10. PERSONAL IDENTIFIABLE DATA
10.1 Your compliance
You are solely responsible for:
(a) ensuring that you comply with the Data Protection Legislation as applicable to your own controlling and processing of Personal Identifiable Data concerning your use of our Services. You guarantee that all processing activities are lawful, have a specific purpose, and any required notices and consents or other appropriate legal basis are in place to enable the lawful transfer of the Personal Identifiable Data.
(b) making an independent assessment of whether the technical and organizational measures of our Services meet your requirements
(c) implementing and maintaining privacy and security measures for components that you provide or control (including but not limited to passwords and devices used with our Services).
10.2 Collection of Personal Identifiable Data
We may collect and process personal data, including, but not limited to, customer account and potential customer information, like Full name, Address, Email address, Financial Information, Account ID, Gender, Job title, IP address, Location-related Information, customer support call recording, pages, and modules visited, browser and device information.
We collect this Information only to the extent required for our business. These reasons include, but are not be limited to: Sharing relevant Information about our products and services, creating an account that’s connected to your person and company, Verifying your identity, Finance, and billing, Provision of the services, Analyzing the usage of our products and services, providing customer support to potential or existing customers, Detecting and combating fraudulent or unlawful activity, Training and quality improvement, Expanding business through our marketing and sales channels, Fulfil financial obligations such as paying taxes and ensuring invoices are paid, keeping your account secure.
10.4 3rd party data
We may receive Personal Identifiable Information from third parties to complement a customer’s profile.
10.5 Processing of Personal Identifiable Data
You acknowledge that we process Personal Identifiable Data as an independent data controller to the extent necessary for our legitimate business purposes. We process Personal Identifiable Data only to the extent necessary to provide the Services, including ensuring the security of the services, providing technical and delivery reports, providing support and developing and implementing improvements and updates, billing, account management, financial and internal reporting, combatting and preventing security threats, cyber attacks, and cybercrime that may affect us or our services, business modeling (e.g. forecasting, capacity and revenue planning, product strategy), fraud, and abuse prevention and detection, product improvement, and to comply with our legal obligations.
10.6 Confidentiality of Personal Identifiable Data
We do not sell or share any Personal Identifiable Data. We ensure that any person or Party whom we authorize to process Personal Identifiable Data (including our staff, agents, and sub-processors) are informed of the confidential nature of such Personal Identifiable Data and are under an appropriate obligation of confidentiality (whether a contractual or statutory duty) that survives termination of their engagement. We restrict access to Personal Identifiable Data by sub-processors to what is strictly necessary to provide our Services to you.
10.7 Cross Border Transfers of Personal Identifiable Data
We may transfer Personal Identifiable Data if all appropriate safeguards required by Data Protection Legislation are in place. These safeguards can include a prior data transfer impact assessment, the adoption, monitoring, and evaluation of supplementary technical, organizational and legal measures, enforceable data subject rights, and ensuring that effective legal remedies for data subjects are available.
10.8 Retention of personal data
We keep Personal Identifiable Data only for as long is allowed and required to fulfill contractual or legal obligations, which may vary depending on the geographical location you are residing in, the Service is procured, or the communications services are terminated. After the required retention period expires, we might keep data in a non-identifiable form for archival, statistical, or other legitimate purposes.
10.9 Disclosure requests
We will notify you as soon as reasonably possible if we receive a request from a governmental or regulatory body to disclose Personal Identifiable Data unless such notice is prohibited by law.
10.10 Data Breach response and notification
Upon becoming aware of a Personal Identifiable Data Breach, we will, without undue delay:
(a) notify you; and
(b) investigate the Personal Data Breach; and
(c) provide timely Information relating to the Personal Data Breach as it becomes known or as you reasonably request it; and
(d) take commercially reasonable steps to mitigate the effects and prevent the recurrence of the Personal Data Breach.
10.11 Deletion and Return of Personal Identifiable Data
Upon termination or expiration of the Agreement, we delete all Personal Identifiable Data (including copies) in our possession or control, in as far as we are not required by law to retain the Personal Identifiable Data.