about visitors. To do this, site create small text files which are placed on visitor’s devices, these files are known as “Cookies”. Cookies are uniquely assigned to each visitor and can only be read by a web server in the domain that issued the Cookie to the visitor. Cookies cannot be used to run programs or deliver viruses to a visitor’s device. Cookies do various jobs which make the visitor’s experience of the internet much smoother and more interactive. For instance, Cookies are used to remember a user’s preferences on sites they visit often, to remember language preference and to help navigate between pages more efficiently. Much, though not all, of the data collected is anonymous, though some of it is designed to detect browsing patterns and approximate geographical location to improve the user experience.
3.9.3 We believe that the user experience of the website would be adversely affected if any users opt-out of the Cookies we use. Nonetheless, users may, at any time, opt-out and prevent the setting of Cookies through our website by means of a corresponding setting of the Internet browser used, and may thus permanently deny the setting of Cookies. Furthermore, already set Cookies may be deleted at any time via an Internet browser or other software programs. This is possible in all popular Internet browsers. If the user deactivates the setting of Cookies in the Internet browser used, not all functions of our website may be entirely usable.
3.9.4 Please be aware that while visiting our site, users can follow links to other sites that are beyond our sphere of influence. vMOX has no control over software, content, promotions, materials, information, goods or services available on these sites. We provide them for your convenience only and you follow them at your own risk because vMOX is not responsible for the content of these other sites. Further, you should be aware that any Personal Data you provide to these sites is no longer governed by this Policy.
3.10 Controller. With respect to obtaining Personal Data from receipt of resumés or receipt of inquiries through the vMOX website, vMOX acts as a Controller in these limited circumstances. vMOX will determine how and when to use such data for legitimate business purposes, including but not limited to research, marketing, and billing purposes.
With respect to End User Personal Data, the Customer will be the Controller in accordance with GDPR because Customer determines the purpose of processing End User Personal Data.
3.11 Processor. With respect to End User Personal Data, vMOX acts as a Processor and adheres to the GDPR. Consequently, vMOX processes all data provided by its Customers in accordance with applicable law. vMOX has adopted reasonable physical, technical and organizational safeguards which substantially mirror the EU safeguards against accidental, unauthorized or unlawful destruction, loss, alteration, disclosure, access, use or processing of the Customer’s data in vMOX’s possession. vMOX will promptly notify the Customer in the event of any known unauthorized access to, or use of, the Customer’s data.
4. Retention and Deletion
vMOX will retain data only as long as necessary to fulfill the purposes for which it was collected or as required by applicable laws or regulations.
For End User Personal Data, vMOX’s Customers have control of the purpose for collecting data, and the duration for which the Personal Data may be kept. Customers will therefore have the responsibility to request the deletion of data when required. When a Customer’s account is terminated, all Personal Data collected through the platform that remains active will be deleted, however such information may remain on back-up data for archival purposes. Upon your request to delete Personal Data, we will honor this request unless deleting that information prevents us from carrying out necessary business functions, including, but not limited to billing for our Services, calculating taxes, or conducting required internal audits, in which case we will delete the requested information in accordance with our data retention policy.
5. Acceptance of these Conditions
6. Our Legal Obligation to Disclose Personal Information
We will reveal an End User’s Personal Data without his/her prior permission only when we have reason to believe that the disclosure of this information is required to establish the identity of, to contact or to initiate legal proceedings against a person or persons who are suspected of infringing rights or property belonging to vMOX or to others who could be harmed by the user’s activities or of persons who could (deliberately or otherwise) transgress upon these rights and property. We are permitted to disclose personal information when we have good reason to believe that this is legally required.
7. vMOX’s Data Protection Officer
vMOX has a “Data Protection Officer” who is responsible for matters relating to privacy and data protection. This Data Protection Officer can be contacted at the following if you still have more questions or concerns about how we’re processing Personal Data.
125 Mineola Avenue, Suite 306
Roslyn Heights, NY 11577
Attn: Data Protection Officer
8. Further Information
If you have any further questions regarding the data vMOX collects, or how we use it, then please feel free to contact us at:
125 Mineola Avenue, Suite 306
Roslyn Heights, NY 11577
Attn: Legal Department