Last Modified: October 25, 2018
Nexus A.I. strives to subject to the Privacy Shield Principles all personal data that Nexus A.I. receives from the European Economic Area (“EEA”) and Switzerland in reliance on the respective EU-U.S. & Swiss-U.S. Privacy Shield. Information regarding the Privacy Shield can be found at: https://www.privacyshield.gov.
Types of personal data collected and purposes of collection and use
Nexus A.I. collects personal data about EEA and Swiss personnel that customers and their authorized users either enter into Nexus A.I.’s Cloud-Based Enterprise Applications; or provide to Nexus A.I. under a professional services engagement to be input into or accessed within the Service (collectively, “Services Personal Data”).
Nexus A.I. acts as a data processor with respect to this data. Nexus A.I. processes Services Personal Data to provide and support the Service for which the Customer has engaged Nexus A.I. We process Services Personal Data as instructed by its Customers, and do not control or own the Services Personal Data we process.
Commitment to subject to the Principles
We subject to the Principles all European and Swiss Services Personal Data that we receive from the EEA and Switzerland in reliance on the respective Privacy Shield. We also receive some data in reliance on other compliance mechanisms, including data processing agreements based on the EU Standard Contractual Clauses.
Type of third parties to which we disclose personal data and purposes
As a data processor, Nexus A.I. will disclose Services Personal Data only as instructed by the data controller. In some cases, we may share Services Personal Data with our subcontractors to provide the Nexus A.I. service to our Customers. If Nexus A.I. goes through a business transition, such as a merger, acquisition by another company or sale of all or a portion of its assets. In all cases, Services Personal Data may only be transferred in accordance with the Customer agreement.
Requirement to disclose
In addition, Nexus A.I. may be required to disclose Services Personal Data in special cases when we have a good faith belief that such action is necessary to conform to legal requirements or to respond to lawful requests by public authorities, including to meet national security or law enforcement requirements. Nexus A.I. will notify Customer of such request unless prohibited by law.
Right to access
Where Nexus A.I. is a data processor, individuals who seek access or who seek to correct, amend or delete inaccurate Services Personal Data, should contact the Nexus A.I. Customer (the data controller). In some instances, the Customer may have enabled the individual to perform these updates themselves through the Nexus A.I. Service. If the Customer requests Nexus A.I. remove the Services Personal Data to comply with data protection regulations, Nexus A.I. will respond to the Customer’s request within 30 days.
Choices and means
Nexus A.I. retains Services Personal Data according to the timeframes set forth in the relevant Customer agreement. Individuals who would like to request that their personal data not be used for specific purposes or disclosed should contact the Nexus A.I. Customer (the data controller).
Independent dispute resolution body
If you are located in the EEA or Switzerland and Nexus A.I. has not been able to satisfactorily resolve your question or complaint regarding our privacy practices, you may raise your concern to the attention of your data protection authorities (“DPAs”) or the Swiss Federal Data Protection and Information Commissioner, as applicable. The DPAs or the Commissioner will establish a panel to investigate and resolve complaints brought under the Privacy Shield and Nexus A.I. will comply with the advice of this panel or Commissioner, as applicable with regard to data transferred from the EU and Switzerland, as applicable. Furthermore, Nexus A.I. will comply with the advice given by DPAs and take necessary steps to remediate any non-compliance with the Privacy Shield Principles.
Investigatory and enforcement powers of the FTC
Nexus A.I. is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission. Nexus A.I. also is committed to cooperating with EEA and Swiss data protection authorities.
If you are located in the EEA or Switzerland and have exhausted all other means to resolve your concern regarding a potential violation of Nexus A.I.’s obligations under the Privacy Shield Principles, you may seek resolution via binding arbitration. For additional information about the arbitration process please see Annex I of the Privacy Shield: https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
If a third-party service provider providing services on Nexus A.I.’s behalf processes personal data from the EEA or Switzerland in a manner inconsistent with the Privacy Shield Principles, Nexus A.I. will be liable unless we can prove that we are not responsible for the event giving rise to the damages.
Inquiries or Complaints
Please refer any inquiries or complaints regarding Nexus A.I.’s Privacy Practices to firstname.lastname@example.org or by regular mail addressed to:
17 E. Monroe St., Suite 202
Chicago, IL 60603