PRIVACY POLICY 

GENERAL PRINCIPLES 

CommandLink, LLC (“CommandLink,” “we” or “us”) respects individual privacy and values the trust of our associates, customers, partners, vendors and others with whom we do business. CommandLink strives to handle Personal Data (as defined below) in a careful and responsible manner consistent with the applicable laws of the countries in which we do business. CommandLink endeavors to apply principles of data minimization focused on limiting our processing of Personal Data to only what is necessary for a specific, lawful purpose. We do not knowingly collect information from children (as defined under applicable law) and do not target our website or any services to children.  

This privacy policy and notice (“Privacy Policy”) describes how and why we lawfully and appropriately process your Personal Data to meet our business goals and your service needs. It also informs you about our privacy practices and your individual rights with respect to Personal Data that we process in the delivery of services and otherwise in the course of our business, including, without limitation, when you visit or use websites, applications (including mobile and cloud applications), tools, platforms, products and services offered by CommandLink, but excluding third party applications to which such third party’s policies apply (collectively, “Services”). When you provide Personal Data to us, you acknowledge that you have read this Privacy Policy and, where required under applicable law, you consent to the processing of your Personal Data in accordance with this Privacy Policy. 

"Personal Data" as used in this Privacy Policy means information in any format or medium processed by CommandLink that is sufficient to identify a natural person or is otherwise defined as “personally identifiable” or “personal” under applicable law including the GDPR and CCPA/CPRA (each as defined below). “Process,” “processed” or “processing” means any operation or set of operations that are performed upon Personal Data or sets of Personal Data, whether by automated means or otherwise, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure, dissemination or otherwise making available, alignment or combination, blocking, retention, erasure or destruction.  

APPLICABILITY 

This Privacy Policy applies to Personal Data about individuals with whom we interact in the conduct of our business, such as individuals who visit our website or who are employed by or associated with one of our vendors, customers, associates or other business partners. This Privacy Policy does not apply to CommandLink employees or participants under employee benefit plans offered by CommandLink. Further, this Privacy Policy does not apply to any information processed about legal entities. When you interact with CommandLink on behalf of another individual or entity, such as by providing or accessing Personal Data about another individual, you represent that your interactions and exchanges comply with applicable law. You are solely responsible for any violation of privacy laws resulting from a failure to inform the other individual about how their Personal Data will be processed or to obtain any necessary consent from the individual.  

While this Privacy Policy applies to Personal Data generally, the local laws, rules, and regulations of certain jurisdictions that are applicable to CommandLink (“Local Laws”) may require standards that are stricter than this Privacy Policy, and in such event, we will comply with applicable Local Laws. This Privacy Policy complies with the laws of the United States, including the California Consumer Privacy Act as amended by the California Privacy Rights Act (“CCPA/CPRA”). Further, this Privacy Policy addresses requirements under the General Data Protection Regulation 2016/679 (“GDPR”), applicable in the Member States of the European Union and Iceland, Liechtenstein, Norway, and Switzerland (collectively, “European Economic Area” or “EEA”), including why and how CommandLink processes your Personal Data; what our role as “controller” of your Personal Data involves; and what your rights and our obligations are in relation to this processing. Much of this Privacy Policy applies globally, but certain parts apply only when expressly required by such Local Laws, including the GDPR and CCPA/CPRA. Where applicable, CommandLink acts as the “controller” or a “business,” in each case as defined under applicable law, in determining the purposes (i.e., why) and the means (i.e., how) of the processing of Personal Data subject to this Privacy Policy and will facilitate the exercise of individual rights with respect to such Personal Data. 

NOTICE AND CONSENT 

Unless otherwise required under applicable law, CommandLink endeavors to provide notice of collection of Personal Data. Where required, no Personal Data is collected without obtaining your consent. In certain circumstances, the consent for us to collect Personal Data may arise from the nature of the relationship between CommandLink and you or your employer, or your interaction with us, such as using our website or other Services or otherwise engaging in a transaction with us. This Privacy Policy constitutes notice under applicable law of the information set forth herein, including with respect to the purposes for which we process Personal Data; the types of third parties to which we disclose (or may disclose) that Personal Data; and the choices and means we offer individuals for limiting the processing of their Personal Data. By using our Services and/or providing Personal Data to us, you agree to this Privacy Policy and expressly consent or opt in to the processing of your Personal Data in accordance with this Privacy Policy.  

If you disagree with this Privacy Policy, please do not use the CommandLink website or other Services. At our discretion, we may change this Privacy Policy at any time, and you should check this policy periodically for changes. Your use of our Services after changes to this Privacy Policy are posted indicates your acceptance of those changes. CommandLink’s Website Terms of Use posted on the website https://www.commandlink.com/ are incorporated by reference into this Privacy Policy.  If you have questions regarding this Privacy Policy or our handling of your Personal Data collected under this Privacy Policy, contact [email protected]. 

PERSONAL DATA COLLECTED 

Personal Data may be provided by you, your employer, your business associate or other third party, including personal information identifying you provided by our customers, vendors, partners (or prospective customers, vendors or partners) to meet our business goals or your Service needs such as procuring, provisioning, configuring, operating, securing, supporting, maintaining, billing or decommissioning any Services.  If tied or linked to an individual, Personal Data may include, but is not limited to: 

• Personal identity data - first name, surname, last name, username, employer, title, and birth date; 

• Personal contact data - home address including zip code and telephone number;  

• Business contact data (including account data) - employee/associate name, title, department, work-related addresses, business email and telephone numbers or extension, username, password, account number; 

• Financial data – billing, billing contact info, address, bank account, payment details, and credit history; 

• Transaction data – details regarding Services purchased or used, contracts or documents submitted including any Order Form, credit application, technical specification, or letter of authorization, business or credit references; 

• Technical data (including Service configuration data and network identifiers) – technical Service data such as internet protocol (IP) address, MAC address, login data, geolocation data (using your IP address), device IDs, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on devices used to access our Services;   

• Traffic metadata and usage data - information about use of our Services, including how devices interact with our website such as pages accessed and links clicked, IP addresses, location, and timestamps;  

• Customer Proprietary Network Information (CPNI) – for federally regulated telecommunications Services, information relating to the quantity, technical configuration, type, destination, location, and usage of such regulated Services including call data (number called, calls received, originating number, time, location or duration of calls);     

• Shared information – information submitted, posted or otherwise shared with us and data generated through such communications such as with whom communicated and time and frequency of communications, references, feedback, survey responses, website submittals, and requests for demos or information;  

• Behavioral or preference data – inferences about individuals based on preferences or characteristics (e.g., browsing history, app usage patterns), including in connection with receiving marketing and communications from us; and  

• Sensitive Personal Data (as defined by applicable law) - data from which we can determine or infer an individual’s racial or ethnic origin, political opinions, religious beliefs or other beliefs of a similar nature, membership in a trade union or professional association, physical or mental health or condition, biometric or genetic data, sexual life or judicial data (including information concerning the commission or alleged commission of a criminal offense), personal financial account information or government issued identification numbers. 

CommandLink does not process Sensitive Personal Data in the ordinary course of providing our Services to you. Unless we specifically request that you provide Sensitive Personal Data to us, you are not authorized to provide Sensitive Personal Data to us, and you are responsible for encryption of such information transmitted, collected, downloaded, or otherwise received directly or indirectly through the Services. In the event of limited or inadvertent access to Sensitive Personal Data in connection with your Services, we will only process such information in accordance with applicable law. In cases where we may request that you provide Sensitive Personal Data, we will only process Sensitive Personal Data that you provide with your express consent and subject to applicable law.  

CommandLink uses anonymous, deidentified and publicly available data for a variety of purposes. Personal Data does not include information that is anonymous. Further, Personal Data does not include deidentified data that cannot reasonably be used to infer information about, or otherwise be linked to, a particular individual. To the extent we maintain and use deidentified data, we will not attempt to reidentify any personal information, except for the purpose of determining whether our deidentification processes satisfy our legal obligations. Unless otherwise required by applicable Local Laws, Personal Data does not include publicly available information that has not been combined with non-public Personal Data. 

We also collect, use and share aggregated data such as statistical or analytical data for any purpose. Aggregated data may be derived from your Personal Data but is not considered Personal Data under applicable law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific Service feature and/or to understand our customers and improve our Services. If we combine or connect aggregated data with your Personal Data so that it can directly or indirectly identify you, we treat the combined data as Personal Data which will be subject to this Privacy Policy.  

METHODS OF PERSONAL DATA COLLECTION 

We collect Personal Data about you and how you interact with CommandLink in several ways depending on the nature of those interactions, which may include: information provided directly to us; data automatically collected from you or inferred from your use of Services; information received from third parties; and publicly available information. We may combine information that we receive from the various sources described in this Privacy Policy, including third party sources and public sources (e.g., information you submit in a public forum), with Personal Data we collect independently and then use or disclose it for the purposes identified in this policy.  

Provided to Us Directly. We collect Personal Data that you provide to us directly. You may provide your Personal Data in a variety of situations, including information that you provide directly to us on our website, when you or your employer sign up for a customer account, contact us, sign up to receive or subscribe to communications or notifications from us, request a free demo or consultation, purchase a Service, enter into a contract or provide other documentation, submit a customer service or trouble ticket request, provide us feedback or survey responses, participate in promotional or marketing activities, or otherwise use any of our Services. You may choose to submit Personal Data to us via several methods, including by telephone, voice recording (e.g., voicemail), email, letter, text, chat or bot functionality, web form, social media interaction or by providing your business cards at meetings or events. By voluntarily providing CommandLink with your Personal Data, you are consenting to our use of it in accordance with this Privacy Policy. 

Automatically Collected. CommandLink automatically collects information about how you use our Services, including when you visit our website. For example, we collect information about your equipment, browser type, browsing actions and patterns including pages accessed, frequency of access and links clicked. Collecting any such Personal Data enables us to better deliver Services and understand our Services and users and what features or content are of interest. For example, it may help us to detect and prevent fraud and security risks, customize and improve your experience with our Services and tailor marketing messages. Some of this information will be stored anonymously and used for our internal analytics to improve our Services, develop new services or make them more user-friendly, as well as for statistical purposes.  

CommandLink and our third-party business associates, partners, vendors or service providers may use cookies, web beacons, pixel tags, logs and similar tracking technologies that passively collect device, internet, and network activity data, including Personal Data and CPNI, such as information about how you access, use, and interact with our Services, emails, advertising, and content (“Usage Data”). Usage Data may include: (i) device ID and IP address; (ii) type of browser and operating system you use; (iii) date and timestamp; and (iv) physical location of your device (as determined, for example, using satellite, cell phone tower, and Wi-Fi signals). By using CommandLink Services, you are expressly consenting or opting in to use of these technologies in accordance with this Privacy Policy. To the extent that our use of cookies and similar tracking technologies constitutes a "sale" or "sharing" of Personal Data under CCPA/CPRA, we provide California residents with the right to opt out of such activities through the Contact Information below.  

A "cookie" is an element of data that a website can send to your browser, which may be stored on your computer, device or system. A "web beacon," also referred to as a "spotlight" or "pixel," is used to recognize unique cookies which can assist us in determining marketing that brings users to a specific website or page. When visiting the CommandLink website for the first time, you will see a cookie banner where you can manage your cookie preferences. Your internet browser may also provide you with the ability to delete or disable existing cookies (including web beacons) and to change browser settings for notification or automatic rejection of cookies (including web beacons). Cookie preferences can be adjusted at any time. However, if you limit or reject cookies, your ability to use our Services or certain improvements or features may be limited.  

CommandLink provides social media features that enable you to share information with your social networks and to interact with us on various social media sites. These providers may recognize you and collect information about your visit, and they may set cookies or employ other tracking technologies. Your interactions with those features are governed by the privacy notices of those social media companies, and CommandLink is not responsible for any use of these third party sites. We encourage you to review the privacy notices and settings on the social media sites you use to make sure you understand the Personal Data that may be processed by those sites.  

Provided by Third Parties. We may receive Personal Data from other third party sources that have obtained or collected information about you and represent that they have the right to provide that Personal Data to us. For example, we receive Personal Data from others within your own organization, such as your employer or coworkers, or from your business partners, agents or distributors that promote our service offerings and work with you to procure our Services. CommandLink contracts with vendors for technical Service offerings or delivery of billing or payment services that may obtain your Personal Data, and we may use such Personal Data pursuant to the terms established between CommandLink and the third party; provided, however, we do not process or store your credit, debit, or payment card information in connection with transactions, which data is processed solely by a third party payment vendor. You agree not to submit any credit or payment card information to us through any means, and you are solely responsible for, and CommandLink disclaims all liability arising from, any such unauthorized submission. We also may receive information from commercially available sources that provide Personal Data to businesses to verify certain information about you or obtain information about you, such as companies that provide or sell lists of prospective customers, credit checks or references, or analytics, advertising and marketing. 

Publicly Available. CommandLink may collect personal information from publicly available sources, including, but not limited to, public internet websites and databases, social media, public or government sources, and news media. Unless otherwise provided under applicable Local Laws such as the GDPR, Personal Data does not include publicly available information that has not been combined with non-public Personal Data. 

USE OF PERSONAL DATA 

In the course of our business, CommandLink and our third-party business associates, partners, vendors or service providers may collect Personal Data from or about you for a variety of business-related purposes. CommandLink independently determines the purposes and means of processing such Personal Data. We will only process your Personal Data in compliance with applicable law including Local Laws, and to the extent required, when there is a lawful basis. If legitimate interest is not supported as a legal basis for processing Personal Data under applicable Local Laws, we typically rely on your consent (including implied consent or opt in where applicable) and agreement to processing as described below in this Privacy Policy unless our legal basis for the processing is in compliance with a legal obligation or performance of a contract/transactional relationship. 

If we have a contract with you, we process your Personal Data as necessary to perform our contractual relationship with you, provide our Services and manage and support our customer relationship. We may also use Personal Data we collect to protect, exercise, or defend CommandLink and/or third-party rights, to detect and prevent fraud and other liabilities or vulnerabilities, and to comply with or enforce applicable legal requirements, industry standards, and our policies and terms. Personal Data may be used when we are required to do so by law or regulation that applies to CommandLink.  

In addition to the purposes and uses described above, we may use Personal Data in the following ways, and in many instances, we may have more than one purpose depending on the context of your consent, our need to perform a contract/transaction, our obligations under law, and/or our legitimate interest in conducting our business and/or meeting our business goals:  

• Provide Services. We use Personal Data to provide our Services to you, including to facilitate and process contracts, transactions, orders or scheduling; help manage your customer or business relationship; create and manage your or your employer’s account; respond to your inquiries or fulfill requests; help prevent or address service, quality, security, or technical issues; analyze and monitor usage; help prevent spam, fraud, abuse, and illegal activity on the Services; investigate potential violations of our contract terms, plans, or policies; verify your identity; and for other customer service and support purposes. We also use your Personal Data to identify when you visit our website and to improve your user experience and enhance website functionality. We use payment information you provide to us for billing and payment processing such as to alert you of past, current, and upcoming charges. 
  
  CommandLink uses AI technology in the ordinary course of our business and in providing our Services. We sometimes use your Personal Data in the context of AI to enhance Service performance, customer experience, and operational efficiency, subject to applicable law. We do not use your Personal Data in the context of AI directly for the benefit of any other customer or to knowingly train any public AI technology. We use conventional data processing, analytics, or statistical modeling techniques that rely on pre-defined rules, traditional statistical methods, or deterministic algorithms to support functions such as network management, customer service, fraud and threat detection, billing, and tracking access and usage logs to meet legal and contractual obligations including customer Service Level Agreements.  

• Understand and Improve Services. We conduct research and perform analytics about your use of, or interest in, our Services or content. We do this to help make our Services better, to monitor, analyze, improve and develop Services including new services, or to understand or determine the effectiveness of our advertising or marketing. We use your Personal Data received, generated from or relating to the Services for evaluating, supporting, and enhancing the performance, efficiency, and security of the Services including with respect to new services and network infrastructure and operations.  

• Communicate with You. 

• • Service-Related Communications. We use your Personal Data to send you Service and administrative communications, including to confirm Service is working properly, provide requested Service information or for billing or scheduling. We may contact you to inform you about changes to your account, our Services and other important Service-related notices, such as changes to plans, terms, or policies, or about security or fraud notices. These communications are considered part of the Services, and you may not opt out of receiving these messages.  

• • Marketing or Promotional. We may use Personal Data to market or advertise our Services or features or other news about CommandLink to you, including to conduct marketing surveys or research, questionnaires, promotions, events and contests; to enhance our content; and to potentially send you commercial emails (subject to compliance with applicable law). You may opt out of receiving these communications at any time. If you reside in the United States, we may use your Personal Data for direct marketing purposes. If you reside outside the United States, you may receive marketing communications from us if you have requested information from us, if you have set your preferences accordingly, if you have purchased or used Services, or if you registered for a promotion, and in each case, you have not opted out of receiving that marketing.  

• • Responding to Your Requests. We also use your Personal Data to fulfill and respond to your questions, requests, or comments.  

• Protecting Rights and Interests. We will use your Personal Data to protect our rights and interests as well as the rights and interests of our customers, any other person or the public, including for the security and integrity of our business. We may also use Personal Data to enforce this Privacy Policy, our terms and conditions, or other policies.  

• Legal Compliance. We may use your Personal Data to comply with applicable legal or regulatory obligations, including complying with requests from law enforcement or other governmental authorities, or in legal proceedings involving CommandLink.   

• Other. We may also use your Personal Data to manage our business and operations, including maintaining records and preserving our economic interest, or to perform functions as otherwise consented to or permitted by applicable law.  

SHARING AND TRANSFER OF PERSONAL DATA 

CommandLink is not in the business of selling, trading or renting Personal Data to others. We share Personal Data with your consent or as necessary to complete any contract/transaction or provide any Service you have requested or authorized. We also may share Personal Data with affiliates and third-party vendors, service providers, partners, agents, distributors, insurers, financial institutions, law enforcement, legal or regulatory authorities, or law firms for example when required by law or to respond to legal process, to protect our customers, to protect lives, to maintain the security of our services, for enforcement and defense of claims, and to protect our rights or property. In addition to specific instances discussed elsewhere in this Privacy Policy, we may disclose Personal Data in the following situations: 

• Vendors. We share Personal Data with third-party vendors, service providers, or associates as necessary to provide, support, and maintain your Services or otherwise to facilitate or support your interactions or relationship with us. In addition to technology service providers, such third parties may include vendors used for customer service, credit checks or references, payment processing, accounting, insurance, equipment delivery or shipment, technical support, email distribution, website administration and scheduling assistance, or surveys.  

• Partners, Agents, Distributors, Intermediaries. If you choose to work with an independent third-party partner, agent, or distributor that makes our Service offerings available through us, we may share your Personal Data with your partners, agents, or distributors in connection with all Service-related matters. If you instruct or direct us to work with any third-party intermediary working on your behalf, we may share your Personal Data with such intermediary. 

• Promotional or Advertising Companies and Social Platforms. In accordance with your stated communication preferences, we may also share Personal Data with selected partners, marketing service providers, and digital marketing networks to present promotions or advertisements on our behalf that might interest you. To opt out of receiving promotional email messages from us, please click on the “Unsubscribe” link contained at the bottom of each email or contact us using the Contact Information set forth below in this policy. 

• Law Enforcement and Safety. We may disclose your Personal Data to law enforcement, regulatory authorities, government agencies, courts, other governmental officials, or other third-parties when we believe disclosure is necessary to respond to subpoenas, warrants, or court orders, or in connection with any legal process, or to comply with applicable law. We may also share Personal Data to establish or exercise our rights, to defend against a legal claim, to investigate, prevent, or take action regarding possible illegal activities, suspected fraud, safety of person or property, or a violation of our policies. For example, Digital Millenium Copyright Act (DMCA) takedown requests and counter-notices may require us to share contact information with relevant parties such as law enforcement, DMCA regulatory authorities, and the copyright holder.   

• Affiliates. We may share Personal Data with our current or future affiliates, regardless of whether these entities share the CommandLink brand. Our affiliates will use Personal Data we share with them in a manner consistent with this Privacy Policy.  

• Business Sale or Acquisition. If we transfer (or plan to transfer) ownership or control of any portion of CommandLink to an actual or potential buyer, whether in the context of an acquisition, merger, reorganization, or other disposition of all or any portion of our business, assets, or equity (including in connection with any bankruptcy or similar proceedings including financing or granting related security interests), we may share and/or transfer your Personal Data to that actual or potential buyer or financier, provided that the use of such Personal Data remains subject to applicable law. 

• Other. We may share your Personal Data with others with your consent or direction to do so. 

We work with third parties that process your Personal Data for the legitimate purposes described above. When these vendors act on our behalf as a data processor, they must process your Personal Data only in accordance with our instructions. Sometimes we share your Personal Data with vendors that may process it in countries other than the country in which the Personal Data originally was collected. We provide these vendors with only Personal Data they need to perform such Services and endeavor to require that they use or disclose your Personal Data only as necessary for the intended purposes and to protect Personal Data consistent with this Privacy Policy and applicable law, including any applicable Local Laws.  

International Data Transfers. CommandLink provides global Services but has centralized business and operational activities to better manage our global business. That centralization may result in the transfer of Personal Data to, or access to Personal Data from, countries outside of the country in which you are located and/or the country where the Personal Data was originally collected. By interacting with CommandLink and providing Personal Data to us, your Personal Data is transferred to the United States where CommandLink is headquartered (for some or all purposes described in this Privacy Policy). By using our Services and submitting your Personal Data to us, you agree to the transfer and processing of your information in the United States and other applicable countries. In addition, the third parties that we share Personal Data with pursuant to this Privacy Policy are located in a variety of different countries.  

These countries may not ensure a level of protection for Personal Data equivalent to the Local Laws applied in your region, although we endeavor to treat Personal Data using the same privacy principles that apply pursuant to the law of the country in which we first received your Personal Data. Wherever Personal Data is processed, we use appropriate security measures consistent with applicable privacy law. As applicable, we implement appropriate contractual, technical, organizational and security measures for the transfer of Personal Data to provide an adequate level of protection as required by applicable law, including Local Laws.  

LEGAL BASIS FOR PROCESSING 

Where applicable, including under the GDPR or CCPA/CPRA, and except as set forth below, CommandLink acts as the “controller” or a “business,” in each case as defined under applicable Local Laws, of Personal Data subject to this Privacy Policy and will facilitate the exercise of individual rights with respect to such Personal Data. CommandLink does not process Personal Data other than Service-related data described herein for which we are the controller or business in the ordinary course of providing our Services to you. As detailed above, such Service data may include business contact information of customer personnel (e.g., for technical support, billing, or account management; Service configuration data and network identifiers (e.g., IP addresses, MAC addresses, device IDs); traffic metadata and usage records; and any other Personal Data necessary to provision, operate, secure, maintain, or support the Services. Unless we specifically request or invite you to provide non-Service related Personal Data to us, you are not authorized to provide other Personal Data to us including any credit, debit, or payment card information. Occasional or inadvertent access to non-Service related Personal Data that we do not process for the controller of such data does not result in CommandLink acting as the “processor” or “contractor” under applicable law for such Personal Data. Any individual who seeks to exercise their rights in connection with any non-Service related Personal Data should direct their privacy rights requests to the applicable controller of such other Personal Data.  

When providing solely internet connectivity for customer transmission of data, neither CommandLink nor any applicable internet service provider (ISP) or other third-party infrastructure provider is the “controller” or “processor” under applicable law for Personal Data transmitted, collected, downloaded, or otherwise received directly or indirectly by customers when using such connectivity Services, and customers are responsible for encryption and security of this transmitted data. For example, in conjunction with the GDPR, the E-Commerce Directive 2000/31/EC recognizes a mere conduit exception for ISPs that function as passive intermediaries that do not process Personal Data in connection with customer data transmission because they do not determine the purposes or means of processing transmitted data and do not perform processing activities with respect to the connectivity services. Similarly, under the CCPA/CPRA, ISPs delivering mere conduit do not qualify as "service providers" or “contractors” with respect to customer Personal Data, as their role is specific to network delivery and not purposeful data processing.  

Where required by these Local Laws, our legal basis as a controller for processing Personal Data will depend on the Personal Data concerned and the specific context in which we collect it. In many cases, we will process Personal Data about you using the following legal basis: 

• Performance of a contract – we process Personal Data to perform or fulfill our obligations under an agreement or transaction (or in putting an agreement or transaction in place) with your employer or other business associate, partner or vendor with which you are affiliated, including, without limitation, to deliver Services. 

• Legal obligation – we process Personal Data to comply with applicable laws and regulations. 

• Consent – we may process your Personal Data based on consent; when this is the case, you may withdraw your consent at any time by contacting us using the Contact Information below. 

• Legitimate interest – we process Personal Data to meet our legitimate business interests, such as to develop and improve our Services and new products and services, support our sales and business operations, and secure our systems and facilities. 

Prior to any processing on the basis of legitimate interest, we analyze the suitability of the processing, including the reasonable expectations of an individual and the impact of the proposed processing on an individual’s rights and freedoms. Examples of such legitimate interests are: 

• To procure products and services from our vendors or potential vendors; 

• To offer our Services to customers or prospective customers; 

• To benefit from cost-effective Services (e.g., we may decide to use certain platforms offered by external suppliers to process data); 

• To better manage and administer our relationships with customers and their data; 

• To improve the quality of Services to customers by taking into account their communication preferences (phone, e-mail, text) and frequency; 

• To measure customers’ interest in our Services and gain a better understanding of customer interaction with marketing emails, including by performing statistical and other research and analysis of data with respect to the status of such emails (e.g., not delivered, delivered, opened); 

• To enable us to offer advertising and promotional offers tailored to customers so that we can better market our Services; 

• To prevent fraud or illegal activity, misuse of Services, as well as the security of our IT systems, architecture, and networks; 

• To sell any part of our business or equity or if substantially all of our assets are acquired by a third party, in which case Personal Data could transfer or be assigned with the sale; and 

• To meet our corporate and social responsibility objectives. 

RIGHTS AND CHOICES 

You have certain choices and rights regarding your Personal Data. Some of these choices and rights may vary based on where you reside. Whether you have some or all these rights will depend on the Local Laws of your jurisdiction. We will not discriminate against individuals who exercise their privacy rights under applicable law. However, if you withdraw your consent or restrict processing, in certain circumstances we may not be able to provide Services or certain features or improvements to you. Depending on your relationship with CommandLink, you may exercise your rights and choices in the following ways: 

• Account. If you or your employer are a customer, you may keep your Personal Data accurate and complete by logging into the Services to review and update your account information, including contact and billing information. If not available to you directly, you may contact your employer or us to remove your Personal Data as our Service-related contact.   

• E-mail including Promotions. If you do not wish to receive promotional emails from us, you may opt out at any time by clicking the Unsubscribe link contained in the email itself. It may take up to ten days to process your request. If you opt out of receiving marketing communications from us, we may continue to send you Service-related emails which are not available for opt out. If you do not wish to receive Service-related emails from us, you have the option through your employer to delete your information from the customer account. 

• Cookies. You may opt out of online tracking based targeted advertising (e.g., cookies and web beacons) in several ways. When visiting the CommandLink website for the first time, you will see a cookie banner where you can manage your cookie preferences. Your internet browser may also provide you with the ability to delete or disable existing cookies and to change browser settings for notification or automatic rejection of cookies. Cookie preferences can be adjusted at any time.  

• Third-Party Analytics and Advertising. Third party tools or services that we may use provide the ability to opt out directly with the third party. For example, we may use Google Analytics, a web analytics service provided by Google, Inc., to collect and process certain website usage data which may require collection of data such as your IP address, browser type, referring and exit pages and timestamps. Google Analytics uses cookies to help us analyze how users interact with our website to improve performance and content. You may opt out of Google Analytics’ services using the Opt Out feature on their website. For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page. 

• Additional Rights. Depending on where you reside, you may have the following additional rights, subject to any applicable exemptions or limitations under Local Laws: 

• • Right to Notice. The right to receive notice and disclosure of the information set forth in this Privacy Policy detailing how Personal Data is processed.  

• • Right to Know and Access. The right to know and access your Personal Data, such as the Personal Data or categories of Personal Data we have collected, the sources of Personal Data, the purposes of collection, and how we used, disclosed, sold, or shared Personal Data.  

• • Right to Correct. The right to update or correct inaccurate Personal Data that we maintain about you. We rely on you to update and correct your Personal Data, and most Services allow you to modify your or your employer’s account profile. 

• • Right to Delete. The right to delete your Personal Data under specific circumstances. Most Services allow you to delete your Personal Data, however, we may keep historical information in our backup files, to comply with our legal obligations, resolve disputes, enforce our agreements, or for other business purposes as permitted by applicable law. 

• • Right to Opt Out of Sale or Sharing. The right to opt out of the “sale” or “sharing” of your Personal Data, as such terms are defined by Local Laws. 

• • Right to Object or Restrict Processing. The right to object to or request the restriction of processing of your Personal Data, including, without limitation, for targeted advertising, direct marketing and certain types of profiling and automated decision making. Where applicable, especially in the EEA, if you object to our processing Personal Data based on our legitimate interest, we will no longer process Personal Data unless CommandLink demonstrates that our overriding legitimate reason for processing it outweighs your rights and freedoms, or we need to process it for the establishment, exercise or defense of legal claims. If you revoke any consent and object to any legitimate interest in using your Personal Data for marketing or promotional purposes, we will promptly stop using your Personal Data for this purpose. 

• • Right to Data Portability. The right to data portability, which means requesting a copy of your Personal Data in an accessible format. 

• • Right to Refuse or Withdraw Consent. The right to refuse to give consent or to withdraw your consent under certain circumstances. When you withdraw consent, we will stop using your Personal Data for the specific purpose unless we have an alternative legal basis to use it (e.g., if the processing is necessary for the performance of a contract or for fulfillment of a legal obligation). Withdrawal of your consent does not affect the lawfulness of any processing based on your consent given before its withdrawal.  

• • Right to File Complaint. The right to file a complaint with the relevant data protection supervisory authority or governmental authority in your applicable country. CommandLink would, however, appreciate the opportunity to discuss your concerns at [email protected] if you prefer or are amenable prior to having to approach such authorities. Where applicable, EEA residents can find contact information for the relevant data protection supervisory authority on the European Data Protection Board’s website, https://edpb.europa.eu/about-edpb/about-edpb/members_en, or through other publicly available sources.  

• • Right to Non-Discrimination. The right to be free of discrimination for exercising these rights. However, if your exercise of these rights limits our ability to process Personal Data (such as in the case of a deletion request), we may no longer be able to provide you with our Services or engage with you in the same manner. 

To the extent any of the above rights are applicable, you may exercise your rights as set forth above or as otherwise set forth in this policy by contacting us at [email protected]. CommandLink will honor such requests, withdrawals, or objections as required under applicable law, including Local Laws. Please note, not all rights described above are absolute, and they do not apply in all circumstances or jurisdictions. Whether, how, and to what extent a specific right applies and how it will be addressed will depend upon the applicable law, the lawful basis pursuant to which Personal Data is processed, the nature of Personal Data, and our ability to determine that we hold responsive Personal Data.  

Any customer data subject may directly contact us to initiate a rights request.  Business customers should submit requests on behalf of customer data subjects by emailing [email protected] and, if customer desires, with a copy to their CommandLink sales or account manager. As Personal Data is processed as part of our contractual obligations to customers, for applicability and authentication purposes, we will coordinate responses to requests of customer data subjects with our applicable customer. Providing Personal Data in response to a customer data subject’s request shall not adversely affect the rights and freedoms of others. 

As required by applicable law, we will take steps to verify your identity before processing certain requests. We will not fulfill your request unless you have provided sufficient information for us to reasonably prove that you are the individual about whom we collected Personal Data. If you or your employer do not have an account with us, we may request additional information about you to verify your identity. We will only use the Personal Data provided in the verification process to verify your identity or authority to make a request, and to track and document request responses, unless you initially provided the information for another purpose. We will retain the relevant records associated with your request to demonstrate our compliance in accordance with legal requirements and reasonable retention periods. 

You may designate an authorized agent to submit requests to exercise certain privacy rights on your behalf. When we verify your agent’s request, we may verify both your and your agent’s identity and request a signed document from you that authorizes your agent to make the request on your behalf. To protect your Personal Data, we reserve the right to deny a request from an agent that does not submit proof that they have been authorized by you to act on their behalf. 

In some cases, we may limit or deny your request because applicable law permits or requires us to do so, including to achieve a legitimate purpose or to protect our rights. For example, we may retain Personal Data as permitted by applicable law, such as for tax or other record keeping purposes, to maintain an active account, and to process transactions and facilitate customer requests. Certain Local Laws may give you the right to appeal any denial of your request to exercise your rights. If we deny your request and you would like to submit an appeal, please contact us at [email protected] with the subject line “Appeal.” 

You will not have to pay a fee to access your Personal Data or to exercise any of the other rights available under applicable law. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive or when we are legally permitted to do so. If we determine that your request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before fulfilling your request.  Alternatively, we may refuse to comply with your request in these circumstances.   

SECURITY OF PERSONAL DATA 

Security. We take the security of your Personal Data seriously and use reasonable physical, administrative, and technical measures to protect your Personal Data. Additionally, we maintain internal governance policies designed to protect Personal Data. While we use reasonable efforts to protect your Personal Data from unauthorized access, use, or disclosure, we cannot guarantee the security of your Personal Data. If we are required by applicable law to inform you of a breach regarding your Personal Data, we may notify you electronically, in writing, or by telephone, if permitted to do so by law, or in accordance with any contractual agreement with you.  

Disclaimer. No method of transmission over the internet, or method of electronic storage, is fully secure. Given the nature of communications and information processing technology, there is no guarantee that Personal Data will be absolutely safe from access, alteration, or destruction by a breach of any physical, technical, and managerial safeguards. CommandLink cannot guarantee and has no control over the public or third party networks or infrastructure through which you may send your Personal Data to the Services.  

Your Account and Passwords. Some of our Services permit or require you to create an account. When you do, you will be prompted to create a password. You are responsible for maintaining the confidentiality of your password, and you are responsible for any access to Personal Data or use of your account by someone else that has obtained your password, whether such access or use has been authorized by you. You should notify us of any unauthorized use of your Personal Data, password, or account. We are not responsible for any lost, stolen, or compromised passwords or for any activity regarding your Personal Data via such unauthorized password activity. 

Third Party Links. Our Services may provide links to third-party sites, applications, content, or services which, when selected, take you to non-CommandLink sites that are not controlled by us and have separate third-party privacy policies. We are not responsible for the content of, or the privacy practices including Personal Data collection, employed by non-CommandLink sites. If you choose to use any third-party sites, Personal Data collected by the third party’s site will be controlled by the privacy policy of that third party. We are not responsible for the collection, use, or disclosure of Personal Data collected through these sites. We strongly recommend that you review the privacy policies of any third party to which you provide information. 

The Communications Act and CPNI. Section 222 of the Communications Act of 1934, as amended ("Communications Act"), provides additional privacy protections for information about the quantity, technical configuration, type, destination, location, and amount of your use of telecommunications services, and the information about those Services contained on your bills for those Services. This information is known as customer proprietary network information or "CPNI".  If you are a customer of CommandLink procuring regulated telecommunications services, you have the right, and we have a duty, under the Communications Act and other applicable laws, to protect the confidentiality of your CPNI. We use CPNI to provide Services to you, manage your Services, recommend new services that may be of interest to you, provide inbound marketing Services if you contact us for that purpose, conduct customer satisfaction surveys, bill and collect for Services rendered, and protect our rights and property, including fraud control. We maintain privacy policies relating to CPNI and use telecommunications provider industry-accepted technologies to maintain such information. CPNI is only provided to vendors to the extent necessary to provide your Services and otherwise in accordance with this Privacy Policy and applicable law.  

RETENTION PERIOD  

We retain your Personal Data for the time necessary to achieve the purposes outlined in this Privacy Policy or otherwise upon collection of your Personal Data, unless a longer retention period is required or permitted by law or to fulfill a legal obligation. We will retain Personal Data as required to meet our business and compliance obligations, subject to applicable law, for example, to comply with our tax, legal, reporting, and accounting obligations. In many cases, this will require retention through the administrative period of any contract or transaction between CommandLink and our customer, vendor, or other third party, or through the period of the relationship between our customer, vendor, or other third party and the individual data subject. 

To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of your Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements including statutes of limitation periods and records retention requirements. 

When we no longer have a legitimate business need to process your Personal Data, we will either delete or anonymize it, or if this is not possible (for example, because your Personal Data has been stored in backup archives), then we will implement technical and organizational measures designed to securely store your Personal Data and isolate it from any further processing until deletion is possible. 

COMPLIANCE; DISPUTE RESOLUTION 

If you believe that your Personal Data has been processed in violation of this Privacy Policy, submit your concerns and/or requests by contacting us at [email protected]. We will regularly review compliance with this policy. Subject to applicable law, any employee, partner, vendor or other third party that CommandLink determines is in violation of this Privacy Policy will be subject to appropriate disciplinary action up to and including termination of employment, engagement, or other relationship with us. We will investigate and attempt to resolve concerns and disputes regarding processing of Personal Data in accordance with the principles set forth in this Privacy Policy. If we need or are required to contact you concerning any issue or event that involves this Privacy Policy, then we will do so using the email address, telephone number, or physical mailing address we have on file for you or by which you submitted your request pursuant to this Privacy Policy. 

CONTACT INFORMATION  

Contacts. For any questions, requests, inquiries, or other contact in connection with this Privacy Policy or other privacy-related matters, please send an email to [email protected]. Alternatively, inquiries may be addressed to: CommandLink, LLC, Attn: Legal Department/Data Protection Officer, and emailed to [email protected], or mailed to PO Box 4085, Portsmouth, NH 03082. 

Data Protection Officer In some countries or regions, CommandLink is required to have a Data Protection Officer (“DPO”) pursuant to Local Laws. To the extent required under the GDPR, responsibility for maintaining our Record of Processing Activities (ROPA), including the information covered in this Privacy Policy, resides with the DPO. To exercise your rights under applicable law including to raise a complaint, you may also contact CommandLink’s Corporate Counsel/DPO at [email protected].  

Version 4.22.25