Privacy Policy

DATA SET	PURPOSE AND OPERATIONS	LAWFUL BASIS
Contacting Us, Requesting a Quote or Booking a Demos If you voluntarily contact us for your interest in our services (for general inquiries or otherwise to receive a quote, “Starting a Free Trial”, booking a demo), for support, or for any other inquiry, including through any digital form  made available by us on the Website (e.g., “Contact Us”, or “Chat With Support”, request for a quote, etc.) you will be required to provide us with certain information such as your name, email address, phone number, company, country, referral subject and other related data (“Contact Communications”).  If you are contacting us on behalf of another person, we value your assistance and care for others, but please note that it is your responsibility to make sure that any person whose Personal Data you provide is aware of the principles of this Privacy Policy and agrees that you will provide Personal Data to us on this basis.	We will use Contact Communications data to respond to your inquiry, including contacting you to provide you with the quote you have requested, schedule the demo, set up the free trial, or to provide you with information regarding our services. In addition, we may process Contact Communications data to send you additional occasional communications and updates related to our services, promotional and marketing emails (“Direct Marketing”). We may further process the content of our correspondence to improve our customer service, and if we believe it is required to provide you with any further assistance or to handle any dispute you might have with us (if applicable). We will collect the Contact Communications data, store it in our data systems, such as CRM or enterprise email, analyze it, provide access to our relevant staff members, and keep records of our correspondence as part of our business records keeping.	If you are not our Customer (e.g., you are a Visitor of our Website or anyone interested in our services), we will process Contact Communications data subject to our legitimate interest.  If you are an actual Customer of our services contacting us for support or any similar inquiry, we will process your Contact Communications data for the purpose of performing the contract between us – providing you with our services.  Direct Marketing is based on our legitimate interest, you may opt-out at any time through the “unsubscribe” link within the email or by contacting us directly. If you unsubscribe, we will further retain your email address, however solely as part of our internal suppression file to ensure we comply with such preference and choice, based on our legitimate interest. After addressing your inquiry, we may retain your Contact Communications data in our systems as part of our business records-keeping under our legitimate interest.
Accessing our Services The Website contains a “Login” or “Billing Portal” button allowing Customers to access our service’s web-interfaces. In addition, our Customers may upload certain data to their account such as their authorized representatives’ name, job title, email address, phone number, and other similar contact information (including usernames, and other authentication and security credential information) (“User Account Data”).	We will use and process your User Account Data in order to designate your account and verify your identity through the username and password you have provided, monitor your activity through our security measures and tools, and manage your account within the relevant product. We will further use and process your User Account Data in order to provide you with better services, understand your needs and adjust our services to your needs and preferences. Note that, for such purpose, as a Customer, we may connect your data collected on the Website to your User Account Data. We may further process the email addresses provided as part of the User Account Data for Direct Marketing purposes.	We will process your User Account Data for the purpose of performing the contract between us and as per our legitimate interest when it is related to improving our services as well as protecting, and ensuring the security of, our systems.  ** please note that any use of our services is also subject to the separate agreement(s) between us and our relevant Customer with whom we engaged to allow the use of our products and services (“Account Owner”). Direct Marketing is based on our legitimate interest, you may opt-out at any time through the “unsubscribe” link within the email or by contacting us directly. If you unsubscribe, we will further retain your email address, however solely as part of our internal suppression file to ensure we comply with such preference and choice, based on our legitimate interest.
Subscribing to our Mailing lists &events In the event you sign up to receive our newsletter or marketing materials or any other marketing event ("Marketing Materials"), you will be requested to provide your contact details, such as email address.	We will collect and store your email address and additional data provided through the sign-up process to send you our newsletter and other Marketing Materials you have signed up to receive. We may further collect data related to your interaction with such Marketing Materials, for statistical analysis and to assess the performance of our campaigns, and for example, to understand how many users opened our emails, and to improve our content.	We process such Personal Data subject to your consent.  You may withdraw consent at any time through the “unsubscribe” link within any email sent to you or by contacting us directly. If you unsubscribe, we will further retain your email address, however solely as part of our internal suppression file to ensure we comply with such preference and choice, based on our legitimate interest.
Call records When contacting our customer support or when our sales team contacts you, (including when contacting you following submission of a contact us form, requesting a demo, etc.), we record the call (“Call Records”) and, in certain cases, transcript the call.	We use such Call Records and the transcript in order manage, measure and improve our sales efforts and customer support service. We further use the transcript to summarize the call,  to assist us in improving our customer service and to offer you additional support or offers following the call and based on the call content. The transcripts may be analyzed by a team member or by AI tools which we license. We make sure to use the AI tools that do not use the inputs (i.e., transcripts) for learning purposes, and commit to delete the inputs or outputs within 30 days.	Where required under applicable laws, we will process Call Records and use the transcripts subject to your consent which will be obtained at the beginning of our conversation. In all other cases, we will process Call Records and transcripts subject to our legitimate interest.
Recruitment Information In the event you apply for a job, we will collect your resume as uploaded by you, including your name, email address, phone number, information regarding your education and skills, employment history, and your photo (all - to the extent provided by you). Also, where allowed or required by law, we may process diversity and inclusion data regarding your candidacy, such as ethnicity, gender, or any disability. In addition, we may collect further information from public and online sources, and former employers and combine such data with your other data (all together “Recruitment Data”).  Further, we may receive information from third parties, such as recruiting agencies, about candidates interested in working with us. In such cases, we rely on the agreements we have with the third parties for obtaining your information.	We will process such Recruitment Data as part of our recruitment and screening efforts to decide whether you suit a position in the company.  Also, sometimes we will process your Recruitment Data to enable us to comply with corporate governance and legal and regulatory requirements.  After completing the recruitment process, we will retain the Recruitment Data as part of our internal record-keeping, including for legal defense from any future claim.  If we hire you, your Recruitment Data may be used in connection with your employment and our corporate management. We will keep your Recruitment Data, analyze it, store it in our systems, use it to contact you for further recruitment steps (e.g., interview) and keep records of our interaction with you.	We process such Recruitment Data subject to our legitimate interest. In some cases, for example, where we ask you to provide health related data or diversity and inclusion data, we will process your data based upon your consent.   You may always withdraw consent at any time by contacting us. We will retain your Recruitment Data for record-keeping and future defense from legal claims under our legitimate interest.
Online Identifiers and Usage Data We use third-party cookies and similar tracking technologies (tags, pixels, etc.) on the Website. As further detailed under the Cookies Usage section below, these cookies assist us with improving and protecting our systems and services, as well as being used for our marketing and advertising purposes. The Personal Data processed through our use of such cookies and similar technologies may include online identifiers, a cookie ID, IP address, etc., alongside the relevant data regarding your usage of the Website (e.g., date and time of usage, pages visited and actions such as the content/buttons you click, referrer webpage, user agent, etc.) (collectively “Website Interactions Data”)	We will use Website Interactions Data (collected directly or through the use of third-party cookies and technologies) to improve our Website, content and services, for analytic, marketing and advertising purposes. We will aggregate and analyze the data to produce insights regarding your usage and your suitability for our services as a potential customer or contact point, as well as to measure effectiveness of our features, content and marketing campaigns. We will use this data and insights as part of our marketing efforts, including remarketing to individuals who have accessed our Website. In addition, we process such Website Interactions Data for operation, Website functionality, security and fraud prevention purposes, debugging purposes and to resolve technical problems.	Other cookies data, including any targeting and marketing cookies, will be subject to a proper disclosure or consent mechanism (subject to applicable Privacy Legislation), provided through the cookie banner on our Website. You can change your preferences at any time through the Cookies Setting tool available on our Website For more information regarding cookies, see the “Cookies Usage” section below.

Please note that the actual processing operation per each purpose of use and lawful basis detailed in the table above may differ. Such processing operation usually includes a set of operations, made by automated means, such as collection, storage, use, disclosure by transmission, erasure, or destruction. Transfer of Personal Data to third-party countries, as further detailed in the “International Data Transfer” Section below, is based on the same lawful basis as stipulated in the table above. 

In addition, we may use certain Personal Data to prevent potentially prohibited or illegal activities, fraud, misappropriation, infringements, identity thefts, and any other misuse of our service, as well as to protect the security or integrity of our databases and Website, and to take precautions against legal liability. Such processing is based on our legitimate interests. 

4. COOKIES USAGE

We use “cookies” (or similar tracking technologies such as pixels and tags) when you access and use our Website. The use of cookies is a standard industry-wide practice. A “cookie” is a small piece of information that a website assigns and stores on your browser or device while you are viewing a website. Cookies are used for various purposes, and mainly, as follows: 

Essential/Strictly Necessary Cookies – which are strictly necessary for the Website to work correctly.

Functional Cookies – allows for enhanced functionality such as saving your language preference and enabling you to navigate between pages more efficiently.

Targeting/Marketing Cookies - used to collect information to help us improve marketing campaigns as well as to serve targeted advertisements. 

Social Media Cookies - Social Plug-In Cookies (e.g., Facebook, Twitter, LinkedIn, etc.) enabling social media features such as log-in, sharing content, etc., as well as marketing and targeting campaigns. 

Analytics/Performance Cookies - give us aggregated and statistical information regarding the usage of our Website (for example pages views, etc.) to improve the services and further develop them.

Some cookies are stored only temporarily during a browsing session and are deleted from your device when you close the browser – known as “session” cookies, and some are required to have a longer expiration data – known as “persistent” cookies and are usually used to save your preferences, log-in, etc. In addition, the cookies we use include our cookies (usually essential and functionality cookies) - known as “first party cookies”, and cookies on behalf of our service providers and other marketing partners - known as “third party cookies.”

The cookies we use on our website are listed under our Cookies List, where you can further change your preferences, and restrict data collection by certain cookies by using our Cookie Setting tool available on the Website, provided however that strictly necessary cookies cannot be rejected.

In addition – if you wish to manage your preferences or opt-out of cookies –most browsers will allow you to remove cookies, block acceptance of cookies, or receive a warning before a cookie is stored. Please refer to the support page of your browser to learn more about how you can adjust your privacy and security settings. 

For additional information of our use of Google products, click HERE.

Please note that once you choose to opt out of or disable cookies, some features of the services may not operate properly and your online experience may be limited. In addition, even if you do opt-out, you may still receive some content and advertising, however, it will not be targeted content or advertising. 

5. METHODS FOR COLLECTING YOUR DATA

According to the nature of your interaction with our Website and services available therein, we may collect information as follows:

Provided by you voluntarily – we will collect information if and when you choose to provide us with information, such as completing any contact form. 

Provided by your admin as a Customer of any of our products and services – if you are a user of our services, some of your data, including data related to your User Account Data, may be provided to us through your admin., i.e., the relevant Account Owner.  

Automatically – we may use cookies and similar tracking technologies (as elaborated in the “Cookies Usage” Section above) to gather some information automatically when you access the Website. 

Provided to us by third parties – as part of our digital marketing efforts as described above.  

6. DATA SHARING– CATEGORIES OF RECIPIENTS WE SHARE PERSONAL DATA WITH

We share your data with third parties, including with trusted partners or service providers that help us operate our Website, provide our services and other business practices (such as marketing, etc.). Below you can find information about the categories of such third-party recipients. 

CATEGORY OF RECIPIENT	DATA THAT WILL BE SHARED	PURPOSE OF SHARING
N2P Group	All types of Personal Data	We may disclose some of our Customer’s Personal Data with our affiliated companies (in the N2P Group, to allow us to manage our business as a global group. Your data will always be managed under strict procedures and processes ensuring it is being taken care of as required under law and with great respect to your privacy and rights.
Trusted Agents and Service Providers	All types of Personal Data	We may disclose Personal Data to our trusted agents and service providers (including, but not limited to, our cloud service provider, our analytics service provider, our CRM provider, etc.) so that they can perform the requested services on our behalf. These entities are prohibited from using your Personal Data for any purposes other than providing us with requested services.
Any acquirer of our business	All types of Personal Data	We may share Personal Data in the event of a corporate transaction (e.g., sale of a substantial part of our business, merger, consolidation or asset sale). In the event of the above, our affiliated companies or acquiring company will assume the rights and obligations as described in this Privacy Policy.
Legal and law enforcement	Subject to law enforcement authority request	We may disclose certain Personal Data to law enforcement, governmental agencies, regulatory authorities, traceback requestors or other authorized third parties, in response to a request relating to terror acts, criminal investigations or alleged illegal activity or any other activity that may expose us, you, or any other user to legal liability, and solely to the extent necessary to comply with such purpose.

 

Where we share information as set forth above, we ensure they only have access to such information that is strictly necessary. Our service providers, agents, and affiliated companies are further required to secure the data they receive and to use the data for pre-agreed purposes only, while ensuring compliance with all applicable data protection regulations (such service providers may use other non-personal data for their own benefit).

7. INTERNATIONAL DATA TRANSFERS

The Company’s headquarters is based in Newark New Jersey, USA, and we operate from few separate worldwide sites in which we may access the information stored on servers or other systems such as the Company’s ERP, CRM, and other systems. In the event that we need to transfer your Personal Data out of your jurisdiction, we will take appropriate measures to ensure that your Personal Data receives an adequate level of protection as required under applicable law.

Furthermore, when Personal Data that is collected within the European Economic Area ("EEA") or the UK is transferred outside of these territories to a country that has not received an adequacy decision from the European Commission, we will take necessary steps in order to ensure that sufficient safeguards are provided during the transferring of such Personal Data, in accordance with the provision of the standard contractual clauses approved by the European Union or other approved mechanism. Thus, we will obtain contractual commitments and or assurances from the data importer to protect your Personal Data, using contractual protections that EEA and UK regulators have pre-approved to ensure your data is protected (known as standard contract clauses), or rely on adequacy decisions issued by the European Commission. 

8. RETENTION

In general, we retain the Personal Data we collect for as long as it remains necessary for the purposes set forth above, all under the applicable regulations, or until you express your preference to opt out, where applicable.

The criteria used by us to determine our retention periods are as follows:

We retain Personal Data for the periods needed in order to achieve the purpose for which Personal Data was collected. For example, Contact Communications data will be retained, at least as long as necessary to address your inquiry.

We retain Personal Data for the periods needed in order to comply with our obligations under applicable laws. For example, transactional data may be kept for up to seven years and sometimes more, in accordance with our bookkeeping obligations.

If you have a dispute with us, we may retain certain types of Personal Data as necessary and as applicable to your claims, including any legal proceedings between us, until such dispute is resolved, and following, if we find it necessary, in accordance with applicable statutory limitation periods. In addition, in the event you request to exercise your rights, we will maintain the relevant correspondence for as long as needed to demonstrate compliance.

At our sole discretion, we may rectify or erase information from our systems without prior notice to you, once we deem it no longer necessary for such purposes.

9. SECURITY

We work hard to protect Personal Data we process from unauthorized access or unauthorized alteration, disclosure or destruction. We have implemented physical, technical and administrative security measures for the Website and our systems storing Personal Data that comply with applicable laws and industry such as: encryption using SSL, we minimize amount of data that we store on our servers, restrict access to Personal Data to our employees, contractors and agents, etc. Note that we cannot be held responsible for unauthorized or unintended access that is beyond our control, and we make no warranty, express, implied or otherwise, that we will always be able to prevent such access.

Please contact us if you feel that your privacy was not dealt with properly, in a way that was in breach of our Privacy Policy, or if you become aware of a third party's attempt to gain unauthorized access to any of your Personal Data. We will make a reasonable effort to notify you and the appropriate authorities (if required by applicable law) in the event that we discover a security incident related to your Personal Data.

10. CHILDREN

Our Website and services are not intended for use by children (the phrase "child" shall mean an individual that is under the age defined by applicable law which with respect to the EEA is under the age of 16 and with respect to the US, under the age of 13) and we do not knowingly process children’s information. We will discard any information that we receive from a user that is considered a "child" immediately upon our discovery that such a user shared information with us. Please contact us promptly if you have reason to believe that a child has shared any information.

11. YOUR RIGHTS

Individuals have certain rights under applicable privacy laws concerning their Personal Data.

In the table below you can the rights that may apply to (subject to your jurisdiction and additional conditions), how you can exercise them and appeal a decision we take in this regard: 

RIGHT TO BE INFORMED	You have the right to be provided with information regarding our Personal Data collection and privacy practices. All is detailed under this Privacy Policy. If you have any additional questions, please contact us at: Privacy@net2phone.com.
RIGHT TO KNOW, ACCESS RIGHTS	You have the right to confirm whether we collect Personal Data about you and to know which Personal Data we specifically hold about you, and receive a copy of such or access it. If you wish to exercise these rights, please contact us at Privacy@net2phone.com. You do not need to create an account with us to submit such request.
RIGHT TO CORRECTION/ RECTIFICATION	You have the right to request the updating of Personal Data that is not correct, taking into account the nature of the processing and the purposes. At any time, you may correct certain Personal Data included in the Customer Account information by logging in to your account. Otherwise, if you wish to exercise these rights, please contact us at Privacy@net2phone.com
RIGHT TO BE FORGOTTEN, RIGHT TO DELETION	You have the right to request the erasure of certain Personal Data if specific conditions are satisfied. This right is not absolute. We may reject your request under certain circumstances, including where we must retain the data in order to comply with legal obligations or defend against legal claims, other legitimate interests such as record keeping with regards to our Customers’ data, completing the transaction for which we collected the Personal Data, providing a good or service that you requested, taking actions reasonably anticipated within the context of our ongoing business relationship with you, fulfilling the terms of a written warranty, detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, or prosecuting those responsible for such activities; debugging products to identify and repair errors that impair existing intended functionality; exercising free speech, ensuring the right of another consumer to exercise their free speech rights, or exercising another right provided for by law; and engaging in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent. If you wish to exercise these rights, please contact us at Privacy@net2phone.com. You do not need to create an account with us to submit a deletion request.
RIGHT TO RESTRICTION OF PROCESSING	You may be entitled to limit the purposes for which we process your Personal Data if one of the following conditions are satisfied: where the accuracy of the Personal Data is contested by you, for a period enabling  us to verify the accuracy of the Personal Data; where the processing is unlawful and you oppose the erasure of the Personal Data and request the restriction of its use instead; where we no longer need the Personal Data for the purposes of the processing, but we are required by you to retain it for the establishment, exercise or defense of legal claims; where you objected to processing (as detailed below) pending the verification whether our legitimate grounds override your request. If you wish to exercise these rights, please contact us at Privacy@net2phone.com
RIGHT TO DATA PORTABILITY	You have the right to get a copy of your Personal Data in a portable format and, to the extent technically feasible, readily usable format that allows you to transmit the Personal Data to another entity without hindrance. We will select the format in which we provide your copy. If you wish to exercise this right, please contact us at Privacy@net2phone.com
RIGHT TO WITHDRAW CONSENT OR OPT-OUT (OBJECT) UNDER  THE GDPR, AND SPECIFICALLY IN THE US THE RIGHT TO OPT OUT FROM:  (I) SELLING PERSONAL DATA;  (II) TARGETED ADVERTISING; AND  (III) PROFILING AND AUTOMATED DECISION MAKING	When the lawful basis for processing your Personal Data is your consent, you may withdraw such consent at any time. For example, you may unsubscribe at any time from our mailing list. You further have the right to object to the processing of Personal Data, in the event the basis for processing is our legitimate interests. However, we will be permitted to continue the processing if our legitimate interests override your rights, or when processing is necessary to establish, exercise, or defend a legal claim or right. You have the right to opt-out from Direct Marketing, if applicable, by unsubscribing through the email received. We do not profile you in a manner that has a significant effect on you or other consumers, therefore there isn’t an opt-out option. We do not “sell” or “share” information as most people would commonly understand that term. We do not, and will not, disclose your Personal Data in direct exchange for money or some other form of payment; however, we do share Personal Data for analytic and marketing purposes, including targeted advertising, when we promote our Website or products. In most cases we obtain Personal Data collected automatically from our Website and your actions therein through our use of cookies, and do not combine it with your actions on other websites, however, our third-party partners might do so, when providing analytic or advertising services to us.  You have the right to opt-out of the “selling” or “sharing” of your Personal Data for “cross-contextual behavioral advertising”, or “targeted advertising”, often referred to as “interest-based advertising” as well. You can exercise these rights by clicking the "do not sell or share my personal information" button through the Cookie Settings tool available on our Website. You are able to install privacy-controls in the browser's settings to automatically signal the opt-out preference to all websites you visit (such as the “Global Privacy Control”). We honor the Global Privacy Control as a valid request to opt-out of the sharing of information linked to your browser.  In any event, please keep in mind that opt-out tools are limited to the browser or device you use because they work off your browser ID and device ID and, accordingly, you will need to opt-out on each browser and device you use. Your browser may save some information in its cookies and cache to maintain your privacy preferences. Clearing these may remove opt-out preferences, requiring you to opt-out again.
RIGHT TO APPEAL OR LODGE COMPLAINT	If we decline to take action on your request, we will inform you without undue delay as required under applicable laws. The notification will include a justification for declining to take action and instructions on how you may appeal, if applicable. Under the GDPR you have the right to lodge a complaint with the applicable Data Protection Authority in the EU or the Information Commissioner in the UK.
NON-DISCRIMINATION	Denying a good or service, providing a different level or quality of service, or charging different prices. We do not discriminate against our Visitors or Customers, but we reserve the right to deny a good or service, provide a different level or quality of service, or charge different prices, all subject to applicable laws.

 

Below are jurisdiction specifications on how and if the rights below apply to you, depending on your residency and how to exercise your rights. Where we are not able to provide you with the information which you have requested, we will endeavor to explain the reasoning for this and inform you of your rights, including the right to complain to the relevant supervisory authority. We reserve the right to ask for reasonable evidence to verify your identity before providing you with any such information per applicable law.

12. ADDITIONAL NOTICE TO CALIFORNIA RESIDENTS

This section applies only to California residents. Pursuant to the California Consumer Privacy Act of 2018 (“CCPA”) effective November 2020, and as amended by the CPRA, effective January 1, 2023.

Please see the CCPA Privacy Notice which discloses the categories of personal information collected, purpose of processing, source, categories of recipients with whom the personal information is shared for a business purpose, whether the personal information is sole or shared, the retention period, and how to exercise your rights as a California resident.

13. ADDITIONAL NOTICE TO COLORADO RESIDENTS

This section applies to Colorado residents acting only as an individual or household context (and not in a commercial or employment context, as a job applicant or as a beneficiary of someone acting in an employment context). Pursuant to the Colorado Privacy Act (“CPA”) please see below the disclosure of the categories of Personal Data that are collected or processed, the purposes, how consumers can exercise their rights, and appeal such decision, categories of third parties, we, as the controller, share or sell the Personal Data for advertising and how to opt-out.

“Personal Data” under the CPA means information that is linked or reasonably linkable to an identified or identifiable individual and does not include publicly available information that is lawfully made available from government records, or that a consumer has otherwise made available to the public; de-identified or aggregated consumer information; or information excluded from the CPA scope, such as: Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPPA) or 42 CFR Part 2- “Confidentiality Of Substance Use Disorder Patient Records”, Personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or and the Driver’s Privacy Protection Act of 1994, Children’s Online Policy Protection Act of 1998 (COPPA), Family Educational Rights and Privacy Act of 1974, national Security Exchange Act of 1934, higher education data and employment data.

“Sensitive Data” under the CPA means: racial or ethnic origin, religious beliefs, mental or physical health condition or diagnosis, sex life or sexual orientation; genetic or biometric data that can be processed to uniquely identify an individual; or child data.  We do not process Sensitive Data. 

In Section 3 of this Privacy Policy “THE DATA WE COLLECT AND ITS PURPOSES”, we describe our collection and processing of Personal Data, the categories of Personal Data that are collected or processed, and the purposes for which Personal Data is processed, stored or used. We will not collect additional categories of Personal Data or use the Personal Data we collected for a materially different, unrelated, or incompatible purpose without obtaining your consent. Additionally, Section 6 of this Privacy Policy “DATA SHARING– CATEGORIES OF RECIPIENTS WE SHARE PERSONAL DATA WITH” details and discloses the categories of third-parties we share Personal Data with for business purposes. Section 11 of this Privacy Policy “YOUR RIGHTS” details and discloses your rights, including where shared or sold for targeted advertising.

Only you, or someone legally authorized to act on your behalf, may make a request to know or delete your Personal Data. If the request is submitted by someone other than you, proof of authorization (such as power of attorney or probate documents) will be required. 

We will respond to a verifiable request within 45 days after receipt (no more than twice in a twelve-month period). We reserve the right to extend the response time by an additional 45 days when reasonably necessary and we will provide a notification of the extension within the first 45 days. If we refuse to take action, you may appeal our decision within a reasonable period time by sending us an applicable notice at: Privacy@net2phone.com. Within 60 days of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to your appeal, including a written explanation of the reasons for our decisions. If the appeal is denied, you may submit a complaint as follows: Colorado AG at https://coag.gov/file-complaint/ 

If you have a Customer Account with us, we may deliver our written response to that Customer Account or via email (at our discretion). Otherwise, we will deliver our written response by mail or electronically, at your option. You do not need to create a Customer Account for submitting a request.

Any disclosures we provide will only cover the 12-month period preceding our receipt of your request.

14. ADDITIONAL NOTICE TO VIRGINIA RESIDENTS 

Under the Virginia Consumer Data Protection Act, as amended (“VCDPA”) if you are a resident of Virginia acting in an individual or household context (and not in an employment or commercial context), you have certain rights with respect to your Personal Data as described below.

"Personal Data" under the VCDPA means any information that is linked or reasonably linkable to an identified or identifiable natural person, and does not include publicly available information that is lawfully made available from government records, that a consumer has otherwise made available to the public; de-identified or aggregated consumer information; Information excluded from the VCDPA scope, such as: HIPAA, GBPA, non-profit entities, higher education, employment data and FCRA, Driver's Privacy Protection Act of 1994, Family Educational Rights and Privacy Act, Farm Credit Act.

“Sensitive Data” under the VCDPA means data revealing racial or ethnic origin, religious beliefs, mental or physical health diagnosis, sexual orientation, or citizenship or immigration status; the processing of genetic or biometric data for the purpose of uniquely identifying a natural person; Personal Data collected from a known child; and precise geolocation data. We do not process Sensitive Data

The VCDPA requires us to disclose the categories of personal data processed, purpose of processing, how you can exercise your rights, including how a you may appeal our decision with regard to the consumer request, the categories of Personal Data shared with third parties and with whom, and disclose if we sell Personal Data to third parties or processes Personal Data for targeted advertising.

In Section 3 of this Privacy Policy “THE DATA WE COLLECT AND ITS PURPOSES”, we describe our collection and processing of Personal Data, the categories of Personal Data that are collected or processed, and the purposes for which Personal Data is processed, stored or used. We will not collect additional categories of Personal Data or use the Personal Data we collected for a materially different, unrelated, or incompatible purpose without obtaining your consent. Additionally, Section 6 of this Privacy Policy “DATA SHARING– CATEGORIES OF RECIPIENTS WE SHARE PERSONAL DATA WITH” details and discloses the categories of third parties we share Personal Data with for business purposes. Section 11 of this Privacy Policy “YOUR RIGHTS” details and discloses your rights, including where shared or sold for targeted advertising.

We will respond to a verifiable request within 45 days after receipt (no more than twice in a twelve-month period). We reserve the right to extend the response time by an additional 45 days when reasonably necessary and we will provide a notification of the extension within the first 45 days. If we refuse to take action on a request, you may appeal our decision within a reasonable period time by sending us an applicable notice at: Privacy@net2phone.com.  Within 60 days of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to your appeal, including a written explanation of the reasons for our decisions. If the appeal is denied, you may submit a complaint to the Virginia Attorney General at https://www.oag.state.va.us/consumercomplaintform.

If you have a Customer Account with us, we may deliver our written response to that Customer Account or via email (at our discretion). Otherwise, we will deliver our written response by mail or electronically, at your option. You do not need to create a Customer Account for submitting a request.

Any disclosures we provide will only cover the 12-month period preceding our receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable.

We shall provide information in response to your request free of charge, up to twice annually, unless requests are manifestly unfounded, excessive or repetitive. We may request additional information reasonably necessary to authenticate you and your request. If we cannot authenticate you and your request, we will not be able to fulfil your request.

15. ADDITIONAL NOTICE TO CONNECTICUT RESIDENTS

Under the Connecticut Data Privacy Act, Public Act. No. 22-14 (“CDPA”) if you are a resident of Connecticut, acting in an individual or household context (and not in a commercial or employment context or as a representative of business, non-profit or governmental entity), your rights with respect to your Personal Data are described below.

"Personal Data" means any information that is linked or reasonably linkable to an identified or identifiable individual and does not include publicly available information that is lawfully made available from government records, or that a consumer has otherwise made available to the public; de-identified or aggregated consumer information; or information excluded from the CDPA scope, such as: HIPAA, GBPA, non-profit entities, higher education, employment data and FCRA, Driver's Privacy Protection Act of 1994, Family Educational Rights and Privacy Act, Farm Credit Act.

“Sensitive Data” under the CDPA means data revealing racial or ethnic origin, religious beliefs, mental or physical health condition or diagnosis, sex life, sexual orientation, citizenship, or immigration status; The processing of genetic or biometric data for the purpose of uniquely identifying an individual; Personal data collected from a known child; Precise geolocation data. We do not process Sensitive Data.

Under CDPA, we are required to provide you with a clear and accessible privacy notice that includes: categories of personal data processed, purpose of processing, instructions for exercising consumer rights and appealing decisions, categories of personal data shared with third parties, categories of third parties with whom data is shared, and any sale of data or targeted advertising.
In Section 3 of this Privacy Policy “THE DATA WE COLLECT AND ITS PURPOSES”, we describe our collection and processing of Personal Data, the categories of Personal Data that are collected or processed, and the purposes for which Personal Data is processed, stored or used. We will not collect additional categories of Personal Data or use the Personal Data we collected for a materially different, unrelated, or incompatible purpose without obtaining your consent. Additionally, Section 6 of this Privacy Policy “DATA SHARING– CATEGORIES OF RECIPIENTS WE SHARE PERSONAL DATA WITH” details and discloses the categories of third-parties we share Personal Data with for business purposes. Section 11 of this Privacy Policy “YOUR RIGHTS” details and discloses your rights, including where shared or sold for targeted advertising.  Note, under CDPA consent can be withdrawn within 15-days of notice at any time.

We shall respond to your request within 45 days of receipt. The response period may be extended once by 45 additional days when reasonably necessary, taking into account the complexity and number of requests and we inform you of such extension within the initial 45-day response period, together with the reason for the extension.

If we decline to take action on your request, we shall so inform you without undue delay, within 45 days of receipt of your request. Our notification will include a justification for declining to take action and instructions on how you may appeal. Within 60 days of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, you may submit a complaint to the Connecticut Attorney General at link: https://www.dir.ct.gov/ag/complaint/ or (860) 808-5318.

We will provide information in response to your request free of charge, up to twice annually, unless requests are manifestly unfounded, excessive or repetitive. We may request additional information reasonably necessary to authenticate you and your request. If we cannot authenticate you and your request, we will not be able to fulfil your request.

16. ADDITIONAL NOTICE TO UTAH RESIDENTS (effective as of January 2024)

Under the Utah Consumer Privacy Act (“UCPA”) if you are a resident of Utah, acting in an individual or household context (and not in a commercial or employment context) your rights with respect to your Personal Data are described below.

“Personal Data" refers to what is linked or reasonably linkable to an identifiable individual, and does not include de-identified data and publicly available data or data that is processed not within the scope of UCPA.

In Section 3 of this Privacy Policy “THE DATA WE COLLECT AND ITS PURPOSES”, we describe our collection and processing of Personal Data, the categories of Personal Data that are collected or processed, and the purposes for which Personal Data is processed, stored or used. We will not collect additional categories of Personal Data or use the Personal Data we collected for a materially different, unrelated, or incompatible purpose without obtaining your consent. Additionally, Section 6 of this Privacy Policy “DATA SHARING– CATEGORIES OF RECIPIENTS WE SHARE PERSONAL DATA WITH” details and discloses the categories of third parties we share Personal Data with for business purposes. Section 11 of this Privacy Policy “YOUR RIGHTS” details and discloses your rights. Note, under UCPA, our sharing practices with third-party analytic and advertising tools are not considered a “sale”.