Privacy Policy | Inpixon

VERSION DATE: July 13, 2020

Thank you for your interest in Inpixon, our products, company and people. As a user, partner, client or customer, we want you to understand how we collect, use and disclose personal information through our websites and business activities and your choices regarding the use of your personal information.

This privacy policy informs you about our privacy practices when, for the purposes of the General Data Protection Regulation 2016/679 ( “GDPR”) and other laws globally, Inpixon (“Inpixon”, “we”, “us” or “our”) is acting controller and the sole owner of personal information. This includes when you interact with us in the following ways:

You visit the Inpixon family of websites including inpixon.com, jibestream.com, localitysystems.com, and shoom.com, and any other websites, social media pages, mobile apps (where linked to this Privacy Policy) (the “Sites”);
You receive communications from us, including invitations, resources, materials, emails, phone calls or texts about our products;
You register for, attend or take part in our events, webinars or contests; and
You purchase and use any of the Inpixon family of products and services that have been deployed by one of our business customers, such as your employer (“Services”).

This Notice does not cover any personal information we may process on behalf of our customers when they use our indoor positioning analytics products (the “IPA Products”). In general, Inpixon’s customers use the IPA Products to collect and analyse information regarding the presence of devices within a venue, which includes information about those devices such as MAC address and relative signal strength in order to infer the distance of the device in relation to sensors within the venue (the “Customer Data”). These sensors collect Customer Data by passively listening for Radio Frequency (RF) signals including WiFi, Bluetooth, cellular, or Ultra-Wide Band (UWB) depending on the specific IPA Product.

With respect to the IPA Products, Inpixon acts as a “data processor,” as that term is defined under GDPR, because Inpixon’s customers, not Inpixon, control collection of Customer Data based on determinations regarding the implementation and use of the IPA Products on their network. Inpixon acts at the direction of its customers with regard to the processing of Customer Data and does not access Customer Data except to provide the services, address technical issues, make use of such data in an aggregated and anonymous format, and otherwise to the extent required by law. All other use of Customer Data is by customer’s designated administrative staff who have been provided access to the IPA Products. For more information about the use of IPA Products within a venue and their processing activities, please consult the privacy policy of the customer utilizing the IPA Products.
This policy may change from time to time in response to changing legal, technical and business developments. The most recent version of this policy is reflected by the version date located at the top of this policy. If we make material changes to this policy, we will take appropriate measures to inform you in a manner that is consistent with the significance of the changes we make and is in accordance with applicable law.

This policy may be supplemented by just-in-time notices, or other disclosures contained within or in connection with the provision of the Services which may describe in more detail our data collection, use and sharing practices, or provide you with additional choices about how Inpixon processes your data.

Please note that our Sites may contain links to other sites maintained by third parties. We are not responsible for the content or privacy practices of such other sites. We encourage our users to be aware when they leave our Site and to read the privacy statements of any other site that collects personal information

What personal information do we collect from our site visitors and customers?

We use different methods to collect personal information from and about you. The term “personal information” as used in this privacy policy shall mean any information (including “personal data” as that term may be defined) that enables us to identify you, directly or indirectly, by reference to an identifier such as your name, identification number, location data, online identifier or one or more factors specific to you.

Personal information you give us. You may give us your personal information including name, company name, email address, telephone number, postal address and billing details by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal information you provide when you ask us about, apply for or use our Services as a customer; subscribe to our publications; request marketing to be sent to you or give us some feedback.
Personal information we collect on the Sites. As you interact with our Sites, we may collect technical data about your equipment, browsing actions and patterns. We collect this personal information by using cookies, server logs and other similar technologies. Please see our Cookie Policy at www.inpixon.com/privacy-statement/cookies for further details.
When you first access our Sites from certain jurisdictions (including the European Union), you will receive a message advising you that cookies and similar technologies are in use. By clicking “accept cookies”, you signify that you understand and agree to the use of these technologies, as described in our Cookie Policy. For more information about our practices in this area, please see our Cookie Policy linked in the footer of our site.
Personal information we collect from third party sources. We may obtain information about you from third party sources unless prohibited by applicable law, such as public databases, resellers and channel partners, marketing partners, social media platforms, event organizers or other publicly available information. Examples of the information we may receive from other sources include: name, address, telephone number, office location, approximate location (based on reverse IP lookup), account information, job role and publicly available employment profile. We may use this information in conjunction with your contact details, professional information and Inpixon transaction history for the purposes set forth in this policy, such as to better understand you and your preferences, and to provide relevant marketing and support.

How do we process personal information collected from our customers?

We will process your personal information for the following purposes as is necessary for the performance of a contract between you and us (including our product sales agreements) or to answer questions or take steps at your request prior to entering into a contract:

To allow you to request a demo of our Services;
To provide our Services;
To assist you in completing a transaction with us;
To prepare and process invoices;
To notify you about changes to our Services; and
To respond to queries or requests and to provide services and technical and sales support.

We will process your personal information for the following purposes as is reasonably necessary in our legitimate business interests, or where you have given your informed consent to such processing if required by applicable law (such consent may be withdrawn at any time):

To respond to you regarding the reason you contacted us;
To monitor and protect the security of our information, systems and network;
For internal business intelligence purposes, to conduct research, product development and enhancement;
To administer our site and for troubleshooting, data analysis, testing, research and statistical analysis;
To create products and services that might meet your needs;
To inform you of changes made to our site and other services;
To allow you to download our resources;
To conduct marketing and commercial activities and to market relevant offers and promotions to you;
To ensure that content from our site is presented most effectively for you and your computer;
To display content based on your interests;
To enable you to search information on our Sites;
To assess your needs and interests in order to better tailor offers and/or advertising; and
To improve our Sites and Services.

Why do we share your personal information?

We may share your personal information with the parties set out below for the purposes set out in this policy:

Our customers to which we provide the Inpixon IPA Products;
A member of our group;
Our professional advisors such as auditors, accountants and lawyers, etc.; and
Companies that provide services to help us with our business activities, such as data storage, maintenance services, database management, web analytics, payment processing, mailing and shipping services.

We will only transfer your personal information to trusted third parties, including our affiliates, who provide sufficient guarantees in respect of the technical and organisational security measures governing the processing to be carried out and who can demonstrate a commitment to compliance with those measures.

We do not allow our third-party service providers to use your personal information for their own purposes and only permit them to process your personal information for specified purposes and in accordance with our instructions.

We may also disclose your personal information to third parties:

in the event that we sell or buy any business or assets, in which case we will disclose your personal information to the prospective seller or buyer of such business or assets;
if Inpixon or substantially all of its assets are acquired by a third party, in which case personal information held by it about its customers will be one of the transferred assets; or
if we are under a duty to disclose or share your personal information in order to comply with any legal obligation, any request from law enforcement or governmental organisations, or in order to enforce or apply our terms and other agreements; or to protect the rights, property, or safety of Inpixon, our customers, or others. This includes exchanging information with other companies and organisations for fraud protection and credit risk reduction.

We are headquartered in the United States of America, and also operate offices in Canada and India. Your personal information will be accessed by us or transferred to us in these countries and will be accessed by our employees in those countries. If you are visiting our site from outside these countries, be aware that your personal information will be transferred to, stored, and processed in these countries where our servers are located, and our central database is operated. By using our Sites and Services, you acknowledge this transfer of your personal information.

Where required by applicable laws, we will take appropriate measures to ensure adequate protection of your personal information when transferred internationally and, if necessary, seek your prior consent. For instance, if you are located in the European Economic Area (“EEA”), we may store your personal information as described in this policy outside the EEA. Where we transfer EEA personal information to a third party located in a country not recognized by the European Commission, or another relevant body, as ensuring an adequate level of protection, we will take appropriate steps, such as implementing Standard Contractual Clauses recognized by the EU Commission, to safeguard such personal information.

How long do we keep your personal information?

We will store your personal information, in a form which permits us to identify you, for no longer than is necessary for the purpose for which the personal information is processed. We use your personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements and rights, or if it is not technically and reasonably feasible to remove it. Otherwise, we will seek to delete your personal information within a reasonable timeframe upon request.

How is my information protected?

We take precautions to protect your information. When you submit sensitive information via the site, your information is protected both online and offline. Wherever we collect sensitive information, that information is encrypted and transmitted to us in a secure way. You can verify this by looking for a closed lock icon at the bottom of your web browser or looking for “https” at the beginning of the address of the web page.
While we use encryption to protect sensitive information transmitted online, we also protect your information offline. Only employees who need the information to perform a specific job (for example, billing or customer service) are granted access to personal information. The computers/servers in which we store personal information are kept in a secure environment.

What are my privacy rights and choices?

If you would like to correct or update personal information that you have provided to us, please log-on to your account with us, or email us at info@inpixon.com.
Unless you ask us not to, we may contact you via email in the future to tell you about specials, new products or Services. If required under applicable law, we will ask for your consent to receive marketing communications when you first provide your personal information. You may opt-out of receiving marketing materials from us at any time.

Europe. If you reside in certain territories (such as the European Economic Area, Switzerland or the United Kingdom), you may have the right to exercise certain privacy rights available to you under applicable laws. We will process your request in accordance with applicable data protection laws. We may need to retain certain information for record-keeping purposes and/or to complete transactions that you began prior to requesting any deletion.

Request access to your personal information. You may have the right to request confirmation from us as to whether we process your personal information and to request access to any personal information we hold about you as well as related data, including the purposes for processing the personal information, the recipients or categories of recipients with whom the personal information has been shared, where possible, the period for which the personal information will be stored, the source of the personal information, and the existence of any automated decision making.
Request correction of your personal information. You may have the right to obtain without undue delay the rectification of any inaccurate personal information we hold about you. To the extent required by applicable laws, any correction requests will be communicated to each recipient of your personal information.
Request erasure of your personal information. You may have the right to request that personal information held about you is deleted. To the extent required by applicable laws, any erasure requests will be communicated to each recipient of your personal information.
Request transfer of your personal information. You may have the right to request transfer of your personal information directly to a third party where this is technically feasible.
Request restriction of processing your personal information. You may have the right to restrict processing of your personal information. To the extent required by applicable laws, any restriction of processing requests will be communicated to each recipient of your personal information.
Right to object to processing. You may have the right to object to the processing of your personal information when you have legitimate reasons to do so.

If you would like to exercise any of the above rights, please contact us via our general inquiry email at info@inpixon.com so we may consider your request under applicable law. To protect your privacy and security, we may take steps to verify your identity before complying with the request.

Certain Inpixon Services may be used by our customers to collect personal information about you. In such cases, we are processing such personal information purely on behalf of our customers and any individuals who seek to exercise their rights should first direct their query to our customer (the controller).

If you are based in Europe, and you believe that we have not complied with our obligation under this privacy policy or the applicable European data protection law, or have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided under the "How to contact us" heading below. You also have the right to make a complaint to an EU Supervisory Authority, such as the UK’s Information Commissioner’s Office.

California. The California Consumer Privacy Act of 2018 (“CCPA”) provides California residents with specific rights regarding their personal information. This section describes California residents’ rights under the CCPA and explains how to exercise those rights.

During the past twelve (12) months, we have collected the following categories of personal information from the listed sources, used it for the listed business purposes and shared it with the listed categories of third parties. The business purposes also include those listed under the above headings: ‘How do we process personal information collected from our customers?’. The categories of information include information we collect from our customers, partners and website visitors, and any other person that interacts with us either online or offline. Not all information is collected about all individuals.

Personal Information (see CCPA §1798.140(o)(1))	Source	Business Purpose	Disclosed To
Identifiers	Individuals submitting information to us. Information we may receive from third-party marketing and data partners.	Performing services for you. Advertising customization. Auditing relating to transactions.	Service providers. Affiliated companies. Government regulators. Law enforcement. Strategically aligned businesses.
Sensitive information	Individuals submitting information to us.	Performing services for you.	Service providers (including those listed under the heading entitled ‘Sharing your personal information’). Affiliated companies. Government regulators. Law enforcement.
Commercial information	Individuals submitting information to us. Information we automatically collect from website visitors.	Performing services for you. Advertising customization. Auditing relating to transactions. Internal research and development.	Service providers. Affiliated companies. Government regulators. Law enforcement. Strategically aligned businesses.
Internet or other electronic network activity	Information we automatically collect from website visitors. Information we may receive from third-party marketing and data partners.	Internal research and development. Security detection, protection and enforcement. Functionality debugging, error and repair. Quality control.	Service providers. Affiliated companies. Government regulators. Law enforcement. Strategically aligned businesses.
Geolocation	Information we automatically collect from website visitors. Information we may receive from third-party marketing and data partners.	Advertising customization. Internal research and development. Security detection, protection and enforcement. Functionality debugging, error and repair. Quality control.	Service providers (including those listed under the heading entitled ‘Sharing your personal information’). Affiliated companies. Government regulators. Law enforcement.
Inferences from the above	Internal analytics. Information we may receive from third-party marketing and data partners.	Advertising customization. Internal research and development. Security detection, protection and enforcement. Functionality debugging, error and repair. Quality control.	Service providers. Affiliated companies. Government regulators. Law enforcement.

Your rights and choices. If you are a verified California resident, you have the right to obtain certain information about our collection and use of your personal information over the past twelve (12) months, including: (a) the categories of personal information we collect; (b) the categories of sources of personal information we collect; (c) our business purpose for collecting or sharing that personal information; (d) the categories of third parties with whom we share that personal information; (e) the specific personal information we have collected about you; and (f) if we sold or disclosed your personal information for a business purpose, two separate lists disclosing the categories of personal information sold and the category of third party recipients; and list of the categories of personal information that we disclosed for a business purpose.

You also have the right to request that we delete (and direct our service providers to delete) your personal information subject to certain exceptions.

You can exercise these rights by contacting us using the contact details set out above or you may call 1-800-563-8065. You may make a request up to twice within a twelve (12) month period. We do not charge a fee to process or respond to your request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
We will ask you for information that allows us to reasonably verify your identity (that you are the person about whom we collected personal information) and we will use that information only for that purpose. We cannot respond to your request or provide you with personal information if we cannot verify your identity and confirm that the personal information relates to you.

You may also designate an authorized agent to make these requests on your behalf. We may request additional information from your authorized agent to verify the individual and their relationship with you. We will verify that: (a) your authorized agent has written permission from you to make requests on your behalf; (b) your authorized agent’s identity, and (c) your identity. We may do so through collecting relevant documents such as a valid power of attorney, the requester’s valid government issued ID, and the data subject's valid government issued ID. The specific information requested for verification may differ depending on the circumstances. We cannot process your request if you and/or your authorized agent do not provide us with sufficient detail to allow us to understand and respond to it.

You have the right to request that we do not sell personal information about you. Inpixon may from time to time share personal information collected from users of its Sites (including internet or other electronic network activity) with one or more service providers for the purpose of receiving analytical information relating to web site usage. For the purposes of the CCPA, this could constitute a sale of personal information. To exercise the right to opt-out, you (or your authorized representative) may submit a request to us via post to 8123 InterPort Blvd., Suite C, Englewood, CO, USA 80112 , +1 800-680-7412.

We will not discriminate against you as a result of your exercise of any of these rights.
HOW TO CONTACT US
If you have questions about this policy, or the manner in which we process your personal information, please contact us , directing your inquiry to our privacy officer by email info@inpixon.com or by post to 8123 InterPort Blvd., Suite C, Englewood, CO, USA 80112.