Before you use this website you must agree to our website terms of use and if you are a Nalpeiron Customer or Trial User the terms of service.
2.3b (7.23.2024).
We are updating this privacy notice include the new Adequacy Decision for the European Union (EU)-United States (US) Data Privacy Framework (DPF) as the primary personal data transfer mechanism for EU-US, UK-US and Swiss-US personal data transfers. These updates will be effective September 5, 2023.
Why is this happening?
On July 10, 2023, the European Commission adopted the Adequacy Decision for the DPF. This significant step ensures the protection of EU/UK personal data transferred to the US, similar to the protection in the EU. Switzerland is also expected to issue a corresponding adequacy decision soon. On October 12, 2023, the UK Government’s recognition of the adequacy of the UK Extension to the EU-U.S. DPF entered into force.
The DPF succeeds the Privacy Shield program, which was invalidated in 2020. The DPF (EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF) allows personal data to flow from the UK/EU/Switzerland to US companies participating in the DPF without needing additional safeguards. Nalpeiron will now rely on the DPF as its primary personal data transfer mechanism for UK/EU/Swiss-US personal data transfers. This will apply for Swiss-US personal data transfers as soon as a corresponding Swiss adequacy decision is made.
Pursuant to the EU-U.S. DPF, the EU-U.S. DPF Framework Principles have been amended as the “EU-U.S. Data Privacy Framework Principles”; and pursuant to the Swiss-U.S. DPF, the Swiss-U.S. DPF Framework Principles have been amended as the “Swiss-U.S. Data Privacy Framework Principles”. Organizations that self-certified their commitment to comply with the EU-U.S. DPF Framework Principles and/or the Swiss-U.S. DPF Framework Principles that wish to enjoy the benefits of participating in the EU-U.S. DPF and/or the Swiss-U.S. DPF (as applicable) must comply with the amended Principles (i.e., the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles (as applicable)). Such organizations’ commitment to comply with the EU-U.S. DPF Principles with regard to transfers of personal data from the European Union and, as applicable, the United Kingdom, and/or with the Swiss-U.S. DPF Principles with regard to transfer of personal data from Switzerland must be reflected in their self-certification submissions to the U.S. Department of Commerce, and in their privacy policies.
Nalpeiron Inc. complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Nalpeiron Inc. has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Nalpeiron Inc. has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. Under this policy Nalpeiron Inc is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC) and is obligated to arbitrate claims and follow the terms as set forth in Annex I of the DPF Principles, provided that an individual has invoked binding arbitration by delivering notice to your organization and following the procedures and subject to conditions set forth in Annex I of Principles.
If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Nalpeiron Inc. commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU and UK individuals and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact Nalpeiron Inc. at https://www.zentitle.com/contact
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Nalpeiron Inc. commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to the International Center for Dispute Resolution (IDCR-AAA), an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://go.adr.org/dpf_irm.html for more information or to file a complaint. The services of the International Center for Dispute Resolution (IDCR-AAA) are provided at no cost to you.
Nalpeiron collects personal information when you register with Nalpeiron for a Nalpeiron account (When you register for our services, we ask for information such as your name, company name and address, site name, phone number, e-mail address and other required information), when you use certain Nalpeiron products or services, when you register to attend a seminar or participate in an online survey, when you ask to be included in an email or other mailing list, other product promotions, or when you submit your information to Nalpeiron for any other reason. From time to time, Nalpeiron receives personal information from business partners and vendors. Nalpeiron only uses such information if it has been collected in accordance with acceptable privacy practices consistent with this policy and applicable laws.
Customer and prospect meetings will be recorded. We will use the recordings for quality assurance and training purposes, as well as for establishing facts in relation to potential complaints, as the case may be. We may share them with our internal stakeholders as necessary for these purposes. We may also grant a view-only access to the recording to the client or its representatives, if requested to do so. The recording will be retained for as long as necessary for the above purposes, but no longer than for one year. If you do not want our meeting to be recorded please let us know prior to or at the start of the meeting.
Access to certain Nalpeiron web pages requires a login and a password. The use of those web pages, and the information or programs downloadable from those sites, may be governed by a written agreement between a 3rd party Software Vendor, you and Nalpeiron. Your personal information may be retained by Nalpeiron to verify compliance with the agreement, log software licenses granted, to track software downloaded from those pages, or track usage of other applications available on those pages. For instance, when you pay for our service via Credit Card Nalpeiron uses a third-party intermediary to manage credit card processing. This intermediary is not permitted to store, retain, or use your billing information, except for the sole purpose of credit card processing on Nalpeiron's behalf. Further, Nalpeiron complies with the DPF Principles for all onward transfers of personal data from the EU, UK and Switzerland including the onward transfer liability provisions.
Nalpeiron may use the personal information and other information we collect about your use of our service to operate our service and tailor it to your needs, for billing, identification and authentication, to contact you about your use of our service, send you marketing materials (subject to your opt-out option), for research purposes, and to generally improve the content and functionality of our service and our site.
Although Nalpeiron owns all rights to the software, code, databases, and other service applications, you retain all rights to your data. Our service providers may not use your personal information for marketing purposes.
Access by your system administrator you should be aware that the administrator of your instance of Nalpeiron Services may be able to:
Third Party Services, Cookies and Tracking Technologies Nalpeiron may share your personal information with its third-party vendors (such as its credit card processor) and hosting partners to provide the necessary hardware, software, networking, storage, and other services we use to operate our service and maintain quality user experience. When you visit Nalpeiron's websites, third parties such as our advertising partners and analytics providers use cookies, web beacons, and other technologies to collect information about your online activities over time and across different websites or online services. When you use our SaaS Products, we allow our analytics provider to collect the information about your activities over time and across different online services.
Log Files As is true with most web sites, Nalpeiron gathers certain information automatically and stores it in log files. This information includes internet protocol addresses as well as browser, internet service provider, referring/exit pages, operating system, date/time stamp, and click stream data. Occasionally we may connect personal information to data gathered in our log files, as necessary to improve our service to individual customers. Otherwise we mostly use this information with no connection to individual users, to analyze trends, administer our site, or track usage of various features within our site.
Public Forums and Blogs Our site offers publicly-accessible blogs or community forums. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. To request removal of your personal information from our blog or community forum, contact us at www.nalpeiron.com/contact. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why.
Customer Testimonials/Comments/Reviews From time to time, we post customer testimonials on our site which may contain personal information. We do obtain the customers' consent to post their names along with their testimonials.
Nalpeiron provides analytics and licensing services to our customers. As part of this service Nalpeiron collects data (enduser data) at the direction of its customers (the data controllers). In these situations, Nalpeiron performs collection, processing and storage of this information (data processor) under direct and explicit instructions from its customers. Nalpeiron has no direct connection or relationship with the end users whose personal information it processes.
Nalpeiron will not review, share, distribute, or reference any such Customer Data except as we are directed by our customers or as may be required by law. In accordance with the terms of service, Nalpeiron may access enduser data only for the purposes of providing our services to our customers, preventing or addressing service or technical problems, at a customer's request in connection with customer support matters, or as may be required by law.
Nalpeiron does not knowingly allow access or collect any personal information from children. To ensure compliance with the Children's Online Privacy Protection Act, children under the age of 13 should not access this site or provide any personal information to this site. We encourage parents and guardians to supervise and join their children in exploring the Internet and to help us protect their privacy by instructing them not to provide personal information over the Internet without parental permission. Parents should additionally be aware of a growing variety of software capable of filtering online information to reflect their own choices and guidelines. If we become aware that a user is under the age of 13 and has provided personal information to us without prior verifiable parental consent, we will remove such personal information from our records.
Nalpeiron is the controller of data collected from our customers and processor of data collected by our customers from their customers. In both cases, Nalpeiron processes data according to the DPF guideline and/or the GDPR as appropriate. If any transfer of data to a third party is required then the third party will also be subject to DPF or its equivalent and GDPR guidelines. In providing our service we do not own, control or direct the use of the information stored or processed on our platform and do so only at the direction of our clients. In fact, we are largely unaware of what information is actually being stored on our platform and only access such information as authorized by our clients or as required by law. Only our clients are entitled to access, retrieve and direct the use of such information. As such, we are the "data processors" and not the "data controllers" of the information on our platform for purposes of the EU's General Data Protection Regulation (GDPR) and the Swiss Data Protection Act. Our EU/UK or Swiss customers, who control their customer data and send it to Nalpeiron for processing, are the "controllers" of that data.
Where Nalpeiron collects personal information directly from its EU customers, it informs them about the purpose for which it collects the data and the uses of their personal information. We have no direct relationship with our customers' customers whose personal data we may process and store. Nalpeiron's customers are responsible for complying with GDPR data controller regulations and any relevant data protection legislation in EU member states before sending personal data to Nalpeiron for processing. We work with our customers to help them provide notice to their customers concerning the purpose for which personal information is collected and used. Contact information is provided on our website and at the end of this document
As the processors of personal information on behalf of our European/UK customers, we follow their instructions with respect to the information they control. In doing so we implement appropriate technical, physical and administrative measures against unauthorized processing of such information and against loss, destruction of, or damage to, personal information.
Nalpeiron acknowledges that you have a right to access, correct and delete your personal information. If you are a client's customer and wish to no longer be contacted by one of our clients then please contact that client directly. If you are a client's customer and wish to delete, correct, amend or view your personal data, you should contact our client directly. If you are one of our clients or otherwise feel that you need to contact Nalpeiron you may do so using the contact information on our website or at the end of this document. If you contact Nalpeiron with such a request we will respond within a reasonable time frame (30 business days or less).
We value your privacy and your rights as a data subject and have therefore appointed Prighter Group with its local partners as our privacy representative and your point of contact for the following regions: European Union (EU)
Prighter gives you an easy way to exercise your privacy-related rights (e.g. requests to access or erase personal data). If you want to contact us via our representative, Prighter or make use of your data subject rights, please visit the website.
We may disclose your Information (including your Personal Information) to a third party if (a) we believe that disclosure is reasonably necessary to comply with any applicable law, regulation, legal process or governmental request, (b) to enforce our agreements, policies and terms of service, (c) to protect the security or integrity of Nalpeiron's products and services, (d) to protect Nalpeiron, our customers or the public from harm or illegal activities, or (e) to respond to an emergency which we believe in the good faith requires us to disclose information to assist in preventing the death or serious bodily injury of any person.
We may also share anonymized information that does not identify you with the third parties described above.
We do not share Personal Information about you with third parties for their marketing purposes (including direct marketing purposes) without your permission. Further, except as described in this Policy, Nalpeiron will not give, sell, rent or loan any personal information to any third party. We may disclose such information to respond to subpoenas, court orders, or legal process, or to establish or exercise our legal rights or defend against legal claims. We may also share such information if we believe it is necessary in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our Terms of Service, or as otherwise required by law. Nalpeiron may also provide non-personal, summary or group statistics about our customers, sales, traffic patterns, and related site information to reputable third-party vendors, but these statistics will include no personal information.
We may transfer personal information to our third-party vendors that help us provide our service, subject to appropriate confidentiality restrictions. Such transfers are limited to the purposes for which personal data has been transferred to us from our customers. The DPF principles specify conditions for all onward transfers of personal data from the EU. Nalpeiron complies with these principles as well as our service agreements we have with our customers. Otherwise we may also share personal information as is required or permitted by law.
The information that is collected by Nalpeiron is considered to be an asset. In the event that Nalpeiron, any affiliated company, division or portions of its assets are acquired by another company, such information may be one of the transferred assets. If so, the acquiring company may only use your information in ways consistent with this privacy policy (or any subsequent policy in effect at the time information is collected from you). We note that information submitted or collected after a transfer may be subject to a new privacy policy adopted by the successor company.
Nalpeiron is committed to ensuring the security of your personal information. We take every precaution to protect the confidentiality and security of the personal information placed on our site or used within our services, by employing technological, physical and administrative security safeguards, such as firewalls and carefully-developed security procedures. For example, when you enter sensitive information (such as login credentials and all your activity on our Service platform) we encrypt the transmission of that information using secure socket layer technology (SSL). These technologies, procedures and other measures help ensure that your data is secure by design and by default.
Residents of the EU/UK and Switzerland whose personal information Nalpeiron controls may request access and the opportunity to correct, amend, or delete that information. If you are our customer and would like to gain access to, or request deletion of information we have collected as "data controllers", please contact us at privacy@nalpeiron.com or via www.nalpeiron.com/contact. We will respond to such queries within 30 business days. Nalpeiron has no direct relationship with its customers' customers whose personal data it processes. An individual seeking access, or who would like to correct, amend, or delete inaccurate data should direct his query to the Nalpeiron customer with whom they interact (the data controller).
Nalpeiron will retain personal information we process on behalf of our customers for as long as needed to provide Service to our customers, subject to our compliance with this policy. We retain and use this personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. All data storage is subject to our normal terms of service.
If you are a resident of the State of California, under the California Civil Code, you have the right to request from companies conducting business in California a list of all third parties to which the company has disclosed personal information during the preceding year for direct marketing purposes. Alternatively, the law provides that if a company has a privacy policy that gives either an opt-out or opt-in choice for use of your personal information by third parties (such as advertisers) for marketing purposes, the company may instead provide you with information on how to exercise your disclosure choice options.
Nalpeiron qualifies for the alternative option; it provides you with details on how you may either opt-out or opt-in to the use of your personal information by third parties for direct marketing purposes. Therefore, we are not required to maintain or disclose a list of the third parties that received your personal information for marketing purposes during the preceding year.
If We make any material changes to this Policy we will notify you by posting a notice on our site. We encourage you to periodically review this page for the latest information on our privacy practices. Your continued use of our site or service constitutes your agreement to be bound by such changes to this Policy. Your only remedy, if you do not accept the terms of this Policy, is to discontinue use of our site and service.
If after reading this privacy statement you have complaints or concerns about Nalpeiron's disclosure, collection or use of your private data or its compliance with DPF please contact Nalpeiron at
privacy@nalpeiron.com
or via mail at
General Counsel
Nalpeiron, Inc.
4450 Arapahoe Ave.
Suite 100
Boulder
CO 80303
