The core of vMOX’s services involve the processing of confidential and sensitive information, and/or Personal Data. Such processing requires vMOX to comply with applicable privacy and data protection laws. In particular, when vMOX processes Personal Data of EU citizens, vMOX has a duty to comply with the General Data Protection Regulation (GDPR) established by the EU. The GDPR requires companies to ensure that when Personal Data of EU citizens is transferred out of the EU, it is transferred to a recipient that will adequately protect the Personal Data. To fulfill this obligation, vMOX enters into the standard contractual clauses approved by the European Commission (Art. 46 GDPR) (“Standard Contractual Clauses”) because any company that is certified under these frameworks are deemed as having such adequate protection.
For the purposes of this Policy, vMOX distinguishes between the following categories of individuals that may have their information processed by vMOX:
- “Customer” means an entity which engages vMOX for mobile optimization services;
- “End User” means any individual who provides data to Customer and is included as an employee or representative with respect to Customer’s account with vMOX;
- “Partner” means an individual who has facilitated the relationship between vMOX and Customer, and who may from time to time, with Customer’s consent, access vMOX’s systems to review Customer data; and
- “Visitor” means an individual that visits www.vMOX.com.
vMOX provides mobile optimization services (“Services”) to its customers and utilizes an on-line portal to provide the results from such Services to its customers. All information stored on vMOX’s platform is treated as confidential, is stored securely, and is only accessed by authorized personnel. In compliance with the Standard Contractual Clauses, vMOX maintains appropriate technical, security, and organizational measures to protect Personal Data against unauthorized or unlawful processing and use, and against accidental loss, destruction, damage, theft or disclosure.
2. International Transfers (Standard Contractual Clauses)
2.1 Notice. To enable U.S. companies to provide an adequate level of protection for when Personal Data is transferred from the UK or Switzerland to the U.S.
Your Personal Data may be collected, transferred to and stored by us in the United States and by our affiliates and third parties disclosed above, that are based in other countries. Therefore, your Personal Data may be processed outside your jurisdiction, and in countries that may not provide for the same level of data protection as your jurisdiction. We ensure that the recipient of your Personal Data offers an adequate level of protection, by vMOX entering into the appropriate data processing agreements and/or standard contractual clauses for the transfer of data outside of the European Economic Area (EEA) as approved by the European Commission (Art. 46 GDPR).
Whether vMOX collects Personal Data of individuals directly or indirectly, this Policy will inform such individuals about the purposes for which it collects and uses Personal Data about them including any transfer to vMOX in the U.S., the identity of third parties acting as processors to which vMOX discloses such information, the purposes for which it does so, the means in which vMOX limits the use and disclosure of their Personal Data, and about the right of individuals to access their Personal Data. Notice will be provided to Customers or individuals as appropriate before vMOX uses the information for a purpose other than that for which it was originally collected or discloses it for the first time to a third party.
2.2 Choice. vMOX will offer individuals, whether directly or through the Controller of the Personal Data, as applicable, the opportunity to opt-out as to whether their Personal Data is (a) disclosed to a third party acting as a sub-processor, or (b) used to send emailed marketing collateral. vMOX will provide Controller and individuals, as applicable, with reasonable mechanisms to exercise their choices.
vMOX respects your privacy and has no desire to contact via email if you do not wish to hear from us. If, for any reason, you wish to cease receiving email messages from vMOX please send an email to email@example.com with a subject line of “Unsubscribe”, including any other details that will help us fulfill your request. Notwithstanding, in the event an individual opts out of receiving emails, vMOX retains and reserves the right to market to the individual using other marketing methods.
2.3 Accountability for Onward Transfer. vMOX will obtain assurances from authorized third parties that they will safeguard Personal Data consistent with this Policy and will transfer Personal Data only for limited and specific purposes. vMOX recognizes its responsibility and potential liability for onward transfers to unauthorized third parties. Where vMOX has knowledge that a third party is using or disclosing Personal Data in a manner contrary to this Policy, vMOX will take reasonable and appropriate steps to prevent, remediate or stop the use or disclosure. Sub-processors that vMOX engages for support services are found here.
2.4 Access. Upon request, vMOX will grant individuals reasonable access to Personal Data that it holds about them. In addition, vMOX will take reasonable steps to permit individuals, whether directly or through the Controller of the Personal Data, to correct, amend, or delete information that is demonstrated to be inaccurate or incomplete. vMOX may limit an individual’s access to Personal Data where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy or where the legitimate rights of persons other than the individual would be violated.
2.5 Security. vMOX will take reasonable and appropriate precautions to protect Personal Data in its possession from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the risks involved in the processing and the nature of the Personal Data.
2.6 Data Integrity and Purpose Limitation. vMOX will use Personal Data only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual. vMOX will take reasonable steps to ensure that Personal Data is relevant to its intended use, accurate, complete, and current.
2.7 Recourse, Enforcement and Liability. vMOX utilizes the self-assessment approach to assure its compliance with this Policy. vMOX periodically verifies that this Policy is accurate, comprehensive for the information intended to be covered, prominently displayed, completely implemented, and in conformity with applicable law. vMOX encourages interested persons to raise any concerns with it using the contact information below. vMOX will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Data.
3. Collection and use
3.1 General. The following sections cover the specifics of each of the four groups from which data is collected: Visitors, Partners, End Users and Customers.
3.2 Visitors. If you are a Visitor to our website only, and not an End User or a user of our platform, then this section is relevant for you.
By visiting our website, you consent to the collection and use of the Personal Data you provide as described herein. If you do not agree with the terms set out herein, please do not visit this website or otherwise provide us your Personal Data. If required by applicable law, we will seek your explicit consent to process Personal Data collected on this website or volunteered by you. Any consent you provide will be entirely voluntary. In the event, you do not grant us consent to process your Personal Data, the use of this website may not be possible.
vMOX gathers data about visits to the website, including number of Visitors, Geo-location data, length of time spent on the site, pages clicked on or where Visitors have come. vMOX uses the collected data to communicate with Visitors and to improve its website by analyzing how Visitors navigate its website, so it may also share such information with service vendors or contractors in order to provide a better Visitor experience.
3.3 Partners. Partners should be aware that by utilizing the vMOX platform, they could be disclosing information that could make their Personal Data available to vMOX. vMOX will collect Partner’s data for the purpose of enhancing its customer relationships, improving its Services and website experience, making payment to Partner when applicable, and to inform Partners of any updates regarding vMOX, via newsletters or other means of communication. Partners should be aware that they themselves are responsible for the content they disclose to vMOX. For more detailed information, Partners may contact vMOX at the address below.
3.4 End Users. End Users should be aware that by being employed by Customer, Customer may on its behalf disclose certain Personal Data of Employees. The security and privacy protection implemented on vMOX’s platform covers this type of transfer or disclosure of Personal Data. Nonetheless, End Users providing any Personal Data to its employers should be aware that the employee is responsible for the uses of such Personal Data and has the right to withdraw consent for us to process Personal Data. End Users have a right to contact their employer or the Customer that is providing End User’s Personal Data. It is the Customer’s responsibility to ensure that collection and processing of data is done in accordance with applicable law. Therefore, vMOX will not process Personal Data of End Users for purposes or by means other than instructed by its Customers. If you wish to inquire about your Personal Data that may have been collected while vMOX provides Services to your employer or to our Customer, we recommend that you contact the Customer that created or sent your Personal Data. For clarity, vMOX is a Processor with respect to End User Personal Data, so it does not control the Personal Data used or stored in its possession, but rather processes it on behalf of Customer.
If End User enters terms directly with vMOX for vMOX to provide Services, vMOX will limit disclosure of certain information (“Transaction Data”) to only third parties that facilitate the delivery of the Service.
End User agrees that vMOX may use Transaction Data for any lawful purpose. This includes using End User information, dates, transaction details, and other Transaction Data to provide analytics products and services as well as collecting and using Transaction Data aggregated with other merchants’ transaction data to provide End User, other merchants, and third-parties with analytic products and services.
In the course of providing Services, vMOX may collect information relating to activities on End User’s network, including network configuration, TCP/IP packet headers and contents, log files, malicious codes, and Trojan horses. vMOX retains the right to use this information or aggregations of this information, in addition to the Transaction Data described above, for any lawful purpose.
End User agrees that vMOX obtain relevant information from any applicable telecommunications provider End User utilizes, as necessary to investigate any allegation of fraud, suspected fraud or other actual or alleged wrongful act by End User in connection with the Services.
3.5 Customers. In order to provide Services to Customers, vMOX needs to collect certain types of data. Most of this data may be deemed Personal Data that Customer collected from its End Users during its ordinary course of business. To be clear, data transferred to vMOX by Customers through direct or indirect means, remains the property of the Customer and will not be shared with a third party by vMOX without express consent from Customer.
3.5.1 Collection of Customer data. Upon Customer’s onboarding process and all throughout the engagement with vMOX, Customers provide data relating to Customer and its End Users, which may include names of employees, company name, email, business address, corporate provided mobile numbers, business telephone numbers, business email, and other relevant data. This information is used by vMOX to identify the Customer and provide them with Services, support, surveys, mailings, sales and marketing actions, billing and to meet contractual obligations. vMOX does not sell, rent, or lease customer lists to third parties.
vMOX Customers may at any time access, create, edit, update or delete their contact details by logging in with their username and password to vMOX’s platform, provided employees of Customer have such permissions. vMOX Customers may create more user accounts with different privilege levels within their account. It is Customer’s responsibility to choose the level of access each user accessing Customer accounts should have. vMOX will not retain Customer data longer than is necessary to fulfill the legitimate interests of vMOX, which includes, but is not limited to vMOX’s marketing initiatives. Notwithstanding, vMOX will expunge such data in accordance with its normal operating procedures with respect to data deletion.
3.5.2 Collection of End User data. For purposes of mobile device optimization End User Personal Data used is provided by Customers, so it is the Customer’s responsibility to ensure that collection and processing of data is done in accordance with applicable law. vMOX will not process Personal Data for other purposes or by other means than instructed by its Customers.
The purpose of collecting End User Personal Data is necessary to the purpose of optimizing Customer’s telecom expenses. End User Personal Data is utilized by vMOX to reconcile End User’s telecom usage with Customer’s telecom invoices to determine if Customer, on behalf of the End User was invoiced properly by the telecom providers and whether Customer’s costs can somehow be reduced based on an analysis of usage charges. For these purposes, Personal Data may include, personal contact information such as name, business address, mobile number, email address, business contact details, country of where End User may access vMOX portal, and other sensitive Personal Data.
22.214.171.124 Collection of End User data in EEA or Switzerland. For Customers in the EEA or Switzerland, or for Customers providing Personal Data of End Users who are citizens of the EEA, or Switzerland, the Customer will be the “Controller”, as defined in the Directive and the GDPR. The purpose of processing will consequently be defined by vMOX’s Customer. If you or your organization are required under GDPR to enter into a contract, or other binding legal act under EU or Member State law, with your data processors, then you must review and accept vMOX’s Data Processing Agreement which governs the transfer of data from the E.U. to U.S and from Switzerland to the U.S.
3.6 Security. vMOX secures Personal Data from unauthorized access, use or disclosure. When Personal Data is transmitted to other websites, it is protected through the use of encryption, such as the Secure Sockets Layer (SSL) protocol.
3.7 Geographical location. vMOX’s data center that stores all collected information, whether Visitor, Partner, End User, Customer, is stored in secure hosting facilities provided by Amazon Web Services located in the United States. No Personal Data is transmitted outside of the U.S, without the proper legal authorization documented by Data Processing Agreements. vMOX has a data processing agreement in place with Amazon Web Services, ensuring compliance with applicable law. All hosting is performed in accordance with the highest security regulations.
3.8 Processing in the EEA and Switzerland. The GDPR (the Regulations (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data) is the prevailing EU law.
3.9.1 What are Cookies? For modern websites to work according to visitors’ expectations, they need to collect certain basic information about visitors. To do this, sites create small text files which are placed on visitor’s devices, these files are known as “Cookies”. Cookies are uniquely assigned to each visitor and can only be read by a web server in the domain that issued the Cookie to the visitor. Cookies cannot be used to run programs or deliver viruses to a visitor’s device. Cookies do various jobs which make the visitor’s experience of the internet much smoother and more interactive by remembering a user’s preferences and helping navigate between pages more efficiently. Much, though not all, of the data collected is anonymously, though some of it is designed to detect browsing patterns and approximate geographical location to improve the user experience.
3.9.3 We believe that the user experience of the website would be adversely affected if any users opt-out of the Cookies we use. Nonetheless, users may, at any time, opt-out and prevent the setting of Cookies through our website by means of a corresponding setting of the Internet browser used, and may thus permanently deny the setting of Cookies. Furthermore, already set Cookies may be deleted at any time via an Internet browser or other software programs. This is possible in all popular Internet browsers. If you deactivate the setting of Cookies in the Internet browser used, not all functions of our website may be entirely usable.
3.9.4 Please be aware that while visiting our site, users can follow links to other sites that are beyond our sphere of influence. vMOX has no control over software, content, promotions, materials, information, goods or services available on these sites. We provide them for your convenience only and you follow them at your own risk because vMOX is not responsible for the content of these other sites. Further, you should be aware that any Personal Data you provide to these sites is no longer governed by this Policy.
3.10 Controller. If you submit Personal Data in conjunction with a resumé or inquiry through the vMOX website, vMOX acts as a Controller in these limited circumstances. Therefore, vMOX will determine how and when to use such data for legitimate business purposes, including, but not limited to research, marketing, and billing purposes.
With respect to End User Personal Data, Customer will be the Controller in accordance with the GDPR because Customer determines the purpose and means of processing End User Personal Data (i.e. provides the Processor instructions as to how and to what extent it can process).
3.11 Processor. With respect to End User Personal Data, vMOX is the Processor and adheres to the GDPR. vMOX only processes all data in accordance with Controller’s instructions and in accordance with applicable law. vMOX has adopted reasonable physical, technical and organizational safeguards which substantially mirror the EU safeguards against accidental, unauthorized or unlawful destruction, loss, alteration, disclosure, access, use or processing of the Customer’s data in vMOX’s possession. vMOX will promptly notify the Customer in the event of any known unauthorized access to, or use of, the Customer’s data.
4. Retention and Deletion
vMOX will retain data only as long as necessary to fulfill the legitimate purposes for which it was collected or as required by applicable laws or regulations.
For End User Personal Data, vMOX’s Customers have control of the purpose for collecting data, and the duration for which the Personal Data may be kept. Customers will therefore have the responsibility to request the deletion of data when required. When a Customer’s account is terminated, all Personal Data collected through the platform that remains active will be deleted, however such information may remain on back-up data for archival purposes. Upon your request to delete Personal Data, we will honor this request unless deleting that information prevents us from carrying out necessary business functions, including, but not limited to billing for our Services, calculating taxes, or conducting required internal audits, in which case we will delete the requested information in accordance with our data retention policy.
5. Acceptance of these Conditions
6. Our Legal Obligation to Disclose Personal Information
We will reveal an End User’s Personal Data without his/her prior permission only when we have reason to believe disclosure of this information is required to establish the identity of, to contact or to initiate legal proceedings against a person or persons who are suspected of infringing rights or property belonging to vMOX or to others who could be harmed by the user’s activities or of persons who could (deliberately or otherwise) transgress upon these rights and property. We are permitted to disclose Personal Data when we have good reason to believe that this is legally required.
7. vMOX’s Data Protection Officer
vMOX has a Data Protection Officer who can be contacted if you have questions or concerns about how we’re processing your Personal Data.
8. Further Information
If you have further questions regarding the data vMOX collects, or how we use it, please feel free to contact us at:
2 Seaview Blvd., Suite 104
Port Washington, NY 11050
Attn: Chief Privacy Officer
last updated: August 2022
For purposes of this section "Personal Information" has the meaning given in the California Consumer Privacy Act Cal. Civ. Code § 1798.100 et seq., and its implementing regulations (“CCPA”).
How vMOX Collects, Uses, and Shares your Personal Information
vMOX has collected the following statutory categories of Personal Information in the past twelve (12) months if you are a Visitor:
- Identifiers, such as name, e-mail address, mailing address, and phone number. vMOX collects this information directly from you or from third party sources.
- Geolocation data, such as IP address. We collect this information from your device.
vMOX has collected the following statutory categories of Personal Information if you are an employee of a vMOX customer:
- mobile numbers, bulk usage data, number of minutes, number of message, the amount of data used collectively, employee ID assigned by company (may be email in some cases or an HR record ID), employee first, middle and last name, employee company email address, employee shipping address (business or home if employee asks for device to be shipped to residence), employee business phone number, employee department name, employee’s managers name, employee’s job title, employee cost center, employee device make, model, IMEI and serial number, carrier plans assigned to employees’ lines of service for voice, data, text, international and features, whether or not employee is considered a VIP or not;, employee’s admin for delegated request management, employee security profile information including rights and access to vMOX data, audio recordings of employee calls into the help desk, employee employment status (active, on leave, or terminated).
- Other personal information, in instances when you interact with vMOX online, by phone or mail in the context of receiving help through our help desks or other support channels; participation in customer surveys or contests; or in providing the Subscription Service.
Your California Rights
You have certain rights regarding the Personal Information vMOX collects or maintains about you. Please note these rights are not absolute, and there may be cases when vMOX declines your request as permitted by law.
The right of access means that you have the right to request vMOX to disclose what Personal Information vMOX has collected, used and disclosed about you in the past 12 months.
The right of deletion means that you have the right to request vMOX to delete Personal Information collected or maintained by us, subject to certain exceptions.
The right to non-discrimination means that you will not receive any discriminatory treatment when you exercise one of your privacy rights.
vMOX does not sell Personal Information to third parties (pursuant to California Civil Code §§ 1798.100–1798.199, also known as the California Consumer Privacy Act of 2018).
How to Exercise your California Rights
You can exercise your rights yourself or you can alternatively designate an authorized agent to exercise these rights on your behalf. Please note that to protect your Personal Information, vMOX will verify your identity by a method appropriate to the type of request you are making. We may also request that your authorized agent have written permission from you to make requests on your behalf, and we may also need to verify your authorized agent's identity to protect your Personal Information.
Please use the contact details below, if you would like to:
- Access this policy in an alternative format;
- Exercise your rights;
- Learn more about your rights or our privacy practices; or
- Designate an authorized agent to make a request on your behalf.